gskit: protect inetsocketpair() against foreign connection.

Avoid blocking read.
Drain SSL over SSL output upon close.

CMakeLists.txt

@@ -1153,7 +1153,7 @@ set(VERSIONNUM              "${CURL_VERSION_NUM}")
 # Finally generate a "curl-config" matching this config
 configure_file("${CURL_SOURCE_DIR}/curl-config.in"
                "${CURL_BINARY_DIR}/curl-config" @ONLY)
-install(FILES "${CMAKE_BINARY_DIR}/curl-config"
+install(FILES "${CURL_BINARY_DIR}/curl-config"
         DESTINATION bin
         PERMISSIONS
           OWNER_READ OWNER_WRITE OWNER_EXECUTE
@@ -1163,7 +1163,7 @@ install(FILES "${CMAKE_BINARY_DIR}/curl-config"
 # Finally generate a pkg-config file matching this config
 configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in"
                "${CURL_BINARY_DIR}/libcurl.pc" @ONLY)
-install(FILES "${CMAKE_BINARY_DIR}/libcurl.pc"
+install(FILES "${CURL_BINARY_DIR}/libcurl.pc"
         DESTINATION lib/pkgconfig)
 
 # This needs to be run very last so other parts of the scripts can take advantage of this.

MacOSX-Framework

@@ -65,7 +65,7 @@ else
  ARCHES64='-arch x86_64'
  #We "know" that 10.4 and earlier do not support 64bit
  OLD_SDK64=`ls  $SDK_PATH|egrep -v "10.[0-4]"|head -1`
- NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4]"|head -1`
+ NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4][^0-9]" | head -1`
  if test $USE_OLD -gt 0
   then
    SDK64=$OLD_SDK64

RELEASE-NOTES

@@ -1,92 +1,73 @@
-Curl and libcurl 7.45.0
+Curl and libcurl 7.46.0
 
- Public curl releases:         149
+ Public curl releases:         150
  Command line options:         177
- curl_easy_setopt() options:   219
+ curl_easy_setopt() options:   221
  Public functions in libcurl:  61
- Contributors:                 1303
+ Contributors:                 1322
 
 This release includes the following changes:
 
- o added CURLOPT_DEFAULT_PROTOCOL [6]
- o added new tool option --proto-default [6]
- o getinfo: added CURLINFO_ACTIVESOCKET
- o turned CURLINFO_* option docs as stand-alone man pages
- o curl: point out unnecessary uses of -X in verbose mode [17]
+ o configure: build silently by default
+ o cookies: Add support for Publix Suffix List with libpsl
+ o vtls: added support for mbedTLS [7]
+ o Added CURLOPT_STREAM_DEPENDS [8]
+ o Added CURLOPT_STREAM_DEPENDS_E [9]
+ o Added CURLOPT_STREAM_WEIGHT [10]
+ o Added CURLFORM_CONTENTLEN [14]
+ o oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
 
 This release includes the following bugfixes:
 
- o curl_global_init_mem.3: Stronger thread safety warning [1]
- o buildconf.bat: Fixed issues when ran in directories with special chars [2]
- o cmake: Fix CurlTests check for gethostbyname_r with 5 arguments
- o generate.bat: Fixed issues when ran in directories with special chars
- o generate.bat: Only call buildconf.bat if it exists
- o generate.bat: Added support for generating only the prerequisite files
- o curl.1: Document weaknesses in SSLv2 and SSLv3
- o CURLOPT_HTTP_VERSION.3: connection re-use goes before version
- o docs: Update the redirect protocols disabled by default
- o inet_pton.c: Fix MSVC run-time check failure
- o CURLMOPT_PUSHFUNCTION.3: fix argument types
- o rtsp: support basic/digest authentication
- o rtsp: stop reading empty DESCRIBE responses
- o travis: Upgrading to container based build [3]
- o travis.yml: Add OS X testbot
- o FTP: make state machine not get stuck in state
- o openssl: handle lack of server cert when strict checking disabled [4]
- o configure: change functions to detect openssl (clones) [5]
- o configure: detect latest boringssl [5]
- o runtests: Allow for spaces in server-verify curl custom path
- o http2: on_frame_recv: get a proper 'conn' for the debug logging
- o ntlm: mark deliberate switch case fall-through
- o http2: remove dead code
- o curl_easy_{escape,unescape}.3: "char *" vs. "const char *" [7]
- o curl: point out the conflicting HTTP methods if used
- o cmake: added Windows SSL support [8]
- o curl_easy_{escape,setopt}.3: fix example
- o curl_easy_escape.3: escape '\n' [9]
- o libcurl.m4: Put braces around empty if body [10]
- o buildconf.bat: Fixed double blank line in 'curl manual' warning output
- o sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
- o inet_pton.c: Fix MSVC run-time check failure
- o CURLOPT_FOLLOWLOCATION.3: mention methods for redirects
- o http2: don't pass on Connection: headers [11]
- o nss: do not directly access SSL_ImplementedCiphers [12]
- o docs: numerous cleanups and spelling fixes
- o FTP: do_more: add check for wait_data_conn in upload case [13]
- o parse_proxy: reject illegal port numbers [14]
- o cmake: IPv6 : disable Unix header check on Windows platform [15]
- o winbuild: run buildconf.bat if necessary
- o buildconf.bat: fix syntax error
- o curl_sspi: fix possibly undefined CRYPT_E_REVOKED [16]
- o nss: prevent NSS from incorrectly re-using a session [18]
- o libcurl-errors.3: add two missing error codes
- o openssl: fix build with < 0.9.8
- o openssl: refactor certificate parsing to use OpenSSL memory BIO [19]
- o openldap: only part of LDAP query results received [20]
- o ssl: add server cert's "sha256//" hash to verbose [21]
- o NTLM: Reset auth-done when using a fresh connection [22]
- o curl: generate easysrc only on --libcurl [23]
- o tests: disable 1801 until fixed [24]
- o CURLINFO_TLS_SESSION: always return backend info
- o gnutls: Support CURLOPT_KEYPASSWD
- o gnutls: Report actual GnuTLS error message for certificate errors
- o tests: disable 1510 due to CI-problems on github
- o cmake: Put "winsock2.h" before "windows.h" during configure checks
- o cmake: Ensure discovered include dirs are considered
- o configure: Add missing ')' for CURL_CHECK_OPTION_RT [25]
- o build: fix failures with -Wcast-align and -Werror [26]
- o FTP: fix uploading ASCII with unknown size
- o readwrite_data: set a max number of loops
- o http2: avoid superfluous Curl_expire() calls
- o http2: set TCP_NODELAY unconditionally [27]
- o docs: fix unescaped '\n' in man pages
- o openssl: Fix algorithm init to make (gost) engines work [28]
- o win32: make recent Borland compilers use long long
- o runtests: Fix pid check in checkdied
- o gopher: don't send NUL byte [29]
- o tool_setopt: fix c_escape truncated octal [30]
- o hiperfifo: fix the pointer passed to WRITEDATA [31]
- o getinfo: Fix return code for unknown CURLINFO options [32]
+ o des: Fix header conditional for Curl_des_set_odd_parity
+ o ntlm: get rid of unconditional use of long long [1]
+ o CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO
+ o docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET [2]
+ o http2: Fix http2_recv to return -1 if recv returned -1
+ o curl_global_init_mem: set function pointers before doing init
+ o ntlm: error out without 64bit support as the code needs it [1]
+ o openssl: Fix set up of pkcs12 certificate verification chain
+ o acinclude: remove PKGCONFIG override [3]
+ o test1531: case the size to fix the test on non-largefile builds
+ o fread_func: move callback pointer from set to state struct [4]
+ o test1601: fix compilation with --enable-debug and --disable-crypto-auth
+ o http2: Don't pass unitialized name+len pairs to nghttp2_submit_request [5]
+ o curlbuild.h: Fix non-configure compiling to mips and sh4 targets
+ o tool: Generate easysrc with last cache linked-list [6]
+ o cmake: Fix for add_subdirectory(curl) use-case
+ o vtls: fix compiler warning for TLS backends without sha256
+ o build: fix for MSDOS/djgpp
+ o checksrc: add crude // detection
+ o http2: on_frame_recv: trust the conn/data input
+ o ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size [11]
+ o polarssl/mbedtls: fix name space pollution
+ o build: Fix mingw ssl gdi32 order [12]
+ o build: Fix support for PKG_CONFIG
+ o MacOSX-Framework: sdk regex fix for sdk 10.10 and later
+ o socks: Fix incorrect port numbers in failed connect messages
+ o curl.1: -E: s/private certificate/client certificate
+ o curl.h: s/HTTPPOST_/CURL_HTTPOST_ [13]
+ o curl_formadd: support >2GB files on windows [14]
+ o http redirects: %-encode bytes outside of ascii range [15]
+ o rawstr: Speed up Curl_raw_toupper by 40%
+ o curl_ntlm_core: fix 2 curl_off_t constant overflows.
+ o getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
+ o tftp tests: verify sent options too
+ o imap: Don't call imap_atom() when no mailbox specified in LIST command
+ o imap: Fixed double quote in LIST command when mailbox contains spaces
+ o imap: Don't check for continuation when executing a CUSTOMREQUEST [16]
+ o acinclude: Remove check for 16-bit curl_off_t
+ o BoringSSL: Work with stricter BIO_get_mem_data() [17]
+ o cmake: Add missing feature macros in config header [18]
+ o sasl_sspi: fixed unicode build for digest authentication [19]
+ o sasl_sspi: fix identity memory leak in digest authentication
+ o unit1602: Fixed failure in torture test
+ o unit1603: Added unit tests for hash functions
+ o vtls/openssl: remove unused traces of yassl ifdefs
+ o openssl: remove #ifdefs for < 0.9.7 support
+ o typecheck-gcc.h: add some missing options
+ o curl: mark two more options strings for --libcurl output
+ o openssl: Free modules on cleanup [20]
 
 This release includes the following known bugs:
 
@@ -95,52 +76,35 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Alessandro Ghedini, Benjamin Kircher, Bertrand Simonnet, Brad King,
-  Dan Fandrich, Daniel Hwang, Daniel Kahn Gillmor, Daniel Lee Hwang,
-  Daniel Seither, Daniel Stenberg, Denis Feklushkin, Eric Ridge, Erik Janssen,
-  Isaac Boukris, Jactry Zeng, Jakub Zakrzewski, Jim Hollinger, Kamil Dudka,
-  Maksim Stsepanenka, Marcel Raad, Michael Kalinin, Mike Crowe,
-  Nathaniel Waisbrot, Nikolai Kondrashov, Orange Tsai, Patricia Muscalu,
-  Patrick Monnerat, Rajkumar Mandal, Ray Satiro, Razvan Cojocaru, Rémy Léone,
-  Richard van den Berg, Sam Roth, Sergei Nikulov, Steve Holme,
-  Svyatoslav Mishyn, Tatsuhiro Tsujikawa, Thorsten Schöning, Viktor Szakáts,
-  W. Mark Kubacki,
-  (40 contributors)
+  Anders Bakken, Dan Fandrich, Daniel Hwang, Daniel Stenberg, Dmitry S. Baikov,
+  Douglas Creager, Erik Johansson, Gisle Vanem, Javier G. Sogo, John Levon,
+  Jonas Minnberg, Justin Ehlert, Kamil Dudka, Kang Lin, Kurt Fankhauser,
+  Lauri Kasanen, Marcel Raad, Patrick Monnerat, Rainer Jung, Ray Satiro,
+  Richard Hosking, Sebastian Pohlschmidt, Stefan Bühler, Steve Holme,
+  Svyatoslav Mishyn, Tatsuhiro Tsujikawa, Tim Rühsen, xiangbin li,
+  (28 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = http://curl.haxx.se/mail/lib-2015-08/0016.html
- [2] = https://github.com/bagder/curl/pull/379
- [3] = http://curl.haxx.se/bug/?i=388
- [4] = http://curl.haxx.se/bug/?i=392
- [5] = https://android.googlesource.com/platform/external/curl/+/f551028d5caab
-29d4b4a4ae8c159c76c3cfd4887%5E!/
- [6] = http://curl.haxx.se/bug/?i=351
- [7] = http://curl.haxx.se/bug/?i=395
- [8] = http://curl.haxx.se/bug/?i=399
- [9] = http://curl.haxx.se/bug/?i=398
- [10] = http://curl.haxx.se/bug/?i=402
- [11] = http://curl.haxx.se/bug/?i=401
- [12] = https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
- [13] = http://curl.haxx.se/bug/?i=405
- [14] = http://curl.haxx.se/bug/?i=415
- [15] = http://curl.haxx.se/bug/?i=409
- [16] = http://curl.haxx.se/bug/?i=411
- [17] = http://daniel.haxx.se/blog/2015/09/11/unnecessary-use-of-curl-x/
- [18] = https://bugzilla.mozilla.org/1202264
- [19] = http://curl.haxx.se/bug/?i=427
- [20] = http://curl.haxx.se/bug/?i=440
- [21] = http://curl.haxx.se/bug/?i=410
- [22] = http://curl.haxx.se/bug/?i=435
- [23] = http://curl.haxx.se/bug/?i=429
- [24] = http://curl.haxx.se/bug/?i=380
- [25] = http://curl.haxx.se/bug/?i=456
- [26] = http://curl.haxx.se/bug/?i=457
- [27] = http://curl.haxx.se/mail/lib-2015-09/0097.html
- [28] = http://curl.haxx.se/bug/?i=447
- [29] = http://curl.haxx.se/bug/?i=466
- [30] = http://curl.haxx.se/bug/?i=469
- [31] = http://curl.haxx.se/bug/?i=471
- [32] = http://curl.haxx.se/bug/?i=468
+ [1] = http://curl.haxx.se/bug/?i=478
+ [2] = http://curl.haxx.se/bug/?i=479
+ [3] = http://curl.haxx.se/mail/lib-2015-10/0035.html
+ [4] = http://curl.haxx.se/bug/?i=346
+ [5] = http://curl.haxx.se/bug/?i=493
+ [6] = http://curl.haxx.se/bug/?i=452
+ [7] = http://curl.haxx.se/bug/?i=496
+ [8] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS.html
+ [9] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS_E.html
+ [10] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_WEIGHT.html
+ [11] = http://curl.haxx.se/bug/?i=480
+ [12] = https://github.com/bagder/curl/pull/501
+ [13] = http://curl.haxx.se/bug/?i=506
+ [14] = http://curl.haxx.se/bug/?i=425
+ [15] = http://curl.haxx.se/bug/?i=473
+ [16] = http://curl.haxx.se/bug/?i=486
+ [17] = http://curl.haxx.se/bug/?i=524
+ [18] = http://curl.haxx.se/bug/?i=523
+ [19] = http://curl.haxx.se/bug/?i=525
+ [20] = http://curl.haxx.se/bug/?i=526

acinclude.m4

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -2837,7 +2837,6 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
   #
   x_LP64_long=""
   x_LP32_long=""
-  x_LP16_long=""
   #
   if test "$ac_cv_sizeof_long" -eq "8" &&
      test "$ac_cv_sizeof_voidp" -ge "8"; then
@@ -2845,9 +2844,6 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
   elif test "$ac_cv_sizeof_long" -eq "4" &&
        test "$ac_cv_sizeof_voidp" -ge "4"; then
     x_LP32_long="long"
-  elif test "$ac_cv_sizeof_long" -eq "2" &&
-       test "$ac_cv_sizeof_voidp" -ge "2"; then
-    x_LP16_long="long"
   fi
   #
   dnl DO_CURL_OFF_T_CHECK results are stored in next 3 vars
@@ -2881,17 +2877,6 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
     done
     AC_MSG_RESULT([$curl_typeof_curl_off_t])
   fi
-  if test "$curl_typeof_curl_off_t" = "unknown"; then
-    AC_MSG_CHECKING([for 16-bit curl_off_t data type])
-    for t2 in          \
-      "$x_LP16_long"   \
-      'int16_t'        \
-      '__int16'        \
-      'int'            ; do
-      DO_CURL_OFF_T_CHECK([$t2], [2])
-    done
-    AC_MSG_RESULT([$curl_typeof_curl_off_t])
-  fi
   if test "$curl_typeof_curl_off_t" = "unknown"; then
     AC_MSG_ERROR([cannot find data type for curl_off_t.])
   fi
@@ -3052,12 +3037,14 @@ dnl Optionally PKG_CONFIG_LIBDIR may be given as $pcdir.
 dnl
 
 AC_DEFUN([CURL_CHECK_PKGCONFIG], [
+    if test -n "$PKG_CONFIG"; then
+      PKGCONFIG="$PKG_CONFIG"
+    else
+      AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no],
+        [$PATH:/usr/bin:/usr/local/bin])
+    fi
 
-    PKGCONFIG="no"
-
-    AC_PATH_TOOL( PKGCONFIG, pkg-config, no, $PATH:/usr/bin:/usr/local/bin)
-
-    if test x$PKGCONFIG != xno; then
+    if test "x$PKGCONFIG" != "xno"; then
       AC_MSG_CHECKING([for $1 options with pkg-config])
       dnl ask pkg-config about $1
       itexists=`CURL_EXPORT_PCDIR([$2]) dnl

configure.ac

@@ -39,6 +39,7 @@ AC_CONFIG_SRCDIR([lib/urldata.h])
 AC_CONFIG_HEADERS(lib/curl_config.h include/curl/curlbuild.h)
 AC_CONFIG_MACRO_DIR([m4])
 AM_MAINTAINER_MODE
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 
 CURL_CHECK_OPTION_DEBUG
 CURL_CHECK_OPTION_OPTIMIZE
@@ -148,7 +149,7 @@ AC_SUBST(PKGADD_VENDOR)
 
 dnl
 dnl initialize all the info variables
-    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls,winssl,darwinssl} )"
+    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )"
     curl_ssh_msg="no      (--with-libssh2)"
    curl_zlib_msg="no      (--with-zlib)"
     curl_gss_msg="no      (--with-gssapi)"
@@ -166,6 +167,7 @@ curl_verbose_msg="enabled (--disable-verbose)"
    curl_rtsp_msg="no      (--enable-rtsp)"
    curl_rtmp_msg="no      (--with-librtmp)"
   curl_mtlnk_msg="no      (--with-libmetalink)"
+    curl_psl_msg="no      (--with-libpsl)"
 
     init_ssl_msg=${curl_ssl_msg}
 
@@ -1397,6 +1399,24 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
   CLEANCPPFLAGS="$CPPFLAGS"
   CLEANLIBS="$LIBS"
 
+  dnl This is for Msys/Mingw
+  case $host in
+    *-*-msys* | *-*-mingw*)
+      AC_MSG_CHECKING([for gdi32])
+      my_ac_save_LIBS=$LIBS
+      LIBS="-lgdi32 $LIBS"
+      AC_TRY_LINK([#include <windef.h>
+                   #include <wingdi.h>],
+                   [GdiFlush();],
+                   [ dnl worked!
+                   AC_MSG_RESULT([yes])],
+                   [ dnl failed, restore LIBS
+                   LIBS=$my_ac_save_LIBS
+                   AC_MSG_RESULT(no)]
+                  )
+      ;;
+  esac
+
   case "$OPT_SSL" in
   yes)
     dnl --with-ssl (without path) used
@@ -1475,24 +1495,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
   CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
   LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
 
-  dnl This is for Msys/Mingw
-  case $host in
-    *-*-msys* | *-*-mingw*)
-      AC_MSG_CHECKING([for gdi32])
-      my_ac_save_LIBS=$LIBS
-      LIBS="-lgdi32 $LIBS"
-      AC_TRY_LINK([#include <windef.h>
-                   #include <wingdi.h>],
-                   [GdiFlush();],
-                   [ dnl worked!
-                   AC_MSG_RESULT([yes])],
-                   [ dnl failed, restore LIBS
-                   LIBS=$my_ac_save_LIBS
-                   AC_MSG_RESULT(no)]
-                  )
-      ;;
-  esac
-
   AC_CHECK_LIB(crypto, HMAC_Update,[
      HAVECRYPTO="yes"
      LIBS="-lcrypto $LIBS"
@@ -1974,6 +1976,93 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
 
 fi
 
+dnl ----------------------------------------------------
+dnl check for mbedTLS
+dnl ----------------------------------------------------
+
+OPT_MBEDTLS=no
+
+_cppflags=$CPPFLAGS
+_ldflags=$LDFLAGS
+AC_ARG_WITH(mbedtls,dnl
+AC_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root])
+AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
+  OPT_MBEDTLS=$withval)
+
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+
+  if test X"$OPT_MBEDTLS" != Xno; then
+
+    if test "$OPT_MBEDTLS" = "yes"; then
+      OPT_MBEDTLS=""
+    fi
+
+    if test -z "$OPT_MBEDTLS" ; then
+      dnl check for lib first without setting any new path
+
+      AC_CHECK_LIB(mbedtls, mbedtls_havege_init,
+      dnl libmbedtls found, set the variable
+       [
+         AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
+         AC_SUBST(USE_MBEDTLS, [1])
+         MBEDTLS_ENABLED=1
+         USE_MBEDTLS="yes"
+         curl_ssl_msg="enabled (mbedTLS)"
+        ], [], -lmbedx509 -lmbedcrypto)
+    fi
+
+    addld=""
+    addlib=""
+    addcflags=""
+    mbedtlslib=""
+
+    if test "x$USE_MBEDTLS" != "xyes"; then
+      dnl add the path and test again
+      addld=-L$OPT_MBEDTLS/lib$libsuff
+      addcflags=-I$OPT_MBEDTLS/include
+      mbedtlslib=$OPT_MBEDTLS/lib$libsuff
+
+      LDFLAGS="$LDFLAGS $addld"
+      if test "$addcflags" != "-I/usr/include"; then
+         CPPFLAGS="$CPPFLAGS $addcflags"
+      fi
+
+      AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
+       [
+       AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
+       AC_SUBST(USE_MBEDTLS, [1])
+       MBEDTLS_ENABLED=1
+       USE_MBEDTLS="yes"
+       curl_ssl_msg="enabled (mbedTLS)"
+       ],
+       [
+         CPPFLAGS=$_cppflags
+         LDFLAGS=$_ldflags
+       ], -lmbedx509 -lmbedcrypto)
+    fi
+
+    if test "x$USE_MBEDTLS" = "xyes"; then
+      AC_MSG_NOTICE([detected mbedTLS])
+
+      LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
+
+      if test -n "$mbedtlslib"; then
+        dnl when shared libs were found in a path that the run-time
+        dnl linker doesn't search through, we need to add it to
+        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+        dnl due to this
+        if test "x$cross_compiling" != "xyes"; then
+          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mbedtlslib"
+          export LD_LIBRARY_PATH
+          AC_MSG_NOTICE([Added $mbedtlslib to LD_LIBRARY_PATH])
+        fi
+      fi
+    fi
+
+  fi dnl mbedTLS not disabled
+
+fi
+
 dnl ----------------------------------------------------
 dnl check for CyaSSL
 dnl ----------------------------------------------------
@@ -2298,7 +2387,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
   fi
 fi
 
-if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
+if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
   AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
   AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.])
 else
@@ -2313,6 +2402,27 @@ dnl **********************************************************************
 
 CURL_CHECK_CA_BUNDLE
 
+dnl **********************************************************************
+dnl Check for libpsl
+dnl **********************************************************************
+
+AC_ARG_WITH(libpsl,
+           AS_HELP_STRING([--without-libpsl],
+           [disable support for libpsl cookie checking]),
+           with_libpsl=$withval,
+           with_libpsl=yes)
+if test $with_libpsl != "no"; then
+  AC_SEARCH_LIBS(psl_builtin, psl,
+    [curl_psl_msg="yes";
+     AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled])
+     ],
+    [curl_psl_msg="no      (libpsl not found)";
+     AC_MSG_WARN([libpsl was not found])
+     ]
+  )
+fi
+AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "yes"])
+
 dnl **********************************************************************
 dnl Check for libmetalink
 dnl **********************************************************************
@@ -3536,6 +3646,10 @@ if test "x$HAVE_GSSAPI" = "x1"; then
   SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
 fi
 
+if test "x$curl_psl_msg" = "xyes"; then
+  SUPPORT_FEATURES="$SUPPORT_FEATURES PSL"
+fi
+
 if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
     \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
   SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
@@ -3741,6 +3855,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
   RTSP support:     ${curl_rtsp_msg}
   RTMP support:     ${curl_rtmp_msg}
   metalink support: ${curl_mtlnk_msg}
+  PSL support:      ${curl_psl_msg}
   HTTP2 support:    ${curl_h2_msg}
   Protocols:        ${SUPPORT_PROTOCOLS}
 ])

docs/DISTRO-DILEMMA

@@ -1,176 +0,0 @@
-  Date: February 11, 2007
-  Author: Daniel Stenberg <daniel@haxx.se>
-  URL: http://curl.haxx.se/legal/distro-dilemma.html
-
-Condition
-
- This document is written to describe the situation as it is right now.
- libcurl 7.16.1 is currently the latest version available. Things may of
- course change in the future.
-
- This document reflects my view and understanding of these things. Please tell
- me where and how you think I'm wrong, and I'll try to correct my mistakes.
-
-Background
-
- The Free Software Foundation has deemed the Original BSD license[1] to be
- "incompatible"[2] with GPL[3]. I'd rather say it is the other way around, but
- the point is the same: if you distribute a binary version of a GPL program,
- it MUST NOT be linked with any Original BSD-licensed parts or libraries.
- Doing so will violate the GPL license. For a long time, very many GPL
- licensed programs have avoided this license mess by adding an exception[8] to
- their license. And many others have just closed their eyes for this problem.
-
- libcurl is MIT-style[4] licensed - how on earth did this dilemma fall onto
- our plates?
-
- libcurl is only a little library. libcurl can be built to use OpenSSL for its
- SSL/TLS capabilities. OpenSSL is basically Original BSD licensed[5].
-
- If libcurl built to use OpenSSL is used by a GPL-licensed application and you
- decide to distribute a binary version of it (Linux distros - for example -
- tend to), you have a clash. GPL vs Original BSD.
-
- This dilemma is not libcurl-specific nor is it specific to any particular
- Linux distro. (This article mentions and refers to Debian several times, but
- only because Debian seems to be the only Linux distro to have faced this
- issue yet since no other distro is shipping libcurl built with two SSL
- libraries.)
-
-Part of the Operating System
-
- This would not be a problem if the used lib would be considered part of the
- underlying operating system, as then the GPL license has an exception
- clause[6] that allows applications to use such libs without having to be
- allowed to distribute it or its sources. Possibly some distros will claim
- that OpenSSL is part of their operating system.
-
- Debian does however not take this stance and has officially(?) claimed that
- OpenSSL is not a required part of the Debian operating system
-
- Some people claim that this paragraph cannot be exploited this way by a Linux
- distro, but I am not a lawyer and that is a discussion left outside of this
- document.
-
-GnuTLS
-
- Since May 2005 libcurl can get built to use GnuTLS instead of OpenSSL. GnuTLS
- is an LGPL[7] licensed library that offers a matching set of features as
- OpenSSL does. Now, you can build and distribute an TLS/SSL capable libcurl
- without including any Original BSD licensed code.
-
- I believe Debian is the first (only?) distro that provides libcurl/GnuTLS
- packages.
-
-yassl
-
- libcurl can get also get built to use yassl for the TLS/SSL layer. yassl is a
- GPL[3] licensed library.
-
-
-GnuTLS vs OpenSSL vs yassl
-
- While these three libraries offer similar features, they are not equal.
- libcurl does not (yet) offer a standardized stable ABI if you decide to
- switch from using libcurl-openssl to libcurl-gnutls or vice-versa. The GnuTLS
- and yassl support is very recent in libcurl and it has not been tested nor
- used very extensively, while the OpenSSL equivalent code has been used and
- thus matured since 1999.
-
- GnuTLS
-   - LGPL licensed
-   - supports SRP
-   - lacks SSLv2 support
-   - lacks MD2 support (used by at least some CA certs)
-   - lacks the crypto functions libcurl uses for NTLM
-
- OpenSSL
-   - Original BSD licensed
-   - lacks SRP
-   - supports SSLv2
-   - older and more widely used
-   - provides crypto functions libcurl uses for NTLM
-   - libcurl can do non-blocking connects with it in 7.15.4 and later
-
- yassl
-   - GPL licensed
-   - much untested and unproven in the real work by (lib)curl users so we don't
-     know a lot about restrictions or benefits from using this
-
-The Better License, Original BSD, GPL or LGPL?
-
- It isn't obvious or without debate to any objective interested party that
- either of these licenses are the "better" or even the "preferred" one in a
- generic situation.
-
- Instead, I think we should accept the fact that the SSL/TLS libraries and
- their different licenses will fit different applications and their authors
- differently depending on the applications' licenses and their general usage
- pattern (considering how GPL and LGPL libraries for example can be burdensome
- for embedded systems usage).
-
- In Debian land, there seems to be a common opinion that LGPL is "maximally
- compatible" with apps while Original BSD is not. Like this:
-
-        https://lists.debian.org/debian-devel/2005/09/msg01417.html
-
-More SSL Libraries
-
- In libcurl, there's no stopping us here. There are more Open Source/Free
- SSL/TLS libraries out there and we would very much like to support them as
- well, to offer application authors an even wider scope of choice.
-
-Application Angle of this Problem
-
- libcurl is built to use one SSL/TLS library. It uses a single fixed name (by
- default) on the built/created lib file, and applications are built/linked to
- use that single lib. Replacing one libcurl instance with another one that
- uses the other SSL/TLS library might break one or more applications (due to
- ABI differences and/or different feature set). You want your application to
- use the libcurl it was built for.
-
-Project cURL Angle of this Problem
-
- We distribute libcurl and everyone may build libcurl with either library at
- their choice. This problem is not directly a problem of ours. It merely
- affects users - GPL application authors only - of our lib as it comes
- included and delivered on some distros.
-
- libcurl has different ABI when built with different SSL/TLS libraries due to
- these reasons:
-
- 1. No one has worked on fixing this. The mutex/lock callbacks should be set
-    with a generic libcurl function that should use the proper underlying
-    functions.
-
- 2. The CURLOPT_SSL_CTX_FUNCTION option is not possible to "emulate" on GnuTLS
-    but simply requires OpenSSL.
-
- 3. There might be some other subtle differences just because nobody has yet
-    tried to make a fixed ABI like this.
-
-Distro Angle of this Problem
-
- To my knowledge there is only one distro that ships libcurl built with either
- OpenSSL or GnuTLS.
-
- Debian Linux is now (since mid September 2005) providing two different
- libcurl packages, one for libcurl built with OpenSSL and one built with
- GnuTLS. They use different .so names and can this both be installed in a
- single system simultaneously. This has been said to be a transitional system
- not desired to keep in the long run.
-
-Footnotes
-
- [1] = http://www.xfree86.org/3.3.6/COPYRIGHT2.html#6
- [2] = https://www.gnu.org/philosophy/bsd.html
- [3] = https://www.gnu.org/licenses/gpl.html
- [4] = http://curl.haxx.se/docs/copyright.html
- [5] = https://www.openssl.org/source/license.html
- [6] = https://www.gnu.org/licenses/gpl.html end of section 3
- [7] = https://www.gnu.org/licenses/lgpl.html
- [8] = https://en.wikipedia.org/wiki/OpenSSL_exception
-
-Feedback/Updates provided by
-
- Eric Cooper

docs/FAQ

@@ -1536,9 +1536,7 @@ FAQ
 
   7.2 Who wrote PHP/CURL?
 
-  PHP/CURL is a module that comes with the regular PHP package. It depends and
-  uses libcurl, so you need to have libcurl installed properly first before
-  PHP/CURL can be used. PHP/CURL was initially written by Sterling Hughes.
+  PHP/CURL was initially written by Sterling Hughes.
 
   7.3 Can I perform multiple requests using the same handle?
 
@@ -1547,4 +1545,10 @@ FAQ
   unknown to me).
 
   After a transfer, you just set new options in the handle and make another
-  transfer. This will make libcurl to re-use the same connection if it can.
+  transfer. This will make libcurl re-use the same connection if it can.
+
+  7.4 Does PHP/CURL have dependencies?
+
+  PHP/CURL is a module that comes with the regular PHP package. It depends on
+  and uses libcurl, so you need to have libcurl installed properly before
+  PHP/CURL can be used.

docs/INSTALL

@@ -950,9 +950,10 @@ REDUCING SIZE
    important factor.  First, be sure to set the CFLAGS variable when
    configuring with any relevant compiler optimization flags to reduce the
    size of the binary.  For gcc, this would mean at minimum the -Os option,
-   and potentially the -march=X and -mdynamic-no-pic options as well, e.g.
+   and potentially the -march=X, -mdynamic-no-pic and -flto options as well,
+   e.g.
 
-      ./configure CFLAGS='-Os' ...
+      ./configure CFLAGS='-Os' LDFLAGS='-Wl,-Bsymbolic'...
 
    Note that newer compilers often produce smaller code than older versions
    due to improved optimization.
@@ -970,7 +971,9 @@ REDUCING SIZE
      --disable-ipv6 (disables support for IPv6)
      --disable-manual (disables support for the built-in documentation)
      --disable-proxy (disables support for HTTP and SOCKS proxies)
+     --disable-unix-sockets (disables support for UNIX sockets)
      --disable-verbose (eliminates debugging strings and error code strings)
+     --disable-versioned-symbols (disables support for versioned symbols)
      --enable-hidden-symbols (eliminates unneeded symbols in the shared library)
      --without-libidn (disables support for the libidn DNS library)
      --without-librtmp (disables support for RTMP)
@@ -983,7 +986,7 @@ REDUCING SIZE
    configure command-line, e.g.
 
      CFLAGS="-Os -ffunction-sections -fdata-sections \
-             -fno-unwind-tables -fno-asynchronous-unwind-tables" \
+             -fno-unwind-tables -fno-asynchronous-unwind-tables -flto" \
      LDFLAGS="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections"
 
    Be sure also to strip debugging symbols from your binaries after
@@ -993,9 +996,9 @@ REDUCING SIZE
    .comment section).
 
    Using these techniques it is possible to create a basic HTTP-only shared
-   libcurl library for i386 Linux platforms that is only 114 KiB in size, and
-   an FTP-only library that is 115 KiB in size (as of libcurl version 7.35.0,
-   using gcc 4.8.2).
+   libcurl library for i386 Linux platforms that is only 109 KiB in size, and
+   an FTP-only library that is 109 KiB in size (as of libcurl version 7.45.0,
+   using gcc 4.9.2).
 
    You may find that statically linking libcurl to your application will
    result in a lower total size than dynamically linking.

docs/Makefile.am

@@ -36,9 +36,9 @@ CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES)
 EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	\
  README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	\
  KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		\
- $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
- MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE  \
- SSL-PROBLEMS HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md
+ $(PDFPAGES) LICENSE-MIXING README.netware INSTALL.devcpp		\
+ MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE SSL-PROBLEMS	\
+ HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md
 
 MAN2HTML= roffit < $< >$@
 

docs/RELEASE-PROCEDURE

@@ -24,6 +24,8 @@ in the source code repo
 
 - upload the 8 resulting files to the primary download directory
 
+- upload the 4 tarballs to github for the HTTPS download
+
 in the curl-www repo
 --------------------
 
@@ -78,9 +80,7 @@ Coming dates
 Based on the description above, here are some planned release dates (at the
 time of this writing):
 
-- June 17, 2015 (version 7.43.0)
-- August 12, 2015
-- October 7, 2015
+- October 7, 2015 (version 7.45.0)
 - December 2, 2015
 - January 27, 2016
 - March 23, 2016

docs/ROADMAP.md

@@ -18,20 +18,6 @@ HTTP/2
    To decide: if we need to bundle parts of the nghttp2 stuff that probably
    won't be shipped by many distros.
 
-- stream properties API
-
-   Provide options for setting priorities and dependencies among the streams
-   (easy handles). They are mostly information set for the stream and sent to
-   the server so we don't have to add much logic for this.
-
-- server push
-
-   Not exactly clear exactly how to support this API-wise, but by adding
-   handles without asking for a resource it could be a way to be prepared to
-   receive pushes in case such are sent. We probably need it to still specify
-   a URL with host name, port etc but we probably need a special option to
-   tell libcurl it is for server push purposes.
-
 - provide option for HTTP/2 "prior knowledge" over clear text
 
    As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_
@@ -117,7 +103,7 @@ Improve
 
 2. curl -h output (considered overwhelming to users)
 
-3. we have > 160 command line options, is there a way to redo things to
+3. we have > 170 command line options, is there a way to redo things to
    simplify or improve the situation as we are likely to keep adding
    features/options in the future too
 

docs/curl.1

@@ -488,10 +488,10 @@ If this option is used several times, the last one will be used.
 (SSL) Tells curl to use the specified client certificate file when getting a
 file with HTTPS, FTPS or another SSL-based protocol. The certificate must be
 in PKCS#12 format if using Secure Transport, or PEM format if using any other
-engine.  If the optional password isn't specified, it will be queried
-for on the terminal. Note that this option assumes a \&"certificate" file that
-is the private key and the private certificate concatenated! See \fI--cert\fP
-and \fI--key\fP to specify them independently.
+engine.  If the optional password isn't specified, it will be queried for on
+the terminal. Note that this option assumes a \&"certificate" file that is the
+private key and the client certificate concatenated! See \fI--cert\fP and
+\fI--key\fP to specify them independently.
 
 If curl is built against the NSS SSL library then this option can tell
 curl the nickname of the certificate to use within the NSS database defined
@@ -789,10 +789,12 @@ This option can be used multiple times to add/replace/remove multiple headers.
 be the 128 bit MD5 checksum of the remote host's public key, curl will refuse
 the connection with the host unless the md5sums match. (Added in 7.17.1)
 .IP "--ignore-content-length"
-(HTTP)
-Ignore the Content-Length header. This is particularly useful for servers
-running Apache 1.x, which will report incorrect Content-Length for files
-larger than 2 gigabytes.
+For HTTP, Ignore the Content-Length header. This is particularly useful for
+servers running Apache 1.x, which will report incorrect Content-Length for
+files larger than 2 gigabytes.
+
+For FTP (since 7.46.0), skip the RETR command to figure out the size before
+downloading a file.
 .IP "-i, --include"
 (HTTP) Include the HTTP-header in the output. The HTTP-header includes things
 like server-name, date of the document, HTTP-version and more...
@@ -1472,13 +1474,10 @@ specifies the last 500 bytes
 specifies the bytes from offset 9500 and forward
 .TP
 .B 0-0,-1
-specifies the first and last byte only(*)(H)
-.TP
-.B 500-700,600-799
-specifies 300 bytes from offset 500(H)
+specifies the first and last byte only(*)(HTTP)
 .TP
 .B 100-199,500-599
-specifies two separate 100-byte ranges(*)(H)
+specifies two separate 100-byte ranges(*) (HTTP)
 .RE
 .IP
 (*) = NOTE that this will cause the server to reply with a multipart

docs/examples/makefile.dj

@@ -19,10 +19,6 @@
 # KIND, either express or implied.
 #
 ###########################################################################
-#
-#  Adapted for djgpp / Watt-32 / DOS by
-#  Gisle Vanem <gvanem@broadpark.no>
-#
 
 TOPDIR = ../..
 

docs/libcurl/curl_easy_recv.3

@@ -49,7 +49,7 @@ this option.
 You must ensure that the socket has data to read before calling
 \fIcurl_easy_recv(3)\fP, otherwise the call will return \fBCURLE_AGAIN\fP -
 the socket is used in non-blocking mode internally. Use
-\fIcurl_easy_getinfo(3)\fP with \fBCURLINFO_LASTSOCKET\fP to obtain the
+\fIcurl_easy_getinfo(3)\fP with \fBCURLINFO_ACTIVESOCKET(3)\fP to obtain the
 socket; use your operating system facilities like \fIselect(2)\fP to check if
 it has any data you can read.
 .SH AVAILABILITY

docs/libcurl/curl_easy_send.3

@@ -47,7 +47,7 @@ this option.
 You must ensure that the socket is writable before calling
 \fIcurl_easy_send(3)\fP, otherwise the call will return \fBCURLE_AGAIN\fP -
 the socket is used in non-blocking mode internally. Use
-\fIcurl_easy_getinfo(3)\fP with \fBCURLINFO_LASTSOCKET\fP to obtain the
+\fIcurl_easy_getinfo(3)\fP with \fBCURLINFO_ACTIVESOCKET(3)\fP to obtain the
 socket; use your operating system facilities like \fIselect(2)\fP to check if
 it can be written to.
 .SH AVAILABILITY

docs/libcurl/curl_easy_setopt.3

@@ -297,6 +297,13 @@ Disable Transfer decoding. See \fICURLOPT_HTTP_TRANSFER_DECODING(3)\fP
 100-continue timeout. See \fICURLOPT_EXPECT_100_TIMEOUT_MS(3)\fP
 .IP CURLOPT_PIPEWAIT
 Wait on connection to pipeline on it. See \fICURLOPT_PIPEWAIT(3)\fP
+.IP CURLOPT_STREAM_DEPENDS
+This HTTP/2 stream depends on another. See \fICURLOPT_STREAM_DEPENDS(3)\fP
+.IP CURLOPT_STREAM_DEPENDS_E
+This HTTP/2 stream depends on another exclusively. See
+\fICURLOPT_STREAM_DEPENDS_E(3)\fP
+.IP CURLOPT_STREAM_WEIGHT
+Set this HTTP/2 stream's weight. See \fICURLOPT_STREAM_WEIGHT(3)\fP
 .SH SMTP OPTIONS
 .IP CURLOPT_MAIL_FROM
 Address of the sender. See \fICURLOPT_MAIL_FROM(3)\fP

docs/libcurl/curl_formadd.3

@@ -83,7 +83,18 @@ to send away. libcurl will use the pointer and refer to the data in your
 application, so you must make sure it remains until curl no longer needs it.
 If the data isn't NUL-terminated, or if you'd like it to contain zero bytes,
 you must set its length  with \fBCURLFORM_CONTENTSLENGTH\fP.
+.IP CURLFORM_CONTENTLEN
+followed by a curl_off_t value giving the length of the contents. Note that
+for \fICURLFORM_STREAM\fP contents, this option is mandatory.
+
+If you pass a 0 (zero) for this option, libcurl will instead do a strlen() on
+the contents to figure out the size. If you really want to send a zero byte
+content then you must make sure strlen() on the data pointer returns zero.
+
+(Option added in 7.46.0)
 .IP CURLFORM_CONTENTSLENGTH
+(This option is deprecated. Use \fICURLFORM_CONTENTLEN\fP instead!)
+
 followed by a long giving the length of the contents. Note that for
 \fICURLFORM_STREAM\fP contents, this option is mandatory.
 

docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3

@@ -77,7 +77,8 @@ Returns the header at index 'num' (or NULL). The returned pointer points to a
 Returns the value for the given header name (or NULL). This is a shortcut so
 that the application doesn't have to loop through all headers to find the one
 it is interested in. The data pointed will be freed when this callback
-returns.
+returns. If more than one header field use the same name, this returns only
+the first one.
 .SH CALLBACK RETURN VALUE
 .IP "CURL_PUSH_OK (0)"
 The application has accepted the stream and it can now start receiving data,

docs/libcurl/opts/CURLOPT_CAINFO.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -43,7 +43,7 @@ If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
 .SH DEFAULT
 Built-in system specific
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_CAPATH.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@ to some limitation in openssl.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_CERTINFO.3

@@ -30,9 +30,9 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CERTINFO, long certinfo);
 .SH DESCRIPTION
 Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
 this enabled, libcurl will extract lots of information and data about the
-certificates in the certificate chain used in the SSL connection. This data may
-then be retrieved after a transfer using \fIcurl_easy_getinfo(3)\fP and its
-option \fICURLINFO_CERTINFO\fP.
+certificates in the certificate chain used in the SSL connection. This data
+may then be retrieved after a transfer using \fIcurl_easy_getinfo(3)\fP and
+its option \fICURLINFO_CERTINFO(3)\fP.
 .SH DEFAULT
 0
 .SH PROTOCOLS

docs/libcurl/opts/CURLOPT_CONNECT_ONLY.3

@@ -33,7 +33,7 @@ the required proxy authentication and connection setup, but no data transfer,
 and then return.
 
 The option can be used to simply test a connection to a server, but is more
-useful when used with the \fICURLINFO_LASTSOCKET\fP option to
+useful when used with the \fICURLINFO_ACTIVESOCKET(3)\fP option to
 \fIcurl_easy_getinfo(3)\fP as the library can set up the connection and then
 the application can obtain the most recently used socket for special data
 transfers.

docs/libcurl/opts/CURLOPT_EGDSOCKET.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -33,7 +33,7 @@ socket. It will be used to seed the random engine for SSL.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3

@@ -22,7 +22,7 @@
 .\"
 .TH CURLOPT_IGNORE_CONTENT_LENGTH 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
 .SH NAME
-CURLOPT_IGNORE_CONTENT_LENGTH \- ignore Content-Length in HTTP response
+CURLOPT_IGNORE_CONTENT_LENGTH \- ignore content length
 .SH SYNOPSIS
 .nf
 #include <curl/curl.h>
@@ -30,12 +30,18 @@ CURLOPT_IGNORE_CONTENT_LENGTH \- ignore Content-Length in HTTP response
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_IGNORE_CONTENT_LENGTH,
                           long ignore);
 .SH DESCRIPTION
-If \fIignore\fP is set to 1, ignore the Content-Length header in the HTTP
-response. This is useful for Apache 1.x (and similar servers) which will
+If \fIignore\fP is set to 1L, ignore the Content-Length header in the HTTP
+response and ignore asking for or relying on it for FTP transfers.
+
+This is useful for HTTP with Apache 1.x (and similar servers) which will
 report incorrect content length for files over 2 gigabytes. If this option is
 used, curl will not be able to accurately report progress, and will simply
 stop the download when the server ends the connection.
 
+It is also useful with FTP when for example the file is growing while the
+transfer is in progress which otherwise will unconditionally cause libcurl to
+report error.
+
 Only use this option if strictly necessary.
 .SH DEFAULT
 0
@@ -54,7 +60,7 @@ if(curl) {
 }
 .fi
 .SH AVAILABILITY
-Added in 7.14.1
+Added in 7.14.1. Support for FTP added in 7.46.0.
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"

docs/libcurl/opts/CURLOPT_KEYPASSWD.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -35,7 +35,7 @@ phrase to load a certificate but you need one to load your private key.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3

@@ -42,7 +42,7 @@ On mismatch, \fICURLE_SSL_PINNEDPUBKEYNOTMATCH\fP is returned.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 .nf
 CURL *curl = curl_easy_init();

docs/libcurl/opts/CURLOPT_SSLCERT.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -43,7 +43,7 @@ private key with \fICURLOPT_SSLKEY(3)\fP.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ PKCS#12-encoded files.
 .SH DEFAULT
 "PEM"
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSLENGINE.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ returned.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ returned.
 .SH DEFAULT
 None
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSLKEY.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -38,7 +38,7 @@ present in the keychain or PKCS#12 file containing the certificate.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -38,7 +38,7 @@ engine. You have to set the crypto engine with \fICURLOPT_SSLENGINE(3)\fP.
 .SH DEFAULT
 "PEM"
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSLVERSION.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -52,7 +52,7 @@ TLSv1.2 (Added in 7.34.0)
 .SH DEFAULT
 CURL_SSLVERSION_DEFAULT
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 .nf
 CURL *curl = curl_easy_init();

docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -53,7 +53,7 @@ You'll find more details about the NSS cipher lists on this URL:
 .SH DEFAULT
 NULL, use internal default
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -34,7 +34,7 @@ parameter.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -59,7 +59,7 @@ and trust file settings.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3

@@ -37,7 +37,7 @@ round trip when performing a full handshake.
 .SH DEFAULT
 0
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3

@@ -64,7 +64,7 @@ also set to zero and cannot be overridden.
 .SH DEFAULT
 2
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 .nf
 CURL *curl = curl_easy_init();

docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3

@@ -60,7 +60,7 @@ the correct end-point.
 .SH DEFAULT
 By default, curl assumes a value of 1.
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 .nf
 CURL *curl = curl_easy_init();

docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3

@@ -38,7 +38,7 @@ extension, the verification will fail.
 .SH DEFAULT
 0
 .SH PROTOCOLS
-All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY

docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3

@@ -0,0 +1,56 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_STREAM_DEPENDS 3 "13 Sep 2015" "libcurl 7.46.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_STREAM_DEPENDS \- set stream this transfer depends on
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STREAM_DEPENDS, CURL *dephandle);
+.SH DESCRIPTION
+Pass a CURL * pointer in \fIdephandle\fP to identify the stream within the
+same connection that this stream is depending upon. This option clears the
+exclusive it and is mutually exclusive to the
+\fICURLOPT_STREAM_DEPENDS_E(3)\fP option.
+
+The spec says "Including a dependency expresses a preference to allocate
+resources to the identified stream rather than to the dependent stream."
+
+This option can be set during transfer.
+
+\fIdephandle\fP must not be the same as \fIhandle\fP, that will cause this
+function to return an error. It must be another easy handle, and it also needs
+to be a handle of a transfer that will be sent over the same HTTP/2 connection
+for this option to have an actual effect.
+.SH DEFAULT
+NULL
+.SH PROTOCOLS
+HTTP/2
+.SH EXAMPLE
+TODO
+.SH AVAILABILITY
+Added in 7.46.0
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
+.SH "SEE ALSO"
+.BR CURLOPT_STREAM_WEIGHT "(3), " CURLOPT_STREAM_DEPENDS_E "(3), "

docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3

@@ -0,0 +1,59 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_STREAM_DEPENDS_E 3 "13 Sep 2015" "libcurl 7.46.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_STREAM_DEPENDS_E \- set stream this transfer depends on execlusively
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STREAM_DEPENDS_E, CURL *dephandle);
+.SH DESCRIPTION
+Pass a CURL * pointer in \fIdephandle\fP to identify the stream within the
+same connection that this stream is depending upon exclusively. That means it
+depends on it and sets the Exclusive bit.
+
+The spec says "Including a dependency expresses a preference to allocate
+resources to the identified stream rather than to the dependent stream."
+
+Setting a dependency with the exclusive flag for a reprioritized stream causes
+all the dependencies of the new parent stream to become dependent on the
+reprioritized stream.
+
+This option can be set during transfer.
+
+\fIdephandle\fP must not be the same as \fIhandle\fP, that will cause this
+function to return an error. It must be another easy handle, and it also needs
+to be a handle of a transfer that will be sent over the same HTTP/2 connection
+for this option to have an actual effect.
+.SH DEFAULT
+NULL
+.SH PROTOCOLS
+HTTP/2
+.SH EXAMPLE
+TODO
+.SH AVAILABILITY
+Added in 7.46.0
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
+.SH "SEE ALSO"
+.BR CURLOPT_STREAM_WEIGHT "(3), " CURLOPT_STREAM_DEPENDS "(3), "

docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3

@@ -0,0 +1,63 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_STREAM_WEIGHT 3 "13 Sep 2015" "libcurl 7.46.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_STREAM_WEIGHT \- set numerical stream weight
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STREAM_WEIGHT, long weight);
+.SH DESCRIPTION
+Set the long \fIweight\fP to a number between 1 and 256.
+
+When using HTTP/2, this option sets the individual weight for this particular
+stream used by the easy \fIhandle\fP. Setting and using weights only makes
+sense and is only usable when doing multiple streams over the same
+connections, which thus implies that you use \fICURLMOPT_PIPELINING(3)\fP.
+
+This option can be set during transfer and will then cause the updated weight
+info get sent to the server the next time a HTTP/2 frame is sent to the
+server.
+
+See section 5.3 of RFC 7540 for protocol details:
+https://httpwg.github.io/specs/rfc7540.html#StreamPriority
+
+Streams with the same parent should be allocated resources proportionally
+based on their weight. So if you have two streams going, stream A with weight
+16 and stream B with weight 32, stream B will get two thirds (32/48) of the
+available bandwidth (assuming the server can send off the data equally for
+both streams).
+.SH DEFAULT
+If nothing is set, the HTTP/2 protocol itself will use its own default which
+is 16.
+.SH PROTOCOLS
+HTTP/2
+.SH EXAMPLE
+TODO
+.SH AVAILABILITY
+Added in 7.46.0
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
+.SH "SEE ALSO"
+.BR CURLOPT_STREAM_DEPENDS "(3), " CURLOPT_STREAM_DEPENDS_E "(3), "
+.BR CURLOPT_PIPEWAIT "(3), " CURLMOPT_PIPELINING "(3), "

docs/libcurl/opts/Makefile.am

@@ -106,7 +106,8 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3		\
  CURLOPT_USE_SSL.3 CURLOPT_VERBOSE.3 CURLOPT_WILDCARDMATCH.3		\
  CURLOPT_WRITEDATA.3 CURLOPT_WRITEFUNCTION.3 CURLOPT_XFERINFODATA.3	\
  CURLOPT_XFERINFOFUNCTION.3 CURLOPT_XOAUTH2_BEARER.3			\
- CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3					\
+ CURLOPT_STREAM_DEPENDS.3 CURLOPT_STREAM_DEPENDS_E.3			\
+ CURLOPT_STREAM_WEIGHT.3 CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3		\
  CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 CURLMOPT_MAXCONNECTS.3		\
  CURLMOPT_MAX_HOST_CONNECTIONS.3 CURLMOPT_MAX_PIPELINE_LENGTH.3		\
  CURLMOPT_MAX_TOTAL_CONNECTIONS.3 CURLMOPT_PIPELINING.3			\
@@ -233,7 +234,8 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
  CURLOPT_VERBOSE.html CURLOPT_WILDCARDMATCH.html CURLOPT_WRITEDATA.html	\
  CURLOPT_WRITEFUNCTION.html CURLOPT_XFERINFODATA.html			\
  CURLOPT_XFERINFOFUNCTION.html CURLOPT_XOAUTH2_BEARER.html		\
- CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.html				\
+ CURLOPT_STREAM_DEPENDS.html CURLOPT_STREAM_DEPENDS_E.html		\
+ CURLOPT_STREAM_WEIGHT.html CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.html	\
  CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.html CURLMOPT_MAXCONNECTS.html	\
  CURLMOPT_MAX_HOST_CONNECTIONS.html CURLMOPT_MAX_PIPELINE_LENGTH.html	\
  CURLMOPT_MAX_TOTAL_CONNECTIONS.html CURLMOPT_PIPELINING.html		\
@@ -362,7 +364,8 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf	\
  CURLOPT_VERBOSE.pdf CURLOPT_WILDCARDMATCH.pdf CURLOPT_WRITEDATA.pdf	\
  CURLOPT_WRITEFUNCTION.pdf CURLOPT_XFERINFODATA.pdf			\
  CURLOPT_XFERINFOFUNCTION.pdf CURLOPT_XOAUTH2_BEARER.pdf		\
- CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf					\
+ CURLOPT_STREAM_DEPENDS.pdf CURLOPT_STREAM_DEPENDS_E.pdf		\
+ CURLOPT_STREAM_WEIGHT.pdf CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf	\
  CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.pdf CURLMOPT_MAXCONNECTS.pdf	\
  CURLMOPT_MAX_HOST_CONNECTIONS.pdf CURLMOPT_MAX_PIPELINE_LENGTH.pdf	\
  CURLMOPT_MAX_TOTAL_CONNECTIONS.pdf CURLMOPT_PIPELINING.pdf		\

docs/libcurl/symbols-in-versions

@@ -164,6 +164,7 @@ CURLFORM_BUFFER                 7.9.8
 CURLFORM_BUFFERLENGTH           7.9.8
 CURLFORM_BUFFERPTR              7.9.8
 CURLFORM_CONTENTHEADER          7.9.3
+CURLFORM_CONTENTLEN             7.46.0
 CURLFORM_CONTENTSLENGTH         7.9
 CURLFORM_CONTENTTYPE            7.9
 CURLFORM_COPYCONTENTS           7.9
@@ -236,6 +237,7 @@ CURLINFO_PRIMARY_IP             7.19.0
 CURLINFO_PRIMARY_PORT           7.21.0
 CURLINFO_PRIVATE                7.10.3
 CURLINFO_PROXYAUTH_AVAIL        7.10.8
+CURLINFO_PROXY_SSL_VERIFYRESULT 7.44.0
 CURLINFO_REDIRECT_COUNT         7.9.7
 CURLINFO_REDIRECT_TIME          7.9.7
 CURLINFO_REDIRECT_URL           7.18.2
@@ -308,6 +310,7 @@ CURLOPTTYPE_FUNCTIONPOINT       7.1
 CURLOPTTYPE_LONG                7.1
 CURLOPTTYPE_OBJECTPOINT         7.1
 CURLOPTTYPE_OFF_T               7.11.0
+CURLOPTTYPE_STRINGPOINT         7.46.0
 CURLOPT_ACCEPTTIMEOUT_MS        7.24.0
 CURLOPT_ACCEPT_ENCODING         7.21.6
 CURLOPT_ADDRESS_SCOPE           7.19.0
@@ -460,7 +463,23 @@ CURLOPT_PROXYPORT               7.1
 CURLOPT_PROXYTYPE               7.10
 CURLOPT_PROXYUSERNAME           7.19.1
 CURLOPT_PROXYUSERPWD            7.1
+CURLOPT_PROXY_CAINFO            7.44.0
+CURLOPT_PROXY_CAPATH            7.44.0
+CURLOPT_PROXY_CRLFILE           7.44.0
+CURLOPT_PROXY_KEYPASSWD         7.44.0
 CURLOPT_PROXY_SERVICE_NAME      7.43.0
+CURLOPT_PROXY_SSLCERT           7.44.0
+CURLOPT_PROXY_SSLCERTTYPE       7.44.0
+CURLOPT_PROXY_SSLKEY            7.44.0
+CURLOPT_PROXY_SSLKEYTYPE        7.44.0
+CURLOPT_PROXY_SSLVERSION        7.44.0
+CURLOPT_PROXY_SSL_CIPHER_LIST   7.44.0
+CURLOPT_PROXY_SSL_OPTIONS       7.44.0
+CURLOPT_PROXY_SSL_VERIFYHOST    7.44.0
+CURLOPT_PROXY_SSL_VERIFYPEER    7.44.0
+CURLOPT_PROXY_TLSAUTH_PASSWORD  7.44.0
+CURLOPT_PROXY_TLSAUTH_TYPE      7.44.0
+CURLOPT_PROXY_TLSAUTH_USERNAME  7.44.0
 CURLOPT_PROXY_TRANSFER_MODE     7.18.0
 CURLOPT_PUT                     7.1
 CURLOPT_QUOTE                   7.1
@@ -490,6 +509,8 @@ CURLOPT_SOCKOPTDATA             7.16.0
 CURLOPT_SOCKOPTFUNCTION         7.16.0
 CURLOPT_SOCKS5_GSSAPI_NEC       7.19.4
 CURLOPT_SOCKS5_GSSAPI_SERVICE   7.19.4
+CURLOPT_SOCKS_PROXY             7.44.0
+CURLOPT_SOCKS_PROXYTYPE         7.44.0
 CURLOPT_SOURCE_HOST             7.12.1        -           7.15.5
 CURLOPT_SOURCE_PATH             7.12.1        -           7.15.5
 CURLOPT_SOURCE_PORT             7.12.1        -           7.15.5
@@ -526,6 +547,9 @@ CURLOPT_SSL_VERIFYHOST          7.8.1
 CURLOPT_SSL_VERIFYPEER          7.4.2
 CURLOPT_SSL_VERIFYSTATUS        7.41.0
 CURLOPT_STDERR                  7.1
+CURLOPT_STREAM_DEPENDS          7.46.0
+CURLOPT_STREAM_DEPENDS_E        7.46.0
+CURLOPT_STREAM_WEIGHT           7.46.0
 CURLOPT_TCP_KEEPALIVE           7.25.0
 CURLOPT_TCP_KEEPIDLE            7.25.0
 CURLOPT_TCP_KEEPINTVL           7.25.0
@@ -598,6 +622,7 @@ CURLPROTO_TELNET                7.19.4
 CURLPROTO_TFTP                  7.19.4
 CURLPROXY_HTTP                  7.10
 CURLPROXY_HTTP_1_0              7.19.4
+CURLPROXY_HTTPS                 7.44.0
 CURLPROXY_SOCKS4                7.10
 CURLPROXY_SOCKS4A               7.18.0
 CURLPROXY_SOCKS5                7.10
@@ -629,6 +654,7 @@ CURLSSLBACKEND_CYASSL           7.34.0
 CURLSSLBACKEND_DARWINSSL        7.34.0
 CURLSSLBACKEND_GNUTLS           7.34.0
 CURLSSLBACKEND_GSKIT            7.34.0
+CURLSSLBACKEND_MBEDTLS          7.46.0
 CURLSSLBACKEND_NONE             7.34.0
 CURLSSLBACKEND_NSS              7.34.0
 CURLSSLBACKEND_OPENSSL          7.34.0
@@ -674,10 +700,18 @@ CURL_GLOBAL_DEFAULT             7.8
 CURL_GLOBAL_NOTHING             7.8
 CURL_GLOBAL_SSL                 7.8
 CURL_GLOBAL_WIN32               7.8.1
+CURL_HTTPPOST_BUFFER            7.46.0
+CURL_HTTPPOST_CALLBACK          7.46.0
+CURL_HTTPPOST_FILENAME          7.46.0
+CURL_HTTPPOST_LARGE             7.46.0
+CURL_HTTPPOST_PTRBUFFER         7.46.0
+CURL_HTTPPOST_PTRCONTENTS       7.46.0
+CURL_HTTPPOST_PTRNAME           7.46.0
+CURL_HTTPPOST_READFILE          7.46.0
 CURL_HTTP_VERSION_1_0           7.9.1
 CURL_HTTP_VERSION_1_1           7.9.1
-CURL_HTTP_VERSION_2_0           7.33.0
 CURL_HTTP_VERSION_2             7.43.0
+CURL_HTTP_VERSION_2_0           7.33.0
 CURL_HTTP_VERSION_NONE          7.9.1
 CURL_IPRESOLVE_V4               7.10.8
 CURL_IPRESOLVE_V6               7.10.8

include/curl/curl.h

@@ -127,7 +127,8 @@ struct curl_httppost {
   char *name;                       /* pointer to allocated name */
   long namelength;                  /* length of name length */
   char *contents;                   /* pointer to allocated data contents */
-  long contentslength;              /* length of contents field */
+  long contentslength;              /* length of contents field, see also
+                                       CURL_HTTPPOST_LARGE */
   char *buffer;                     /* pointer to allocated buffer contents */
   long bufferlength;                /* length of buffer field */
   char *contenttype;                /* Content-Type */
@@ -136,24 +137,33 @@ struct curl_httppost {
                                        file, this link should link to following
                                        files */
   long flags;                       /* as defined below */
-#define HTTPPOST_FILENAME (1<<0)    /* specified content is a file name */
-#define HTTPPOST_READFILE (1<<1)    /* specified content is a file name */
-#define HTTPPOST_PTRNAME (1<<2)     /* name is only stored pointer
-                                       do not free in formfree */
-#define HTTPPOST_PTRCONTENTS (1<<3) /* contents is only stored pointer
-                                       do not free in formfree */
-#define HTTPPOST_BUFFER (1<<4)      /* upload file from buffer */
-#define HTTPPOST_PTRBUFFER (1<<5)   /* upload file from pointer contents */
-#define HTTPPOST_CALLBACK (1<<6)    /* upload file contents by using the
-                                       regular read callback to get the data
-                                       and pass the given pointer as custom
-                                       pointer */
+
+/* specified content is a file name */
+#define CURL_HTTPPOST_FILENAME (1<<0)
+/* specified content is a file name */
+#define CURL_HTTPPOST_READFILE (1<<1)
+/* name is only stored pointer do not free in formfree */
+#define CURL_HTTPPOST_PTRNAME (1<<2)
+/* contents is only stored pointer do not free in formfree */
+#define CURL_HTTPPOST_PTRCONTENTS (1<<3)
+/* upload file from buffer */
+#define CURL_HTTPPOST_BUFFER (1<<4)
+/* upload file from pointer contents */
+#define CURL_HTTPPOST_PTRBUFFER (1<<5)
+/* upload file contents by using the regular read callback to get the data and
+   pass the given pointer as custom pointer */
+#define CURL_HTTPPOST_CALLBACK (1<<6)
+/* use size in 'contentlen', added in 7.46.0 */
+#define CURL_HTTPPOST_LARGE (1<<7)
 
   char *showfilename;               /* The file name to show. If not set, the
                                        actual file name will be used (if this
                                        is a file part) */
   void *userp;                      /* custom pointer used for
                                        HTTPPOST_CALLBACK posts */
+  curl_off_t contentlen;            /* alternative length of contents
+                                       field. Used if CURL_HTTPPOST_LARGE is
+                                       set. Added in 7.46.0 */
 };
 
 /* This is the CURLOPT_PROGRESSFUNCTION callback proto. It is now considered
@@ -612,6 +622,7 @@ typedef enum {
                            CONNECT HTTP/1.1 */
   CURLPROXY_HTTP_1_0 = 1,   /* added in 7.19.4, force to use CONNECT
                                HTTP/1.0  */
+  CURLPROXY_HTTPS = 2, /* added in TBD */
   CURLPROXY_SOCKS4 = 4, /* support added in 7.15.2, enum existed already
                            in 7.10 */
   CURLPROXY_SOCKS5 = 5, /* added in 7.10 */
@@ -818,9 +829,13 @@ typedef enum {
    but 32 */
 #define CURLOPTTYPE_LONG          0
 #define CURLOPTTYPE_OBJECTPOINT   10000
+#define CURLOPTTYPE_STRINGPOINT   10000
 #define CURLOPTTYPE_FUNCTIONPOINT 20000
 #define CURLOPTTYPE_OFF_T         30000
 
+/* *STRINGPOINT is an alias for OBJECTPOINT to allow tools to extract the
+   string options from the header file */
+
 /* name is uppercase CURLOPT_<name>,
    type is one of the defined CURLOPTTYPE_<type>
    number is unique identifier */
@@ -834,6 +849,7 @@ typedef enum {
 /* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */
 #define LONG          CURLOPTTYPE_LONG
 #define OBJECTPOINT   CURLOPTTYPE_OBJECTPOINT
+#define STRINGPOINT   CURLOPTTYPE_OBJECTPOINT
 #define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT
 #define OFF_T         CURLOPTTYPE_OFF_T
 #define CINIT(name,type,number) CURLOPT_/**/name = type + number
@@ -850,22 +866,22 @@ typedef enum {
   CINIT(WRITEDATA, OBJECTPOINT, 1),
 
   /* The full URL to get/put */
-  CINIT(URL, OBJECTPOINT, 2),
+  CINIT(URL, STRINGPOINT, 2),
 
   /* Port number to connect to, if other than default. */
   CINIT(PORT, LONG, 3),
 
   /* Name of proxy to use. */
-  CINIT(PROXY, OBJECTPOINT, 4),
+  CINIT(PROXY, STRINGPOINT, 4),
 
   /* "user:password;options" to use when fetching. */
-  CINIT(USERPWD, OBJECTPOINT, 5),
+  CINIT(USERPWD, STRINGPOINT, 5),
 
   /* "user:password" to use with proxy. */
-  CINIT(PROXYUSERPWD, OBJECTPOINT, 6),
+  CINIT(PROXYUSERPWD, STRINGPOINT, 6),
 
   /* Range to get, specified as an ASCII string. */
-  CINIT(RANGE, OBJECTPOINT, 7),
+  CINIT(RANGE, STRINGPOINT, 7),
 
   /* not used */
 
@@ -902,14 +918,14 @@ typedef enum {
   CINIT(POSTFIELDS, OBJECTPOINT, 15),
 
   /* Set the referrer page (needed by some CGIs) */
-  CINIT(REFERER, OBJECTPOINT, 16),
+  CINIT(REFERER, STRINGPOINT, 16),
 
   /* Set the FTP PORT string (interface name, named or numerical IP address)
      Use i.e '-' to use default address. */
-  CINIT(FTPPORT, OBJECTPOINT, 17),
+  CINIT(FTPPORT, STRINGPOINT, 17),
 
   /* Set the User-Agent string (examined by some CGIs) */
-  CINIT(USERAGENT, OBJECTPOINT, 18),
+  CINIT(USERAGENT, STRINGPOINT, 18),
 
   /* If the download receives less than "low speed limit" bytes/second
    * during "low speed time" seconds, the operations is aborted.
@@ -932,7 +948,7 @@ typedef enum {
   CINIT(RESUME_FROM, LONG, 21),
 
   /* Set cookie in request: */
-  CINIT(COOKIE, OBJECTPOINT, 22),
+  CINIT(COOKIE, STRINGPOINT, 22),
 
   /* This points to a linked list of headers, struct curl_slist kind. This
      list is also used for RTSP (in spite of its name) */
@@ -942,10 +958,10 @@ typedef enum {
   CINIT(HTTPPOST, OBJECTPOINT, 24),
 
   /* name of the file keeping your private SSL-certificate */
-  CINIT(SSLCERT, OBJECTPOINT, 25),
+  CINIT(SSLCERT, STRINGPOINT, 25),
 
   /* password for the SSL or SSH private key */
-  CINIT(KEYPASSWD, OBJECTPOINT, 26),
+  CINIT(KEYPASSWD, STRINGPOINT, 26),
 
   /* send TYPE parameter? */
   CINIT(CRLF, LONG, 27),
@@ -959,7 +975,7 @@ typedef enum {
 
   /* point to a file to read the initial cookies from, also enables
      "cookie awareness" */
-  CINIT(COOKIEFILE, OBJECTPOINT, 31),
+  CINIT(COOKIEFILE, STRINGPOINT, 31),
 
   /* What version to specifically try to use.
      See CURL_SSLVERSION defines below. */
@@ -978,9 +994,9 @@ typedef enum {
      HTTP: DELETE, TRACE and others
      FTP: to use a different list command
      */
-  CINIT(CUSTOMREQUEST, OBJECTPOINT, 36),
+  CINIT(CUSTOMREQUEST, STRINGPOINT, 36),
 
-  /* HTTP request, for odd commands like DELETE, TRACE and others */
+  /* FILE handle to use instead of stderr */
   CINIT(STDERR, OBJECTPOINT, 37),
 
   /* 38 is not used */
@@ -1037,19 +1053,19 @@ typedef enum {
   CINIT(HTTPPROXYTUNNEL, LONG, 61),
 
   /* Set the interface string to use as outgoing network interface */
-  CINIT(INTERFACE, OBJECTPOINT, 62),
+  CINIT(INTERFACE, STRINGPOINT, 62),
 
   /* Set the krb4/5 security level, this also enables krb4/5 awareness.  This
    * is a string, 'clear', 'safe', 'confidential' or 'private'.  If the string
    * is set but doesn't match one of these, 'private' will be used.  */
-  CINIT(KRBLEVEL, OBJECTPOINT, 63),
+  CINIT(KRBLEVEL, STRINGPOINT, 63),
 
   /* Set if we should verify the peer in ssl handshake, set 1 to verify. */
   CINIT(SSL_VERIFYPEER, LONG, 64),
 
   /* The CApath or CAfile used to validate the peer certificate
      this option is used only if SSL_VERIFYPEER is true */
-  CINIT(CAINFO, OBJECTPOINT, 65),
+  CINIT(CAINFO, STRINGPOINT, 65),
 
   /* 66 = OBSOLETE */
   /* 67 = OBSOLETE */
@@ -1083,10 +1099,10 @@ typedef enum {
 
   /* Set to a file name that contains random data for libcurl to use to
      seed the random engine when doing SSL connects. */
-  CINIT(RANDOM_FILE, OBJECTPOINT, 76),
+  CINIT(RANDOM_FILE, STRINGPOINT, 76),
 
   /* Set to the Entropy Gathering Daemon socket pathname */
-  CINIT(EGDSOCKET, OBJECTPOINT, 77),
+  CINIT(EGDSOCKET, STRINGPOINT, 77),
 
   /* Time-out connect operations after this amount of seconds, if connects are
      OK within this time, then fine... This only aborts the connect phase. */
@@ -1108,10 +1124,10 @@ typedef enum {
 
   /* Specify which file name to write all known cookies in after completed
      operation. Set file name to "-" (dash) to make it go to stdout. */
-  CINIT(COOKIEJAR, OBJECTPOINT, 82),
+  CINIT(COOKIEJAR, STRINGPOINT, 82),
 
   /* Specify which SSL ciphers to use */
-  CINIT(SSL_CIPHER_LIST, OBJECTPOINT, 83),
+  CINIT(SSL_CIPHER_LIST, STRINGPOINT, 83),
 
   /* Specify which HTTP version to use! This must be set to one of the
      CURL_HTTP_VERSION* enums set below. */
@@ -1123,16 +1139,16 @@ typedef enum {
   CINIT(FTP_USE_EPSV, LONG, 85),
 
   /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") */
-  CINIT(SSLCERTTYPE, OBJECTPOINT, 86),
+  CINIT(SSLCERTTYPE, STRINGPOINT, 86),
 
   /* name of the file keeping your private SSL-key */
-  CINIT(SSLKEY, OBJECTPOINT, 87),
+  CINIT(SSLKEY, STRINGPOINT, 87),
 
   /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") */
-  CINIT(SSLKEYTYPE, OBJECTPOINT, 88),
+  CINIT(SSLKEYTYPE, STRINGPOINT, 88),
 
   /* crypto engine for the SSL-sub system */
-  CINIT(SSLENGINE, OBJECTPOINT, 89),
+  CINIT(SSLENGINE, STRINGPOINT, 89),
 
   /* set the crypto engine for the SSL-sub system as default
      the param has no meaning...
@@ -1159,7 +1175,7 @@ typedef enum {
 
   /* The CApath directory used to validate the peer certificate
      this option is used only if SSL_VERIFYPEER is true */
-  CINIT(CAPATH, OBJECTPOINT, 97),
+  CINIT(CAPATH, STRINGPOINT, 97),
 
   /* Instruct libcurl to use a smaller receive buffer */
   CINIT(BUFFERSIZE, LONG, 98),
@@ -1173,13 +1189,14 @@ typedef enum {
   CINIT(SHARE, OBJECTPOINT, 100),
 
   /* indicates type of proxy. accepted values are CURLPROXY_HTTP (default),
-     CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5. */
+     CURLPROXY_HTTPS, CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and
+     CURLPROXY_SOCKS5. */
   CINIT(PROXYTYPE, LONG, 101),
 
   /* Set the Accept-Encoding string. Use this to tell a server you would like
      the response to be compressed. Before 7.21.6, this was known as
      CURLOPT_ENCODING */
-  CINIT(ACCEPT_ENCODING, OBJECTPOINT, 102),
+  CINIT(ACCEPT_ENCODING, STRINGPOINT, 102),
 
   /* Set pointer to private data */
   CINIT(PRIVATE, OBJECTPOINT, 103),
@@ -1260,7 +1277,7 @@ typedef enum {
      to parse (using the CURLOPT_NETRC option). If not set, libcurl will do
      a poor attempt to find the user's home directory and check for a .netrc
      file in there. */
-  CINIT(NETRC_FILE, OBJECTPOINT, 118),
+  CINIT(NETRC_FILE, STRINGPOINT, 118),
 
   /* Enable SSL/TLS for FTP, pick one of:
      CURLUSESSL_TRY     - try using SSL, proceed anyway otherwise
@@ -1303,10 +1320,10 @@ typedef enum {
 
   /* zero terminated string for pass on to the FTP server when asked for
      "account" info */
-  CINIT(FTP_ACCOUNT, OBJECTPOINT, 134),
+  CINIT(FTP_ACCOUNT, STRINGPOINT, 134),
 
-  /* feed cookies into cookie engine */
-  CINIT(COOKIELIST, OBJECTPOINT, 135),
+  /* feed cookie into cookie engine */
+  CINIT(COOKIELIST, STRINGPOINT, 135),
 
   /* ignore Content-Length */
   CINIT(IGNORE_CONTENT_LENGTH, LONG, 136),
@@ -1352,7 +1369,7 @@ typedef enum {
   CINIT(MAX_RECV_SPEED_LARGE, OFF_T, 146),
 
   /* Pointer to command string to send if USER/PASS fails. */
-  CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147),
+  CINIT(FTP_ALTERNATIVE_TO_USER, STRINGPOINT, 147),
 
   /* callback function for setting socket options */
   CINIT(SOCKOPTFUNCTION, FUNCTIONPOINT, 148),
@@ -1366,8 +1383,8 @@ typedef enum {
   CINIT(SSH_AUTH_TYPES, LONG, 151),
 
   /* Used by scp/sftp to do public/private key authentication */
-  CINIT(SSH_PUBLIC_KEYFILE, OBJECTPOINT, 152),
-  CINIT(SSH_PRIVATE_KEYFILE, OBJECTPOINT, 153),
+  CINIT(SSH_PUBLIC_KEYFILE, STRINGPOINT, 152),
+  CINIT(SSH_PRIVATE_KEYFILE, STRINGPOINT, 153),
 
   /* Send CCC (Clear Command Channel) after authentication */
   CINIT(FTP_SSL_CCC, LONG, 154),
@@ -1391,7 +1408,7 @@ typedef enum {
   CINIT(POSTREDIR, LONG, 161),
 
   /* used by scp/sftp to verify the host's public key */
-  CINIT(SSH_HOST_PUBLIC_KEY_MD5, OBJECTPOINT, 162),
+  CINIT(SSH_HOST_PUBLIC_KEY_MD5, STRINGPOINT, 162),
 
   /* Callback function for opening socket (instead of socket(2)). Optionally,
      callback is able change the address or refuse to connect returning
@@ -1411,10 +1428,10 @@ typedef enum {
   CINIT(SEEKDATA, OBJECTPOINT, 168),
 
   /* CRL file */
-  CINIT(CRLFILE, OBJECTPOINT, 169),
+  CINIT(CRLFILE, STRINGPOINT, 169),
 
   /* Issuer certificate */
-  CINIT(ISSUERCERT, OBJECTPOINT, 170),
+  CINIT(ISSUERCERT, STRINGPOINT, 170),
 
   /* (IPv6) Address scope */
   CINIT(ADDRESS_SCOPE, LONG, 171),
@@ -1424,12 +1441,12 @@ typedef enum {
   CINIT(CERTINFO, LONG, 172),
 
   /* "name" and "pwd" to use when fetching. */
-  CINIT(USERNAME, OBJECTPOINT, 173),
-  CINIT(PASSWORD, OBJECTPOINT, 174),
+  CINIT(USERNAME, STRINGPOINT, 173),
+  CINIT(PASSWORD, STRINGPOINT, 174),
 
     /* "name" and "pwd" to use with Proxy when fetching. */
-  CINIT(PROXYUSERNAME, OBJECTPOINT, 175),
-  CINIT(PROXYPASSWORD, OBJECTPOINT, 176),
+  CINIT(PROXYUSERNAME, STRINGPOINT, 175),
+  CINIT(PROXYPASSWORD, STRINGPOINT, 176),
 
   /* Comma separated list of hostnames defining no-proxy zones. These should
      match both hostnames directly, and hostnames within a domain. For
@@ -1438,13 +1455,13 @@ typedef enum {
      implementations of this, .local.com will be considered to be the same as
      local.com. A single * is the only valid wildcard, and effectively
      disables the use of proxy. */
-  CINIT(NOPROXY, OBJECTPOINT, 177),
+  CINIT(NOPROXY, STRINGPOINT, 177),
 
   /* block size for TFTP transfers */
   CINIT(TFTP_BLKSIZE, LONG, 178),
 
   /* Socks Service */
-  CINIT(SOCKS5_GSSAPI_SERVICE, OBJECTPOINT, 179),
+  CINIT(SOCKS5_GSSAPI_SERVICE, STRINGPOINT, 179),
 
   /* Socks Service */
   CINIT(SOCKS5_GSSAPI_NEC, LONG, 180),
@@ -1462,7 +1479,7 @@ typedef enum {
   CINIT(REDIR_PROTOCOLS, LONG, 182),
 
   /* set the SSH knownhost file name to use */
-  CINIT(SSH_KNOWNHOSTS, OBJECTPOINT, 183),
+  CINIT(SSH_KNOWNHOSTS, STRINGPOINT, 183),
 
   /* set the SSH host key callback, must point to a curl_sshkeycallback
      function */
@@ -1472,9 +1489,9 @@ typedef enum {
   CINIT(SSH_KEYDATA, OBJECTPOINT, 185),
 
   /* set the SMTP mail originator */
-  CINIT(MAIL_FROM, OBJECTPOINT, 186),
+  CINIT(MAIL_FROM, STRINGPOINT, 186),
 
-  /* set the SMTP mail receiver(s) */
+  /* set the list of SMTP mail receiver(s) */
   CINIT(MAIL_RCPT, OBJECTPOINT, 187),
 
   /* FTP: send PRET before PASV */
@@ -1484,13 +1501,13 @@ typedef enum {
   CINIT(RTSP_REQUEST, LONG, 189),
 
   /* The RTSP session identifier */
-  CINIT(RTSP_SESSION_ID, OBJECTPOINT, 190),
+  CINIT(RTSP_SESSION_ID, STRINGPOINT, 190),
 
   /* The RTSP stream URI */
-  CINIT(RTSP_STREAM_URI, OBJECTPOINT, 191),
+  CINIT(RTSP_STREAM_URI, STRINGPOINT, 191),
 
   /* The Transport: header to use in RTSP requests */
-  CINIT(RTSP_TRANSPORT, OBJECTPOINT, 192),
+  CINIT(RTSP_TRANSPORT, STRINGPOINT, 192),
 
   /* Manually initialize the client RTSP CSeq for this handle */
   CINIT(RTSP_CLIENT_CSEQ, LONG, 193),
@@ -1528,13 +1545,13 @@ typedef enum {
   CINIT(RESOLVE, OBJECTPOINT, 203),
 
   /* Set a username for authenticated TLS */
-  CINIT(TLSAUTH_USERNAME, OBJECTPOINT, 204),
+  CINIT(TLSAUTH_USERNAME, STRINGPOINT, 204),
 
   /* Set a password for authenticated TLS */
-  CINIT(TLSAUTH_PASSWORD, OBJECTPOINT, 205),
+  CINIT(TLSAUTH_PASSWORD, STRINGPOINT, 205),
 
   /* Set authentication type for authenticated TLS */
-  CINIT(TLSAUTH_TYPE, OBJECTPOINT, 206),
+  CINIT(TLSAUTH_TYPE, STRINGPOINT, 206),
 
   /* Set to 1 to enable the "TE:" header in HTTP requests to ask for
      compressed transfer-encoded responses. Set to 0 to disable the use of TE:
@@ -1557,7 +1574,7 @@ typedef enum {
   CINIT(GSSAPI_DELEGATION, LONG, 210),
 
   /* Set the name servers to use for DNS resolution */
-  CINIT(DNS_SERVERS, OBJECTPOINT, 211),
+  CINIT(DNS_SERVERS, STRINGPOINT, 211),
 
   /* Time-out accept operations (currently for FTP only) after this amount
      of miliseconds. */
@@ -1574,7 +1591,7 @@ typedef enum {
   CINIT(SSL_OPTIONS, LONG, 216),
 
   /* Set the SMTP auth originator */
-  CINIT(MAIL_AUTH, OBJECTPOINT, 217),
+  CINIT(MAIL_AUTH, STRINGPOINT, 217),
 
   /* Enable/disable SASL initial response */
   CINIT(SASL_IR, LONG, 218),
@@ -1585,23 +1602,23 @@ typedef enum {
   CINIT(XFERINFOFUNCTION, FUNCTIONPOINT, 219),
 
   /* The XOAUTH2 bearer token */
-  CINIT(XOAUTH2_BEARER, OBJECTPOINT, 220),
+  CINIT(XOAUTH2_BEARER, STRINGPOINT, 220),
 
   /* Set the interface string to use as outgoing network
    * interface for DNS requests.
    * Only supported by the c-ares DNS backend */
-  CINIT(DNS_INTERFACE, OBJECTPOINT, 221),
+  CINIT(DNS_INTERFACE, STRINGPOINT, 221),
 
   /* Set the local IPv4 address to use for outgoing DNS requests.
    * Only supported by the c-ares DNS backend */
-  CINIT(DNS_LOCAL_IP4, OBJECTPOINT, 222),
+  CINIT(DNS_LOCAL_IP4, STRINGPOINT, 222),
 
   /* Set the local IPv4 address to use for outgoing DNS requests.
    * Only supported by the c-ares DNS backend */
-  CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223),
+  CINIT(DNS_LOCAL_IP6, STRINGPOINT, 223),
 
   /* Set authentication options directly */
-  CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224),
+  CINIT(LOGIN_OPTIONS, STRINGPOINT, 224),
 
   /* Enable/disable TLS NPN extension (http2 over ssl might fail without) */
   CINIT(SSL_ENABLE_NPN, LONG, 225),
@@ -1622,10 +1639,10 @@ typedef enum {
 
   /* The public key in DER form used to validate the peer public key
      this option is used only if SSL_VERIFYPEER is true */
-  CINIT(PINNEDPUBLICKEY, OBJECTPOINT, 230),
+  CINIT(PINNEDPUBLICKEY, STRINGPOINT, 230),
 
   /* Path to Unix domain socket */
-  CINIT(UNIX_SOCKET_PATH, OBJECTPOINT, 231),
+  CINIT(UNIX_SOCKET_PATH, STRINGPOINT, 231),
 
   /* Set if we should verify the certificate status. */
   CINIT(SSL_VERIFYSTATUS, LONG, 232),
@@ -1637,16 +1654,89 @@ typedef enum {
   CINIT(PATH_AS_IS, LONG, 234),
 
   /* Proxy Service Name */
-  CINIT(PROXY_SERVICE_NAME, OBJECTPOINT, 235),
+  CINIT(PROXY_SERVICE_NAME, STRINGPOINT, 235),
 
   /* Service Name */
-  CINIT(SERVICE_NAME, OBJECTPOINT, 236),
+  CINIT(SERVICE_NAME, STRINGPOINT, 236),
 
   /* Wait/don't wait for pipe/mutex to clarify */
   CINIT(PIPEWAIT, LONG, 237),
 
   /* Set the protocol used when curl is given a URL without a protocol */
-  CINIT(DEFAULT_PROTOCOL, OBJECTPOINT, 238),
+  CINIT(DEFAULT_PROTOCOL, STRINGPOINT, 238),
+
+  /* Set stream weight, 1 - 256 (default is 16) */
+  CINIT(STREAM_WEIGHT, LONG, 239),
+
+  /* Set stream dependency on another CURL handle */
+  CINIT(STREAM_DEPENDS, OBJECTPOINT, 240),
+
+  /* Set E-xclusive stream dependency on another CURL handle */
+  CINIT(STREAM_DEPENDS_E, OBJECTPOINT, 241),
+
+  /* The CApath or CAfile used to validate the proxy certificate
+     this option is used only if PROXY_SSL_VERIFYPEER is true */
+  CINIT(PROXY_CAINFO, STRINGPOINT, 242),
+
+  /* The CApath directory used to validate the proxy certificate
+     this option is used only if PROXY_SSL_VERIFYPEER is true */
+  CINIT(PROXY_CAPATH, STRINGPOINT, 243),
+
+  /* Set if we should verify the proxy in ssl handshake,
+     set 1 to verify. */
+  CINIT(PROXY_SSL_VERIFYPEER, LONG, 244),
+
+  /* Set if we should verify the Common name from the proxy certificate in ssl
+   * handshake, set 1 to check existence, 2 to ensure that it matches
+   * the provided hostname. */
+  CINIT(PROXY_SSL_VERIFYHOST, LONG, 245),
+
+  /* What version to specifically try to use for proxy.
+     See CURL_SSLVERSION defines below. */
+  CINIT(PROXY_SSLVERSION, LONG, 246),
+
+  /* Set a username for authenticated TLS for proxy */
+  CINIT(PROXY_TLSAUTH_USERNAME, STRINGPOINT, 247),
+
+  /* Set a password for authenticated TLS for proxy */
+  CINIT(PROXY_TLSAUTH_PASSWORD, STRINGPOINT, 248),
+
+  /* Set authentication type for authenticated TLS for proxy */
+  CINIT(PROXY_TLSAUTH_TYPE, STRINGPOINT, 249),
+
+  /* name of the file keeping your private SSL-certificate for proxy */
+  CINIT(PROXY_SSLCERT, STRINGPOINT, 250),
+
+  /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") for
+     proxy */
+  CINIT(PROXY_SSLCERTTYPE, STRINGPOINT, 251),
+
+  /* name of the file keeping your private SSL-key for proxy */
+  CINIT(PROXY_SSLKEY, STRINGPOINT, 252),
+
+  /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") for
+     proxy */
+  CINIT(PROXY_SSLKEYTYPE, STRINGPOINT, 253),
+
+  /* password for the SSL private key for proxy */
+  CINIT(PROXY_KEYPASSWD, STRINGPOINT, 254),
+
+  /* Specify which SSL ciphers to use for proxy */
+  CINIT(PROXY_SSL_CIPHER_LIST, STRINGPOINT, 255),
+
+  /* CRL file for proxy */
+  CINIT(PROXY_CRLFILE, STRINGPOINT, 256),
+
+  /* Enable/disable specific SSL features with a bitmask for proxy, see
+     CURLSSLOPT_* */
+  CINIT(PROXY_SSL_OPTIONS, LONG, 257),
+
+  /* Name of socks proxy to use. */
+  CINIT(SOCKS_PROXY, STRINGPOINT, 258),
+
+  /* indicates type of proxy. accepted values are CURLPROXY_SOCKS4,
+     CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5. */
+  CINIT(SOCKS_PROXYTYPE, LONG, 259),
 
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
@@ -1822,6 +1912,7 @@ typedef enum {
   CFINIT(OBSOLETE2),
 
   CFINIT(STREAM),
+  CFINIT(CONTENTLEN), /* added in 7.46.0, provide a curl_off_t length */
 
   CURLFORM_LASTENTRY /* the last unused */
 } CURLformoption;
@@ -2076,7 +2167,8 @@ typedef enum {
   CURLSSLBACKEND_CYASSL = 7,
   CURLSSLBACKEND_SCHANNEL = 8,
   CURLSSLBACKEND_DARWINSSL = 9,
-  CURLSSLBACKEND_AXTLS = 10
+  CURLSSLBACKEND_AXTLS = 10,
+  CURLSSLBACKEND_MBEDTLS = 11
 } curl_sslbackend;
 
 /* Information about the SSL library used and the respective internal SSL
@@ -2141,9 +2233,10 @@ typedef enum {
   CURLINFO_LOCAL_PORT       = CURLINFO_LONG   + 42,
   CURLINFO_TLS_SESSION      = CURLINFO_SLIST  + 43,
   CURLINFO_ACTIVESOCKET     = CURLINFO_SOCKET + 44,
+  CURLINFO_PROXY_SSL_VERIFYRESULT = CURLINFO_LONG + 45,
   /* Fill in new entries below here! */
 
-  CURLINFO_LASTONE          = 44
+  CURLINFO_LASTONE          = 45
 } CURLINFO;
 
 /* CURLINFO_RESPONSE_CODE is the new name for the option previously known as

include/curl/curlbuild.h.dist

@@ -528,7 +528,8 @@
 
 #elif defined(__GNUC__)
 #  if defined(__ILP32__) || \
-      defined(__i386__) || defined(__ppc__) || defined(__arm__) || defined(__sparc__)
+      defined(__i386__) || defined(__ppc__) || defined(__arm__) || \
+      defined(__sparc__) || defined(__mips__) || defined(__sh__)
 #    define CURL_SIZEOF_LONG           4
 #    define CURL_TYPEOF_CURL_OFF_T     long long
 #    define CURL_FORMAT_CURL_OFF_T     "lld"

include/curl/curlver.h

@@ -30,12 +30,12 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.45.0-DEV"
+#define LIBCURL_VERSION "7.46.0-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 45
+#define LIBCURL_VERSION_MINOR 46
 #define LIBCURL_VERSION_PATCH 0
 
 /* This is the numeric version of the libcurl version number, meant for easier
@@ -57,7 +57,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x072D00
+#define LIBCURL_VERSION_NUM 0x072E00
 
 /*
  * This is the date and time when the full source package was created. The

include/curl/typecheck-gcc.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -218,60 +218,67 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
 
 /* evaluates to true if option takes a char* argument */
 #define _curl_is_string_option(option)                                        \
-  ((option) == CURLOPT_URL ||                                                 \
-   (option) == CURLOPT_PROXY ||                                               \
-   (option) == CURLOPT_INTERFACE ||                                           \
-   (option) == CURLOPT_NETRC_FILE ||                                          \
-   (option) == CURLOPT_USERPWD ||                                             \
-   (option) == CURLOPT_USERNAME ||                                            \
-   (option) == CURLOPT_PASSWORD ||                                            \
-   (option) == CURLOPT_PROXYUSERPWD ||                                        \
-   (option) == CURLOPT_PROXYUSERNAME ||                                       \
-   (option) == CURLOPT_PROXYPASSWORD ||                                       \
-   (option) == CURLOPT_NOPROXY ||                                             \
-   (option) == CURLOPT_ACCEPT_ENCODING ||                                     \
-   (option) == CURLOPT_REFERER ||                                             \
-   (option) == CURLOPT_USERAGENT ||                                           \
+  ((option) == CURLOPT_ACCEPT_ENCODING ||                                     \
+   (option) == CURLOPT_CAINFO ||                                              \
+   (option) == CURLOPT_CAPATH ||                                              \
    (option) == CURLOPT_COOKIE ||                                              \
    (option) == CURLOPT_COOKIEFILE ||                                          \
    (option) == CURLOPT_COOKIEJAR ||                                           \
    (option) == CURLOPT_COOKIELIST ||                                          \
-   (option) == CURLOPT_FTPPORT ||                                             \
-   (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER ||                             \
-   (option) == CURLOPT_FTP_ACCOUNT ||                                         \
-   (option) == CURLOPT_RANGE ||                                               \
-   (option) == CURLOPT_CUSTOMREQUEST ||                                       \
-   (option) == CURLOPT_SSLCERT ||                                             \
-   (option) == CURLOPT_SSLCERTTYPE ||                                         \
-   (option) == CURLOPT_SSLKEY ||                                              \
-   (option) == CURLOPT_SSLKEYTYPE ||                                          \
-   (option) == CURLOPT_KEYPASSWD ||                                           \
-   (option) == CURLOPT_SSLENGINE ||                                           \
-   (option) == CURLOPT_CAINFO ||                                              \
-   (option) == CURLOPT_CAPATH ||                                              \
-   (option) == CURLOPT_RANDOM_FILE ||                                         \
-   (option) == CURLOPT_EGDSOCKET ||                                           \
-   (option) == CURLOPT_SSL_CIPHER_LIST ||                                     \
-   (option) == CURLOPT_KRBLEVEL ||                                            \
-   (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 ||                             \
-   (option) == CURLOPT_SSH_PUBLIC_KEYFILE ||                                  \
-   (option) == CURLOPT_SSH_PRIVATE_KEYFILE ||                                 \
    (option) == CURLOPT_CRLFILE ||                                             \
-   (option) == CURLOPT_ISSUERCERT ||                                          \
-   (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE ||                               \
-   (option) == CURLOPT_SSH_KNOWNHOSTS ||                                      \
-   (option) == CURLOPT_MAIL_FROM ||                                           \
-   (option) == CURLOPT_RTSP_SESSION_ID ||                                     \
-   (option) == CURLOPT_RTSP_STREAM_URI ||                                     \
-   (option) == CURLOPT_RTSP_TRANSPORT ||                                      \
-   (option) == CURLOPT_XOAUTH2_BEARER ||                                      \
-   (option) == CURLOPT_DNS_SERVERS ||                                         \
+   (option) == CURLOPT_CUSTOMREQUEST ||                                       \
+   (option) == CURLOPT_DEFAULT_PROTOCOL ||                                    \
    (option) == CURLOPT_DNS_INTERFACE ||                                       \
    (option) == CURLOPT_DNS_LOCAL_IP4 ||                                       \
    (option) == CURLOPT_DNS_LOCAL_IP6 ||                                       \
+   (option) == CURLOPT_DNS_SERVERS ||                                         \
+   (option) == CURLOPT_EGDSOCKET ||                                           \
+   (option) == CURLOPT_FTPPORT ||                                             \
+   (option) == CURLOPT_FTP_ACCOUNT ||                                         \
+   (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER ||                             \
+   (option) == CURLOPT_INTERFACE ||                                           \
+   (option) == CURLOPT_ISSUERCERT ||                                          \
+   (option) == CURLOPT_KEYPASSWD ||                                           \
+   (option) == CURLOPT_KRBLEVEL ||                                            \
    (option) == CURLOPT_LOGIN_OPTIONS ||                                       \
+   (option) == CURLOPT_MAIL_AUTH ||                                           \
+   (option) == CURLOPT_MAIL_FROM ||                                           \
+   (option) == CURLOPT_NETRC_FILE ||                                          \
+   (option) == CURLOPT_NOPROXY ||                                             \
+   (option) == CURLOPT_PASSWORD ||                                            \
+   (option) == CURLOPT_PINNEDPUBLICKEY ||                                     \
+   (option) == CURLOPT_PROXY ||                                               \
+   (option) == CURLOPT_PROXYPASSWORD ||                                       \
+   (option) == CURLOPT_PROXYUSERNAME ||                                       \
+   (option) == CURLOPT_PROXYUSERPWD ||                                        \
    (option) == CURLOPT_PROXY_SERVICE_NAME ||                                  \
+   (option) == CURLOPT_RANDOM_FILE ||                                         \
+   (option) == CURLOPT_RANGE ||                                               \
+   (option) == CURLOPT_REFERER ||                                             \
+   (option) == CURLOPT_RTSP_SESSION_ID ||                                     \
+   (option) == CURLOPT_RTSP_STREAM_URI ||                                     \
+   (option) == CURLOPT_RTSP_TRANSPORT ||                                      \
    (option) == CURLOPT_SERVICE_NAME ||                                        \
+   (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE ||                               \
+   (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 ||                             \
+   (option) == CURLOPT_SSH_KNOWNHOSTS ||                                      \
+   (option) == CURLOPT_SSH_PRIVATE_KEYFILE ||                                 \
+   (option) == CURLOPT_SSH_PUBLIC_KEYFILE ||                                  \
+   (option) == CURLOPT_SSLCERT ||                                             \
+   (option) == CURLOPT_SSLCERTTYPE ||                                         \
+   (option) == CURLOPT_SSLENGINE ||                                           \
+   (option) == CURLOPT_SSLKEY ||                                              \
+   (option) == CURLOPT_SSLKEYTYPE ||                                          \
+   (option) == CURLOPT_SSL_CIPHER_LIST ||                                     \
+   (option) == CURLOPT_TLSAUTH_PASSWORD ||                                    \
+   (option) == CURLOPT_TLSAUTH_TYPE ||                                        \
+   (option) == CURLOPT_TLSAUTH_USERNAME ||                                    \
+   (option) == CURLOPT_UNIX_SOCKET_PATH ||                                    \
+   (option) == CURLOPT_URL ||                                                 \
+   (option) == CURLOPT_USERAGENT ||                                           \
+   (option) == CURLOPT_USERNAME ||                                            \
+   (option) == CURLOPT_USERPWD ||                                             \
+   (option) == CURLOPT_XOAUTH2_BEARER ||                                      \
    0)
 
 /* evaluates to true if option takes a curl_write_callback argument */
@@ -287,21 +294,22 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
 
 /* evaluates to true if option takes a data argument to pass to a callback */
 #define _curl_is_cb_data_option(option)                                       \
-  ((option) == CURLOPT_WRITEDATA ||                                           \
-   (option) == CURLOPT_READDATA ||                                            \
-   (option) == CURLOPT_IOCTLDATA ||                                           \
-   (option) == CURLOPT_SOCKOPTDATA ||                                         \
-   (option) == CURLOPT_OPENSOCKETDATA ||                                      \
-   (option) == CURLOPT_PROGRESSDATA ||                                        \
-   (option) == CURLOPT_HEADERDATA ||                                         \
+  ((option) == CURLOPT_CHUNK_DATA ||                                          \
+   (option) == CURLOPT_CLOSESOCKETDATA ||                                     \
    (option) == CURLOPT_DEBUGDATA ||                                           \
-   (option) == CURLOPT_SSL_CTX_DATA ||                                        \
-   (option) == CURLOPT_SEEKDATA ||                                            \
-   (option) == CURLOPT_PRIVATE ||                                             \
-   (option) == CURLOPT_SSH_KEYDATA ||                                         \
-   (option) == CURLOPT_INTERLEAVEDATA ||                                      \
-   (option) == CURLOPT_CHUNK_DATA ||                                          \
    (option) == CURLOPT_FNMATCH_DATA ||                                        \
+   (option) == CURLOPT_HEADERDATA ||                                          \
+   (option) == CURLOPT_INTERLEAVEDATA ||                                      \
+   (option) == CURLOPT_IOCTLDATA ||                                           \
+   (option) == CURLOPT_OPENSOCKETDATA ||                                      \
+   (option) == CURLOPT_PRIVATE ||                                             \
+   (option) == CURLOPT_PROGRESSDATA ||                                        \
+   (option) == CURLOPT_READDATA ||                                            \
+   (option) == CURLOPT_SEEKDATA ||                                            \
+   (option) == CURLOPT_SOCKOPTDATA ||                                         \
+   (option) == CURLOPT_SSH_KEYDATA ||                                         \
+   (option) == CURLOPT_SSL_CTX_DATA ||                                        \
+   (option) == CURLOPT_WRITEDATA ||                                           \
    0)
 
 /* evaluates to true if option takes a POST data argument (void* or char*) */
@@ -312,13 +320,15 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
 
 /* evaluates to true if option takes a struct curl_slist * argument */
 #define _curl_is_slist_option(option)                                         \
-  ((option) == CURLOPT_HTTPHEADER ||                                          \
-   (option) == CURLOPT_HTTP200ALIASES ||                                      \
-   (option) == CURLOPT_QUOTE ||                                               \
+  ((option) == CURLOPT_HTTP200ALIASES ||                                      \
+   (option) == CURLOPT_HTTPHEADER ||                                          \
+   (option) == CURLOPT_MAIL_RCPT ||                                           \
    (option) == CURLOPT_POSTQUOTE ||                                           \
    (option) == CURLOPT_PREQUOTE ||                                            \
+   (option) == CURLOPT_PROXYHEADER ||                                         \
+   (option) == CURLOPT_QUOTE ||                                               \
+   (option) == CURLOPT_RESOLVE ||                                             \
    (option) == CURLOPT_TELNETOPTIONS ||                                       \
-   (option) == CURLOPT_MAIL_RCPT ||                                           \
    0)
 
 /* groups of curl_easy_getinfo infos that take the same type of argument */

lib/Makefile.Watcom

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2005 - 2009, Gisle Vanem <gvanem@broadpark.no>.
+# Copyright (C) 2005 - 2009, Gisle Vanem <gvanem@yahoo.no>.
 # Copyright (C) 2005 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which

lib/Makefile.inc

@@ -22,11 +22,13 @@
 
 LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c     \
   vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c               \
-  vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c
+  vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c           \
+  vtls/mbedtls.c
 
 LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h                \
   vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h   \
-  vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h
+  vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h           \
+  vtls/mbedtls.h
 
 LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c   \
   cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c       \

lib/asyn-ares.c

@@ -416,7 +416,6 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
   if(result)
     /* close the connection, since we can't return failure here without
        cleaning up this connection properly.
-       TODO: remove this action from here, it is not a name resolver decision.
     */
     connclose(conn, "c-ares resolve failed");
 

lib/checksrc.pl

@@ -143,6 +143,11 @@ sub scanfile {
             checkwarn($line, length($1), $file, $l, "Trailing whitespace");
         }
 
+        # crude attempt to detect // comments without too many false
+        # positives
+        if($l =~ /^([^"\*]*)[^:"]\/\//) {
+            checkwarn($line, length($1), $file, $l, "\/\/ comment");
+        }
         # check spaces after for/if/while
         if($l =~ /^(.*)(for|if|while) \(/) {
             if($1 =~ / *\#/) {

lib/checksrc.whitelist

@@ -8,3 +8,5 @@
     return fopen(file, "r"); /* VMS */
     return fopen(file, "r", "rfm=stmlf", "ctx=stm");
     curl_memlog("FILE %s:%d fopen(\"%s\",\"%s\") = %p\n",
+           a URL as file://localhost//foo must be valid as well, to refer to
+  const char atom_specials[] = "(){ %*]";

lib/conncache.c

@@ -133,7 +133,9 @@ void Curl_conncache_destroy(struct conncache *connc)
 static char *hashkey(struct connectdata *conn)
 {
   return aprintf("%s:%d",
-                 conn->bits.proxy?conn->proxy.name:conn->host.name,
+                 conn->bits.socksproxy ? conn->socks_proxy.host.name :
+                 conn->bits.httpproxy ? conn->http_proxy.host.name :
+                 conn->host.name,
                  conn->localport);
 }
 

lib/connect.c

@@ -850,7 +850,8 @@ CURLcode Curl_is_connected(struct connectdata *conn,
     }
 
     failf(data, "Failed to connect to %s port %ld: %s",
-          conn->bits.proxy?conn->proxy.name:conn->host.name,
+          conn->bits.socksproxy ? conn->socks_proxy.host.name :
+          conn->bits.httpproxy ? conn->http_proxy.host.name : conn->host.name,
           conn->port, Curl_strerror(conn, error));
   }
 
@@ -1242,10 +1243,10 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
     }
 /* Minix 3.1 doesn't support any flags on recv; just assume socket is OK */
 #ifdef MSG_PEEK
-    else {
+    else if(sockfd != CURL_SOCKET_BAD) {
       /* use the socket */
       char buf;
-      if(recv((RECV_TYPE_ARG1)c->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
+      if(recv((RECV_TYPE_ARG1)sockfd, (RECV_TYPE_ARG2)&buf,
               (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
         return CURL_SOCKET_BAD;   /* FIN received */
       }

lib/cookie.c

@@ -84,6 +84,10 @@ Example set of cookies:
 
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
 
+#ifdef USE_LIBPSL
+# include <libpsl.h>
+#endif
+
 #include "curl_printf.h"
 #include "urldata.h"
 #include "cookie.h"
@@ -379,6 +383,10 @@ Curl_cookie_add(struct SessionHandle *data,
   bool replace_old = FALSE;
   bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */
 
+#ifdef USE_LIBPSL
+  const psl_ctx_t *psl;
+#endif
+
 #ifdef CURL_DISABLE_VERBOSE_STRINGS
   (void)data;
 #endif
@@ -777,6 +785,19 @@ Curl_cookie_add(struct SessionHandle *data,
   /* at first, remove expired cookies */
   remove_expired(c);
 
+#ifdef USE_LIBPSL
+  /* Check if the domain is a Public Suffix and if yes, ignore the cookie.
+     This needs a libpsl compiled with builtin data. */
+  if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) {
+    if(psl_is_public_suffix(psl, co->domain)) {
+      infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n",
+            co->name, co->domain);
+      freecookie(co);
+      return NULL;
+    }
+  }
+#endif
+
   clist = c->cookies;
   replace_old = FALSE;
   while(clist) {

lib/curl_config.h.cmake

@@ -24,6 +24,12 @@
 /* to disable FTP */
 #cmakedefine CURL_DISABLE_FTP 1
 
+/* to disable GOPHER */
+#cmakedefine CURL_DISABLE_GOPHER 1
+
+/* to disable IMAP */
+#cmakedefine CURL_DISABLE_IMAP 1
+
 /* to disable HTTP */
 #cmakedefine CURL_DISABLE_HTTP 1
 
@@ -33,9 +39,24 @@
 /* to disable LDAPS */
 #cmakedefine CURL_DISABLE_LDAPS 1
 
+/* to disable POP3 */
+#cmakedefine CURL_DISABLE_POP3 1
+
 /* to disable proxies */
 #cmakedefine CURL_DISABLE_PROXY 1
 
+/* to disable RTSP */
+#cmakedefine CURL_DISABLE_RTSP 1
+
+/* to disable RTMP */
+#cmakedefine CURL_DISABLE_RTMP 1
+
+/* to disable SMB */
+#cmakedefine CURL_DISABLE_SMB 1
+
+/* to disable SMTP */
+#cmakedefine CURL_DISABLE_SMTP 1
+
 /* to disable TELNET */
 #cmakedefine CURL_DISABLE_TELNET 1
 

lib/curl_des.h

@@ -24,7 +24,7 @@
 
 #include "curl_setup.h"
 
-#if defined(USE_NTLM) && (!defined(USE_OPENSSL) || defined(HAVE_BORINGSSL))
+#if defined(USE_NTLM) && !defined(HAVE_DES_SET_ODD_PARITY)
 
 /* Applies odd parity to the given byte array */
 void Curl_des_set_odd_parity(unsigned char *bytes, size_t length);

lib/curl_memory.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@
  *
  * File lib/strdup.c is an exception, given that it provides a strdup
  * clone implementation while using malloc. Extra care needed inside
- * this one. TODO: revisit this paragraph and related code.
+ * this one.
  *
  * The need for curl_memory.h inclusion is due to libcurl's feature
  * of allowing library user to provide memory replacement functions,

lib/curl_ntlm.c

@@ -137,8 +137,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
 
   if(proxy) {
     allocuserpwd = &conn->allocptr.proxyuserpwd;
-    userp = conn->proxyuser;
-    passwdp = conn->proxypasswd;
+    userp = conn->http_proxy.user;
+    passwdp = conn->http_proxy.passwd;
     ntlm = &conn->proxyntlm;
     authp = &conn->data->state.authproxy;
   }

lib/curl_ntlm_core.c

@@ -664,21 +664,22 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
   unsigned int len = 0;
   unsigned char *ptr = NULL;
   unsigned char hmac_output[NTLM_HMAC_MD5_LEN];
-#if defined(HAVE_LONGLONG)
-  long long tw;
-#else
-  __int64 tw;
-#endif
+  curl_off_t tw;
+
   CURLcode result = CURLE_OK;
 
+#if CURL_SIZEOF_CURL_OFF_T < 8
+#error "this section needs 64bit support to work"
+#endif
+
   /* Calculate the timestamp */
 #ifdef DEBUGBUILD
   char *force_timestamp = getenv("CURL_FORCETIME");
   if(force_timestamp)
-    tw = 11644473600ULL * 10000000ULL;
+    tw = CURL_OFF_T_C(11644473600) * 10000000;
   else
 #endif
-  tw = ((long long)time(NULL) + 11644473600ULL) * 10000000ULL;
+    tw = ((curl_off_t)time(NULL) + CURL_OFF_T_C(11644473600)) * 10000000;
 
   /* Calculate the response len */
   len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN;

lib/curl_ntlm_wb.c

@@ -350,7 +350,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
 
   if(proxy) {
     allocuserpwd = &conn->allocptr.proxyuserpwd;
-    userp = conn->proxyuser;
+    userp = conn->http_proxy.user;
     ntlm = &conn->proxyntlm;
     authp = &conn->data->state.authproxy;
   }

lib/curl_sasl.c

@@ -24,6 +24,7 @@
  * RFC4422 Simple Authentication and Security Layer (SASL)
  * RFC4616 PLAIN authentication
  * RFC6749 OAuth 2.0 Authorization Framework
+ * RFC7628 A Set of SASL Mechanisms for OAuth
  * Draft   LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
  *
  ***************************************************************************/
@@ -64,6 +65,7 @@ const struct {
   { "EXTERNAL",     8,  SASL_MECH_EXTERNAL },
   { "NTLM",         4,  SASL_MECH_NTLM },
   { "XOAUTH2",      7,  SASL_MECH_XOAUTH2 },
+  { "OAUTHBEARER",  11, SASL_MECH_OAUTHBEARER },
   { ZERO_NULL,      0,  0 }
 };
 
@@ -1153,7 +1155,7 @@ void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm)
 #endif /* USE_NTLM && !USE_WINDOWS_SSPI*/
 
 /*
- * sasl_create_xoauth2_message()
+ * sasl_create_oauth_bearer_message()
  *
  * This is used to generate an already encoded OAuth 2.0 message ready for
  * sending to the recipient.
@@ -1162,6 +1164,8 @@ void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm)
  *
  * data    [in]     - The session handle.
  * user    [in]     - The user name.
+ * host    [in]     - The host name (for OAUTHBEARER).
+ * port    [in]     - The port (for OAUTHBEARER when not Port 80).
  * bearer  [in]     - The bearer token.
  * outptr  [in/out] - The address where a pointer to newly allocated memory
  *                    holding the result will be stored upon completion.
@@ -1169,23 +1173,32 @@ void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm)
  *
  * Returns CURLE_OK on success.
  */
-static CURLcode sasl_create_xoauth2_message(struct SessionHandle *data,
+static CURLcode sasl_create_oauth_bearer_message(struct SessionHandle *data,
                                                  const char *user,
+                                                 const char *host,
+                                                 const long port,
                                                  const char *bearer,
                                                  char **outptr, size_t *outlen)
 {
   CURLcode result = CURLE_OK;
-  char *xoauth = NULL;
+  char *oauth = NULL;
 
   /* Generate the message */
-  xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
-  if(!xoauth)
+  if(host == NULL && (port == 0 || port == 80))
+    oauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
+  else if(port == 0 || port == 80)
+    oauth = aprintf("user=%s\1host=%s\1auth=Bearer %s\1\1", user, host,
+                    bearer);
+  else
+    oauth = aprintf("user=%s\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user,
+                    host, port, bearer);
+  if(!oauth)
     return CURLE_OUT_OF_MEMORY;
 
   /* Base64 encode the reply */
-  result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen);
+  result = Curl_base64_encode(data, oauth, strlen(oauth), outptr, outlen);
 
-  free(xoauth);
+  free(oauth);
 
   return result;
 }
@@ -1332,7 +1345,8 @@ static void state(struct SASL *sasl, struct connectdata *conn,
     "GSSAPI",
     "GSSAPI_TOKEN",
     "GSSAPI_NO_DATA",
-    "XOAUTH2",
+    "OAUTH2",
+    "OAUTH2_RESP",
     "CANCEL",
     "FINAL",
     /* LAST */
@@ -1443,14 +1457,28 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
       }
     else
 #endif
-    if((enabledmechs & SASL_MECH_XOAUTH2) || conn->xoauth2_bearer) {
+    if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) {
+      mech = SASL_MECH_STRING_OAUTHBEARER;
+      state1 = SASL_OAUTH2;
+      state2 = SASL_OAUTH2_RESP;
+      sasl->authused = SASL_MECH_OAUTHBEARER;
+
+      if(force_ir || data->set.sasl_ir)
+        result = sasl_create_oauth_bearer_message(data, conn->user,
+                                                  conn->host.name,
+                                                  conn->port,
+                                                  conn->oauth_bearer,
+                                                  &resp, &len);
+    }
+    else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
       mech = SASL_MECH_STRING_XOAUTH2;
-      state1 = SASL_XOAUTH2;
+      state1 = SASL_OAUTH2;
       sasl->authused = SASL_MECH_XOAUTH2;
 
       if(force_ir || data->set.sasl_ir)
-        result = sasl_create_xoauth2_message(data, conn->user,
-                                             conn->xoauth2_bearer,
+        result = sasl_create_oauth_bearer_message(data, conn->user,
+                                                  NULL, 0,
+                                                  conn->oauth_bearer,
                                                   &resp, &len);
     }
     else if(enabledmechs & SASL_MECH_LOGIN) {
@@ -1523,7 +1551,8 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
     return result;
   }
 
-  if(sasl->state != SASL_CANCEL && code != sasl->params->contcode) {
+  if(sasl->state != SASL_CANCEL && sasl->state != SASL_OAUTH2_RESP &&
+     code != sasl->params->contcode) {
     *progress = SASL_DONE;
     state(sasl, conn, SASL_STOP);
     return CURLE_LOGIN_DENIED;
@@ -1626,11 +1655,47 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
     break;
 #endif
 
-  case SASL_XOAUTH2:
+  case SASL_OAUTH2:
     /* Create the authorisation message */
-    result = sasl_create_xoauth2_message(data, conn->user,
-                                         conn->xoauth2_bearer, &resp, &len);
+    if(sasl->authused == SASL_MECH_OAUTHBEARER) {
+      result = sasl_create_oauth_bearer_message(data, conn->user,
+                                                conn->host.name,
+                                                conn->port,
+                                                conn->oauth_bearer,
+                                                &resp, &len);
+
+      /* Failures maybe sent by the server as continuations for OAUTHBEARER */
+      newstate = SASL_OAUTH2_RESP;
+    }
+    else
+      result = sasl_create_oauth_bearer_message(data, conn->user,
+                                                NULL, 0,
+                                                conn->oauth_bearer,
+                                                &resp, &len);
     break;
+
+  case SASL_OAUTH2_RESP:
+    /* The continuation is optional so check the response code */
+    if(code == sasl->params->finalcode) {
+      /* Final response was received so we are done */
+      *progress = SASL_DONE;
+      state(sasl, conn, SASL_STOP);
+      return result;
+    }
+    else if(code == sasl->params->contcode) {
+      /* Acknowledge the continuation by sending a 0x01 response base64
+         encoded */
+      resp = strdup("AQ==");
+      if(!resp)
+        result = CURLE_OUT_OF_MEMORY;
+      break;
+    }
+    else {
+      *progress = SASL_DONE;
+      state(sasl, conn, SASL_STOP);
+      return CURLE_LOGIN_DENIED;
+    }
+
   case SASL_CANCEL:
     /* Remove the offending mechanism from the supported list */
     sasl->authmechs ^= sasl->authused;

lib/curl_sasl.h

@@ -48,12 +48,12 @@ struct kerberos5data;
 #define SASL_MECH_EXTERNAL          (1 << 5)
 #define SASL_MECH_NTLM              (1 << 6)
 #define SASL_MECH_XOAUTH2           (1 << 7)
+#define SASL_MECH_OAUTHBEARER       (1 << 8)
 
 /* Authentication mechanism values */
 #define SASL_AUTH_NONE          0
 #define SASL_AUTH_ANY           ~0U
-#define SASL_AUTH_DEFAULT       (SASL_AUTH_ANY & \
-                                 ~(SASL_MECH_EXTERNAL | SASL_MECH_XOAUTH2))
+#define SASL_AUTH_DEFAULT       (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
 
 /* Authentication mechanism strings */
 #define SASL_MECH_STRING_LOGIN        "LOGIN"
@@ -64,6 +64,7 @@ struct kerberos5data;
 #define SASL_MECH_STRING_EXTERNAL     "EXTERNAL"
 #define SASL_MECH_STRING_NTLM         "NTLM"
 #define SASL_MECH_STRING_XOAUTH2      "XOAUTH2"
+#define SASL_MECH_STRING_OAUTHBEARER  "OAUTHBEARER"
 
 #if !defined(CURL_DISABLE_CRYPTO_AUTH)
 #define DIGEST_MAX_VALUE_LENGTH           256
@@ -90,7 +91,8 @@ typedef enum {
   SASL_GSSAPI,
   SASL_GSSAPI_TOKEN,
   SASL_GSSAPI_NO_DATA,
-  SASL_XOAUTH2,
+  SASL_OAUTH2,
+  SASL_OAUTH2_RESP,
   SASL_CANCEL,
   SASL_FINAL
 } saslstate;

lib/curl_sasl_sspi.c

@@ -418,6 +418,7 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
   SECURITY_STATUS status;
   unsigned long attrs;
   TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+  TCHAR *spn;
 
   (void) data;
 
@@ -462,6 +463,7 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
                                               p_identity, NULL, NULL,
                                               &credentials, &expiry);
   if(status != SEC_E_OK) {
+    Curl_sspi_free_identity(p_identity);
     free(output_token);
 
     return CURLE_LOGIN_DENIED;
@@ -489,12 +491,21 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
   resp_buf.pvBuffer   = output_token;
   resp_buf.cbBuffer   = curlx_uztoul(token_max);
 
+  spn = Curl_convert_UTF8_to_tchar((char *) uripath);
+  if(!spn) {
+    Curl_sspi_free_identity(p_identity);
+    free(output_token);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
   /* Generate our reponse message */
   status = s_pSecFn->InitializeSecurityContext(&credentials, NULL,
-                                               (TCHAR *) uripath,
+                                               spn,
                                                ISC_REQ_USE_HTTP_STYLE, 0, 0,
                                                &chlg_desc, 0, &context,
                                                &resp_desc, &attrs, &expiry);
+  Curl_unicodefree(spn);
 
   if(status == SEC_I_COMPLETE_NEEDED ||
      status == SEC_I_COMPLETE_AND_CONTINUE)
@@ -502,6 +513,7 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
   else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
     s_pSecFn->FreeCredentialsHandle(&credentials);
 
+    Curl_sspi_free_identity(p_identity);
     free(output_token);
 
     return CURLE_OUT_OF_MEMORY;
@@ -512,6 +524,7 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
     s_pSecFn->DeleteSecurityContext(&context);
     s_pSecFn->FreeCredentialsHandle(&credentials);
 
+    Curl_sspi_free_identity(p_identity);
     free(output_token);
 
     return CURLE_OUT_OF_MEMORY;

lib/curl_setup.h

@@ -181,9 +181,6 @@
 #  ifndef CURL_DISABLE_SMTP
 #    define CURL_DISABLE_SMTP
 #  endif
-#  ifndef CURL_DISABLE_RTSP
-#    define CURL_DISABLE_RTSP
-#  endif
 #  ifndef CURL_DISABLE_RTMP
 #    define CURL_DISABLE_RTMP
 #  endif
@@ -605,7 +602,7 @@ int netware_init(void);
 #define LIBIDN_REQUIRED_VERSION "0.4.1"
 
 #if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \
-    defined(USE_POLARSSL) || defined(USE_AXTLS) || \
+    defined(USE_POLARSSL) || defined(USE_AXTLS) || defined(USE_MBEDTLS) || \
     defined(USE_CYASSL) || defined(USE_SCHANNEL) || \
     defined(USE_DARWINSSL) || defined(USE_GSKIT)
 #define USE_SSL    /* SSL support has been enabled */

lib/easy.c

@@ -220,11 +220,12 @@ curl_calloc_callback Curl_ccalloc;
  * curl_global_init() globally initializes cURL given a bitwise set of the
  * different features of what to initialize.
  */
-CURLcode curl_global_init(long flags)
+static CURLcode global_init(long flags, bool memoryfuncs)
 {
   if(initialized++)
     return CURLE_OK;
 
+  if(memoryfuncs) {
     /* Setup the default memory functions here (again) */
     Curl_cmalloc = (curl_malloc_callback)malloc;
     Curl_cfree = (curl_free_callback)free;
@@ -234,6 +235,7 @@ CURLcode curl_global_init(long flags)
 #if defined(WIN32) && defined(UNICODE)
     Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup;
 #endif
+  }
 
   if(flags & CURL_GLOBAL_SSL)
     if(!Curl_ssl_init()) {
@@ -284,6 +286,16 @@ CURLcode curl_global_init(long flags)
   return CURLE_OK;
 }
 
+
+/**
+ * curl_global_init() globally initializes cURL given a bitwise set of the
+ * different features of what to initialize.
+ */
+CURLcode curl_global_init(long flags)
+{
+  return global_init(flags, TRUE);
+}
+
 /*
  * curl_global_init_mem() globally initializes cURL and also registers the
  * user provided callback routines.
@@ -292,8 +304,6 @@ CURLcode curl_global_init_mem(long flags, curl_malloc_callback m,
                               curl_free_callback f, curl_realloc_callback r,
                               curl_strdup_callback s, curl_calloc_callback c)
 {
-  CURLcode result = CURLE_OK;
-
   /* Invalid input, return immediately */
   if(!m || !f || !r || !s || !c)
     return CURLE_FAILED_INIT;
@@ -306,17 +316,16 @@ CURLcode curl_global_init_mem(long flags, curl_malloc_callback m,
     return CURLE_OK;
   }
 
-  /* Call the actual init function first */
-  result = curl_global_init(flags);
-  if(!result) {
+  /* set memory functions before global_init() in case it wants memory
+     functions */
   Curl_cmalloc = m;
   Curl_cfree = f;
   Curl_cstrdup = s;
   Curl_crealloc = r;
   Curl_ccalloc = c;
-  }
 
-  return result;
+  /* Call the actual init function, but without setting */
+  return global_init(flags, FALSE);
 }
 
 /**
@@ -637,7 +646,7 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev)
       return CURLE_RECV_ERROR;
 
     if(mcode)
-      return CURLE_URL_MALFORMAT; /* TODO: return a proper error! */
+      return CURLE_URL_MALFORMAT;
 
     /* we don't really care about the "msgs_in_queue" value returned in the
        second argument */

lib/formdata.c

@@ -57,6 +57,14 @@ static char *formboundary(struct SessionHandle *data);
 #define FORM_FILE_SEPARATOR ','
 #define FORM_TYPE_SEPARATOR ';'
 
+#define HTTPPOST_PTRNAME CURL_HTTPPOST_PTRNAME
+#define HTTPPOST_FILENAME CURL_HTTPPOST_FILENAME
+#define HTTPPOST_PTRCONTENTS CURL_HTTPPOST_PTRCONTENTS
+#define HTTPPOST_READFILE CURL_HTTPPOST_READFILE
+#define HTTPPOST_PTRBUFFER CURL_HTTPPOST_PTRBUFFER
+#define HTTPPOST_CALLBACK CURL_HTTPPOST_CALLBACK
+#define HTTPPOST_BUFFER CURL_HTTPPOST_BUFFER
+
 /***************************************************************************
  *
  * AddHttpPost()
@@ -69,7 +77,7 @@ static char *formboundary(struct SessionHandle *data);
  ***************************************************************************/
 static struct curl_httppost *
 AddHttpPost(char *name, size_t namelength,
-            char *value, size_t contentslength,
+            char *value, curl_off_t contentslength,
             char *buffer, size_t bufferlength,
             char *contenttype,
             long flags,
@@ -85,14 +93,14 @@ AddHttpPost(char *name, size_t namelength,
     post->name = name;
     post->namelength = (long)(name?(namelength?namelength:strlen(name)):0);
     post->contents = value;
-    post->contentslength = (long)contentslength;
+    post->contentlen = contentslength;
     post->buffer = buffer;
     post->bufferlength = (long)bufferlength;
     post->contenttype = contenttype;
     post->contentheader = contentHeader;
     post->showfilename = showfilename;
     post->userp = userp,
-    post->flags = flags;
+    post->flags = flags | CURL_HTTPPOST_LARGE;
   }
   else
     return NULL;
@@ -372,13 +380,16 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
       }
       break;
     case CURLFORM_CONTENTSLENGTH:
-      if(current_form->contentslength)
-        return_value = CURL_FORMADD_OPTION_TWICE;
-      else
       current_form->contentslength =
         array_state?(size_t)array_value:(size_t)va_arg(params, long);
       break;
 
+    case CURLFORM_CONTENTLEN:
+      current_form->flags |= CURL_HTTPPOST_LARGE;
+      current_form->contentslength =
+        array_state?(curl_off_t)array_value:va_arg(params, curl_off_t);
+      break;
+
       /* Get contents from a given file name */
     case CURLFORM_FILECONTENT:
       if(current_form->flags & (HTTPPOST_PTRCONTENTS|HTTPPOST_READFILE))
@@ -653,9 +664,12 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
                             HTTPPOST_PTRCONTENTS | HTTPPOST_PTRBUFFER |
                             HTTPPOST_CALLBACK)) && form->value) {
           /* copy value (without strdup; possibly contains null characters) */
-          form->value = Curl_memdup(form->value, form->contentslength?
-                                    form->contentslength:
-                                    strlen(form->value)+1);
+          size_t clen  = (size_t) form->contentslength;
+          if(!clen)
+            clen = strlen(form->value)+1;
+
+          form->value = Curl_memdup(form->value, clen);
+
           if(!form->value) {
             return_value = CURL_FORMADD_MEMORY;
             break;
@@ -808,7 +822,7 @@ static curl_off_t VmsSpecialSize(const char * name,
 static CURLcode AddFormData(struct FormData **formp,
                             enum formtype type,
                             const void *line,
-                            size_t length,
+                            curl_off_t length,
                             curl_off_t *size)
 {
   struct FormData *newform = malloc(sizeof(struct FormData));
@@ -1298,15 +1312,16 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
         result = AddFormData(&form, FORM_CONTENT, post->buffer,
                              post->bufferlength, &size);
       else if(post->flags & HTTPPOST_CALLBACK)
-        /* the contents should be read with the callback and the size
-           is set with the contentslength */
+        /* the contents should be read with the callback and the size is set
+           with the contentslength */
         result = AddFormData(&form, FORM_CALLBACK, post->userp,
-                             post->contentslength, &size);
+                             post->flags&CURL_HTTPPOST_LARGE?
+                             post->contentlen:post->contentslength, &size);
       else
         /* include the contents we got */
         result = AddFormData(&form, FORM_CONTENT, post->contents,
-                             post->contentslength, &size);
-
+                             post->flags&CURL_HTTPPOST_LARGE?
+                             post->contentlen:post->contentslength, &size);
       file = file->more;
     } while(file && !result); /* for each specified file for this field */
 

lib/formdata.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -54,7 +54,7 @@ typedef struct FormInfo {
   size_t namelength;
   char *value;
   bool value_alloc;
-  size_t contentslength;
+  curl_off_t contentslength;
   char *contenttype;
   bool contenttype_alloc;
   long flags;

lib/ftp.c

@@ -491,7 +491,7 @@ static CURLcode InitiateTransfer(struct connectdata *conn)
   struct FTP *ftp = data->req.protop;
   CURLcode result = CURLE_OK;
 
-  if(conn->ssl[SECONDARYSOCKET].use) {
+  if(conn->bits.ftp_use_data_ssl) {
     /* since we only have a plaintext TCP connection here, we must now
      * do the TLS stuff */
     infof(data, "Doing the SSL/TLS handshake on the data stream\n");
@@ -732,7 +732,7 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
        * wait for more data anyway.
        */
     }
-    else {
+    else if(!Curl_ssl_data_pending(conn, FIRSTSOCKET)) {
       switch (Curl_socket_ready(sockfd, CURL_SOCKET_BAD, interval_ms)) {
       case -1: /* select() error, stop reading */
         failf(data, "FTP response aborted due to select/poll error: %d",
@@ -1673,8 +1673,8 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn,
             BUFSIZE : curlx_sotouz(data->state.resume_from - passed);
 
           size_t actuallyread =
-            data->set.fread_func(data->state.buffer, 1, readthisamountnow,
-                                 data->set.in);
+            data->state.fread_func(data->state.buffer, 1, readthisamountnow,
+                                   data->state.in);
 
           passed += actuallyread;
           if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
@@ -1789,11 +1789,23 @@ static CURLcode ftp_state_quote(struct connectdata *conn,
           Curl_pgrsSetDownloadSize(data, ftpc->known_filesize);
           result = ftp_state_retr(conn, ftpc->known_filesize);
         }
+        else {
+          if(data->set.ignorecl) {
+            /* This code is to support download of growing files.  It prevents
+               the state machine from requesting the file size from the
+               server.  With an unknown file size the download continues until
+               the server terminates it, otherwise the client stops if the
+               received byte count exceeds the reported file size.  Set option
+               CURLOPT_IGNORE_CONTENT_LENGTH to 1 to enable this behavior.*/
+            PPSENDF(&ftpc->pp, "RETR %s", ftpc->file);
+            state(conn, FTP_RETR);
+          }
           else {
             PPSENDF(&ftpc->pp, "SIZE %s", ftpc->file);
             state(conn, FTP_RETR_SIZE);
           }
         }
+      }
       break;
     case FTP_STOR_PREQUOTE:
       result = ftp_state_ul_setup(conn, FALSE);
@@ -1830,84 +1842,6 @@ static CURLcode ftp_epsv_disable(struct connectdata *conn)
   return result;
 }
 
-/*
- * Perform the necessary magic that needs to be done once the TCP connection
- * to the proxy has completed.
- */
-static CURLcode proxy_magic(struct connectdata *conn,
-                            char *newhost, unsigned short newport,
-                            bool *magicdone)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-
-#if defined(CURL_DISABLE_PROXY)
-  (void) newhost;
-  (void) newport;
-#endif
-
-  *magicdone = FALSE;
-
-  switch(conn->proxytype) {
-  case CURLPROXY_SOCKS5:
-  case CURLPROXY_SOCKS5_HOSTNAME:
-    result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, newhost,
-                         newport, SECONDARYSOCKET, conn);
-    *magicdone = TRUE;
-    break;
-  case CURLPROXY_SOCKS4:
-    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
-                         SECONDARYSOCKET, conn, FALSE);
-    *magicdone = TRUE;
-    break;
-  case CURLPROXY_SOCKS4A:
-    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
-                         SECONDARYSOCKET, conn, TRUE);
-    *magicdone = TRUE;
-    break;
-  case CURLPROXY_HTTP:
-  case CURLPROXY_HTTP_1_0:
-    /* do nothing here. handled later. */
-    break;
-  default:
-    failf(data, "unknown proxytype option given");
-    result = CURLE_COULDNT_CONNECT;
-    break;
-  }
-
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* BLOCKING */
-    /* We want "seamless" FTP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
-     * member conn->proto.http; we want FTP through HTTP and we have to
-     * change the member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original
-     * struct FTP pointer
-     */
-    struct HTTP http_proxy;
-    struct FTP *ftp_save = data->req.protop;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->req.protop = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport, TRUE);
-
-    data->req.protop = ftp_save;
-
-    if(result)
-      return result;
-
-    if(conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE) {
-      /* the CONNECT procedure is not complete, the tunnel is not yet up */
-      state(conn, FTP_STOP); /* this phase is completed */
-      return result;
-    }
-    else
-      *magicdone = TRUE;
-  }
-
-  return result;
-}
 
 static char *control_address(struct connectdata *conn)
 {
@@ -1915,11 +1849,7 @@ static char *control_address(struct connectdata *conn)
      If a proxy tunnel is used, returns the original host name instead, because
      the effective control connection address is the proxy address,
      not the ftp host. */
-  if(conn->bits.tunnel_proxy ||
-     conn->proxytype == CURLPROXY_SOCKS5 ||
-     conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME ||
-     conn->proxytype == CURLPROXY_SOCKS4 ||
-     conn->proxytype == CURLPROXY_SOCKS4A)
+  if(conn->bits.tunnel_proxy || conn->bits.socksproxy)
     return conn->host.name;
 
   return conn->ip_addr_str;
@@ -2043,7 +1973,9 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
      * here. We don't want to rely on a former host lookup that might've
      * expired now, instead we remake the lookup here and now!
      */
-    rc = Curl_resolv(conn, conn->proxy.name, (int)conn->port, &addr);
+    const char * const host_name = conn->bits.socksproxy ?
+      conn->socks_proxy.host.name : conn->http_proxy.host.name;
+    rc = Curl_resolv(conn, host_name, (int)conn->port, &addr);
     if(rc == CURLRESOLV_PENDING)
       /* BLOCKING, ignores the return code but 'addr' will be NULL in
          case of failure */
@@ -2053,8 +1985,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
       (unsigned short)conn->port; /* we connect to the proxy's port */
 
     if(!addr) {
-      failf(data, "Can't resolve proxy host %s:%hu",
-            conn->proxy.name, connectport);
+      failf(data, "Can't resolve proxy host %s:%hu", host_name, connectport);
       return CURLE_FTP_CANT_GET_HOST;
     }
   }
@@ -2095,6 +2026,10 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
     /* this just dumps information about this second connection */
     ftp_pasv_verbose(conn, addr->addr, ftpc->newhost, connectport);
 
+  Curl_safefree(conn->secondaryhostname);
+  conn->secondaryhostname = strdup(ftpc->newhost);
+  conn->secondary_port = ftpc->newport;
+
   Curl_resolv_unlock(data, addr); /* we're done using this address */
   conn->bits.do_more = TRUE;
   state(conn, FTP_STOP); /* this phase is completed */
@@ -2743,7 +2678,10 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
       }
 #endif
 
-      if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+      if(data->set.use_ssl &&
+         (!conn->ssl[FIRSTSOCKET].use ||
+          (conn->bits.proxy_ssl_connected[FIRSTSOCKET] &&
+           !conn->proxy_ssl[FIRSTSOCKET].use))) {
         /* We don't have a SSL/TLS connection yet, but FTPS is
            requested. Try a FTPS connection now */
 
@@ -2788,7 +2726,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
         /* Curl_ssl_connect is BLOCKING */
         result = Curl_ssl_connect(conn, FIRSTSOCKET);
         if(!result) {
-          conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
+          conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
           result = ftp_state_user(conn);
         }
       }
@@ -2830,7 +2768,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
     case FTP_PROT:
       if(ftpcode/100 == 2)
         /* We have enabled SSL for the data connection! */
-        conn->ssl[SECONDARYSOCKET].use =
+        conn->bits.ftp_use_data_ssl =
           (data->set.use_ssl != CURLUSESSL_CONTROL) ? TRUE : FALSE;
       /* FTP servers typically responds with 500 if they decide to reject
          our 'P' request */
@@ -3647,7 +3585,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
   if(!conn->bits.tcpconnect[SECONDARYSOCKET]) {
     if(conn->tunnel_state[SECONDARYSOCKET] == TUNNEL_CONNECT) {
       /* As we're in TUNNEL_CONNECT state now, we know the proxy name and port
-         aren't used so we blank their arguments. TODO: make this nicer */
+         aren't used so we blank their arguments. */
       result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, NULL, 0, FALSE);
 
       return result;
@@ -3658,10 +3596,6 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
     /* Ready to do more? */
     if(connected) {
       DEBUGF(infof(data, "DO-MORE connected phase starts\n"));
-      if(conn->bits.proxy) {
-        infof(data, "Connection to proxy confirmed\n");
-        result = proxy_magic(conn, ftpc->newhost, ftpc->newport, &connected);
-      }
     }
     else {
       if(result && (ftpc->count1 == 0)) {
@@ -3673,6 +3607,18 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
     }
   }
 
+  result = Curl_proxy_connect(conn, SECONDARYSOCKET);
+  if(result)
+    return result;
+
+  if(CONNECT_SECONDARYSOCKET_PROXY_SSL())
+    return result;
+
+  if(conn->bits.tunnel_proxy && conn->bits.httpproxy &&
+     conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE)
+    return result;
+
+
   if(ftpc->state) {
     /* already in a state so skip the intial commands.
        They are only done to kickstart the do_more state */
@@ -4240,8 +4186,8 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
   const char *cur_pos;
   const char *filename = NULL;
 
-  cur_pos = path_to_use; /* current position in path. point at the begin
-                            of next path component */
+  cur_pos = path_to_use; /* current position in path. point at the begin of
+                            next path component */
 
   ftpc->ctl_valid = FALSE;
   ftpc->cwdfail = FALSE;

lib/ftplistparser.c

@@ -275,26 +275,6 @@ static void PL_ERROR(struct connectdata *conn, CURLcode err)
   parser->error = err;
 }
 
-static bool ftp_pl_gettime(struct ftp_parselist_data *parser, char *string)
-{
-  (void)parser;
-  (void)string;
-  /* TODO
-   * There could be possible parse timestamp from server. Leaving unimplemented
-   * for now.
-   * If you want implement this, please add CURLFINFOFLAG_KNOWN_TIME flag to
-   * parser->file_data->flags
-   *
-   * Ftp servers are giving usually these formats:
-   *  Apr 11  1998 (unknown time.. set it to 00:00:00?)
-   *  Apr 11 12:21 (unknown year -> set it to NOW() time?)
-   *  08-05-09  02:49PM  (ms-dos format)
-   *  20100421092538 -> for MLST/MLSD response
-   */
-
-  return FALSE;
-}
-
 static CURLcode ftp_pl_insert_finfo(struct connectdata *conn,
                                     struct curl_fileinfo *finfo)
 {
@@ -715,9 +695,11 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
           if(c == ' ') {
             finfo->b_data[parser->item_offset + parser->item_length -1] = 0;
             parser->offsets.time = parser->item_offset;
+            /*
               if(ftp_pl_gettime(parser, finfo->b_data + parser->item_offset)) {
                 parser->file_data->flags |= CURLFINFOFLAG_KNOWN_TIME;
               }
+            */
             if(finfo->filetype == CURLFILETYPE_SYMLINK) {
               parser->state.UNIX.main = PL_UNIX_SYMLINK;
               parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRESPACE;

lib/getinfo.c

@@ -148,6 +148,9 @@ static CURLcode getinfo_long(struct SessionHandle *data, CURLINFO info,
   case CURLINFO_SSL_VERIFYRESULT:
     *param_longp = data->set.ssl.certverifyresult;
     break;
+  case CURLINFO_PROXY_SSL_VERIFYRESULT:
+    *param_longp = data->set.proxy_ssl.certverifyresult;
+    break;
   case CURLINFO_REDIRECT_COUNT:
     *param_longp = data->set.followlocation;
     break;
@@ -335,20 +338,9 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
 static CURLcode getinfo_socket(struct SessionHandle *data, CURLINFO info,
                                curl_socket_t *param_socketp)
 {
-  curl_socket_t sockfd;
-
   switch(info) {
   case CURLINFO_ACTIVESOCKET:
-    sockfd = Curl_getconnectinfo(data, NULL);
-
-    /* note: this is not a good conversion for systems with 64 bit sockets and
-       32 bit longs */
-    if(sockfd != CURL_SOCKET_BAD)
-      *param_socketp = sockfd;
-    else
-      /* this interface is documented to return -1 in case of badness, which
-         may not be the same as the CURL_SOCKET_BAD value */
-      *param_socketp = -1;
+    *param_socketp = Curl_getconnectinfo(data, NULL);
     break;
   default:
     return CURLE_UNKNOWN_OPTION;

lib/hash.c

@@ -46,7 +46,12 @@ hash_element_dtor(void *user, void *element)
   free(e);
 }
 
-/* return 1 on error, 0 is fine */
+/* Initializes a hash structure.
+ * Return 1 on error, 0 is fine.
+ *
+ * @unittest: 1602
+ * @unittest: 1603
+ */
 int
 Curl_hash_init(struct curl_hash *h,
                int slots,
@@ -119,6 +124,8 @@ mk_hash_element(const void *key, size_t key_len, const void *p)
  * that data is replaced.
  *
  * @unittest: 1305
+ * @unittest: 1602
+ * @unittest: 1603
  */
 void *
 Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p)
@@ -155,7 +162,11 @@ Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p)
   return NULL; /* failure */
 }
 
-/* remove the identified hash entry, returns non-zero on failure */
+/* Remove the identified hash entry.
+ * Returns non-zero on failure.
+ *
+ * @unittest: 1603
+ */
 int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len)
 {
   struct curl_llist_element *le;
@@ -173,6 +184,10 @@ int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len)
   return 1;
 }
 
+/* Retrieves a hash element.
+ *
+ * @unittest: 1603
+ */
 void *
 Curl_hash_pick(struct curl_hash *h, void *key, size_t key_len)
 {
@@ -214,6 +229,10 @@ Curl_hash_apply(curl_hash *h, void *user,
 
 /* Destroys all the entries in the given hash and resets its attributes,
  * prepping the given hash for [static|dynamic] deallocation.
+ *
+ * @unittest: 1305
+ * @unittest: 1602
+ * @unittest: 1603
  */
 void
 Curl_hash_destroy(struct curl_hash *h)

lib/http.c

@@ -287,8 +287,8 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
 
   if(proxy) {
     userp = &conn->allocptr.proxyuserpwd;
-    user = conn->proxyuser;
-    pwd = conn->proxypasswd;
+    user = conn->http_proxy.user;
+    pwd = conn->http_proxy.passwd;
   }
   else {
     userp = &conn->allocptr.userpwd;
@@ -642,7 +642,7 @@ output_auth_headers(struct connectdata *conn,
   if(auth) {
     infof(data, "%s auth using %s with user '%s'\n",
           proxy?"Proxy":"Server", auth,
-          proxy?(conn->proxyuser?conn->proxyuser:""):
+          proxy?(conn->http_proxy.user?conn->http_proxy.user:""):
                 (conn->user?conn->user:""));
     authstatus->multi = (!authstatus->done) ? TRUE : FALSE;
   }
@@ -1001,8 +1001,8 @@ static size_t readmoredata(char *buffer,
       /* move backup data into focus and continue on that */
       http->postdata = http->backup.postdata;
       http->postsize = http->backup.postsize;
-      conn->data->set.fread_func = http->backup.fread_func;
-      conn->data->set.in = http->backup.fread_in;
+      conn->data->state.fread_func = http->backup.fread_func;
+      conn->data->state.in = http->backup.fread_in;
 
       http->sending++; /* move one step up */
 
@@ -1092,8 +1092,8 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
     return result;
   }
 
-
-  if(conn->handler->flags & PROTOPT_SSL) {
+  if(conn->handler->flags & PROTOPT_SSL ||
+     conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
     /* We never send more than CURL_MAX_WRITE_SIZE bytes in one single chunk
        when we speak HTTPS, as if only a fraction of it is sent now, this data
        needs to fit into the normal read-callback buffer later on and that
@@ -1157,14 +1157,14 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
         ptr = in->buffer + amount;
 
         /* backup the currently set pointers */
-        http->backup.fread_func = conn->data->set.fread_func;
-        http->backup.fread_in = conn->data->set.in;
+        http->backup.fread_func = conn->data->state.fread_func;
+        http->backup.fread_in = conn->data->state.in;
         http->backup.postdata = http->postdata;
         http->backup.postsize = http->postsize;
 
         /* set the new pointers for the request-sending */
-        conn->data->set.fread_func = (curl_read_callback)readmoredata;
-        conn->data->set.in = (void *)conn;
+        conn->data->state.fread_func = (curl_read_callback)readmoredata;
+        conn->data->state.in = (void *)conn;
         http->postdata = ptr;
         http->postsize = (curl_off_t)size;
 
@@ -1345,10 +1345,13 @@ CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
   connkeep(conn, "HTTP default");
 
   /* the CONNECT procedure might not have been completed */
-  result = Curl_proxy_connect(conn);
+  result = Curl_proxy_connect(conn, FIRSTSOCKET);
   if(result)
     return result;
 
+  if(CONNECT_FIRSTSOCKET_PROXY_SSL())
+    return CURLE_OK; /* wait for HTTPS proxy SSL initialization to complete */
+
   if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
     /* nothing else to do except wait right now - we're not done here. */
     return CURLE_OK;
@@ -1391,48 +1394,16 @@ static CURLcode https_connecting(struct connectdata *conn, bool *done)
 
   return result;
 }
-#endif
 
-#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
-    defined(USE_DARWINSSL) || defined(USE_POLARSSL) || defined(USE_NSS)
-/* This function is for OpenSSL, GnuTLS, darwinssl, schannel and polarssl only.
-   It should be made to query the generic SSL layer instead. */
 static int https_getsock(struct connectdata *conn,
                          curl_socket_t *socks,
                          int numsocks)
 {
-  if(conn->handler->flags & PROTOPT_SSL) {
-    struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
-
-    if(!numsocks)
-      return GETSOCK_BLANK;
-
-    if(connssl->connecting_state == ssl_connect_2_writing) {
-      /* write mode */
-      socks[0] = conn->sock[FIRSTSOCKET];
-      return GETSOCK_WRITESOCK(0);
-    }
-    else if(connssl->connecting_state == ssl_connect_2_reading) {
-      /* read mode */
-      socks[0] = conn->sock[FIRSTSOCKET];
-      return GETSOCK_READSOCK(0);
-    }
-  }
-  return CURLE_OK;
-}
-#else
-#ifdef USE_SSL
-static int https_getsock(struct connectdata *conn,
-                         curl_socket_t *socks,
-                         int numsocks)
-{
-  (void)conn;
-  (void)socks;
-  (void)numsocks;
+  if(conn->handler->flags & PROTOPT_SSL)
+    return Curl_ssl_getsock(conn, socks, numsocks);
   return GETSOCK_BLANK;
 }
 #endif /* USE_SSL */
-#endif /* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL */
 
 /*
  * Curl_http_done() gets called from Curl_done() after a single HTTP request
@@ -1479,12 +1450,15 @@ CURLcode Curl_http_done(struct connectdata *conn,
     DEBUGF(infof(data, "free header_recvbuf!!\n"));
     Curl_add_buffer_free(http->header_recvbuf);
     http->header_recvbuf = NULL; /* clear the pointer */
+    if(http->push_headers) {
+      /* if they weren't used and then freed before */
       for(; http->push_headers_used > 0; --http->push_headers_used) {
         free(http->push_headers[http->push_headers_used - 1]);
       }
       free(http->push_headers);
       http->push_headers = NULL;
     }
+  }
   if(http->stream_id) {
     nghttp2_session_set_stream_user_data(httpc->h2, http->stream_id, 0);
     http->stream_id = 0;
@@ -2043,10 +2017,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
       ptr = strstr(url, conn->host.dispname);
       if(ptr) {
         /* This is where the display name starts in the URL, now replace this
-           part with the encoded name. TODO: This method of replacing the host
-           name is rather crude as I believe there's a slight risk that the
-           user has entered a user name or password that contain the host name
-           string. */
+           part with the encoded name. */
         size_t currlen = strlen(conn->host.dispname);
         size_t newlen = strlen(conn->host.name);
         size_t urllen = strlen(url);
@@ -2162,8 +2133,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
               BUFSIZE : curlx_sotouz(data->state.resume_from - passed);
 
             size_t actuallyread =
-              data->set.fread_func(data->state.buffer, 1, readthisamountnow,
-                                   data->set.in);
+              data->state.fread_func(data->state.buffer, 1, readthisamountnow,
+                                     data->state.in);
 
             passed += actuallyread;
             if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
@@ -2437,11 +2408,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
        on. The data->set.fread_func pointer itself will be changed for the
        multipart case to the function that returns a multipart formatted
        stream. */
-    http->form.fread_func = data->set.fread_func;
+    http->form.fread_func = data->state.fread_func;
 
     /* Set the read function to read from the generated form data */
-    data->set.fread_func = (curl_read_callback)Curl_FormReader;
-    data->set.in = &http->form;
+    data->state.fread_func = (curl_read_callback)Curl_FormReader;
+    data->state.in = &http->form;
 
     http->sending = HTTPSEND_BODY;
 
@@ -2659,8 +2630,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
 
         http->sending = HTTPSEND_BODY;
 
-        data->set.fread_func = (curl_read_callback)readmoredata;
-        data->set.in = (void *)conn;
+        data->state.fread_func = (curl_read_callback)readmoredata;
+        data->state.in = (void *)conn;
 
         /* set the upload size to the progress meter */
         Curl_pgrsSetUploadSize(data, http->postsize);
@@ -3328,7 +3299,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
           conn->httpversion = 11; /* For us, RTSP acts like HTTP 1.1 */
         }
         else {
-          /* TODO: do we care about the other cases here? */
           nc = 0;
         }
       }
@@ -3559,7 +3529,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
         }
 
         if(k->auto_decoding)
-          /* TODO: we only support the first mentioned compression for now */
           break;
 
         if(checkprefix("identity", start)) {

lib/http2.c

@@ -42,10 +42,28 @@
 
 #define MIN(x,y) ((x)<(y)?(x):(y))
 
-#if (NGHTTP2_VERSION_NUM < 0x000600)
+#if (NGHTTP2_VERSION_NUM < 0x010000)
 #error too old nghttp2 version, upgrade!
 #endif
 
+/*
+ * Curl_http2_init_state() is called when the easy handle is created and
+ * allows for HTTP/2 specific init of state.
+ */
+void Curl_http2_init_state(struct UrlState *state)
+{
+  state->stream_weight = NGHTTP2_DEFAULT_WEIGHT;
+}
+
+/*
+ * Curl_http2_init_userset() is called when the easy handle is created and
+ * allows for HTTP/2 specific user-set fields.
+ */
+void Curl_http2_init_userset(struct UserDefined *set)
+{
+  set->stream_weight = NGHTTP2_DEFAULT_WEIGHT;
+}
+
 static int http2_perform_getsock(const struct connectdata *conn,
                                  curl_socket_t *sock, /* points to
                                                          numsocks
@@ -57,8 +75,6 @@ static int http2_perform_getsock(const struct connectdata *conn,
   int bitmap = GETSOCK_BLANK;
   (void)numsocks;
 
-  /* TODO We should check underlying socket state if it is SSL socket
-     because of renegotiation. */
   sock[0] = conn->sock[FIRSTSOCKET];
 
   if(nghttp2_session_want_read(c->h2))
@@ -264,7 +280,7 @@ char *curl_pushheader_byname(struct curl_pushheaders *h, const char *header)
     size_t i;
     for(i=0; i<stream->push_headers_used; i++) {
       if(!strncmp(header, stream->push_headers[i], len)) {
-        /* sub-match, make sure that it us followed by a colon */
+        /* sub-match, make sure that it is followed by a colon */
         if(stream->push_headers[i][len] != ':')
           continue;
         return &stream->push_headers[i][len+1];
@@ -406,9 +422,6 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
   DEBUGF(infof(data_s, "on_frame_recv() header %x stream %x\n",
                frame->hd.type, stream_id));
 
-  conn = data_s->easy_conn;
-  assert(conn);
-  assert(conn->data == data_s);
   httpc = &conn->proto.httpc;
   switch(frame->hd.type) {
   case NGHTTP2_DATA:
@@ -561,8 +574,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
 
   /* if we receive data for another handle, wake that up */
   if(conn->data != data_s)
-    Curl_expire(data_s, 1); /* TODO: fix so that this can be set to 0 for
-                               immediately? */
+    Curl_expire(data_s, 1);
 
   DEBUGF(infof(data_s, "%zu data received for stream %u "
                "(%zu left in buffer %p, total %zu)\n",
@@ -986,6 +998,54 @@ static ssize_t http2_handle_stream_close(struct http_conn *httpc,
   return 0;
 }
 
+/*
+ * h2_pri_spec() fills in the pri_spec struct, used by nghttp2 to send weight
+ * and dependency to the peer. It also stores the updated values in the state
+ * struct.
+ */
+
+static void h2_pri_spec(struct SessionHandle *data,
+                        nghttp2_priority_spec *pri_spec)
+{
+  struct HTTP *depstream = (data->set.stream_depends_on?
+                            data->set.stream_depends_on->req.protop:NULL);
+  int32_t depstream_id = depstream? depstream->stream_id:0;
+  nghttp2_priority_spec_init(pri_spec, depstream_id, data->set.stream_weight,
+                             data->set.stream_depends_e);
+  data->state.stream_weight = data->set.stream_weight;
+  data->state.stream_depends_e = data->set.stream_depends_e;
+  data->state.stream_depends_on = data->set.stream_depends_on;
+}
+
+/*
+ * h2_session_send() checks if there's been an update in the priority /
+ * dependency settings and if so it submits a PRIORITY frame with the updated
+ * info.
+ */
+static int h2_session_send(struct SessionHandle *data,
+                           nghttp2_session *h2)
+{
+  struct HTTP *stream = data->req.protop;
+  if((data->set.stream_weight != data->state.stream_weight) ||
+     (data->set.stream_depends_e != data->state.stream_depends_e) ||
+     (data->set.stream_depends_on != data->state.stream_depends_on) ) {
+    /* send new weight and/or dependency */
+    nghttp2_priority_spec pri_spec;
+    int rv;
+
+    h2_pri_spec(data, &pri_spec);
+
+    DEBUGF(infof(data, "Queuing HTTP/2 PRIORITY frame on stream %u!\n",
+                 stream->stream_id));
+    rv = nghttp2_submit_priority(h2, NGHTTP2_FLAG_NONE, stream->stream_id,
+                                 &pri_spec);
+    if(rv)
+      return rv;
+  }
+
+  return nghttp2_session_send(h2);
+}
+
 /*
  * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
  * a regular CURLcode value.
@@ -1094,15 +1154,11 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex,
       nread = ((Curl_recv *)httpc->recv_underlying)(
           conn, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result);
 
-      if(result == CURLE_AGAIN) {
-        *err = result;
-        return -1;
-      }
-
       if(nread == -1) {
+        if(result != CURLE_AGAIN)
           failf(data, "Failed receiving HTTP2 data");
         *err = result;
-        return 0;
+        return -1;
       }
 
       if(nread == 0) {
@@ -1144,7 +1200,7 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex,
     }
     /* Always send pending frames in nghttp2 session, because
        nghttp2_session_mem_recv() may queue new frame */
-    rv = nghttp2_session_send(httpc->h2);
+    rv = h2_session_send(data, httpc->h2);
     if(rv != 0) {
       *err = CURLE_SEND_ERROR;
       return 0;
@@ -1203,6 +1259,7 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
   nghttp2_data_provider data_prd;
   int32_t stream_id;
   nghttp2_session *h2 = httpc->h2;
+  nghttp2_priority_spec pri_spec;
 
   (void)sockindex;
 
@@ -1214,7 +1271,7 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
     stream->upload_mem = mem;
     stream->upload_len = len;
     nghttp2_session_resume_data(h2, stream->stream_id);
-    rv = nghttp2_session_send(h2);
+    rv = h2_session_send(conn->data, h2);
     if(nghttp2_is_fatal(rv)) {
       *err = CURLE_SEND_ERROR;
       return -1;
@@ -1294,14 +1351,19 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
 
   authority_idx = 0;
 
-  for(i = 3; i < nheader; ++i) {
+  i = 3;
+  while(i < nheader) {
     size_t hlen;
+    int skip = 0;
     end = strchr(hdbuf, ':');
     if(!end)
       goto fail;
     hlen = end - hdbuf;
-    if(hlen == 10 && Curl_raw_nequal("connection", hdbuf, 10))
-      ; /* skip Connection: headers! */
+    if(hlen == 10 && Curl_raw_nequal("connection", hdbuf, 10)) {
+      /* skip Connection: headers! */
+      skip = 1;
+      --nheader;
+    }
     else if(hlen == 4 && Curl_raw_nequal("host", hdbuf, 4)) {
       authority_idx = i;
       nva[i].name = (unsigned char *)":authority";
@@ -1316,11 +1378,10 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
     end = strchr(hdbuf, 0x0d);
     if(!end)
       goto fail;
+    if(!skip) {
       nva[i].value = (unsigned char *)hdbuf;
       nva[i].valuelen = (uint16_t)(end - hdbuf);
       nva[i].flags = NGHTTP2_NV_FLAG_NONE;
-
-    hdbuf = end + 2;
       /* Inspect Content-Length header field and retrieve the request
          entity length so that we can set END_STREAM to the last DATA
          frame. */
@@ -1337,6 +1398,9 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
                      CURL_FORMAT_CURL_OFF_T
                      "\n", stream->upload_left));
       }
+      ++i;
+    }
+    hdbuf = end + 2;
   }
 
   /* :authority must come before non-pseudo header fields */
@@ -1348,17 +1412,19 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
     nva[i] = authority;
   }
 
+  h2_pri_spec(conn->data, &pri_spec);
+
   switch(conn->data->set.httpreq) {
   case HTTPREQ_POST:
   case HTTPREQ_POST_FORM:
   case HTTPREQ_PUT:
     data_prd.read_callback = data_source_read_callback;
     data_prd.source.ptr = NULL;
-    stream_id = nghttp2_submit_request(h2, NULL, nva, nheader,
+    stream_id = nghttp2_submit_request(h2, &pri_spec, nva, nheader,
                                        &data_prd, conn->data);
     break;
   default:
-    stream_id = nghttp2_submit_request(h2, NULL, nva, nheader,
+    stream_id = nghttp2_submit_request(h2, &pri_spec, nva, nheader,
                                        NULL, conn->data);
   }
 
@@ -1374,6 +1440,8 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
         stream_id, conn->data);
   stream->stream_id = stream_id;
 
+  /* this does not call h2_session_send() since there can not have been any
+   * priority upodate since the nghttp2_submit_request() call above */
   rv = nghttp2_session_send(h2);
 
   if(rv != 0) {
@@ -1395,7 +1463,7 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
 
   return len;
 
-  fail:
+fail:
   free(nva);
   *err = CURLE_SEND_ERROR;
   return -1;
@@ -1533,7 +1601,7 @@ CURLcode Curl_http2_switched(struct connectdata *conn,
   }
 
   /* Try to send some frames since we may read SETTINGS already. */
-  rv = nghttp2_session_send(httpc->h2);
+  rv = h2_session_send(data, httpc->h2);
 
   if(rv != 0) {
     failf(data, "nghttp2_session_send() failed: %s(%d)",

lib/http2.h

@@ -38,6 +38,8 @@
 int Curl_http2_ver(char *p, size_t len);
 
 CURLcode Curl_http2_init(struct connectdata *conn);
+void Curl_http2_init_state(struct UrlState *state);
+void Curl_http2_init_userset(struct UserDefined *set);
 CURLcode Curl_http2_send_request(struct connectdata *conn);
 CURLcode Curl_http2_request_upgrade(Curl_send_buffer *req,
                                     struct connectdata *conn);
@@ -55,6 +57,8 @@ void Curl_http2_setup_req(struct SessionHandle *data);
 #define Curl_http2_switched(x,y,z) CURLE_UNSUPPORTED_PROTOCOL
 #define Curl_http2_setup_conn(x)
 #define Curl_http2_setup_req(x)
+#define Curl_http2_init_state(x)
+#define Curl_http2_init_userset(x)
 #endif
 
 #endif /* HEADER_CURL_HTTP2_H */

lib/http_digest.c

@@ -96,8 +96,8 @@ CURLcode Curl_output_digest(struct connectdata *conn,
   if(proxy) {
     digest = &data->state.proxydigest;
     allocuserpwd = &conn->allocptr.proxyuserpwd;
-    userp = conn->proxyuser;
-    passwdp = conn->proxypasswd;
+    userp = conn->http_proxy.user;
+    passwdp = conn->http_proxy.passwd;
     authp = &data->state.authproxy;
   }
   else {

lib/http_negotiate.c

@@ -65,7 +65,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
     char *spn = Curl_sasl_build_gssapi_spn(
       proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] :
       data->set.str[STRING_SERVICE_NAME],
-      proxy ? conn->proxy.name : conn->host.name);
+      proxy ? conn->http_proxy.host.name : conn->host.name);
     if(!spn)
       return CURLE_OUT_OF_MEMORY;
 

lib/http_negotiate_sspi.c

@@ -90,14 +90,14 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
 
   if(!neg_ctx->server_name) {
     /* Check proxy auth requested but no given proxy name */
-    if(proxy && !conn->proxy.name)
+    if(proxy && !conn->http_proxy.host.name)
       return CURLE_BAD_FUNCTION_ARGUMENT;
 
     /* Generate our SPN */
     neg_ctx->server_name = Curl_sasl_build_spn(
       proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] :
       data->set.str[STRING_SERVICE_NAME],
-      proxy ? conn->proxy.name : conn->host.name);
+      proxy ? conn->http_proxy.host.name : conn->host.name);
     if(!neg_ctx->server_name)
       return CURLE_OUT_OF_MEMORY;
   }

lib/http_proxy.c

@@ -37,19 +37,57 @@
 #include "connect.h"
 #include "curl_printf.h"
 #include "curlx.h"
+#include "vtls/vtls.h"
 
 #include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
 
-CURLcode Curl_proxy_connect(struct connectdata *conn)
+/*
+ * Perform SSL initialization for HTTPS proxy.  Sets
+ * proxy_ssl_connected connection bit when complete.  Can be
+ * called multiple times.
+ */
+static CURLcode https_proxy_connect(struct connectdata *conn, int sockindex)
 {
+#ifdef USE_SSL
+  CURLcode result = CURLE_OK;
+  DEBUGASSERT(conn->http_proxy.proxytype == CURLPROXY_HTTPS);
+  if(!conn->bits.proxy_ssl_connected[sockindex]) {
+    /* perform SSL initialization for this socket */
+    result =
+      Curl_ssl_connect_nonblocking(conn, sockindex,
+                                   &conn->bits.proxy_ssl_connected[sockindex]);
+    if(result)
+      conn->bits.close = TRUE; /* a failed connection is marked for closure to
+                                  prevent (bad) re-use or similar */
+  }
+  return result;
+#else
+  return CURLE_NOT_BUILT_IN;
+#endif
+}
+
+CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex)
+{
+  if(conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
+    const CURLcode result = https_proxy_connect(conn, sockindex);
+    if(result)
+      return result;
+    if(!conn->bits.proxy_ssl_connected[sockindex])
+      return result; /* wait for HTTPS proxy SSL initialization to complete */
+  }
+
   if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
 #ifndef CURL_DISABLE_PROXY
     /* for [protocol] tunneled through HTTP proxy */
     struct HTTP http_proxy;
     void *prot_save;
     CURLcode result;
+    const char * const host = sockindex == SECONDARYSOCKET ?
+      conn->secondaryhostname : conn->host.name;
+    const int port = sockindex == SECONDARYSOCKET ? conn->secondary_port :
+      conn->remote_port;
 
     /* BLOCKING */
     /* We want "seamless" operations through HTTP proxy tunnel */
@@ -67,8 +105,7 @@ CURLcode Curl_proxy_connect(struct connectdata *conn)
     memset(&http_proxy, 0, sizeof(http_proxy));
     conn->data->req.protop = &http_proxy;
     connkeep(conn, "HTTP proxy CONNECT");
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port, FALSE);
+    result = Curl_proxyCONNECT(conn, sockindex, host, port, FALSE);
     conn->data->req.protop = prot_save;
     if(CURLE_OK != result)
       return result;
@@ -152,7 +189,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
         char *host=(char *)"";
         const char *proxyconn="";
         const char *useragent="";
-        const char *http = (conn->proxytype == CURLPROXY_HTTP_1_0) ?
+        const char *http = (conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0) ?
           "1.0" : "1.1";
         char *hostheader= /* host:port with IPv6 support */
           aprintf("%s%s%s:%hu", conn->bits.ipv6_ip?"[":"",

lib/http_proxy.h

@@ -32,11 +32,11 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
 /* Default proxy timeout in milliseconds */
 #define PROXY_TIMEOUT (3600*1000)
 
-CURLcode Curl_proxy_connect(struct connectdata *conn);
+CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex);
 
 #else
 #define Curl_proxyCONNECT(x,y,z,w,v) CURLE_NOT_BUILT_IN
-#define Curl_proxy_connect(x) CURLE_OK
+#define Curl_proxy_connect(x,y) CURLE_OK
 #endif
 
 #endif /* HEADER_CURL_HTTP_PROXY_H */

lib/imap.c

@@ -98,7 +98,7 @@ static int imap_getsock(struct connectdata *conn, curl_socket_t *socks,
                         int numsocks);
 static CURLcode imap_doing(struct connectdata *conn, bool *dophase_done);
 static CURLcode imap_setup_connection(struct connectdata *conn);
-static char *imap_atom(const char *str);
+static char *imap_atom(const char *str, bool escape_only);
 static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...);
 static CURLcode imap_parse_url_options(struct connectdata *conn);
 static CURLcode imap_parse_url_path(struct connectdata *conn);
@@ -360,8 +360,8 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
      a space and optionally some text as per RFC-3501 for the AUTHENTICATE and
      APPEND commands and as outlined in Section 4. Examples of RFC-4959 but
      some e-mail servers ignore this and only send a single + instead. */
-  if((len == 3 && !memcmp("+", line, 1)) ||
-     (len >= 2 && !memcmp("+ ", line, 2))) {
+  if(!imap->custom && ((len == 3 && !memcmp("+", line, 1)) ||
+     (len >= 2 && !memcmp("+ ", line, 2)))) {
     switch(imapc->state) {
       /* States which are interested in continuation responses */
       case IMAP_AUTHENTICATE:
@@ -540,8 +540,8 @@ static CURLcode imap_perform_login(struct connectdata *conn)
   }
 
   /* Make sure the username and password are in the correct atom format */
-  user = imap_atom(conn->user);
-  passwd = imap_atom(conn->passwd);
+  user = imap_atom(conn->user, false);
+  passwd = imap_atom(conn->passwd, false);
 
   /* Send the LOGIN command */
   result = imap_sendf(conn, "LOGIN %s %s", user ? user : "",
@@ -653,8 +653,8 @@ static CURLcode imap_perform_list(struct connectdata *conn)
     result = imap_sendf(conn, "%s%s", imap->custom,
                         imap->custom_params ? imap->custom_params : "");
   else {
-    /* Make sure the mailbox is in the correct atom format */
-    mailbox = imap_atom(imap->mailbox ? imap->mailbox : "");
+    /* Make sure the mailbox is in the correct atom format if necessary */
+    mailbox = imap->mailbox ? imap_atom(imap->mailbox, true) : strdup("");
     if(!mailbox)
       return CURLE_OUT_OF_MEMORY;
 
@@ -695,7 +695,7 @@ static CURLcode imap_perform_select(struct connectdata *conn)
   }
 
   /* Make sure the mailbox is in the correct atom format */
-  mailbox = imap_atom(imap->mailbox);
+  mailbox = imap_atom(imap->mailbox, false);
   if(!mailbox)
     return CURLE_OUT_OF_MEMORY;
 
@@ -769,7 +769,7 @@ static CURLcode imap_perform_append(struct connectdata *conn)
   }
 
   /* Make sure the mailbox is in the correct atom format */
-  mailbox = imap_atom(imap->mailbox);
+  mailbox = imap_atom(imap->mailbox, false);
   if(!mailbox)
     return CURLE_OUT_OF_MEMORY;
 
@@ -842,7 +842,7 @@ static CURLcode imap_state_servergreet_resp(struct connectdata *conn,
 
   if(imapcode != 'O') {
     failf(data, "Got unexpected imap-server response");
-    result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: fix this code */
+    result = CURLE_FTP_WEIRD_SERVER_REPLY;
   }
   else
     result = imap_perform_capability(conn);
@@ -1033,7 +1033,7 @@ static CURLcode imap_state_list_resp(struct connectdata *conn, int imapcode,
     line[len] = '\0';
   }
   else if(imapcode != 'O')
-    result = CURLE_QUOTE_ERROR; /* TODO: Fix error code */
+    result = CURLE_QUOTE_ERROR;
   else
     /* End of DO phase */
     state(conn, IMAP_STOP);
@@ -1105,7 +1105,7 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
   if(imapcode != '*') {
     Curl_pgrsSetDownloadSize(data, -1);
     state(conn, IMAP_STOP);
-    return CURLE_REMOTE_FILE_NOT_FOUND; /* TODO: Fix error code */
+    return CURLE_REMOTE_FILE_NOT_FOUND;
   }
 
   /* Something like this is received "* 1 FETCH (BODY[TEXT] {2021}\r" so parse
@@ -1174,7 +1174,7 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
   else {
     /* We don't know how to parse this line */
     failf(pp->conn->data, "Failed to parse FETCH response.");
-    result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: fix this code */
+    result = CURLE_FTP_WEIRD_SERVER_REPLY;
   }
 
   /* End of DO phase */
@@ -1193,7 +1193,7 @@ static CURLcode imap_state_fetch_final_resp(struct connectdata *conn,
   (void)instate; /* No use for this yet */
 
   if(imapcode != 'O')
-    result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: Fix error code */
+    result = CURLE_FTP_WEIRD_SERVER_REPLY;
   else
     /* End of DONE phase */
     state(conn, IMAP_STOP);
@@ -1262,7 +1262,7 @@ static CURLcode imap_state_search_resp(struct connectdata *conn, int imapcode,
     line[len] = '\0';
   }
   else if(imapcode != 'O')
-    result = CURLE_QUOTE_ERROR; /* TODO: Fix error code */
+    result = CURLE_QUOTE_ERROR;
   else
     /* End of DO phase */
     state(conn, IMAP_STOP);
@@ -1506,10 +1506,10 @@ static CURLcode imap_done(struct connectdata *conn, CURLcode status,
 
     /* Run the state-machine
 
-       TODO: when the multi interface is used, this _really_ should be using
-       the imap_multi_statemach function but we have no general support for
-       non-blocking DONE operations, not in the multi state machine and with
-       Curl_done() invokes on several places in the code!
+       This _really_ should be using the imap_multi_statemach function but we
+       have no general support for non-blocking DONE operations. Neither in
+       the multi state machine and there are Curl_done() invokes on several
+       places in the code!
     */
     if(!result)
       result = imap_block_statemach(conn);
@@ -1815,38 +1815,48 @@ static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...)
  * The returned string needs to be freed.
  *
  */
-static char *imap_atom(const char *str)
+static char *imap_atom(const char *str, bool escape_only)
 {
+  const char atom_specials[] = "(){ %*]";
   const char *p1;
   char *p2;
   size_t backsp_count = 0;
   size_t quote_count = 0;
-  bool space_exists = FALSE;
+  bool others_exists = FALSE;
   size_t newlen = 0;
   char *newstr = NULL;
 
   if(!str)
     return NULL;
 
-  /* Count any unescaped characters */
+  /* Look for "atom-specials", counting the backslash and quote characters as
+     these will need escapping */
   p1 = str;
   while(*p1) {
     if(*p1 == '\\')
       backsp_count++;
     else if(*p1 == '"')
       quote_count++;
-    else if(*p1 == ' ')
-      space_exists = TRUE;
+    else if(!escape_only) {
+      const char *p3 = atom_specials;
+
+      while(*p3 && !others_exists) {
+        if(*p1 == *p3)
+          others_exists = TRUE;
+
+        p3++;
+      }
+    }
 
     p1++;
   }
 
-  /* Does the input contain any unescaped characters? */
-  if(!backsp_count && !quote_count && !space_exists)
+  /* Does the input contain any "atom-special" characters? */
+  if(!backsp_count && !quote_count && !others_exists)
     return strdup(str);
 
   /* Calculate the new string length */
-  newlen = strlen(str) + backsp_count + quote_count + (space_exists ? 2 : 0);
+  newlen = strlen(str) + backsp_count + quote_count + (others_exists ? 2 : 0);
 
   /* Allocate the new string */
   newstr = (char *) malloc((newlen + 1) * sizeof(char));
@@ -1855,7 +1865,7 @@ static char *imap_atom(const char *str)
 
   /* Surround the string in quotes if necessary */
   p2 = newstr;
-  if(space_exists) {
+  if(others_exists) {
     newstr[0] = '"';
     newstr[newlen - 1] = '"';
     p2++;

lib/ldap.c

@@ -273,7 +273,7 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
     ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
 #else
     int ldap_option;
-    char* ldap_ca = data->set.str[STRING_SSL_CAFILE];
+    char* ldap_ca = conn->ssl_config.CAfile;
 #if defined(CURL_HAS_NOVELL_LDAPSDK)
     rc = ldapssl_client_init(NULL, NULL);
     if(rc != LDAP_SUCCESS) {
@@ -281,11 +281,11 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
       result = CURLE_SSL_CERTPROBLEM;
       goto quit;
     }
-    if(data->set.ssl.verifypeer) {
+    if(conn->ssl_config.verifypeer) {
       /* Novell SDK supports DER or BASE64 files. */
       int cert_type = LDAPSSL_CERT_FILETYPE_B64;
-      if((data->set.str[STRING_CERT_TYPE]) &&
-         (Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "DER")))
+      if((data->set.ssl.cert_type) &&
+         (Curl_raw_equal(data->set.ssl.cert_type, "DER")))
         cert_type = LDAPSSL_CERT_FILETYPE_DER;
       if(!ldap_ca) {
         failf(data, "LDAP local: ERROR %s CA cert not set!",
@@ -323,10 +323,10 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
       goto quit;
     }
 #elif defined(LDAP_OPT_X_TLS)
-    if(data->set.ssl.verifypeer) {
+    if(conn->ssl_config.verifypeer) {
       /* OpenLDAP SDK supports BASE64 files. */
-      if((data->set.str[STRING_CERT_TYPE]) &&
-         (!Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "PEM"))) {
+      if((data->set.ssl.cert_type) &&
+         (!Curl_raw_equal(data->set.ssl.cert_type, "PEM"))) {
         failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!");
         result = CURLE_SSL_CERTPROBLEM;
         goto quit;

lib/makefile.dj

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2003 - 2008, Gisle Vanem <gvanem@broadpark.no>.
+# Copyright (C) 2003 - 2008, Gisle Vanem <gvanem@yahoo.no>.
 # Copyright (C) 2003 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
@@ -26,12 +26,14 @@
 #
 
 DEPEND_PREREQ = curl_config.h
+VPATH  = vtls
 TOPDIR = ..
 
 include ../packages/DOS/common.dj
 include Makefile.inc
 
-OBJECTS := $(patsubst %.c,$(OBJ_DIR)/%.o,$(strip $(CSOURCES)))
+SOURCES = $(sort $(CSOURCES))
+OBJECTS = $(addprefix $(OBJ_DIR)/, $(notdir $(SOURCES:.c=.o)))
 
 CURL_LIB = libcurl.a
 

lib/multi.c

@@ -42,7 +42,8 @@
 #include "multihandle.h"
 #include "pipeline.h"
 #include "sigpipe.h"
-#include "curl_printf.h"
+#include "vtls/vtls.h"
+
 #include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
@@ -99,6 +100,9 @@ static const char * const statename[]={
 
 static void multi_freetimeout(void *a, void *b);
 
+/* function pointer called once when switching TO a state */
+typedef void (*init_multistate_func)(struct SessionHandle *data);
+
 /* always use this function to change state, to make debugging easier */
 static void mstate(struct SessionHandle *data, CURLMstate state
 #ifdef DEBUGBUILD
@@ -107,6 +111,12 @@ static void mstate(struct SessionHandle *data, CURLMstate state
 )
 {
   CURLMstate oldstate = data->mstate;
+  static const init_multistate_func finit[CURLM_STATE_LAST] = {
+    NULL,
+    NULL,
+    Curl_init_CONNECT, /* CONNECT */
+    /* the rest is NULL too */
+  };
 
 #if defined(DEBUGBUILD) && defined(CURL_DISABLE_VERBOSE_STRINGS)
   (void) lineno;
@@ -136,6 +146,10 @@ static void mstate(struct SessionHandle *data, CURLMstate state
   if(state == CURLM_STATE_COMPLETED)
     /* changing to COMPLETED means there's one less easy handle 'alive' */
     data->multi->num_alive--;
+
+  /* if this state has an init-function, run it */
+  if(finit[state])
+    finit[state](data);
 }
 
 #ifndef DEBUGBUILD
@@ -629,6 +643,9 @@ static int waitconnect_getsock(struct connectdata *conn,
   if(!numsocks)
     return GETSOCK_BLANK;
 
+  if(CONNECT_FIRSTSOCKET_PROXY_SSL())
+    return Curl_ssl_getsock(conn, sock, numsocks);
+
   for(i=0; i<2; i++) {
     if(conn->tempsock[i] != CURL_SOCKET_BAD) {
       sock[s] = conn->tempsock[i];
@@ -1223,7 +1240,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
         multistate(data, CURLM_STATE_CONNECT);
       }
       else if(!result) {
-        if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_COMPLETE)
+        if((data->easy_conn->http_proxy.proxytype != CURLPROXY_HTTPS ||
+           data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) &&
+           (data->easy_conn->tunnel_state[FIRSTSOCKET] != TUNNEL_CONNECT))
           /* initiate protocol connect phase */
           multistate(data, CURLM_STATE_SENDPROTOCONNECT);
       }
@@ -1234,6 +1253,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
       /* awaiting a completion of an asynch TCP connect */
       result = Curl_is_connected(data->easy_conn, FIRSTSOCKET, &connected);
       if(connected && !result) {
+#ifndef CURL_DISABLE_HTTP
+        if((data->easy_conn->http_proxy.proxytype == CURLPROXY_HTTPS &&
+            !data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) ||
+            (data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)) {
+          multistate(data, CURLM_STATE_WAITPROXYCONNECT);
+          break;
+        }
+#endif
         rc = CURLM_CALL_MULTI_PERFORM;
         multistate(data, data->easy_conn->bits.tunnel_proxy?
                    CURLM_STATE_WAITPROXYCONNECT:

lib/multihandle.h

@@ -38,7 +38,9 @@ typedef enum {
   CURLM_STATE_CONNECT,      /* 2 - resolve/connect has been sent off */
   CURLM_STATE_WAITRESOLVE,  /* 3 - awaiting the resolve to finalize */
   CURLM_STATE_WAITCONNECT,  /* 4 - awaiting the TCP connect to finalize */
-  CURLM_STATE_WAITPROXYCONNECT, /* 5 - awaiting proxy CONNECT to finalize */
+  CURLM_STATE_WAITPROXYCONNECT, /* 5 - awaiting HTTPS proxy SSL initialization
+                                   to complete and/or proxy CONNECT to
+                                   finalize */
   CURLM_STATE_SENDPROTOCONNECT, /* 6 - initiate protocol connect procedure */
   CURLM_STATE_PROTOCONNECT, /* 7 - completing the protocol-specific connect
                                    phase */

lib/openldap.c

@@ -176,9 +176,7 @@ static CURLcode ldap_setup_connection(struct connectdata *conn)
   li->proto = proto;
   conn->proto.generic = li;
   connkeep(conn, "OpenLDAP default");
-  /* TODO:
-   * - provide option to choose SASL Binds instead of Simple
-   */
+
   return CURLE_OK;
 }
 
@@ -481,8 +479,6 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
     lr->nument++;
     rc = ldap_get_dn_ber(li->ld, ent, &ber, &bv);
     if(rc < 0) {
-      /* TODO: verify that this is really how this return code should be
-         handled */
       *err = CURLE_RECV_ERROR;
       return -1;
     }

lib/pingpong.c

@@ -101,7 +101,9 @@ CURLcode Curl_pp_statemach(struct pingpong *pp, bool block)
   else
     interval_ms = 0; /* immediate */
 
-  if(Curl_pp_moredata(pp))
+  if(Curl_ssl_data_pending(conn, FIRSTSOCKET))
+    rc = 1;
+  else if(Curl_pp_moredata(pp))
     /* We are receiving and there is data in the cache so just read it */
     rc = 1;
   else if(!pp->sendleft && Curl_ssl_data_pending(conn, FIRSTSOCKET))

lib/rawstr.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -28,6 +28,10 @@
    its behavior is altered by the current locale. */
 char Curl_raw_toupper(char in)
 {
+#if !defined(CURL_DOES_CONVERSIONS)
+  if(in >= 'a' && in <= 'z')
+    return (char)('A' + in - 'a');
+#else
   switch (in) {
   case 'a':
     return 'A';
@@ -82,6 +86,8 @@ char Curl_raw_toupper(char in)
   case 'z':
     return 'Z';
   }
+#endif
+
   return in;
 }
 
@@ -110,6 +116,16 @@ int Curl_raw_equal(const char *first, const char *second)
   return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second));
 }
 
+bool Curl_safe_strequal(const char *str1, const char *str2)
+{
+  if(str1 && str2)
+    /* both pointers point to something then compare them */
+    return (0 != Curl_raw_equal(str1, str2)) ? TRUE : FALSE;
+  else
+    /* if both pointers are NULL then treat them as equal */
+    return (!str1 && !str2) ? TRUE : FALSE;
+}
+
 int Curl_raw_nequal(const char *first, const char *second, size_t max)
 {
   while(*first && *second && max) {

lib/rawstr.h

@@ -34,6 +34,7 @@
  */
 int Curl_raw_equal(const char *first, const char *second);
 int Curl_raw_nequal(const char *first, const char *second, size_t max);
+bool Curl_safe_strequal(const char *str1, const char *str2);
 
 char Curl_raw_toupper(char in);
 

lib/rtsp.c

@@ -42,16 +42,6 @@
 #include "curl_memory.h"
 #include "memdebug.h"
 
-/*
- * TODO (general)
- *  -incoming server requests
- *      -server CSeq counter
- *  -digest authentication
- *  -connect thru proxy
- *  -pipelining?
- */
-
-
 #define RTP_PKT_CHANNEL(p)   ((int)((unsigned char)((p)[1])))
 
 #define RTP_PKT_LENGTH(p)  ((((int)((unsigned char)((p)[2]))) << 8) | \
@@ -222,7 +212,6 @@ static CURLcode rtsp_done(struct connectdata *conn,
     else if(data->set.rtspreq == RTSPREQ_RECEIVE &&
             (conn->proto.rtspc.rtp_channel == -1)) {
       infof(data, "Got an RTP Receive with a CSeq of %ld\n", CSeq_recv);
-      /* TODO CPC: Server -> Client logic here */
     }
   }
 
@@ -328,8 +317,6 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
     return CURLE_BAD_FUNCTION_ARGUMENT;
   }
 
-  /* TODO: proxy? */
-
   /* Stream URI. Default to server '*' if not specified */
   if(data->set.str[STRING_RTSP_STREAM_URI]) {
     p_stream_uri = data->set.str[STRING_RTSP_STREAM_URI];

lib/smtp.c

@@ -1256,10 +1256,8 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
 
     /* Run the state-machine
 
-       TODO: when the multi interface is used, this _really_ should be using
-       the smtp_multi_statemach function but we have no general support for
-       non-blocking DONE operations, not in the multi state machine and with
-       Curl_done() invokes on several places in the code!
+       this should be using the smtp_multi_statemach function but we have no
+       support for non-blocking DONE operations!
     */
     result = smtp_block_statemach(conn);
   }

lib/socks.c

@@ -110,9 +110,10 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
                      const char *hostname,
                      int remote_port,
                      int sockindex,
-                     struct connectdata *conn,
-                     bool protocol4a)
+                     struct connectdata *conn)
 {
+  const bool protocol4a =
+    (conn->socks_proxy.proxytype == CURLPROXY_SOCKS4A) ? TRUE : FALSE;
 #define SOCKS4REQLEN 262
   unsigned char socksreq[SOCKS4REQLEN]; /* room for SOCKS4 request incl. user
                                            id */
@@ -127,6 +128,10 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
     return CURLE_OPERATION_TIMEDOUT;
   }
 
+  if(conn->bits.httpproxy)
+    infof(conn->data, "SOCKS4%s: connecting to HTTP proxy %s port %d\n",
+          protocol4a ? "a" : "", hostname, remote_port);
+
   (void)curlx_nonblock(sock, FALSE);
 
   infof(data, "SOCKS4 communication to %s:%d\n", hostname, remote_port);
@@ -300,8 +305,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
             ", request rejected or failed.",
             (unsigned char)socksreq[4], (unsigned char)socksreq[5],
             (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            ((socksreq[8] << 8) | socksreq[9]),
-            socksreq[1]);
+            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
+            (unsigned char)socksreq[1]);
       return CURLE_COULDNT_CONNECT;
     case 92:
       failf(data,
@@ -310,8 +315,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
             "identd on the client.",
             (unsigned char)socksreq[4], (unsigned char)socksreq[5],
             (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            ((socksreq[8] << 8) | socksreq[9]),
-            socksreq[1]);
+            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
+            (unsigned char)socksreq[1]);
       return CURLE_COULDNT_CONNECT;
     case 93:
       failf(data,
@@ -320,8 +325,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
             "report different user-ids.",
             (unsigned char)socksreq[4], (unsigned char)socksreq[5],
             (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            ((socksreq[8] << 8) | socksreq[9]),
-            socksreq[1]);
+            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
+            (unsigned char)socksreq[1]);
       return CURLE_COULDNT_CONNECT;
     default:
       failf(data,
@@ -329,8 +334,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
             ", Unknown.",
             (unsigned char)socksreq[4], (unsigned char)socksreq[5],
             (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            ((socksreq[8] << 8) | socksreq[9]),
-            socksreq[1]);
+            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
+            (unsigned char)socksreq[1]);
       return CURLE_COULDNT_CONNECT;
     }
   }
@@ -376,10 +381,15 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
   curl_socket_t sock = conn->sock[sockindex];
   struct SessionHandle *data = conn->data;
   long timeout;
-  bool socks5_resolve_local = (conn->proxytype == CURLPROXY_SOCKS5)?TRUE:FALSE;
+  bool socks5_resolve_local =
+    (conn->socks_proxy.proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE;
   const size_t hostname_len = strlen(hostname);
   ssize_t len = 0;
 
+  if(conn->bits.httpproxy)
+    infof(conn->data, "SOCKS5: connecting to HTTP proxy %s port %d\n",
+          hostname, remote_port);
+
   /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
   if(!socks5_resolve_local && hostname_len > 255) {
     infof(conn->data, "SOCKS5: server resolving disabled for hostnames of "
@@ -674,15 +684,15 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
             "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
             (unsigned char)socksreq[4], (unsigned char)socksreq[5],
             (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            ((socksreq[8] << 8) | socksreq[9]),
-            socksreq[1]);
+            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
+            (unsigned char)socksreq[1]);
     }
     else if(socksreq[3] == 3) {
       failf(data,
             "Can't complete SOCKS5 connection to %s:%d. (%d)",
             hostname,
-            ((socksreq[8] << 8) | socksreq[9]),
-            socksreq[1]);
+            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
+            (unsigned char)socksreq[1]);
     }
     else if(socksreq[3] == 4) {
       failf(data,
@@ -696,8 +706,8 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
             (unsigned char)socksreq[14], (unsigned char)socksreq[15],
             (unsigned char)socksreq[16], (unsigned char)socksreq[17],
             (unsigned char)socksreq[18], (unsigned char)socksreq[19],
-            ((socksreq[8] << 8) | socksreq[9]),
-            socksreq[1]);
+            (((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
+            (unsigned char)socksreq[1]);
     }
     return CURLE_COULDNT_CONNECT;
   }

lib/socks.h

@@ -25,7 +25,7 @@
 #include "curl_setup.h"
 
 #ifdef CURL_DISABLE_PROXY
-#define Curl_SOCKS4(a,b,c,d,e,f) CURLE_NOT_BUILT_IN
+#define Curl_SOCKS4(a,b,c,d,e) CURLE_NOT_BUILT_IN
 #define Curl_SOCKS5(a,b,c,d,e,f) CURLE_NOT_BUILT_IN
 #else
 /*
@@ -49,8 +49,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
                      const char *hostname,
                      int remote_port,
                      int sockindex,
-                     struct connectdata *conn,
-                     bool protocol4a);
+                     struct connectdata *conn);
 
 /*
  * This function logs in to a SOCKS5 proxy and sends the specifics to the

lib/socks_gssapi.c

@@ -121,6 +121,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
   char             *user=NULL;
   unsigned char socksreq[4]; /* room for GSS-API exchange header only */
   char *serviceptr = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+  const size_t serviceptr_length = strlen(serviceptr);
 
   /*   GSS-API request looks like
    * +----+------+-----+----------------+
@@ -132,22 +133,23 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
 
   /* prepare service name */
   if(strchr(serviceptr, '/')) {
-    service.value = malloc(strlen(serviceptr));
+    service.length = serviceptr_length;
+    service.value = malloc(service.length);
     if(!service.value)
       return CURLE_OUT_OF_MEMORY;
-    service.length = strlen(serviceptr);
     memcpy(service.value, serviceptr, service.length);
 
     gss_major_status = gss_import_name(&gss_minor_status, &service,
                                        (gss_OID) GSS_C_NULL_OID, &server);
   }
   else {
-    service.value = malloc(strlen(serviceptr) +strlen(conn->proxy.name)+2);
+    service.value = malloc(serviceptr_length +
+                           strlen(conn->socks_proxy.host.name)+2);
     if(!service.value)
       return CURLE_OUT_OF_MEMORY;
-    service.length = strlen(serviceptr) +strlen(conn->proxy.name)+1;
+    service.length = serviceptr_length + strlen(conn->socks_proxy.host.name)+1;
     snprintf(service.value, service.length+1, "%s@%s",
-             serviceptr, conn->proxy.name);
+             serviceptr, conn->socks_proxy.host.name);
 
     gss_major_status = gss_import_name(&gss_minor_status, &service,
                                        GSS_C_NT_HOSTBASED_SERVICE, &server);

lib/socks_sspi.c

@@ -84,6 +84,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
   unsigned long qop;
   unsigned char socksreq[4]; /* room for GSS-API exchange header only */
   char *service = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+  const size_t service_length = strlen(service);
 
   /*   GSS-API request looks like
    * +----+------+-----+----------------+
@@ -95,17 +96,19 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
 
   /* prepare service name */
   if(strchr(service, '/')) {
-    service_name = malloc(strlen(service));
+    service_name = malloc(service_length);
     if(!service_name)
       return CURLE_OUT_OF_MEMORY;
-    memcpy(service_name, service, strlen(service));
+    memcpy(service_name, service, service_length);
   }
   else {
-    service_name = malloc(strlen(service) + strlen(conn->proxy.name) + 2);
+    service_name = malloc(service_length +
+                          strlen(conn->socks_proxy.host.name) + 2);
     if(!service_name)
       return CURLE_OUT_OF_MEMORY;
-    snprintf(service_name, strlen(service) +strlen(conn->proxy.name)+2,
-             "%s/%s", service, conn->proxy.name);
+    snprintf(service_name, service_length +
+             strlen(conn->socks_proxy.host.name)+2, "%s/%s",
+             service, conn->socks_proxy.host.name);
   }
 
   input_desc.cBuffers = 1;

lib/splay.c

@@ -211,7 +211,7 @@ struct Curl_tree *Curl_splaygetbest(struct timeval i,
 /* Deletes the very node we point out from the tree if it's there. Stores a
  * pointer to the new resulting tree in 'newroot'.
  *
- * Returns zero on success and non-zero on errors! TODO: document error codes.
+ * Returns zero on success and non-zero on errors!
  * When returning error, it does not touch the 'newroot' pointer.
  *
  * NOTE: when the last node of the tree is removed, there's no tree left so

lib/ssh.c

@@ -296,10 +296,6 @@ static CURLcode libssh2_session_error_to_CURLE(int err)
       return CURLE_AGAIN;
   }
 
-  /* TODO: map some more of the libssh2 errors to the more appropriate CURLcode
-     error code, and possibly add a few new SSH-related one. We must however
-     not return or even depend on libssh2 errors in the public libcurl API */
-
   return CURLE_SSH;
 }
 
@@ -863,7 +859,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
           break;
         }
 
-        sshc->passphrase = data->set.str[STRING_KEY_PASSWD];
+        sshc->passphrase = data->set.ssl.key_passwd;
         if(!sshc->passphrase)
           sshc->passphrase = "";
 
@@ -1740,8 +1736,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
                 BUFSIZE : curlx_sotouz(data->state.resume_from - passed);
 
               size_t actuallyread =
-                data->set.fread_func(data->state.buffer, 1, readthisamountnow,
-                                     data->set.in);
+                data->state.fread_func(data->state.buffer, 1,
+                                       readthisamountnow, data->state.in);
 
               passed += actuallyread;
               if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
@@ -2824,10 +2820,8 @@ static CURLcode ssh_connect(struct connectdata *conn, bool *done)
   if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
     int rc;
     ssh->kh = libssh2_knownhost_init(ssh->ssh_session);
-    if(!ssh->kh) {
-      /* eeek. TODO: free the ssh_session! */
+    if(!ssh->kh)
       return CURLE_FAILED_INIT;
-    }
 
     /* read all known hosts from there */
     rc = libssh2_knownhost_readfile(ssh->kh,
@@ -2964,10 +2958,8 @@ static CURLcode ssh_done(struct connectdata *conn, CURLcode status)
   if(!status) {
     /* run the state-machine
 
-       TODO: when the multi interface is used, this _really_ should be using
-       the ssh_multi_statemach function but we have no general support for
-       non-blocking DONE operations, not in the multi state machine and with
-       Curl_done() invokes on several places in the code!
+       This should be using the ssh_multi_statemach function but we have no
+       support for non-blocking DONE operations!
     */
     result = ssh_block_statemach(conn, FALSE);
   }

lib/telnet.c

@@ -1220,7 +1220,6 @@ CURLcode telrcv(struct connectdata *conn,
 }
 
 /* Escape and send a telnet data block */
-/* TODO: write large chunks of data instead of one byte at a time */
 static CURLcode send_telnet_data(struct connectdata *conn,
                                  char *buffer, ssize_t nread)
 {
@@ -1423,8 +1422,8 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
       for(;;) {
         if(data->set.is_fread_set) {
           /* read from user-supplied method */
-          result = (int)data->set.fread_func(buf, 1, BUFSIZE - 1,
-                                             data->set.in);
+          result = (int)data->state.fread_func(buf, 1, BUFSIZE - 1,
+                                               data->state.in);
           if(result == CURL_READFUNC_ABORT) {
             keepon = FALSE;
             result = CURLE_READ_ERROR;
@@ -1563,13 +1562,13 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
   pfd[0].fd = sockfd;
   pfd[0].events = POLLIN;
 
-  if(data->set.fread_func != (curl_read_callback)fread) {
+  if(data->set.is_fread_set) {
     poll_cnt = 1;
     interval_ms = 100; /* poll user-supplied read function */
   }
   else {
     /* really using fread, so infile is a FILE* */
-    pfd[1].fd = fileno((FILE *)data->set.in);
+    pfd[1].fd = fileno((FILE *)data->state.in);
     pfd[1].events = POLLIN;
     poll_cnt = 2;
     interval_ms = 1 * 1000;
@@ -1628,7 +1627,8 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
       }
       else {
         /* read from user-supplied method */
-        nread = (int)data->set.fread_func(buf, 1, BUFSIZE - 1, data->set.in);
+        nread = (int)data->state.fread_func(buf, 1, BUFSIZE - 1,
+                                            data->state.in);
         if(nread == CURL_READFUNC_ABORT) {
           keepon = FALSE;
           break;