RELEASE-NOTES: curl 7.48.0

THANKS: 15 new contributors from 7.48.0 release
CURLINFO_TLS_SSL_PTR.3: Warn about limitations
2016-03-23 07:55:48 +01:00 · 2016-03-23 07:55:48 +01:00 · 2016-03-23 01:16:21 -04:00 · 2016-03-22 10:43:55 +01:00 · 2016-03-22 10:35:22 +01:00 · 2016-03-22 10:33:44 +01:00
299 changed files with 3585 additions and 2080 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@ -8,7 +8,7 @@ Join the community

 2. Subscribe to the suitable [mailing lists](https://curl.haxx.se/mail/)

-Read [docs/CONTRIBUTE](docs/CONTRIBUTE)
+Read [CONTRIBUTE](../docs/CONTRIBUTE)
 ---------------------------------------

 Send your suggestions using one of these methods:
@ -16,10 +16,8 @@ Send your suggestions using one of these methods:

 1. in a mail to the mailing list

- 2. as a pull request on github
-
- 3. as an issue on github
+ 2. as a [pull request](https://github.com/curl/curl/pulls)

+ 3. as an [issue](https://github.com/curl/curl/issues)

 / The cURL team!
-
--- a/.github/ISSUE_TEMPLATE
+++ b/.github/ISSUE_TEMPLATE
@ -0,0 +1,9 @@
+### I did this
+
+### I expected the following
+
+### curl/libcurl version
+
+[curl -V output perhaps?]
+
+### operating system
--- a/Makefile.am
+++ b/Makefile.am
@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@ -92,37 +92,45 @@ VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl
 VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist
 VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc

-VC_DIST = projects/README	\
- projects/build-openssl.bat	\
- projects/build-wolfssl.bat	\
- projects/checksrc.bat	\
- projects/Windows/VC6/curl-all.dsw	\
- projects/Windows/VC6/lib/libcurl.dsw \
- projects/Windows/VC6/src/curl.dsw \
- projects/Windows/VC7/curl-all.sln	\
- projects/Windows/VC7/lib/libcurl.sln 	\
- projects/Windows/VC7/src/curl.sln 	\
- projects/Windows/VC7.1/curl-all.sln	\
- projects/Windows/VC7.1/lib/libcurl.sln \
- projects/Windows/VC7.1/src/curl.sln \
- projects/Windows/VC8/curl-all.sln	\
- projects/Windows/VC8/lib/libcurl.sln 	\
- projects/Windows/VC8/src/curl.sln 	\
- projects/Windows/VC9/curl-all.sln	\
- projects/Windows/VC9/lib/libcurl.sln 	\
- projects/Windows/VC9/src/curl.sln 	\
- projects/Windows/VC10/curl-all.sln	\
- projects/Windows/VC10/lib/libcurl.sln 	\
- projects/Windows/VC10/src/curl.sln  \
- projects/Windows/VC11/curl-all.sln	\
- projects/Windows/VC11/lib/libcurl.sln 	\
- projects/Windows/VC11/src/curl.sln 	\
- projects/Windows/VC12/curl-all.sln	\
- projects/Windows/VC12/lib/libcurl.sln 	\
- projects/Windows/VC12/src/curl.sln	\
- projects/Windows/VC14/curl-all.sln	\
- projects/Windows/VC14/lib/libcurl.sln 	\
- projects/Windows/VC14/src/curl.sln
+VC_DIST = projects/README                           \
+ projects/build-openssl.bat                         \
+ projects/build-wolfssl.bat                         \
+ projects/checksrc.bat                              \
+ projects/Windows/VC6/curl-all.dsw                  \
+ projects/Windows/VC6/lib/libcurl.dsw               \
+ projects/Windows/VC6/src/curl.dsw                  \
+ projects/Windows/VC7/curl-all.sln                  \
+ projects/Windows/VC7/lib/libcurl.sln               \
+ projects/Windows/VC7/src/curl.sln                  \
+ projects/Windows/VC7.1/curl-all.sln                \
+ projects/Windows/VC7.1/lib/libcurl.sln             \
+ projects/Windows/VC7.1/src/curl.sln                \
+ projects/Windows/VC8/curl-all.sln                  \
+ projects/Windows/VC8/lib/libcurl.sln               \
+ projects/Windows/VC8/src/curl.sln                  \
+ projects/Windows/VC9/curl-all.sln                  \
+ projects/Windows/VC9/lib/libcurl.sln               \
+ projects/Windows/VC9/src/curl.sln                  \
+ projects/Windows/VC10/curl-all.sln                 \
+ projects/Windows/VC10/lib/libcurl.sln              \
+ projects/Windows/VC10/lib/libcurl.vcxproj.filters  \
+ projects/Windows/VC10/src/curl.sln                 \
+ projects/Windows/VC10/src/curl.vcxproj.filters     \
+ projects/Windows/VC11/curl-all.sln                 \
+ projects/Windows/VC11/lib/libcurl.sln              \
+ projects/Windows/VC11/lib/libcurl.vcxproj.filters  \
+ projects/Windows/VC11/src/curl.sln                 \
+ projects/Windows/VC11/src/curl.vcxproj.filters     \
+ projects/Windows/VC12/curl-all.sln                 \
+ projects/Windows/VC12/lib/libcurl.sln              \
+ projects/Windows/VC12/lib/libcurl.vcxproj.filters  \
+ projects/Windows/VC12/src/curl.sln                 \
+ projects/Windows/VC12/src/curl.vcxproj.filters     \
+ projects/Windows/VC14/curl-all.sln                 \
+ projects/Windows/VC14/lib/libcurl.sln              \
+ projects/Windows/VC14/lib/libcurl.vcxproj.filters  \
+ projects/Windows/VC14/src/curl.sln                 \
+ projects/Windows/VC14/src/curl.vcxproj.filters

 WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat	\
 winbuild/MakefileBuild.vc winbuild/Makefile.vc				\
@ -130,7 +138,8 @@ WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat	\

 EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in	\
 RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl	\
- $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in
+ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in          \
+ buildconf.bat

 CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ)	\
 $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ)	\
--- a/README.md
+++ b/README.md
@ -0,0 +1,45 @@
+
+Curl is a command line tool for transferring data specified with URL
+syntax. Find out how to use curl by reading [the curl.1 man
+page](https://curl.haxx.se/docs/manpage.html) or [the MANUAL
+document](https://curl.haxx.se/docs/manual.html). Find out how to install Curl
+by reading [the INSTALL document](https://curl.haxx.se/docs/install.html).
+
+libcurl is the library curl is using to do its job. It is readily available to
+be used by your software. Read [the libcurl.3 man
+page](https://curl.haxx.se/libcurl/c/libcurl.html) to learn how!
+
+You find answers to the most frequent questions we get in [the FAQ
+document](https://curl.haxx.se/docs/faq.html).
+
+Study [the COPYING file](https://curl.haxx.se/docs/copyright.html) for
+distribution terms and similar. If you distribute curl binaries or other
+binaries that involve libcurl, you might enjoy [the LICENSE-MIXING
+document](https://curl.haxx.se/legal/licmix.html).
+
+## CONTACT
+
+If you have problems, questions, ideas or suggestions, please contact us by
+posting to a suitable [mailing list](https://curl.haxx.se/mail/).
+
+All contributors to the project are listed in [the THANKS
+document](https://curl.haxx.se/docs/thanks.html).
+
+## WEB SITE
+
+Visit the [curl web site](https://curl.haxx.se/) for the latest news and
+downloads.
+
+## GIT
+
+To download the very latest source off the GIT server do this:
+
+    git clone https://github.com/curl/curl.git
+
+(you'll get a directory named curl created, filled with the source code)
+
+## NOTICE
+
+Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga
+Tekniska Högskolan. This notice is included here to comply with the
+distribution terms.
--- a/167
+++ b/167
@ -1,26 +1,95 @@
-Curl and libcurl 7.47.1
+Curl and libcurl 7.48.0

- Public curl releases:         152
+ Public curl releases:         153
 Command line options:         179
 curl_easy_setopt() options:   221
 Public functions in libcurl:  61
- Contributors:                 1346
+ Contributors:                 1364
+
+This release includes the following changes:
+
+ o configure: --with-ca-fallback: use built-in TLS CA fallback [2]
+ o TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS [22]
+ o getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION [25]
+ o added CODE_STYLE.md [47]

 This release includes the following bugfixes:

- o getredirect.c: fix variable name
- o tool_doswin: silence unused function warning [1]
- o cmake: fixed when OpenSSL enabled on Windows and schannel detected [2]
- o curl.1: Explain remote-name behavior if file already exists
- o tool_operate: Don't sanitize --output path (Windows) [3]
- o URLs: change all http:// URLs to https:// in documentation & comments
- o sasl_sspi: Fix memory leak in domain populate [4]
- o COPYING: clarify that Daniel is not the sole author
- o examples/htmltitle: Use _stricmp on Windows [5]
- o examples/asiohiper: Avoid function name collision on Windows [6]
- o idn_win32: Better error checking [7]
- o openssl: Fix signed/unsigned mismatch warning in X509V3_ext [8]
- o curl save files: check for backslashes on cygwin [9]
+ o Proxy-Connection: stop sending this header by default [1]
+ o os400: sync ILE/RPG definitions with latest public header files
+ o cookies: allow spaces in cookie names, cut of trailing spaces [3]
+ o tool_urlglob: Allow reserved dos device names (Windows) [4]
+ o openssl: remove most BoringSSL #ifdefs [5]
+ o tool_doswin: Support for literal path prefix \\?\
+ o mbedtls: fix ALPN usage segfault [6]
+ o mbedtls: fix memory leak when destroying SSL connection data [7]
+ o nss: do not count enabled cipher-suites
+ o examples/cookie_interface.c: add cleanup call
+ o examples: adhere to curl code style
+ o curlx_tvdiff: handle 32bit time_t overflows [8]
+ o dist: ship buildconf.bat too
+ o curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts [9]
+ o generate.bat: Fix comment bug by removing old comments [10]
+ o test1604: Add to Makefile.inc so it gets run
+ o gtls: fix for builds lacking encrypted key file support [11]
+ o SCP: use libssh2_scp_recv2 to support > 2GB files on windows [12]
+ o CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option [13]
+ o cookie: do not refuse cookies to localhost [14]
+ o openssl: avoid direct PKEY access with OpenSSL 1.1.0 [15]
+ o http: Don't break the header into chunks if HTTP/2 [16]
+ o http2: don't decompress gzip decoding automatically [17]
+ o curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function
+ o curl.1: add a missing dash
+ o curl.1: HTTP headers for --cookie must be Set-Cookie style [18]
+ o CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style [18]
+ o curl_sasl: Fix memory leak in digest parser [19]
+ o src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support [20]
+ o CURLOPT_DEBUGFUNCTION.3: Fix example
+ o runtests: Fixed usage of %PWD on MinGW64 [21]
+ o tests/sshserver.pl: use RSA instead of DSA for host auth [23]
+ o multi_remove_handle: keep the timeout list until after disconnect [24]
+ o Curl_read: check for activated HTTP/1 pipelining, not only requested
+ o configure: warn on invalid ca bundle or path [26]
+ o file: try reading from files with no size [27]
+ o getinfo: Add support for mbedTLS TLS session info
+ o formpost: fix memory leaks in AddFormData error branches [28]
+ o makefile.m32: allow to pass .dll/.exe-specific LDFLAGS [29]
+ o url: if Curl_done is premature then pipeline not in use [30]
+ o cookie: remove redundant check [31]
+ o cookie: Don't expire session cookies in remove_expired [32]
+ o makefile.m32: fix to allow -ssh2-winssl combination [33]
+ o checksrc.bat: Fixed cannot find perl if installed but not in path
+ o build-openssl.bat: Fixed cannot find perl if installed but not in path
+ o mbedtls: fix user-specified SSL protocol version
+ o makefile.m32: add missing libs for static -winssl-ssh2 builds [34]
+ o test46: change cookie expiry date [35]
+ o pipeline: Sanity check pipeline pointer before accessing it [36]
+ o openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages
+ o ftp_done: clear tunnel_state when secondary socket closes [37]
+ o opt-docs: fix heading macros [38]
+ o imap/pop3/smtp: Fixed connections upgraded with TLS are not reused [39]
+ o curl_multi_wait: never return -1 in 'numfds' [40]
+ o url.c: fix clang warning: no newline at end of file
+ o krb5: improved type handling to avoid clang compiler warnings
+ o cookies: first n/v pair in Set-Cookie: is the cookie, then parameters [41]
+ o multi: avoid blocking during CURLM_STATE_WAITPROXYCONNECT [42]
+ o multi hash: ensure modulo performed on curl_socket_t [43]
+ o curl: glob_range: no need to check unsigned variable for negative
+ o easy: add check to malloc() when running event-based
+ o CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support [44]
+ o version: thread safety
+ o openssl: verbose: show matching SAN pattern
+ o openssl: adapt to OpenSSL 1.1.0 API breakage in ERR_remove_thread_state()
+ o formdata.c: Fixed compilation warning
+ o configure: use cpp -P when needed [45]
+ o imap.c: Fixed compilation warning with /Wall enabled
+ o config-w32.h: Fixed compilation warning when /Wall enabled
+ o ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled
+ o build: Added missing Visual Studio filter files for VC10 onwards
+ o easy: Remove poll failure check in easy_transfer
+ o mbedtls: fix compiler warning
+ o build-wolfssl: Update VS properties for wolfSSL v3.9.0
+ o Fixed various compilation warnings when verbose strings disabled

 This release includes the following known bugs:

@ -29,20 +98,62 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

-  Bernard Spil, Dan Fandrich, Daniel Stenberg, Gisle Vanem, Michael Kaufmann,
-  Octavio Schroeder, Ray Satiro, Sergei Nikulov, Viktor Szakáts,
-  (9 contributors)
+  Anders Bakken, Brad Fitzpatrick, Clint Clayton, Dan Fandrich,
+  Daniel Stenberg, David Benjamin, David Byron, Emil Lerner, Eric S. Raymond,
+  Gisle Vanem, Jaime Fullaondo, Jeffrey Walton, Jesse Tan, Justin Ehlert,
+  Kamil Dudka, Kazuho Oku, Ludwig Nussel, Maksim Kuzevanov, Michael König,
+  Oliver Graute, Patrick Monnerat, Rafael Antonio, Ray Satiro, Seth Mos,
+  Shine Fan, Steve Holme, Tatsuhiro Tsujikawa, Timotej Lazar, Tim Rühsen,
+  Viktor Szakáts,
+  (30 contributors)

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = https://github.com/curl/curl/pull/616
- [2] = https://curl.haxx.se/bug/?i=617
- [3] = https://curl.haxx.se/bug/?i=624
- [4] = https://github.com/curl/curl/issues/635
- [5] = https://curl.haxx.se/mail/lib-2016-02/0017.html
- [6] = https://curl.haxx.se/mail/lib-2016-02/0016.html
- [7] = https://github.com/curl/curl/pull/637
- [8] = https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896
- [9] = https://curl.haxx.se/docs/adv_20160127B.html
+ [1] = https://curl.haxx.se/bug/?i=633
+ [2] = https://curl.haxx.se/bug/?i=569
+ [3] = https://curl.haxx.se/bug/?i=639
+ [4] = https://github.com/curl/curl/commit/4520534#commitcomment-15954863
+ [5] = https://curl.haxx.se/bug/?i=640
+ [6] = https://curl.haxx.se/bug/?i=642
+ [7] = https://curl.haxx.se/bug/?i=626
+ [8] = https://curl.haxx.se/bug/?i=646
+ [9] = https://bugzilla.redhat.com/1305970
+ [10] = https://curl.haxx.se/bug/?i=649
+ [11] = https://curl.haxx.se/bug/?i=651
+ [12] = https://curl.haxx.se/bug/?i=451
+ [13] = https://curl.haxx.se/bug/?i=653
+ [14] = https://curl.haxx.se/bug/?i=658
+ [15] = https://curl.haxx.se/bug/?i=650
+ [16] = https://curl.haxx.se/bug/?i=659
+ [17] = https://curl.haxx.se/bug/?i=661
+ [18] = https://curl.haxx.se/bug/?i=666
+ [19] = https://curl.haxx.se/bug/?i=667
+ [20] = https://curl.haxx.se/bug/?i=670
+ [21] = https://curl.haxx.se/bug/?i=672
+ [22] = https://curl.haxx.se/bug/?i=481
+ [23] = https://curl.haxx.se/bug/?i=676
+ [24] = https://curl.haxx.se/mail/lib-2016-02/0097.html
+ [25] = https://curl.haxx.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html
+ [26] = https://curl.haxx.se/bug/?i=404
+ [27] = https://curl.haxx.se/bug/?i=681
+ [28] = https://curl.haxx.se/bug/?i=688
+ [29] = https://curl.haxx.se/bug/?i=689
+ [30] = https://curl.haxx.se/bug/?i=690
+ [31] = https://curl.haxx.se/bug/?i=695
+ [32] = https://curl.haxx.se/bug/?i=697
+ [33] = https://curl.haxx.se/bug/?i=692
+ [34] = https://curl.haxx.se/bug/?i=693
+ [35] = https://curl.haxx.se/bug/?i=697
+ [36] = https://curl.haxx.se/bug/?i=704
+ [37] = https://curl.haxx.se/bug/?i=701
+ [38] = https://curl.haxx.se/bug/?i=705
+ [39] = https://curl.haxx.se/bug/?i=422
+ [40] = https://curl.haxx.se/bug/?i=707
+ [41] = https://curl.haxx.se/bug/?i=709
+ [42] = https://curl.haxx.se/bug/?i=703
+ [43] = https://curl.haxx.se/bug/?i=712
+ [44] = https://curl.haxx.se/mail/lib-2016-03/0150.html
+ [45] = https://curl.haxx.se/bug/?i=719
+ [47] = https://curl.haxx.se/dev/code-style.html
--- a/acinclude.m4
+++ b/acinclude.m4
@ -20,7 +20,6 @@
 #
 #***************************************************************************

-
 dnl CURL_CHECK_DEF (SYMBOL, [INCLUDES], [SILENT])
 dnl -------------------------------------------------
 dnl Use the C preprocessor to find out if the given object-style symbol
@ -31,6 +30,10 @@ dnl result in a set of double-quoted strings the returned expansion will
 dnl actually be a single double-quoted string concatenating all them.

 AC_DEFUN([CURL_CHECK_DEF], [
+  AC_REQUIRE([CURL_CPP_P])dnl
+  OLDCPPFLAGS=$CPPFLAGS
+  # CPPPFLAGS comes from CURL_CPP_P
+  CPPFLAGS="$CPPPFLAGS"
  AS_VAR_PUSHDEF([ac_HaveDef], [curl_cv_have_def_$1])dnl
  AS_VAR_PUSHDEF([ac_Def], [curl_cv_def_$1])dnl
  if test -z "$SED"; then
@ -67,6 +70,7 @@ CURL_DEF_TOKEN $1
  fi
  AS_VAR_POPDEF([ac_Def])dnl
  AS_VAR_POPDEF([ac_HaveDef])dnl
+  CPPFLAGS=$OLDCPPFLAGS
 ])


@ -2570,7 +2574,8 @@ AC_DEFUN([CURL_CHECK_CA_BUNDLE], [
  AC_MSG_CHECKING([default CA cert bundle/path])

  AC_ARG_WITH(ca-bundle,
-AC_HELP_STRING([--with-ca-bundle=FILE], [File name to use as CA bundle])
+AC_HELP_STRING([--with-ca-bundle=FILE],
+[Path to a file containing CA certificates (example: /etc/ca-bundle.crt)])
 AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
  [
    want_ca="$withval"
@ -2580,7 +2585,11 @@ AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
  ],
  [ want_ca="unset" ])
  AC_ARG_WITH(ca-path,
-AC_HELP_STRING([--with-ca-path=DIRECTORY], [Directory to use as CA path])
+AC_HELP_STRING([--with-ca-path=DIRECTORY],
+[Path to a directory containing CA certificates stored individually, with \
+their filenames in a hash format. This option can be used with OpenSSL, \
+GnuTLS and PolarSSL backends. Refer to OpenSSL c_rehash for details. \
+(example: /etc/certificates)])
 AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
  [
    want_capath="$withval"
@ -2590,6 +2599,10 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
  ],
  [ want_capath="unset"])

+  ca_warning="   (warning: certs not found)"
+  capath_warning="   (warning: certs not found)"
+  check_capath=""
+
  if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \
          "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
    dnl both given
@ -2638,12 +2651,7 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
      fi
      if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
              "x$OPENSSL_ENABLED" = "x1"; then
-        for a in /etc/ssl/certs/; do
-          if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
-            capath="$a"
-            break
-          fi
-        done
+        check_capath="/etc/ssl/certs/"
      fi
    else
      dnl no option given and cross-compiling
@ -2651,6 +2659,30 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
    fi
  fi

+  if test "x$ca" = "xno" || test -f "$ca"; then
+    ca_warning=""
+  fi
+
+  if test "x$capath" != "xno"; then
+    check_capath="$capath"
+  fi
+
+  if test ! -z "$check_capath"; then
+    for a in "$check_capath"; do
+      if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
+        if test "x$capath" = "xno"; then
+          capath="$a"
+        fi
+        capath_warning=""
+        break
+      fi
+    done
+  fi
+
+  if test "x$capath" = "xno"; then
+    capath_warning=""
+  fi
+
  if test "x$ca" != "xno"; then
    CURL_CA_BUNDLE='"'$ca'"'
    AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle])
@ -2665,6 +2697,24 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
  if test "x$ca" = "xno" && test "x$capath" = "xno"; then
    AC_MSG_RESULT([no])
  fi
+
+  AC_MSG_CHECKING([whether to use builtin CA store of SSL library])
+  AC_ARG_WITH(ca-fallback,
+AC_HELP_STRING([--with-ca-fallback], [Use the built in CA store of the SSL library])
+AC_HELP_STRING([--without-ca-fallback], [Don't use the built in CA store of the SSL library]),
+  [
+    if test "x$with_ca_fallback" != "xyes" -a "x$with_ca_fallback" != "xno"; then
+      AC_MSG_ERROR([--with-ca-fallback only allows yes or no as parameter])
+    fi
+  ],
+  [ with_ca_fallback="no"])
+  AC_MSG_RESULT([$with_ca_fallback])
+  if test "x$with_ca_fallback" = "xyes"; then
+    if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1"; then
+      AC_MSG_ERROR([--with-ca-fallback only works with OpenSSL or GnuTLS])
+    fi
+    AC_DEFINE_UNQUOTED(CURL_CA_FALLBACK, 1, [define "1" to use built in CA store of SSL library ])
+  fi
 ])


@ -3101,3 +3151,48 @@ use vars qw(
 1;
 _EOF
 ])
+
+dnl CURL_CPP_P
+dnl
+dnl Check if $cpp -P should be used for extract define values due to gcc 5
+dnl splitting up strings and defines between line outputs. gcc by default
+dnl (without -P) will show TEST EINVAL TEST as
+dnl
+dnl # 13 "conftest.c"
+dnl TEST
+dnl # 13 "conftest.c" 3 4
+dnl     22
+dnl # 13 "conftest.c"
+dnl            TEST
+
+AC_DEFUN([CURL_CPP_P], [
+  AC_MSG_CHECKING([if cpp -P is needed])
+  AC_EGREP_CPP([TEST.*TEST], [
+ #include <errno.h>
+TEST EINVAL TEST
+  ], [cpp=no], [cpp=yes])
+  AC_MSG_RESULT([$cpp])
+
+  dnl we need cpp -P so check if it works then
+  if test "x$cpp" = "xyes"; then
+    AC_MSG_CHECKING([if cpp -P works])
+    OLDCPPFLAGS=$CPPFLAGS
+    CPPFLAGS="$CPPFLAGS -P"
+    AC_EGREP_CPP([TEST.*TEST], [
+ #include <errno.h>
+TEST EINVAL TEST
+    ], [cpp_p=yes], [cpp_p=no])
+    AC_MSG_RESULT([$cpp_p])
+
+    if test "x$cpp_p" = "xno"; then
+      AC_MSG_WARN([failed to figure out cpp -P alternative])
+      # without -P
+      CPPPFLAGS=$OLDCPPFLAGS
+    else
+      # with -P
+      CPPPFLAGS=$CPPFLAGS
+    fi
+    dnl restore CPPFLAGS
+    CPPFLAGS=$OLDCPPFLAGS
+  fi
+])
--- a/buildconf.bat
+++ b/buildconf.bat
@ -6,7 +6,7 @@ rem *                             / __| | | | |_) | |
 rem *                            | (__| |_| |  _ <| |___
 rem *                             \___|\___/|_| \_\_____|
 rem *
-rem * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+rem * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 rem *
 rem * This software is licensed as described in the file COPYING, which
 rem * you should have received as part of this distribution. The terms
@ -26,8 +26,6 @@ rem
 rem This batch file must be used to set up a git tree to build on systems where
 rem there is no autotools support (i.e. DOS and Windows).
 rem
-rem This file is not included or required for curl's release archives or daily 
-rem snapshot archives.

 :begin
  rem Set our variables
--- a/configure.ac
+++ b/configure.ac
@ -1631,8 +1631,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
    dnl Older versions of Cyassl (some time before 2.9.4) don't have
    dnl SSL_get_shutdown (but this check won't actually detect it there
    dnl as it's a macro that needs the header files be included)
-    dnl BoringSSL didn't have DES_set_odd_parity for a while but now it is
-    dnl back again.

    AC_CHECK_FUNCS( RAND_status \
                    RAND_screen \
@ -1640,8 +1638,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
                    ENGINE_cleanup \
                    CRYPTO_cleanup_all_ex_data \
                    SSL_get_shutdown \
-                    SSLv2_client_method \
-                    DES_set_odd_parity )
+                    SSLv2_client_method )

    AC_MSG_CHECKING([for BoringSSL])
    AC_COMPILE_IFELSE([
@ -1656,6 +1653,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
        AC_MSG_RESULT([yes])
        AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
                           [Define to 1 if using BoringSSL.])
+        curl_ssl_msg="enabled (BoringSSL)"
    ],[
        AC_MSG_RESULT([no])
    ])
@ -3893,8 +3891,9 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  --libcurl option: ${curl_libcurl_msg}
  Verbose errors:   ${curl_verbose_msg}
  SSPI support:     ${curl_sspi_msg}
-  ca cert bundle:   ${ca}
-  ca cert path:     ${capath}
+  ca cert bundle:   ${ca}${ca_warning}
+  ca cert path:     ${capath}${capath_warning}
+  ca fallback:      ${with_ca_fallback}
  LDAP support:     ${curl_ldap_msg}
  LDAPS support:    ${curl_ldaps_msg}
  RTSP support:     ${curl_rtsp_msg}
--- a/docs/CODE_STYLE.md
+++ b/docs/CODE_STYLE.md
@ -0,0 +1,185 @@
+# cURL C code style
+
+Source code that has a common style is easier to read than code that uses
+different styles in different places. It helps making the code feel like one
+single code base. Easy-to-read is a very important property of code and helps
+making it easier to review when new things are added and it helps debugging
+code when developers are trying to figure out why things go wrong. A unified
+style is more important than individual contributors having their own personal
+tastes satisfied.
+
+Our C code has a few style rules. Most of them are verified and upheld by the
+lib/checksrc.pl script. Invoked with `make checksrc` or even by default by the
+build system when built after `./configure --enable-debug` has been used.
+
+It is normally not a problem for anyone to follow the guidelines, as you just
+need to copy the style already used in the source code and there are no
+particularly unusual rules in our set of rules.
+
+We also work hard on writing code that are warning-free on all the major
+platforms and in general on as many platforms as possible. Code that obviously
+will cause warnings will not be accepted as-is.
+
+## Naming
+
+Try using a non-confusing naming scheme for your new functions and variable
+names. It doesn't necessarily have to mean that you should use the same as in
+other places of the code, just that the names should be logical,
+understandable and be named according to what they're used for. File-local
+functions should be made static. We like lower case names.
+
+See the INTERNALS document on how we name non-exported library-global symbols.
+
+## Indenting
+
+We use only spaces for indentation, never TABs. We use two spaces for each new
+open brace.
+
+    if(something_is_true) {
+      while(second_statement == fine) {
+        moo();
+      }
+    }
+
+## Comments
+
+Since we write C89 code, `//` comments are not allowed. They weren't
+introduced in the C standard until C99. We use only `/*` and `*/` comments:
+
+    /* this is a comment */
+
+## Long lines
+
+Source code in curl may never be wider than 80 columns and there are two
+reasons for maintaining this even in the modern era of very large and high
+resolution screens:
+
+1. Narrower columns are easier to read than very wide ones. There's a reason
+   newspapers have used columns for decades or centuries.
+
+2. Narrower columns allow developers to easier show multiple pieces of code
+   next to each other in different windows. I often have two or three source
+   code windows next to each other on the same screen - as well as multiple
+   terminal and debugging windows.
+
+## Braces
+
+In if/while/do/for expressions, we write the open brace on the same line as
+the keyword and we then set the closing brace on the same indentation level as
+the initial keyword. Like this:
+
+    if(age < 40) {
+      /* clearly a youngster */
+    }
+
+When we write functions however, the opening brace should be in the first
+column of the first line:
+
+    int main(int argc, char **argv)
+    {
+      return 1;
+    }
+
+## 'else' on the following line
+
+When adding an `else` clause to a conditional expression using braces, we add
+it on a new line after the closing brace. Like this:
+
+    if(age < 40) {
+      /* clearly a youngster */
+    }
+    else {
+      /* probably grumpy */
+    }
+
+## No space before parentheses
+
+When writing expressions using if/while/do/for, there shall be no space
+between the keyword and the open parenthesis. Like this:
+
+    while(1) {
+      /* loop forever */
+    }
+
+## Use boolean conditions
+
+Rather than test a conditional value such as a bool against TRUE or FALSE, a
+pointer against NULL or != NULL and an int against zero or not zero in
+if/while conditions we prefer:
+
+    result = do_something();
+    if(!result) {
+      /* something went wrong */
+      return result;
+    }
+
+## No assignments in conditions
+
+To increase readability and reduce complexity of conditionals, we avoid
+assigning variables within if/while conditions. We frown upon this style:
+
+    if((ptr = malloc(100)) == NULL)
+      return NULL;
+
+and instead we encourage the above version to be spelled out more clearly:
+
+    ptr = malloc(100);
+    if(!ptr)
+      return NULL;
+
+## New block on a new line
+
+We never write multiple statements on the same source line, even for very
+short if() conditions.
+
+    if(a)
+      return TRUE;
+    else if(b)
+      return FALSE;
+
+and NEVER:
+
+    if(a) return TRUE;
+    else if(b) return FALSE;
+
+## Space around operators
+
+Please use spaces on both sides of operators in C expressions.  Postfix `(),
+[], ->, ., ++, --` and Unary `+, - !, ~, &` operators excluded they should
+have no space.
+
+Examples:
+
+    bla = func();
+    who = name[0];
+    age += 1;
+    true = !false;
+    size += -2 + 3 * (a + b);
+    ptr->member = a++;
+    struct.field = b--;
+    ptr = &address;
+    contents = *pointer;
+    complement = ~bits;
+
+## Platform dependent code
+
+Use `#ifdef HAVE_FEATURE` to do conditional code. We avoid checking for
+particular operating systems or hardware in the #ifdef lines. The HAVE_FEATURE
+shall be generated by the configure script for unix-like systems and they are
+hard-coded in the config-[system].h files for the others.
+
+We also encourage use of macros/functions that possibly are empty or defined
+to constants when libcurl is built without that feature, to make the code
+seamless. Like this style where the `magic()` function works differently
+depending on a build-time conditional:
+
+    #ifdef HAVE_MAGIC
+    void magic(int a)
+    {
+      return a + 2;
+    }
+    #else
+    #define magic(x) 1
+    #endif
+
+    int content = magic(3);
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@ -15,18 +15,13 @@
 1.2 License
 1.3 What To Read

- 2. cURL Coding Standards
- 2.1 Naming
- 2.2 Indenting
- 2.3 Commenting
- 2.4 Line Lengths
- 2.5 General Style
- 2.6 Non-clobbering All Over
- 2.7 Platform Dependent Code
- 2.8 Write Separate Patches
- 2.9 Patch Against Recent Sources
- 2.10 Document
- 2.11 Test Cases
+ 2. Write a good patch
+ 2.1 Follow code style
+ 2.2 Non-clobbering All Over
+ 2.3 Write Separate Patches
+ 2.4 Patch Against Recent Sources
+ 2.5 Document
+ 2.6 Test Cases

 3. Pushing Out Your Changes
 3.1 Write Access to git Repository
@ -87,48 +82,15 @@
 list is gonna give you a lot of insights on what's going on right now. Asking
 there is a good idea too.

-2. cURL Coding Standards
+2. Write a good patch

-2.1 Naming
+2.1 Follow code style

- Try using a non-confusing naming scheme for your new functions and variable
- names. It doesn't necessarily have to mean that you should use the same as in
- other places of the code, just that the names should be logical,
- understandable and be named according to what they're used for. File-local
- functions should be made static. We like lower case names.
+ When writing C code, follow the CODE_STYLE already established in the
+ project. Consistent style makes code easier to read and mistakes less likely
+ to happen.

- See the INTERNALS document on how we name non-exported library-global
- symbols.
-
-2.2 Indenting
-
- Use the same indenting levels and bracing method as all the other code
- already does. It makes the source code easier to follow if all of it is
- written using the same style. We don't ask you to like it, we just ask you to
- follow the tradition! ;-) This mainly means: 2-level indents, using spaces
- only (no tabs) and having the opening brace ({) on the same line as the if()
- or while().
-
- Also note that we use if() and while() with no space before the parenthesis.
-
-2.3 Commenting
-
- Comment your source code extensively using C comments (/* comment */), DO NOT
- use C++ comments (// this style). Commented code is quality code and enables
- future modifications much more. Uncommented code risk having to be completely
- replaced when someone wants to extend things, since other persons' source
- code can get quite hard to read.
-
-2.4 Line Lengths
-
- We write source lines shorter than 80 columns.
-
-2.5 General Style
-
- Keep your functions small. If they're small you avoid a lot of mistakes and
- you don't accidentally mix up variables etc.
-
-2.6 Non-clobbering All Over
+2.2 Non-clobbering All Over

 When you write new functionality or fix bugs, it is important that you don't
 fiddle all over the source files and functions. Remember that it is likely
@ -137,14 +99,7 @@
 functionality, try writing it in a new source file. If you fix bugs, try to
 fix one bug at a time and send them as separate patches.

-2.7 Platform Dependent Code
-
- Use #ifdef HAVE_FEATURE to do conditional code. We avoid checking for
- particular operating systems or hardware in the #ifdef lines. The
- HAVE_FEATURE shall be generated by the configure script for unix-like systems
- and they are hard-coded in the config-[system].h files for the others.
-
-2.8 Write Separate Patches
+2.3 Write Separate Patches

 It is annoying when you get a huge patch from someone that is said to fix 511
 odd problems, but discussions and opinions don't agree with 510 of them - or
@ -158,14 +113,14 @@
 Also, separate patches enable bisecting much better when we track problems in
 the future.

-2.9 Patch Against Recent Sources
+2.4 Patch Against Recent Sources

 Please try to get the latest available sources to make your patches
 against. It makes the life of the developers so much easier. The very best is
 if you get the most up-to-date sources from the git repository, but the
 latest release archive is quite OK as well!

-2.10 Document
+2.5 Document

 Writing docs is dead boring and one of the big problems with many open source
 projects. Someone's gotta do it. It makes it a lot easier if you submit a
@ -176,7 +131,7 @@
 ASCII files. All HTML files on the web site and in the release archives are
 generated from the nroff/ASCII versions.

-2.11 Test Cases
+2.6 Test Cases

 Since the introduction of the test suite, we can quickly verify that the main
 features are working as they're supposed to. To maintain this situation and
--- a/docs/FAQ
+++ b/docs/FAQ
@ -30,6 +30,7 @@ FAQ
  2.2 Does curl work/build with other SSL libraries?
  2.3 Where can I find a copy of LIBEAY32.DLL?
  2.4 Does curl support SOCKS (RFC 1928) ?
+  2.5 Install libcurl for both 32bit and 64bit?

 3. Usage Problems
  3.1 curl: (1) SSL is disabled, https: not supported
@ -464,6 +465,32 @@ FAQ

  Yes, SOCKS 4 and 5 are supported.

+  2.5 Install libcurl for both 32bit and 64bit?
+
+  In curl's configure procedure one of the regular include files get created
+  with platform specific information. The file 'curl/curlbuild.h' in the
+  installed libcurl file tree is therefore somewhat tied to that particular
+  platform.
+
+  To allow applications to get built for either 32bit or 64bit you need to
+  install libcurl headers for both setups and unfortunately curl doesn't do
+  this automatically.
+
+  A commonly used procedure is this:
+
+     $ ./configure [32bit platform]
+     $ mv curl/curlbuild.h curl/curlbuild-32bit.h
+     $ ./configure [64bit platform]
+     $ mv curl/curlbuild.h curl/curlbuild-64bit.h
+
+  Then you make a toplevel curl/curlbuild.h replacement that only does this:
+
+     #ifdef IS_32BIT
+     #include "curlbuild-32bit.h"
+     else
+     #include "curlbuild-64bit.h"
+     #endif
+

 3. Usage problems

--- a/docs/HTTP2.md
+++ b/docs/HTTP2.md
@ -36,12 +36,17 @@ Over an https:// URL
 If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use
 ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce
 an option that will cause libcurl to fail if not possible to use HTTP/2.
-Consider options to explicitly disable ALPN and/or NPN.
+
+`CURL_HTTP_VERSION_2TLS` was added in 7.47.0 as a way to ask libcurl to prefer
+HTTP/2 for HTTPS but stick to 1.1 by default for plain old HTTP connections.

 ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is
 for a similar purpose, was made prior to ALPN and is used for SPDY so early
 HTTP/2 servers are implemented using NPN before ALPN support is widespread.

+`CURLOPT_SSL_ENABLE_ALPN` and `CURLOPT_SSL_ENABLE_NPN` are offered to allow
+applications to explicitly disable ALPN or NPN.
+
 SSL libs
 --------

@ -84,7 +89,9 @@ in HTTP 1.1 style. This allows applications to work unmodified.
 curl tool
 ---------

-curl offers the `--http2` command line option to enable use of HTTP/2
+curl offers the `--http2` command line option to enable use of HTTP/2.
+
+Since 7.47.0, the curl tool enables HTTP/2 by default for HTTPS connections.

 HTTP Alternative Services
 -------------------------
@ -95,7 +102,7 @@ same origin server that you get the response from. A browser or long-living
 client can use that hint to create a new connection asynchronously.  For
 libcurl, we may introduce a way to bring such clues to the applicaton and/or
 let a subsequent request use the alternate route
-automatically. [Spec](https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-05)
+automatically. [Spec](https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-14)

 TODO
 ----
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@ -3,6 +3,24 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!

+93. It is not possible to pass a 64-bit value using CURLFORM_CONTENTLEN with
+  CURLFORM_ARRAY, when compiled on 32-bit platforms that support 64-bit
+  integers. This is because the underlying structure 'curl_forms' uses a dual
+  purpose char* for storing these values in via casting. For more information
+  see the now closed related issue:
+  https://github.com/curl/curl/issues/608
+  
+92. curl tool 7.47.1 in Windows will not --output to literal paths \\?\ or to
+  reserved dos device names unless the device prefix \\.\ is used. To send
+  output to a device that has a reserved dos device name you can use the
+  Windows device prefix (eg: --output \\.\NUL). You can also use the
+  redirection operator to send output to a literal path or a reserved device
+  name (eg: > NUL).
+  The next release of curl will support --output in Windows to literal paths
+  and to reserved device names without the device prefix.
+  https://github.com/curl/curl/commit/c3aac48
+  https://github.com/curl/curl/commit/4fc80f3
+
 91. "curl_easy_perform hangs with imap and PolarSSL"
  https://github.com/curl/curl/issues/334

--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@ -38,7 +38,7 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	\
 KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		\
 $(PDFPAGES) LICENSE-MIXING README.netware INSTALL.devcpp		\
 MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE SSL-PROBLEMS	\
- HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md
+ HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md CODE_STYLE.md

 MAN2HTML= roffit < $< >$@

--- a/docs/RELEASE-PROCEDURE
+++ b/docs/RELEASE-PROCEDURE
@ -11,8 +11,8 @@ in the source code repo
 - make sure all relevant changes are committed on the master branch

 - tag the git repo in this style: `git tag -a curl-7_34_0`. -a annotates the
-  tag and we use underscores instead of dots in the version number. 
-   
+  tag and we use underscores instead of dots in the version number.
+
 - run "./maketgz 7.34.0" to build the release tarballs. It is important that
  you run this on a machine with the correct set of autotools etc installed
  as this is what then will be shipped and used by most users on *nix like
@ -24,8 +24,6 @@ in the source code repo

 - upload the 8 resulting files to the primary download directory

- upload the 4 tarballs to github for the HTTPS download
-
 in the curl-www repo
 --------------------

--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@ -23,6 +23,19 @@ HTTP/2
   As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_
   it speaks HTTP/2.

+HTTP cookies
+------------
+
+Two cookie drafts have been adopted by the httpwg in IETF and we should
+support them as the popular browsers will as well:
+
+[Deprecate modification of 'secure' cookies from non-secure
+origins](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-00)
+
+[Cookie Prefixes](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00)
+
+[Firefox bug report about secure cookies](https://bugzilla.mozilla.org/show_bug.cgi?id=976073)
+
 SRV records
 -----------

@ -31,7 +44,9 @@ How to find services for specific domains/hosts.
 HTTPS to proxy
 --------------

-To avoid network traffic to/from the proxy getting snooped on.
+To avoid network traffic to/from the proxy getting snooped on. There's a git
+branch in the public git repository for this that we need to make sure works
+for all TLS backends and then merge!

 curl_formadd()
 --------------
--- a/docs/SSLCERTS
+++ b/docs/SSLCERTS
@ -20,8 +20,8 @@ support.
 It is about trust
 -----------------

-This system is about trust. In your local CA cert bundle you have certs from
-*trusted* Certificate Authorities that you then can use to verify that the
+This system is about trust. In your local CA certificate store you have certs
+from *trusted* Certificate Authorities that you then can use to verify that the
 server certificates you see are valid. They're signed by one of the CAs you
 trust.

@ -35,16 +35,16 @@ Certificate Verification
 ------------------------

 libcurl performs peer SSL certificate verification by default.  This is done
-by using CA cert bundle that the SSL library can use to make sure the peer's
-server certificate is valid.
+by using a CA certificate store that the SSL library can use to make sure the
+peer's server certificate is valid.

 If you communicate with HTTPS, FTPS or other TLS-using servers using
-certificates that are signed by CAs present in the bundle, you can be sure
+certificates that are signed by CAs present in the store, you can be sure
 that the remote server really is the one it claims to be.

 If the remote server uses a self-signed certificate, if you don't install a CA
-cert bundle, if the server uses a certificate signed by a CA that isn't
-included in the bundle you use or if the remote host is an impostor
+cert store, if the server uses a certificate signed by a CA that isn't
+included in the store you use or if the remote host is an impostor
 impersonating your favorite site, and you want to transfer files from this
 server, do one of the following:

@ -59,12 +59,22 @@ server, do one of the following:

    With the curl command line tool: --cacert [file]

- 3. Add the CA cert for your server to the existing default CA cert bundle.
-    The default path of the CA bundle used can be changed by running configure
-    with the --with-ca-bundle option pointing out the path of your choice.
+ 3. Add the CA cert for your server to the existing default CA certificate
+    store. The default CA certificate store can changed at compile time with the
+    following configure options:

-    To do this, you need to get the CA cert for your server in PEM format and
-    then append that to your CA cert bundle.
+    --with-ca-bundle=FILE: use the specified file as CA certificate store. CA
+    certificates need to be concatenated in PEM format into this file.
+
+    --with-ca-path=PATH: use the specified path as CA certificate store. CA
+    certificates need to be stored as individual PEM files in this directory.
+    You may need to run c_rehash after adding files there.
+
+    If neither of the two options is specified, configure will try to auto-detect
+    a setting. It's also possible to explicitly not hardcode any default store
+    but rely on the built in default the crypto library may provide instead.
+    You can achieve that by passing both --without-ca-bundle and
+    --without-ca-path to the configure script.

    If you use Internet Explorer, this is one way to get extract the CA cert
    for a particular server:
@ -76,7 +86,7 @@ server, do one of the following:
     - Convert it from crt to PEM using the openssl tool:
       openssl x509 -inform DES -in yourdownloaded.crt \
       -out outcert.pem -text
-     - Append the 'outcert.pem' to the CA cert bundle or use it stand-alone
+     - Add the 'outcert.pem' to the CA certificate store or use it stand-alone
       as described below.

    If you use the 'openssl' tool, this is one way to get extract the CA cert
@ -89,9 +99,9 @@ server, do one of the following:
     - If you want to see the data in the certificate, you can do: "openssl
       x509 -inform PEM -in certfile -text -out certdata" where certfile is
       the cert you extracted from logfile. Look in certdata.
-     - If you want to trust the certificate, you can append it to your
-       cert bundle or use it stand-alone as described. Just remember that the
-       security is no better than the way you obtained the certificate.
+     - If you want to trust the certificate, you can add it to your CA
+       certificate store or use it stand-alone as described. Just remember that
+       the security is no better than the way you obtained the certificate.

 4. If you're using the curl command line tool, you can specify your own CA
    cert path by setting the environment variable `CURL_CA_BUNDLE` to the path
@ -113,9 +123,9 @@ server, do one of the following:

 Neglecting to use one of the above methods when dealing with a server using a
 certificate that isn't signed by one of the certificates in the installed CA
-cert bundle, will cause SSL to report an error ("certificate verify failed")
-during the handshake and SSL will then refuse further communication with that
-server.
+certificate store, will cause SSL to report an error ("certificate verify
+failed") during the handshake and SSL will then refuse further communication
+with that server.

 Certificate Verification with NSS
 ---------------------------------
@ -123,8 +133,8 @@ Certificate Verification with NSS
 If libcurl was built with NSS support, then depending on the OS distribution,
 it is probably required to take some additional steps to use the system-wide
 CA cert db. RedHat ships with an additional module, libnsspem.so, which
-enables NSS to read the OpenSSL PEM CA bundle. This library is missing in
-OpenSuSE, and without it, NSS can only work with its own internal formats. NSS
+enables NSS to read the OpenSSL PEM CA bundle. On openSUSE you can install
+p11-kit-nss-trust which makes NSS use the system wide CA certificate store. NSS
 also has a new [database format](https://wiki.mozilla.org/NSS_Shared_DB).

 Starting with version 7.19.7, libcurl automatically adds the 'sql:' prefix to
--- a/docs/THANKS
+++ b/docs/THANKS
@ -135,6 +135,7 @@ Benjamin Kircher
 Benoit Neil
 Benoit Sigoure
 Bernard Leak
+Bernard Spil
 Bernhard Reutner-Fischer
 Bert Huijben
 Bertrand Demiddelaer
@ -154,6 +155,7 @@ Bob Richmond
 Bob Schader
 Bogdan Nicula
 Brad Burdick
+Brad Fitzpatrick
 Brad Harder
 Brad Hards
 Brad King
@ -221,6 +223,7 @@ Claes Jakobsson
 Clarence Gardner
 Clemens Gruber
 Clifford Wolf
+Clint Clayton
 Cody Jones
 Cody Mack
 Colby Ranger
@ -280,6 +283,7 @@ Dave Thompson
 Dave Vasilevsky
 Davey Shafik
 David Bau
+David Benjamin
 David Binderman
 David Blaikie
 David Byron
@ -456,6 +460,7 @@ Glen A Johnson Jr.
 Glen Nakamura
 Glen Scott
 Glenn Sheridan
+Google Inc.
 Gordon Marler
 Gorilla Maguila
 Grant Erickson
@ -530,6 +535,7 @@ Jacob Meuser
 Jacob Moshenko
 Jactry Zeng
 Jad Chamcham
+Jaime Fullaondo
 Jakub Zakrzewski
 James Bursa
 James Cheng
@ -577,6 +583,7 @@ Jeff Lawson
 Jeff Phillips
 Jeff Pohlmeyer
 Jeff Weber
+Jeffrey Walton
 Jens Rantil
 Jeremy Friesner
 Jeremy Huddleston
@ -591,6 +598,7 @@ Jerry Wu
 Jes Badwal
 Jesper Jensen
 Jesse Noller
+Jesse Tan
 Jie He
 Jim Drash
 Jim Freeman
@ -692,6 +700,7 @@ Karl Moerder
 Karol Pietrzak
 Kaspar Brand
 Katie Wang
+Kazuho Oku
 Kees Cook
 Keith MacDonald
 Keith McGuigan
@ -764,6 +773,7 @@ Lucas Adamski
 Lucas Pardue
 Ludek Finstrle
 Ludovico Cavedon
+Ludwig Nussel
 Lukas Ruzicka
 Lukasz Czekierda
 Luke Amery
@ -775,6 +785,7 @@ Maciej Karpiuk
 Maciej Puzio
 Maciej W. Rozycki
 Maks Naumov
+Maksim Kuzevanov
 Maksim Stsepanenka
 Mamoru Tasaka
 Mandy Wu
@ -861,6 +872,7 @@ Michael Jahn
 Michael Jerris
 Michael Kalinin
 Michael Kaufmann
+Michael König
 Michael Mealling
 Michael Mueller
 Michael Osipov
@ -934,11 +946,13 @@ Nodak Sodak
 Norbert Frese
 Norbert Kett
 Norbert Novotny
+Octavio Schroeder
 Ofer
 Ola Mork
 Olaf Flebbe
 Olaf Stüben
 Oliver Gondža
+Oliver Graute
 Oliver Kuckertz
 Oliver Schindler
 Olivier Berger
@ -1031,6 +1045,7 @@ Quanah Gibson-Mount
 Quinn Slack
 Radu Simionescu
 Rafa Muyo
+Rafael Antonio
 Rafael Sagula
 Rafayel Mkrtchyan
 Rafaël Carré
@ -1150,12 +1165,14 @@ Sergei Nikulov
 Sergey Tatarincev
 Sergio Ballestrero
 Seshubabu Pasam
+Seth Mos
 Sh Diao
 Shao Shuchao
 Sharad Gupta
 Shard
 Shawn Landden
 Shawn Poulson
+Shine Fan
 Shmulik Regev
 Siddhartha Prakash Jain
 Sidney San Martin
@ -1241,6 +1258,7 @@ Tim Sneddon
 Tim Stack
 Tim Starling
 Timo Sirainen
+Timotej Lazar
 Tinus van den Berg
 Tobias Markus
 Tobias Rundström
--- a/docs/THANKS-filter
+++ b/docs/THANKS-filter
@ -52,3 +52,4 @@ s/Jonathan Cardoso/Jonathan Cardoso Machado/
 s/Linus Nielsen/Linus Nielsen Feltzing/
 s/Todd Ouska$/Todd A Ouska/
 s/Tim Ruehsen/Tim Rühsen/
+s/Michael Koenig/Michael König/
--- a/docs/TODO
+++ b/docs/TODO
@ -69,23 +69,23 @@
 7. SMTP
 7.1 Pipelining
 7.2 Enhanced capability support
- 
+
 8. POP3
 8.1 Pipelining
 8.2 Enhanced capability support
- 
+
 9. IMAP
 9.1 Enhanced capability support
- 
+
 10. LDAP
 10.1 SASL based authentication mechanisms
- 
+
 11. SMB
 11.1 File listing support
 11.2 Honor file timestamps
 11.3 Use NTLMv2
 11.4 Create remote directories
- 
+
 12. New protocols
 12.1 RSYNC

@ -111,8 +111,8 @@
 16. SASL
 16.1 Other authentication mechanisms
 16.2 Add QOP support to GSSAPI authentication
- 
- 17. Client
+
+ 17. Command line tool
 17.1 sync
 17.2 glob posts
 17.3 prevent file overwriting
@ -124,6 +124,7 @@
 17.9 Choose the name of file in braces for complex URLs
 17.10 improve how curl works in a windows console window
 17.11 -w output to stderr
+ 17.12 keep running, read instructions from pipe/socket

 18. Build
 18.1 roffit
@ -134,6 +135,7 @@
 19.3 more protocols supported
 19.4 more platforms supported
 19.5 Add support for concurrent connections
+ 19.6 Use the RFC6265 test suite

 20. Next SONAME bump
 20.1 http-style HEAD output for FTP
@ -429,7 +431,7 @@ This is not detailed in any FTP specification.
 For example:

 http://test:pass;auth=NTLM@example.com would be equivalent to specifying --user
- test:pass;auth=NTLM or --user test:pass --ntlm from the command line. 
+ test:pass;auth=NTLM or --user test:pass --ntlm from the command line.

 Additionally this should be implemented for proxy base URLs as well.

@ -650,7 +652,7 @@ that doesn't exist on the server, just like --ftp-create-dirs.

 Add support for other authentication mechanisms such as OLP,
 GSS-SPNEGO and others.
- 
+
 16.2 Add QOP support to GSSAPI authentication

 Currently the GSSAPI authentication only supports the default QOP of auth
@ -658,7 +660,7 @@ that doesn't exist on the server, just like --ftp-create-dirs.
 with integrity protection) and auth-conf (Authentication with integrity and
 privacy protection).

-17. Client
+17. Command line tool

 17.1 sync

@ -746,6 +748,13 @@ that doesn't exist on the server, just like --ftp-create-dirs.
 instead. Proposed name: --write-stderr. See
 https://github.com/curl/curl/issues/613

+17.12 keep running, read instructions from pipe/socket
+
+ Provide an option that makes curl not exit after the last URL (or even work
+ without a given URL), and then make it read instructions passed on a pipe or
+ over a socket to make further instructions so that a second subsequent curl
+ invoke can talk to the still running instance and ask for transfers to get
+ done, and thus maintain its connection pool, DNS cache and more.

 18. Build

@ -791,6 +800,16 @@ that doesn't exist on the server, just like --ftp-create-dirs.
 and thus the wait for connections loop is never entered to receive the second
 connection.

+19.6 Use the RFC6265 test suite
+
+ A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at
+ https://github.com/abarth/http-state/tree/master/tests
+
+ It'd be really awesome if someone would write a script/setup that would run
+ curl with that test suite and detect deviances. Ideally, that would even be
+ incorporated into our regular test suite.
+
+
 20. Next SONAME bump

 20.1 http-style HEAD output for FTP
--- a/docs/curl.1
+++ b/docs/curl.1
@ -216,8 +216,8 @@ read previously stored cookie lines from, which should be used in this session
 if they match. Using this method also activates the cookie engine which will
 make curl record incoming cookies too, which may be handy if you're using this
 in combination with the \fI-L, --location\fP option. The file format of the
-file to read cookies from should be plain HTTP headers or the Netscape/Mozilla
-cookie file format.
+file to read cookies from should be plain HTTP headers (Set-Cookie style) or
+the Netscape/Mozilla cookie file format.

 The file specified with \fI-b, --cookie\fP is only used as input. No cookies
 will be written to the file. To store cookies, use the \fI-c, --cookie-jar\fP
@ -430,6 +430,9 @@ the traditional PORT command.
 \fB--eprt\fP can be used to explicitly enable EPRT again and \fB--no-eprt\fP
 is an alias for \fB--disable-eprt\fP.

+If the server is an IPv6 host, this option will have no effect as EPRT is
+necessary then.
+
 Disabling EPRT only changes the active behavior. If you want to switch to
 passive mode you need to not use \fI-P, --ftp-port\fP or force it with
 \fI--ftp-pasv\fP.
@ -441,6 +444,9 @@ but with this option, it will not try using EPSV.
 \fB--epsv\fP can be used to explicitly enable EPSV again and \fB--no-epsv\fP
 is an alias for \fB--disable-epsv\fP.

+If the server is an IPv6 host, this option will have no effect as EPSV is
+necessary then.
+
 Disabling EPSV only changes the passive behavior. If you want to switch to
 active mode you need to use \fI-P, --ftp-port\fP.
 .IP "--dns-interface <interface>"
@ -971,7 +977,7 @@ re-send the following request using the same unmodified method.

 You can tell curl to not change the non-GET request method to GET after a 30x
 response by using the dedicated options for that: \fI--post301\fP,
-\fI--post302\fP and \fI-post303\fP.
+\fI--post302\fP and \fI--post303\fP.
 .IP "--libcurl <file>"
 Append this option to any ordinary curl command line, and you will get a
 libcurl-using C source code written to the file that does the equivalent
@ -1724,6 +1730,14 @@ default 512 bytes will be used.
 If this option is used several times, the last one will be used.

 (Added in 7.20.0)
+.IP "--tftp-no-options"
+(TFTP) Tells curl not to send TFTP options requests.
+
+This option improves interop with some legacy servers that do not acknowledge
+or properly implement TFTP options. When this option is used
+\fI--tftp-blksize\fP is ignored.
+
+(Added in 7.48.0)
 .IP "--tlsauthtype <authtype>"
 Set TLS authentication type. Currently, the only supported option is "SRP",
 for TLS-SRP (RFC 5054). If \fI--tlsuser\fP and \fI--tlspassword\fP are
--- a/docs/examples/10-at-a-time.c
+++ b/docs/examples/10-at-a-time.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -127,41 +127,42 @@ int main(void)
     uses */
  curl_multi_setopt(cm, CURLMOPT_MAXCONNECTS, (long)MAX);

-  for (C = 0; C < MAX; ++C) {
+  for(C = 0; C < MAX; ++C) {
    init(cm, C);
  }

-  while (U) {
+  while(U) {
    curl_multi_perform(cm, &U);

-    if (U) {
+    if(U) {
      FD_ZERO(&R);
      FD_ZERO(&W);
      FD_ZERO(&E);

-      if (curl_multi_fdset(cm, &R, &W, &E, &M)) {
+      if(curl_multi_fdset(cm, &R, &W, &E, &M)) {
        fprintf(stderr, "E: curl_multi_fdset\n");
        return EXIT_FAILURE;
      }

-      if (curl_multi_timeout(cm, &L)) {
+      if(curl_multi_timeout(cm, &L)) {
        fprintf(stderr, "E: curl_multi_timeout\n");
        return EXIT_FAILURE;
      }
-      if (L == -1)
+      if(L == -1)
        L = 100;

-      if (M == -1) {
+      if(M == -1) {
 #ifdef WIN32
        Sleep(L);
 #else
-        sleep(L / 1000);
+        sleep((unsigned int)L / 1000);
 #endif
-      } else {
+      }
+      else {
        T.tv_sec = L/1000;
        T.tv_usec = (L%1000)*1000;

-        if (0 > select(M+1, &R, &W, &E, &T)) {
+        if(0 > select(M+1, &R, &W, &E, &T)) {
          fprintf(stderr, "E: select(%i,,,,%li): %i: %s\n",
              M+1, L, errno, strerror(errno));
          return EXIT_FAILURE;
@ -169,8 +170,8 @@ int main(void)
      }
    }

-    while ((msg = curl_multi_info_read(cm, &Q))) {
-      if (msg->msg == CURLMSG_DONE) {
+    while((msg = curl_multi_info_read(cm, &Q))) {
+      if(msg->msg == CURLMSG_DONE) {
        char *url;
        CURL *e = msg->easy_handle;
        curl_easy_getinfo(msg->easy_handle, CURLINFO_PRIVATE, &url);
@ -182,7 +183,7 @@ int main(void)
      else {
        fprintf(stderr, "E: CURLMsg (%d)\n", msg->msg);
      }
-      if (C < CNT) {
+      if(C < CNT) {
        init(cm, C++);
        U++; /* just to prevent it from remaining at 0 if there are more
                URLs to get */
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@ -61,3 +61,6 @@ endif
 include Makefile.inc

 all: $(check_PROGRAMS)
+
+checksrc:
+	@@PERL@ $(top_srcdir)/lib/checksrc.pl -D$(top_srcdir)/docs/examples *.c
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -78,7 +78,8 @@
 /* ioctl callback function */
 static curlioerr my_ioctl(CURL *handle, curliocmd cmd, void *userp)
 {
-  intptr_t fd = (intptr_t)userp;
+  int *fdp = (int *)userp;
+  int fd = *fdp;

  (void)handle; /* not used in here */

@ -100,10 +101,11 @@ static curlioerr my_ioctl(CURL *handle, curliocmd cmd, void *userp)
 /* read callback function, fread() look alike */
 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  size_t retcode;
+  ssize_t retcode;
  curl_off_t nread;

-  intptr_t fd = (intptr_t)stream;
+  int *fdp = (int *)stream;
+  int fd = *fdp;

  retcode = read(fd, ptr, size * nmemb);

@ -119,7 +121,7 @@ int main(int argc, char **argv)
 {
  CURL *curl;
  CURLcode res;
-  intptr_t hd ;
+  int hd;
  struct stat file_info;

  char *file;
@ -132,7 +134,7 @@ int main(int argc, char **argv)
  url = argv[2];

  /* get the file size of the local file */
-  hd = open(file, O_RDONLY) ;
+  hd = open(file, O_RDONLY);
  fstat(hd, &file_info);

  /* In windows, this will init the winsock stuff */
@ -145,20 +147,20 @@ int main(int argc, char **argv)
    curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);

    /* which file to upload */
-    curl_easy_setopt(curl, CURLOPT_READDATA, (void*)hd);
+    curl_easy_setopt(curl, CURLOPT_READDATA, (void*)&hd);

    /* set the ioctl function */
    curl_easy_setopt(curl, CURLOPT_IOCTLFUNCTION, my_ioctl);

    /* pass the file descriptor to the ioctl callback as well */
-    curl_easy_setopt(curl, CURLOPT_IOCTLDATA, (void*)hd);
+    curl_easy_setopt(curl, CURLOPT_IOCTLDATA, (void*)&hd);

    /* enable "uploading" (which means PUT when doing HTTP) */
-    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L) ;
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);

    /* specify target URL, and note that this URL should also include a file
       name, not only a directory (as you can do with GTP uploads) */
-    curl_easy_setopt(curl,CURLOPT_URL, url);
+    curl_easy_setopt(curl, CURLOPT_URL, url);

    /* and give the size of the upload, this supports large file sizes
       on systems that have general support for it */
--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -30,8 +30,8 @@

 size_t writefunction( void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  fwrite(ptr,size,nmemb,stream);
-  return(nmemb*size);
+  fwrite(ptr, size, nmemb, stream);
+  return (nmemb*size);
 }

 static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm)
@ -87,14 +87,14 @@ static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm)
   * structure that SSL can use
   */
  PEM_read_bio_X509(bio, &cert, 0, NULL);
-  if (cert == NULL)
+  if(cert == NULL)
    printf("PEM_read_bio_X509 failed...\n");

  /* get a pointer to the X509 certificate store (which may be empty!) */
  store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx);

  /* add our certificate to this store */
-  if (X509_STORE_add_cert(store, cert)==0)
+  if(X509_STORE_add_cert(store, cert)==0)
    printf("error adding certificate\n");

  /* decrease reference counts */
@ -102,7 +102,7 @@ static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm)
  BIO_free(bio);

  /* all set to go */
-  return CURLE_OK ;
+  return CURLE_OK;
 }

 int main(void)
@ -112,22 +112,22 @@ int main(void)

  rv=curl_global_init(CURL_GLOBAL_ALL);
  ch=curl_easy_init();
-  rv=curl_easy_setopt(ch,CURLOPT_VERBOSE, 0L);
-  rv=curl_easy_setopt(ch,CURLOPT_HEADER, 0L);
-  rv=curl_easy_setopt(ch,CURLOPT_NOPROGRESS, 1L);
-  rv=curl_easy_setopt(ch,CURLOPT_NOSIGNAL, 1L);
-  rv=curl_easy_setopt(ch,CURLOPT_WRITEFUNCTION, *writefunction);
-  rv=curl_easy_setopt(ch,CURLOPT_WRITEDATA, stdout);
-  rv=curl_easy_setopt(ch,CURLOPT_HEADERFUNCTION, *writefunction);
-  rv=curl_easy_setopt(ch,CURLOPT_HEADERDATA, stderr);
-  rv=curl_easy_setopt(ch,CURLOPT_SSLCERTTYPE,"PEM");
-  rv=curl_easy_setopt(ch,CURLOPT_SSL_VERIFYPEER,1L);
+  rv=curl_easy_setopt(ch, CURLOPT_VERBOSE, 0L);
+  rv=curl_easy_setopt(ch, CURLOPT_HEADER, 0L);
+  rv=curl_easy_setopt(ch, CURLOPT_NOPROGRESS, 1L);
+  rv=curl_easy_setopt(ch, CURLOPT_NOSIGNAL, 1L);
+  rv=curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, *writefunction);
+  rv=curl_easy_setopt(ch, CURLOPT_WRITEDATA, stdout);
+  rv=curl_easy_setopt(ch, CURLOPT_HEADERFUNCTION, *writefunction);
+  rv=curl_easy_setopt(ch, CURLOPT_HEADERDATA, stderr);
+  rv=curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
+  rv=curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
  rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");

  /* first try: retrieve page without cacerts' certificate -> will fail
   */
  rv=curl_easy_perform(ch);
-  if (rv==CURLE_OK)
+  if(rv==CURLE_OK)
    printf("*** transfer succeeded ***\n");
  else
    printf("*** transfer failed ***\n");
@ -136,9 +136,9 @@ int main(void)
   * load the certificate by installing a function doing the nescessary
   * "modifications" to the SSL CONTEXT just before link init
   */
-  rv=curl_easy_setopt(ch,CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
+  rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
  rv=curl_easy_perform(ch);
-  if (rv==CURLE_OK)
+  if(rv==CURLE_OK)
    printf("*** transfer succeeded ***\n");
  else
    printf("*** transfer failed ***\n");
--- a/docs/examples/chkspeed.c
+++ b/docs/examples/chkspeed.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -68,63 +68,78 @@ int main(int argc, char *argv[])
  const char *url = URL_1M;
  char *appname = argv[0];

-  if (argc > 1) {
+  if(argc > 1) {
    /* parse input parameters */
-    for (argc--, argv++; *argv; argc--, argv++) {
-      if (strncasecmp(*argv, "-", 1) == 0) {
-        if (strncasecmp(*argv, "-H", 2) == 0) {
+    for(argc--, argv++; *argv; argc--, argv++) {
+      if(strncasecmp(*argv, "-", 1) == 0) {
+        if(strncasecmp(*argv, "-H", 2) == 0) {
          fprintf(stderr,
                  "\rUsage: %s [-m=1|2|5|10|20|50|100] [-t] [-x] [url]\n",
                  appname);
          exit(1);
-        } else if (strncasecmp(*argv, "-V", 2) == 0) {
+        }
+        else if(strncasecmp(*argv, "-V", 2) == 0) {
          fprintf(stderr, "\r%s %s - %s\n",
                  appname, CHKSPEED_VERSION, curl_version());
          exit(1);
-        } else if (strncasecmp(*argv, "-A", 2) == 0) {
+        }
+        else if(strncasecmp(*argv, "-A", 2) == 0) {
          prtall = 1;
-        } else if (strncasecmp(*argv, "-X", 2) == 0) {
+        }
+        else if(strncasecmp(*argv, "-X", 2) == 0) {
          prtsep = 1;
-        } else if (strncasecmp(*argv, "-T", 2) == 0) {
+        }
+        else if(strncasecmp(*argv, "-T", 2) == 0) {
          prttime = 1;
-        } else if (strncasecmp(*argv, "-M=", 3) == 0) {
+        }
+        else if(strncasecmp(*argv, "-M=", 3) == 0) {
          long m = strtol((*argv)+3, NULL, 10);
          switch(m) {
-            case   1: url = URL_1M;
-                      break;
-            case   2: url = URL_2M;
-                      break;
-            case   5: url = URL_5M;
-                      break;
-            case  10: url = URL_10M;
-                      break;
-            case  20: url = URL_20M;
-                      break;
-            case  50: url = URL_50M;
-                      break;
-            case 100: url = URL_100M;
-                      break;
-            default:  fprintf(stderr, "\r%s: invalid parameter %s\n",
-                              appname, *argv + 3);
-                      exit(1);
+          case 1:
+            url = URL_1M;
+            break;
+          case 2:
+            url = URL_2M;
+            break;
+          case 5:
+            url = URL_5M;
+            break;
+          case 10:
+            url = URL_10M;
+            break;
+          case 20:
+            url = URL_20M;
+            break;
+          case 50:
+            url = URL_50M;
+            break;
+          case 100:
+            url = URL_100M;
+            break;
+          default:
+            fprintf(stderr, "\r%s: invalid parameter %s\n",
+                    appname, *argv + 3);
+            exit(1);
          }
-        } else {
+        }
+        else {
          fprintf(stderr, "\r%s: invalid or unknown option %s\n",
                  appname, *argv);
          exit(1);
        }
-      } else {
+      }
+      else {
        url = *argv;
      }
    }
  }

  /* print separator line */
-  if (prtsep) {
+  if(prtsep) {
    printf("-------------------------------------------------\n");
  }
  /* print localtime */
-  if (prttime) {
+  if(prttime) {
    time_t t = time(NULL);
    printf("Localtime: %s", ctime(&t));
  }
@ -167,7 +182,7 @@ int main(int argc, char *argv[])
    if((CURLE_OK == res) && (val>0))
      printf("Average download speed: %0.3f kbyte/sec.\n", val / 1024);

-    if (prtall) {
+    if(prtall) {
      /* check for name resolution time */
      res = curl_easy_getinfo(curl_handle, CURLINFO_NAMELOOKUP_TIME, &val);
      if((CURLE_OK == res) && (val>0))
@ -178,8 +193,8 @@ int main(int argc, char *argv[])
      if((CURLE_OK == res) && (val>0))
        printf("Connect time: %0.3f sec.\n", val);
    }
-
-  } else {
+  }
+  else {
    fprintf(stderr, "Error while fetching '%s' : %s\n",
            url, curl_easy_strerror(res));
  }
--- a/docs/examples/cookie_interface.c
+++ b/docs/examples/cookie_interface.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -42,17 +42,18 @@ print_cookies(CURL *curl)

  printf("Cookies, curl knows:\n");
  res = curl_easy_getinfo(curl, CURLINFO_COOKIELIST, &cookies);
-  if (res != CURLE_OK) {
-    fprintf(stderr, "Curl curl_easy_getinfo failed: %s\n", curl_easy_strerror(res));
+  if(res != CURLE_OK) {
+    fprintf(stderr, "Curl curl_easy_getinfo failed: %s\n",
+            curl_easy_strerror(res));
    exit(1);
  }
  nc = cookies, i = 1;
-  while (nc) {
+  while(nc) {
    printf("[%d]: %s\n", i, nc->data);
    nc = nc->next;
    i++;
  }
-  if (i == 1) {
+  if(i == 1) {
    printf("(none)\n");
  }
  curl_slist_free_all(cookies);
@ -66,14 +67,14 @@ main(void)

  curl_global_init(CURL_GLOBAL_ALL);
  curl = curl_easy_init();
-  if (curl) {
+  if(curl) {
    char nline[256];

    curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.com/");
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-    curl_easy_setopt(curl, CURLOPT_COOKIEFILE, ""); /* just to start the cookie engine */
+    curl_easy_setopt(curl, CURLOPT_COOKIEFILE, ""); /* start cookie engine */
    res = curl_easy_perform(curl);
-    if (res != CURLE_OK) {
+    if(res != CURLE_OK) {
      fprintf(stderr, "Curl perform failed: %s\n", curl_easy_strerror(res));
      return 1;
    }
@ -92,10 +93,13 @@ main(void)
 #endif
    /* Netscape format cookie */
    snprintf(nline, sizeof(nline), "%s\t%s\t%s\t%s\t%lu\t%s\t%s",
-      ".google.com", "TRUE", "/", "FALSE", (unsigned long)time(NULL) + 31337UL, "PREF", "hello google, i like you very much!");
+             ".google.com", "TRUE", "/", "FALSE",
+             (unsigned long)time(NULL) + 31337UL,
+             "PREF", "hello google, i like you very much!");
    res = curl_easy_setopt(curl, CURLOPT_COOKIELIST, nline);
-    if (res != CURLE_OK) {
-      fprintf(stderr, "Curl curl_easy_setopt failed: %s\n", curl_easy_strerror(res));
+    if(res != CURLE_OK) {
+      fprintf(stderr, "Curl curl_easy_setopt failed: %s\n",
+              curl_easy_strerror(res));
      return 1;
    }

@ -109,18 +113,21 @@ main(void)
      "Set-Cookie: OLD_PREF=3d141414bf4209321; "
      "expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com");
    res = curl_easy_setopt(curl, CURLOPT_COOKIELIST, nline);
-    if (res != CURLE_OK) {
-      fprintf(stderr, "Curl curl_easy_setopt failed: %s\n", curl_easy_strerror(res));
+    if(res != CURLE_OK) {
+      fprintf(stderr, "Curl curl_easy_setopt failed: %s\n",
+              curl_easy_strerror(res));
      return 1;
    }

    print_cookies(curl);

    res = curl_easy_perform(curl);
-    if (res != CURLE_OK) {
+    if(res != CURLE_OK) {
      fprintf(stderr, "Curl perform failed: %s\n", curl_easy_strerror(res));
      return 1;
    }
+
+    curl_easy_cleanup(curl);
  }
  else {
    fprintf(stderr, "Curl init failed!\n");
--- a/docs/examples/curlgtk.c
+++ b/docs/examples/curlgtk.c
@ -50,9 +50,9 @@ void *my_thread(void *ptr)
  gchar *url = ptr;

  curl = curl_easy_init();
-  if(curl)
-  {
-    outfile = fopen("test.curl", "w");
+  if(curl) {
+    const char *filename = "test.curl";
+    outfile = fopen(filename, "wb");

    curl_easy_setopt(curl, CURLOPT_URL, url);
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, outfile);
@ -97,7 +97,7 @@ int main(int argc, char **argv)
  gtk_container_add(GTK_CONTAINER(Frame2), Bar);
  gtk_widget_show_all(Window);

-  if (!g_thread_create(&my_thread, argv[1], FALSE, NULL) != 0)
+  if(!g_thread_create(&my_thread, argv[1], FALSE, NULL) != 0)
    g_warning("can't create the thread");


--- a/docs/examples/curlx.c
+++ b/docs/examples/curlx.c
@ -101,13 +101,18 @@
 static const char *curlx_usage[]={
  "usage: curlx args\n",
  " -p12 arg         - tia  file ",
-  " -envpass arg     - environement variable which content the tia private key password",
+  " -envpass arg     - environement variable which content the tia private"
+  " key password",
  " -out arg         - output file (response)- default stdout",
  " -in arg          - input file (request)- default stdin",
-  " -connect arg     - URL of the server for the connection ex: www.openevidence.org",
-  " -mimetype arg    - MIME type for data in ex : application/timestamp-query or application/dvcs -default application/timestamp-query",
-  " -acceptmime arg  - MIME type acceptable for the response ex : application/timestamp-response or application/dvcs -default none",
-  " -accesstype arg  - an Object identifier in an AIA/SIA method, e.g. AD_DVCS or ad_timestamping",
+  " -connect arg     - URL of the server for the connection ex:"
+  " www.openevidence.org",
+  " -mimetype arg    - MIME type for data in ex : application/timestamp-query"
+  " or application/dvcs -default application/timestamp-query",
+  " -acceptmime arg  - MIME type acceptable for the response ex : "
+  "application/timestamp-response or application/dvcs -default none",
+  " -accesstype arg  - an Object identifier in an AIA/SIA method, e.g."
+  " AD_DVCS or ad_timestamping",
  NULL
 };

@ -128,22 +133,22 @@ static const char *curlx_usage[]={
 /* This is a context that we pass to all callbacks */

 typedef struct sslctxparm_st {
-  unsigned char * p12file ;
-  const char * pst ;
-  PKCS12 * p12 ;
-  EVP_PKEY * pkey ;
-  X509 * usercert ;
-  STACK_OF(X509) * ca ;
+  unsigned char * p12file;
+  const char * pst;
+  PKCS12 * p12;
+  EVP_PKEY * pkey;
+  X509 * usercert;
+  STACK_OF(X509) * ca;
  CURL * curl;
  BIO * errorbio;
-  int accesstype ;
+  int accesstype;
  int verbose;

 } sslctxparm;

 /* some helper function. */

-static char *i2s_ASN1_IA5STRING( ASN1_IA5STRING *ia5)
+static char *ia5string(ASN1_IA5STRING *ia5)
 {
  char *tmp;
  if(!ia5 || !ia5->length)
@ -155,20 +160,20 @@ static char *i2s_ASN1_IA5STRING( ASN1_IA5STRING *ia5)
 }

 /* A conveniance routine to get an access URI. */
-
-static unsigned char *my_get_ext(X509 * cert, const int type, int extensiontype) {
-
+static unsigned char *my_get_ext(X509 *cert, const int type,
+                                 int extensiontype)
+{
  int i;
-  STACK_OF(ACCESS_DESCRIPTION) * accessinfo ;
-  accessinfo =  X509_get_ext_d2i(cert, extensiontype, NULL, NULL) ;
+  STACK_OF(ACCESS_DESCRIPTION) * accessinfo;
+  accessinfo =  X509_get_ext_d2i(cert, extensiontype, NULL, NULL);

-  if (!sk_ACCESS_DESCRIPTION_num(accessinfo))
+  if(!sk_ACCESS_DESCRIPTION_num(accessinfo))
    return NULL;
-  for (i = 0; i < sk_ACCESS_DESCRIPTION_num(accessinfo); i++) {
+  for(i = 0; i < sk_ACCESS_DESCRIPTION_num(accessinfo); i++) {
    ACCESS_DESCRIPTION * ad = sk_ACCESS_DESCRIPTION_value(accessinfo, i);
-    if (OBJ_obj2nid(ad->method) == type) {
-      if (ad->location->type == GEN_URI) {
-        return i2s_ASN1_IA5STRING(ad->location->d.ia5);
+    if(OBJ_obj2nid(ad->method) == type) {
+      if(ad->location->type == GEN_URI) {
+        return ia5string(ad->location->d.ia5);
      }
      return NULL;
    }
@ -187,84 +192,86 @@ static int ssl_app_verify_callback(X509_STORE_CTX *ctx, void *arg)
  sslctxparm * p = (sslctxparm *) arg;
  int ok;

-  if (p->verbose > 2)
-    BIO_printf(p->errorbio,"entering ssl_app_verify_callback\n");
+  if(p->verbose > 2)
+    BIO_printf(p->errorbio, "entering ssl_app_verify_callback\n");

-  if ((ok= X509_verify_cert(ctx)) && ctx->cert) {
-    unsigned char * accessinfo ;
-    if (p->verbose > 1)
-      X509_print_ex(p->errorbio,ctx->cert,0,0);
+  if((ok= X509_verify_cert(ctx)) && ctx->cert) {
+    unsigned char * accessinfo;
+    if(p->verbose > 1)
+      X509_print_ex(p->errorbio, ctx->cert, 0, 0);

-    if (accessinfo = my_get_ext(ctx->cert,p->accesstype ,NID_sinfo_access)) {
-      if (p->verbose)
-        BIO_printf(p->errorbio,"Setting URL from SIA to: %s\n", accessinfo);
+    if(accessinfo = my_get_ext(ctx->cert, p->accesstype, NID_sinfo_access)) {
+      if(p->verbose)
+        BIO_printf(p->errorbio, "Setting URL from SIA to: %s\n", accessinfo);

-      curl_easy_setopt(p->curl, CURLOPT_URL,accessinfo);
+      curl_easy_setopt(p->curl, CURLOPT_URL, accessinfo);
    }
-    else if (accessinfo = my_get_ext(ctx->cert,p->accesstype,
-                                     NID_info_access)) {
-      if (p->verbose)
-        BIO_printf(p->errorbio,"Setting URL from AIA to: %s\n", accessinfo);
+    else if(accessinfo = my_get_ext(ctx->cert, p->accesstype,
+                                    NID_info_access)) {
+      if(p->verbose)
+        BIO_printf(p->errorbio, "Setting URL from AIA to: %s\n", accessinfo);

-      curl_easy_setopt(p->curl, CURLOPT_URL,accessinfo);
+      curl_easy_setopt(p->curl, CURLOPT_URL, accessinfo);
    }
  }
-  if (p->verbose > 2)
-    BIO_printf(p->errorbio,"leaving ssl_app_verify_callback with %d\n", ok);
-  return(ok);
+  if(p->verbose > 2)
+    BIO_printf(p->errorbio, "leaving ssl_app_verify_callback with %d\n", ok);
+
+  return ok;
 }


-/* This is an example of an curl SSL initialisation call back. The callback sets:
+/* The SSL initialisation callback. The callback sets:
   - a private key and certificate
   - a trusted ca certificate
   - a preferred cipherlist
   - an application verification callback (the function above)
 */

-static CURLcode sslctxfun(CURL * curl, void * sslctx, void * parm) {
-
+static CURLcode sslctxfun(CURL * curl, void * sslctx, void * parm)
+{
  sslctxparm * p = (sslctxparm *) parm;
-  SSL_CTX * ctx = (SSL_CTX *) sslctx ;
+  SSL_CTX * ctx = (SSL_CTX *) sslctx;

-  if (!SSL_CTX_use_certificate(ctx,p->usercert)) {
-    BIO_printf(p->errorbio, "SSL_CTX_use_certificate problem\n"); goto err;
+  if(!SSL_CTX_use_certificate(ctx, p->usercert)) {
+    BIO_printf(p->errorbio, "SSL_CTX_use_certificate problem\n");
+    goto err;
  }
-  if (!SSL_CTX_use_PrivateKey(ctx,p->pkey)) {
-    BIO_printf(p->errorbio, "SSL_CTX_use_PrivateKey\n"); goto err;
+  if(!SSL_CTX_use_PrivateKey(ctx, p->pkey)) {
+    BIO_printf(p->errorbio, "SSL_CTX_use_PrivateKey\n");
+    goto err;
  }

-  if (!SSL_CTX_check_private_key(ctx)) {
-    BIO_printf(p->errorbio, "SSL_CTX_check_private_key\n"); goto err;
+  if(!SSL_CTX_check_private_key(ctx)) {
+    BIO_printf(p->errorbio, "SSL_CTX_check_private_key\n");
+    goto err;
  }

-  SSL_CTX_set_quiet_shutdown(ctx,1);
-  SSL_CTX_set_cipher_list(ctx,"RC4-MD5");
+  SSL_CTX_set_quiet_shutdown(ctx, 1);
+  SSL_CTX_set_cipher_list(ctx, "RC4-MD5");
  SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);

-  X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), sk_X509_value(p->ca, sk_X509_num(p->ca)-1));
-
-  SSL_CTX_set_verify_depth(ctx,2);
-
-  SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,ZERO_NULL);
+  X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx),
+                      sk_X509_value(p->ca, sk_X509_num(p->ca)-1));

+  SSL_CTX_set_verify_depth(ctx, 2);
+  SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, ZERO_NULL);
  SSL_CTX_set_cert_verify_callback(ctx, ssl_app_verify_callback, parm);

-
-  return CURLE_OK ;
+  return CURLE_OK;
  err:
  ERR_print_errors(p->errorbio);
  return CURLE_SSL_CERTPROBLEM;

 }

-int main(int argc, char **argv) {
-
+int main(int argc, char **argv)
+{
  BIO* in=NULL;
  BIO* out=NULL;

  char * outfile = NULL;
-  char * infile = NULL ;
+  char * infile = NULL;

  int tabLength=100;
  char *binaryptr;
@ -273,7 +280,7 @@ int main(int argc, char **argv) {
  char* contenttype;
  const char** pp;
  unsigned char* hostporturl = NULL;
-  BIO * p12bio ;
+  BIO * p12bio;
  char **args = argv + 1;
  unsigned char * serverurl;
  sslctxparm p;
@ -296,66 +303,91 @@ int main(int argc, char **argv) {
  OpenSSL_add_all_digests();
  ERR_load_crypto_strings();

-
-
-  while (*args && *args[0] == '-') {
-    if (!strcmp (*args, "-in")) {
-      if (args[1]) {
+  while(*args && *args[0] == '-') {
+    if(!strcmp (*args, "-in")) {
+      if(args[1]) {
        infile=*(++args);
-      } else badarg=1;
-    } else if (!strcmp (*args, "-out")) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(!strcmp (*args, "-out")) {
+      if(args[1]) {
        outfile=*(++args);
-      } else badarg=1;
-    } else if (!strcmp (*args, "-p12")) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(!strcmp (*args, "-p12")) {
+      if(args[1]) {
        p.p12file = *(++args);
-      } else badarg=1;
-    } else if (strcmp(*args,"-envpass") == 0) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-envpass") == 0) {
+      if(args[1]) {
        p.pst = getenv(*(++args));
-      } else badarg=1;
-    } else if (strcmp(*args,"-connect") == 0) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-connect") == 0) {
+      if(args[1]) {
        hostporturl = *(++args);
-      } else badarg=1;
-    } else if (strcmp(*args,"-mimetype") == 0) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-mimetype") == 0) {
+      if(args[1]) {
        mimetype = *(++args);
-      } else badarg=1;
-    } else if (strcmp(*args,"-acceptmime") == 0) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-acceptmime") == 0) {
+      if(args[1]) {
        mimetypeaccept = *(++args);
-      } else badarg=1;
-    } else if (strcmp(*args,"-accesstype") == 0) {
-      if (args[1]) {
-        if ((p.accesstype = OBJ_obj2nid(OBJ_txt2obj(*++args,0))) == 0) badarg=1;
-      } else badarg=1;
-    } else if (strcmp(*args,"-verbose") == 0) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-accesstype") == 0) {
+      if(args[1]) {
+        if((p.accesstype = OBJ_obj2nid(OBJ_txt2obj(*++args, 0))) == 0)
+          badarg=1;
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-verbose") == 0) {
      p.verbose++;
-    } else badarg=1;
+    }
+    else
+      badarg=1;
    args++;
  }

-  if (mimetype==NULL || mimetypeaccept == NULL) badarg = 1;
+  if(mimetype==NULL || mimetypeaccept == NULL)
+    badarg = 1;

-  if (badarg) {
-    for (pp=curlx_usage; (*pp != NULL); pp++)
-      BIO_printf(p.errorbio,"%s\n",*pp);
-    BIO_printf(p.errorbio,"\n");
+  if(badarg) {
+    for(pp=curlx_usage; (*pp != NULL); pp++)
+      BIO_printf(p.errorbio, "%s\n", *pp);
+    BIO_printf(p.errorbio, "\n");
    goto err;
  }

-
-
  /* set input */

-  if ((in=BIO_new(BIO_s_file())) == NULL) {
+  if((in=BIO_new(BIO_s_file())) == NULL) {
    BIO_printf(p.errorbio, "Error setting input bio\n");
    goto err;
-  } else if (infile == NULL)
-    BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
-  else if (BIO_read_filename(in,infile) <= 0) {
+  }
+  else if(infile == NULL)
+    BIO_set_fp(in, stdin, BIO_NOCLOSE|BIO_FP_TEXT);
+  else if(BIO_read_filename(in, infile) <= 0) {
    BIO_printf(p.errorbio, "Error opening input file %s\n", infile);
    BIO_free(in);
    goto err;
@ -363,12 +395,13 @@ int main(int argc, char **argv) {

  /* set output  */

-  if ((out=BIO_new(BIO_s_file())) == NULL) {
+  if((out=BIO_new(BIO_s_file())) == NULL) {
    BIO_printf(p.errorbio, "Error setting output bio.\n");
    goto err;
-  } else if (outfile == NULL)
-    BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-  else if (BIO_write_filename(out,outfile) <= 0) {
+  }
+  else if(outfile == NULL)
+    BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT);
+  else if(BIO_write_filename(out, outfile) <= 0) {
    BIO_printf(p.errorbio, "Error opening output file %s\n", outfile);
    BIO_free(out);
    goto err;
@ -377,62 +410,66 @@ int main(int argc, char **argv) {

  p.errorbio = BIO_new_fp (stderr, BIO_NOCLOSE);

-  if (!(p.curl = curl_easy_init())) {
+  if(!(p.curl = curl_easy_init())) {
    BIO_printf(p.errorbio, "Cannot init curl lib\n");
    goto err;
  }

-
-
-  if (!(p12bio = BIO_new_file(p.p12file , "rb"))) {
-    BIO_printf(p.errorbio, "Error opening P12 file %s\n", p.p12file); goto err;
+  if(!(p12bio = BIO_new_file(p.p12file , "rb"))) {
+    BIO_printf(p.errorbio, "Error opening P12 file %s\n", p.p12file);
+    goto err;
  }
-  if (!(p.p12 = d2i_PKCS12_bio (p12bio, NULL))) {
-    BIO_printf(p.errorbio, "Cannot decode P12 structure %s\n", p.p12file); goto err;
+  if(!(p.p12 = d2i_PKCS12_bio (p12bio, NULL))) {
+    BIO_printf(p.errorbio, "Cannot decode P12 structure %s\n", p.p12file);
+    goto err;
  }

  p.ca= NULL;
-  if (!(PKCS12_parse (p.p12, p.pst, &(p.pkey), &(p.usercert), &(p.ca) ) )) {
-    BIO_printf(p.errorbio,"Invalid P12 structure in %s\n", p.p12file); goto err;
+  if(!(PKCS12_parse (p.p12, p.pst, &(p.pkey), &(p.usercert), &(p.ca) ) )) {
+    BIO_printf(p.errorbio, "Invalid P12 structure in %s\n", p.p12file);
+    goto err;
  }

-  if (sk_X509_num(p.ca) <= 0) {
-    BIO_printf(p.errorbio,"No trustworthy CA given.%s\n", p.p12file); goto err;
+  if(sk_X509_num(p.ca) <= 0) {
+    BIO_printf(p.errorbio, "No trustworthy CA given.%s\n", p.p12file);
+    goto err;
  }

-  if (p.verbose > 1)
-    X509_print_ex(p.errorbio,p.usercert,0,0);
+  if(p.verbose > 1)
+    X509_print_ex(p.errorbio, p.usercert, 0, 0);

  /* determine URL to go */

-  if (hostporturl) {
-    serverurl = malloc(9+strlen(hostporturl));
-    sprintf(serverurl,"https://%s",hostporturl);
+  if(hostporturl) {
+    size_t len = strlen(hostporturl) + 9;
+    serverurl = malloc(len);
+    snprintf(serverurl, len, "https://%s", hostporturl);
  }
-  else if (p.accesstype != 0) { /* see whether we can find an AIA or SIA for a given access type */
-    if (!(serverurl = my_get_ext(p.usercert,p.accesstype,NID_info_access))) {
+  else if(p.accesstype != 0) { /* see whether we can find an AIA or SIA for a
+                                  given access type */
+    if(!(serverurl = my_get_ext(p.usercert, p.accesstype, NID_info_access))) {
      int j=0;
-      BIO_printf(p.errorbio,"no service URL in user cert "
+      BIO_printf(p.errorbio, "no service URL in user cert "
                 "cherching in others certificats\n");
-      for (j=0;j<sk_X509_num(p.ca);j++) {
-        if ((serverurl = my_get_ext(sk_X509_value(p.ca,j),p.accesstype,
+      for(j=0; j<sk_X509_num(p.ca); j++) {
+        if((serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype,
                                    NID_info_access)))
          break;
-        if ((serverurl = my_get_ext(sk_X509_value(p.ca,j),p.accesstype,
+        if((serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype,
                                    NID_sinfo_access)))
          break;
      }
    }
  }

-  if (!serverurl) {
+  if(!serverurl) {
    BIO_printf(p.errorbio, "no service URL in certificats,"
               " check '-accesstype (AD_DVCS | ad_timestamping)'"
               " or use '-connect'\n");
    goto err;
  }

-  if (p.verbose)
+  if(p.verbose)
    BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl);

  curl_easy_setopt(p.curl, CURLOPT_URL, serverurl);
@ -440,38 +477,39 @@ int main(int argc, char **argv) {
  /* Now specify the POST binary data */

  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr);
-  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE,(long)tabLength);
+  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength);

  /* pass our list of custom made headers */

  contenttype = malloc(15+strlen(mimetype));
-  sprintf(contenttype,"Content-type: %s",mimetype);
-  headers = curl_slist_append(headers,contenttype);
+  snprintf(contenttype, 15+strlen(mimetype), "Content-type: %s", mimetype);
+  headers = curl_slist_append(headers, contenttype);
  curl_easy_setopt(p.curl, CURLOPT_HTTPHEADER, headers);

-  if (p.verbose)
+  if(p.verbose)
    BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl);

  {
    FILE *outfp;
-    BIO_get_fp(out,&outfp);
+    BIO_get_fp(out, &outfp);
    curl_easy_setopt(p.curl, CURLOPT_WRITEDATA, outfp);
  }

-  res = curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun)  ;
+  res = curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun);

-  if (res != CURLE_OK)
-    BIO_printf(p.errorbio,"%d %s=%d %d\n", __LINE__, "CURLOPT_SSL_CTX_FUNCTION",CURLOPT_SSL_CTX_FUNCTION,res);
+  if(res != CURLE_OK)
+    BIO_printf(p.errorbio, "%d %s=%d %d\n", __LINE__,
+               "CURLOPT_SSL_CTX_FUNCTION", CURLOPT_SSL_CTX_FUNCTION, res);

  curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_DATA, &p);

  {
    int lu; int i=0;
-    while ((lu = BIO_read (in,&binaryptr[i],tabLength-i)) >0 ) {
+    while((lu = BIO_read (in, &binaryptr[i], tabLength-i)) >0 ) {
      i+=lu;
-      if (i== tabLength) {
+      if(i== tabLength) {
        tabLength+=100;
-        binaryptr=realloc(binaryptr,tabLength); /* should be more careful */
+        binaryptr=realloc(binaryptr, tabLength); /* should be more careful */
      }
    }
    tabLength = i;
@ -479,23 +517,23 @@ int main(int argc, char **argv) {
  /* Now specify the POST binary data */

  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr);
-  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE,(long)tabLength);
+  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength);


  /* Perform the request, res will get the return code */

-  BIO_printf(p.errorbio,"%d %s %d\n", __LINE__, "curl_easy_perform",
+  BIO_printf(p.errorbio, "%d %s %d\n", __LINE__, "curl_easy_perform",
             res = curl_easy_perform(p.curl));
  {
-    int result =curl_easy_getinfo(p.curl,CURLINFO_CONTENT_TYPE,&response);
-    if( mimetypeaccept && p.verbose)
-      if(!strcmp(mimetypeaccept,response))
-        BIO_printf(p.errorbio,"the response has a correct mimetype : %s\n",
+    int result =curl_easy_getinfo(p.curl, CURLINFO_CONTENT_TYPE, &response);
+    if(mimetypeaccept && p.verbose)
+      if(!strcmp(mimetypeaccept, response))
+        BIO_printf(p.errorbio, "the response has a correct mimetype : %s\n",
                   response);
      else
-        BIO_printf(p.errorbio,"the response doesn\'t have an acceptable "
+        BIO_printf(p.errorbio, "the response doesn\'t have an acceptable "
                   "mime type, it is %s instead of %s\n",
-                   response,mimetypeaccept);
+                   response, mimetypeaccept);
  }

  /*** code d'erreur si accept mime ***, egalement code return HTTP != 200 ***/
@ -511,6 +549,6 @@ int main(int argc, char **argv) {
  BIO_free(out);
  return (EXIT_SUCCESS);

-  err: BIO_printf(p.errorbio,"error");
+  err: BIO_printf(p.errorbio, "error");
  exit(1);
 }
--- a/docs/examples/debug.c
+++ b/docs/examples/debug.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -62,14 +62,14 @@ void dump(const char *text,

    for(c = 0; (c < width) && (i+c < size); c++) {
      /* check for 0D0A; if found, skip past and start a new line of output */
-      if (nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
+      if(nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
        i+=(c+2-width);
        break;
      }
      fprintf(stream, "%c",
              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
      /* check again for 0D0A, to avoid an extra \n if it's at width */
-      if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
+      if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
        i+=(c+3-width);
        break;
      }
--- a/docs/examples/evhiperfifo.c
+++ b/docs/examples/evhiperfifo.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -119,12 +119,12 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
 {
  DPRINT("%s %li\n", __PRETTY_FUNCTION__,  timeout_ms);
  ev_timer_stop(g->loop, &g->timer_event);
-  if (timeout_ms > 0)
-  {
+  if(timeout_ms > 0) {
    double  t = timeout_ms / 1000;
    ev_timer_init(&g->timer_event, timer_cb, t, 0.);
    ev_timer_start(g->loop, &g->timer_event);
-  }else
+  }
+  else
    timer_cb(g->loop, &g->timer_event, 0);
  return 0;
 }
@ -132,20 +132,32 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
 /* Die if we get a bad CURLMcode somewhere */
 static void mcode_or_die(const char *where, CURLMcode code)
 {
-  if ( CURLM_OK != code )
-  {
+  if(CURLM_OK != code) {
    const char *s;
-    switch ( code )
-    {
-    case CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
-    case CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
-    case CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
-    case CURLM_INTERNAL_ERROR:     s="CURLM_INTERNAL_ERROR";     break;
-    case CURLM_UNKNOWN_OPTION:     s="CURLM_UNKNOWN_OPTION";     break;
-    case CURLM_LAST:               s="CURLM_LAST";               break;
-    default: s="CURLM_unknown";
+    switch (code) {
+    case CURLM_BAD_HANDLE:
+      s="CURLM_BAD_HANDLE";
      break;
-    case     CURLM_BAD_SOCKET:         s="CURLM_BAD_SOCKET";
+    case CURLM_BAD_EASY_HANDLE:
+      s="CURLM_BAD_EASY_HANDLE";
+      break;
+    case CURLM_OUT_OF_MEMORY:
+      s="CURLM_OUT_OF_MEMORY";
+      break;
+    case CURLM_INTERNAL_ERROR:
+      s="CURLM_INTERNAL_ERROR";
+      break;
+    case CURLM_UNKNOWN_OPTION:
+      s="CURLM_UNKNOWN_OPTION";
+      break;
+    case CURLM_LAST:
+      s="CURLM_LAST";
+      break;
+    default:
+      s="CURLM_unknown";
+      break;
+    case CURLM_BAD_SOCKET:
+      s="CURLM_BAD_SOCKET";
      fprintf(MSG_OUT, "ERROR: %s returns %s\n", where, s);
      /* ignore this error */
      return;
@ -168,8 +180,8 @@ static void check_multi_info(GlobalInfo *g)
  CURLcode res;

  fprintf(MSG_OUT, "REMAINING: %d\n", g->still_running);
-  while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
-    if (msg->msg == CURLMSG_DONE) {
+  while((msg = curl_multi_info_read(g->multi, &msgs_left))) {
+    if(msg->msg == CURLMSG_DONE) {
      easy = msg->easy_handle;
      res = msg->data.result;
      curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
@ -197,8 +209,7 @@ static void event_cb(EV_P_ struct ev_io *w, int revents)
  rc = curl_multi_socket_action(g->multi, w->fd, action, &g->still_running);
  mcode_or_die("event_cb: curl_multi_socket_action", rc);
  check_multi_info(g);
-  if ( g->still_running <= 0 )
-  {
+  if(g->still_running <= 0) {
    fprintf(MSG_OUT, "last transfer done, kill timeout\n");
    ev_timer_stop(g->loop, &g->timer_event);
  }
@ -212,7 +223,8 @@ static void timer_cb(EV_P_ struct ev_timer *w, int revents)
  GlobalInfo *g = (GlobalInfo *)w->data;
  CURLMcode rc;

-  rc = curl_multi_socket_action(g->multi, CURL_SOCKET_TIMEOUT, 0, &g->still_running);
+  rc = curl_multi_socket_action(g->multi, CURL_SOCKET_TIMEOUT, 0,
+                                &g->still_running);
  mcode_or_die("timer_cb: curl_multi_socket_action", rc);
  check_multi_info(g);
 }
@ -221,9 +233,8 @@ static void timer_cb(EV_P_ struct ev_timer *w, int revents)
 static void remsock(SockInfo *f, GlobalInfo *g)
 {
  printf("%s  \n", __PRETTY_FUNCTION__);
-  if ( f )
-  {
-    if ( f->evset )
+  if(f) {
+    if(f->evset)
      ev_io_stop(g->loop, &f->ev);
    free(f);
  }
@ -241,7 +252,7 @@ static void setsock(SockInfo*f, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
  f->sockfd = s;
  f->action = act;
  f->easy = e;
-  if ( f->evset )
+  if(f->evset)
    ev_io_stop(g->loop, &f->ev);
  ev_io_init(&f->ev, event_cb, f->sockfd, kind);
  f->ev.data = g;
@ -273,18 +284,16 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)

  fprintf(MSG_OUT,
          "socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
-  if ( what == CURL_POLL_REMOVE )
-  {
+  if(what == CURL_POLL_REMOVE) {
    fprintf(MSG_OUT, "\n");
    remsock(fdp, g);
-  } else
-  {
-    if ( !fdp )
-    {
+  }
+  else {
+    if(!fdp) {
      fprintf(MSG_OUT, "Adding data: %s\n", whatstr[what]);
      addsock(s, e, what, g);
-    } else
-    {
+    }
+    else {
      fprintf(MSG_OUT,
              "Changing action from %s to %s\n",
              whatstr[fdp->action], whatstr[what]);
@ -330,8 +339,7 @@ static void new_conn(char *url, GlobalInfo *g )
  conn->error[0]='\0';

  conn->easy = curl_easy_init();
-  if ( !conn->easy )
-  {
+  if(!conn->easy) {
    fprintf(MSG_OUT, "curl_easy_init() failed, exiting!\n");
    exit(2);
  }
@ -366,16 +374,16 @@ static void fifo_cb(EV_P_ struct ev_io *w, int revents)
  int n=0;
  GlobalInfo *g = (GlobalInfo *)w->data;

-  do
-  {
+  do {
    s[0]='\0';
    rv=fscanf(g->input, "%1023s%n", s, &n);
    s[n]='\0';
-    if ( n && s[0] )
-    {
-      new_conn(s,g);  /* if we read a URL, go get it! */
-    } else break;
-  } while ( rv != EOF );
+    if(n && s[0]) {
+      new_conn(s, g);  /* if we read a URL, go get it! */
+    }
+    else
+      break;
+  } while(rv != EOF);
 }

 /* Create a named pipe and tell libevent to monitor it */
@ -386,24 +394,20 @@ static int init_fifo (GlobalInfo *g)
  curl_socket_t sockfd;

  fprintf(MSG_OUT, "Creating named pipe \"%s\"\n", fifo);
-  if ( lstat (fifo, &st) == 0 )
-  {
-    if ( (st.st_mode & S_IFMT) == S_IFREG )
-    {
+  if(lstat (fifo, &st) == 0) {
+    if((st.st_mode & S_IFMT) == S_IFREG) {
      errno = EEXIST;
      perror("lstat");
      exit (1);
    }
  }
  unlink(fifo);
-  if ( mkfifo (fifo, 0600) == -1 )
-  {
+  if(mkfifo (fifo, 0600) == -1) {
    perror("mkfifo");
    exit (1);
  }
  sockfd = open(fifo, O_RDWR | O_NONBLOCK, 0);
-  if ( sockfd == -1 )
-  {
+  if(sockfd == -1) {
    perror("open");
    exit (1);
  }
@ -412,7 +416,7 @@ static int init_fifo (GlobalInfo *g)
  fprintf(MSG_OUT, "Now, pipe some URL's into > %s\n", fifo);
  ev_io_init(&g->fifo_event, fifo_cb, sockfd, EV_READ);
  ev_io_start(g->loop, &g->fifo_event);
-  return(0);
+  return (0);
 }

 int main(int argc, char **argv)
--- a/docs/examples/externalsocket.c
+++ b/docs/examples/externalsocket.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -54,7 +54,7 @@

 static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  int written = fwrite(ptr, size, nmemb, (FILE *)stream);
+  size_t written = fwrite(ptr, size, nmemb, (FILE *)stream);
  return written;
 }

@ -92,7 +92,7 @@ int main(void)
  WSADATA wsaData;
  int initwsa;

-  if((initwsa = WSAStartup(MAKEWORD(2,0), &wsaData)) != 0) {
+  if((initwsa = WSAStartup(MAKEWORD(2, 0), &wsaData)) != 0) {
    printf("WSAStartup failed: %d\n", initwsa);
    return 1;
  }
@ -107,7 +107,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999");

    /* Create the socket "manually" */
-    if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) == CURL_SOCKET_BAD ) {
+    if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == CURL_SOCKET_BAD ) {
      printf("Error creating listening socket.\n");
      return 3;
    }
@ -116,10 +116,10 @@ int main(void)
    servaddr.sin_family = AF_INET;
    servaddr.sin_port   = htons(PORTNUM);

-    if (INADDR_NONE == (servaddr.sin_addr.s_addr = inet_addr(IPADDR)))
+    if(INADDR_NONE == (servaddr.sin_addr.s_addr = inet_addr(IPADDR)))
      return 2;

-    if(connect(sockfd,(struct sockaddr *) &servaddr, sizeof(servaddr)) ==
+    if(connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)) ==
       -1) {
      close(sockfd);
      printf("client error: connect: %s\n", strerror(errno));
--- a/docs/examples/fopen.c
+++ b/docs/examples/fopen.c
@ -80,7 +80,7 @@ struct fcurl_data
 typedef struct fcurl_data URL_FILE;

 /* exported functions */
-URL_FILE *url_fopen(const char *url,const char *operation);
+URL_FILE *url_fopen(const char *url, const char *operation);
 int url_fclose(URL_FILE *file);
 int url_feof(URL_FILE *file);
 size_t url_fread(void *ptr, size_t size, size_t nmemb, URL_FILE *file);
@ -106,9 +106,9 @@ static size_t write_callback(char *buffer,

  if(size > rembuff) {
    /* not enough space in buffer */
-    newbuff=realloc(url->buffer,url->buffer_len + (size - rembuff));
+    newbuff=realloc(url->buffer, url->buffer_len + (size - rembuff));
    if(newbuff==NULL) {
-      fprintf(stderr,"callback buffer grow failed\n");
+      fprintf(stderr, "callback buffer grow failed\n");
      size=rembuff;
    }
    else {
@ -165,8 +165,7 @@ static int fill_buffer(URL_FILE *file, size_t want)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
@ -230,7 +229,7 @@ static int use_buffer(URL_FILE *file, size_t want)
  return 0;
 }

-URL_FILE *url_fopen(const char *url,const char *operation)
+URL_FILE *url_fopen(const char *url, const char *operation)
 {
  /* this code could check for URLs or types in the 'url' and
     basically use the real fopen() for standard files */
@ -244,7 +243,7 @@ URL_FILE *url_fopen(const char *url,const char *operation)

  memset(file, 0, sizeof(URL_FILE));

-  if((file->handle.file=fopen(url,operation)))
+  if((file->handle.file=fopen(url, operation)))
    file->type = CFTYPE_FILE; /* marked as URL */

  else {
@ -338,13 +337,13 @@ size_t url_fread(void *ptr, size_t size, size_t nmemb, URL_FILE *file)

  switch(file->type) {
  case CFTYPE_FILE:
-    want=fread(ptr,size,nmemb,file->handle.file);
+    want=fread(ptr, size, nmemb, file->handle.file);
    break;

  case CFTYPE_CURL:
    want = nmemb * size;

-    fill_buffer(file,want);
+    fill_buffer(file, want);

    /* check if theres data in the buffer - if not fill_buffer()
     * either errored or EOF */
@ -358,7 +357,7 @@ size_t url_fread(void *ptr, size_t size, size_t nmemb, URL_FILE *file)
    /* xfer data to caller */
    memcpy(ptr, file->buffer, want);

-    use_buffer(file,want);
+    use_buffer(file, want);

    want = want / size;     /* number of items */
    break;
@ -383,7 +382,7 @@ char *url_fgets(char *ptr, size_t size, URL_FILE *file)
    break;

  case CFTYPE_CURL:
-    fill_buffer(file,want);
+    fill_buffer(file, want);

    /* check if theres data in the buffer - if not fill either errored or
     * EOF */
@ -407,7 +406,7 @@ char *url_fgets(char *ptr, size_t size, URL_FILE *file)
    memcpy(ptr, file->buffer, want);
    ptr[want]=0;/* allways null terminate */

-    use_buffer(file,want);
+    use_buffer(file, want);

    break;

@ -447,6 +446,10 @@ void url_rewind(URL_FILE *file)
  }
 }

+#define FGETSFILE "fgets.test"
+#define FREADFILE "fread.test"
+#define REWINDFILE "rewind.test"
+
 /* Small main program to retrive from a url using fgets and fread saving the
 * output to two test files (note the fgets method will corrupt binary files if
 * they contain 0 chars */
@ -465,7 +468,7 @@ int main(int argc, char *argv[])
    url=argv[1];/* use passed url */

  /* copy from url line by line with fgets */
-  outf=fopen("fgets.test","w+");
+  outf=fopen(FGETSFILE, "wb+");
  if(!outf) {
    perror("couldn't open fgets output file\n");
    return 1;
@ -479,8 +482,8 @@ int main(int argc, char *argv[])
  }

  while(!url_feof(handle)) {
-    url_fgets(buffer,sizeof(buffer),handle);
-    fwrite(buffer,1,strlen(buffer),outf);
+    url_fgets(buffer, sizeof(buffer), handle);
+    fwrite(buffer, 1, strlen(buffer), outf);
  }

  url_fclose(handle);
@ -489,7 +492,7 @@ int main(int argc, char *argv[])


  /* Copy from url with fread */
-  outf=fopen("fread.test","w+");
+  outf=fopen(FREADFILE, "wb+");
  if(!outf) {
    perror("couldn't open fread output file\n");
    return 1;
@ -504,7 +507,7 @@ int main(int argc, char *argv[])

  do {
    nread = url_fread(buffer, 1, sizeof(buffer), handle);
-    fwrite(buffer,1,nread,outf);
+    fwrite(buffer, 1, nread, outf);
  } while(nread);

  url_fclose(handle);
@ -513,7 +516,7 @@ int main(int argc, char *argv[])


  /* Test rewind */
-  outf=fopen("rewind.test","w+");
+  outf=fopen(REWINDFILE, "wb+");
  if(!outf) {
    perror("couldn't open fread output file\n");
    return 1;
@ -526,21 +529,19 @@ int main(int argc, char *argv[])
    return 2;
  }

-  nread = url_fread(buffer, 1,sizeof(buffer), handle);
-  fwrite(buffer,1,nread,outf);
+  nread = url_fread(buffer, 1, sizeof(buffer), handle);
+  fwrite(buffer, 1, nread, outf);
  url_rewind(handle);

  buffer[0]='\n';
-  fwrite(buffer,1,1,outf);
-
-  nread = url_fread(buffer, 1,sizeof(buffer), handle);
-  fwrite(buffer,1,nread,outf);
+  fwrite(buffer, 1, 1, outf);

+  nread = url_fread(buffer, 1, sizeof(buffer), handle);
+  fwrite(buffer, 1, nread, outf);

  url_fclose(handle);

  fclose(outf);

-
  return 0;/* all done */
 }
--- a/docs/examples/ftp-wildcard.c
+++ b/docs/examples/ftp-wildcard.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -119,7 +119,7 @@ static long file_is_coming(struct curl_fileinfo *finfo,
      return CURL_CHUNK_BGN_FUNC_SKIP;
    }

-    data->output = fopen(finfo->filename, "w");
+    data->output = fopen(finfo->filename, "wb");
    if(!data->output) {
      return CURL_CHUNK_BGN_FUNC_FAIL;
    }
--- a/docs/examples/ftpget.c
+++ b/docs/examples/ftpget.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -63,7 +63,7 @@ int main(void)
     * You better replace the URL with one that works!
     */
    curl_easy_setopt(curl, CURLOPT_URL,
-                     "ftp://ftp.example.com/pub/www/utilities/curl/curl-7.9.2.tar.gz");
+                     "ftp://ftp.example.com/curl/curl-7.9.2.tar.gz");
    /* Define our callback to get called when there's data to be written */
    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_fwrite);
    /* Set a pointer to our struct to pass to the callback */
--- a/docs/examples/ftpgetinfo.c
+++ b/docs/examples/ftpgetinfo.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -71,10 +71,12 @@ int main(void)
        time_t file_time = (time_t)filetime;
        printf("filetime %s: %s", filename, ctime(&file_time));
      }
-      res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &filesize);
+      res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD,
+                              &filesize);
      if((CURLE_OK == res) && (filesize>0.0))
        printf("filesize %s: %0.0f bytes\n", filename, filesize);
-    } else {
+    }
+    else {
      /* we failed */
      fprintf(stderr, "curl told us %d\n", res);
    }
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -35,6 +35,9 @@ write_response(void *ptr, size_t size, size_t nmemb, void *data)
  return fwrite(ptr, size, nmemb, writehere);
 }

+#define FTPBODY "ftp-list"
+#define FTPHEADERS "ftp-responses"
+
 int main(void)
 {
  CURL *curl;
@ -43,10 +46,10 @@ int main(void)
  FILE *respfile;

  /* local file name to store the file as */
-  ftpfile = fopen("ftp-list", "wb"); /* b is binary, needed on win32 */
+  ftpfile = fopen(FTPBODY, "wb"); /* b is binary, needed on win32 */

  /* local file name to store the FTP server's response lines in */
-  respfile = fopen("ftp-responses", "wb"); /* b is binary, needed on win32 */
+  respfile = fopen(FTPHEADERS, "wb"); /* b is binary, needed on win32 */

  curl = curl_easy_init();
  if(curl) {
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -104,7 +104,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);

    /* specify target */
-    curl_easy_setopt(curl,CURLOPT_URL, REMOTE_URL);
+    curl_easy_setopt(curl, CURLOPT_URL, REMOTE_URL);

    /* pass in that last of FTP commands to run after the transfer */
    curl_easy_setopt(curl, CURLOPT_POSTQUOTE, headerlist);
--- a/docs/examples/ftpuploadresume.c
+++ b/docs/examples/ftpuploadresume.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -36,7 +36,8 @@
 /* The MinGW headers are missing a few Win32 function definitions,
   you shouldn't need this if you use VC++ */
 #if defined(__MINGW32__) && !defined(__MINGW64__)
-int __cdecl _snscanf(const char * input, size_t length, const char * format, ...);
+int __cdecl _snscanf(const char * input, size_t length,
+                     const char * format, ...);
 #endif


@ -49,7 +50,7 @@ size_t getcontentlengthfunc(void *ptr, size_t size, size_t nmemb, void *stream)
  /* _snscanf() is Win32 specific */
  r = _snscanf(ptr, size * nmemb, "Content-Length: %ld\n", &len);

-  if (r) /* Microsoft: we don't read the specs */
+  if(r) /* Microsoft: we don't read the specs */
    *((long *) stream) = len;

  return size * nmemb;
@ -67,7 +68,7 @@ size_t readfunc(void *ptr, size_t size, size_t nmemb, void *stream)
  FILE *f = stream;
  size_t n;

-  if (ferror(f))
+  if(ferror(f))
    return CURL_READFUNC_ABORT;

  n = fread(ptr, size, nmemb, f) * size;
@ -85,7 +86,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
  int c;

  f = fopen(localpath, "rb");
-  if (f == NULL) {
+  if(!f) {
    perror(NULL);
    return 0;
  }
@ -94,7 +95,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,

  curl_easy_setopt(curlhandle, CURLOPT_URL, remotepath);

-  if (timeout)
+  if(timeout)
    curl_easy_setopt(curlhandle, CURLOPT_FTP_RESPONSE_TIMEOUT, timeout);

  curl_easy_setopt(curlhandle, CURLOPT_HEADERFUNCTION, getcontentlengthfunc);
@ -105,14 +106,15 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
  curl_easy_setopt(curlhandle, CURLOPT_READFUNCTION, readfunc);
  curl_easy_setopt(curlhandle, CURLOPT_READDATA, f);

-  curl_easy_setopt(curlhandle, CURLOPT_FTPPORT, "-"); /* disable passive mode */
+  /* disable passive mode */
+  curl_easy_setopt(curlhandle, CURLOPT_FTPPORT, "-");
  curl_easy_setopt(curlhandle, CURLOPT_FTP_CREATE_MISSING_DIRS, 1L);

  curl_easy_setopt(curlhandle, CURLOPT_VERBOSE, 1L);

-  for (c = 0; (r != CURLE_OK) && (c < tries); c++) {
+  for(c = 0; (r != CURLE_OK) && (c < tries); c++) {
    /* are we resuming? */
-    if (c) { /* yes */
+    if(c) { /* yes */
      /* determine the length of the file already written */

      /*
@ -127,7 +129,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
      curl_easy_setopt(curlhandle, CURLOPT_HEADER, 1L);

      r = curl_easy_perform(curlhandle);
-      if (r != CURLE_OK)
+      if(r != CURLE_OK)
        continue;

      curl_easy_setopt(curlhandle, CURLOPT_NOBODY, 0L);
@ -146,7 +148,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,

  fclose(f);

-  if (r == CURLE_OK)
+  if(r == CURLE_OK)
    return 1;
  else {
    fprintf(stderr, "%s\n", curl_easy_strerror(r));
@ -161,7 +163,8 @@ int main(int c, char **argv)
  curl_global_init(CURL_GLOBAL_ALL);
  curlhandle = curl_easy_init();

-  upload(curlhandle, "ftp://user:pass@example.com/path/file", "C:\\file", 0, 3);
+  upload(curlhandle, "ftp://user:pass@example.com/path/file", "C:\\file",
+         0, 3);

  curl_easy_cleanup(curlhandle);
  curl_global_cleanup();
--- a/docs/examples/ghiper.c
+++ b/docs/examples/ghiper.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -28,33 +28,32 @@
 *
 * Written by Jeff Pohlmeyer

-Requires glib-2.x and a (POSIX?) system that has mkfifo().
+ Requires glib-2.x and a (POSIX?) system that has mkfifo().

-This is an adaptation of libcurl's "hipev.c" and libevent's "event-test.c"
-sample programs, adapted to use glib's g_io_channel in place of libevent.
+ This is an adaptation of libcurl's "hipev.c" and libevent's "event-test.c"
+ sample programs, adapted to use glib's g_io_channel in place of libevent.

-When running, the program creates the named pipe "hiper.fifo"
+ When running, the program creates the named pipe "hiper.fifo"

-Whenever there is input into the fifo, the program reads the input as a list
-of URL's and creates some new easy handles to fetch each URL via the
-curl_multi "hiper" API.
+ Whenever there is input into the fifo, the program reads the input as a list
+ of URL's and creates some new easy handles to fetch each URL via the
+ curl_multi "hiper" API.


-Thus, you can try a single URL:
-  % echo http://www.yahoo.com > hiper.fifo
+ Thus, you can try a single URL:
+ % echo http://www.yahoo.com > hiper.fifo

-Or a whole bunch of them:
-  % cat my-url-list > hiper.fifo
+ Or a whole bunch of them:
+ % cat my-url-list > hiper.fifo

-The fifo buffer is handled almost instantly, so you can even add more URL's
-while the previous requests are still being downloaded.
+ The fifo buffer is handled almost instantly, so you can even add more URL's
+ while the previous requests are still being downloaded.

-This is purely a demo app, all retrieved data is simply discarded by the write
-callback.
+ This is purely a demo app, all retrieved data is simply discarded by the write
+ callback.

 */

-
 #include <glib.h>
 #include <sys/stat.h>
 #include <unistd.h>
@ -64,13 +63,10 @@ callback.
 #include <errno.h>
 #include <curl/curl.h>

-
 #define MSG_OUT g_print   /* Change to "g_error" to write to stderr */
 #define SHOW_VERBOSE 0    /* Set to non-zero for libcurl messages */
 #define SHOW_PROGRESS 0   /* Set to non-zero to enable progress callback */

-
-
 /* Global information, common to all connections */
 typedef struct _GlobalInfo {
  CURLM *multi;
@ -78,8 +74,6 @@ typedef struct _GlobalInfo {
  int still_running;
 } GlobalInfo;

-
-
 /* Information associated with a specific easy handle */
 typedef struct _ConnInfo {
  CURL *easy;
@ -88,7 +82,6 @@ typedef struct _ConnInfo {
  char error[CURL_ERROR_SIZE];
 } ConnInfo;

-
 /* Information associated with a specific socket */
 typedef struct _SockInfo {
  curl_socket_t sockfd;
@ -100,30 +93,25 @@ typedef struct _SockInfo {
  GlobalInfo *global;
 } SockInfo;

-
-
-
 /* Die if we get a bad CURLMcode somewhere */
 static void mcode_or_die(const char *where, CURLMcode code) {
-  if ( CURLM_OK != code ) {
+  if(CURLM_OK != code) {
    const char *s;
    switch (code) {
-      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
-      case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
-      case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
-      case     CURLM_INTERNAL_ERROR:     s="CURLM_INTERNAL_ERROR";     break;
-      case     CURLM_BAD_SOCKET:         s="CURLM_BAD_SOCKET";         break;
-      case     CURLM_UNKNOWN_OPTION:     s="CURLM_UNKNOWN_OPTION";     break;
-      case     CURLM_LAST:               s="CURLM_LAST";               break;
-      default: s="CURLM_unknown";
+    case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
+    case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
+    case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
+    case     CURLM_INTERNAL_ERROR:     s="CURLM_INTERNAL_ERROR";     break;
+    case     CURLM_BAD_SOCKET:         s="CURLM_BAD_SOCKET";         break;
+    case     CURLM_UNKNOWN_OPTION:     s="CURLM_UNKNOWN_OPTION";     break;
+    case     CURLM_LAST:               s="CURLM_LAST";               break;
+    default: s="CURLM_unknown";
    }
    MSG_OUT("ERROR: %s returns %s\n", where, s);
    exit(code);
  }
 }

-
-
 /* Check for completed transfers, and remove their easy handles */
 static void check_multi_info(GlobalInfo *g)
 {
@ -135,8 +123,8 @@ static void check_multi_info(GlobalInfo *g)
  CURLcode res;

  MSG_OUT("REMAINING: %d\n", g->still_running);
-  while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
-    if (msg->msg == CURLMSG_DONE) {
+  while((msg = curl_multi_info_read(g->multi, &msgs_left))) {
+    if(msg->msg == CURLMSG_DONE) {
      easy = msg->easy_handle;
      res = msg->data.result;
      curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
@ -150,8 +138,6 @@ static void check_multi_info(GlobalInfo *g)
  }
 }

-
-
 /* Called by glib when our timeout expires */
 static gboolean timer_cb(gpointer data)
 {
@ -159,14 +145,12 @@ static gboolean timer_cb(gpointer data)
  CURLMcode rc;

  rc = curl_multi_socket_action(g->multi,
-                                  CURL_SOCKET_TIMEOUT, 0, &g->still_running);
+                                CURL_SOCKET_TIMEOUT, 0, &g->still_running);
  mcode_or_die("timer_cb: curl_multi_socket_action", rc);
  check_multi_info(g);
  return FALSE;
 }

-
-
 /* Update the event timer after curl_multi library calls */
 static int update_timeout_cb(CURLM *multi, long timeout_ms, void *userp)
 {
@ -176,15 +160,12 @@ static int update_timeout_cb(CURLM *multi, long timeout_ms, void *userp)
  timeout.tv_usec = (timeout_ms%1000)*1000;

  MSG_OUT("*** update_timeout_cb %ld => %ld:%ld ***\n",
-              timeout_ms, timeout.tv_sec, timeout.tv_usec);
+          timeout_ms, timeout.tv_sec, timeout.tv_usec);

  g->timer_event = g_timeout_add(timeout_ms, timer_cb, g);
  return 0;
 }

-
-
-
 /* Called by glib when we get action on a multi socket */
 static gboolean event_cb(GIOChannel *ch, GIOCondition condition, gpointer data)
 {
@ -202,41 +183,43 @@ static gboolean event_cb(GIOChannel *ch, GIOCondition condition, gpointer data)
  check_multi_info(g);
  if(g->still_running) {
    return TRUE;
-  } else {
+  }
+  else {
    MSG_OUT("last transfer done, kill timeout\n");
-    if (g->timer_event) { g_source_remove(g->timer_event); }
+    if(g->timer_event) {
+      g_source_remove(g->timer_event);
+    }
    return FALSE;
  }
 }

-
-
 /* Clean up the SockInfo structure */
 static void remsock(SockInfo *f)
 {
-  if (!f) { return; }
-  if (f->ev) { g_source_remove(f->ev); }
+  if(!f) {
+    return;
+  }
+  if(f->ev) {
+    g_source_remove(f->ev);
+  }
  g_free(f);
 }

-
-
 /* Assign information to a SockInfo structure */
 static void setsock(SockInfo*f, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
 {
  GIOCondition kind =
-     (act&CURL_POLL_IN?G_IO_IN:0)|(act&CURL_POLL_OUT?G_IO_OUT:0);
+    (act&CURL_POLL_IN?G_IO_IN:0)|(act&CURL_POLL_OUT?G_IO_OUT:0);

  f->sockfd = s;
  f->action = act;
  f->easy = e;
-  if (f->ev) { g_source_remove(f->ev); }
-  f->ev=g_io_add_watch(f->ch, kind, event_cb,g);
-
+  if(f->ev) {
+    g_source_remove(f->ev);
+  }
+  f->ev=g_io_add_watch(f->ch, kind, event_cb, g);
 }

-
-
 /* Initialize a new SockInfo structure */
 static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g)
 {
@ -248,8 +231,6 @@ static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g)
  curl_multi_assign(g->multi, s, fdp);
 }

-
-
 /* CURLMOPT_SOCKETFUNCTION */
 static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
 {
@ -258,14 +239,15 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
  static const char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };

  MSG_OUT("socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
-  if (what == CURL_POLL_REMOVE) {
+  if(what == CURL_POLL_REMOVE) {
    MSG_OUT("\n");
    remsock(fdp);
-  } else {
-    if (!fdp) {
+  }
+  else {
+    if(!fdp) {
      MSG_OUT("Adding data: %s%s\n",
-             what&CURL_POLL_IN?"READ":"",
-             what&CURL_POLL_OUT?"WRITE":"" );
+              what&CURL_POLL_IN?"READ":"",
+              what&CURL_POLL_OUT?"WRITE":"" );
      addsock(s, e, what, g);
    }
    else {
@ -277,8 +259,6 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
  return 0;
 }

-
-
 /* CURLOPT_WRITEFUNCTION */
 static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *data)
 {
@ -289,18 +269,15 @@ static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *data)
  return realsize;
 }

-
-
 /* CURLOPT_PROGRESSFUNCTION */
-static int prog_cb (void *p, double dltotal, double dlnow, double ult, double uln)
+static int prog_cb (void *p, double dltotal, double dlnow, double ult,
+                    double uln)
 {
  ConnInfo *conn = (ConnInfo *)p;
  MSG_OUT("Progress: %s (%g/%g)\n", conn->url, dlnow, dltotal);
  return 0;
 }

-
-
 /* Create a new easy handle, and add it to the global curl_multi */
 static void new_conn(char *url, GlobalInfo *g )
 {
@ -308,11 +285,9 @@ static void new_conn(char *url, GlobalInfo *g )
  CURLMcode rc;

  conn = g_malloc0(sizeof(ConnInfo));
-
  conn->error[0]='\0';
-
  conn->easy = curl_easy_init();
-  if (!conn->easy) {
+  if(!conn->easy) {
    MSG_OUT("curl_easy_init() failed, exiting!\n");
    exit(2);
  }
@ -340,93 +315,90 @@ static void new_conn(char *url, GlobalInfo *g )
     that the necessary socket_action() call will be called by this app */
 }

-
 /* This gets called by glib whenever data is received from the fifo */
 static gboolean fifo_cb (GIOChannel *ch, GIOCondition condition, gpointer data)
 {
-  #define BUF_SIZE 1024
+#define BUF_SIZE 1024
  gsize len, tp;
  gchar *buf, *tmp, *all=NULL;
  GIOStatus rv;

  do {
    GError *err=NULL;
-    rv = g_io_channel_read_line (ch,&buf,&len,&tp,&err);
-    if ( buf ) {
-      if (tp) { buf[tp]='\0'; }
-      new_conn(buf,(GlobalInfo*)data);
+    rv = g_io_channel_read_line(ch, &buf, &len, &tp, &err);
+    if(buf) {
+      if(tp) {
+        buf[tp]='\0';
+      }
+      new_conn(buf, (GlobalInfo*)data);
      g_free(buf);
-    } else {
+    }
+    else {
      buf = g_malloc(BUF_SIZE+1);
-      while (TRUE) {
+      while(TRUE) {
        buf[BUF_SIZE]='\0';
-        g_io_channel_read_chars(ch,buf,BUF_SIZE,&len,&err);
-        if (len) {
+        g_io_channel_read_chars(ch, buf, BUF_SIZE, &len, &err);
+        if(len) {
          buf[len]='\0';
-          if (all) {
+          if(all) {
            tmp=all;
            all=g_strdup_printf("%s%s", tmp, buf);
            g_free(tmp);
-          } else {
+          }
+          else {
            all = g_strdup(buf);
          }
-        } else {
-           break;
+        }
+        else {
+          break;
        }
      }
-      if (all) {
-        new_conn(all,(GlobalInfo*)data);
+      if(all) {
+        new_conn(all, (GlobalInfo*)data);
        g_free(all);
      }
      g_free(buf);
    }
-    if ( err ) {
+    if(err) {
      g_error("fifo_cb: %s", err->message);
      g_free(err);
      break;
    }
-  } while ( (len) && (rv == G_IO_STATUS_NORMAL) );
+  } while((len) && (rv == G_IO_STATUS_NORMAL));
  return TRUE;
 }

-
-
-
 int init_fifo(void)
 {
- struct stat st;
- const char *fifo = "hiper.fifo";
- int socket;
+  struct stat st;
+  const char *fifo = "hiper.fifo";
+  int socket;

- if (lstat (fifo, &st) == 0) {
-  if ((st.st_mode & S_IFMT) == S_IFREG) {
-   errno = EEXIST;
-   perror("lstat");
-   exit (1);
+  if(lstat (fifo, &st) == 0) {
+    if((st.st_mode & S_IFMT) == S_IFREG) {
+      errno = EEXIST;
+      perror("lstat");
+      exit (1);
+    }
  }
- }

- unlink (fifo);
- if (mkfifo (fifo, 0600) == -1) {
-  perror("mkfifo");
-  exit (1);
- }
+  unlink (fifo);
+  if(mkfifo (fifo, 0600) == -1) {
+    perror("mkfifo");
+    exit (1);
+  }

- socket = open (fifo, O_RDWR | O_NONBLOCK, 0);
+  socket = open (fifo, O_RDWR | O_NONBLOCK, 0);

- if (socket == -1) {
-  perror("open");
-  exit (1);
- }
- MSG_OUT("Now, pipe some URL's into > %s\n", fifo);
-
- return socket;
+  if(socket == -1) {
+    perror("open");
+    exit (1);
+  }
+  MSG_OUT("Now, pipe some URL's into > %s\n", fifo);

+  return socket;
 }

-
-
-
 int main(int argc, char **argv)
 {
  GlobalInfo *g;
@ -438,8 +410,8 @@ int main(int argc, char **argv)

  fd=init_fifo();
  ch=g_io_channel_unix_new(fd);
-  g_io_add_watch(ch,G_IO_IN,fifo_cb,g);
-  gmain=g_main_loop_new(NULL,FALSE);
+  g_io_add_watch(ch, G_IO_IN, fifo_cb, g);
+  gmain=g_main_loop_new(NULL, FALSE);
  g->multi = curl_multi_init();
  curl_multi_setopt(g->multi, CURLMOPT_SOCKETFUNCTION, sock_cb);
  curl_multi_setopt(g->multi, CURLMOPT_SOCKETDATA, g);
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -126,7 +126,7 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
 /* Die if we get a bad CURLMcode somewhere */
 static void mcode_or_die(const char *where, CURLMcode code)
 {
-  if ( CURLM_OK != code ) {
+  if(CURLM_OK != code) {
    const char *s;
    switch (code) {
      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
@ -160,8 +160,8 @@ static void check_multi_info(GlobalInfo *g)
  CURLcode res;

  fprintf(MSG_OUT, "REMAINING: %d\n", g->still_running);
-  while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
-    if (msg->msg == CURLMSG_DONE) {
+  while((msg = curl_multi_info_read(g->multi, &msgs_left))) {
+    if(msg->msg == CURLMSG_DONE) {
      easy = msg->easy_handle;
      res = msg->data.result;
      curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
@ -191,9 +191,9 @@ static void event_cb(int fd, short kind, void *userp)
  mcode_or_die("event_cb: curl_multi_socket_action", rc);

  check_multi_info(g);
-  if ( g->still_running <= 0 ) {
+  if(g->still_running <= 0 ) {
    fprintf(MSG_OUT, "last transfer done, kill timeout\n");
-    if (evtimer_pending(g->timer_event, NULL)) {
+    if(evtimer_pending(g->timer_event, NULL)) {
      evtimer_del(g->timer_event);
    }
  }
@ -220,8 +220,8 @@ static void timer_cb(int fd, short kind, void *userp)
 /* Clean up the SockInfo structure */
 static void remsock(SockInfo *f)
 {
-  if (f) {
-    if (f->evset)
+  if(f) {
+    if(f->evset)
      event_free(f->ev);
    free(f);
  }
@ -238,7 +238,7 @@ static void setsock(SockInfo*f, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
  f->sockfd = s;
  f->action = act;
  f->easy = e;
-  if (f->evset)
+  if(f->evset)
    event_free(f->ev);
  f->ev = event_new(g->evbase, f->sockfd, kind, event_cb, g);
  f->evset = 1;
@ -266,12 +266,12 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)

  fprintf(MSG_OUT,
          "socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
-  if (what == CURL_POLL_REMOVE) {
+  if(what == CURL_POLL_REMOVE) {
    fprintf(MSG_OUT, "\n");
    remsock(fdp);
  }
  else {
-    if (!fdp) {
+    if(!fdp) {
      fprintf(MSG_OUT, "Adding data: %s\n", whatstr[what]);
      addsock(s, e, what, g);
    }
@ -322,7 +322,7 @@ static void new_conn(char *url, GlobalInfo *g )
  conn->error[0]='\0';

  conn->easy = curl_easy_init();
-  if (!conn->easy) {
+  if(!conn->easy) {
    fprintf(MSG_OUT, "curl_easy_init() failed, exiting!\n");
    exit(2);
  }
@ -360,10 +360,12 @@ static void fifo_cb(int fd, short event, void *arg)
    s[0]='\0';
    rv=fscanf(g->input, "%1023s%n", s, &n);
    s[n]='\0';
-    if ( n && s[0] ) {
-      new_conn(s,arg);  /* if we read a URL, go get it! */
-    } else break;
-  } while ( rv != EOF);
+    if(n && s[0] ) {
+      new_conn(s, arg);  /* if we read a URL, go get it! */
+    }
+    else
+      break;
+  } while(rv != EOF);
 }

 /* Create a named pipe and tell libevent to monitor it */
@ -374,20 +376,20 @@ static int init_fifo (GlobalInfo *g)
  curl_socket_t sockfd;

  fprintf(MSG_OUT, "Creating named pipe \"%s\"\n", fifo);
-  if (lstat (fifo, &st) == 0) {
-    if ((st.st_mode & S_IFMT) == S_IFREG) {
+  if(lstat (fifo, &st) == 0) {
+    if((st.st_mode & S_IFMT) == S_IFREG) {
      errno = EEXIST;
      perror("lstat");
      exit (1);
    }
  }
  unlink(fifo);
-  if (mkfifo (fifo, 0600) == -1) {
+  if(mkfifo (fifo, 0600) == -1) {
    perror("mkfifo");
    exit (1);
  }
  sockfd = open(fifo, O_RDWR | O_NONBLOCK, 0);
-  if (sockfd == -1) {
+  if(sockfd == -1) {
    perror("open");
    exit (1);
  }
--- a/docs/examples/href_extractor.c
+++ b/docs/examples/href_extractor.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -38,11 +38,11 @@ static size_t write_callback(void *buffer, size_t size, size_t nmemb,
                             void *hsp)
 {
  size_t realsize = size * nmemb, p;
-  for (p = 0; p < realsize; p++) {
+  for(p = 0; p < realsize; p++) {
    html_parser_char_parse(hsp, ((char *)buffer)[p]);
-    if (html_parser_cmp_tag(hsp, "a", 1))
-      if (html_parser_cmp_attr(hsp, "href", 4))
-        if (html_parser_is_in(hsp, HTML_VALUE_ENDED)) {
+    if(html_parser_cmp_tag(hsp, "a", 1))
+      if(html_parser_cmp_attr(hsp, "href", 4))
+        if(html_parser_is_in(hsp, HTML_VALUE_ENDED)) {
          html_parser_val(hsp)[html_parser_val_length(hsp)] = '\0';
          printf("%s\n", html_parser_val(hsp));
        }
@ -56,7 +56,7 @@ int main(int argc, char *argv[])
  CURL *curl;
  HTMLSTREAMPARSER *hsp;

-  if (argc != 2) {
+  if(argc != 2) {
    printf("Usage: %s URL\n", argv[0]);
    return EXIT_FAILURE;
  }
--- a/docs/examples/htmltidy.c
+++ b/docs/examples/htmltidy.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -38,23 +38,21 @@ uint write_cb(char *in, uint size, uint nmemb, TidyBuffer *out)
  uint r;
  r = size * nmemb;
  tidyBufAppend( out, in, r );
-  return(r);
+  return r;
 }

 /* Traverse the document tree */
 void dumpNode(TidyDoc doc, TidyNode tnod, int indent )
 {
  TidyNode child;
-  for ( child = tidyGetChild(tnod); child; child = tidyGetNext(child) )
-  {
+  for(child = tidyGetChild(tnod); child; child = tidyGetNext(child) ) {
    ctmbstr name = tidyNodeGetName( child );
-    if ( name )
-    {
+    if(name) {
      /* if it has a name, then it's an HTML tag ... */
      TidyAttr attr;
      printf( "%*.*s%s ", indent, indent, "<", name);
      /* walk the attribute list */
-      for ( attr=tidyAttrFirst(child); attr; attr=tidyAttrNext(attr) ) {
+      for(attr=tidyAttrFirst(child); attr; attr=tidyAttrNext(attr) ) {
        printf(tidyAttrName(attr));
        tidyAttrValue(attr)?printf("=\"%s\" ",
                                   tidyAttrValue(attr)):printf(" ");
@ -82,7 +80,7 @@ int main(int argc, char **argv )
  TidyBuffer docbuf = {0};
  TidyBuffer tidy_errbuf = {0};
  int err;
-  if ( argc == 2) {
+  if(argc == 2) {
    curl = curl_easy_init();
    curl_easy_setopt(curl, CURLOPT_URL, argv[1]);
    curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errbuf);
@ -98,13 +96,13 @@ int main(int argc, char **argv )

    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &docbuf);
    err=curl_easy_perform(curl);
-    if ( !err ) {
+    if(!err) {
      err = tidyParseBuffer(tdoc, &docbuf); /* parse the input */
-      if ( err >= 0 ) {
+      if(err >= 0) {
        err = tidyCleanAndRepair(tdoc); /* fix any problems */
-        if ( err >= 0 ) {
+        if(err >= 0) {
          err = tidyRunDiagnostics(tdoc); /* load tidy error buffer */
-          if ( err >= 0 ) {
+          if(err >= 0) {
            dumpNode( tdoc, tidyGetRoot(tdoc), 0 ); /* walk the tree */
            fprintf(stderr, "%s\n", tidy_errbuf.bp); /* show errors */
          }
@ -119,11 +117,11 @@ int main(int argc, char **argv )
    tidyBufFree(&docbuf);
    tidyBufFree(&tidy_errbuf);
    tidyRelease(tdoc);
-    return(err);
+    return err;

  }
  else
    printf( "usage: %s <url>\n", argv[0] );

-  return(0);
+  return 0;
 }
--- a/docs/examples/http2-download.c
+++ b/docs/examples/http2-download.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -89,14 +89,14 @@ void dump(const char *text, int num, unsigned char *ptr, size_t size,

    for(c = 0; (c < width) && (i+c < size); c++) {
      /* check for 0D0A; if found, skip past and start a new line of output */
-      if (nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
+      if(nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
        i+=(c+2-width);
        break;
      }
      fprintf(stderr, "%c",
              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
      /* check again for 0D0A, to avoid an extra \n if it's at width */
-      if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
+      if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
        i+=(c+3-width);
        break;
      }
@ -149,7 +149,7 @@ static void setup(CURL *hnd, int num)
  FILE *out;
  char filename[128];

-  sprintf(filename, "dl-%d", num);
+  snprintf(filename, 128, "dl-%d", num);

  out = fopen(filename, "wb");

@ -244,8 +244,7 @@ int main(int argc, char **argv)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
--- a/docs/examples/http2-serverpush.c
+++ b/docs/examples/http2-serverpush.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -69,14 +69,14 @@ void dump(const char *text, unsigned char *ptr, size_t size,

    for(c = 0; (c < width) && (i+c < size); c++) {
      /* check for 0D0A; if found, skip past and start a new line of output */
-      if (nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
+      if(nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
        i+=(c+2-width);
        break;
      }
      fprintf(stderr, "%c",
              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
      /* check again for 0D0A, to avoid an extra \n if it's at width */
-      if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
+      if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
        i+=(c+3-width);
        break;
      }
@ -123,9 +123,11 @@ int my_trace(CURL *handle, curl_infotype type,
  return 0;
 }

+#define OUTPUTFILE "dl"
+
 static void setup(CURL *hnd)
 {
-  FILE *out = fopen("dl", "wb");
+  FILE *out = fopen(OUTPUTFILE, "wb");

  /* write to this file */
  curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out);
@ -167,7 +169,7 @@ static int server_push_callback(CURL *parent,

  (void)parent; /* we have no use for this */

-  sprintf(filename, "push%u", count++);
+  snprintf(filename, 128, "push%u", count++);

  /* here's a new stream, save it in a new file for each new push */
  out = fopen(filename, "wb");
--- a/docs/examples/http2-upload.c
+++ b/docs/examples/http2-upload.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -90,14 +90,14 @@ void dump(const char *text, int num, unsigned char *ptr, size_t size,

    for(c = 0; (c < width) && (i+c < size); c++) {
      /* check for 0D0A; if found, skip past and start a new line of output */
-      if (nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
+      if(nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
        i+=(c+2-width);
        break;
      }
      fprintf(stderr, "%c",
              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
      /* check again for 0D0A, to avoid an extra \n if it's at width */
-      if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
+      if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
        i+=(c+3-width);
        break;
      }
@ -187,10 +187,10 @@ static void setup(CURL *hnd, int num, const char *upload)
  struct stat file_info;
  curl_off_t uploadsize;

-  sprintf(filename, "dl-%d", num);
+  snprintf(filename, 128, "dl-%d", num);
  out = fopen(filename, "wb");

-  sprintf(url, "https://localhost:8443/upload-%d", num);
+  snprintf(url, 256, "https://localhost:8443/upload-%d", num);

  /* get the file size of the local file */
  stat(upload, &file_info);
@ -308,8 +308,7 @@ int main(int argc, char **argv)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -60,7 +60,7 @@ int main(int argc, char **argv)
 {
  CURL *curl;
  CURLcode res;
-  FILE * hd_src ;
+  FILE * hd_src;
  struct stat file_info;

  char *file;
--- a/docs/examples/imap-append.c
+++ b/docs/examples/imap-append.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -44,7 +44,8 @@ static const char *payload_text[] = {
  "To: " TO "\r\n",
  "From: " FROM "(Example User)\r\n",
  "Cc: " CC "(Another example User)\r\n",
-  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Message-ID: "
+  "<dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
  "Subject: IMAP example message\r\n",
  "\r\n", /* empty line to divide headers from body, see RFC5322 */
  "The body of the message starts here.\r\n",
--- a/docs/examples/imap-fetch.c
+++ b/docs/examples/imap-fetch.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -46,7 +46,8 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");

    /* This will fetch message 1 from the user's inbox */
-    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX/;UID=1");
+    curl_easy_setopt(curl, CURLOPT_URL,
+                     "imap://imap.example.com/INBOX/;UID=1");

    /* Perform the fetch */
    res = curl_easy_perform(curl);
--- a/docs/examples/imap-multi.c
+++ b/docs/examples/imap-multi.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -120,8 +120,7 @@ int main(void)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
--- a/docs/examples/imap-ssl.c
+++ b/docs/examples/imap-ssl.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -48,7 +48,8 @@ int main(void)

    /* This will fetch message 1 from the user's inbox. Note the use of
    * imaps:// rather than imap:// to request a SSL based connection. */
-    curl_easy_setopt(curl, CURLOPT_URL, "imaps://imap.example.com/INBOX/;UID=1");
+    curl_easy_setopt(curl, CURLOPT_URL,
+                     "imaps://imap.example.com/INBOX/;UID=1");

    /* If you want to connect to a site who isn't using a certificate that is
     * signed by one of the certs in the CA bundle you have, you can skip the
--- a/docs/examples/imap-tls.c
+++ b/docs/examples/imap-tls.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -47,7 +47,8 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");

    /* This will fetch message 1 from the user's inbox */
-    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX/;UID=1");
+    curl_easy_setopt(curl, CURLOPT_URL,
+                     "imap://imap.example.com/INBOX/;UID=1");

    /* In this example, we'll start with a plain text connection, and upgrade
     * to Transport Layer Security (TLS) using the STARTTLS command. Be careful
@ -61,12 +62,13 @@ int main(void)
     * CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 (false).
     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+     *
     * That is, in general, a bad idea. It is still better than sending your
-     * authentication details in plain text though.
-     * Instead, you should get the issuer certificate (or the host certificate
-     * if the certificate is self-signed) and add it to the set of certificates
-     * that are known to libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See
-     * docs/SSLCERTS for more information. */
+     * authentication details in plain text though.  Instead, you should get
+     * the issuer certificate (or the host certificate if the certificate is
+     * self-signed) and add it to the set of certificates that are known to
+     * libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See docs/SSLCERTS
+     * for more information. */
    curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");

    /* Since the traffic will be encrypted, it is very useful to turn on debug
--- a/docs/examples/multi-app.c
+++ b/docs/examples/multi-app.c
@ -55,8 +55,8 @@ int main(void)
  int msgs_left; /* how many messages are left */

  /* Allocate one CURL handle per transfer */
-  for (i=0; i<HANDLECOUNT; i++)
-      handles[i] = curl_easy_init();
+  for(i=0; i<HANDLECOUNT; i++)
+    handles[i] = curl_easy_init();

  /* set the options (I left out a few, you'll get the point anyway) */
  curl_easy_setopt(handles[HTTP_HANDLE], CURLOPT_URL, "http://example.com");
@ -68,8 +68,8 @@ int main(void)
  multi_handle = curl_multi_init();

  /* add the individual transfers */
-  for (i=0; i<HANDLECOUNT; i++)
-      curl_multi_add_handle(multi_handle, handles[i]);
+  for(i=0; i<HANDLECOUNT; i++)
+    curl_multi_add_handle(multi_handle, handles[i]);

  /* we start some action by calling perform right away */
  curl_multi_perform(multi_handle, &still_running);
@ -106,8 +106,7 @@ int main(void)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
@ -146,12 +145,12 @@ int main(void)
  } while(still_running);

  /* See how the transfers went */
-  while ((msg = curl_multi_info_read(multi_handle, &msgs_left))) {
-    if (msg->msg == CURLMSG_DONE) {
+  while((msg = curl_multi_info_read(multi_handle, &msgs_left))) {
+    if(msg->msg == CURLMSG_DONE) {
      int idx, found = 0;

      /* Find out which handle this message is about */
-      for (idx=0; idx<HANDLECOUNT; idx++) {
+      for(idx=0; idx<HANDLECOUNT; idx++) {
        found = (msg->easy_handle == handles[idx]);
        if(found)
          break;
@ -171,8 +170,8 @@ int main(void)
  curl_multi_cleanup(multi_handle);

  /* Free the CURL handles */
-  for (i=0; i<HANDLECOUNT; i++)
-      curl_easy_cleanup(handles[i]);
+  for(i=0; i<HANDLECOUNT; i++)
+    curl_easy_cleanup(handles[i]);

  return 0;
 }
--- a/docs/examples/multi-debugcallback.c
+++ b/docs/examples/multi-debugcallback.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -69,14 +69,14 @@ void dump(const char *text,

    for(c = 0; (c < width) && (i+c < size); c++) {
      /* check for 0D0A; if found, skip past and start a new line of output */
-      if (nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
+      if(nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
        i+=(c+2-width);
        break;
      }
      fprintf(stream, "%c",
              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
      /* check again for 0D0A, to avoid an extra \n if it's at width */
-      if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
+      if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
        i+=(c+3-width);
        break;
      }
@ -179,8 +179,7 @@ int main(void)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
--- a/docs/examples/multi-double.c
+++ b/docs/examples/multi-double.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -95,8 +95,7 @@ int main(void)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
--- a/docs/examples/multi-post.c
+++ b/docs/examples/multi-post.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -115,8 +115,7 @@ int main(void)
      /* get file descriptors from the transfers */
      mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);

-      if(mc != CURLM_OK)
-      {
+      if(mc != CURLM_OK) {
        fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
        break;
      }
--- a/docs/examples/multi-single.c
+++ b/docs/examples/multi-single.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -77,8 +77,7 @@ int main(void)
    /* wait for activity, timeout or "nothing" */
    mc = curl_multi_wait(multi_handle, NULL, 0, 1000, &numfds);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_wait() failed, code %d.\n", mc);
      break;
    }
--- a/docs/examples/multi-uv.c
+++ b/docs/examples/multi-uv.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -84,9 +84,9 @@ void add_download(const char *url, int num)
  FILE *file;
  CURL *handle;

-  sprintf(filename, "%d.download", num);
+  snprintf(filename, 50, "%d.download", num);

-  file = fopen(filename, "w");
+  file = fopen(filename, "wb");
  if(!file) {
    fprintf(stderr, "Error opening %s\n", filename);
    return;
--- a/docs/examples/opensslthreadlock.c
+++ b/docs/examples/opensslthreadlock.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -42,19 +42,19 @@
 #define THREAD_ID        pthread_self(  )


-void handle_error(const char *file, int lineno, const char *msg){
-     fprintf(stderr, "** %s:%d %s\n", file, lineno, msg);
-     ERR_print_errors_fp(stderr);
-     /* exit(-1); */
- }
+void handle_error(const char *file, int lineno, const char *msg)
+{
+  fprintf(stderr, "** %s:%d %s\n", file, lineno, msg);
+  ERR_print_errors_fp(stderr);
+  /* exit(-1); */
+}

 /* This array will store all of the mutexes available to OpenSSL. */
 static MUTEX_TYPE *mutex_buf= NULL;

-
 static void locking_function(int mode, int n, const char * file, int line)
 {
-  if (mode & CRYPTO_LOCK)
+  if(mode & CRYPTO_LOCK)
    MUTEX_LOCK(mutex_buf[n]);
  else
    MUTEX_UNLOCK(mutex_buf[n]);
@ -70,9 +70,9 @@ int thread_setup(void)
  int i;

  mutex_buf = malloc(CRYPTO_num_locks(  ) * sizeof(MUTEX_TYPE));
-  if (!mutex_buf)
+  if(!mutex_buf)
    return 0;
-  for (i = 0;  i < CRYPTO_num_locks(  );  i++)
+  for(i = 0;  i < CRYPTO_num_locks(  );  i++)
    MUTEX_SETUP(mutex_buf[i]);
  CRYPTO_set_id_callback(id_function);
  CRYPTO_set_locking_callback(locking_function);
@ -83,11 +83,11 @@ int thread_cleanup(void)
 {
  int i;

-  if (!mutex_buf)
+  if(!mutex_buf)
    return 0;
  CRYPTO_set_id_callback(NULL);
  CRYPTO_set_locking_callback(NULL);
-  for (i = 0;  i < CRYPTO_num_locks(  );  i++)
+  for(i = 0;  i < CRYPTO_num_locks(  );  i++)
    MUTEX_CLEANUP(mutex_buf[i]);
  free(mutex_buf);
  mutex_buf = NULL;
--- a/docs/examples/pop3-multi.c
+++ b/docs/examples/pop3-multi.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -120,8 +120,7 @@ int main(void)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
--- a/docs/examples/pop3-tls.c
+++ b/docs/examples/pop3-tls.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -61,12 +61,13 @@ int main(void)
     * CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 (false).
     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+     *
     * That is, in general, a bad idea. It is still better than sending your
-     * authentication details in plain text though.
-     * Instead, you should get the issuer certificate (or the host certificate
-     * if the certificate is self-signed) and add it to the set of certificates
-     * that are known to libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See
-     * docs/SSLCERTS for more information. */
+     * authentication details in plain text though.  Instead, you should get
+     * the issuer certificate (or the host certificate if the certificate is
+     * self-signed) and add it to the set of certificates that are known to
+     * libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See docs/SSLCERTS
+     * for more information. */
    curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");

    /* Since the traffic will be encrypted, it is very useful to turn on debug
--- a/docs/examples/postit2.c
+++ b/docs/examples/postit2.c
@ -83,7 +83,7 @@ int main(int argc, char *argv[])
  if(curl) {
    /* what URL that receives this POST */
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/examplepost.cgi");
-    if ( (argc == 2) && (!strcmp(argv[1], "noexpectheader")) )
+    if((argc == 2) && (!strcmp(argv[1], "noexpectheader")))
      /* only disable 100-continue header if explicitly requested */
      curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
    curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
--- a/docs/examples/rtsp.c
+++ b/docs/examples/rtsp.c
@ -62,12 +62,12 @@ static int _getch(void)

 /* error handling macros */
 #define my_curl_easy_setopt(A, B, C) \
-  if ((res = curl_easy_setopt((A), (B), (C))) != CURLE_OK) \
+  if((res = curl_easy_setopt((A), (B), (C))) != CURLE_OK) \
    fprintf(stderr, "curl_easy_setopt(%s, %s, %s) failed: %d\n", \
            #A, #B, #C, res);

 #define my_curl_easy_perform(A) \
-  if ((res = curl_easy_perform((A))) != CURLE_OK) \
+  if((res = curl_easy_perform((A))) != CURLE_OK) \
    fprintf(stderr, "curl_easy_perform(%s) failed: %d\n", #A, res);


@ -87,9 +87,9 @@ static void rtsp_describe(CURL *curl, const char *uri,
                          const char *sdp_filename)
 {
  CURLcode res = CURLE_OK;
-  FILE *sdp_fp = fopen(sdp_filename, "wt");
+  FILE *sdp_fp = fopen(sdp_filename, "wb");
  printf("\nRTSP: DESCRIBE %s\n", uri);
-  if (sdp_fp == NULL) {
+  if(sdp_fp == NULL) {
    fprintf(stderr, "Could not open '%s' for writing\n", sdp_filename);
    sdp_fp = stdout;
  }
@ -100,7 +100,7 @@ static void rtsp_describe(CURL *curl, const char *uri,
  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_DESCRIBE);
  my_curl_easy_perform(curl);
  my_curl_easy_setopt(curl, CURLOPT_WRITEDATA, stdout);
-  if (sdp_fp != stdout) {
+  if(sdp_fp != stdout) {
    fclose(sdp_fp);
  }
 }
@ -141,14 +141,15 @@ static void rtsp_teardown(CURL *curl, const char *uri)


 /* convert url into an sdp filename */
-static void get_sdp_filename(const char *url, char *sdp_filename)
+static void get_sdp_filename(const char *url, char *sdp_filename,
+                             size_t namelen)
 {
  const char *s = strrchr(url, '/');
  strcpy(sdp_filename, "video.sdp");
-  if (s != NULL) {
+  if(s != NULL) {
    s++;
-    if (s[0] != '\0') {
-      sprintf(sdp_filename, "%s.sdp", s);
+    if(s[0] != '\0') {
+      snprintf(sdp_filename, namelen, "%s.sdp", s);
    }
  }
 }
@ -160,10 +161,10 @@ static void get_media_control_attribute(const char *sdp_filename,
 {
  int max_len = 256;
  char *s = malloc(max_len);
-  FILE *sdp_fp = fopen(sdp_filename, "rt");
+  FILE *sdp_fp = fopen(sdp_filename, "rb");
  control[0] = '\0';
-  if (sdp_fp != NULL) {
-    while (fgets(s, max_len - 2, sdp_fp) != NULL) {
+  if(sdp_fp != NULL) {
+    while(fgets(s, max_len - 2, sdp_fp) != NULL) {
      sscanf(s, " a = control: %s", control);
    }
    fclose(sdp_fp);
@ -178,7 +179,8 @@ int main(int argc, char * const argv[])
 #if 1
  const char *transport = "RTP/AVP;unicast;client_port=1234-1235";  /* UDP */
 #else
-  const char *transport = "RTP/AVP/TCP;unicast;client_port=1234-1235";  /* TCP */
+  /* TCP */
+  const char *transport = "RTP/AVP/TCP;unicast;client_port=1234-1235";
 #endif
  const char *range = "0.000-";
  int rc = EXIT_SUCCESS;
@ -189,50 +191,53 @@ int main(int argc, char * const argv[])
  printf("    Requires cURL V7.20 or greater\n\n");

  /* check command line */
-  if ((argc != 2) && (argc != 3)) {
+  if((argc != 2) && (argc != 3)) {
    base_name = strrchr(argv[0], '/');
-    if (base_name == NULL) {
+    if(base_name == NULL) {
      base_name = strrchr(argv[0], '\\');
    }
-    if (base_name == NULL) {
+    if(base_name == NULL) {
      base_name = argv[0];
-    } else {
+    }
+    else {
      base_name++;
    }
    printf("Usage:   %s url [transport]\n", base_name);
    printf("         url of video server\n");
-    printf("         transport (optional) specifier for media stream protocol\n");
+    printf("         transport (optional) specifier for media stream"
+           " protocol\n");
    printf("         default transport: %s\n", transport);
    printf("Example: %s rtsp://192.168.0.2/media/video1\n\n", base_name);
    rc = EXIT_FAILURE;
-  } else {
+  }
+  else {
    const char *url = argv[1];
    char *uri = malloc(strlen(url) + 32);
    char *sdp_filename = malloc(strlen(url) + 32);
    char *control = malloc(strlen(url) + 32);
    CURLcode res;
-    get_sdp_filename(url, sdp_filename);
-    if (argc == 3) {
+    get_sdp_filename(url, sdp_filename, strlen(url) + 32);
+    if(argc == 3) {
      transport = argv[2];
    }

    /* initialize curl */
    res = curl_global_init(CURL_GLOBAL_ALL);
-    if (res == CURLE_OK) {
+    if(res == CURLE_OK) {
      curl_version_info_data *data = curl_version_info(CURLVERSION_NOW);
      CURL *curl;
      fprintf(stderr, "    cURL V%s loaded\n", data->version);

      /* initialize this curl session */
      curl = curl_easy_init();
-      if (curl != NULL) {
+      if(curl != NULL) {
        my_curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
        my_curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
        my_curl_easy_setopt(curl, CURLOPT_HEADERDATA, stdout);
        my_curl_easy_setopt(curl, CURLOPT_URL, url);

        /* request server options */
-        sprintf(uri, "%s", url);
+        snprintf(uri, strlen(url) + 32, "%s", url);
        rtsp_options(curl, uri);

        /* request session description and write response to sdp file */
@ -242,11 +247,11 @@ int main(int argc, char * const argv[])
        get_media_control_attribute(sdp_filename, control);

        /* setup media stream */
-        sprintf(uri, "%s/%s", url, control);
+        snprintf(uri, strlen(url) + 32, "%s/%s", url, control);
        rtsp_setup(curl, uri, transport);

        /* start playing media stream */
-        sprintf(uri, "%s/", url);
+        snprintf(uri, strlen(url) + 32, "%s/", url);
        rtsp_play(curl, uri, range);
        printf("Playing video, press any key to stop ...");
        _getch();
@ -258,11 +263,13 @@ int main(int argc, char * const argv[])
        /* cleanup */
        curl_easy_cleanup(curl);
        curl = NULL;
-      } else {
+      }
+      else {
        fprintf(stderr, "curl_easy_init() failed\n");
      }
      curl_global_cleanup();
-    } else {
+    }
+    else {
      fprintf(stderr, "curl_global_init(%s) failed: %d\n",
              "CURL_GLOBAL_ALL", res);
    }
--- a/docs/examples/sampleconv.c
+++ b/docs/examples/sampleconv.c
@ -49,10 +49,11 @@ CURLcode my_conv_from_ascii_to_ebcdic(char *buffer, size_t length)
    int rc;
    tempptrin = tempptrout = buffer;
    rc = platform_a2e(&tempptrin, &bytes, &tempptrout, &bytes);
-    if (rc == PLATFORM_CONV_OK) {
-      return(CURLE_OK);
-    } else {
-      return(CURLE_CONV_FAILED);
+    if(rc == PLATFORM_CONV_OK) {
+      return CURLE_OK;
+    }
+    else {
+      return CURLE_CONV_FAILED;
    }
 }

@ -63,10 +64,11 @@ CURLcode my_conv_from_ebcdic_to_ascii(char *buffer, size_t length)
    int rc;
    tempptrin = tempptrout = buffer;
    rc = platform_e2a(&tempptrin, &bytes, &tempptrout, &bytes);
-    if (rc == PLATFORM_CONV_OK) {
-      return(CURLE_OK);
-    } else {
-      return(CURLE_CONV_FAILED);
+    if(rc == PLATFORM_CONV_OK) {
+      return CURLE_OK;
+    }
+    else {
+      return CURLE_CONV_FAILED;
    }
 }

@ -77,10 +79,11 @@ CURLcode my_conv_from_utf8_to_ebcdic(char *buffer, size_t length)
    int rc;
    tempptrin = tempptrout = buffer;
    rc = platform_u2e(&tempptrin, &bytes, &tempptrout, &bytes);
-    if (rc == PLATFORM_CONV_OK) {
-      return(CURLE_OK);
-    } else {
-      return(CURLE_CONV_FAILED);
+    if(rc == PLATFORM_CONV_OK) {
+      return CURLE_OK;
+    }
+    else {
+      return CURLE_CONV_FAILED;
    }
 }

--- a/docs/examples/sendrecv.c
+++ b/docs/examples/sendrecv.c
@ -44,12 +44,10 @@ static int wait_on_socket(curl_socket_t sockfd, int for_recv, long timeout_ms)

  FD_SET(sockfd, &errfd); /* always check for error */

-  if(for_recv)
-  {
+  if(for_recv) {
    FD_SET(sockfd, &infd);
  }
-  else
-  {
+  else {
    FD_SET(sockfd, &outfd);
  }

@ -84,8 +82,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);
    res = curl_easy_perform(curl);

-    if(CURLE_OK != res)
-    {
+    if(CURLE_OK != res) {
      printf("Error: %s\n", strerror(res));
      return 1;
    }
@ -96,17 +93,15 @@ int main(void)
     */
    res = curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sockextr);

-    if(CURLE_OK != res)
-    {
+    if(CURLE_OK != res) {
      printf("Error: %s\n", curl_easy_strerror(res));
      return 1;
    }

-    sockfd = sockextr;
+    sockfd = (curl_socket_t)sockextr;

    /* wait for the socket to become ready for sending */
-    if(!wait_on_socket(sockfd, 0, 60000L))
-    {
+    if(!wait_on_socket(sockfd, 0, 60000L)) {
      printf("Error: timeout.\n");
      return 1;
    }
@ -116,16 +111,14 @@ int main(void)
     * to see if all the request has been sent */
    res = curl_easy_send(curl, request, strlen(request), &iolen);

-    if(CURLE_OK != res)
-    {
+    if(CURLE_OK != res) {
      printf("Error: %s\n", curl_easy_strerror(res));
      return 1;
    }
    puts("Reading response.");

    /* read the response */
-    for(;;)
-    {
+    for(;;) {
      char buf[1024];

      wait_on_socket(sockfd, 1, 60000L);
--- a/docs/examples/sepheaders.c
+++ b/docs/examples/sepheaders.c
@ -31,7 +31,7 @@

 static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  int written = fwrite(ptr, size, nmemb, (FILE *)stream);
+  size_t written = fwrite(ptr, size, nmemb, (FILE *)stream);
  return written;
 }

--- a/docs/examples/simplessl.c
+++ b/docs/examples/simplessl.c
@ -47,7 +47,6 @@

 int main(void)
 {
-  int i;
  CURL *curl;
  CURLcode res;
  FILE *headerfile;
@ -55,6 +54,7 @@ int main(void)

  static const char *pCertFile = "testcert.pem";
  static const char *pCACertFile="cacert.pem";
+  static const char *pHeaderFile = "dumpit";

  const char *pKeyName;
  const char *pKeyType;
@ -71,7 +71,7 @@ int main(void)
  pEngine   = NULL;
 #endif

-  headerfile = fopen("dumpit", "w");
+  headerfile = fopen(pHeaderFile, "wb");

  curl_global_init(CURL_GLOBAL_DEFAULT);

@ -81,47 +81,46 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://your.favourite.ssl.site");
    curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);

-    for(i = 0; i < 1; i++) /* single-iteration loop, just to break out from */
-    {
-      if (pEngine)             /* use crypto engine */
-      {
-        if (curl_easy_setopt(curl, CURLOPT_SSLENGINE,pEngine) != CURLE_OK)
-        {                     /* load the crypto engine */
-          fprintf(stderr,"can't set crypto engine\n");
+    do { /* dummy loop, just to break out from */
+      if(pEngine) {
+        /* use crypto engine */
+        if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {
+          /* load the crypto engine */
+          fprintf(stderr, "can't set crypto engine\n");
          break;
        }
-        if (curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT,1L) != CURLE_OK)
-        { /* set the crypto engine as default */
+        if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
+          /* set the crypto engine as default */
          /* only needed for the first time you load
             a engine in a curl object... */
-          fprintf(stderr,"can't set crypto engine as default\n");
+          fprintf(stderr, "can't set crypto engine as default\n");
          break;
        }
      }
      /* cert is stored PEM coded in file... */
      /* since PEM is default, we needn't set it for PEM */
-      curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
+      curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");

      /* set the cert for client authentication */
-      curl_easy_setopt(curl,CURLOPT_SSLCERT,pCertFile);
+      curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);

      /* sorry, for engine we must set the passphrase
         (if the key has one...) */
-      if (pPassphrase)
-        curl_easy_setopt(curl,CURLOPT_KEYPASSWD,pPassphrase);
+      if(pPassphrase)
+        curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);

      /* if we use a key stored in a crypto engine,
         we must set the key type to "ENG" */
-      curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,pKeyType);
+      curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);

      /* set the private key (file or ID in engine) */
-      curl_easy_setopt(curl,CURLOPT_SSLKEY,pKeyName);
+      curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);

      /* set the file with the certs vaildating the server */
-      curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);
+      curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);

      /* disconnect if we can't validate server's cert */
-      curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L);
+      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);

      /* Perform the request, res will get the return code */
      res = curl_easy_perform(curl);
@ -131,7 +130,7 @@ int main(void)
                curl_easy_strerror(res));

      /* we are done... */
-    }
+    } while(0);
    /* always cleanup */
    curl_easy_cleanup(curl);
  }
--- a/docs/examples/smooth-gtk-thread.c
+++ b/docs/examples/smooth-gtk-thread.c
@ -74,8 +74,7 @@ void *pull_one_url(void *NaN)

  /* Stop threads from entering unless j is incremented */
  pthread_mutex_lock(&lock);
-  while ( j < num_urls )
-  {
+  while(j < num_urls) {
    printf("j = %d\n", j);

    http =
@ -85,11 +84,9 @@ void *pull_one_url(void *NaN)
    printf( "http %s", http );

    curl = curl_easy_init();
-    if(curl)
-    {
+    if(curl) {

-      outfile = fopen(urls[j], "w");
-      /* printf("fopen\n"); */
+      outfile = fopen(urls[j], "wb");

      /* Set the URL and transfer type */
      curl_easy_setopt(curl, CURLOPT_URL, http);
@ -219,7 +216,7 @@ int main(int argc, char **argv)
  g_signal_connect(G_OBJECT (top_window), "delete-event",
                   G_CALLBACK(cb_delete), NULL);

-  if (!g_thread_create(&create_thread, progress_bar, FALSE, NULL) != 0)
+  if(!g_thread_create(&create_thread, progress_bar, FALSE, NULL) != 0)
    g_warning("can't create the thread");

  gtk_main();
@ -228,4 +225,3 @@ int main(int argc, char **argv)

  return 0;
 }
-
--- a/docs/examples/smtp-mail.c
+++ b/docs/examples/smtp-mail.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -45,7 +45,8 @@ static const char *payload_text[] = {
  "To: " TO "\r\n",
  "From: " FROM "(Example User)\r\n",
  "Cc: " CC "(Another example User)\r\n",
-  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@"
+  "rfcpedant.example.org>\r\n",
  "Subject: SMTP example message\r\n",
  "\r\n", /* empty line to divide headers from body, see RFC5322 */
  "The body of the message starts here.\r\n",
@ -95,11 +96,12 @@ int main(void)
    /* This is the URL for your mailserver */
    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com");

-    /* Note that this option isn't strictly required, omitting it will result in
-     * libcurl sending the MAIL FROM command with empty sender data. All
+    /* Note that this option isn't strictly required, omitting it will result
+     * in libcurl sending the MAIL FROM command with empty sender data. All
     * autoresponses should have an empty reverse-path, and should be directed
-     * to the address in the reverse-path which triggered them. Otherwise, they
-     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+     * to the address in the reverse-path which triggered them. Otherwise,
+     * they could cause an endless loop. See RFC 5321 Section 4.5.5 for more
+     * details.
     */
    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);

@ -128,13 +130,13 @@ int main(void)
    /* Free the list of recipients */
    curl_slist_free_all(recipients);

-    /* curl won't send the QUIT command until you call cleanup, so you should be
-     * able to re-use this connection for additional messages (setting
+    /* curl won't send the QUIT command until you call cleanup, so you should
+     * be able to re-use this connection for additional messages (setting
     * CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT as required, and calling
     * curl_easy_perform() again. It may not be a good idea to keep the
-     * connection open for a very long time though (more than a few minutes may
-     * result in the server timing out the connection), and you do want to clean
-     * up in the end.
+     * connection open for a very long time though (more than a few minutes
+     * may result in the server timing out the connection), and you do want to
+     * clean up in the end.
     */
    curl_easy_cleanup(curl);
  }
--- a/docs/examples/smtp-multi.c
+++ b/docs/examples/smtp-multi.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -46,7 +46,8 @@ static const char *payload_text[] = {
  "To: " TO "\r\n",
  "From: " FROM "(Example User)\r\n",
  "Cc: " CC "(Another example User)\r\n",
-  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@"
+  "rfcpedant.example.org>\r\n",
  "Subject: SMTP multi example message\r\n",
  "\r\n", /* empty line to divide headers from body, see RFC5322 */
  "The body of the message starts here.\r\n",
@ -186,8 +187,7 @@ int main(void)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
--- a/docs/examples/smtp-ssl.c
+++ b/docs/examples/smtp-ssl.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -46,7 +46,8 @@ static const char *payload_text[] = {
  "To: " TO "\r\n",
  "From: " FROM "(Example User)\r\n",
  "Cc: " CC "(Another example User)\r\n",
-  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@"
+  "rfcpedant.example.org>\r\n",
  "Subject: SMTP SSL example message\r\n",
  "\r\n", /* empty line to divide headers from body, see RFC5322 */
  "The body of the message starts here.\r\n",
@ -121,11 +122,12 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

-    /* Note that this option isn't strictly required, omitting it will result in
-     * libcurl sending the MAIL FROM command with empty sender data. All
+    /* Note that this option isn't strictly required, omitting it will result
+     * in libcurl sending the MAIL FROM command with empty sender data. All
     * autoresponses should have an empty reverse-path, and should be directed
-     * to the address in the reverse-path which triggered them. Otherwise, they
-     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+     * to the address in the reverse-path which triggered them. Otherwise,
+     * they could cause an endless loop. See RFC 5321 Section 4.5.5 for more
+     * details.
     */
    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);

--- a/docs/examples/smtp-tls.c
+++ b/docs/examples/smtp-tls.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -46,7 +46,8 @@ static const char *payload_text[] = {
  "To: " TO "\r\n",
  "From: " FROM "(Example User)\r\n",
  "Cc: " CC "(Another example User)\r\n",
-  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@"
+  "rfcpedant.example.org>\r\n",
  "Subject: SMTP TLS example message\r\n",
  "\r\n", /* empty line to divide headers from body, see RFC5322 */
  "The body of the message starts here.\r\n",
@ -116,18 +117,19 @@ int main(void)
     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
     * That is, in general, a bad idea. It is still better than sending your
-     * authentication details in plain text though.
-     * Instead, you should get the issuer certificate (or the host certificate
-     * if the certificate is self-signed) and add it to the set of certificates
-     * that are known to libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See
-     * docs/SSLCERTS for more information. */
+     * authentication details in plain text though.  Instead, you should get
+     * the issuer certificate (or the host certificate if the certificate is
+     * self-signed) and add it to the set of certificates that are known to
+     * libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See docs/SSLCERTS
+     * for more information. */
    curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");

-    /* Note that this option isn't strictly required, omitting it will result in
-     * libcurl sending the MAIL FROM command with empty sender data. All
+    /* Note that this option isn't strictly required, omitting it will result
+     * in libcurl sending the MAIL FROM command with empty sender data. All
     * autoresponses should have an empty reverse-path, and should be directed
-     * to the address in the reverse-path which triggered them. Otherwise, they
-     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+     * to the address in the reverse-path which triggered them. Otherwise,
+     * they could cause an endless loop. See RFC 5321 Section 4.5.5 for more
+     * details.
     */
    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);

--- a/docs/examples/synctime.c
+++ b/docs/examples/synctime.c
@ -129,7 +129,7 @@ size_t SyncTime_CURL_WriteOutput(void *ptr, size_t size, size_t nmemb,
                                 void *stream)
 {
  fwrite(ptr, size, nmemb, stream);
-  return(nmemb*size);
+  return (nmemb*size);
 }

 size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
@ -138,17 +138,17 @@ size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
  int   i, RetVal;
  char  TmpStr1[26], TmpStr2[26];

-  if (ShowAllHeader == 1)
+  if(ShowAllHeader == 1)
    fprintf(stderr, "%s", (char *)(ptr));

-  if (strncmp((char *)(ptr), "Date:", 5) == 0) {
-    if (ShowAllHeader == 0)
+  if(strncmp((char *)(ptr), "Date:", 5) == 0) {
+    if(ShowAllHeader == 0)
      fprintf(stderr, "HTTP Server. %s", (char *)(ptr));

-    if (AutoSyncTime == 1) {
+    if(AutoSyncTime == 1) {
      *TmpStr1 = 0;
      *TmpStr2 = 0;
-      if (strlen((char *)(ptr)) > 50) /* Can prevent buffer overflow to
+      if(strlen((char *)(ptr)) > 50) /* Can prevent buffer overflow to
                                         TmpStr1 & 2? */
        AutoSyncTime = 0;
      else {
@ -156,11 +156,10 @@ size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
                         TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear,
                         &SYSTime.wHour, &SYSTime.wMinute, &SYSTime.wSecond);

-        if (RetVal == 7) {
-
+        if(RetVal == 7) {
          SYSTime.wMilliseconds = 500;    /* adjust to midpoint, 0.5 sec */
-          for (i=0; i<12; i++) {
-            if (strcmp(MthStr[i], TmpStr2) == 0) {
+          for(i=0; i<12; i++) {
+            if(strcmp(MthStr[i], TmpStr2) == 0) {
              SYSTime.wMonth = i+1;
              break;
            }
@ -174,21 +173,21 @@ size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
    }
  }

-  if (strncmp((char *)(ptr), "X-Cache: HIT", 12) == 0) {
+  if(strncmp((char *)(ptr), "X-Cache: HIT", 12) == 0) {
    fprintf(stderr, "ERROR: HTTP Server data is cached."
            " Server Date is no longer valid.\n");
    AutoSyncTime = 0;
  }
-  return(nmemb*size);
+  return (nmemb*size);
 }

 void SyncTime_CURL_Init(CURL *curl, char *proxy_port,
                        char *proxy_user_password)
 {
-  if (strlen(proxy_port) > 0)
+  if(strlen(proxy_port) > 0)
    curl_easy_setopt(curl, CURLOPT_PROXY, proxy_port);

-  if (strlen(proxy_user_password) > 0)
+  if(strlen(proxy_user_password) > 0)
    curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, proxy_user_password);

 #ifdef SYNCTIME_UA
@ -205,7 +204,7 @@ int SyncTime_CURL_Fetch(CURL *curl, char *URL_Str, char *OutFileName,
  CURLcode res;

  outfile = NULL;
-  if (HttpGetBody == HTTP_COMMAND_HEAD)
+  if(HttpGetBody == HTTP_COMMAND_HEAD)
    curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
  else {
    outfile = fopen(OutFileName, "wb");
@ -214,7 +213,7 @@ int SyncTime_CURL_Fetch(CURL *curl, char *URL_Str, char *OutFileName,

  curl_easy_setopt(curl, CURLOPT_URL, URL_Str);
  res = curl_easy_perform(curl);
-  if (outfile != NULL)
+  if(outfile != NULL)
    fclose(outfile);
  return res;  /* (CURLE_OK) */
 }
@ -244,7 +243,7 @@ int conf_init(conf_t *conf)
  int i;

  *conf->http_proxy       = 0;
-  for (i=0; i<MAX_STRING1; i++)
+  for(i=0; i<MAX_STRING1; i++)
    conf->proxy_user[i]     = 0;    /* Clean up password from memory */
  *conf->timeserver       = 0;
  return 1;
@ -272,24 +271,24 @@ int main(int argc, char *argv[])
  RetValue        = 0;    /* Successful Exit */
  conf_init(conf);

-  if (argc > 1) {
-    while (OptionIndex < argc) {
-      if (strncmp(argv[OptionIndex], "--server=", 9) == 0)
+  if(argc > 1) {
+    while(OptionIndex < argc) {
+      if(strncmp(argv[OptionIndex], "--server=", 9) == 0)
        snprintf(conf->timeserver, MAX_STRING, "%s", &argv[OptionIndex][9]);

-      if (strcmp(argv[OptionIndex], "--showall") == 0)
+      if(strcmp(argv[OptionIndex], "--showall") == 0)
        ShowAllHeader = 1;

-      if (strcmp(argv[OptionIndex], "--synctime") == 0)
+      if(strcmp(argv[OptionIndex], "--synctime") == 0)
        AutoSyncTime = 1;

-      if (strncmp(argv[OptionIndex], "--proxy-user=", 13) == 0)
+      if(strncmp(argv[OptionIndex], "--proxy-user=", 13) == 0)
        snprintf(conf->proxy_user, MAX_STRING, "%s", &argv[OptionIndex][13]);

-      if (strncmp(argv[OptionIndex], "--proxy=", 8) == 0)
+      if(strncmp(argv[OptionIndex], "--proxy=", 8) == 0)
        snprintf(conf->http_proxy, MAX_STRING, "%s", &argv[OptionIndex][8]);

-      if ((strcmp(argv[OptionIndex], "--help") == 0) ||
+      if((strcmp(argv[OptionIndex], "--help") == 0) ||
          (strcmp(argv[OptionIndex], "/?") == 0)) {
        showUsage();
        return 0;
@ -298,13 +297,13 @@ int main(int argc, char *argv[])
    }
  }

-  if (*conf->timeserver == 0)     /* Use default server for time information */
+  if(*conf->timeserver == 0)     /* Use default server for time information */
    snprintf(conf->timeserver, MAX_STRING, "%s", DefaultTimeServer[0]);

  /* Init CURL before usage */
  curl_global_init(CURL_GLOBAL_ALL);
  curl = curl_easy_init();
-  if (curl) {
+  if(curl) {
    SyncTime_CURL_Init(curl, conf->http_proxy, conf->proxy_user);

    /* Calculating time diff between GMT and localtime */
@ -316,7 +315,7 @@ int main(int argc, char *argv[])
    tzonediffFloat = difftime(tt_local, tt_gmt);
    tzonediffWord  = (int)(tzonediffFloat/3600.0);

-    if ((double)(tzonediffWord * 3600) == tzonediffFloat)
+    if((double)(tzonediffWord * 3600) == tzonediffFloat)
      snprintf(tzoneBuf, 15, "%+03d'00'", tzonediffWord);
    else
      snprintf(tzoneBuf, 15, "%+03d'30'", tzonediffWord);
@ -345,9 +344,9 @@ int main(int argc, char *argv[])
             LOCALTime.wMilliseconds);
    fprintf(stderr, "\nAfter  HTTP. Date: %s%s\n", timeBuf, tzoneBuf);

-    if (AutoSyncTime == 3) {
+    if(AutoSyncTime == 3) {
      /* Synchronising computer clock */
-      if (!SetSystemTime(&SYSTime)) {  /* Set system time */
+      if(!SetSystemTime(&SYSTime)) {  /* Set system time */
        fprintf(stderr, "ERROR: Unable to set system time.\n");
        RetValue = 1;
      }
--- a/docs/examples/threaded-ssl.c
+++ b/docs/examples/threaded-ssl.c
@ -51,7 +51,7 @@ static void lock_callback(int mode, int type, char *file, int line)
 {
  (void)file;
  (void)line;
-  if (mode & CRYPTO_LOCK) {
+  if(mode & CRYPTO_LOCK) {
    pthread_mutex_lock(&(lockarray[type]));
  }
  else {
@ -64,7 +64,7 @@ static unsigned long thread_id(void)
  unsigned long ret;

  ret=(unsigned long)pthread_self();
-  return(ret);
+  return ret;
 }

 static void init_locks(void)
@ -73,8 +73,8 @@ static void init_locks(void)

  lockarray=(pthread_mutex_t *)OPENSSL_malloc(CRYPTO_num_locks() *
                                            sizeof(pthread_mutex_t));
-  for (i=0; i<CRYPTO_num_locks(); i++) {
-    pthread_mutex_init(&(lockarray[i]),NULL);
+  for(i=0; i<CRYPTO_num_locks(); i++) {
+    pthread_mutex_init(&(lockarray[i]), NULL);
  }

  CRYPTO_set_id_callback((unsigned long (*)())thread_id);
@ -86,7 +86,7 @@ static void kill_locks(void)
  int i;

  CRYPTO_set_locking_callback(NULL);
-  for (i=0; i<CRYPTO_num_locks(); i++)
+  for(i=0; i<CRYPTO_num_locks(); i++)
    pthread_mutex_destroy(&(lockarray[i]));

  OPENSSL_free(lockarray);
--- a/docs/examples/url2file.c
+++ b/docs/examples/url2file.c
@ -65,7 +65,7 @@ int main(int argc, char *argv[])

  /* open the file */
  pagefile = fopen(pagefilename, "wb");
-  if (pagefile) {
+  if(pagefile) {

    /* write the page body to this file handle */
    curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, pagefile);
--- a/docs/examples/usercertinmem.c
+++ b/docs/examples/usercertinmem.c
@ -38,8 +38,8 @@

 static size_t writefunction(void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  fwrite(ptr,size,nmemb,stream);
-  return(nmemb*size);
+  fwrite(ptr, size, nmemb, stream);
+  return (nmemb*size);
 }

 static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
@ -120,7 +120,7 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
  /* get a BIO */
  bio = BIO_new_mem_buf((char *)mypem, -1);

-  if (bio == NULL) {
+  if(bio == NULL) {
    printf("BIO_new_mem_buf failed\n");
  }

@ -128,49 +128,49 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
   * structure that SSL can use
   */
  cert = PEM_read_bio_X509(bio, NULL, 0, NULL);
-  if (cert == NULL) {
+  if(cert == NULL) {
    printf("PEM_read_bio_X509 failed...\n");
  }

  /*tell SSL to use the X509 certificate*/
  ret = SSL_CTX_use_certificate((SSL_CTX*)sslctx, cert);
-  if (ret != 1) {
+  if(ret != 1) {
    printf("Use certificate failed\n");
  }

  /*create a bio for the RSA key*/
  kbio = BIO_new_mem_buf((char *)mykey, -1);
-  if (kbio == NULL) {
+  if(kbio == NULL) {
    printf("BIO_new_mem_buf failed\n");
  }

  /*read the key bio into an RSA object*/
  rsa = PEM_read_bio_RSAPrivateKey(kbio, NULL, 0, NULL);
-  if (rsa == NULL) {
+  if(rsa == NULL) {
    printf("Failed to create key bio\n");
  }

  /*tell SSL to use the RSA key from memory*/
  ret = SSL_CTX_use_RSAPrivateKey((SSL_CTX*)sslctx, rsa);
-  if (ret != 1) {
+  if(ret != 1) {
    printf("Use Key failed\n");
  }

  /* free resources that have been allocated by openssl functions */
-  if (bio)
+  if(bio)
    BIO_free(bio);

-  if (kbio)
+  if(kbio)
    BIO_free(kbio);

-  if (rsa)
+  if(rsa)
    RSA_free(rsa);

-  if (cert)
+  if(cert)
    X509_free(cert);

  /* all set to go */
-  return CURLE_OK ;
+  return CURLE_OK;
 }

 int main(void)
@ -180,28 +180,28 @@ int main(void)

  rv = curl_global_init(CURL_GLOBAL_ALL);
  ch = curl_easy_init();
-  rv = curl_easy_setopt(ch,CURLOPT_VERBOSE, 0L);
-  rv = curl_easy_setopt(ch,CURLOPT_HEADER, 0L);
-  rv = curl_easy_setopt(ch,CURLOPT_NOPROGRESS, 1L);
-  rv = curl_easy_setopt(ch,CURLOPT_NOSIGNAL, 1L);
-  rv = curl_easy_setopt(ch,CURLOPT_WRITEFUNCTION, *writefunction);
-  rv = curl_easy_setopt(ch,CURLOPT_WRITEDATA, stdout);
-  rv = curl_easy_setopt(ch,CURLOPT_HEADERFUNCTION, *writefunction);
-  rv = curl_easy_setopt(ch,CURLOPT_HEADERDATA, stderr);
-  rv = curl_easy_setopt(ch,CURLOPT_SSLCERTTYPE,"PEM");
+  rv = curl_easy_setopt(ch, CURLOPT_VERBOSE, 0L);
+  rv = curl_easy_setopt(ch, CURLOPT_HEADER, 0L);
+  rv = curl_easy_setopt(ch, CURLOPT_NOPROGRESS, 1L);
+  rv = curl_easy_setopt(ch, CURLOPT_NOSIGNAL, 1L);
+  rv = curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, writefunction);
+  rv = curl_easy_setopt(ch, CURLOPT_WRITEDATA, stdout);
+  rv = curl_easy_setopt(ch, CURLOPT_HEADERFUNCTION, writefunction);
+  rv = curl_easy_setopt(ch, CURLOPT_HEADERDATA, stderr);
+  rv = curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");

  /* both VERIFYPEER and VERIFYHOST are set to 0 in this case because there is
     no CA certificate*/

-  rv = curl_easy_setopt(ch,CURLOPT_SSL_VERIFYPEER, 0L);
-  rv = curl_easy_setopt(ch,CURLOPT_SSL_VERIFYHOST, 0L);
+  rv = curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 0L);
+  rv = curl_easy_setopt(ch, CURLOPT_SSL_VERIFYHOST, 0L);
  rv = curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
  rv = curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "PEM");

  /* first try: retrieve page without user certificate and key -> will fail
   */
  rv = curl_easy_perform(ch);
-  if (rv==CURLE_OK) {
+  if(rv==CURLE_OK) {
    printf("*** transfer succeeded ***\n");
  }
  else {
@ -212,9 +212,9 @@ int main(void)
   * load the certificate and key by installing a function doing the necessary
   * "modifications" to the SSL CONTEXT just before link init
   */
-  rv = curl_easy_setopt(ch,CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
+  rv = curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
  rv = curl_easy_perform(ch);
-  if (rv==CURLE_OK) {
+  if(rv==CURLE_OK) {
    printf("*** transfer succeeded ***\n");
  }
  else {
--- a/docs/examples/xmlstream.c
+++ b/docs/examples/xmlstream.c
@ -51,7 +51,8 @@ struct ParserStruct {
  struct MemoryStruct characters;
 };

-static void startElement(void *userData, const XML_Char *name, const XML_Char **atts)
+static void startElement(void *userData, const XML_Char *name,
+                         const XML_Char **atts)
 {
  struct ParserStruct *state = (struct ParserStruct *) userData;
  state->tags++;
@ -89,16 +90,18 @@ static void endElement(void *userData, const XML_Char *name)
  printf("%5lu   %10lu   %s\n", state->depth, state->characters.size, name);
 }

-static size_t parseStreamCallback(void *contents, size_t length, size_t nmemb, void *userp)
+static size_t parseStreamCallback(void *contents, size_t length, size_t nmemb,
+                                  void *userp)
 {
  XML_Parser parser = (XML_Parser) userp;
  size_t real_size = length * nmemb;
  struct ParserStruct *state = (struct ParserStruct *) XML_GetUserData(parser);

  /* Only parse if we're not already in a failure state. */
-  if (state->ok && XML_Parse(parser, contents, real_size, 0) == 0) {
+  if(state->ok && XML_Parse(parser, contents, real_size, 0) == 0) {
    int error_code = XML_GetErrorCode(parser);
-    fprintf(stderr, "Parsing response buffer of length %lu failed with error code %d (%s).\n",
+    fprintf(stderr, "Parsing response buffer of length %lu failed"
+            " with error code %d (%s).\n",
            real_size, error_code, XML_ErrorString(error_code));
    state->ok = 0;
  }
@ -126,7 +129,8 @@ int main(void)
  /* Initialize a libcurl handle. */
  curl_global_init(CURL_GLOBAL_ALL ^ CURL_GLOBAL_SSL);
  curl_handle = curl_easy_init();
-  curl_easy_setopt(curl_handle, CURLOPT_URL, "http://www.w3schools.com/xml/simple.xml");
+  curl_easy_setopt(curl_handle, CURLOPT_URL,
+                   "http://www.w3schools.com/xml/simple.xml");
  curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, parseStreamCallback);
  curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)parser);

@ -138,9 +142,9 @@ int main(void)
    fprintf(stderr, "curl_easy_perform() failed: %s\n",
            curl_easy_strerror(res));
  }
-  else if (state.ok) {
+  else if(state.ok) {
    /* Expat requires one final call to finalize parsing. */
-    if (XML_Parse(parser, NULL, 0, 1) == 0) {
+    if(XML_Parse(parser, NULL, 0, 1) == 0) {
      int error_code = XML_GetErrorCode(parser);
      fprintf(stderr, "Finalizing parsing failed with error code %d (%s).\n",
              error_code, XML_ErrorString(error_code));
--- a/docs/libcurl/curl_easy_getinfo.3
+++ b/docs/libcurl/curl_easy_getinfo.3
@ -194,9 +194,9 @@ See \fICURLINFO_FTP_ENTRY_PATH(3)\fP
 Certificate chain.
 See \fICURLINFO_CERTINFO(3)\fP

-.IP CURLINFO_TLS_SESSION
+.IP CURLINFO_TLS_SSL_PTR
 TLS session info that can be used for further processing.
-See \fICURLINFO_TLS_SESSION(3)\fP
+See \fICURLINFO_TLS_SSL_PTR(3)\fP

 .IP CURLINFO_CONDITION_UNMET
 Whether or not a time conditional was met.
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@ -314,6 +314,8 @@ Authentication address. See \fICURLOPT_MAIL_AUTH(3)\fP
 .SH TFTP OPTIONS
 .IP CURLOPT_TFTP_BLKSIZE
 TFTP block size. See \fICURLOPT_TFTP_BLKSIZE(3)\fP
+.IP CURLOPT_TFTP_NO_OPTIONS
+Do not send TFTP options requests. See \fICURLOPT_TFTP_NO_OPTIONS(3)\fP
 .SH FTP OPTIONS
 .IP CURLOPT_FTPPORT
 Use active FTP. See \fICURLOPT_FTPPORT(3)\fP
--- a/docs/libcurl/curl_multi_wait.3
+++ b/docs/libcurl/curl_multi_wait.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -71,6 +71,48 @@ priority read events such as out of band data.
 .IP CURL_WAIT_POLLOUT
 Bit flag to curl_waitfd.events indicating the socket should poll on write
 events such as the socket being clear to write without blocking.
+.SH EXAMPLE
+.nf
+CURL *easy_handle;
+CURLM *multi_handle;
+
+/* add the individual easy handle */
+curl_multi_add_handle(multi_handle, easy_handle);
+
+do {
+  CURLMcode mc;
+  int numfds;
+
+  mc = curl_multi_perform(multi_handle, &still_running);
+
+  if(mc == CURLM_OK ) {
+    /* wait for activity, timeout or "nothing" */
+    mc = curl_multi_wait(multi_handle, NULL, 0, 1000, &numfds);
+  }
+
+  if(mc != CURLM_OK) {
+    fprintf(stderr, "curl_multi failed, code %d.\n", mc);
+    break;
+  }
+
+  /* 'numfds' being zero means either a timeout or no file descriptors to
+     wait for. Try timeout on first occurrence, then assume no file
+     descriptors and no file descriptors to wait for means wait for 100
+     milliseconds. */
+
+  if(!numfds) {
+    repeats++; /* count number of repeated zero numfds */
+    if(repeats > 1) {
+      WAITMS(100); /* sleep 100 milliseconds */
+    }
+  }
+  else
+    repeats = 0;
+
+} while(still_running);
+
+curl_multi_remove_handle(multi_handle, easy_handle);
+.fi
 .SH RETURN VALUE
 CURLMcode type, general libcurl multi interface error code. See
 \fIlibcurl-errors(3)\fP
--- a/docs/libcurl/libcurl-thread.3
+++ b/docs/libcurl/libcurl-thread.3
@ -91,5 +91,5 @@ fail-safe initialization that takes place the first time
 These functions, provided either by your operating system or your own
 replacements, must be thread safe. You can use \fIcurl_global_init_mem(3)\fP
 to set your own replacement memory functions.
-.IP Non-safe functions
+.IP "Non-safe functions"
 \fICURLOPT_DNS_USE_GLOBAL_CACHE(3)\fP is not thread-safe.
--- a/docs/libcurl/opts/CURLINFO_COOKIELIST.3
+++ b/docs/libcurl/opts/CURLINFO_COOKIELIST.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -47,3 +47,4 @@ Added in 7.14.1
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
 .BR curl_easy_getinfo "(3), " curl_easy_setopt "(3), "
+.BR CURLOPT_COOKIELIST "(3), "
--- a/docs/libcurl/opts/CURLINFO_TLS_SESSION.3
+++ b/docs/libcurl/opts/CURLINFO_TLS_SESSION.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -30,44 +30,22 @@ CURLINFO_TLS_SESSION \- get TLS session info
 CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TLS_SESSION,
                           struct curl_tlssessioninfo **session);
 .SH DESCRIPTION
-Pass a pointer to a 'struct curl_tlssessioninfo *'.  The pointer will be
-initialized to refer to a 'struct curl_tlssessioninfo *' that will contain an
-enum indicating the SSL library used for the handshake and the respective
-internal TLS session structure of this underlying SSL library.
+\fBThis option has been superseded\fP by \fICURLINFO_TLS_SSL_PTR(3)\fP which
+was added in 7.48.0. The only reason you would use this option instead is if
+you could be using a version of libcurl earlier than 7.48.0.

-This may then be used to extract certificate information in a format
-convenient for further processing, such as manual validation. NOTE: this
-option may not be available for all SSL backends; unsupported SSL backends
-will always return NULL in the \fIinternals\fP pointer to indicate that they
-are not supported.
+This option is exactly the same as \fICURLINFO_TLS_SSL_PTR(3)\fP except in the
+case of OpenSSL. If the session \fIbackend\fP is CURLSSLBACKEND_OPENSSL the
+session \fIinternals\fP pointer varies depending on the option:

-.nf
-struct curl_tlssessioninfo {
-  curl_sslbackend backend;
-  void *internals;
-};
-.fi
+CURLINFO_TLS_SESSION OpenSSL session \fIinternals\fP is SSL_CTX *.

-The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_*
-series: CURLSSLBACKEND_NONE (when built without TLS support),
-CURLSSLBACKEND_OPENSSL, CURLSSLBACKEND_GNUTLS, CURLSSLBACKEND_NSS,
-CURLSSLBACKEND_GSKIT, CURLSSLBACKEND_POLARSSL, CURLSSLBACKEND_CYASSL,
-CURLSSLBACKEND_SCHANNEL, CURLSSLBACKEND_DARWINSSL or
-CURLSSLBACKEND_AXTLS. (Note that the OpenSSL forks are all reported as just
-OpenSSL here.)
+CURLINFO_TLS_SSL_PTR OpenSSL session \fIinternals\fP is SSL *.

-The \fIinternals\fP struct member will point to a TLS library specific pointer
-with the following underlying types:
-.RS
-.IP OpenSSL
-SSL_CTX *
-.IP GnuTLS
-gnutls_session_t
-.IP NSS
-PRFileDesc *
-.IP gskit
-gsk_handle
-.RE
+You can obtain an SSL_CTX pointer from an SSL pointer using OpenSSL function
+SSL_get_SSL_CTX. Therefore unless you need compatibility with older versions of
+libcurl use \fICURLINFO_TLS_SSL_PTR(3)\fP. Refer to that document for more
+information.
 .SH PROTOCOLS
 All TLS-based
 .SH EXAMPLE
@ -78,3 +56,4 @@ Added in 7.34.0
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
 .BR curl_easy_getinfo "(3), " curl_easy_setopt "(3), "
+.BR CURLINFO_TLS_SSL_PTR "(3), "
--- a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
+++ b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
@ -0,0 +1,140 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLINFO_TLS_SSL_PTR 3 "23 Feb 2016" "libcurl 7.48.0" "curl_easy_getinfo options"
+.SH NAME
+CURLINFO_TLS_SESSION, CURLINFO_TLS_SSL_PTR \- get TLS session info
+.SH SYNOPSIS
+.nf
+#include <curl/curl.h>
+
+CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TLS_SSL_PTR,
+                           struct curl_tlssessioninfo **session);
+
+/* if you need compatibility with libcurl < 7.48.0 use
+   CURLINFO_TLS_SESSION instead: */
+
+CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TLS_SESSION,
+                           struct curl_tlssessioninfo **session);
+.SH DESCRIPTION
+Pass a pointer to a 'struct curl_tlssessioninfo *'.  The pointer will be
+initialized to refer to a 'struct curl_tlssessioninfo *' that will contain an
+enum indicating the SSL library used for the handshake and a pointer to the
+respective internal TLS session structure of this underlying SSL library.
+
+This option may be useful for example to extract certificate information in a
+format convenient for further processing, such as manual validation. Refer to
+the \fBLIMITATIONS\fP section.
+
+.nf
+struct curl_tlssessioninfo {
+  curl_sslbackend backend;
+  void *internals;
+};
+.fi
+
+The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_*
+series: CURLSSLBACKEND_NONE (when built without TLS support),
+CURLSSLBACKEND_AXTLS, CURLSSLBACKEND_CYASSL, CURLSSLBACKEND_DARWINSSL,
+CURLSSLBACKEND_GNUTLS, CURLSSLBACKEND_GSKIT, CURLSSLBACKEND_MBEDTLS,
+CURLSSLBACKEND_NSS, CURLSSLBACKEND_OPENSSL, CURLSSLBACKEND_POLARSSL or
+CURLSSLBACKEND_SCHANNEL. (Note that the OpenSSL forks are all reported as just
+OpenSSL here.)
+
+The \fIinternals\fP struct member will point to a TLS library specific pointer
+for the active ("in use") SSL connection, with the following underlying types:
+.RS
+.IP GnuTLS
+gnutls_session_t
+.IP gskit
+gsk_handle
+.IP NSS
+PRFileDesc *
+.IP OpenSSL
+CURLINFO_TLS_SESSION: SSL_CTX *
+
+CURLINFO_TLS_SSL_PTR: SSL *
+.RE
+Since 7.48.0 the \fIinternals\fP member can point to these other SSL backends
+as well:
+.RS
+.IP axTLS
+SSL *
+.IP mbedTLS
+mbedtls_ssl_session *
+.IP PolarSSL
+ssl_session *
+.IP "Secure Channel (WinSSL)"
+CtxtHandle *
+.IP "Secure Transport (DarwinSSL)"
+SSLContext *
+.IP "WolfSSL (formerly CyaSSL)"
+SSL *
+.RE
+
+If the \fIinternals\fP pointer is NULL then either the SSL backend is not
+supported or an SSL session has not yet been established.
+.SH LIMITATIONS
+\fBThis option has some limitations that could make it unsafe when it comes to
+the manual verification of certificates.\fP
+
+This option only retrieves the first in-use SSL session pointer for your easy
+handle, however your easy handle may have more than one in-use SSL session if
+using FTP over SSL. That is because the FTP protocol has a control channel and
+a data channel and one or both may be over SSL. \fBCurrently there is no way to
+retrieve a second in-use SSL session associated with an easy handle.\fP
+
+This option has not been thoroughly tested with plaintext protocols that can be
+upgraded/downgraded to/from SSL: FTP, SMTP, POP3, IMAP when used with
+\fICURLOPT_USE_SSL(3)\fP. Though you will be able to retrieve the SSL pointer,
+it's possible that before you can do that \fBdata (including auth) may have
+already been sent over a connection after it was upgraded.\fP
+
+Renegotiation. If unsafe renegotiation or renegotiation in a way that the
+certificate is allowed to change is allowed by your SSL library this may occur
+and the certificate may change, and \fBdata may continue to be sent or received
+after renegotiation but before you are able to get the (possibly) changed SSL
+pointer,\fP with the (possibly) changed certificate information.
+
+If you are using OpenSSL or wolfSSL then \fICURLOPT_SSL_CTX_FUNCTION(3)\fP can
+be used to set a certificate verification callback in the CTX. That is safer
+than using this option to poll for certificate changes and doesn't suffer from
+any of the problems above. There is currently no way in libcurl to set a
+verification callback for the other SSL backends.
+
+How are you using this option? Are you affected by any of these limitations?
+Please let us know by making a comment at
+https://github.com/curl/curl/issues/685
+.SH PROTOCOLS
+All TLS-based
+.SH EXAMPLE
+TODO
+.SH AVAILABILITY
+Added in 7.48.0.
+
+This option supersedes \fICURLINFO_TLS_SESSION(3)\fP which was added in 7.34.0.
+This option is exactly the same as that option except in the case of OpenSSL.
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
+.SH "SEE ALSO"
+.BR curl_easy_getinfo "(3), " curl_easy_setopt "(3), "
+.BR CURLINFO_TLS_SESSION "(3), "
--- a/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3
+++ b/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -31,11 +31,21 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ACCEPTTIMEOUT_MS, long ms);
 Pass a long telling libcurl the maximum number of milliseconds to wait for a
 server to connect back to libcurl when an active FTP connection is used.
 .SH DEFAULT
-If no timeout is set, the internal default of 60000 (one minute) will be used.
+60000 milliseconds
 .SH PROTOCOLS
 FTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/path/file");
+
+  /* wait no more than 5 seconds for FTP server responses */
+  curl_easy_setopt(curl, CURLOPT_ACCEPTTIMEOUT_MS, 5000L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Added in 7.24.0
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3
+++ b/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -52,7 +52,18 @@ NULL
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* enable all supported built-in compressions */
+  curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, "");
+
+  /* Perform the request */
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 This option was called CURLOPT_ENCODING before 7.21.6
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_APPEND.3
+++ b/docs/libcurl/opts/CURLOPT_APPEND.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -28,17 +28,28 @@ CURLOPT_APPEND \- enable appending to the remote file

 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_APPEND, long append);
 .SH DESCRIPTION
-A parameter set to 1 tells the library to append to the remote file instead of
-overwrite it. This is only useful when uploading to an FTP site.
+A long parameter set to 1 tells the library to append to the remote file
+instead of overwrite it. This is only useful when uploading to an FTP site.
 .SH DEFAULT
-0
+0 (disabled)
 .SH PROTOCOLS
 FTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+
+  curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/dir/to/newfile");
+  curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+  curl_easy_setopt(curl, CURLOPT_APPEND, 1L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 This option was known as CURLOPT_FTPAPPEND up to 7.16.4
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
 .BR CURLOPT_DIRLISTONLY "(3), " CURLOPT_RESUME_FROM "(3), "
+.BR CURLOPT_UPLOAD "(3), "
--- a/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3
+++ b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3
@ -47,7 +47,7 @@ if(curl) {
  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");

  /* complete connection within 10000 milliseconds */
-  curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10000L);
+  curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT_MS, 10000L);

  curl_easy_perform(curl);
 }
--- a/docs/libcurl/opts/CURLOPT_COOKIEFILE.3
+++ b/docs/libcurl/opts/CURLOPT_COOKIEFILE.3
@ -30,8 +30,8 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COOKIEFILE, char *filename);
 .SH DESCRIPTION
 Pass a pointer to a zero terminated string as parameter. It should point to
 the file name of your file holding cookie data to read. The cookie data can be
-in either the old Netscape / Mozilla cookie data format or just regular
-HTTP-style headers dumped to a file.
+in either the old Netscape / Mozilla cookie data format or just regular HTTP
+headers (Set-Cookie style) dumped to a file.

 It also enables the cookie engine, making libcurl parse and send cookies on
 subsequent requests with this handle.
--- a/docs/libcurl/opts/CURLOPT_COOKIELIST.3
+++ b/docs/libcurl/opts/CURLOPT_COOKIELIST.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -117,3 +117,4 @@ Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
 CURLE_OUT_OF_MEMORY if there was insufficient heap space.
 .SH "SEE ALSO"
 .BR CURLOPT_COOKIEFILE "(3), " CURLOPT_COOKIEJAR "(3), " CURLOPT_COOKIE "(3), "
+.BR CURLINFO_COOKIELIST "(3), "
--- a/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3
@ -103,8 +103,10 @@ void dump(const char *text,
    }

    /* show data on the right */
-    for(c = 0; (c < width) && (i+c < size); c++)
-      fputc(ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.', stream);
+    for(c = 0; (c < width) && (i+c < size); c++) {
+      char x = (ptr[i+c] >= 0x20 && ptr[i+c] < 0x80) ? ptr[i+c] : '.';
+      fputc(x, stream);
+    }

    fputc('\\n', stream); /* newline */
  }
--- a/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3
@ -59,4 +59,4 @@ Added in 7.15.1
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
-.BR CURLOPT_FTPLISTONLY "(3), " CURLOPT_FTP_SKIP_PASV_IP "(3), "
+.BR CURLOPT_DIRLISTONLY "(3), " CURLOPT_FTP_SKIP_PASV_IP "(3), "
--- a/docs/libcurl/opts/CURLOPT_KRBLEVEL.3
+++ b/docs/libcurl/opts/CURLOPT_KRBLEVEL.3
@ -45,4 +45,4 @@ This option was known as CURLOPT_KRB4LEVEL up to 7.16.3
 Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
 CURLE_OUT_OF_MEMORY if there was insufficient heap space.
 .SH "SEE ALSO"
-.BR CURLOPT_KRBLEVEL "(3), " CURLOPT_FTP_SSL "(3), "
+.BR CURLOPT_KRBLEVEL "(3), " CURLOPT_USE_SSL "(3), "
--- a/docs/libcurl/opts/CURLOPT_NOPROGRESS.3
+++ b/docs/libcurl/opts/CURLOPT_NOPROGRESS.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -36,6 +36,23 @@ Future versions of libcurl are likely to not have any built-in progress meter
 at all.
 .SH DEFAULT
 1, meaning it normally runs without a progress meter.
+.SH PROTOCOLS
+All
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* enable progress meter */
+  curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L);
+
+  /* Perform the request */
+  curl_easy_perform(curl);
+}
+.fi
+.SH AVAILABILITY
+Always
 .SH RETURN VALUE
 Returns CURLE_OK.
 .SH "SEE ALSO"
--- a/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3
+++ b/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -28,12 +28,12 @@ CURLOPT_PATH_AS_IS \- do not handle dot dot sequences

 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PATH_AS_IS, long leaveit);
 .SH DESCRIPTION
-By setting the long \fIleaveit\fP to 1, to explicitly tell libcurl to not alter
-the given path before passing it on to the server.
+Set the long \fIleaveit\fP to 1, to explicitly tell libcurl to not alter the
+given path before passing it on to the server.

-This tells libcurl to NOT squash sequences of "/../" or "/./" that may exist
-in the URL's path part and that is supposed to be removed according to RFC
-3986 section 5.2.4.
+This instructs libcurl to NOT squash sequences of "/../" or "/./" that may
+exist in the URL's path part and that is supposed to be removed according to
+RFC 3986 section 5.2.4.

 Some server implementations are known to (erroneously) require the dot dot
 sequences to remain in the path and some clients want to pass these on in
@ -61,3 +61,5 @@ Aded in 7.42.0
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
 .BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "
+.BR CURLOPT_URL "(3), "
+
--- a/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3
@ -30,7 +30,7 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SERVICE_NAME, char *name);
 .SH DESCRIPTION
 Pass a char * as parameter to a string holding the \fIname\fP of the
 service. The default service name is "HTTP". This option allows you to change it.
-..SH DEFAULT
+.SH DEFAULT
 See above
 .SH PROTOCOLS
 Most
--- a/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3
+++ b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3
@ -31,7 +31,7 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVICE_NAME, char *name);
 Pass a char * as parameter to a string holding the \fIname\fP of the
 service. The default service name is "HTTP". This option allows you to
 change it.
-..SH DEFAULT
+.SH DEFAULT
 See above
 .SH PROTOCOLS
 Most
--- a/docs/libcurl/opts/CURLOPT_SSLENGINE.3
+++ b/docs/libcurl/opts/CURLOPT_SSLENGINE.3
@ -30,9 +30,6 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLENGINE, char *id);
 .SH DESCRIPTION
 Pass a pointer to a zero terminated string as parameter. It will be used as
 the identifier for the crypto engine you want to use for your private key.
-
-If the crypto device cannot be loaded, \fICURLE_SSL_ENGINE_NOTFOUND\fP is
-returned.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
@ -40,9 +37,19 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-If built TLS enabled.
+Only if the SSL backend is OpenSSL built with engine support.
 .SH RETURN VALUE
-Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or
-CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+CURLE_OK - Engine found.
+
+CURLE_SSL_ENGINE_NOTFOUND - Engine not found, or OpenSSL was not built with
+engine support.
+
+CURLE_SSL_ENGINE_INITFAILED - Engine found but initialization failed.
+
+CURLE_NOT_BUILT_IN - Option not built in, OpenSSL is not the SSL backend.
+
+CURLE_UNKNOWN_OPTION - Option not recognized.
+
+CURLE_OUT_OF_MEMORY - Insufficient heap space.
 .SH "SEE ALSO"
 .BR CURLOPT_SSLENGINE_DEFAULT "(3), " CURLOPT_SSLKEY "(3), "
--- a/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3
+++ b/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3
@ -28,11 +28,10 @@ CURLOPT_SSLENGINE_DEFAULT \- make SSL engine default

 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLENGINE_DEFAULT, long val);
 .SH DESCRIPTION
-Pass a long set to 1 as parameter. Sets the actual crypto engine as the
-default for (asymmetric) crypto operations.
+Pass a long set to 1 to make the already specified crypto engine the default
+for (asymmetric) crypto operations.

-If the crypto device cannot be set, \fICURLE_SSL_ENGINE_SETFAILED\fP is
-returned.
+This option has no effect unless set after \fICURLOPT_SSLENGINE\fP.
 .SH DEFAULT
 None
 .SH PROTOCOLS
@ -40,9 +39,16 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-If built TLS enabled.
+Only if the SSL backend is OpenSSL built with engine support.
 .SH RETURN VALUE
-Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or
-CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+CURLE_OK - Engine set as default.
+
+CURLE_SSL_ENGINE_SETFAILED - Engine could not be set as default.
+
+CURLE_NOT_BUILT_IN - Option not built in, OpenSSL is not the SSL backend.
+
+CURLE_UNKNOWN_OPTION - Option not recognized.
+
+CURLE_OUT_OF_MEMORY - Insufficient heap space.
 .SH "SEE ALSO"
 .BR CURLOPT_SSLENGINE "(3), " CURLOPT_SSLCERT "(3), "
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -50,18 +50,88 @@ callback's error code. Set the \fIuserptr\fP argument with the
 This function will get called on all new connections made to a server, during
 the SSL negotiation. The SSL_CTX pointer will be a new one every time.

-To use this properly, a non-trivial amount of knowledge of your SSL library
-is necessary. For example, you can use this function to call library-specific
+To use this properly, a non-trivial amount of knowledge of your SSL library is
+necessary. For example, you can use this function to call library-specific
 callbacks to add additional validation code for certificates, and even to
-change the actual URI of a HTTPS request (example used in the lib509 test
-case).  See also the example section for a replacement of the key, certificate
-and trust file settings.
+change the actual URI of a HTTPS request.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
-TODO
+.nf
+/* OpenSSL specific */
+
+#include <openssl/ssl.h>
+#include <curl/curl.h>
+#include <stdio.h>
+
+static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
+{
+  X509_STORE *store;
+  X509 *cert=NULL;
+  BIO *bio;
+  char *mypem = /* example CA cert PEM - shortened */
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"
+    "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"
+    "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"
+    "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"
+    "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"
+    "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"
+    "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"\
+    "-----END CERTIFICATE-----\n";
+  /* get a BIO */
+  bio=BIO_new_mem_buf(mypem, -1);
+  /* use it to read the PEM formatted certificate from memory into an X509
+   * structure that SSL can use
+   */
+  PEM_read_bio_X509(bio, &cert, 0, NULL);
+  if(cert == NULL)
+    printf("PEM_read_bio_X509 failed...\n");
+
+  /* get a pointer to the X509 certificate store (which may be empty!) */
+  store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
+
+  /* add our certificate to this store */
+  if(X509_STORE_add_cert(store, cert)==0)
+    printf("error adding certificate\n");
+
+  /* decrease reference counts */
+  X509_free(cert);
+  BIO_free(bio);
+
+  /* all set to go */
+  return CURLE_OK;
+}
+
+int main(void)
+{
+  CURL * ch;
+  CURLcode rv;
+
+  rv=curl_global_init(CURL_GLOBAL_ALL);
+  ch=curl_easy_init();
+  rv=curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
+  rv=curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
+  rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
+
+  /* Retrieve page using cacerts' certificate -> will succeed
+   * load the certificate by installing a function doing the nescessary
+   * "modifications" to the SSL CONTEXT just before link init
+   */
+  rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
+  rv=curl_easy_perform(ch);
+  if(rv==CURLE_OK)
+    printf("*** transfer succeeded ***\n");
+  else
+    printf("*** transfer failed ***\n");
+
+  curl_easy_cleanup(ch);
+  curl_global_cleanup();
+  return rv;
+}
+.fi
 .SH AVAILABILITY
 Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL
 backends not supported.
--- a/Show More
+++ b/Show More