_   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog




























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Version 7.64.0 (6 Feb 2019)

Daniel Stenberg (6 Feb 2019)
- RELEASE-NOTES: 7.64.0

- RELEASE-PROCEDURE: update the release calendar

Daniel Stenberg (12 May 2018)
- smb: reject negative file sizes
  
  Assisted-by: Max Dymond
  
  Detected by OSS-Fuzz
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245

- setup_transfer: deal with both sockets being -1
  
  Detected by Coverity; CID 1435559.  Follow-up to f8d608f38d00. It would
  index the array with -1 if neither index was a socket.

- travis: add build using NSS
  
  Closes #2558

- [Sunny Purushe brought this change]

  openssl: change FILE ops to BIO ops
  
  To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
  handling is causing problems. This fix changes the OpenSSL backend code
  to use BIO functions instead of FILE I/O functions to circumvent those
  problems.
  
  Closes #2512

- travis: add a build using WolfSSL
  
  Assisted-by: Dan Fandrich
  
  Closes #2528

- RELEASE-NOTES: typo

- RELEASE-NOTES: synced

- [Daniel Gustafsson brought this change]

  URLs: fix one more http url
  
  This file wasn't included in commit 4af40b3646d3b09 which updated all
  haxx.se http urls to https. The file was committed prior to that update,
  but may have been merged after it and hence didn't get updated.
  
  Closes #2550

- github/lock: auto-lock closed issues after 90 days of inactivity

- vtls: fix missing commas
  
  follow-up to e66cca046cef

- vtls: use unified "supports" bitfield member in backends
  
  ... instead of previous separate struct fields, to make it easier to
  extend and change individual backends without having to modify them all.
  
  closes #2547

- transfer: don't unset writesockfd on setup of multiplexed conns
  
  Curl_setup_transfer() can be called to setup a new individual transfer
  over a multiplexed connection so it shouldn't unset writesockfd.
  
  Bug: #2520
  Closes #2549

- [Frank Gevaerts brought this change]

  configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
  
  They are removed from the compiler flags.
  
  This ensures that make dependency tracking will force a rebuild whenever
  configure --enable-debug or --enable-curldebug changes.
  
  Closes #2548

- http: don't set the "rewind" flag when not uploading anything
  
  It triggers an assert.
  
  Detected by OSS-Fuzz
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
  Closes #2546

- travis: add an mbedtls build
  
  Closes #2531

- configure: only check for CA bundle for file-using SSL backends
  
  When only building with SSL backends that don't use the CA bundle file
  (by default), skip the check.
  
  Fixes #2543
  Fixes #2180
  Closes #2545

- ssh-libssh.c: fix left shift compiler warning
  
  ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to
  represent, but 'int' only has 32 bits [-Wshift-overflow=]
  
  'len' will never be that big anyway so I converted the run-time check to
  a regular assert.

- [Stephan Mühlstrasser brought this change]

  URL: fix ASCII dependency in strcpy_url and strlen_url
  
  Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the
  changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of
  the problem that strcpy_url() was modified unilaterally without also
  modifying strlen_url(). As a consequence strcpy_url() was again
  depending on ASCII encoding.
  
  This change fixes strlen_url() and strcpy_url() in parallel to use a
  common host-encoding independent criterion for deciding whether an URL
  character must be %-escaped.
  
  Closes #2535

- [Denis Ollier brought this change]

  docs: remove extraneous commas in man pages
  
  Closes #2544

- RELEASE-NOTES: synced

- Revert "TODO: remove configure --disable-pthreads"
  
  This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3.
  
  --disable-pthreads can be used to disable pthreads and get the threaded
  resolver to use the windows threading when building with mingw.

- vtls: don't define MD5_DIGEST_LENGTH for wolfssl
  
  ... as it defines it (too)

- TODO: remove configure --disable-pthreads

Jay Satiro (2 May 2018)
- [David Garske brought this change]

  wolfssl: Fix non-blocking connect
  
  Closes https://github.com/curl/curl/pull/2542

Daniel Stenberg (30 Apr 2018)
- CURLOPT_URL.3: add ENCODING section [ci skip]
  
  Feedback-by: Michael Kilburn

- KNOWN_BUGS: Client cert with Issuer DN differs between backends
  
  Closes #1411

- KNOWN_BUGS: Passive transfer tries only one IP address
  
  Closes #1508

- KNOWN_BUGS: --upload-file . hang if delay in STDIN
  
  Closes #2051

- KNOWN_BUGS: Connection information when using TCP Fast Open
  
  Closes #1332

- travis: enable libssh2 on both macos and Linux
  
  It seems to not be detected by default anymore (which is a bug I
  believe)
  
  Closes #2541

- TODO: Support the clienthello extension
  
  Closes #2299

- TODO: CLOEXEC
  
  Closes #2252

- tests: provide 'manual' as a feature to optionally require
  
  ... and make test 1026 rely on that feature so that --disable-manual
  builds don't cause test failures.
  
  Reported-by: Max Dymond and Anders Roxell
  Fixes #2533
  Closes #2540

- CURLINFO_PROTOCOL.3: mention the existing defined names

Jay Satiro (27 Apr 2018)
- [Daniel Gustafsson brought this change]

  cookies: remove unused macro
  
  Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused,
  so remove as it's not part of the published API.
  
  Closes https://github.com/curl/curl/pull/2537

Daniel Stenberg (27 Apr 2018)
- [Daniel Gustafsson brought this change]

  checksrc: force indentation of lines after an else
  
  This extends the INDENTATION case to also handle 'else' statements
  and require proper indentation on the following line. Also fixes the
  offending cases found in the codebase.
  
  Closes #2532

- http2: fix null pointer dereference in http2_connisdead
  
  This function can get called on a connection that isn't setup enough to
  have the 'recv_underlying' function pointer initialized so it would try
  to call the NULL pointer.
  
  Reported-by: Dario Weisser
  
  Follow-up to db1b2c7fe9b093f8 (never shipped in a release)
  Closes #2536

- http2: get rid of another strstr()
  
  Follow-up to 1514c44655e12e: replace another strstr() call done on a
  buffer that might not be zero terminated - with a memchr() call, even if
  we know the substring will be found.
  
  Assisted-by: Max Dymond
  
  Detected by OSS-Fuzz
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021
  
  Closes #2534

- cyassl: adapt to libraries without TLS 1.0 support built-in
  
  WolfSSL doesn't enable it by default anymore

- configure: provide --with-wolfssl as an alias for --with-cyassl

- RELEASE-NOTES: synced

- [Daniel Gustafsson brought this change]

  os400.c: fix ASSIGNWITHINCONDITION checksrc warnings
  
  All occurrences of assignment within conditional expression in
  os400sys.c rewritten into two steps: first assignment and then the check
  on the success of the assignment. Also adjust related incorrect brace
  positions to match project indentation style.
  
  This was spurred by seeing "if((inp = input_token))", but while in there
  all warnings were fixed.
  
  There should be no functional change from these changes.
  
  Closes #2525

- [Daniel Gustafsson brought this change]

  cookies: ensure that we have cookies before writing jar
  
  The jar should be written iff there are cookies, so ensure that we still
  have cookies after expiration to avoid creating an empty file.
  
  Closes #2529

- strcpy_url: only %-encode values >= 0x80
  
  OSS-Fuzz detected
  
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000
  
  Broke in dd7521bcc1b7

- mime: avoid NULL pointer dereference risk
  
  Coverity detected, CID 1435120
  
  Closes #2527

- [Stephan Mühlstrasser brought this change]

  ctype: restore character classification for non-ASCII platforms
  
  With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic
  character classification macros and functions were introduced in
  curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on
  non-ASCII, e.g. EBCDIC platforms. This change restores the previous set
  of character classification macros when CURL_DOES_CONVERSIONS is
  defined.
  
  Closes #2494

- ftplistparser: keep state between invokes
  
  Fixes FTP wildcard parsing when done over a number of read buffers.
  
  Regression from f786d1f14
  
  Reported-by: wncboy on github
  Fixes #2445
  Closes #2526

- examples/http2-upload: expand buffer to avoid silly warning
  
  http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated
  writing between 2 and 11 bytes into a region of size between 8 and 17

- examples/sftpuploadresume: typecast fseek argument to long
  
  /docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long
  int' from 'curl_off_t {aka long long int}' may alter its value

- Revert "ftplistparser: keep state between invokes"
  
  This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934.
  
  Caused fuzzer problems on travis not seen when this was a PR!

- Curl_memchr: zero length input can't match
  
  Avoids undefined behavior.
  
  Reported-by: Geeknik Labs

- ftplistparser: keep state between invokes
  
  Fixes FTP wildcard parsing when doing over a number of read buffers.
  
  Regression from f786d1f14
  
  Reported-by: wncboy on github
  Fixes #2445
  Closes #2519

- ftplistparser: renamed some members and variables
  
  ... to make them better spell out what they're for.

- RELEASE-NOTES: synced

- [Christian Schmitz brought this change]

  curl_global_sslset: always provide available backends
  
  Closes #2499

- http2: convert an assert to run-time check
  
  Fuzzing has proven we can reach code in on_frame_recv with status_code
  not having been set, so let's detect that in run-time (instead of with
  assert) and error error accordingly.
  
  (This should no longer happen with the latest nghttp2)
  
  Detected by OSS-Fuzz
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903
  Closes #2514

- curl.1: clarify that options and URLs can be mixed
  
  Fixes #2515
  Closes #2517

Jay Satiro (23 Apr 2018)
- [Archangel_SDY brought this change]

  CURLOPT_SSLCERT.3: improve WinSSL-specific usage info
  
  Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780
  
  Closes https://github.com/curl/curl/pull/2504

- [Archangel_SDY brought this change]

  schannel: fix build error on targets <= XP
  
  - Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't
    support the latter.
  
  Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668
  
  Closes https://github.com/curl/curl/pull/2504

Daniel Stenberg (23 Apr 2018)
- Revert "ftplistparser: keep state between invokes"
  
  This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9.
  
  Unfortunately this fix introduces memory leaks I've not been able to fix
  in several days. Reverting this for now to get the leaks fixed.

Jay Satiro (21 Apr 2018)
- tool_help: clarify --max-time unit of time is seconds
  
  Before:
   -m, --max-time <time> Maximum time allowed for the transfer
  
  After:
   -m, --max-time <seconds> Maximum time allowed for the transfer

Daniel Stenberg (20 Apr 2018)
- http2: handle GOAWAY properly
  
  When receiving REFUSED_STREAM, mark the connection for close and retry
  streams accordingly on another/fresh connection.
  
  Reported-by: Terry Wu
  Fixes #2416
  Fixes #1618
  Closes #2510

- http2: clear the "drain counter" when a stream is closed
  
  This fixes the notorious "httpc->drain_total >= data->state.drain"
  assert.
  
  Reported-by: Anders Bakken
  
  Fixes #1680
  Closes #2509

- http2: avoid strstr() on data not zero terminated
  
  It's not strictly clear if the API contract allows us to call strstr()
  on a string that isn't zero terminated even when we know it will find
  the substring, and clang's ASAN check dislikes us for it.
  
  Also added a check of the return code in case it fails, even if I can't
  think of a situation how that can trigger.
  
  Detected by OSS-Fuzz
  Closes #2513
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760

- [Stephan Mühlstrasser brought this change]

  openssl: fix subjectAltName check on non-ASCII platforms
  
  Curl_cert_hostcheck operates with the host character set, therefore the
  ASCII subjectAltName string retrieved with OpenSSL must be converted to
  the host encoding before comparison.
  
  Closes #2493

Jay Satiro (20 Apr 2018)
- openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages
  
  - Support handling verbose-mode trace messages of type
    SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS,
    SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO,
    SSL3_MT_MESSAGE_HASH
  
  Reported-by: iz8mbw@users.noreply.github.com
  
  Fixes https://github.com/curl/curl/issues/2403

Daniel Stenberg (19 Apr 2018)
- ftplistparser: keep state between invokes
  
  Regression from f786d1f14
  
  Reported-by: wncboy on github
  Fixes #2445
  Closes #2508

- detect_proxy: only show proxy use if it had contents

- http2: handle on_begin_headers() called more than once
  
  This triggered an assert if called more than once in debug mode (and a
  memory leak if not debug build). With the right sequence of HTTP/2
  headers incoming it can happen.
  
  Detected by OSS-Fuzz
  
  Closes #2507
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764

Jay Satiro (18 Apr 2018)
- [Dan McNulty brought this change]

  schannel: add support for CURLOPT_CAINFO
  
  - Move verify_certificate functionality in schannel.c into a new
    file called schannel_verify.c. Additionally, some structure defintions
    from schannel.c have been moved to schannel.h to allow them to be
    used in schannel_verify.c.
  
  - Make verify_certificate functionality for Schannel available on
    all versions of Windows instead of just Windows CE. verify_certificate
    will be invoked on Windows CE or when the user specifies
    CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.
  
  - In verify_certificate, create a custom certificate chain engine that
    exclusively trusts the certificate store backed by the CURLOPT_CAINFO
    file.
  
  - doc updates of --cacert/CAINFO support for schannel
  
  - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
    when available. This implements a TODO in schannel.c to improve
    handling of multiple SANs in a certificate. In particular, all SANs
    will now be searched instead of just the first name.
  
  - Update tool_operate.c to not search for the curl-ca-bundle.crt file
    when using Schannel to maintain backward compatibility. Previously,
    any curl-ca-bundle.crt file found in that search would have been
    ignored by Schannel. But, with CAINFO support, the file found by
    that search would have been used as the certificate store and
    could cause issues for any users that have curl-ca-bundle.crt in
    the search path.
  
  - Update url.c to not set the build time CURL_CA_BUNDLE if the selected
    SSL backend is Schannel. We allow setting CA location for schannel
    only when explicitly specified by the user via CURLOPT_CAINFO /
    --cacert.
  
  - Add new test cases 3000 and 3001. These test cases check that the first
    and last SAN, respectively, matches the connection hostname. New test
    certificates have been added for these cases. For 3000, the certificate
    prefix is Server-localhost-firstSAN and for 3001, the certificate
    prefix is Server-localhost-secondSAN.
  
  - Remove TODO 15.2 (Add support for custom server certificate
    validation), this commit addresses it.
  
  Closes https://github.com/curl/curl/pull/1325

- schannel: fix warning
  
  - Fix warning 'integer from pointer without a cast' on 3rd arg in
    CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer
    type of the same size.
  
  Follow-up to e35b025.
  
  Caught by Marc's CI builds.

- [Jakub Wilk brought this change]

  docs: fix typos
  
  Closes https://github.com/curl/curl/pull/2503

Daniel Stenberg (17 Apr 2018)
- RELEASE-NOTES: synced

Jay Satiro (17 Apr 2018)
- [Kees Dekker brought this change]

  winbuild: Support custom devel paths for each dependency
  
  - Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2,
    OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH,
    NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH.
  
  - Use lib.exe for making the static library instead of link.exe /lib.
    The latter is undocumented and could cause problems as noted in the
    comments.
  
  - Remove a dangling URL that no longer worked. (I was not able to find
    the IDN download at MSDN/microsoft.com, so it seems to be removed.)
  
  - Remove custom override for release-ssh2-ssl-dll-zlib configuration.
    Nobody knows why it was there and as far as we can see is unnecessary.
  
  Closes https://github.com/curl/curl/pull/2474

Daniel Stenberg (17 Apr 2018)
- [Jess brought this change]

  README.md: add backers and sponsors
  
  Closes #2484

- [Archangel_SDY brought this change]

  schannel: add client certificate authentication
  
  Users can now specify a client certificate in system certificates store
  explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"`
  
  Closes #2376

Marcel Raad (16 Apr 2018)
- [toughengineer brought this change]

  ntlm_sspi: fix authentication using Credential Manager
  
  If you pass empty user/pass asking curl to use Windows Credential
  Storage (as stated in the docs) and it has valid credentials for the
  domain, e.g.
  curl -v -u : --ntlm example.com
  currently authentication fails.
  This change fixes it by providing proper SPN string to the SSPI API
  calls.
  
  Fixes https://github.com/curl/curl/issues/1622
  Closes https://github.com/curl/curl/pull/1660

Daniel Stenberg (16 Apr 2018)
- configure: keep LD_LIBRARY_PATH changes local
  
  ... only set it when we actually have to run tests to reduce its impact
  on for example build commands etc.
  
  Fixes #2490
  Closes #2492
  
  Reported-by: Dmitry Mikhirev

Marcel Raad (16 Apr 2018)
- urldata: make service names unconditional
  
  The ifdefs have become quite long. Also, the condition for the
  definition of CURLOPT_SERVICE_NAME and for setting it from
  CURLOPT_SERVICE_NAME have diverged. We will soon also need the two
  options for NTLM, at least when using SSPI, for
  https://github.com/curl/curl/pull/1660.
  Just make the definitions unconditional to make that easier.
  
  Closes https://github.com/curl/curl/pull/2479

Daniel Stenberg (16 Apr 2018)
- test1148: tolerate progress updates better
  
  Fixes #2446
  Closes #2488

- [Christian Schmitz brought this change]

  ssh: show libSSH2 error code when closing fails
  
  Closes #2500

Jay Satiro (15 Apr 2018)
- [Daniel Gustafsson brought this change]

  vauth: Fix typo
  
  Address various spellings of "credentials".
  
  Closes https://github.com/curl/curl/pull/2496

- [Dagobert Michelsen brought this change]

  system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
  
  With specific compiler options selecting the arch like -xarch=sparc on
  newer compilers like Oracle Studio 12.4 there is no definition of
  __sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the
  32ÎíÎñbit subset defined by the V8plus ISA specification, without the
  Visual Instruction Set (VIS), and without other implementation-specific
  ISA extensions. So it should be the same as __sparcv8.
  
  Closes https://github.com/curl/curl/pull/2491

- [Daniel Gustafsson brought this change]

  checksrc: Fix typo
  
  Fix typo in "semicolon" spelling and remove stray tab character.
  
  Closes https://github.com/curl/curl/pull/2498

- [Daniel Gustafsson brought this change]

  all: Refactor malloc+memset to use calloc
  
  When a zeroed out allocation is required, use calloc() rather than
  malloc() followed by an explicit memset(). The result will be the
  same, but using calloc() everywhere increases consistency in the
  codebase and avoids the risk of subtle bugs when code is injected
  between malloc and memset by accident.
  
  Closes https://github.com/curl/curl/pull/2497

Daniel Stenberg (12 Apr 2018)
- duphandle: make sure CURLOPT_RESOLVE is duplicated fine too
  
  Verified in test 1502 now
  
  Fixes #2485
  Closes #2486
  Reported-by: Ernst Sjöstrand

- mailmap: add a monnerat fixup [ci skip]

- proxy: show getenv proxy use in verbose output
  
  ... to aid debugging etc as it sometimes isn't immediately obvious why
  curl uses or doesn't use a proxy.
  
  Inspired by #2477
  
  Closes #2480

- travis: build libpsl and make builds use it
  
  closes #2471

- travis: bump to clang 6 and gcc 7
  
  Extra-eye-on-this-by: Marcel Raad
  
  Closes #2478

Marcel Raad (10 Apr 2018)
- travis: use trusty for coverage build
  
  This works now and precise is in the process of being decommissioned.
  
  Closes https://github.com/curl/curl/pull/2476

- lib: silence null-dereference warnings
  
  In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings
  when dereferencing pointers after DEBUGASSERT-ing that they are not
  NULL.
  Fix this by removing the DEBUGASSERTs.
  
  Suggested-by: Daniel Stenberg
  Ref: https://github.com/curl/curl/pull/2463

- [Kees Dekker brought this change]

  winbuild: fix URL
  
  Follow up on https://github.com/curl/curl/pull/2472.
  Now using en-us instead of nl-nl as language code in the URL.
  
  Closes https://github.com/curl/curl/pull/2475

Daniel Stenberg (9 Apr 2018)
- [Kees Dekker brought this change]

  winbuild: updated the documentation
  
  The setenv command no longer exists and visual studio build prompts got
  changed. Used Visual Studio 2015/2017 as reference.
  
  Closes #2472

- test1136: fix cookie order after commit c990eadd1277

- build: cleanup to fix clang warnings/errors
  
  unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a
  cast from integer to pointer is a GNU extension
  
  Reported-by: Rikard Falkeborn
  
  Fixes #2466
  Closes #2468

Jay Satiro (7 Apr 2018)
- examples/sftpuploadresmue: Fix Windows large file seek
  
  - Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows.
  
  - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print
    curl_off_t.
  
  Caught by Marc's CI builds.

Daniel Stenberg (7 Apr 2018)
- curl_setup: provide a CURL_SA_FAMILY_T type if none exists
  
  ... and use this type instead of 'sa_family_t' in the code since several
  platforms don't have it.
  
  Closes #2463

- [Eric Gallager brought this change]

  build: add picky compiler warning flags for gcc 6 and 7

- configure: detect sa_family_t

Jay Satiro (7 Apr 2018)
- [Stefan Agner brought this change]

  tool_operate: Fix retry on FTP 4xx to ignore other protocols
  
  Only treat response code as FTP response codes in case the
  protocol type is FTP.
  
  This fixes an issue where an HTTP download was treated as FTP
  in case libcurl returned with 33. This happens when the
  download has already finished and the server responses 416:
    HTTP/1.1 416 Requested Range Not Satisfiable
  
  This should not be treated as an FTP error.
  
  Fixes #2464
  Closes #2465

Daniel Stenberg (6 Apr 2018)
- hash: calculate sizes with size_t instead of longs
  
  ... since they return size_t anyway!
  
  closes #2462

- RELEASE-NOTES: synced

- [Jay Satiro brought this change]

  build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
  
  .. and do the same for build-wolfssl.bat.
  
  Because MS calls it VC14.1.
  
  Closes https://github.com/curl/curl/pull/2189

- [Kees Dekker brought this change]

  winbuild: make the clean target work without build-type
  
  Due to the check in Makefile.vc and MakefileBuild.vc, no make call can
  be invoked unless a build-type was specified. However, a clean target
  only existed when a build type was specified. As a result, the clean
  target was unreachable. Made clean target unconditional.
  
  Closes #2455

- [patelvivekv1993 brought this change]

  build-openssl.bat: allow custom paths for VS and perl
  
  Fixes #2430
  Closes #2457

- [Laurie Clark-Michalek brought this change]

  FTP: allow PASV on IPv6 connections when a proxy is being used
  
  In the situation of a client connecting to an FTP server using an IPv6
  tunnel proxy, the connection info will indicate that the connection is
  IPv6. However, because the server behing the proxy is IPv4, it is
  permissable to attempt PSV mode. In the case of the FTP server being
  IPv4 only, EPSV will always fail, and with the current logic curl will
  be unable to connect to the server, as the IPv6 fwdproxy causes curl to
  think that EPSV is impossible.
  
  Closes #2432

- [Jon DeVree brought this change]

  file: restore old behavior for file:////foo/bar URLs
  
  curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC
  8089 but then returns an error saying this is unimplemented. This is
  actually a regression in behavior on both Windows and Unix.
  
  Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and
  then passed to the relevant OS API. This means that the behavior of this
  case is actually OS dependent.
  
  The Unix path resolution rules say that the OS must handle swallowing
  the extra "/" and so this path is the same as "/foo/bar"
  
  The Windows path resolution rules say that this is a UNC path and
  automatically handles the SMB access for the program. So curl on Windows
  was already doing Appendix E.3.2 without any special code in curl.
  
  Regression
  
  Closes #2438

- [Gaurav Malhotra brought this change]

  Revert "openssl: Don't add verify locations when verifypeer==0"
  
  This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb.
  
  libcurl (with the OpenSSL backend) performs server certificate verification
  even if verifypeer == 0 and the verification result is available using
  CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the
  CURLINFO_SSL_VERIFYRESULT to not have useful information for the
  verifypeer == 0 use case (it would always have
  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY).
  
  Closes #2451

- [Wyatt O'Day brought this change]

  tls: fix mbedTLS 2.7.0 build + handle sha256 failures
  
  (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED)
  
  Closes #2453

- [Lauri Kasanen brought this change]

  cookie: case-insensitive hashing for the domains
  
  closes #2458

Patrick Monnerat (4 Apr 2018)
- cookie: fix and optimize 2nd top level domain name extraction
  
  This fixes a segfault occurring when a name of the (invalid) form "domain..tld"
  is processed.
  
  test46 updated to cover this case.
  
  Follow-up to commit c990ead.
  
  Ref: https://github.com/curl/curl/pull/2440

Daniel Stenberg (4 Apr 2018)
- openssl: provide defines for argument typecasts to build warning-free
  
  ... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types.

- [Bernard Spil brought this change]

  openssl: fix build with LibreSSL 2.7
  
   - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API
  
  Fixes #2319
  Closes #2447
  Closes #2448
  
  Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>

- [Lauri Kasanen brought this change]

  cookie: store cookies per top-level-domain-specific hash table
  
  This makes libcurl handle thousands of cookies much better and speedier.
  
  Closes #2440

- [Lauri Kasanen brought this change]

  cookies: when reading from a file, only remove_expired once
  
  This drops the cookie load time for 8k cookies from 178ms to 15ms.
  
  Closes #2441

- test1148: set a fixed locale for the test
  
  ...as otherwise it might use a different decimal sign.
  
  Bug: #2436
  Reported-by: Oumph on github

Jay Satiro (31 Mar 2018)
- docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
  
  - Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf.
  
  For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar.
  
  Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html
  Reported-by: David L.

Sergei Nikulov (27 Mar 2018)
- [Michał Janiszewski brought this change]

  cmake: Add advapi32 as explicit link library for win32
  
  ARM targets need advapi32 explicitly.
  
  Closes #2363

Daniel Stenberg (27 Mar 2018)
- TODO: connection cache sharing is now supporte

Jay Satiro (26 Mar 2018)
- travis: enable apt retry on fail
  
  This is a workaround for an unsolved travis issue that is causing CI
  instances to sporadically fail due to 'unable to connect' issues during
  apt stage.
  
  Ref: https://github.com/travis-ci/travis-ci/issues/8507
  Ref: https://github.com/travis-ci/travis-ci/issues/9112#issuecomment-376305909

Michael Kaufmann (26 Mar 2018)
- runtests.pl: fix warning 'use of uninitialized value'
  
  follow-up to a9a7b60
  
  Closes #2428

Daniel Stenberg (24 Mar 2018)
- gitignore: ignore more generated files

- threaded resolver: track resolver time and set suitable timeout values
  
  In order to make curl_multi_timeout() return suitable "sleep" times even
  when there's no socket to wait for while the name is being resolved in a
  helper thread.
  
  It will increases the timeouts as time passes.
  
  Closes #2419

- [Howard Chu brought this change]

  openldap: fix for NULL return from ldap_get_attribute_ber()
  
  Closes #2399

GitHub (22 Mar 2018)
- [Sergei Nikulov brought this change]

  travis-ci: enable -Werror for CMake builds (#2418)

- [Sergei Nikulov brought this change]

  cmake: avoid warn-as-error during config checks (#2411)
  
  - Move the CURL_WERROR option processing after the configuration checks
    to avoid failures in case of warnings during the configuration checks.
  
  This is a partial fix for #2358

- [Sergei Nikulov brought this change]

  timeval: remove compilation warning by casting (#2417)
  
  This is fixes #2358

Daniel Stenberg (22 Mar 2018)
- http2: read pending frames (including GOAWAY) in connection-check
  
  If a connection has received a GOAWAY frame while not being used, the
  function now reads frames off the connection before trying to reuse it
  to avoid reusing connections the server has told us not to use.
  
  Reported-by: Alex Baines
  Fixes #1967
  Closes #2402

- [Bas van Schaik brought this change]

  CI: add lgtm.yml for tweaking lgtm.com analysis
  
  Closes #2414

- CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text
  
  Reported-by: Michal Trybus
  
  Fixes #2400

- TODO: expand ~/ in config files
  
  Closes #2317

- cookie.d: mention that "-" as filename means stdin
  
  Reported-by: Dongliang Mu
  Fixes #2410

- CURLINFO_COOKIELIST.3: made the example not leak memory
  
  Reported-by: Muz Dima

- vauth/cleartext: fix integer overflow check
  
  Make the integer overflow check not rely on the undefined behavior that
  a size_t wraps around on overflow.
  
  Detected by lgtm.com
  Closes #2408

- lib/curl_path.h: add #ifdef header guard
  
  Detected by lgtm.com

- vauth/ntlm.h: fix the #ifdef header guard
  
  Detected by lgtm.com

Jay Satiro (20 Mar 2018)
- examples/hiperfifo: checksrc compliance

Daniel Stenberg (19 Mar 2018)
- [Nikos Tsipinakis brought this change]

  parsedate: support UT timezone
  
  RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with
  GMT.
  
  Closes #2401

- RELEASE-NOTES: synced

- [Don brought this change]

  cmake: add support for brotli
  
  Currently CMake cannot detect Brotli support. This adds detection of the
  libraries and associated header files. It also adds this to the
  generated config.
  
  Closes #2392

- [Chris Araman brought this change]

  darwinssl: fix iOS build

Patrick Monnerat (18 Mar 2018)
- ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES

Daniel Stenberg (17 Mar 2018)
- [Rick Deist brought this change]

  resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES
  
  This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request
  shuffling of IP addresses returned for a hostname when there is more
  than one. This is useful when the application knows that a round robin
  approach is appropriate and is willing to accept the consequences of
  potentially discarding some preference order returned by the system's
  implementation.
  
  Closes #1694

- add_handle/easy_perform: clear errorbuffer on start if set
  
  To offer applications a more defined behavior, we clear the buffer as
  early as possible.
  
  Assisted-by: Jay Satiro
  
  Fixes #2190
  Closes #2377

- [Lawrence Matthews brought this change]

  CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol
  
  Add --haproxy-protocol for the command line tool
  
  Closes #2162

- curl_version_info.3: fix ssl_version description
  
  Reported-by: Vincas Razma
  Fixes #2364

- multi: improved pending transfers handling => improved performance
  
  When a transfer is requested to get done and it is put in the pending
  queue when limited by number of connections, total or per-host, libcurl
  would previously very aggressively retry *ALL* pending transfers to get
  them transferring. That was very time consuming.
  
  By reducing the aggressiveness in how pending are being retried, we
  waste MUCH less time on putting transfers back into pending again.
  
  Some test cases got a factor 30(!) speed improvement with this change.
  
  Reported-by: Cyril B
  Fixes #2369
  Closes #2383

- pause: when changing pause state, update socket state
  
  Especially unpausing a transfer might have to move the socket back to the
  "currently used sockets" hash to get monitored. Otherwise it would never get
  any more data and get stuck. Easily triggered with pausing using the
  multi_socket API.
  
  Reported-by: Philip Prindeville
  Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html
  Fixes #2393
  Closes #2391

- [Philip Prindeville brought this change]

  examples/hiperfifo.c: improved
  
   * use member struct event’s instead of pointers to alloc’d struct
     events
  
   * simplify the cases for the mcode_or_die() function via macros;
  
   * make multi_timer_cb() actually do what the block comment says it
     should;
  
   * accept a “stop” command on the FIFO to shut down the service;
  
   * use cleaner notation for unused variables than the (void) hack;
  
   * allow following redirections (304’s);

- rate-limit: use three second window to better handle high speeds
  
  Due to very frequent updates of the rate limit "window", it could
  attempt to rate limit within the same milliseconds and that then made
  the calculations wrong, leading to it not behaving correctly on very
  fast transfers.
  
  This new logic updates the rate limit "window" to be no shorter than the
  last three seconds and only updating the timestamps for this when
  switching between the states TOOFAST/PERFORM.
  
  Reported-by: 刘佩东
  Fixes #2386
  Closes #2388

- [luz.paz brought this change]

  cleanup: misc typos in strings and comments
  
  Found via `codespell`
  
  Closes #2389

- RELEASE-NOTES: toward 7.60.0

- [Kobi Gurkan brought this change]

  http2: fixes typo
  
  Closes #2387

- user-agent.d:: mention --proxy-header as well
  
  Bug: https://github.com/curl/curl/issues/2381

- transfer: make HTTP without headers count correct body size
  
  This is what "HTTP/0.9" basically looks like.
  
  Reported on IRC
  
  Closes #2382

- test1208: marked flaky
  
  It fails somewhere between every 3rd to 10th travis-CI run

- SECURITY-PROCESS: mention how we write/add advisories

- [dasimx brought this change]

  FTP: fix typo in recursive callback detection for seeking
  
  Fixes #2380

Version 7.59.0 (13 Mar 2018)

Daniel Stenberg (13 Mar 2018)
- release: 7.59.0

Kamil Dudka (13 Mar 2018)
- tests/.../spnego.py: fix identifier typo
  
  Detected by Coverity Analysis:
  
  Error: IDENTIFIER_TYPO:
  curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo:
  * Identifier "SuportedMech" is only known to be referenced here, or in copies of this code.
  * Identifier "SupportedMech" is referenced elsewhere at least 4 times.
  curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech".
  curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech".
  curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function).
  curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"?
  
  Closes #2379

Daniel Stenberg (13 Mar 2018)
- CURLOPT_COOKIEFILE.3: "-" as file name means stdin
  
  Reported-by: Aron Bergman
  Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html
  
  [ci skip]

- Revert "hostip: fix compiler warning: 'variable set but not used'"
  
  This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248.
  
  The assignment really needs to be there or we risk working with an
  uninitialized pointer.

Michael Kaufmann (12 Mar 2018)
- limit-rate: fix compiler warning
  
  follow-up to 72a0f62

Viktor Szakats (12 Mar 2018)
- checksrc.pl: add -i and -m options
  
  To sync it with changes made for the libssh2 project.
  Also cleanup some whitespace.

- curl-openssl.m4: fix spelling [ci skip]

- FAQ: fix a broken URL [ci skip]

Daniel Stenberg (12 Mar 2018)
- http2: mark the connection for close on GOAWAY
  
  ... don't consider it an error!
  
  Assisted-by: Jay Satiro
  Reported-by: Łukasz Domeradzki
  Fixes #2365
  Closes #2375

- credits: Viktor prefers without accent

- openldap: white space changes, fixed up the copyright years

- openldap: check ldap_get_attribute_ber() results for NULL before using
  
  CVE-2018-1000121
  Reported-by: Dario Weisser
  Bug: https://curl.haxx.se/docs/adv_2018-97a2.html

- FTP: reject path components with control codes
  
  Refuse to operate when given path components featuring byte values lower
  than 32.
  
  Previously, inserting a %00 sequence early in the directory part when
  using the 'singlecwd' ftp method could make curl write a zero byte
  outside of the allocated buffer.
  
  Test case 340 verifies.
  
  CVE-2018-1000120
  Reported-by: Duy Phan Thanh
  Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html

- readwrite: make sure excess reads don't go beyond buffer end
  
  CVE-2018-1000122
  Bug: https://curl.haxx.se/docs/adv_2018-b047.html
  
  Detected by OSS-fuzz

- BUGS: updated link to security process

- limit-rate: kick in even before "limit" data has been received
  
  ... and make sure to avoid integer overflows with really large values.
  
  Reported-by: 刘佩东
  Fixes #2371
  Closes #2373

- docs/SECURITY.md -> docs/SECURITY-PROCESS.md

- SECURITY.md: call it the security process

Michael Kaufmann (11 Mar 2018)
- Curl_range: fix FTP-only and FILE-only builds
  
  follow-up to e04417d

- hostip: fix compiler warning: 'variable set but not used'

Daniel Stenberg (11 Mar 2018)
- HTTP: allow "header;" to replace an internal header with a blank one
  
  Reported-by: Michael Kaufmann
  Fixes #2357
  Closes #2362

- http2: verbose output new MAX_CONCURRENT_STREAMS values
  
  ... as it is interesting for many users.

- SECURITY: distros' max embargo time is 14 days now

Patrick Monnerat (8 Mar 2018)
- curl tool: accept --compressed also if Brotli is enabled and zlib is not.

Daniel Stenberg (5 Mar 2018)
- THANKS + mailmap: remove duplicates, fixup full names

- [sergii.kavunenko brought this change]

  WolfSSL: adding TLSv1.3
  
  Closes #2349

 projects/wolfssl_options.h                         \
 projects/wolfssl_override.props

WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat \
 winbuild/MakefileBuild.vc winbuild/Makefile.vc

EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \
 RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl \
 scripts/updatemanpages.pl $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) \
 lib/libcurl.vers.in buildconf.bat scripts/coverage.sh

CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \
 $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ) \
 $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) \
 $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) \
 $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) $(VC15_LIBVCXPROJ) $(VC15_SRCVCXPROJ)

#***************************************************************************
#                                  _   _ ____  _
#  Project                     ___| | | |  _ \| |
#                             / __| | | | |_) | |
#                            | (__| |_| |  _ <| |___
#                             \___|\___/|_| \_\_____|
#
# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at https://curl.haxx.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is

ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
ENABLE_SHARED = @ENABLE_SHARED@
ENABLE_STATIC = @ENABLE_STATIC@
EXEEXT = @EXEEXT@
FGREP = @FGREP@

GCOV = @GCOV@
GREP = @GREP@
HAVE_BROTLI = @HAVE_BROTLI@
HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@
HAVE_LDAP_SSL = @HAVE_LDAP_SSL@
HAVE_LIBZ = @HAVE_LIBZ@
HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@

IDN_ENABLED = @IDN_ENABLED@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
IPV6_ENABLED = @IPV6_ENABLED@

SSL_ENABLED = @SSL_ENABLED@
SSL_LIBS = @SSL_LIBS@
STRIP = @STRIP@
SUPPORT_FEATURES = @SUPPORT_FEATURES@
SUPPORT_PROTOCOLS = @SUPPORT_PROTOCOLS@
USE_ARES = @USE_ARES@
USE_CYASSL = @USE_CYASSL@
USE_DARWINSSL = @USE_DARWINSSL@
USE_GNUTLS = @USE_GNUTLS@
USE_GNUTLS_NETTLE = @USE_GNUTLS_NETTLE@
USE_LIBRTMP = @USE_LIBRTMP@
USE_LIBSSH = @USE_LIBSSH@
USE_LIBSSH2 = @USE_LIBSSH2@
USE_MBEDTLS = @USE_MBEDTLS@
USE_MESALINK = @USE_MESALINK@
USE_NGHTTP2 = @USE_NGHTTP2@
USE_NSS = @USE_NSS@
USE_OPENLDAP = @USE_OPENLDAP@
USE_POLARSSL = @USE_POLARSSL@
USE_SCHANNEL = @USE_SCHANNEL@

USE_UNIX_SOCKETS = @USE_UNIX_SOCKETS@
USE_WINDOWS_SSPI = @USE_WINDOWS_SSPI@
VERSION = @VERSION@
VERSIONNUM = @VERSIONNUM@
ZLIB_LIBS = @ZLIB_LIBS@
ZSH_FUNCTIONS_DIR = @ZSH_FUNCTIONS_DIR@
abs_builddir = @abs_builddir@

 projects/wolfssl_options.h                         \
 projects/wolfssl_override.props

WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat \
 winbuild/MakefileBuild.vc winbuild/Makefile.vc

EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \
 RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl \
 scripts/updatemanpages.pl $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) \
 lib/libcurl.vers.in buildconf.bat scripts/coverage.sh

CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \
 $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ) \
 $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) \
 $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) \
 $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) $(VC15_LIBVCXPROJ) $(VC15_SRCVCXPROJ)

  vauth/krb5_sspi.c vauth/ntlm.c vauth/ntlm_sspi.c vauth/oauth2.c       \
  vauth/spnego_gssapi.c vauth/spnego_sspi.c

LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h
LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c     \
  vtls/polarssl.c vtls/polarssl_threadlock.c                            \
  vtls/cyassl.c vtls/schannel.c vtls/schannel_verify.c                  \
  vtls/darwinssl.c vtls/gskit.c vtls/mbedtls.c vtls/mesalink.c

LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h                \
  vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h                \
  vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h           \
  vtls/mbedtls.h vtls/mesalink.h

LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c   \
  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c       \
  ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c         \
  getinfo.c transfer.c strcase.c easy.c security.c curl_fnmatch.c       \
  fileinfo.c ftplistparser.c wildcard.c krb5.c memdebug.c http_chunks.c \
  strtok.c connect.c llist.c hash.c multi.c content_encoding.c share.c  \
  http_digest.c md4.c md5.c http_negotiate.c inet_pton.c strtoofft.c    \
  strerror.c amigaos.c hostasyn.c hostip4.c hostip6.c hostsyn.c         \
  inet_ntop.c parsedate.c select.c tftp.c splay.c strdup.c socks.c      \
  ssh.c ssh-libssh.c curl_addrinfo.c socks_gssapi.c socks_sspi.c        \
  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c    \
  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c        \
  openldap.c curl_gethostname.c gopher.c idn_win32.c                    \
  http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c      \
  http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c        \
  curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c          \
  x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c      \
  mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c  \
  doh.c urlapi.c

LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
  formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h         \
  speedcheck.h urldata.h curl_ldap.h escape.h telnet.h getinfo.h        \
  strcase.h curl_sec.h memdebug.h http_chunks.h curl_fnmatch.h          \
  wildcard.h fileinfo.h ftplistparser.h strtok.h connect.h llist.h      \
  hash.h content_encoding.h share.h curl_md4.h curl_md5.h http_digest.h \
  http_negotiate.h inet_pton.h amigaos.h strtoofft.h strerror.h         \
  inet_ntop.h curlx.h curl_memory.h curl_setup.h transfer.h select.h    \
  easyif.h multiif.h parsedate.h tftp.h sockaddr.h splay.h strdup.h     \
  socks.h ssh.h curl_base64.h curl_addrinfo.h curl_sspi.h      \
  slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h     \
  rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h              \
  curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h           \
  http_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h             \
  curl_sasl.h curl_multibyte.h hostcheck.h conncache.h                  \
  curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h       \
  x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h           \
  curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h     \
  curl_path.h curl_ctype.h curl_range.h psl.h doh.h urlapi-int.h


LIB_RCFILES = libcurl.rc
CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES)
HHEADERS = $(LIB_HFILES) $(LIB_VAUTH_HFILES) $(LIB_VTLS_HFILES)

# libcurl has sources that provide functions named curlx_* that aren't part of
# the official API, but we re-use the code here to avoid duplication.

curl and libcurl 7.64.0

 Public curl releases:         179
 Command line options:         220
 curl_easy_setopt() options:   265
 Public functions in libcurl:  80
 Contributors:                 1875

This release includes the following changes:

 o cookies: leave secure cookies alone [3]
 o hostip: support wildcard hosts [23]
 o http: Implement trailing headers for chunked transfers [7]
 o http: added options for allowing HTTP/0.9 responses [10]
 o timeval: Use high resolution timestamps on Windows [19]

This release includes the following bugfixes:

 o CVE-2018-16890: NTLM type-2 out-of-bounds buffer read [67]
 o CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow [68]
 o CVE-2019-3823: SMTP end-of-response out-of-bounds read [66]
 o FAQ: remove mention of sourceforge for github [22]
 o OS400: handle memory error in list conversion [4]
 o OS400: upgrade ILE/RPG binding.
 o README: add codacy code quality badge
 o Revert http_negotiate: do not close connection [31]

 o THANKS: added several missing names from year <= 2000
 o build: make 'tidy' target work for metalink builds
 o cmake: added checks for variadic macros [47]
 o cmake: updated check for HAVE_POLL_FINE to match autotools [39]
 o cmake: use lowercase for function name like the rest of the code [20]
 o configure: detect xlclang separately from clang [41]
 o configure: fix recv/send/select detection on Android [53]
 o configure: rewrite --enable-code-coverage [61]
 o conncache_unlock: avoid indirection by changing input argument type



 o cookie: fix comment typo [44]
 o cookies: allow secure override when done over HTTPS [34]







 o cookies: extend domain checks to non psl builds [12]
 o cookies: skip custom cookies when redirecting cross-site [36]
 o curl --xattr: strip credentials from any URL that is stored [33]
 o curl -J: refuse to append to the destination file [14]
 o curl/urlapi.h: include "curl.h" first [30]
 o curl_multi_remove_handle() don't block terminating c-ares requests [32]
 o darwinssl: accept setting max-tls with default min-tls [6]
 o disconnect: separate connections and easy handles better [18]
 o disconnect: set conn->data for protocol disconnect


 o docs/version.d: mention MultiSSL [26]



 o docs: fix the --tls-max description [2]


 o docs: use $(INSTALL_DATA) to install man page [64]

 o docs: use meaningless port number in CURLOPT_LOCALPORT example [58]



 o gopher: always include the entire gopher-path in request [5]
 o http2: clear pause stream id if it gets closed [8]





 o if2ip: remove unused function Curl_if_is_interface_name [9]

 o libssh: do not let libssh create socket [63]
 o libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh [62]
 o libssh: free sftp_canonicalize_path() data correctly [17]



 o libtest/stub_gssapi: use "real" snprintf [27]



 o mbedtls: use VERIFYHOST [15]




 o multi: multiplexing improvements [35]

 o multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time [57]
 o ntlm: fix NTMLv2 compliance [25]
 o ntlm_sspi: add support for channel binding [54]
 o openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated [46]
 o openssl: fix the SSL_get_tlsext_status_ocsp_resp call [40]
 o openvms: fix OpenSSL discovery on VAX [21]
 o openvms: fix typos in documentation
 o os400: add a missing closing bracket [50]
 o os400: fix extra parameter syntax error [50]
 o pingpong: change default response timeout to 120 seconds
 o pingpong: ignore regular timeout in disconnect phase [16]
 o printf: fix format specifiers [28]


 o runtests.pl: Fix perl call to include srcdir [65]
 o schannel: fix compiler warning [29]
 o schannel: preserve original certificate path parameter [52]
 o schannel: stop calling it "winssl" [56]
 o sigpipe: if mbedTLS is used, ignore SIGPIPE [59]



 o smb: fix incorrect path in request if connection reused [13]
 o ssh: log the libssh2 error message when ssh session startup fails [55]


 o test1558: verify CURLINFO_PROTOCOL on file:// transfer [51]
 o test1561: improve test name
 o test1653: make it survive torture tests
 o tests: allow tests to pass by 2037-02-12 [38]
 o tests: move objnames-* from lib into tests [42]

 o timediff: fix math for unsigned time_t [37]
 o timeval: Disable MSVC Analyzer GetTickCount warning [60]
 o tool_cb_prg: avoid integer overflow [49]



 o travis: added cmake build for osx [43]





 o urlapi: Fix port parsing of eol colon [1]

 o urlapi: distinguish possibly empty query [5]
 o urlapi: fix parsing ipv6 with zone index [24]
 o urldata: rename easy_conn to just conn [48]
 o winbuild: conditionally use /DZLIB_WINAPI [45]



 o wolfssl: fix memory-leak in threaded use [11]
 o spnego_sspi: add support for channel binding [69]





This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Alessandro Ghedini, Andrei Neculau, Archangel SDY, Ayoub Boudhar, Ben Kohler,
  Bernhard M. Wiedemann, Brad Spencer, Brian Carpenter, Claes Jakobsson,

  Daniel Gustafsson, Daniel Stenberg, David Garske, dnivras on github,
  Eric Rosenquist, Etienne Simard, Felix Hädicke, Florian Pritz,
  Frank Gevaerts, Giorgos Oikonomou, Gisle Vanem, GitYuanQu on github,
  Haibo Huang, Harry Sintonen, Helge Klein, Huzaifa Sidhpurwala,
  jasal82 on github, Jeremie Rapin, Jeroen Ooms, Joel Depooter, John Marshall,
  jonrumsey on github, Julian Z, Kamil Dudka, Katsuhiko YOSHIDA, Kees Dekker,
  Ladar Levison, Leonardo Taccari, Marcel Raad, Markus Moeller,

  masbug on github, Matus Uzak, Michael Kujawa, Patrick Monnerat, Pavel Pavlov,
  Peng Li, Ray Satiro, Rikard Falkeborn, Ruslan Baratov, Sergei Nikulov,

  Shlomi Fish, Tobias Lindgren, Tom van der Woerdt, Viktor Szakats,
  Wenxiang Qian, William A. Rowe Jr, Zhao Yisha,
  (56 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = https://curl.haxx.se/bug/?i=3365
 [2] = https://curl.haxx.se/bug/?i=3368
 [3] = https://curl.haxx.se/bug/?i=2956
 [4] = https://curl.haxx.se/bug/?i=3372
 [5] = https://curl.haxx.se/bug/?i=3369
 [6] = https://curl.haxx.se/bug/?i=3367
 [7] = https://curl.haxx.se/bug/?i=3350
 [8] = https://curl.haxx.se/bug/?i=3392
 [9] = https://curl.haxx.se/bug/?i=3401
 [10] = https://curl.haxx.se/bug/?i=2873
 [11] = https://curl.haxx.se/bug/?i=3395
 [12] = https://curl.haxx.se/bug/?i=2964
 [13] = https://curl.haxx.se/bug/?i=3388
 [14] = https://curl.haxx.se/bug/?i=3380
 [15] = https://curl.haxx.se/bug/?i=3376
 [16] = https://curl.haxx.se/bug/?i=3264
 [17] = https://curl.haxx.se/bug/?i=3402










 [18] = https://curl.haxx.se/bug/?i=3400
 [19] = https://curl.haxx.se/bug/?i=3318
 [20] = https://curl.haxx.se/bug/?i=3196
 [21] = https://curl.haxx.se/bug/?i=3407
 [22] = https://curl.haxx.se/bug/?i=3410
 [23] = https://curl.haxx.se/bug/?i=3406
 [24] = https://curl.haxx.se/bug/?i=3411

 [25] = https://curl.haxx.se/bug/?i=3286
 [26] = https://curl.haxx.se/bug/?i=3432

 [27] = https://curl.haxx.se/mail/lib-2019-01/0000.html
 [28] = https://curl.haxx.se/bug/?i=3426
 [29] = https://curl.haxx.se/bug/?i=3435
 [30] = https://curl.haxx.se/bug/?i=3438
 [31] = https://curl.haxx.se/bug/?i=3384
 [32] = https://curl.haxx.se/bug/?i=3371
 [33] = https://curl.haxx.se/bug/?i=3423
 [34] = https://curl.haxx.se/bug/?i=3445


 [35] = https://curl.haxx.se/bug/?i=3436
 [36] = https://curl.haxx.se/bug/?i=3417



 [37] = https://curl.haxx.se/bug/?i=3449



 [38] = https://curl.haxx.se/bug/?i=3443
 [39] = https://curl.haxx.se/bug/?i=3292
 [40] = https://curl.haxx.se/bug/?i=3477
 [41] = https://curl.haxx.se/bug/?i=3474
 [42] = https://curl.haxx.se/bug/?i=3470
 [43] = https://curl.haxx.se/bug/?i=3468
 [44] = https://curl.haxx.se/bug/?i=3469
 [45] = https://curl.haxx.se/bug/?i=3133
 [46] = https://curl.haxx.se/bug/?i=3462
 [47] = https://curl.haxx.se/bug/?i=3459
 [48] = https://curl.haxx.se/bug/?i=3442
 [49] = https://curl.haxx.se/bug/?i=3456
 [50] = https://curl.haxx.se/bug/?i=3453
 [51] = https://curl.haxx.se/bug/?i=3447

 [52] = https://curl.haxx.se/bug/?i=3480
 [53] = https://curl.haxx.se/bug/?i=3484
 [54] = https://curl.haxx.se/bug/?i=3280
 [55] = https://curl.haxx.se/bug/?i=3481
 [56] = https://curl.haxx.se/bug/?i=3504
 [57] = https://curl.haxx.se/mail/lib-2019-01/0073.html
 [58] = https://curl.haxx.se/bug/?i=3513
 [59] = https://curl.haxx.se/bug/?i=3502
 [60] = https://curl.haxx.se/bug/?i=3437
 [61] = https://curl.haxx.se/bug/?i=3497
 [62] = https://curl.haxx.se/bug/?i=3493
 [63] = https://curl.haxx.se/bug/?i=3491
 [64] = https://curl.haxx.se/bug/?i=3518
 [65] = https://curl.haxx.se/bug/?i=3496
 [66] = https://curl.haxx.se/docs/CVE-2019-3823.html
 [67] = https://curl.haxx.se/docs/CVE-2018-16890.html
 [68] = https://curl.haxx.se/docs/CVE-2019-3822.html
 [69] = https://curl.haxx.se/bug/?i=3503

  curl_cv_ldap_LIBS="unknown"
  #
  for x_nlibs in '' "$u_libs" \
    '-lldap' \
    '-lldap -llber' \
    '-llber -lldap' \
    '-lldapssl -lldapx -lldapsdk' \
    '-lldapsdk -lldapx -lldapssl' ; do


    if test "$curl_cv_ldap_LIBS" = "unknown"; then
      if test -z "$x_nlibs"; then
        LIBS="$curl_cv_save_LIBS"
      else
        LIBS="$x_nlibs $curl_cv_save_LIBS"
      fi
      AC_LINK_IFELSE([

#include <winsock2.h>
#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#endif

#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#define RECVCALLCONV PASCAL
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#define RECVCALLCONV
#endif

                      extern $recv_retv RECVCALLCONV
                      recv($recv_arg1, $recv_arg2, $recv_arg3, $recv_arg4);

                    ]],[[
                      $recv_arg1 s=0;
                      $recv_arg2 buf=0;
                      $recv_arg3 len=0;
                      $recv_arg4 flags=0;
                      $recv_retv res = recv(s, buf, len, flags);
                    ]])

#include <winsock2.h>
#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#endif

#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#define SENDCALLCONV PASCAL
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#define SENDCALLCONV
#endif

                      extern $send_retv SENDCALLCONV
                      send($send_arg1, $send_arg2, $send_arg3, $send_arg4);

                    ]],[[
                      $send_arg1 s=0;
                      $send_arg3 len=0;
                      $send_arg4 flags=0;
                      $send_retv res = send(s, 0, len, flags);
                    ]])
                  ],[

#include <winsock2.h>
#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#endif

dnl CURL_CHECK_LIBS_CONNECT
dnl -------------------------------------------------
dnl Verify if network connect function is already available
dnl using current libraries or if another one is required.

AC_DEFUN([CURL_CHECK_LIBS_CONNECT], [
  AC_REQUIRE([CURL_INCLUDES_WINSOCK2])dnl

  AC_MSG_CHECKING([for connect in libraries])
  tst_connect_save_LIBS="$LIBS"
  tst_connect_need_LIBS="unknown"
  for tst_lib in '' '-lsocket' ; do
    if test "$tst_connect_need_LIBS" = "unknown"; then
      LIBS="$tst_lib $tst_connect_save_LIBS"
      AC_LINK_IFELSE([
        AC_LANG_PROGRAM([[
          $curl_includes_winsock2

          #ifndef HAVE_WINDOWS_H
            int connect(int, void*, int);
          #endif
        ]],[[
          if(0 != connect(0, 0, 0))
            return 1;
        ]])
      ],[

#endif
#else
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#endif
#ifndef HAVE_WINDOWS_H





#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#endif

#endif
#else
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#endif
#ifndef HAVE_WINDOWS_H





#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#define SELECTCALLCONV
#endif
#ifndef HAVE_STRUCT_TIMEVAL
                    struct timeval {
                      long tv_sec;
                      long tv_usec;
                    };
#endif

                    extern $sel_retv SELECTCALLCONV
				select($sel_arg1,
					$sel_arg234,
					$sel_arg234,
					$sel_arg234,
					$sel_arg5);

                  ]],[[
                    $sel_arg1   nfds=0;
                    $sel_arg234 rfds=0;
                    $sel_arg234 wfds=0;
                    $sel_arg234 efds=0;
                    $sel_retv res = select(nfds, rfds, wfds, efds, 0);
                  ]])

subdirs
USE_MANUAL_FALSE
USE_MANUAL_TRUE
MANOPT
NROFF
PERL
IPV6_ENABLED

ZSH_FUNCTIONS_DIR
USE_NGHTTP2
IDN_ENABLED
CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_FALSE
CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_TRUE
CURL_LT_SHLIB_VERSIONED_FLAVOUR
USE_LIBRTMP

USE_POLARSSL
HAVE_GNUTLS_SRP
USE_GNUTLS_NETTLE
USE_GNUTLS
HAVE_OPENSSL_SRP
RANDOM_FILE
SSL_LIBS
USE_DARWINSSL
USE_WINDOWS_SSPI
USE_SCHANNEL
DEFAULT_SSL_BACKEND
BUILD_STUB_GSS_FALSE
BUILD_STUB_GSS_TRUE
USE_OPENLDAP
HAVE_BROTLI
ZLIB_LIBS
HAVE_LIBZ_FALSE
HAVE_LIBZ_TRUE
HAVE_LIBZ
PKGCONFIG

CURL_DISABLE_GOPHER
CURL_DISABLE_SMTP
CURL_DISABLE_SMB
CURL_DISABLE_IMAP
CURL_DISABLE_POP3
CURL_DISABLE_TFTP
CURL_DISABLE_TELNET

with_gssapi_includes
with_gssapi_libs
with_gssapi
with_default_ssl_backend
with_winssl
with_schannel
with_darwinssl


with_ssl
with_egd_socket
with_random
enable_openssl_auto_load_config
with_gnutls
with_polarssl
with_mbedtls

with_libssh
with_librtmp
enable_versioned_symbols
with_winidn
with_libidn2
with_nghttp2
with_zsh_functions_dir

enable_threaded_resolver
enable_pthreads
enable_verbose
enable_sspi
enable_crypto_auth
enable_ntlm_wb
enable_tls_srp
enable_unix_sockets
enable_cookies

'
      ac_precious_vars='build_alias
host_alias
target_alias
CC
CFLAGS
LDFLAGS

                          helper
  --enable-tls-srp        Enable TLS-SRP authentication
  --disable-tls-srp       Disable TLS-SRP authentication
  --enable-unix-sockets   Enable Unix domain sockets
  --disable-unix-sockets  Disable Unix domain sockets
  --enable-cookies        Enable cookies support
  --disable-cookies       Disable cookies support



Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --with-pic[=PKGS]       try to use only PIC/non-PIC objects [default=use
                          both]
  --with-aix-soname=aix|svr4|both

                          Use implicit default SSL backend
  --with-winssl           enable Windows native SSL/TLS
  --without-winssl        disable Windows native SSL/TLS
  --with-schannel         enable Windows native SSL/TLS
  --without-schannel      disable Windows native SSL/TLS
  --with-darwinssl        enable Apple OS native SSL/TLS
  --without-darwinssl     disable Apple OS native SSL/TLS





  --with-ssl=PATH         Where to look for OpenSSL, PATH points to the SSL
                          installation (default: /usr/local/ssl); when
                          possible, set the PKG_CONFIG_PATH environment
                          variable instead of using this option
  --without-ssl           disable OpenSSL
  --with-egd-socket=FILE  Entropy Gathering Daemon socket pathname
  --with-random=FILE      read randomness from FILE (default=/dev/urandom)

  --without-libidn2       Disable libidn2 usage
  --with-nghttp2=PATH     Enable nghttp2 usage
  --without-nghttp2       Disable nghttp2 usage
  --with-zsh-functions-dir=PATH
                          Install zsh completions to PATH
  --without-zsh-functions-dir
                          Do not install zsh completions





Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
              nonstandard directory <lib dir>
  LIBS        libraries to pass to the linker, e.g. -l<library>

PKGADD_PKG="HAXXcurl"
PKGADD_NAME="curl - a client that groks URLs"
PKGADD_VENDOR="curl.haxx.se"




    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,winssl,darwinssl,mesalink} )"
    curl_ssh_msg="no      (--with-libssh2)"
   curl_zlib_msg="no      (--with-zlib)"
 curl_brotli_msg="no      (--with-brotli)"
    curl_gss_msg="no      (--with-gssapi)"
curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
   curl_ipv6_msg="no      (--enable-ipv6)"

    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
      case $cc_basename in
      # old Intel for x86_64, which still supported -KPIC.
      ecc*)
	lt_prog_compiler_wl='-Wl,'
	lt_prog_compiler_pic='-KPIC'
	lt_prog_compiler_static='-static'






        ;;
      # icc used to be incompatible with GCC.
      # ICC 10 doesn't accept -KPIC any more.
      icc* | ifort*)
	lt_prog_compiler_wl='-Wl,'
	lt_prog_compiler_pic='-fPIC'
	lt_prog_compiler_static='-static'

    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }

fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext



{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to support http" >&5
$as_echo_n "checking whether to support http... " >&6; }
# Check whether --enable-http was given.
if test "${enable_http+set}" = set; then :
  enableval=$enable_http;  case "$enableval" in
  no)

    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }

fi
rm -f core conftest.err conftest.$ac_objext \
    conftest$ac_exeext conftest.$ac_ext
fi












































if test "$HAVE_GETHOSTBYNAME" != "1"
then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnetwork" >&5
$as_echo_n "checking for gethostbyname in -lnetwork... " >&6; }
if ${ac_cv_lib_network_gethostbyname+:} false; then :
  $as_echo_n "(cached) " >&6

_ACEOF

      ;;
  esac

























    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for connect in libraries" >&5
$as_echo_n "checking for connect in libraries... " >&6; }
  tst_connect_save_LIBS="$LIBS"
  tst_connect_need_LIBS="unknown"
  for tst_lib in '' '-lsocket' ; do
    if test "$tst_connect_need_LIBS" = "unknown"; then
      LIBS="$tst_lib $tst_connect_save_LIBS"
      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


          $curl_includes_winsock2

          #ifndef HAVE_WINDOWS_H
            int connect(int, void*, int);
          #endif

int main (void)
{

          if(0 != connect(0, 0, 0))

  curl_cv_ldap_LIBS="unknown"
  #
  for x_nlibs in '' "$u_libs" \
    '-lldap' \
    '-lldap -llber' \
    '-llber -lldap' \
    '-lldapssl -lldapx -lldapsdk' \
    '-lldapsdk -lldapx -lldapssl' ; do


    if test "$curl_cv_ldap_LIBS" = "unknown"; then
      if test -z "$x_nlibs"; then
        LIBS="$curl_cv_save_LIBS"
      else
        LIBS="$x_nlibs $curl_cv_save_LIBS"
      fi
      cat confdefs.h - <<_ACEOF >conftest.$ac_ext

  fi
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
else
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi

OPT_DARWINSSL=no

# Check whether --with-darwinssl was given.
if test "${with_darwinssl+set}" = set; then :
  withval=$with_darwinssl; OPT_DARWINSSL=$withval
fi









{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable Apple OS native SSL/TLS" >&5
$as_echo_n "checking whether to enable Apple OS native SSL/TLS... " >&6; }
if test -z "$ssl_backends" -o "x$OPT_DARWINSSL" != xno; then
  if test "x$OPT_DARWINSSL" != "xno" &&
     test -d "/System/Library/Frameworks/Security.framework"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }

$as_echo "#define USE_DARWINSSL 1" >>confdefs.h

    USE_DARWINSSL=1

    ssl_msg="Apple OS-native"
    test darwinssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
    DARWINSSL_ENABLED=1
    LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
  else
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
  fi
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"








































else
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi


OPT_SSL=off

done


      LIBS="-l$cyassllibname -lm $LIBS"

      if test "x$cyassllibname" = "xwolfssl"; then
                        for ac_func in wolfSSLv3_client_method \
                       wolfSSL_CTX_UseSupportedCurve \
                       wolfSSL_get_peer_certificate \
                       wolfSSL_UseALPN
do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF

      fi

    fi
  fi
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi

case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED$MESALINK_ENABLED" in
x)
  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more." >&5
$as_echo "$as_me: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more." >&2;}
  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-winssl, --with-darwinssl, or --with-mesalink to address this." >&5
$as_echo "$as_me: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-winssl, --with-darwinssl, or --with-mesalink to address this." >&2;}
  ;;
x1)
  # one SSL backend is enabled

  SSL_ENABLED="1"
  { $as_echo "$as_me:${as_lineno-$LINENO}: built with one SSL backend" >&5
$as_echo "$as_me: built with one SSL backend" >&6;}

LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_psl_builtin" >&5
$as_echo "$ac_cv_search_psl_builtin" >&6; }
ac_res=$ac_cv_search_psl_builtin
if test "$ac_res" != no; then :
  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
  curl_psl_msg="yes";

$as_echo "#define USE_LIBPSL 1" >>confdefs.h


else
  curl_psl_msg="no      (libpsl not found)";
     { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libpsl was not found" >&5
$as_echo "$as_me: WARNING: libpsl was not found" >&2;}


fi

fi
 if test "$curl_psl_msg" = "yes"; then
  USE_LIBPSL_TRUE=
  USE_LIBPSL_FALSE='#'
else
  USE_LIBPSL_TRUE='#'
  USE_LIBPSL_FALSE=
fi

        elif test "x$NSS_ENABLED" = "x1"; then
          versioned_symbols_flavour="NSS_"
        elif test "x$POLARSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="POLARSSL_"
        elif test "x$CYASSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="CYASSL_"
        elif test "x$WINSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="WINSSL_"
        elif test "x$DARWINSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="DARWINSSL_"
        else
          versioned_symbols_flavour=""
        fi
        versioned_symbols="yes"
    fi
    ;;

    ;;
  *)
        ZSH_FUNCTIONS_DIR="$withval"

    ;;
esac























{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
$as_echo_n "checking for ANSI C header files... " >&6; }
if ${ac_cv_header_stdc+:} false; then :
  $as_echo_n "(cached) " >&6
else
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext

  cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF

fi

done



{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
if ${ac_cv_c_const+:} false; then :
  $as_echo_n "(cached) " >&6
else

#endif
#else
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#endif
#ifndef HAVE_WINDOWS_H





#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#endif

#endif
#else
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#endif
#ifndef HAVE_WINDOWS_H





#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#define SELECTCALLCONV
#endif
#ifndef HAVE_STRUCT_TIMEVAL
                    struct timeval {
                      long tv_sec;
                      long tv_usec;
                    };
#endif

                    extern $sel_retv SELECTCALLCONV
				select($sel_arg1,
					$sel_arg234,
					$sel_arg234,
					$sel_arg234,
					$sel_arg5);


int main (void)
{

                    $sel_arg1   nfds=0;
                    $sel_arg234 rfds=0;
                    $sel_arg234 wfds=0;

#include <winsock2.h>
#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#endif

#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#define RECVCALLCONV PASCAL
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#define RECVCALLCONV
#endif

                      extern $recv_retv RECVCALLCONV
                      recv($recv_arg1, $recv_arg2, $recv_arg3, $recv_arg4);


int main (void)
{

                      $recv_arg1 s=0;
                      $recv_arg2 buf=0;
                      $recv_arg3 len=0;

#include <winsock2.h>
#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#endif

#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#define SENDCALLCONV PASCAL
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#define SENDCALLCONV
#endif

                      extern $send_retv SENDCALLCONV
                      send($send_arg1, $send_arg2, $send_arg3, $send_arg4);


int main (void)
{

                      $send_arg1 s=0;
                      $send_arg3 len=0;
                      $send_arg4 flags=0;

#include <winsock2.h>
#else
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#endif
#else




#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#endif

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if closesocket can be linked" >&5
$as_echo_n "checking if closesocket can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


      $curl_includes_winsock2

      $curl_includes_socket

int main (void)
{

      if(0 != closesocket(0))
        return 1;

  if test "$tst_links_closesocket" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if closesocket is prototyped" >&5
$as_echo_n "checking if closesocket is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_winsock2

      $curl_includes_socket

_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "closesocket" >/dev/null 2>&1; then :

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if closesocket is compilable" >&5
$as_echo_n "checking if closesocket is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2

        $curl_includes_socket

int main (void)
{

        if(0 != closesocket(0))
          return 1;

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if connect can be linked" >&5
$as_echo_n "checking if connect can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


      $curl_includes_winsock2

      $curl_includes_sys_socket
      $curl_includes_socket

int main (void)
{

      if(0 != connect(0, 0, 0))

  if test "$tst_links_connect" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if connect is prototyped" >&5
$as_echo_n "checking if connect is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_winsock2

      $curl_includes_sys_socket
      $curl_includes_socket

_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "connect" >/dev/null 2>&1; then :

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if connect is compilable" >&5
$as_echo_n "checking if connect is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2

        $curl_includes_sys_socket
        $curl_includes_socket

int main (void)
{

        if(0 != connect(0, 0, 0))

  else
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
    curl_cv_func_fcntl="no"
  fi


curl_includes_stdio="\
/* includes start */
#ifdef HAVE_SYS_TYPES_H
#  include <sys/types.h>
#endif
#ifdef HAVE_STDIO_H
#  include <stdio.h>
#endif
/* includes end */"
  for ac_header in sys/types.h stdio.h
do :
  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$curl_includes_stdio
"
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF

fi

done



    #
  tst_links_fdopen="unknown"
  tst_proto_fdopen="unknown"
  tst_compi_fdopen="unknown"
  tst_allow_fdopen="unknown"
  #
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fdopen can be linked" >&5
$as_echo_n "checking if fdopen can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


#define fdopen innocuous_fdopen
#ifdef __STDC__
# include <limits.h>
#else
# include <assert.h>
#endif
#undef fdopen
#ifdef __cplusplus
extern "C"
#endif
char fdopen ();
#if defined __stub_fdopen || defined __stub___fdopen
choke me
#endif

int main (void)
{
return fdopen ();
 ;
 return 0;
}

_ACEOF
if ac_fn_c_try_link "$LINENO"; then :

    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
    tst_links_fdopen="yes"

else

    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
    tst_links_fdopen="no"

fi
rm -f core conftest.err conftest.$ac_objext \
    conftest$ac_exeext conftest.$ac_ext
  #
  if test "$tst_links_fdopen" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fdopen is prototyped" >&5
$as_echo_n "checking if fdopen is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_stdio

_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "fdopen" >/dev/null 2>&1; then :

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
      tst_proto_fdopen="yes"

else

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
      tst_proto_fdopen="no"

fi
rm -f conftest*

  fi
  #
  if test "$tst_proto_fdopen" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fdopen is compilable" >&5
$as_echo_n "checking if fdopen is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_stdio

int main (void)
{

        if(0 != fdopen(0, 0))
          return 1;

 ;
 return 0;
}

_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
      tst_compi_fdopen="yes"

else

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
      tst_compi_fdopen="no"

fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
  fi
  #
  if test "$tst_compi_fdopen" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fdopen usage allowed" >&5
$as_echo_n "checking if fdopen usage allowed... " >&6; }
    if test "x$curl_disallow_fdopen" != "xyes"; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
      tst_allow_fdopen="yes"
    else
      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
      tst_allow_fdopen="no"
    fi
  fi
  #
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fdopen might be used" >&5
$as_echo_n "checking if fdopen might be used... " >&6; }
  if test "$tst_links_fdopen" = "yes" &&
     test "$tst_proto_fdopen" = "yes" &&
     test "$tst_compi_fdopen" = "yes" &&
     test "$tst_allow_fdopen" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }

cat >>confdefs.h <<_ACEOF
#define HAVE_FDOPEN 1
_ACEOF

    curl_cv_func_fdopen="yes"
  else
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
    curl_cv_func_fdopen="no"
  fi


curl_includes_ws2tcpip="\
/* includes start */
#ifdef HAVE_WINDOWS_H
#  ifndef WIN32_LEAN_AND_MEAN
#    define WIN32_LEAN_AND_MEAN
#  endif

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gai_strerror can be linked" >&5
$as_echo_n "checking if gai_strerror can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


      $curl_includes_winsock2

      $curl_includes_netdb

int main (void)
{

      if(0 != gai_strerror(0))
        return 1;

  if test "$tst_links_gai_strerror" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gai_strerror is prototyped" >&5
$as_echo_n "checking if gai_strerror is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_winsock2

      $curl_includes_netdb

_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "gai_strerror" >/dev/null 2>&1; then :

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gai_strerror is compilable" >&5
$as_echo_n "checking if gai_strerror is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2

        $curl_includes_netdb

int main (void)
{

        if(0 != gai_strerror(0))
          return 1;

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyaddr can be linked" >&5
$as_echo_n "checking if gethostbyaddr can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


      $curl_includes_winsock2

      $curl_includes_netdb

int main (void)
{

      if(0 != gethostbyaddr(0, 0, 0))
        return 1;

  if test "$tst_links_gethostbyaddr" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyaddr is prototyped" >&5
$as_echo_n "checking if gethostbyaddr is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_winsock2

      $curl_includes_netdb

_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "gethostbyaddr" >/dev/null 2>&1; then :

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyaddr is compilable" >&5
$as_echo_n "checking if gethostbyaddr is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2

        $curl_includes_netdb

int main (void)
{

        if(0 != gethostbyaddr(0, 0, 0))
          return 1;

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyname can be linked" >&5
$as_echo_n "checking if gethostbyname can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


      $curl_includes_winsock2

      $curl_includes_netdb

int main (void)
{

      if(0 != gethostbyname(0))
        return 1;

  if test "$tst_links_gethostbyname" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyname is prototyped" >&5
$as_echo_n "checking if gethostbyname is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_winsock2

      $curl_includes_netdb

_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "gethostbyname" >/dev/null 2>&1; then :

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyname is compilable" >&5
$as_echo_n "checking if gethostbyname is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2

        $curl_includes_netdb

int main (void)
{

        if(0 != gethostbyname(0))
          return 1;

#  define FUNCALLCONV __stdcall
#else
#  define FUNCALLCONV
#endif
/* preprocess end */"


        #
  tst_links_gethostname="unknown"
  tst_proto_gethostname="unknown"
  tst_compi_gethostname="unknown"
  tst_allow_gethostname="unknown"
  #
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostname can be linked" >&5
$as_echo_n "checking if gethostname can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


      $curl_includes_winsock2

      $curl_includes_unistd

int main (void)
{

      if(0 != gethostname(0, 0))
        return 1;

  if test "$tst_links_gethostname" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostname is prototyped" >&5
$as_echo_n "checking if gethostname is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_winsock2

      $curl_includes_unistd

_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "gethostname" >/dev/null 2>&1; then :

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostname is compilable" >&5
$as_echo_n "checking if gethostname is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2

        $curl_includes_unistd

int main (void)
{

        if(0 != gethostname(0, 0))
          return 1;

      for tst_arg2 in 'int' 'unsigned int' 'size_t'; do
        if test "$tst_gethostname_type_arg2" = "unknown"; then
          cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


              $curl_includes_winsock2

              $curl_includes_unistd
              $curl_preprocess_callconv
              extern int FUNCALLCONV gethostname($tst_arg1, $tst_arg2);

int main (void)
{

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ioctlsocket can be linked" >&5
$as_echo_n "checking if ioctlsocket can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


      $curl_includes_winsock2


int main (void)
{

      if(0 != ioctlsocket(0, 0, 0))
        return 1;

  if test "$tst_links_ioctlsocket" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ioctlsocket is prototyped" >&5
$as_echo_n "checking if ioctlsocket is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_winsock2


_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "ioctlsocket" >/dev/null 2>&1; then :

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ioctlsocket is compilable" >&5
$as_echo_n "checking if ioctlsocket is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2


int main (void)
{

        if(0 != ioctlsocket(0, 0, 0))
          return 1;

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ioctlsocket FIONBIO is compilable" >&5
$as_echo_n "checking if ioctlsocket FIONBIO is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2


int main (void)
{

        int flags = 0;
        if(0 != ioctlsocket(0, FIONBIO, &flags))
          return 1;

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setsockopt can be linked" >&5
$as_echo_n "checking if setsockopt can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


      $curl_includes_winsock2

      $curl_includes_sys_socket

int main (void)
{

      if(0 != setsockopt(0, 0, 0, 0, 0))
        return 1;

  if test "$tst_links_setsockopt" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setsockopt is prototyped" >&5
$as_echo_n "checking if setsockopt is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_winsock2

      $curl_includes_sys_socket

_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "setsockopt" >/dev/null 2>&1; then :

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setsockopt is compilable" >&5
$as_echo_n "checking if setsockopt is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2

        $curl_includes_sys_socket

int main (void)
{

        if(0 != setsockopt(0, 0, 0, 0, 0))
          return 1;

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setsockopt SO_NONBLOCK is compilable" >&5
$as_echo_n "checking if setsockopt SO_NONBLOCK is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2

        $curl_includes_sys_socket

int main (void)
{

        if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0))
          return 1;

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if socket can be linked" >&5
$as_echo_n "checking if socket can be linked... " >&6; }
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


      $curl_includes_winsock2

      $curl_includes_sys_socket
      $curl_includes_socket

int main (void)
{

      if(0 != socket(0, 0, 0))

  if test "$tst_links_socket" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if socket is prototyped" >&5
$as_echo_n "checking if socket is prototyped... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

      $curl_includes_winsock2

      $curl_includes_sys_socket
      $curl_includes_socket

_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  $EGREP "socket" >/dev/null 2>&1; then :

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if socket is compilable" >&5
$as_echo_n "checking if socket is compilable... " >&6; }
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


        $curl_includes_winsock2

        $curl_includes_sys_socket
        $curl_includes_socket

int main (void)
{

        if(0 != socket(0, 0, 0))

else
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }

fi


































  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether hiding of library internal symbols will actually happen" >&5
$as_echo_n "checking whether hiding of library internal symbols will actually happen... " >&6; }
  CFLAG_CURL_SYMBOL_HIDING=""
  doing_symbol_hiding="no"
  if test x"$curl_cv_native_windows" != "xyes" &&
    test "$want_symbol_hiding" = "yes" &&

  SUPPORT_FEATURES="$SUPPORT_FEATURES SSPI"
fi

if test "x$HAVE_GSSAPI" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
fi

if test "x$curl_psl_msg" = "xyes"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES PSL"
fi





if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
fi

if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
  SUPPORT_FEATURES="$SUPPORT_FEATURES Kerberos"
fi

if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
  if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
      -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"

    if test "x$CURL_DISABLE_HTTP" != "x1" -a \
        "x$NTLM_WB_ENABLED" = "x1"; then
      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
    fi
  fi

    SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS"
  fi
fi
if test "x$CURL_DISABLE_SMB" != "x1" \
    -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
    -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
      -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1" \); then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
  if test "x$SSL_ENABLED" = "x1"; then
    SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS"
  fi
fi
if test "x$CURL_DISABLE_SMTP" != "x1"; then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTP"

  Compiler:         ${CC}
   CFLAGS:          ${CFLAGS}
   CPPFLAGS:        ${CPPFLAGS}
   LDFLAGS:         ${LDFLAGS}
   LIBS:            ${LIBS}

  curl version:     ${CURLVERSION}
  SSL support:      ${curl_ssl_msg}
  SSH support:      ${curl_ssh_msg}
  zlib support:     ${curl_zlib_msg}
  brotli support:   ${curl_brotli_msg}
  GSS-API support:  ${curl_gss_msg}
  TLS-SRP support:  ${curl_tls_srp_msg}
  resolver:         ${curl_res_msg}
  IPv6 support:     ${curl_ipv6_msg}
  Unix sockets support: ${curl_unix_sockets_msg}
  IDN support:      ${curl_idn_msg}
  Build libcurl:    Shared=${enable_shared}, Static=${enable_static}
  Built-in manual:  ${curl_manual_msg}
  --libcurl option: ${curl_libcurl_msg}
  Verbose errors:   ${curl_verbose_msg}
  Code coverage:    ${curl_coverage_msg}
  SSPI support:     ${curl_sspi_msg}
  ca cert bundle:   ${ca}${ca_warning}
  ca cert path:     ${capath}${capath_warning}
  ca fallback:      ${with_ca_fallback}
  LDAP support:     ${curl_ldap_msg}
  LDAPS support:    ${curl_ldaps_msg}
  RTSP support:     ${curl_rtsp_msg}
  RTMP support:     ${curl_rtmp_msg}
  metalink support: ${curl_mtlnk_msg}
  PSL support:      ${curl_psl_msg}

  HTTP2 support:    ${curl_h2_msg}
  Protocols:        ${SUPPORT_PROTOCOLS}

" >&5
$as_echo "$as_me: Configured to build curl/libcurl:

  Host setup:       ${host}
  Install prefix:   ${prefix}
  Compiler:         ${CC}
   CFLAGS:          ${CFLAGS}
   CPPFLAGS:        ${CPPFLAGS}
   LDFLAGS:         ${LDFLAGS}
   LIBS:            ${LIBS}

  curl version:     ${CURLVERSION}
  SSL support:      ${curl_ssl_msg}
  SSH support:      ${curl_ssh_msg}
  zlib support:     ${curl_zlib_msg}
  brotli support:   ${curl_brotli_msg}
  GSS-API support:  ${curl_gss_msg}
  TLS-SRP support:  ${curl_tls_srp_msg}
  resolver:         ${curl_res_msg}
  IPv6 support:     ${curl_ipv6_msg}
  Unix sockets support: ${curl_unix_sockets_msg}
  IDN support:      ${curl_idn_msg}
  Build libcurl:    Shared=${enable_shared}, Static=${enable_static}
  Built-in manual:  ${curl_manual_msg}
  --libcurl option: ${curl_libcurl_msg}
  Verbose errors:   ${curl_verbose_msg}
  Code coverage:    ${curl_coverage_msg}
  SSPI support:     ${curl_sspi_msg}
  ca cert bundle:   ${ca}${ca_warning}
  ca cert path:     ${capath}${capath_warning}
  ca fallback:      ${with_ca_fallback}
  LDAP support:     ${curl_ldap_msg}
  LDAPS support:    ${curl_ldaps_msg}
  RTSP support:     ${curl_rtsp_msg}
  RTMP support:     ${curl_rtmp_msg}
  metalink support: ${curl_mtlnk_msg}
  PSL support:      ${curl_psl_msg}

  HTTP2 support:    ${curl_h2_msg}
  Protocols:        ${SUPPORT_PROTOCOLS}

" >&6;}

PKGADD_VENDOR="curl.haxx.se"
AC_SUBST(PKGADD_PKG)
AC_SUBST(PKGADD_NAME)
AC_SUBST(PKGADD_VENDOR)

dnl
dnl initialize all the info variables
    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,winssl,darwinssl,mesalink} )"
    curl_ssh_msg="no      (--with-libssh2)"
   curl_zlib_msg="no      (--with-zlib)"
 curl_brotli_msg="no      (--with-brotli)"
    curl_gss_msg="no      (--with-gssapi)"
curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
   curl_ipv6_msg="no      (--enable-ipv6)"

    curl_cv_header_winber_h="no"
    ;;
esac
CURL_CHECK_WIN32_LARGEFILE

CURL_MAC_CFLAGS
CURL_SUPPORTS_BUILTIN_AVAILABLE


dnl ************************************************************
dnl switch off particular protocols
dnl
AC_MSG_CHECKING([whether to support http])
AC_ARG_ENABLE(http,
AC_HELP_STRING([--enable-http],[Enable HTTP support])

  ],[
    AC_MSG_RESULT([yes])
    HAVE_GETHOSTBYNAME="1"
  ],[
    AC_MSG_RESULT([no])
  ])
fi























if test "$HAVE_GETHOSTBYNAME" != "1"
then
  dnl gethostbyname in the network lib - for Haiku OS
  AC_CHECK_LIB(network, gethostbyname,
               [HAVE_GETHOSTBYNAME="1"
               LIBS="-lnetwork $LIBS"

    AC_MSG_RESULT(no)
  fi
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
else
  AC_MSG_RESULT(no)
fi

OPT_DARWINSSL=no
AC_ARG_WITH(darwinssl,dnl
AC_HELP_STRING([--with-darwinssl],[enable Apple OS native SSL/TLS])
AC_HELP_STRING([--without-darwinssl], [disable Apple OS native SSL/TLS]),
  OPT_DARWINSSL=$withval)






AC_MSG_CHECKING([whether to enable Apple OS native SSL/TLS])
if test -z "$ssl_backends" -o "x$OPT_DARWINSSL" != xno; then
  if test "x$OPT_DARWINSSL" != "xno" &&
     test -d "/System/Library/Frameworks/Security.framework"; then
    AC_MSG_RESULT(yes)
    AC_DEFINE(USE_DARWINSSL, 1, [to enable Apple OS native SSL/TLS support])
    AC_SUBST(USE_DARWINSSL, [1])
    ssl_msg="Apple OS-native"
    test darwinssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
    DARWINSSL_ENABLED=1
    LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
  else
    AC_MSG_RESULT(no)
  fi
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"





























else
  AC_MSG_RESULT(no)
fi

dnl **********************************************************************
dnl Check for the presence of SSL libraries and headers
dnl **********************************************************************

      LIBS="-l$cyassllibname -lm $LIBS"

      if test "x$cyassllibname" = "xwolfssl"; then
        dnl Recent WolfSSL versions build without SSLv3 by default
        dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*
        AC_CHECK_FUNCS(wolfSSLv3_client_method \
                       wolfSSL_CTX_UseSupportedCurve \
                       wolfSSL_get_peer_certificate \
                       wolfSSL_UseALPN)
      else
        dnl Cyassl needs configure --enable-opensslextra to have *get_peer*
        AC_CHECK_FUNCS(CyaSSL_CTX_UseSupportedCurve \
                       CyaSSL_get_peer_certificate)
      fi

    fi dnl NSS found

  fi dnl NSS not disabled

  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi

case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED$MESALINK_ENABLED" in
x)
  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-winssl, --with-darwinssl, or --with-mesalink to address this.])
  ;;
x1)
  # one SSL backend is enabled
  AC_SUBST(SSL_ENABLED)
  SSL_ENABLED="1"
  AC_MSG_NOTICE([built with one SSL backend])
  ;;

AC_ARG_WITH(libpsl,
           AS_HELP_STRING([--without-libpsl],
           [disable support for libpsl cookie checking]),
           with_libpsl=$withval,
           with_libpsl=yes)
if test $with_libpsl != "no"; then
  AC_SEARCH_LIBS(psl_builtin, psl,
    [curl_psl_msg="yes";
     AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled])
     ],
    [curl_psl_msg="no      (libpsl not found)";
     AC_MSG_WARN([libpsl was not found])
     ]
  )
fi
AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "yes"])

dnl **********************************************************************
dnl Check for libmetalink
dnl **********************************************************************

OPT_LIBMETALINK=no

        elif test "x$NSS_ENABLED" = "x1"; then
          versioned_symbols_flavour="NSS_"
        elif test "x$POLARSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="POLARSSL_"
        elif test "x$CYASSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="CYASSL_"
        elif test "x$WINSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="WINSSL_"
        elif test "x$DARWINSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="DARWINSSL_"
        else
          versioned_symbols_flavour=""
        fi
        versioned_symbols="yes"
    fi
    ;;

    ;;
  *)
    dnl --with-zsh-functions-dir option used with path
    ZSH_FUNCTIONS_DIR="$withval"
    AC_SUBST(ZSH_FUNCTIONS_DIR)
    ;;
esac


























dnl **********************************************************************
dnl Back to "normal" configuring
dnl **********************************************************************

dnl Checks for header files.
AC_HEADER_STDC

#include <netinet/in6.h>
#endif
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#endif
]
)


dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
CURL_CHECK_VARIADIC_MACROS
AC_TYPE_SIZE_T
AC_HEADER_TIME
CURL_CHECK_STRUCT_TIMEVAL

CURL_CHECK_FUNC_ALARM
CURL_CHECK_FUNC_BASENAME
CURL_CHECK_FUNC_CLOSESOCKET
CURL_CHECK_FUNC_CLOSESOCKET_CAMEL
CURL_CHECK_FUNC_CONNECT
CURL_CHECK_FUNC_FCNTL
CURL_CHECK_FUNC_FDOPEN
CURL_CHECK_FUNC_FREEADDRINFO
CURL_CHECK_FUNC_FREEIFADDRS
CURL_CHECK_FUNC_FSETXATTR
CURL_CHECK_FUNC_FTRUNCATE
CURL_CHECK_FUNC_GETADDRINFO
CURL_CHECK_FUNC_GAI_STRERROR
CURL_CHECK_FUNC_GETHOSTBYADDR

       AC_DEFINE(CURL_DISABLE_COOKIES, 1, [to disable cookies support])
       ;;
  *)   AC_MSG_RESULT(yes)
       ;;
  esac ],
       AC_MSG_RESULT(yes)
)



























dnl ************************************************************
dnl hiding of library internal symbols
dnl
CURL_CONFIGURE_SYMBOL_HIDING

dnl

  SUPPORT_FEATURES="$SUPPORT_FEATURES SSPI"
fi

if test "x$HAVE_GSSAPI" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
fi

if test "x$curl_psl_msg" = "xyes"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES PSL"
fi





if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
fi

if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
  SUPPORT_FEATURES="$SUPPORT_FEATURES Kerberos"
fi

if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
  if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
      -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"

    if test "x$CURL_DISABLE_HTTP" != "x1" -a \
        "x$NTLM_WB_ENABLED" = "x1"; then
      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
    fi
  fi

    SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS"
  fi
fi
if test "x$CURL_DISABLE_SMB" != "x1" \
    -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
    -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
      -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1" \); then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
  if test "x$SSL_ENABLED" = "x1"; then
    SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS"
  fi
fi
if test "x$CURL_DISABLE_SMTP" != "x1"; then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTP"

  Compiler:         ${CC}
   CFLAGS:          ${CFLAGS}
   CPPFLAGS:        ${CPPFLAGS}
   LDFLAGS:         ${LDFLAGS}
   LIBS:            ${LIBS}

  curl version:     ${CURLVERSION}
  SSL support:      ${curl_ssl_msg}
  SSH support:      ${curl_ssh_msg}
  zlib support:     ${curl_zlib_msg}
  brotli support:   ${curl_brotli_msg}
  GSS-API support:  ${curl_gss_msg}
  TLS-SRP support:  ${curl_tls_srp_msg}
  resolver:         ${curl_res_msg}
  IPv6 support:     ${curl_ipv6_msg}
  Unix sockets support: ${curl_unix_sockets_msg}
  IDN support:      ${curl_idn_msg}
  Build libcurl:    Shared=${enable_shared}, Static=${enable_static}
  Built-in manual:  ${curl_manual_msg}
  --libcurl option: ${curl_libcurl_msg}
  Verbose errors:   ${curl_verbose_msg}
  Code coverage:    ${curl_coverage_msg}
  SSPI support:     ${curl_sspi_msg}
  ca cert bundle:   ${ca}${ca_warning}
  ca cert path:     ${capath}${capath_warning}
  ca fallback:      ${with_ca_fallback}
  LDAP support:     ${curl_ldap_msg}
  LDAPS support:    ${curl_ldaps_msg}
  RTSP support:     ${curl_rtsp_msg}
  RTMP support:     ${curl_rtmp_msg}
  metalink support: ${curl_mtlnk_msg}
  PSL support:      ${curl_psl_msg}

  HTTP2 support:    ${curl_h2_msg}
  Protocols:        ${SUPPORT_PROTOCOLS}

])

`CALG_AES`,
`CALG_SHA_256`,
`CALG_SHA_384`,
`CALG_SHA_512`,
`CALG_ECDH`,
`CALG_ECMQV`,
`CALG_ECDSA`,

  2.2 Does curl work/build with other SSL libraries?

  Curl has been written to use a generic SSL function layer internally, and
  that SSL functionality can then be provided by one out of many different SSL
  backends.

  curl can be built to use one of the following SSL alternatives: OpenSSL,
  GnuTLS, yassl, NSS, PolarSSL, MesaLink, Secure Transport (native iOS/OS X),
  WinSSL (native Windows) or GSKit (native IBM i). They all have their pros
  and cons, and we try to maintain a comparison of them here:
  https://curl.haxx.se/docs/ssl-compared.html

  2.3 Where can I find a copy of LIBEAY32.DLL?

  That is an OpenSSL binary built for Windows.

  Curl can be built with OpenSSL to do the SSL stuff. The LIBEAY32.DLL is then
  what curl needs on a windows machine to do https:// etc. Check out the curl

  support.

  To get the https:// support into a curl that was previously built but that
  reports that https:// is not supported, you should dig through the document
  and logs and check out why the configure script doesn't find the SSL libs
  and/or include files.

  Also, check out the other paragraph in this FAQ labelled "configure doesn't
  find OpenSSL even when it is installed".

  3.2 How do I tell curl to resume a transfer?

  Curl supports resumed transfers both ways on both FTP and HTTP.
  Try the -C option.

  All the various bindings to libcurl are made by other projects and people,
  outside of the cURL project. The cURL project itself only produces libcurl
  with its plain C API. If you don't find anywhere else to ask you can ask
  about bindings on the curl-library list too, but be prepared that people on
  that list may not know anything about bindings.

  In October 2009, there were interfaces available for the following
  languages: Ada95, Basic, C, C++, Ch, Cocoa, D, Dylan, Eiffel, Euphoria,
  Ferite, Gambas, glib/GTK+, Haskell, ILE/RPG, Java, Lisp, Lua, Mono, .NET,

  Object-Pascal, OCaml, Pascal, Perl, PHP, PostgreSQL, Python, R, Rexx, Ruby,
  Scheme, S-Lang, Smalltalk, SP-Forth, SPL, Tcl, Visual Basic, Visual FoxPro,
  Q, wxwidgets and XBLite. By the time you read this, additional ones may have
  appeared!

  3.10 What about SOAP, WebDAV, XML-RPC or similar protocols over HTTP?

  Curl adheres to the HTTP spec, which basically means you can play with *any*
  protocol that is built on top of HTTP. Protocols such as SOAP, WEBDAV and
  XML-RPC are all such ones. You can use -X to set custom requests and -H to
  set custom headers (or replace internally generated ones).

  3.20 How to SFTP from my user's home directory?

  Contrary to how FTP works, SFTP and SCP URLs specify the exact directory to
  work with. It means that if you don't specify that you want the user's home
  directory, you get the actual root directory.

  To specify a file in your user's home directory, you need to use the correct
  URL syntax which for sftp might look similar to:

    curl -O -u user:password sftp://example.com/~/file.txt

  and for SCP it is just a different protocol prefix:

    curl -O -u user:password scp://example.com/~/file.txt

  mode.

  When a URL is used that starts with FTPS://, curl assumes implicit SSL on
  the control connection and will therefore immediately connect and try to
  speak SSL. FTPS:// connections default to port 990.

  To use explicit FTPS, you use a FTP:// URL and the --ftp-ssl option (or one
  of its related flavours). This is the most common method, and the one
  mandated by RFC4217. This kind of connection will then of course use the
  standard FTP port 21 by default.

  4.16 My HTTP POST or PUT requests are slow!

  libcurl makes all POST and PUT requests (except for POST requests with a
  very tiny request body) use the "Expect: 100-continue" header. This header

  falls too low, and --connect-timeout and --max-time can be used to put an
  overall timeout on the connection phase or the entire transfer.

  A libcurl-using application running in a known physical environment (e.g.
  an embedded device with only a single network connection) may want to act
  immediately if its lone network connection goes down.  That can be achieved
  by having the application monitor the network connection on its own using an
  OS-specific mechanism, then signalling libcurl to abort (see also item 5.13).

  4.20 curl doesn't return error for HTTP non-200 responses!

  Correct. Unless you use -f (--fail).

  When doing HTTP transfers, curl will perform exactly what you're asking it
  to do and if successful it will not return an error. You can use curl to

merge changes into a git repository in the curl project.

Anyone can aspire to become a curl maintainer.

### Duties

There are no mandatory duties. We hope and wish that maintainers consider
reviewing patches and help merching them, especially when the changes are
within the area of personal expertise and experience.

### Requirements

- only merge code that meets our quality and style guide requirements.
- *never* merge code without doing a PR first, unless the change is "trivial"
- if in doubt, ask for input/feedback from others

### Recommendations

- please enable 2fa on your github account to reduce risk of malicious sourc
  code tampering
- consider enabling signed git commits for additional verification of changes

### Merge advice

When you're merging patches/PRs...

  Cookies are set to the client with the Set-Cookie: header and are sent to
  servers with the Cookie: header.

  For a very long time, the only spec explaining how to use cookies was the
  original [Netscape spec from 1994](https://curl.haxx.se/rfc/cookie_spec.html).

  In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally
  published and details how cookies work within HTTP. In 2017, an update was



  [drafted](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01)
  to deprecate modification of 'secure' cookies from non-secure origins.





## Cookies saved to disk

  Netscape once created a file format for storing cookies on disk so that they
  would survive browser restarts. curl adopted that file format to allow
  sharing the cookies with browsers, only to see browsers move away from that
  format. Modern browsers no longer use it, while curl still does.

## Select TLS backend

The default OpenSSL configure check will also detect and use BoringSSL or
libressl.

 - GnuTLS: `--without-ssl --with-gnutls`.
 - Cyassl: `--without-ssl --with-cyassl`
 - NSS: `--without-ssl --with-nss`
 - PolarSSL: `--without-ssl --with-polarssl`
 - mbedTLS: `--without-ssl --with-mbedtls`
 - schannel: `--without-ssl --with-winssl`
 - secure transport: `--without-ssl --with-darwinssl`
 - MesaLink: `--without-ssl --with-mesalink`

# Windows

## Building Windows DLLs and C run-time (CRT) linkage issues

 As a general rule, building a DLL with static CRT linkage is highly

 `Curl_ftpsendf()` is used for sending FTP commands to the remote server. It
 was made a separate function to prevent us programmers from forgetting that
 they must be CRLF terminated. They must also be sent in one single write() to
 make firewalls and similar happy.

<a name="kerberos"></a>
Kerberos
--------


 Kerberos support is mainly in lib/krb5.c and lib/security.c but also
 `curl_sasl_sspi.c` and `curl_sasl_gssapi.c` for the email protocols and
 `socks_gssapi.c` and `socks_sspi.c` for SOCKS5 proxy specifics.

<a name="telnet"></a>
TELNET

==========

 `curl_off_t` is a data type provided by the external libcurl include
 headers. It is the type meant to be used for the [`curl_easy_setopt()`][1]
 options that end with LARGE. The type is 64bit large on most modern
 platforms.


curlx
=====

 The libcurl source code offers a few functions by source only. They are not
 part of the official libcurl API, but the source files might be useful for
 others so apps can optionally compile/build with these sources to gain
 additional functions.

 1. HTTP
 1.1 CURLFORM_CONTENTLEN in an array
 1.2 Disabling HTTP Pipelining
 1.3 STARTTRANSFER time is wrong for HTTP POSTs
 1.4 multipart formposts file name encoding
 1.5 Expect-100 meets 417
 1.6 Unnecessary close when 401 received waiting for 100

 1.9 HTTP/2 frames while in the connection pool kill reuse
 1.10 Strips trailing dot from host name
 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM

 2. TLS
 2.1 CURLINFO_SSL_VERIFYRESULT has limited support
 2.2 DER in keychain
 2.3 GnuTLS backend skips really long certificate fields
 2.4 DarwinSSL won't import PKCS#12 client certificates without a password
 2.5 Client cert handling with Issuer DN differs between backends
 2.6 CURL_GLOBAL_SSL


 3. Email protocols
 3.1 IMAP SEARCH ALL truncated response
 3.2 No disconnect command
 3.3 SMTP to multiple recipients
 3.4 POP3 expects "CRLF.CRLF" eob for some single-line responses

 4. Command line
 4.1 -J and -O with %-encoded file names
 4.2 -J with -C - fails
 4.3 --retry and transfer timeouts
 4.4 --upload-file . hang if delay in STDIN
 4.5 Improve --data-urlencode space encoding

 5. Build and portability issues
 5.1 tests not compatible with python3
 5.2 curl-config --libs contains private details


 5.5 can't handle Unicode arguments in Windows
 5.6 cmake support gaps
 5.7 Visual Studio project gaps
 5.8 configure finding libs in wrong directory
 5.9 Utilize Requires.private directives in libcurl.pc

 6. Authentication

 https://curl.haxx.se/mail/archive-2008-02/0043.html

1.6 Unnecessary close when 401 received waiting for 100

 libcurl closes the connection if an HTTP 401 reply is received while it is
 waiting for the the 100-continue response.
 https://curl.haxx.se/mail/lib-2008-08/0462.html










1.9 HTTP/2 frames while in the connection pool kill reuse

 If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
 curl while the connection is held in curl's connection pool, the socket will
 be found readable when considered for reuse and that makes curl think it is
 dead and then it will be closed and a new connection gets created instead.

 However, in spite of the problems with the feature, there were some users who
 apparently depended on this feature and who now claim libcurl is broken for
 them. The fix for this situation is not obvious as a downright revert of the
 patch is totally ruled out due to those reasons above.

 https://github.com/curl/curl/issues/2276






3. Email protocols

3.1 IMAP SEARCH ALL truncated response

 IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
 code reveals that pingpong.c contains some truncation code, at line 408, when

 See https://github.com/curl/curl/issues/3289

5.2 curl-config --libs contains private details

 "curl-config --libs" will include details set in LDFLAGS when configure is
 run that might be needed only for building libcurl. Further, curl-config
 --cflags suffers from the same effects with CFLAGS/CPPFLAGS.









5.5 can't handle Unicode arguments in Windows

 If a URL or filename can't be encoded using the user's current codepage then
 it can only be encoded properly in the Unicode character set. Windows uses
 UTF-16 encoding for Unicode and stores it in wide characters, however curl
 and libcurl are not equipped for that at the moment. And, except for Cygwin,

LATEST VERSION

  You always find news about what's going on as well as the latest versions
  from the curl web pages, located at:

        https://curl.haxx.se

SIMPLE USAGE

  Get the main page from Netscape's web-server:

        curl http://www.netscape.com/

  Get the README file the user's home directory at funet's ftp-server:

        curl ftp://ftp.funet.fi/README

  Get a web page from a server using port 8000:

        curl http://www.weirdserver.com:8000/

  Get a directory listing of an FTP site:

        curl ftp://cool.haxx.se/

  Get the definition of curl from a dictionary:

        curl dict://dict.org/m:curl

  Fetch two documents at once:

        curl ftp://cool.haxx.se/ http://www.weirdserver.com:8000/

  Get a file off an FTPS server:

        curl ftps://files.are.secure.com/secrets.txt

  or use the more appropriate FTPS way to get the same file:

        curl --ftp-ssl ftp://files.are.secure.com/secrets.txt

  Get a file from an SSH server using SFTP:

        curl -u username sftp://example.com/etc/issue

  Get a file from an SSH server using SCP using a private key
  (not password-protected) to authenticate:

        curl -u username: --key ~/.ssh/id_rsa \
             scp://example.com/~/file.txt

  Get a file from an SSH server using SCP using a private key
  (password-protected) to authenticate:

        curl -u username: --key ~/.ssh/id_rsa --pass private_key_password \
             scp://example.com/~/file.txt

  Get the main page from an IPv6 web server:

        curl "http://[2001:1890:1112:1::20]/"

  Get a file from an SMB server:

        curl -u "domain\username:passwd" smb://server.example.com/share/file.txt

DOWNLOAD TO A FILE

  Get a web page and store in a local file with a specific name:

        curl -o thatpage.html http://www.netscape.com/

  Get a web page and store in a local file, make the local file get the name
  of the remote document (if no file name part is specified in the URL, this
  will fail):

        curl -O http://www.netscape.com/index.html

  Fetch two files and store them with their remote names:

        curl -O www.haxx.se/index.html -O curl.haxx.se/download.html

USING PASSWORDS

 FTP

   To ftp files using name+passwd, include them in the URL like:

        curl ftp://name:passwd@machine.domain:port/full/path/to/file

   or specify them with the -u flag like

        curl -u name:passwd ftp://machine.domain:port/full/path/to/file

 FTPS

   It is just like for FTP, but you may also want to specify and use
   SSL-specific options for certificates etc.

   Note that using FTPS:// as prefix is the "implicit" way as described in the
   standards while the recommended "explicit" way is done by using FTP:// and
   the --ftp-ssl option.

 SFTP / SCP

   This is similar to FTP, but you can use the --key option to specify a
   private key to use instead of a password. Note that the private key may
   itself be protected by a password that is unrelated to the login password
   of the remote system; this password is specified using the --pass option.
   Typically, curl will automatically extract the public key from the private
   key file, but in cases where curl does not have the proper library support,
   a matching public key file must be specified using the --pubkey option.

 HTTP

   Curl also supports user and password in HTTP URLs, thus you can pick a file
   like:

        curl http://name:passwd@machine.domain/full/path/to/file

   or specify user and password separately like in

        curl -u name:passwd http://machine.domain/full/path/to/file

   HTTP offers many different methods of authentication and curl supports
   several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which
   method to use, curl defaults to Basic. You can also ask curl to pick the
   most secure ones out of the ones that the server accepts for the given URL,
   by using --anyauth.

   NOTE! According to the URL specification, HTTP URLs can not contain a user
   and password, so that style will not work when using curl via a proxy, even
   though curl allows it at other times. When using a proxy, you _must_ use
   the -u style for user and password.

 HTTPS

   Probably most commonly used with private certificates, as explained below.

PROXY

 curl supports both HTTP and SOCKS proxy servers, with optional authentication.
 It does not have special support for FTP proxy servers since there are no
 standards for those, but it can still be made to work with many of them. You
 can also use both HTTP and SOCKS proxies to transfer files to and from FTP
 servers.

 Get an ftp file using an HTTP proxy named my-proxy that uses port 888:

        curl -x my-proxy:888 ftp://ftp.leachsite.com/README

 Get a file from an HTTP server that requires user and password, using the
 same proxy as above:

        curl -u user:passwd -x my-proxy:888 http://www.get.this/

 Some proxies require special authentication. Specify by using -U as above:

        curl -U user:passwd -x my-proxy:888 http://www.get.this/

 A comma-separated list of hosts and domains which do not use the proxy can
 be specified as:

        curl --noproxy localhost,get.this -x my-proxy:888 http://www.get.this/

 If the proxy is specified with --proxy1.0 instead of --proxy or -x, then
 curl will use HTTP/1.0 instead of HTTP/1.1 for any CONNECT attempts.

 curl also supports SOCKS4 and SOCKS5 proxies with --socks4 and --socks5.

 See also the environment variables Curl supports that offer further proxy
 control.

 Most FTP proxy servers are set up to appear as a normal FTP server from the
 client's perspective, with special commands to select the remote FTP server.
 curl supports the -u, -Q and --ftp-account options that can be used to
 set up transfers through many FTP proxies. For example, a file can be
 uploaded to a remote FTP server using a Blue Coat FTP proxy with the
 options:

   curl -u "Remote-FTP-Username@remote.ftp.server Proxy-Username:Remote-Pass" \
        --ftp-account Proxy-Password --upload-file local-file \
        ftp://my-ftp.proxy.server:21/remote/upload/path/

 See the manual for your FTP proxy to determine the form it expects to set up
 transfers, and curl's -v option to see exactly what curl is sending.

RANGES

  HTTP 1.1 introduced byte-ranges. Using this, a client can request
  to get only one or more subparts of a specified document. Curl supports
  this with the -r flag.

  Get the first 100 bytes of a document:

        curl -r 0-99 http://www.get.this/

  Get the last 500 bytes of a document:

        curl -r -500 http://www.get.this/

  Curl also supports simple ranges for FTP files as well. Then you can only
  specify start and stop position.

  Get the first 100 bytes of a document using FTP:

        curl -r 0-99 ftp://www.get.this/README

UPLOADING

 FTP / FTPS / SFTP / SCP

  Upload all data on stdin to a specified server:

        curl -T - ftp://ftp.upload.com/myfile

  Upload data from a specified file, login with user and password:

        curl -T uploadfile -u user:passwd ftp://ftp.upload.com/myfile

  Upload a local file to the remote site, and use the local file name at the remote
  site too:

        curl -T uploadfile -u user:passwd ftp://ftp.upload.com/

  Upload a local file to get appended to the remote file:

        curl -T localfile -a ftp://ftp.upload.com/remotefile

  Curl also supports ftp upload through a proxy, but only if the proxy is
  configured to allow that kind of tunneling. If it does, you can run curl in
  a fashion similar to:

        curl --proxytunnel -x proxy:port -T localfile ftp.upload.com

SMB / SMBS

        curl -T file.txt -u "domain\username:passwd" \
             smb://server.example.com/share/

 HTTP

  Upload all data on stdin to a specified HTTP site:

        curl -T - http://www.upload.com/myfile

  Note that the HTTP server must have been configured to accept PUT before
  this can be done successfully.

  For other ways to do HTTP data upload, see the POST section below.

VERBOSE / DEBUG

  If curl fails where it isn't supposed to, if the servers don't let you in,
  if you can't understand the responses: use the -v flag to get verbose
  fetching. Curl will output lots of info and what it sends and receives in
  order to let the user see all client-server interaction (but it won't show
  you the actual data).

        curl -v ftp://ftp.upload.com/

  To get even more details and information on what curl does, try using the
  --trace or --trace-ascii options with a given file name to log to, like
  this:

        curl --trace trace.txt www.haxx.se


DETAILED INFORMATION

  Different protocols provide different ways of getting detailed information
  about specific files/documents. To get curl to show detailed information
  about a single file, you should use -I/--head option. It displays all
  available info on a single file for HTTP and FTP. The HTTP information is a
  lot more extensive.

  For HTTP, you can get the header information (the same as -I would show)
  shown before the data by using -i/--include. Curl understands the
  -D/--dump-header option when getting files from both FTP and HTTP, and it
  will then store the headers in the specified file.

  Store the HTTP headers in a separate file (headers.txt in the example):

        curl --dump-header headers.txt curl.haxx.se

  Note that headers stored in a separate file can be very useful at a later
  time if you want curl to use cookies sent by the server. More about that in
  the cookies section.

POST (HTTP)

  It's easy to post data using curl. This is done using the -d <data>
  option.  The post data must be urlencoded.

  Post a simple "name" and "phone" guestbook.

        curl -d "name=Rafael%20Sagula&phone=3320780" \
             http://www.where.com/guest.cgi

  How to post a form with curl, lesson #1:

  Dig out all the <input> tags in the form that you want to fill in.

  If there's a "normal" post, you use -d to post. -d takes a full "post
  string", which is in the format

        <variable1>=<data1>&<variable2>=<data2>&...

  The 'variable' names are the names set with "name=" in the <input> tags, and
  the data is the contents you want to fill in for the inputs. The data *must*
  be properly URL encoded. That means you replace space with + and that you
  replace weird letters with %XX where XX is the hexadecimal representation of
  the letter's ASCII code.

  Example:

  (page located at http://www.formpost.com/getthis/

        <form action="post.cgi" method="post">
        <input name=user size=10>
        <input name=pass type=password size=10>
        <input name=id type=hidden value="blablabla">
        <input name=ding value="submit">
        </form>

  We want to enter user 'foobar' with password '12345'.

  To post to this, you enter a curl command line like:

        curl -d "user=foobar&pass=12345&id=blablabla&ding=submit" \
             http://www.formpost.com/getthis/post.cgi


  While -d uses the application/x-www-form-urlencoded mime-type, generally
  understood by CGI's and similar, curl also supports the more capable
  multipart/form-data type. This latter type supports things like file upload.

  -F accepts parameters like -F "name=contents". If you want the contents to
  be read from a file, use <@filename> as contents. When specifying a file,
  you can also specify the file content type by appending ';type=<mime type>'
  to the file name. You can also post the contents of several files in one
  field.  For example, the field name 'coolfiles' is used to send three files,
  with different content types using the following syntax:

        curl -F "coolfiles=@fil1.gif;type=image/gif,fil2.txt,fil3.html" \
             http://www.post.com/postit.cgi

  If the content-type is not specified, curl will try to guess from the file
  extension (it only knows a few), or use the previously specified type (from
  an earlier file if several files are specified in a list) or else it will
  use the default type 'application/octet-stream'.

  Emulate a fill-in form with -F. Let's say you fill in three fields in a
  form. One field is a file name which to post, one field is your name and one
  field is a file description. We want to post the file we have written named
  "cooltext.txt". To let curl do the posting of this data instead of your
  favourite browser, you have to read the HTML source of the form page and
  find the names of the input fields. In our example, the input field names
  are 'file', 'yourname' and 'filedescription'.

        curl -F "file=@cooltext.txt" -F "yourname=Daniel" \
             -F "filedescription=Cool text file with cool text inside" \
             http://www.post.com/postit.cgi

  To send two files in one post you can do it in two ways:

  1. Send multiple files in a single "field" with a single field name:

        curl -F "pictures=@dog.gif,cat.gif"

  2. Send two fields with two field names:

        curl -F "docpicture=@dog.gif" -F "catpicture=@cat.gif"

  To send a field value literally without interpreting a leading '@'
  or '<', or an embedded ';type=', use --form-string instead of
  -F. This is recommended when the value is obtained from a user or
  some other unpredictable source. Under these circumstances, using
  -F instead of --form-string would allow a user to trick curl into
  uploading a file.

REFERRER

  An HTTP request has the option to include information about which address
  referred it to the actual page.  Curl allows you to specify the
  referrer to be used on the command line. It is especially useful to
  fool or trick stupid servers or CGI scripts that rely on that information
  being available or contain certain data.

        curl -e www.coolsite.com http://www.showme.com/

  NOTE: The Referer: [sic] field is defined in the HTTP spec to be a full URL.

USER AGENT

  An HTTP request has the option to include information about the browser
  that generated the request. Curl allows it to be specified on the command
  line. It is especially useful to fool or trick stupid servers or CGI
  scripts that only accept certain browsers.

  Example:

  curl -A 'Mozilla/3.0 (Win95; I)' http://www.nationsbank.com/

  Other common strings:
    'Mozilla/3.0 (Win95; I)'     Netscape Version 3 for Windows 95
    'Mozilla/3.04 (Win95; U)'    Netscape Version 3 for Windows 95
    'Mozilla/2.02 (OS/2; U)'     Netscape Version 2 for OS/2
    'Mozilla/4.04 [en] (X11; U; AIX 4.2; Nav)'           NS for AIX
    'Mozilla/4.05 [en] (X11; U; Linux 2.0.32 i586)'      NS for Linux

  Note that Internet Explorer tries hard to be compatible in every way:
    'Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)'    MSIE for W95

  Mozilla is not the only possible User-Agent name:
    'Konqueror/1.0'             KDE File Manager desktop client
    'Lynx/2.7.1 libwww-FM/2.14' Lynx command line browser

COOKIES

  Cookies are generally used by web servers to keep state information at the
  client's side. The server sets cookies by sending a response line in the
  headers that looks like 'Set-Cookie: <data>' where the data part then
  typically contains a set of NAME=VALUE pairs (separated by semicolons ';'
  like "NAME1=VALUE1; NAME2=VALUE2;"). The server can also specify for what
  path the "cookie" should be used for (by specifying "path=value"), when the
  cookie should expire ("expire=DATE"), for what domain to use it
  ("domain=NAME") and if it should be used on secure connections only
  ("secure").

  If you've received a page from a server that contains a header like:
        Set-Cookie: sessionid=boo123; path="/foo";

  it means the server wants that first pair passed on when we get anything in
  a path beginning with "/foo".

  Example, get a page that wants my name passed in a cookie:

        curl -b "name=Daniel" www.sillypage.com

  Curl also has the ability to use previously received cookies in following
  sessions. If you get cookies from a server and store them in a file in a
  manner similar to:

        curl --dump-header headers www.example.com

  ... you can then in a second connect to that (or another) site, use the
  cookies from the 'headers' file like:

        curl -b headers www.example.com

  While saving headers to a file is a working way to store cookies, it is
  however error-prone and not the preferred way to do this. Instead, make curl
  save the incoming cookies using the well-known netscape cookie format like
  this:

        curl -c cookies.txt www.example.com

  Note that by specifying -b you enable the "cookie awareness" and with -L
  you can make curl follow a location: (which often is used in combination
  with cookies). So that if a site sends cookies and a location, you can
  use a non-existing file to trigger the cookie awareness like:

        curl -L -b empty.txt www.example.com

  The file to read cookies from must be formatted using plain HTTP headers OR
  as netscape's cookie file. Curl will determine what kind it is based on the
  file contents.  In the above command, curl will parse the header and store
  the cookies received from www.example.com.  curl will send to the server the
  stored cookies which match the request as it follows the location.  The
  file "empty.txt" may be a nonexistent file.

  To read and write cookies from a netscape cookie file, you can set both -b
  and -c to use the same file:

        curl -b cookies.txt -c cookies.txt www.example.com

PROGRESS METER

  The progress meter exists to show a user that something actually is
  happening. The different fields in the output have the following meaning:

  % Total    % Received % Xferd  Average Speed          Time             Curr.
                                 Dload  Upload Total    Current  Left    Speed
  0  151M    0 38608    0     0   9406      0  4:41:43  0:00:04  4:41:39  9287

  From left-to-right:
   %             - percentage completed of the whole transfer
   Total         - total size of the whole expected transfer
   %             - percentage completed of the download
   Received      - currently downloaded amount of bytes
   %             - percentage completed of the upload
   Xferd         - currently uploaded amount of bytes
   Average Speed
   Dload         - the average transfer speed of the download
   Average Speed
   Upload        - the average transfer speed of the upload
   Time Total    - expected time to complete the operation
   Time Current  - time passed since the invoke
   Time Left     - expected time left to completion
   Curr.Speed    - the average transfer speed the last 5 seconds (the first
                   5 seconds of a transfer is based on less time of course.)

  The -# option will display a totally different progress bar that doesn't
  need much explanation!

SPEED LIMIT

  Curl allows the user to set the transfer speed conditions that must be met
  to let the transfer keep going. By using the switch -y and -Y you
  can make curl abort transfers if the transfer speed is below the specified
  lowest limit for a specified time.

  To have curl abort the download if the speed is slower than 3000 bytes per
  second for 1 minute, run:

        curl -Y 3000 -y 60 www.far-away-site.com

  This can very well be used in combination with the overall time limit, so
  that the above operation must be completed in whole within 30 minutes:

        curl -m 1800 -Y 3000 -y 60 www.far-away-site.com

  Forcing curl not to transfer data faster than a given rate is also possible,
  which might be useful if you're using a limited bandwidth connection and you
  don't want your transfer to use all of it (sometimes referred to as
  "bandwidth throttle").

  Make curl transfer data no faster than 10 kilobytes per second:

        curl --limit-rate 10K www.far-away-site.com

    or

        curl --limit-rate 10240 www.far-away-site.com

  Or prevent curl from uploading data faster than 1 megabyte per second:

        curl -T upload --limit-rate 1M ftp://uploadshereplease.com

  When using the --limit-rate option, the transfer rate is regulated on a
  per-second basis, which will cause the total transfer speed to become lower
  than the given number. Sometimes of course substantially lower, if your
  transfer stalls during periods.

CONFIG FILE

  Curl automatically tries to read the .curlrc file (or _curlrc file on win32
  systems) from the user's home dir on startup.

  The config file could be made up with normal command line switches, but you
  can also specify the long options without the dashes to make it more
  readable. You can separate the options and the parameter with spaces, or
  with = or :. Comments can be used within the file. If the first letter on a
  line is a '#'-symbol the rest of the line is treated as a comment.

  If you want the parameter to contain spaces, you must enclose the entire
  parameter within double quotes ("). Within those quotes, you specify a
  quote as \".

  NOTE: You must specify options and their arguments on the same line.

  Example, set default time out and proxy in a config file:

        # We want a 30 minute timeout:
        -m 1800
        # ... and we use a proxy for all accesses:
        proxy = proxy.our.domain.com:8080

  White spaces ARE significant at the end of lines, but all white spaces
  leading up to the first characters of each line are ignored.

  Prevent curl from reading the default file by using -q as the first command
  line parameter, like:

        curl -q www.thatsite.com

  Force curl to get and display a local help page in case it is invoked
  without URL by making a config file similar to:

        # default url to get
        url = "http://help.with.curl.com/curlhelp.html"

  You can specify another config file to be read by using the -K/--config
  flag. If you set config file name to "-" it'll read the config from stdin,
  which can be handy if you want to hide options from being visible in process
  tables etc:

        echo "user = user:passwd" | curl -K - http://that.secret.site.com

EXTRA HEADERS

  When using curl in your own very special programs, you may end up needing
  to pass on your own custom headers when getting a web page. You can do
  this by using the -H flag.

  Example, send the header "X-you-and-me: yes" to the server when getting a
  page:

        curl -H "X-you-and-me: yes" www.love.com

  This can also be useful in case you want curl to send a different text in a
  header than it normally does. The -H header you specify then replaces the
  header curl would normally send. If you replace an internal header with an
  empty one, you prevent that header from being sent. To prevent the Host:
  header from being used:

        curl -H "Host:" www.server.com

FTP and PATH NAMES

  Do note that when getting files with the ftp:// URL, the given path is
  relative the directory you enter. To get the file 'README' from your home
  directory at your ftp site, do:

        curl ftp://user:passwd@my.site.com/README

  But if you want the README file from the root directory of that very same
  site, you need to specify the absolute file name:

        curl ftp://user:passwd@my.site.com//README

  (I.e with an extra slash in front of the file name.)

SFTP and SCP and PATH NAMES

  With sftp: and scp: URLs, the path name given is the absolute name on the
  server. To access a file relative to the remote user's home directory,
  prefix the file with /~/ , such as:

        curl -u $USER sftp://home.example.com/~/.bashrc

FTP and firewalls

  The FTP protocol requires one of the involved parties to open a second
  connection as soon as data is about to get transferred. There are two ways to
  do this.

  The default way for curl is to issue the PASV command which causes the
  server to open another port and await another connection performed by the
  client. This is good if the client is behind a firewall that doesn't allow
  incoming connections.

        curl ftp.download.com

  If the server, for example, is behind a firewall that doesn't allow connections
  on ports other than 21 (or if it just doesn't support the PASV command), the
  other way to do it is to use the PORT command and instruct the server to
  connect to the client on the given IP number and port (as parameters to the
  PORT command).

  The -P flag to curl supports a few different options. Your machine may have
  several IP-addresses and/or network interfaces and curl allows you to select
  which of them to use. Default address can also be used:

        curl -P - ftp.download.com

  Download with PORT but use the IP address of our 'le0' interface (this does
  not work on windows):

        curl -P le0 ftp.download.com

  Download with PORT but use 192.168.0.10 as our IP address to use:

        curl -P 192.168.0.10 ftp.download.com

NETWORK INTERFACE

  Get a web page from a server using a specified port for the interface:

        curl --interface eth0:1 http://www.netscape.com/

  or

        curl --interface 192.168.1.10 http://www.netscape.com/

HTTPS

  Secure HTTP requires SSL libraries to be installed and used when curl is
  built. If that is done, curl is capable of retrieving and posting documents
  using the HTTPS protocol.

  Example:

        curl https://www.secure-site.com

  Curl is also capable of using your personal certificates to get/post files
  from sites that require valid certificates. The only drawback is that the
  certificate needs to be in PEM-format. PEM is a standard and open format to
  store certificates with, but it is not used by the most commonly used
  browsers (Netscape and MSIE both use the so called PKCS#12 format). If you
  want curl to use the certificates you use with your (favourite) browser, you
  may need to download/compile a converter that can convert your browser's
  formatted certificates to PEM formatted ones. This kind of converter is
  included in recent versions of OpenSSL, and for older versions Dr Stephen
  N. Henson has written a patch for SSLeay that adds this functionality. You
  can get his patch (that requires an SSLeay installation) from his site at:
  https://web.archive.org/web/20170715155512/www.drh-consultancy.demon.co.uk/

  Example on how to automatically retrieve a document using a certificate with
  a personal password:

        curl -E /path/to/cert.pem:password https://secure.site.com/

  If you neglect to specify the password on the command line, you will be
  prompted for the correct password before any data can be received.

  Many older SSL-servers have problems with SSLv3 or TLS, which newer versions
  of OpenSSL etc use, therefore it is sometimes useful to specify what
  SSL-version curl should use. Use -3, -2 or -1 to specify that exact SSL
  version to use (for SSLv3, SSLv2 or TLSv1 respectively):

        curl -2 https://secure.site.com/

  Otherwise, curl will first attempt to use v3 and then v2.

  To use OpenSSL to convert your favourite browser's certificate into a PEM
  formatted one that curl can use, do something like this:

    In Netscape, you start with hitting the 'Security' menu button.

    Select 'certificates->yours' and then pick a certificate in the list

    Press the 'Export' button

    enter your PIN code for the certs

    select a proper place to save it

    Run the 'openssl' application to convert the certificate. If you cd to the
    openssl installation, you can do it like:

     # ./apps/openssl pkcs12 -in [file you saved] -clcerts -out [PEMfile]

    In Firefox, select Options, then Advanced, then the Encryption tab,
    View Certificates. This opens the Certificate Manager, where you can
    Export. Be sure to select PEM for the Save as type.

    In Internet Explorer, select Internet Options, then the Content tab, then
    Certificates. Then you can Export, and depending on the format you may
    need to convert to PEM.

    In Chrome, select Settings, then Show Advanced Settings. Under HTTPS/SSL
    select Manage Certificates.

RESUMING FILE TRANSFERS

 To continue a file transfer where it was previously aborted, curl supports
 resume on HTTP(S) downloads as well as FTP uploads and downloads.

 Continue downloading a document:

        curl -C - -o file ftp://ftp.server.com/path/file

 Continue uploading a document(*1):

        curl -C - -T file ftp://ftp.server.com/path/file

 Continue downloading a document from a web server(*2):

        curl -C - -o file http://www.server.com/

 (*1) = This requires that the FTP server supports the non-standard command
        SIZE. If it doesn't, curl will say so.

 (*2) = This requires that the web server supports at least HTTP/1.1. If it
        doesn't, curl will say so.

TIME CONDITIONS

 HTTP allows a client to specify a time condition for the document it
 requests. It is If-Modified-Since or If-Unmodified-Since. Curl allows you to
 specify them with the -z/--time-cond flag.

 For example, you can easily make a download that only gets performed if the
 remote file is newer than a local copy. It would be made like:

        curl -z local.html http://remote.server.com/remote.html

 Or you can download a file only if the local file is newer than the remote
 one. Do this by prepending the date string with a '-', as in:

        curl -z -local.html http://remote.server.com/remote.html

 You can specify a "free text" date as condition. Tell curl to only download
 the file if it was updated since January 12, 2012:

        curl -z "Jan 12 2012" http://remote.server.com/remote.html

 Curl will then accept a wide range of date formats. You always make the date
 check the other way around by prepending it with a dash '-'.

DICT

  For fun try

        curl dict://dict.org/m:curl
        curl dict://dict.org/d:heisenbug:jargon
        curl dict://dict.org/d:daniel:web1913

  Aliases for 'm' are 'match' and 'find', and aliases for 'd' are 'define'
  and 'lookup'. For example,

        curl dict://dict.org/find:curl

  Commands that break the URL description of the RFC (but not the DICT
  protocol) are

        curl dict://dict.org/show:db
        curl dict://dict.org/show:strat

  Authentication is still missing (but this is not required by the RFC)

LDAP

  If you have installed the OpenLDAP library, curl can take advantage of it
  and offer ldap:// support.
  On Windows, curl will use WinLDAP from Platform SDK by default.

  Default protocol version used by curl is LDAPv3. LDAPv2 will be used as
  fallback mechanism in case if LDAPv3 will fail to connect.

  LDAP is a complex thing and writing an LDAP query is not an easy task. I do
  advise you to dig up the syntax description for that elsewhere. One such
  place might be:

  RFC 2255, "The LDAP URL Format" https://curl.haxx.se/rfc/rfc2255.txt

  To show you an example, this is how I can get all people from my local LDAP
  server that has a certain sub-domain in their email address:

        curl -B "ldap://ldap.frontec.se/o=frontec??sub?mail=*sth.frontec.se"

  If I want the same info in HTML format, I can get it by not using the -B
  (enforce ASCII) flag.

  You also can use authentication when accessing LDAP catalog:

      curl -u user:passwd "ldap://ldap.frontec.se/o=frontec??sub?mail=*"
      curl "ldap://user:passwd@ldap.frontec.se/o=frontec??sub?mail=*"

  By default, if user and password provided, OpenLDAP/WinLDAP will use basic
  authentication. On Windows you can control this behavior by providing
  one of --basic, --ntlm or --digest option in curl command line

      curl --ntlm "ldap://user:passwd@ldap.frontec.se/o=frontec??sub?mail=*"

  On Windows, if no user/password specified, auto-negotiation mechanism will
  be used with current logon credentials (SSPI/SPNEGO).

ENVIRONMENT VARIABLES

  Curl reads and understands the following environment variables:

        http_proxy, HTTPS_PROXY, FTP_PROXY

  They should be set for protocol-specific proxies. General proxy should be
  set with

        ALL_PROXY

  A comma-separated list of host names that shouldn't go through any proxy is
  set in (only an asterisk, '*' matches all hosts)

        NO_PROXY

  If the host name matches one of these strings, or the host is within the
  domain of one of these strings, transactions with that node will not be
  proxied. When a domain is used, it needs to start with a period. A user can
  specify that both www.example.com and foo.example.com should not use a
  proxy by setting NO_PROXY to ".example.com". By including the full name you
  can exclude specific host names, so to make www.example.com not use a proxy
  but still have foo.example.com do it, set NO_PROXY to "www.example.com"

  The usage of the -x/--proxy flag overrides the environment variables.

NETRC

  Unix introduced the .netrc concept a long time ago. It is a way for a user
  to specify name and password for commonly visited FTP sites in a file so
  that you don't have to type them in each time you visit those sites. You
  realize this is a big security risk if someone else gets hold of your
  passwords, so therefore most unix programs won't read this file unless it is
  only readable by yourself (curl doesn't care though).

  Curl supports .netrc files if told to (using the -n/--netrc and
  --netrc-optional options). This is not restricted to just FTP,
  so curl can use it for all protocols where authentication is used.

  A very simple .netrc file could look something like:

        machine curl.haxx.se login iamdaniel password mysecret

CUSTOM OUTPUT

  To better allow script programmers to get to know about the progress of
  curl, the -w/--write-out option was introduced. Using this, you can specify
  what information from the previous transfer you want to extract.

  To display the amount of bytes downloaded together with some text and an
  ending newline:

        curl -w 'We downloaded %{size_download} bytes\n' www.download.com

KERBEROS FTP TRANSFER

  Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need
  the kerberos package installed and used at curl build time for it to be
  available.

  First, get the krb-ticket the normal way, like with the kinit/kauth tool.
  Then use curl in way similar to:

        curl --krb private ftp://krb4site.com -u username:fakepwd

  There's no use for a password on the -u switch, but a blank one will make
  curl ask for one and you already entered the real password to kinit/kauth.

TELNET

  The curl telnet support is basic and very easy to use. Curl passes all data
  passed to it on stdin to the remote server. Connect to a remote telnet
  server using a command line similar to:

        curl telnet://remote.server.com

  And enter the data to pass to the server on stdin. The result will be sent
  to stdout or to the file you specify with -o.

  You might want the -N/--no-buffer option to switch off the buffered output
  for slow connections or similar.

  Pass options to the telnet protocol negotiation, by using the -t option. To
  tell the server we use a vt100 terminal, try something like:

        curl -tTTYPE=vt100 telnet://remote.server.com

  Other interesting options for it -t include:

   - XDISPLOC=<X display> Sets the X display location.

   - NEW_ENV=<var,val> Sets an environment variable.

  NOTE: The telnet protocol does not specify any way to login with a specified
  user and password so curl can't do that automatically. To do that, you need
  to track when the login prompt is received and send the username and
  password accordingly.

PERSISTENT CONNECTIONS

  Specifying multiple files on a single command line will make curl transfer
  all of them, one after the other in the specified order.

  libcurl will attempt to use persistent connections for the transfers so that
  the second transfer to the same host can use the same connection that was
  already initiated and was left open in the previous transfer. This greatly
  decreases connection time for all but the first transfer and it makes a far
  better use of the network.

  Note that curl cannot use persistent connections for transfers that are used
  in subsequence curl invokes. Try to stuff as many URLs as possible on the
  same command line if they are using the same host, as that'll make the
  transfers faster. If you use an HTTP proxy for file transfers, practically
  all transfers will be persistent.

MULTIPLE TRANSFERS WITH A SINGLE COMMAND LINE

  As is mentioned above, you can download multiple files with one command line
  by simply adding more URLs. If you want those to get saved to a local file
  instead of just printed to stdout, you need to add one save option for each
  URL you specify. Note that this also goes for the -O option (but not
  --remote-name-all).

  For example: get two files and use -O for the first and a custom file
  name for the second:

    curl -O http://url.com/file.txt ftp://ftp.com/moo.exe -o moo.jpg

  You can also upload multiple files in a similar fashion:

    curl -T local1 ftp://ftp.com/moo.exe -T local2 ftp://ftp.com/moo2.txt

IPv6

  curl will connect to a server with IPv6 when a host lookup returns an IPv6
  address and fall back to IPv4 if the connection fails. The --ipv4 and --ipv6
  options can specify which address to use when both are available. IPv6
  addresses can also be specified directly in URLs using the syntax:

    http://[2001:1890:1112:1::20]/overview.html

  When this style is used, the -g option must be given to stop curl from
  interpreting the square brackets as special globbing characters.  Link local
  and site local addresses including a scope identifier, such as fe80::1234%1,
  may also be used, but the scope portion must be numeric or match an existing
  network interface on Linux and the percent character must be URL escaped. The
  previous example in an SFTP URL might look like:

    sftp://[fe80::1234%251]/

  IPv6 addresses provided other than in URLs (e.g. to the --proxy, --interface
  or --ftp-port options) should not be URL encoded.

METALINK

  Curl supports Metalink (both version 3 and 4 (RFC 5854) are supported), a way
  to list multiple URIs and hashes for a file. Curl will make use of the mirrors
  listed within for failover if there are errors (such as the file or server not
  being available). It will also verify the hash of the file after the download
  completes. The Metalink file itself is downloaded and processed in memory and
  not stored in the local file system.

  Example to use a remote Metalink file:

    curl --metalink http://www.example.com/example.metalink

  To use a Metalink file in the local file system, use FILE protocol (file://):

    curl --metalink file://example.metalink

  Please note that if FILE protocol is disabled, there is no way to use a local
  Metalink file at the time of this writing. Also note that if --metalink and
  --include are used together, --include will be ignored. This is because including
  headers in the response will break Metalink parser and if the headers are included
  in the file described in Metalink file, hash check will fail.

MAILING LISTS

  For your convenience, we have several open mailing lists to discuss curl,
  its development and things relevant to this. Get all info at
  https://curl.haxx.se/mail/. Some of the lists available are:

  curl-users

    Users of the command line tool. How to use it, what doesn't work, new
    features, related tools, questions, news, installations, compilations,
    running, porting etc.

  curl-library

    Developers using or developing libcurl. Bugs, extensions, improvements.

  curl-announce

    Low-traffic. Only receives announcements of new public versions. At worst,
    that makes something like one or two mails per month, but usually only one
    mail every second month.

  curl-and-php

    Using the curl functions in PHP. Everything curl with a PHP angle. Or PHP
    with a curl angle.

  curl-and-python

    Python hackers using curl with or without the python binding pycurl.

  Please direct curl questions, feature requests and trouble reports to one of
  these mailing lists instead of mailing any individual.