LOCAL_PATH:= $(call my-dir)

CFLAGS := -DHAVE_CONFIG_H -O2 -Dmain=curl_main -DBUILDING_LIBCURL=1

include $(CLEAR_VARS)
include $(LOCAL_PATH)/lib/Makefile.inc
include $(LOCAL_PATH)/src/Makefile.inc

LOCAL_MODULE := curl

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.51.0 (2 Nov 2016)

Daniel Stenberg (2 Nov 2016)
- THANKS: synced with 7.51.0

- RELEASE-NOTES: 7.51.0

- ftp_done: don't clobber the passed in error code
  
  Coverity CID 1374359 pointed out the unused result value.

- ftp: remove dead code in ftp_done
  
  Coverity CID 1374358

Jay Satiro (1 Nov 2016)
- generate.bat: Include include/curl in libcurl VS projects
  
  .. because including those headers helps Visual Studio's Intellisense.

- generate.bat: Remove strcase.[ch] from curl tool VS projects
  
  ..because they're no longer needed in the tool build. strcase is still
  built by the libcurl project and exports curl_str(n)equal which is used
  by the curl tool.
  
  Bug: https://github.com/curl/curl/commit/9363f1a#all_commit_comments

Daniel Stenberg (2 Nov 2016)
- metalink: simplify the hex parsing function
  
  ... and now it avoids using the libcurl toupper() function

Michael Kaufmann (1 Nov 2016)
- file: fix compiler warning
  
  follow-up to 46133aa5

Dan Fandrich (1 Nov 2016)
- strcase: fixed Metalink builds by redefining checkprefix()
  
  ...to use the public function curl_strnequal(). This isn't ideal because
  it adds extra overhead to any internal calls to checkprefix.
  
  follow-up to 95bd2b3e

Daniel Stenberg (1 Nov 2016)
- curl.1: typo

- curl.1: expand on how multiple uses of -o looks
  
  Suggested-by: Dan Jacobson
  Issue: https://github.com/curl/curl/issues/1097

- tests/util: get a private strncasecompare clone
  
  ... since the curlx_* code no longer provides one and we don't link
  libcurl to these test servers.

- strcase: make the tool use curl_str[n]equal instead
  
  As they are after all part of the public API. Saves space and reduces
  complexity. Remove the strcase defines from the curlx_ family.
  
  Suggested-by: Dan Fandrich
  Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html

Kamil Dudka (31 Oct 2016)
- gskit, nss: do not include strequal.h
  
  follow-up to 811a693b80

Dan Fandrich (31 Oct 2016)
- strcasecompare: include curl.h in strcase.c
  
  This should fix the "warning: 'curl_strequal' redeclared without
  dllimport attribute: previous dllimport ignored" message and subsequent
  link error on Windows because of the missing CURL_EXTERN on the
  prototype.

Daniel Stenberg (31 Oct 2016)
- strcase: fix the remaining rawstr users

- msvc builds: s/rawstr/strcase
  
  Follow-up to 811a693b

Dan Fandrich (31 Oct 2016)
- strcasecompare: replaced remaining rawstr.h with strcase.h
  
  This is a followup to commit 811a693b

Marcel Raad (31 Oct 2016)
- digest_sspi: fix include
  
  Fix compile break from 811a693b80

Dan Fandrich (31 Oct 2016)
- libauthretry: use the external function curl_strequal
  
  The internal version strcasecompare isn't available outside libcurl

Daniel Stenberg (31 Oct 2016)
- RELEASE-NOTES: synced with d14538d2501ef0da

- configure: raise the default minimum version for macos to 10.8
  
  follow-up to 4f8d0b6f02aa7043. Since the darwinssl code breaks
  otherwise. If you build without darwinssl 10.5 works fine.

- unit1301: keep testing curl_strequal
  
  as that is still part of the API, fix from 8fe4bd084412f30

- ldap: fix include
  
  Fix bug from 811a693b80

- url: remove unconditional idn2.h include
  
  Mistake brought by 9c91ec778104a

- curl_strequal: part of public API/ABI, needs to be kept
  
  These two public functions have been mentioned as deprecated since a
  very long time but since they are still part of the API and ABI we need
  to keep them around.

- strcase: s/strequal/strcasecompare
  
  some more follow-ups to 811a693b80

- ldap: fix strcase use
  
  follow-up to 811a693b80

- test165: adapted to the libidn2 use and IDNA2008 fix

- cookie: replace use of fgets() with custom version
  
  ... that will ignore lines that are too long to fit in the buffer.
  
  CVE-2016-8615
  
  Bug: https://curl.haxx.se/docs/adv_20161102A.html
  Reported-by: Cure53

- strcasecompare: all case insensitive string compares ignore locale now
  
  We had some confusions on when each function was used. We should not act
  differently on different locales anyway.

- strcasecompare: is the new name for strequal()
  
  ... to make it less likely that we forget that the function actually
  does case insentive compares. Also replaced several invokes of the
  function with a plain strcmp when case sensitivity is not an issue (like
  comparing with "-").

- ftp: check for previous patch must be case sensitive!
  
  ... otherwise example.com/PATH and example.com/path would be assumed to
  be the same and they usually aren't!

- SSH: check md5 fingerprint case sensitively

- connectionexists: use case sensitive user/password comparisons
  
  CVE-2016-8616
  
  Bug: https://curl.haxx.se/docs/adv_20161102B.html
  Reported-by: Cure53

- base64: check for integer overflow on large input
  
  CVE-2016-8617
  
  Bug: https://curl.haxx.se/docs/adv_20161102C.html
  Reported-by: Cure53

- krb5: avoid realloc(0)
  
  If the requested size is zero, bail out with error instead of doing a
  realloc() that would cause a double-free: realloc(0) acts as a free()
  and then there's a second free in the cleanup path.
  
  CVE-2016-8619
  
  Bug: https://curl.haxx.se/docs/adv_20161102E.html
  Reported-by: Cure53

- aprintf: detect wrap-around when growing allocation
  
  On 32bit systems we could otherwise wrap around after 2GB and allocate 0
  bytes and crash.
  
  CVE-2016-8618
  
  Bug: https://curl.haxx.se/docs/adv_20161102D.html
  Reported-by: Cure53

- range: reject char globs with missing end like '[L-]'
  
  ... which previously would lead to out of boundary reads.
  
  Reported-by: Luật Nguyễn

- glob_next_url: make sure to stay within the given output buffer

- range: prevent negative end number in a glob range
  
  CVE-2016-8620
  
  Bug: https://curl.haxx.se/docs/adv_20161102F.html
  Reported-by: Luật Nguyễn

- parsedate: handle cut off numbers better
  
  ... and don't read outside of the given buffer!
  
  CVE-2016-8621
  
  bug: https://curl.haxx.se/docs/adv_20161102G.html
  Reported-by: Luật Nguyễn

- escape: avoid using curl_easy_unescape() internally
  
  Since the internal Curl_urldecode() function has a better API.

- unescape: avoid integer overflow
  
  CVE-2016-8622
  
  Bug: https://curl.haxx.se/docs/adv_20161102H.html
  Reported-by: Cure53

- cookies: getlist() now holds deep copies of all cookies
  
  Previously it only held references to them, which was reckless as the
  thread lock was released so the cookies could get modified by other
  handles that share the same cookie jar over the share interface.
  
  CVE-2016-8623
  
  Bug: https://curl.haxx.se/docs/adv_20161102I.html
  Reported-by: Cure53

- TODO: remove IDNA2008

- idn: switch to libidn2 use and IDNA2008 support
  
  CVE-2016-8625
  
  Bug: https://curl.haxx.se/docs/adv_20161102K.html
  Reported-by: Christian Heimes

- test1246: verify URL parsing with host name ending with '#'

- urlparse: accept '#' as end of host name
  
  'http://example.com#@127.0.0.1/x.txt' equals a request to example.com
  for the '/' document with the rest of the URL being a fragment.
  
  CVE-2016-8624
  
  Bug: https://curl.haxx.se/docs/adv_20161102J.html
  Reported-by: Fernando Muñoz

Jay Satiro (31 Oct 2016)
- INTERNALS: better markdown (follow-up)
  
  - Wrap more words with underscores in backticks.
  
  Follow-up to 13f4913.

Daniel Stenberg (30 Oct 2016)
- INTERNALS: better markdown
  
  words with underscore need to be within `these`
  
  Bug: https://github.com/curl/curl-www/issues/19
  Reported-by : Jay Satiro

Jay Satiro (30 Oct 2016)
- mk-ca-bundle.vbs: Fix UTF-8 output
  
  - Change initial message box to mention delay when downloading/parsing.
  
  Since there is no progress meter it was somewhat unexpected that after
  choosing a filename nothing appears to happen, when actually the cert
  data is in the process of being downloaded and parsed.
  
  - Warn if OpenSSL is not present.
  
  - Use a UTF-8 stream to make the ca-bundle data.
  
  - Save the UTF-8 ca-bundle stream as binary so that no BOM is added.
  
  ---
  
  This is a follow-up to d2c6d15 which switched mk-ca-bundle.vbs output to
  ANSI due to corrupt UTF-8 output, now fixed.
  
  This change completes making the default certificate bundle output of
  mk-ca-bundle.vbs as close as possible to that of mk-ca-bundle.pl, which
  should make it easier to review any difference between their output.
  
  Ref: https://github.com/curl/curl/pull/1012

Daniel Stenberg (28 Oct 2016)
- BINDINGS: converted to markdown
  
  To make it render better on the web site, at the price of it becoming
  slightly less readable as text.

Jay Satiro (27 Oct 2016)
- CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
  
  - Clarify that this option is only for HTTP/1.1 pipelining.
  
  Bug: https://github.com/curl/curl/issues/1059
  Reported-by: Jeroen Ooms
  
  Assisted-by: Daniel Stenberg

Daniel Stenberg (27 Oct 2016)
- KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted
  
  Closes #927

- KNOWN_BUGS: c-ares deviates from stock resolver on http://1346569778
  
  Closes #893

Michael Osipov (27 Oct 2016)
- configure.in: Fix test syntax
  
  Some versions of test allow == for equality, but others (such as the HP-UX
  version) do not.  Use a single = for correctness.
  
  Error output:
  checking for monotonic clock_gettime... ./configure[20445]: ==: A test command parameter is not valid.

Daniel Stenberg (27 Oct 2016)
- SECURITY: minor updates
  
  - we allow the security push up to 48 hours before the release
  
  - add a mention about possible pre-notifications
  
  - lower case the 'curl-security' title

- [Andrei Sedoi brought this change]

  docs: fix req->data in multi-uv example
  
  Closes #1088

- mbedtls: stop using deprecated include file
  
  Reported-by: wyattoday
  Fixes #1087

Kamil Dudka (25 Oct 2016)
- [Martin Frodl brought this change]

  nss: fix tight loop in non-blocking TLS handhsake over proxy
  
  ... in case the handshake completes before entering
  CURLM_STATE_PROTOCONNECT
  
  Bug: https://bugzilla.redhat.com/1388162

Jay Satiro (25 Oct 2016)
- mk-ca-bundle: Update the vbscript version
  
  Bring the VBScript version more in line with the perl version:
  
  - Change timestamp to UTC.
  
  - Change URL retrieval to HTTPS-only by default.
  
  - Comment out the options that disabled SSL cert checking by default.
  
  - Assume OpenSSL is present, get SHA256. And add a flag to toggle it.
  
  - Fix cert issuer name output.
  
  The cert issuer output is now ansi, converted from UTF-8. Prior to this
  it was corrupt UTF-8. It turns out though we can work with UTF-8 the
  FSO object that writes ca-bundle can't write UTF-8, so there will have
  to be some alternative if UTF-8 is needed (like an ADODB.Stream).
  
  - Disable the certificate text info feature.
  
  The certificate text info doesn't work properly with any recent OpenSSL.

Daniel Stenberg (24 Oct 2016)
- TODO: indent code to make it render properly

- TODO: Remove the generated include file

- TODO: add "--retry should resume"
  
  See #1084

- mk-ca-bundle.1: document -k
  
  Brought in 1ad2bdcf110266c. Now does HTTPS by default and needs -k to
  fall back to plain HTTP.

- [Jay Satiro brought this change]

  mk-ca-bundle: Change URL retrieval to HTTPS-only by default
  
  - Change all predefined Mozilla URLs to HTTPS (Gregory Szorc).
  
  - New option -k to allow URLs other than HTTPS and enable HTTP fallback.
  
  Prior to this change the default URL retrieval mode was to fall back to
  HTTP if HTTPS didn't work.
  
  Reported-by: Gregory Szorc
  
  Closes #1012

- RELEASE-NOTES: synced with 50ee3aaf1a9b22d

Dan Fandrich (23 Oct 2016)
- INSTALL.md: Updated minimum file sizes for 7.50.3

Daniel Stenberg (22 Oct 2016)
- multi: force connections to get closed in close_all_connections
  
  Several independent reports on infinite loops hanging in the
  close_all_connections() function when closing a multi handle, can be
  fixed by first marking the connection to get closed before calling
  Curl_disconnect.
  
  This is more fixing-the-symptom rather than the underlying problem
  though.
  
  Bug: https://curl.haxx.se/mail/lib-2016-10/0011.html
  Bug: https://curl.haxx.se/mail/lib-2016-10/0059.html
  
  Reported-by: Dan Fandrich, Valentin David, Miloš Ljumović

- [Anders Bakken brought this change]

  curl_multi_remove_handle: fix a double-free
  
  In short the easy handle needs to be disconnected from its connection at
  this point since the connection still is serving other easy handles.
  
  In our app we can reliably reproduce a crash in our http2 stress test
  that is fixed by this change. I can't easily reproduce the same test in
  a small example.
  
  This is the gdb/asan output:
  
  ==11785==ERROR: AddressSanitizer: heap-use-after-free on address 0xe9f4fb80 at pc 0x09f41f19 bp 0xf27be688 sp 0xf27be67c
  READ of size 4 at 0xe9f4fb80 thread T13 (RESOURCE_HTTP)
      #0 0x9f41f18 in curl_multi_remove_handle /path/to/source/3rdparty/curl/lib/multi.c:666
  
  0xe9f4fb80 is located 0 bytes inside of 1128-byte region [0xe9f4fb80,0xe9f4ffe8)
  freed by thread T13 (RESOURCE_HTTP) here:
      #0 0xf7b1b5c2 in __interceptor_free /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:45
      #1 0x9f7862d in conn_free /path/to/source/3rdparty/curl/lib/url.c:2808
      #2 0x9f78c6a in Curl_disconnect /path/to/source/3rdparty/curl/lib/url.c:2876
      #3 0x9f41b09 in multi_done /path/to/source/3rdparty/curl/lib/multi.c:615
      #4 0x9f48017 in multi_runsingle /path/to/source/3rdparty/curl/lib/multi.c:1896
      #5 0x9f490f1 in curl_multi_perform /path/to/source/3rdparty/curl/lib/multi.c:2123
      #6 0x9c4443c in perform /path/to/source/src/net/resourcemanager/ResourceManagerCurlThread.cpp:854
      #7 0x9c445e0 in ...
      #8 0x9c4cf1d in ...
      #9 0xa2be6b5 in ...
      #10 0xf7aa5780 in asan_thread_start /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226
      #11 0xf4d3a16d in __clone (/lib/i386-linux-gnu/libc.so.6+0xe716d)
  
  previously allocated by thread T13 (RESOURCE_HTTP) here:
      #0 0xf7b1ba27 in __interceptor_calloc /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:70
      #1 0x9f7dfa6 in allocate_conn /path/to/source/3rdparty/curl/lib/url.c:3904
      #2 0x9f88ca0 in create_conn /path/to/source/3rdparty/curl/lib/url.c:5797
      #3 0x9f8c928 in Curl_connect /path/to/source/3rdparty/curl/lib/url.c:6438
      #4 0x9f45a8c in multi_runsingle /path/to/source/3rdparty/curl/lib/multi.c:1411
      #5 0x9f490f1 in curl_multi_perform /path/to/source/3rdparty/curl/lib/multi.c:2123
      #6 0x9c4443c in perform /path/to/source/src/net/resourcemanager/ResourceManagerCurlThread.cpp:854
      #7 0x9c445e0 in ...
      #8 0x9c4cf1d in ...
      #9 0xa2be6b5 in ...
      #10 0xf7aa5780 in asan_thread_start /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226
      #11 0xf4d3a16d in __clone (/lib/i386-linux-gnu/libc.so.6+0xe716d)
  
  SUMMARY: AddressSanitizer: heap-use-after-free /path/to/source/3rdparty/curl/lib/multi.c:666 in curl_multi_remove_handle
  Shadow bytes around the buggy address:
    0x3d3e9f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
    0x3d3e9f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
    0x3d3e9f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
    0x3d3e9f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
    0x3d3e9f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  =>0x3d3e9f70:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
    0x3d3e9f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
    0x3d3e9f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
    0x3d3e9fa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
    0x3d3e9fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
    0x3d3e9fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  Shadow byte legend (one shadow byte represents 8 application bytes):
    Addressable:           00
    Partially addressable: 01 02 03 04 05 06 07
    Heap left redzone:       fa
    Heap right redzone:      fb
    Freed heap region:       fd
    Stack left redzone:      f1
    Stack mid redzone:       f2
    Stack right redzone:     f3
    Stack partial redzone:   f4
    Stack after return:      f5
    Stack use after scope:   f8
    Global redzone:          f9
    Global init order:       f6
    Poisoned by user:        f7
    Container overflow:      fc
    Array cookie:            ac
    Intra object redzone:    bb
    ASan internal:           fe
    Left alloca redzone:     ca
    Right alloca redzone:    cb
  ==11785==ABORTING
  
  Thread 14 "RESOURCE_HTTP" received signal SIGABRT, Aborted.
  [Switching to Thread 0xf27bfb40 (LWP 12324)]
  0xf7fd8be9 in __kernel_vsyscall ()
   (gdb) bt
   #0  0xf7fd8be9 in __kernel_vsyscall ()
   #1  0xf4c7ee89 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:54
   #2  0xf4c803e7 in __GI_abort () at abort.c:89
   #3  0xf7b2ef2e in __sanitizer::Abort () at /opt/toolchain/src/gcc-6.2.0/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cc:122
   #4  0xf7b262fa in __sanitizer::Die () at /opt/toolchain/src/gcc-6.2.0/libsanitizer/sanitizer_common/sanitizer_common.cc:145
   #5  0xf7b21ab3 in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0xf27be171, __in_chrg=<optimized out>) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_report.cc:689
   #6  0xf7b214a5 in __asan::ReportGenericError (pc=166993689, bp=4068206216, sp=4068206204, addr=3925146496, is_write=false, access_size=4, exp=0, fatal=true) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_report.cc:1074
   #7  0xf7b21fce in __asan::__asan_report_load4 (addr=3925146496) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_rtl.cc:129
   #8  0x09f41f19 in curl_multi_remove_handle (multi=0xf3406080, data=0xde582400) at /path/to/source3rdparty/curl/lib/multi.c:666
   #9  0x09f6b277 in Curl_close (data=0xde582400) at /path/to/source3rdparty/curl/lib/url.c:415
   #10 0x09f3354e in curl_easy_cleanup (data=0xde582400) at /path/to/source3rdparty/curl/lib/easy.c:860
   #11 0x09c6de3f in ...
   #12 0x09c378c5 in ...
   #13 0x09c48133 in ...
   #14 0x09c4d092 in ...
   #15 0x0a2be6b6 in ...
   #16 0xf7aa5781 in asan_thread_start (arg=0xf2d22938) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226
   #17 0xf5de52b5 in start_thread (arg=0xf27bfb40) at pthread_create.c:333
   #18 0xf4d3a16e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:114
  
  Fixes #1083

- testcurl.1: fix the URL to the autobuild summary

- testcurl.1: update URLs

- INSTALL: converted to markdown => INSTALL.md
  
  Also heavily edited for content. Removed lots of old cruft that we added
  like 10+ years ago that is likely incorrect by now.
  
  Also removed INSTALL.devcpp for same reason.

- [Martin Storsjo brought this change]

  configure: Check for other variants of the -m*os*-version-min flags
  
  In addition to -miphoneos-version-min, the same version can be set
  using -mios-version-min. And for WatchOS and TvOS, there's
  -mwatchos-version-min and -mtvos-version-min.

- configure: set min version flags for builds on mac
  
  This helps building binaries that can work on multiple macOS versions.
  
  Help-by: Martin Storsjö
  
  Fixes #1069

- curl_multi_add_handle: set timeouts in closure handles
  
  The closure handle only ever has default timeouts set. To improve the
  state somewhat we clone the timeouts from each added handle so that the
  closure handle always has the same timeouts as the most recently added
  easy handle.
  
  Fixes #739

- configure/CURL_CHECK_FUNC_POLL: disable poll completely on mac
  
  ... so that the same libcurl build easier can run on any version.
  
  Follow-up to issue #1057

- RELEASE-NOTES: synced with f36f8c14551efc6772

- test14xx: fixed --libcurl output tests again after 8e8afa82cbb

- s/cURL/curl
  
  The tool was never called cURL, only the project. But even so, we have
  more and more over time switched to just use lower case.

- polarssl: indented code, removed unused variables

- polarssl: reduce #ifdef madness with a macro

- polarssl: fix unaligned SSL session-id lock

- Curl_polarsslthreadlock_thread_setup: clear array at init
  
  ... since if it fails to init the entire array and then tries to clean
  it up, it would attempt to work on an uninitialized pointer.

- curl: set INTERLEAVEDATA too
  
  As otherwise the callback could be called with a NULL pointer when RTSP
  data is provided.

- gopher: properly return error for poll failures

- select: switch to macros in uppercase
  
  Curl_select_ready() was the former API that was replaced with
  Curl_select_check() a while back and the former arg setup was provided
  with a define (in order to leave existing code unmodified).
  
  Now we instead offer SOCKET_READABLE and SOCKET_WRITABLE for the most
  common shortcuts where only one socket is checked. They're also more
  visibly macros.

- select: use more proper macro-looking names
  
  ... so that it becomes more obvious in the code what is what. Also added
  a typecast for one of the calculations.

- Curl_socket_check: add extra check to avoid integer overflow

- maketgz: make it support "only" generating version info
  
  ... to allow you to update the local repository with the given version
  number data.

Jay Satiro (17 Oct 2016)
- url: skip to-be-closed connections when pipelining (follow-up)
  
  - Change back behavior so that pipelining is considered possible for
  connections that have not yet reached the protocol level.
  
  This is a follow-up to e5f0b1a which had changed the behavior of
  checking if pipelining is possible to ignore connections that had
  'bits.close' set. Connections that have not yet reached the protocol
  level also have that bit set, and we need to consider pipelining
  possible on those connections.

Daniel Stenberg (17 Oct 2016)
- HTTP2: mention the tool's limited support

- RELEASE-NOTES: synced with a1a5cd04877fd6fd

- [David Woodhouse brought this change]

  curl: do not set CURLOPT_SSLENGINEDEFAULT automatically
  
  There were bugs in the PKCS#11 engine, and fixing them triggers bugs in
  OpenSSL. Just don't get involved; there's no need to be making the
  engine methods the default anyway.
  
  https://github.com/OpenSC/libp11/pull/108
  https://github.com/openssl/openssl/pull/1639
  
  Merges #1042

- KNOWN_BUGS: two more existing problems

Marcel Raad (16 Oct 2016)
- win: fix Universal Windows Platform build
  
  This fixes a merge error in commit 7f3df80 caused by commit 332e8d6.
  
  Additionally, this changes Curl_verify_windows_version for Windows App
  builds to assume to always be running on the target Windows version.
  There seems to be no way to determine the Windows version from a
  UWP app. Neither GetVersion(Ex), nor VerifyVersionInfo, nor the
  Version Helper functions are supported.
  
  Bug: https://github.com/curl/curl/pull/820#issuecomment-250889878
  Reported-by: Paul Joyce
  
  Closes https://github.com/curl/curl/pull/1048

Daniel Stenberg (16 Oct 2016)
- KNOWN_BUGS: minor formatting edit

Jay Satiro (14 Oct 2016)
- [Rider Linden brought this change]

  url: skip to-be-closed connections when pipelining
  
  No longer attempt to use "doomed" to-be-closed connections when
  pipelining. Prior to this change connections marked for deletion (e.g.
  timeout) would be erroneously used, resulting in sporadic crashes.
  
  As originally reported and fixed by Carlo Wood (origin unknown).
  
  Bug: https://github.com/curl/curl/issues/627
  Reported-by: Rider Linden
  
  Closes https://github.com/curl/curl/pull/1075
  Participation-by: nopjmp@users.noreply.github.com

Daniel Stenberg (13 Oct 2016)
- vtls: only re-use session-ids using the same scheme
  
  To make it harder to do cross-protocol mistakes

Jay Satiro (11 Oct 2016)
- [Torben Dannhauer brought this change]

  dist: add missing cmake modules to the tarball
  
  Closes https://github.com/curl/curl/pull/1070

Daniel Stenberg (11 Oct 2016)
- configure: detect the broken poll() in macOS 10.12
  
  Fixes #1057

- dist: remove PDF and HTML converted docs from the releases

- [Remo E brought this change]

  cmake: add nghttp2 support
  
  Closes #922

- [Andreas Streichardt brought this change]

  resolve: add error message when resolving using SIGALRM
  
  Closes #1066

- GIT-INFO: remove the Mac 10.1-specific details
  
  There shouldn't be many devs out there anymore using such outdated macOS
  versions. And it removes the dead link.
  
  Closes #1049

- RELEASE-NOTES: spellfix

- RELEASE-NOTES: synced with 82720490628cb53a
  
  5 more fixes, 2 more contributors

- [Tobias Stoeckmann brought this change]

  smb: properly check incoming packet boundaries
  
  Not all reply messages were properly checked for their lengths, which
  made it possible to access uninitialized memory (but this does not lead
  to out of boundary accesses).
  
  Closes #1052

- test557: verify printf() with 128 and 129 arguments

- mprintf: return error on too many arguments
  
  128 arguments should be enough for everyone

- ftp: fix Curl_ftpsendf()
  
  ... it no longer takes printf() arguments since it was only really taken
  advantage by one user and it was not written and used in a safe
  way. Thus the 'f' is removed from the function name and the proto is
  changed.
  
  Although the current code wouldn't end up in badness, it was a risk that
  future changes could end up springf()ing too large data or passing in a
  format string inadvertently.

- formpost: avoid silent snprintf() truncation
  
  The previous use of snprintf() could make libcurl silently truncate some
  input data and not report that back on overly large input, which could
  make data get sent over the network in a bad format.
  
  Example:
  
   $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"

- TODO: build: Enable PIE and RELRO by default

- TODO: Support better than MD5 hostkey hash (for ssh)

- [Daniel Gustafsson brought this change]

  tests: Fix a small typo in the tests README (#1060)
  
  The subdirectory for logs in tests/ is named log/ without an 's'
  at the end.

- TODO: Introduce --fail-fast to exit on first transfer fail
  
  See #1054

- TODO: Leave secure cookies alone

- [Rainer Müller brought this change]

  CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)
  
  The 'userp' argument is unused in this example code.

- TODO: TCP Fast Open for windows

- RELEASE-NOTES: synced with 8fd2a754f0de

- CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is added

- memdup: use 'void *' as return and source type

- TODO: Add easy argument to formpost functions

- formpost: trying to attach a directory no longer crashes
  
  The error path would previously add a freed entry to the linked list.
  
  Reported-by: Toby Peterson
  
  Fixes #1053

- [Sergei Kuzmin brought this change]

  cookies: same domain handling changed to match browser behavior
  
  Cokie with the same domain but different tailmatching property are now
  considered different and do not replace each other.  If header contains
  following lines then two cookies will be set: Set-Cookie: foo=bar;
  domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
  domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033
  
  This matches Chrome, Opera, Safari, and Firefox behavior. When sending
  stored tokens to foo.com Chrome, Opera, Firefox store send them in the
  stored order, while Safari pre-sort the cookies.
  
  Closes #1050

- [Stephen Brokenshire brought this change]

  FAQ: Fix typos in section 5.14 (#1047)
  
  Type required for YourClass::func C++ function (using size_t in line
  with the documentation for CURLOPT_WRITEFUNCTION) and missing second
  colon when specifying the static function for CURLOPT_WRITEFUNCTION.

- [Sebastian Mundry brought this change]

  KNOWN_BUGS: Fix typos in section 5.8.
  
  Closes #1046

- [mundry brought this change]

  CONTRIBUTE.md: Fix typo in 'About pull requests' section. (#1045)

- curl.1: --trace supports % for sending to stderr!

- KNOWN_BUGS: 5.8 configure finding libs in wrong directory

Dan Fandrich (24 Sep 2016)
- configure: Fixed builds with libssh2 in a custom location
  
  A libssh2 library in the standard system location was being used in
  preference to the desired one while linking.

Daniel Stenberg (23 Sep 2016)
- SECURITY: remove the top ascii logo

Michael Kaufmann (22 Sep 2016)
- New libcurl option to keep sending on error
  
  Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
  sending the request body shall be completed when the server responds
  early with an error status code.
  
  This is suitable for manual NTLM authentication.
  
  Reviewed-by: Jay Satiro
  
  Closes https://github.com/curl/curl/pull/904

Kamil Dudka (22 Sep 2016)
- nss: add chacha20-poly1305 cipher suites if supported by NSS

- nss: add cipher suites using SHA384 if supported by NSS

- nss: fix typo in ecdhe_rsa_null cipher suite string
  
  As it seems to be a rarely used cipher suite (for securely established
  but _unencrypted_ connections), I believe it is fine not to provide an
  alias for the misspelled variant.

Jay Satiro (21 Sep 2016)
- docs: Remove that --proto is just used for initial retrieval
  
  .. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
  override protocols denied by --proto and CURLOPT_PROTOCOLS.
  
  - Add a test to enforce: --proto deny must override --proto-redir allow
  
  Closes https://github.com/curl/curl/pull/1031

Daniel Stenberg (21 Sep 2016)
- dist: add CurlSymbolHiding.cmake to the tarball
  
  Follow-up to 6140dfcf3e784
  
  Reported-by: Alexander Sinditskiy

- curl_global_cleanup.3: don't unload the lib with sub threads running
  
  Discussed in #997
  
  Assisted-by: Jay Satiro

- MAIL-ETIQUETTE: language

Jay Satiro (20 Sep 2016)
- easy: Reset all statistical session info in curl_easy_reset
  
  Bug: https://github.com/curl/curl/issues/1017
  Reported-by: Jeroen Ooms

Daniel Stenberg (19 Sep 2016)
- RELEASE-NOTES: synced with 79607eec51055

Jay Satiro (19 Sep 2016)
- [Daniel Gustafsson brought this change]

  darwinssl: Fix typo in comment
  
  Closes https://github.com/curl/curl/pull/1028

Daniel Stenberg (19 Sep 2016)
- [Bernard Spil brought this change]

  libressl: fix version output
  
  LibreSSL defines `OPENSSL_VERSION_NUMBER` as `0x20000000L` for all
  versions returning `LibreSSL/2.0.0` for any LibreSSL version.
  
  This change provides a local OpenSSL_version_num function replacement
  returning LIBRESSL_VERSION_NUMBER instead.
  
  Closes #1029

- [rugk brought this change]

  TODO: Add PINNEDPUBLICKEY - HPKP compatibility, HSTS & HPKP
  
  Closes #1025
  Closes #1026
  Closes #1027

- openssl: don't call ERR_remote_thread_state on >= 1.1.0
  
  Follow-up fix to d9321562

- openssl: don’t call CRYTPO_cleanup_all_ex_data
  
  The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called
  multiple times without crashing - and other libs might call it! We
  basically cannot call it without risking a crash. The function is a
  no-op since OpenSSL 1.1.0.
  
  Not calling this function only risks a small memory leak with OpenSSL <
  1.1.0.
  
  Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html
  Reported-by: Todd Short

- TODO: Support SSLKEYLOGFILE

Jay Satiro (18 Sep 2016)
- CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting

Nick Zitzmann (18 Sep 2016)
- darwinssl: disable RC4 cipher-suite support
  
  RC4 was a nice alternative to CBC back in the days of BEAST, but it's insecure and obsolete now.

- configure: change "iOS/Mac OS X native" to "Apple OS native"
  
  Since I first wrote that text, Apple introduced tvOS and watchOS, and renamed "Mac OS X" to "macOS." Let's make the text a little more inclusive, since curl can be built for all four operating systems.

Jay Satiro (18 Sep 2016)
- test2048: fix url

- examples/imap-append: Set size of data to be uploaded
  
  Prior to this commit this example failed with error
  'Cannot APPEND with unknown input file size'.
  
  Bug: https://github.com/curl/curl/issues/1008
  Reported-by: lukaszgn@users.noreply.github.com
  
  Closes https://github.com/curl/curl/pull/1011

Daniel Stenberg (16 Sep 2016)
- [Tony Kelman brought this change]

  LICENSE-MIXING.md: update with mbedTLS dual licensing
  
  Recent versions of mbedTLS are available under either Apache 2.0 or GPL
  2.0, see https://tls.mbed.org/how-to-get
  
  Closes #1019

- KNOWN_BUGS: chunked-encoded requests with HTTP/2 is fixed

- http2: debug ouput sent HTTP/2 request headers

- http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
  
  ... but don't send the actual header over the wire as it isn't accepted.
  Chunked uploading is still triggered using this method.
  
  Fixes #1013
  Fixes #662

- openssl: fix per-thread memory leak usiong 1.0.1 or 1.0.2
  
  OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
  so we need to clean it when easy handles are freed, in case the thread
  will be killed in which the easy handle was used. All OpenSSL code in
  libcurl should extract the error in association with the error already
  so clearing this queue here should be harmless at worst.
  
  Fixes #964

- RELEASE-NOTES: reset and go toward 7.51.0 (again)

Version 7.50.3 (14 Sep 2016)

Daniel Stenberg (14 Sep 2016)
- THANKS: updated with curl 7.50.3 contributors

- RELEASE-NOTES: curl 7.50.3

- test1605: verify negative input lengths to (un)escape functions

- curl_easy_unescape: deny negative string lengths as input
  
  CVE-2016-7167
  
  Bug: https://curl.haxx.se/docs/adv_20160914.html

- curl_easy_escape: deny negative string lengths as input
  
  CVE-2016-7167
  
  Bug: https://curl.haxx.se/docs/adv_20160914.html

- curl: make --create-dirs on windows grok both forward and backward slashes
  
  Reported-by: Ryan Scott
  
  Fixes #1007

- RELEASE-NOTES: synced with 665694979b6

- [Tony Kelman brought this change]

  mbedtls: switch off NTLM in build if md4 isn't available
  
  NTLM support with mbedTLS was added in 497e7c9 but requires that mbedTLS
  is built with the MD4 functions available, which it isn't in default
  builds. This now adapts if the funtion isn't there and builds libcurl
  without NTLM support if so.
  
  Fixes #1004

Jay Satiro (12 Sep 2016)
- CODE_STYLE: fix long-line guideline
  
  - Change maximum allowed line length from 80 to 79.

- CODE_STYLE: add column alignment section
  
  Note that since the added examples are for column alignment I had to
  encapsulate with ~~~c markdown to preserve their alignment.

Peter Wu (11 Sep 2016)
- cmake: fix curl-config --static-libs
  
  The `curl-config --static-libs` command should not output paths like
  -l/usr/lib/libssl.so, instead print the absolute path without `-l`.
  
  This also removes the confusing message "Static linking is broken" which
  was printed because curl-config --static-libs was disfunctional even
  though the static libcurl.a library works properly.
  
  Fixes https://github.com/curl/curl/issues/841

Daniel Stenberg (11 Sep 2016)
- http: refuse to pass on response body with NO_NODY was set
  
  ... like when a HTTP/0.9 response comes back without any headers at all
  and just a body this now prevents that body from being sent to the
  callback etc.
  
  Adapted test 1144 to verify.
  
  Fixes #973
  
  Assisted-by: Ray Satiro

- RELEASE-NOTES: synced with 257bf3ac67eb6

Jakub Zakrzewski (10 Sep 2016)
- CMake: Don't build unit tests if private symbols are hidden
  
  This only excludes building unit tests from default build ( 'all' Make
  target or "Build Solution" in VisualStudio). The projects and Make
  targets will still be generated and shown in supporting IDEs.
  
  Fixes https://github.com/curl/curl/issues/981
  Reported-by: Randy Armstrong
  
  Closes https://github.com/curl/curl/pull/990

- CMake: Try to (un-)hide private library symbols
  
  Detect support for compiler symbol visibility flags and apply those
  according to CURL_HIDDEN_SYMBOLS option.
  It should work true to the autotools build except it tries to unhide
  symbols on Windows when requested and prints warning if it fails.
  
  Ref: https://github.com/curl/curl/issues/981#issuecomment-242665951
  Reported-by: Daniel Stenberg

Daniel Stenberg (9 Sep 2016)
- openssl: fix bad memory free (regression)
  
  ... by partially reverting f975f06033b1. The allocation could be made by
  OpenSSL so the free must be made with OPENSSL_free() to avoid problems.
  
  Reported-by: Harold Stuart
  Fixes #1005

- http2: support > 64bit sized uploads
  
  ... by making sure we don't count down the "upload left" counter when the
  uploaded size is unknown and then it can be allowed to continue forever.
  
  Fixes #996

Jay Satiro (7 Sep 2016)
- errors: new alias CURLE_WEIRD_SERVER_REPLY (8)
  
  Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
  more of a generic "failed to parse" introduce an alias without FTP in
  the name.
  
  Closes https://github.com/curl/curl/pull/975

Daniel Stenberg (7 Sep 2016)
- bump: toward 7.51.0

- HISTORY: remove ascii logo to render nicer on web

- curl: whitelist use of strtok() in non-threaded context

- checksrc: detect strtok() use
  
  ... as that function slipped through once before.

GitHub (7 Sep 2016)
- [Viktor Szakats brought this change]

  mk-ca-bundle.pl: use SHA256 instead of SHA1
  
  This hash is used to verify the original downloaded certificate bundle
  and also included in the generated bundle's comment header. Also
  rename related internal symbols to algorithm-agnostic names.

Version 7.50.2 (7 Sep 2016)

Daniel Stenberg (7 Sep 2016)
- RELEASE-NOTES: curl 7.50.2 release

- THANKS: updated for 7.50.2

Jay Satiro (6 Sep 2016)
- [Gaurav Malhotra brought this change]

  openssl: fix CURLINFO_SSL_VERIFYRESULT
  
  CURLINFO_SSL_VERIFYRESULT does not get the certificate verification
  result when SSL_connect fails because of a certificate verification
  error.
  
  This fix saves the result of SSL_get_verify_result so that it is
  returned by CURLINFO_SSL_VERIFYRESULT.
  
  Closes https://github.com/curl/curl/pull/995

Daniel Stenberg (6 Sep 2016)
- [Daniel Gustafsson brought this change]

  darwinssl: test for errSecSuccess in PKCS12 import rather than noErr (#993)
  
  While noErr and errSecSuccess are defined as the same value, the API
  documentation states that SecPKCS12Import() returns errSecSuccess if
  there were no errors in importing. Ensure that a future change of the
  defined value doesn't break (however unlikely) and be consistent with
  the API docs.

- [Daniel Gustafsson brought this change]

  docs: Fix link to CONTRIBUTE in Github contribution guidelines (#994)

- [Marcel Raad brought this change]

  openssl: Fix compilation with OPENSSL_API_COMPAT=0x10100000L
  
  With OPENSSL_API_COMPAT=0x10100000L (OpenSSL 1.1 API), the cleanup
  functions are unavailable (they're no-ops anyway in OpenSSL 1.1). The
  replacements for SSL_load_error_strings, SSLeay_add_ssl_algorithms, and
  OpenSSL_add_all_algorithms are called automatically [1][2]. SSLeay() is
  now called OpenSSL_version_num().
  
  [1]: https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html
  [2]: https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html
  
  Closes #992

- RELEASE-NOTES: synced with 3d4c0c8b9bc1d

- http2: return EOF when done uploading without known size
  
  Fixes #982

- http2: skip the content-length parsing, detect unknown size

- http2: minor white space edit

- http2: use named define instead of magic constant in read callback

- [Craig Davison brought this change]

  configure: make the cpp -P detection not clobber CPPFLAGS
  
  CPPPFLAGS is now CPPPFLAG. Fixes CURL_CHECK_DEF.
  
  Fixes #958

- [Olivier Brunel brought this change]

  speed caps: not based on average speeds anymore
  
  Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE &
  CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits
  with the cumulative average speed of the entire transfer; While this
  might work at times with good/constant connections, in other cases it
  can result to the limits simply being "ignored" for more than "short
  bursts" (as told in man page).
  
  Consider a download that goes on much slower than the limit for some
  time (because bandwidth is used elsewhere, server is slow, whatever the
  reason), then once things get better, curl would simply ignore the limit
  up until the average speed (since the beginning of the transfer) reached
  the limit.  This could prove the limit useless to effectively avoid
  using the entire bandwidth (at least for quite some time).
  
  So instead, we now use a "moving starting point" as reference, and every
  time at least as much as the limit as been transferred, we can reset
  this starting point to the current position. This gets a good limiting
  effect that applies to the "current speed" with instant reactivity (in
  case of sudden speed burst).
  
  Closes #971

- HISTORY.md: the multi socket was put in the wrong year!

- [Mark Hamilton brought this change]

  tool_helpers.c: fix comment typo (#989)

- [Mark Hamilton brought this change]

  libtest/test.h: fix typo (#988)

- CURLMOPT_PIPELINING.3: language

- CURLMOPT_PIPELINING.3: extended and clarified
  
  Especially in regards to the multiplexing part.

Steve Holme (31 Aug 2016)
- curl_sspi.c: Updated function description comments
  
  * Added description to Curl_sspi_free_identity()
  * Added parameter and return explanations to Curl_sspi_global_init()
  * Added parameter explaination to Curl_sspi_global_cleanup()

- README: Corrected the supported Visual Studio versions
  
  Missed from commit 8356022d17.

- KNOWN_BUGS: Move the Visual Studio project shortcomings from local README

- KNOWN_BUGS: Expand 6.4 to include Kerberos V5
  
  ...and discuss a possible solution.

Daniel Stenberg (30 Aug 2016)
- connect: fix #ifdefs for debug versions of conn/streamclose() macros
  
  CURLDEBUG is for the memory debugging
  
  DEBUGBUILD is for the extra debug stuff
  
  Pointed-out-by: Steve Holme

- KNOWN_BUGS: mention some cmake "support gaps"

Nick Zitzmann (28 Aug 2016)
- darwinssl: add documentation stating that the --cainfo option is intended for backward compatibility only
  
  In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.

Daniel Stenberg (28 Aug 2016)
- http2: return CURLE_HTTP2_STREAM for unexpected stream close
  
  Follow-up to c3e906e9cd0f, seems like a more appropriate error code
  
  Suggested-by: Jay Satiro

- [Tatsuhiro Tsujikawa brought this change]

  http2: handle closed streams when uploading
  
  Fixes #986

- http2: make sure stream errors don't needlessly close the connection
  
  With HTTP/2 each transfer is made in an indivial logical stream over the
  connection, making most previous errors that caused the connection to get
  forced-closed now instead just kill the stream and not the connection.
  
  Fixes #941

- Curl_verify_windows_version: minor edit to avoid compiler warnings
  
  ... instead of if() before the switch(), add a default to the switch so
  that the compilers don't warn on "warning: enumeration value
  'PLATFORM_DONT_CARE' not handled in switch" anymore.

Steve Holme (27 Aug 2016)
- RELEASE-NOTES: Added missing fix from commit 15592143f

Jay Satiro (26 Aug 2016)
- schannel: Disable ALPN for Wine since it is causing problems
  
  - Disable ALPN on Wine.
  
  - Don't pass input secbuffer when ALPN is disabled.
  
  When ALPN support was added a change was made to pass an input secbuffer
  to initialize the context. When ALPN is enabled the buffer contains the
  ALPN information, and when it's disabled the buffer is empty. In either
  case this input buffer caused problems with Wine and connections would
  not complete.
  
  Bug: https://github.com/curl/curl/issues/983
  Reported-by: Christian Fillion

Kamil Dudka (26 Aug 2016)
- [Peter Wang brought this change]

  nss: work around race condition in PK11_FindSlotByName()
  
  Serialise the call to PK11_FindSlotByName() to avoid spurious errors in
  a multi-threaded environment. The underlying cause is a race condition
  in nssSlot_IsTokenPresent().
  
  Bug: https://bugzilla.mozilla.org/1297397
  
  Closes #985

- nss: refuse previously loaded certificate from file
  
  ... when we are not asked to use a certificate from file

Daniel Stenberg (26 Aug 2016)
- ftp_done: remove dead code

- TLS: random file/egd doesn't have to match for conn reuse

- test161: add comment for the exit code

Dan Fandrich (26 Aug 2016)
- test219: Add http as a required feature

Daniel Stenberg (25 Aug 2016)
- [Michael Kaufmann brought this change]

  HTTP: stop parsing headers when switching to unknown protocols
  
  - unknown protocols probably won't send more headers (e.g. WebSocket)
  - improved comments and moved them to the correct case statements
  
  Closes #899

- openssl: make build with 1.1.0 again
  
  synced with OpenSSL git master commit cc06906707

- INTERNALS: fix title

- configure: detect zlib with our pkg-config macros
  
  ... instead of relying on the pkg-config autoconf macros to be present.
  
  Fixes #972 (again...)

Jay Satiro (25 Aug 2016)
- http2: Remove incorrect comments
  
  .. also remove same from scp

Daniel Stenberg (23 Aug 2016)
- [Ales Novak brought this change]

  ftp: fix wrong poll on the secondary socket
  
  When we're uploading using FTP and the server issues a tiny pause
  between opening the connection to the client's secondary socket, the
  client's initial poll() times out, which leads to second poll() which
  does not wait for POLLIN on the secondary socket. So that poll() also
  has to time out, creating a long (200ms) pause.
  
  This patch adds the correct flag to the secondary socket, making the
  second poll() correctly wait for the connection there too.
  
  Signed-off-by: Ales Novak <alnovak@suse.cz>
  
  Closes #978

- RELEASE-NOTES: synced with 95ded2c56

- configure: make it work without PKG_CHECK_MODULES
  
  With commit c2f9b78 we added a new dependency on pkg-config for
  developers which may be unwanted. This change make the configure script
  still work as before if pkg-config isn't installed, it'll just use the
  old zlib detection logic without pkg-config.
  
  Reported-by: Marc Hörsken
  
  Fixes #972

Marc Hoersken (21 Aug 2016)
- Revert "KNOWN_BUGS: SOCKS proxy not working via IPv6"
  
  This reverts commit 9cb1059f92286a6eb5d28c477fdd3f26aed1d554.
  
  As discussed in #835 SOCKS5 supports IPv6 proxies and destinations.

Daniel Stenberg (21 Aug 2016)
- [Marco Deckel brought this change]

  win: Basic support for Universal Windows Platform apps
  
  Closes #820

Steve Holme (21 Aug 2016)
- sasl: Don't use GSSAPI authentication when domain name not specified
  
  Only choose the GSSAPI authentication mechanism when the user name
  contains a Windows domain name or the user is a valid UPN.
  
  Fixes #718

- vauth: Added check for supported SSPI based authentication mechanisms
  
  Completing commit 00417fd66c and 2708d4259b.

- http.c: Remove duplicate (authp->avail & CURLAUTH_DIGEST) check
  
  From commit 2708d4259b.

Marc Hoersken (20 Aug 2016)
- socks.c: display the hostname returned by the SOCKS5 proxy server
  
  Instead of displaying the requested hostname the one returned
  by the SOCKS5 proxy server is used in case of connection error.
  The requested hostname is displayed earlier in the connection sequence.
  
  The upper-value of the port is moved to a temporary variable and
  replaced with a 0-byte to make sure the hostname is 0-terminated.

Steve Holme (20 Aug 2016)
- urldata.h: Corrected comment for httpcode which is also populated by SMTP
  
  As of 7.25.0 and commit 5430007222.

Marc Hoersken (20 Aug 2016)
- socks.c: use Curl_printable_address in SOCKS5 connection sequence
  
  Replace custom string formatting with Curl_printable_address.
  Add additional debug and error output in case of failures.

- socks.c: align SOCKS4 connection sequence with SOCKS5
  
  Calling sscanf is not required since the raw IPv4 address is
  available and the protocol can be detected using ai_family.

Steve Holme (20 Aug 2016)
- http.c: Corrected indentation change from commit 2708d4259b
  
  Made by Visual Studio's auto-correct feature and missed by me in my own
  code reviews!

- http: Added calls to Curl_auth_is_<mechansism>_supported()
  
  Hooked up the HTTP authentication layer to query the new 'is mechanism
  supported' functions when deciding what mechanism to use.
  
  As per commit 00417fd66c existing functionality is maintained for now.

Marc Hoersken (20 Aug 2016)
- socks.c: improve verbose output of SOCKS5 connection sequence

- configure.ac: add missing quotes to PKG_CHECK_MODULES

Steve Holme (20 Aug 2016)
- sasl: Added calls to Curl_auth_is_<mechansism>_supported()
  
  Hooked up the SASL authentication layer to query the new 'is mechanism
  supported' functions when deciding what mechanism to use.
  
  For now existing functionality is maintained.

Daniel Stenberg (19 Aug 2016)
- [Miroslav Franc brought this change]

  spnego_sspi: fix memory leak in case *outlen is zero (#970)

- CURLMOPT_MAX_TOTAL_CONNECTIONS.3: mention it can also multiplex

Steve Holme (18 Aug 2016)
- vauth: Introduced Curl_auth_is_<mechansism>_supported() functions
  
  As Windows SSPI authentication calls fail when a particular mechanism
  isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5
  and Negotiate to allow both HTTP and SASL authentication the opportunity
  to query support for a supported mechanism before selecting it.
  
  For now each function returns TRUE to maintain compatability with the
  existing code when called.

Daniel Stenberg (18 Aug 2016)
- test1144: verify HEAD with body-only response

Steve Holme (17 Aug 2016)
- RELEASE-PROCEDURE: Added some more future release dates
  
  ...and removed some old ones

Daniel Stenberg (17 Aug 2016)
- [David Woodhouse brought this change]

  curl: allow "pkcs11:" prefix for client certificates
  
  RFC7512 provides a standard method to reference certificates in PKCS#11
  tokens, by means of a URI starting 'pkcs11:'.
  
  We're working on fixing various applications so that whenever they would
  have been able to use certificates from a file, users can simply insert
  a PKCS#11 URI instead and expect it to work. This expectation is now a
  part of the Fedora packaging guidelines, for example.
  
  This doesn't work with cURL because of the way that the colon is used
  to separate the certificate argument from the passphrase. So instead of
  
     curl -E 'pkcs11:manufacturer=piv_II;id=%01' …
  
  I instead need to invoke cURL with the colon escaped, like this:
  
     curl -E 'pkcs11\:manufacturer=piv_II;id=%01' …
  
  This is suboptimal because we want *consistency* — the URI should be
  usable in place of a filename anywhere, without having strange
  differences for different applications.
  
  This patch therefore disables the processing in parse_cert_parameter()
  when the string starts with 'pkcs11:'. It means you can't pass a
  passphrase with an unescaped PKCS#11 URI, but there's no need to do so
  because RFC7512 allows a PIN to be given as a 'pin-value' attribute in
  the URI itself.
  
  Also, if users are already using RFC7512 URIs with the colon escaped as
  in the above example — even providing a passphrase for cURL to handling
  instead of using a pin-value attribute, that will continue to work
  because their string will start 'pkcs11\:' and won't match the check.
  
  What *does* break with this patch is the extremely unlikely case that a
  user has a file which is in the local directory and literally named
  just "pkcs11", and they have a passphrase on it. If that ever happened,
  the user would need to refer to it as './pkcs11:<passphrase>' instead.

- nss: make the global variables static

- openssl: use regular malloc instead of OPENSSL_malloc
  
  This allows for better memmory debugging and torture tests.

- proxy: fix tests as follow-up to 93b0d907d5
  
  This fixes tests that were added after 113f04e664b as the tests would
  fail otherwise.
  
  We bring back "Proxy-Connection: Keep-Alive" now unconditionally to fix
  regressions with old and stupid proxies, but we could possibly switch to
  using it only for CONNECT or only for NTLM in a future if we want to
  gradually reduce it.
  
  Fixes #954
  
  Reported-by: János Fekete

- Revert "Proxy-Connection: stop sending this header by default"
  
  This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.

- CURLOPT_PROXY.3: unsupported schemes cause errors now
  
  Follow-up to a96319ebb9 (document the new behavior)

- tests/README: mention nghttpx for HTTP/2 tests

- README.md: add our CII Best Practices badge

- proxy: polished the error message for unsupported schemes
  
  Follow up to a96319ebb93

- test219: verify unsupported scheme for proxies get rejected

- proxy: reject attempts to use unsupported proxy schemes
  
  I discovered some people have been using "https://example.com" style
  strings as proxy and it "works" (curl doesn't complain) because curl
  ignores unknown schemes and then assumes plain HTTP instead.
  
  I think this misleads users into believing curl uses HTTPS to proxies
  when it doesn't. Now curl rejects proxy strings using unsupported
  schemes instead of just ignoring and defaulting to HTTP.

- RELEASE-NOTES: synced with b7ee5316c2fd5b

Marc Hoersken (14 Aug 2016)
- socks.c: Correctly calculate position of port in response packet
  
  Third commit to fix issue #944 regarding SOCKS5 error handling.
  
  Reported-by: David Kalnischkies

- socks.c: Do not modify and invalidate calculated response length
  
  Second commit to fix issue #944 regarding SOCKS5 error handling.
  
  Reported-by: David Kalnischkies

- socks.c: Move error output after reading the whole response packet
  
  First commit to fix issue #944 regarding SOCKS5 error handling.
  
  Reported-by: David Kalnischkies

Daniel Stenberg (13 Aug 2016)
- [Ronnie Mose brought this change]

  MANUAL: Remove invalid link to LDAP documentation (#962)
  
  The server developer.netscape.com does not resolve into any
  ip address and can be removed.

Jay Satiro (13 Aug 2016)
- openssl: accept subjectAltName iPAddress if no dNSName match
  
  Undo change introduced in d4643d6 which caused iPAddress match to be
  ignored if dNSName was present but did not match.
  
  Also, if iPAddress is present but does not match, and dNSName is not
  present, fail as no-match. Prior to this change in such a case the CN
  would be checked for a match.
  
  Bug: https://github.com/curl/curl/issues/959
  Reported-by: wmsch@users.noreply.github.com

Daniel Stenberg (12 Aug 2016)
- [Dambaev Alexander brought this change]

  configure.ac: add zlib search with pkg-config
  
  Closes #956

- rtsp: ignore whitespace in session id
  
  Follow-up to e577c43bb to fix test case 569 brekage: stop the parser at
  whitespace as well.
  
  Help-by: Erik Janssen

- HTTP: retry failed HEAD requests too
  
  Mark's new document about HTTP Retries
  (https://mnot.github.io/I-D/httpbis-retry/) made me check our code and I
  spotted that we don't retry failed HEAD requests which seems totally
  inconsistent and I can't see any reason for that separate treatment.
  
  So, no separate treatment for HEAD starting now. A HTTP request sent
  over a reused connection that gets cut off before a single byte is
  received will be retried on a fresh connection.
  
  Made-aware-by: Mark Nottingham

- mk-ca-bundle.1: document -m, added in 1.26

- RELEASE-NOTES: synced with e577c43bb5

- [Erik Janssen brought this change]

  rtsp: accept any RTSP session id
  
  Makes libcurl work in communication with gstreamer-based RTSP
  servers. The original code validates the session id to be in accordance
  with the RFC. I think it is better not to do that:
  
  - For curl the actual content is a don't care.
  
  - The clarity of the RFC is debatable, is $ allowed or only as \$, that
    is imho not clear
  
  - Gstreamer seems to url-encode the session id but % is not allowed by
  the RFC
  
  - less code
  
  With this patch curl will correctly handle real-life lines like:
  Session: biTN4Kc.8%2B1w-AF.; timeout=60
  
  Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html

- symbols-in-versions: add CURL_STRICTER
  
  Added in 5fce88aa8c12564

- [Simon Warta brought this change]

  winbuild: Allow changing C compiler via environment variable CC (#952)
  
  This makes it possible to use specific compilers or a cache.
  
  Sample use for clcache:
  set CC=clcache.bat
  nmake /f Makefile.vc DEBUG=no MODE=static VC=14 GEN_PDB=no

- LICENSE-MIXING.md: switched to markdown

- docs-make: have markdown files use .md

- curl.h: make CURL_NO_OLDIES define CURL_STRICTER

- HISTORY.md: use markdown extension

- SSLCERTS.md: renamed to markdown extension

- INTERNALS.md: use markdown extension for markdown content

- CONTRIBUTE.md: markdown extension

- CONTRIBUTE: changed to markdown

- CONTRIBUTE: refreshed

- TODO: added an SSH section and two SFTP things to do

- TODO: remove the 1.22 duplicated item

- TODO: move "CURLOPT_MAIL_CLIENT" to SMTP section

- TODO: API for URL parsing/splitting

- TODO: move QUIC to the HTTP section

- [Simon Warta brought this change]

  winbuild: Free name $(CC) in Makefile (#950)
  
  In the old line number 290, CC and CURL_CC had the same value. After
  that, /DCURL_STATICLIB was added to CC but not CURL_CC (intended?).
  
  This gets rid of the CC variable entirely. It is a first step to make it
  possible to manualyl set a CC variable in order to be able to change the
  compiler.

- TODO: Use huge HTTP/2 windows

- [Simon Warta brought this change]

  winbuild: Avoid setting redundant CFLAGS to compile commands (#949)
  
  $(CURL_CC) is always used with $(CURL_CFLAGS) appended, so before this,
  all arguments in CURL_CFLAGS have been added twice.

Jay Satiro (8 Aug 2016)
- cmake: Enable win32 threaded resolver by default
  
  - Turn on USE_THREADS_WIN32 in Windows if ares isn't on
  
  This change is similar to what we already do in the autotools build.

- cmake: Enable win32 large file support by default
  
  All compilers used by cmake in Windows should support large files.
  
  - Add test SIZEOF_OFF_T
  - Remove outdated test SIZEOF_CURL_OFF_T
  - Turn on USE_WIN32_LARGE_FILES in Windows
  - Check for 'Largefile' during the features output

Daniel Stenberg (7 Aug 2016)
- TODO: added several ideas, removed SPDY

- http2: always wait for readable socket
  
  Since the server can at any time send a HTTP/2 frame to us, we need to
  wait for the socket to be readable during all transfers so that we can
  act on incoming frames even when uploading etc.
  
  Reminded-by: Tatsuhiro Tsujikawa

- RELEASE-NOTES: synced with 7b4bf37a44791

- [Thomas Glanzmann brought this change]

  mbedtls: set debug threshold to 4 (verbose) when MBEDTLS_DEBUG is defined
  
  In order to make MBEDTLS_DEBUG work, the debug threshold must be unequal
  to 0.  This patch also adds a comment how mbedtls must be compiled in
  order to make debugging work, and explains the possible debug levels.

- CURLOPT_TCP_NODELAY: now enabled by default
  
  After a few wasted hours hunting down the reason for slowness during a
  TLS handshake that turned out to be because of TCP_NODELAY not being
  set, I think we have enough motivation to toggle the default for this
  option. We now enable TCP_NODELAY by default and allow applications to
  switch it off.
  
  This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be
  used to disable it.
  
  Thanks-to: Tim Rühsen
  Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html

- [Serj Kalichev brought this change]

  TFTP: Fix upload problem with piped input
  
  When input stream for curl is stdin and input stream is not a file but
  generated by a script then curl can truncate data transfer to arbitrary
  size since a partial packet is treated as end of transfer by TFTP.
  
  Fixes #857

- mk-ca-bundle.pl: -m keeps ca cert meta data in output
  
  Makes the script pass on comments holding meta data to the output
  file. Like fingerprinters, issuer, date ranges etc.
  
  Closes #937

- multi: make Curl_expire() work with 0 ms timeouts
  
  Previously, passing a timeout of zero to Curl_expire() was a magic code
  for clearing all timeouts for the handle. That is now instead made with
  the new Curl_expire_clear() function and thus a 0 timeout is fine to set
  and will trigger a timeout ASAP.
  
  This will help removing short delays, in particular notable when doing
  HTTP/2.

- transfer: return without select when the read loop reached maxcount
  
  Regression added in 790d6de48515. The was then added to avoid one
  particular transfer to starve out others. But when aborting due to
  reading the maxcount, the connection must be marked to be read from
  again without first doing a select as for some protocols (like SFTP/SCP)
  the data may already have been read off the socket.
  
  Reported-by: Dan Donahue
  Bug: https://curl.haxx.se/mail/lib-2016-07/0057.html

Steve Holme (3 Aug 2016)
- [Bill Nagel brought this change]

  mbedtls: Added support for NTLM

Daniel Stenberg (3 Aug 2016)
- [Sergei Nikulov brought this change]

  travis: removed option to rebuild autotool from source
  
  Fixes #943

- bump: start working toward 7.50.2

Version 7.50.1 (3 Aug 2016)

Daniel Stenberg (3 Aug 2016)
- THANKS: 7 new contributors from the 7.50.1 release

- RELEASE-NOTES: 7.50.1

- TLS: only reuse connections with the same client cert
  
  CVE-2016-5420
  Bug: https://curl.haxx.se/docs/adv_20160803B.html

- TLS: switch off SSL session id when client cert is used
  
  CVE-2016-5419
  Bug: https://curl.haxx.se/docs/adv_20160803A.html
  Reported-by: Bru Rom
  Contributions-by: Eric Rescorla and Ray Satiro

- curl_multi_cleanup: clear connection pointer for easy handles
  
  CVE-2016-5421
  Bug: https://curl.haxx.se/docs/adv_20160803C.html
  Reported-by: Marcelo Echeverria and Fernando Muñoz

- KNOWN_BUGS: SOCKS proxy not working via IPv6
  
  Closes #835

- KNOWN_BUGS: CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
  
  Closes #768

- KNOWN_BUGS: transfer-encoding: chunked in HTTP/2
  
  Closes #662

- TODO: Provide cmake config-file
  
  Closes #885

Patrick Monnerat (2 Aug 2016)
- os400: define BUILDING_LIBCURL in make script.

Daniel Stenberg (1 Aug 2016)
- RELEASE-NOTES: synced with aa9f536a18b

Jay Satiro (1 Aug 2016)
- [Thomas Glanzmann brought this change]

  mbedtls: Fix debug function name
  
  This patch is necessary so that curl compiles if MBEDTLS_DEBUG is
  defined.
  
  Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html

Daniel Stenberg (1 Aug 2016)
- [Sergei Nikulov brought this change]

  travis: fix OSX build by re-installing libtool
  
  Apparently due to a broken homebrew install
  
  fixes #934
  Closes #939

- [Martin Vejnár brought this change]

  win32: fix a potential memory leak in Curl_load_library
  
  If a call to GetSystemDirectory fails, the `path` pointer that was
  previously allocated would be leaked. This makes sure that `path` is
  always freed.
  
  Closes #938

- include: revert 9adf3c4 and make public types void * again
  
  Many applications assume the actual contents of the public types and use
  that do for example forward declarations (saving them from including our
  public header) which then breaks when we switch from void * to a struct
  *.
  
  I'm not convinced we were wrong, but since this practise seems
  widespread enough I'm willing to (partly) step down.
  
  Now libcurl uses the struct itself when it is built and it allows
  applications to use the struct type if CURL_STRICTER is defined at the
  time of the #include.
  
  Reported-by: Peter Frühberger
  Fixes #926

Jay Satiro (28 Jul 2016)
- [Yonggang Luo brought this change]

  cmake: Fix for schannel support
  
  The check_library_exists_concat do not check crypt32 library properly.
  So include it directly.
  
  Bug: https://github.com/curl/curl/pull/917
  Reported-by: Yonggang Luo
  
  Bug: https://github.com/curl/curl/issues/935
  Reported-by: Alain Danteny

- Revert "travis: Install libtool for OS X builds"
  
  Didn't work.
  
  This reverts commit 50723585ed380744358de054e2a55dccee65dfd7.

- travis: Install libtool for OS X builds
  
  CI is failing due to missing libtoolize, so I'm trying this.

Daniel Stenberg (26 Jul 2016)
- [Viktor Szakats brought this change]

  TODO: minor typo in last commit
  
  merged #931

- TODO: Timeout idle connections from the pool

Patrick Monnerat (25 Jul 2016)
- os400: minimum supported OS version: V6R1M0.
  Do not log compilation informational messages.

Jay Satiro (24 Jul 2016)
- tests: Fix for http/2 feature
  
  Bug: https://curl.haxx.se/mail/lib-2016-07/0070.html
  Reported-by: Paul Howarth

Steve Holme (23 Jul 2016)
- README: Mention wolfSSL in the 'Dependencies' section

- vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGO
  
  As SPNEGO is only defined when these pre-processor variables are defined
  there is no need to query them explicitly.

- spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
  
  Typo introduced in commit ad5e9bfd5d.

Daniel Stenberg (22 Jul 2016)
- SECURITY: mention how to get windows-specific CVEs
  
  ... and make the distros link a proper link

Dan Fandrich (21 Jul 2016)
- test558: fix test by stripping file paths from FD lines

Kamil Dudka (21 Jul 2016)
- tests: distribute the http2-server.pl script, too

- docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too

Daniel Stenberg (21 Jul 2016)
- bump: start working on 7.50.1

Version 7.50.0 (21 Jul 2016)

Daniel Stenberg (21 Jul 2016)
- RELEASE-NOTES: version 7.50.0 ready

- THANKS: 13 new contributors from the 7.50.0 release

Jay Satiro (21 Jul 2016)
- winbuild: fix embedded manifest option
  
  Embedded manifest option didn't work due to typo.
  
  Reported-by: Stefan Kanthak

- vauth: Fix memleak by freeing credentials if out of memory
  
  This is a follow up to the parent commit dcdd4be which fixes one leak
  but creates another by failing to free the credentials handle if out of
  memory. Also there's a second location a few lines down where we fail to
  do same. This commit fixes both of those issues.

Daniel Stenberg (20 Jul 2016)
- [Saurav Babu brought this change]

  vauth: Fixed memory leak due to function returning without free
  
  This patch allocates memory to "output_token" only when it is required
  so that memory is not leaked if function returns.

- test558: updated after ipv6-check move
  
  Follow-up commit to c50980807c5 to make this test pass.

Jay Satiro (20 Jul 2016)
- connect: disable TFO on Linux when using SSL
  
  - Linux TFO + TLS is not implemented yet.
  
  Bug: https://github.com/curl/curl/issues/907

Daniel Stenberg (19 Jul 2016)
- ROADMAP: QUIC and TLS 1.3

- RELEASE-NOTES: synced with c50980807c5

Jay Satiro (18 Jul 2016)
- [Brian Prodoehl brought this change]

  curl_global_init: Check if IPv6 works
  
  - Curl_ipv6works() is not thread-safe until after the first call, so
  call it once during global init to avoid a possible race condition.
  
  Bug: https://github.com/curl/curl/issues/915
  PR: https://github.com/curl/curl/pull/918

- [Timothy Polich brought this change]

  CURLMOPT_SOCKETFUNCTION.3: fix typo
  
  Closes https://github.com/curl/curl/pull/914

- [Miroslav Franc brought this change]

  library: Fix memory leaks found during static analysis
  
  Closes https://github.com/curl/curl/pull/913

- [Viktor Szakats brought this change]

  cookie.c: Fix misleading indentation
  
  Closes https://github.com/curl/curl/pull/911

- FAQ: Update FTP directory listing section for MLSD command
  
  Explain how some FTP servers support the machine readable listing
  format MLSD from RFC 3659 and compare it to LIST.
  
  Ref: https://github.com/curl/curl/issues/906

Daniel Stenberg (1 Jul 2016)
- [Sergei Nikulov brought this change]

  Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING
  
  Closes #892

- TODO: 17.4 also brings more HTTP/2 support

- TODO: try next proxy if one doesn't work
  
  Closes #896

- conn: don't free easy handle data in handler->disconnect
  
  Reported-by: Gou Lingfeng
  Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html

- test1244: test different proxy ports same URL

- curl_global_init.3: improved formatting of the flags

- curl_global_init.3: expand on the SSL and WIN32 bits purpose
  
  Reported-by: Richard Gray
  Bug: https://curl.haxx.se/mail/lib-2016-06/0136.html

- [Michael Kaufmann brought this change]

  cleanup: minor code cleanup in Curl_http_readwrite_headers()
  
  - the expression of an 'if' was always true
  - a 'while' contained a condition that was always true
  - use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)'
  - fixed a typo
  
  Closes #889

- SFTP: set a generic error when no SFTP one exists...
  
  ... as otherwise we could get a 0 which would count as no error and we'd
  wrongly continue and could end up segfaulting.
  
  Bug: https://curl.haxx.se/mail/lib-2016-06/0052.html
  Reported-by: 暖和的和暖

- ROADMAP: http2 tests are merged, mention http2 perf

- docs/README.md: to render nicer pages on github
  
  ... as previously the README.cmake would be picked and put at the bottom
  of the docs page there and it wasn't very representative!

- README.md: change host name for the svg logo
  
  rawgit.com asks to use the domain cdn.rawgit.com for production
  
  See #900

- [Viktor Szakats brought this change]

  README.md: use the SVG logo

- README.md: logo on top!

- KNOWN_BUGS: 3.4 POP3 expects "CRLF.CRLF" eob for some
  
  Closes #740

- RELEASE-NOTES: synced with d61c80515aa8

- [Michael Osipov brought this change]

  acinclude.m4: improve autodetection of CA bundle on FreeBSD
  
  The FreeBSD Port security/ca_root_nss installs the Mozilla NSS CA bundle
  to /usr/local/share/certs/ca-root-nss.crt. Use this bundle in the
  discovery process.
  
  This change also removes the former FreeBSD path that has been obsolete
  for 8 years since this FreeBSD ports commit:
  https://svnweb.freebsd.org/ports/head/security/?view=revision&revision=215953
  
  Closes #894

- configure: don't specify .lib for libs on windows
  
  Another follow up for crypt32.lib linking with winssl

- configure: fix winssl LIBS change typo
  
  follow-up from 120bf29e

- TODO: "TCP Fast Open" is done, add monitor pool connections

- configure: add crypt32.lib for winssl builds
  
  Necessary since 6cabd78531f

- Makefile.vc: link with crypt32.lib for winssl builds
  
  Necessary since 6cabd78531f
  
  Fixes #853

- [Joel Depooter brought this change]

  VC: Add crypt32.lib to Visual Sudio project template files
  
  Closes #854

- vc: fix the build for schannel certinfo support
  
  Broken since 6cabd785, which adds use of the Curl_extract_certinfo
  function from the x509asn1.c file.

- typedefs: use the full structs in internal code...
  
  ... and save the typedef'ed names for headers and external APIs.

- internals: rename the SessionHandle struct to Curl_easy

- headers: forward declare CURL, CURLM and CURLSH as structs
  
  Instead of typedef'ing to void, typedef to their corresponding actual
  struct names to allow compilers to type-check.
  
  Assisted-by: Reinhard Max

Jay Satiro (22 Jun 2016)
- vtls: Only call add/getsession if session id is enabled
  
  Prior to this change we called Curl_ssl_getsessionid and
  Curl_ssl_addsessionid regardless of whether session ID reusing was
  enabled. According to comments that is in case session ID reuse was
  disabled but then later enabled.
  
  The old way was not intuitive and probably not something users expected.
  When a user disables session ID caching I'd guess they don't expect the
  session ID to be cached anyway in case the caching is later enabled.

Daniel Stenberg (22 Jun 2016)
- curl.1: the used progress meter suffix is k in lower case
  
  Closes #883

- [Sergei Nikulov brought this change]

  cmake: now using BUILD_TESTING=ON/OFF
  
  CMake build now using BUILD_TESTING=ON/OFF (default is OFF) to build
  tests and enabling CTest integration. Options BUILD_CURL_TESTS and
  BUILD_DASHBOARD_REPORTS was removed.
  
  Closes #882
  
  Reviewed-by: Brad King

- [Michael Kaufmann brought this change]

  cleanup: fix method names in code comments
  
  Closes #887

Kamil Dudka (21 Jun 2016)
- curl-compilers.m4: improve detection of GCC's -fvisibility= flag
  
  Some builds of GCC produce output on both stdout and stderr when --help
  --verbose is used.  The 2>&1 redirection caused them to be arbitrarily
  interleaved with each other because of stream buffering.  Consequently,
  grep failed to match the fvisibility= string in the mixed output, even
  though the string was present in GCC's standard output.
  
  This led to silently disabling symbol hiding in some builds of curl.

Daniel Stenberg (19 Jun 2016)
- tests: fix the HTTP/2 tests
  
  The HTTP/2 tests brought with commit bf05606ef1f were using the internal
  name 'http2' for the HTTP/2 server, while in fact that name was already
  used for the second instance of the HTTP server. This made tests using
  the second instance (like test 2050) fail after a HTTP/2 test had run.
  
  The server is now known as HTTP/2 internally and within the <server>
  section in test cases. 1700, 1701 and 1702 were updated accordingly.

- openssl: use more 'const' to fix build warnings with 1.1.0 branch

- curl.1: missed 'T' in the progress unit suffixes

- curl.1: mention the unix for the progress meter

Patrick Monnerat (16 Jun 2016)
- os400: add new definitions to ILE/RPG binding.

Daniel Stenberg (16 Jun 2016)
- openssl: fix cert check with non-DNS name fields present
  
  Regression introduced in 5f5b62635 (released in 7.48.0)
  
  Reported-by: Fabian Ruff
  Fixes #875

Dan Fandrich (16 Jun 2016)
- axtls: Use Curl_wait_ms instead of the less-portable usleep

- axtls: Fixed compile after compile 31c521b0

- tests: Added HTTP proxy keywords to tests 1141 & 1142

Jay Satiro (15 Jun 2016)
- [Sergei Nikulov brought this change]

  cmake: Fix build with winldap
  
  Bug: https://github.com/curl/curl/pull/874
  Reported-by: Sergei Nikulov

- CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
  
  When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a
  zero-byte POST. Prior to this change it was documented as sending data
  from the read callback.
  
  This also changes the wording of what happens when empty or NULL so that
  it's hopefully easier to understand for people whose primary language
  isn't English.
  
  Bug: https://github.com/curl/curl/issues/862
  Reported-by: Askar Safin

- [Michael Wallner brought this change]

  curl_multi_socket_action.3: Fix rewording
  
  - Remove some erroneous text.
  
  Closes https://github.com/curl/curl/pull/865

- [Luo Jinghua brought this change]

  resolve: enable protocol family logic for synthesized IPv6
  
  - Enable protocol family logic for IPv6 resolves even when support
  for synthesized addresses is enabled.
  
  This is a follow up to the parent commit that added support for
  synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family
  logic needed for IPv6 was inadvertently excluded if support for
  synthesized addresses was enabled.
  
  Bug: https://github.com/curl/curl/issues/863
  Ref: https://github.com/curl/curl/pull/866
  Ref: https://github.com/curl/curl/pull/867

Daniel Stenberg (7 Jun 2016)
- [Luo Jinghua brought this change]

  resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
  
  Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X.
  If the current network interface doesn’t support IPv4, but supports
  IPv6, NAT64, and DNS64.
  
  Closes #866
  Fixes #863

- tests: two more HTTP/2 tests
  
  1701 and 1702

- runtests: don't display logs when http2 server fails to start

- runtests: make stripfile work on stdout as well
  
  ... and have test 1700 use that to strip out the nghttpx server: headers

- http2-tests: test1700 is the first real HTTP/2 test
  
  It requires that 'nghttpx' is in the PATH, and it will run the tests
  using nghttpx as a front-end proxy in front of the standard HTTP/1 test
  server. This uses HTTP/2 over plain TCP.
  
  If you like me have nghttpx installed in a custom path, you can run test 1700
  like this:
  
  $ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700

- RELEASE-NOTES: synced with 34855feeb4c299

Steve Holme (6 Jun 2016)
- schannel: Disable ALPN on Windows < 8.1
  
  Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL
  fails on Windows < 8.1 so we need to disable ALPN on these OS versions.
  
  Inspiration provide by: Daniel Seither
  
  Closes #848
  Fixes #840

Jay Satiro (5 Jun 2016)
- checksrc: Add LoadLibrary to the banned functions list
  
  LoadLibrary was supplanted by Curl_load_library for security
  reasons in 6df916d.

- http: Fix HTTP/2 connection reuse
  
  - Change the parser to not require a minor version for HTTP/2.
  
  HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
  in 8243a95 because the parser still expected a minor version.
  
  Bug: https://github.com/curl/curl/issues/855
  Reported-by: Andrew Robbins, Frank Gevaerts

Steve Holme (4 Jun 2016)
- connect.c: Fixed compilation warning from commit 332e8d6164
  
  connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'

- win32: Used centralised verify windows version function
  
  Closes #845

- win32: Added verify windows version functionality

- win32: Introduced centralised verify windows version function

Kamil Dudka (3 Jun 2016)
- tool_urlglob: fix off-by-one error in glob_parse()
  
  ... causing SIGSEGV while parsing URL with too many globs.
  Minimal example:
  
  $ curl $(for i in $(seq 101); do printf '{a}'; done)
  
  Reported-by: Romain Coltel
  Bug: https://bugzilla.redhat.com/1340757

Daniel Stenberg (1 Jun 2016)
- [Benjamin Kircher brought this change]

  libcurl-multi.3: fix small typo
  
  Closes #850

- [Viktor Szakats brought this change]

  makefile.m32: add crypt32 for winssl builds
  
  Dependency added by 6cabd78
  
  Closes #849

- [Ivan Avdeev brought this change]

  vtls: fix ssl session cache race condition
  
  Sessionid cache management is inseparable from managing individual
  session lifetimes. E.g. for reference-counted sessions (like those in
  SChannel and OpenSSL engines) every session addition and removal
  should be accompanied with refcount increment and decrement
  respectively. Failing to do so synchronously leads to a race condition
  that causes symptoms like use-after-free and memory corruption.
  This commit:
   - makes existing session cache locking explicit, thus allowing
     individual engines to manage lock's scope.
   - fixes OpenSSL and SChannel engines by putting refcount management
     inside this lock's scope in relevant places.
   - adds these explicit locking calls to other engines that use
     sessionid cache to accommodate for this change. Note, however,
     that it is unknown whether any of these engines could also have
     this race.
  
  Bug: https://github.com/curl/curl/issues/815
  Fixes #815
  Closes #847

- [Andrew Kurushin brought this change]

  schannel: add CURLOPT_CERTINFO support
  
  Closes #822

- RELEASE-NOTES: synced with 142ee9fa15002315

- openssl: rename the private SSL_strerror
  
  ... to make it not look like an OpenSSL function

- [Michael Kaufmann brought this change]

  openssl: Use correct buffer sizes for error messages
  
  Closes #844

- curl: fix -q [regression]
  
  This broke in 7.49.0 with commit e200034425a7625
  
  Fixes #842

- URL parser: allow URLs to use one, two or three slashes
  
  Mostly in order to support broken web sites that redirect to broken URLs
  that are accepted by browsers.
  
  Browsers are typically even more leniant than this as the WHATWG URL
  spec they should allow an _infinite_ amount. I tested 8000 slashes with
  Firefox and it just worked.
  
  Added test case 1141, 1142 and 1143 to verify the new parser.
  
  Closes #791

- [Renaud Lehoux brought this change]

  cmake: Added missing mbedTLS support
  
  Closes #837

- [Renaud Lehoux brought this change]

  mbedtls: removed unused variables
  
  Closes #838

- [Frank Gevaerts brought this change]

  http: add CURLINFO_HTTP_VERSION and %{http_version}
  
  Adds access to the effectively used http version to both libcurl and
  curl.
  
  Closes #799

- bump: start the journey toward 7.50.0

- [Marcel Raad brought this change]

  openssl: fix build with OPENSSL_NO_COMP
  
  With OPENSSL_NO_COMP defined, there is no function
  SSL_COMP_free_compression_methods
  
  Closes #836

- [Gisle Vanem brought this change]

  memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
  
  Fixes #828

- [Jonathan brought this change]

  README.md: polish
  
  Closes #834

- RELEASE-NOTES: fix vuln link

Version 7.49.1 (30 May 2016)

Daniel Stenberg (30 May 2016)
- RELEASE-NOTES: 7.49.1

- [Steve Holme brought this change]

  ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL
  1.1.0+ returned a new func number of another cerfificate fail so this
  required a fix and this is the better way to catch this error anyway.

- openssl: for 1.1.0+ they now provide a SSLeay() macro of their own

- CURLOPT_RESOLVE.3: minor language polish

include(CheckCSourceCompiles)

option(CURL_HIDDEN_SYMBOLS "Set to ON to hide libcurl internal symbols (=hide all symbols that aren't officially external)." ON)
mark_as_advanced(CURL_HIDDEN_SYMBOLS)

if(CURL_HIDDEN_SYMBOLS)
    set(SUPPORTS_SYMBOL_HIDING FALSE)

    if(CMAKE_C_COMPILER_ID MATCHES "Clang")
        set(SUPPORTS_SYMBOL_HIDING TRUE)
        set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))")
        set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden")
    elseif(CMAKE_COMPILER_IS_GNUCC)
        if(NOT CMAKE_VERSION VERSION_LESS 2.8.10)
            set(GCC_VERSION ${CMAKE_C_COMPILER_VERSION})
        else()
            execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
                            OUTPUT_VARIABLE GCC_VERSION)
        endif()
        if(NOT GCC_VERSION VERSION_LESS 3.4)
            # note: this is considered buggy prior to 4.0 but the autotools don't care, so let's ignore that fact
            set(SUPPORTS_SYMBOL_HIDING TRUE)
            set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))")
            set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden")
        endif()
    elseif(CMAKE_C_COMPILER_ID MATCHES "SunPro" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 8.0)
        set(SUPPORTS_SYMBOL_HIDING TRUE)
        set(_SYMBOL_EXTERN "__global")
        set(_CFLAG_SYMBOLS_HIDE "-xldscope=hidden")
    elseif(CMAKE_C_COMPILER_ID MATCHES "Intel" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.0)
        # note: this should probably just check for version 9.1.045 but I'm not 100% sure
        #       so let's to it the same way autotools do.
        set(SUPPORTS_SYMBOL_HIDING TRUE)
        set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))")
        set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden")
        check_c_source_compiles("#include <stdio.h>
            int main (void) { printf(\"icc fvisibility bug test\"); return 0; }" _no_bug)
        if(NOT _no_bug)
            set(SUPPORTS_SYMBOL_HIDING FALSE)
            set(_SYMBOL_EXTERN "")
            set(_CFLAG_SYMBOLS_HIDE "")
        endif()
    elseif(MSVC)
        set(SUPPORTS_SYMBOL_HIDING TRUE)
    endif()

    set(HIDES_CURL_PRIVATE_SYMBOLS ${SUPPORTS_SYMBOL_HIDING})
elseif(MSVC)
    if(NOT CMAKE_VERSION VERSION_LESS 3.7)
        set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE) #present since 3.4.3 but broken
        set(HIDES_CURL_PRIVATE_SYMBOLS FALSE)
    else()
        message(WARNING "Hiding private symbols regardless CURL_HIDDEN_SYMBOLS being disabled.")
        set(HIDES_CURL_PRIVATE_SYMBOLS TRUE)
    endif()
elseif()
    set(HIDES_CURL_PRIVATE_SYMBOLS FALSE)
endif()

set(CURL_CFLAG_SYMBOLS_HIDE ${_CFLAG_SYMBOLS_HIDE})
set(CURL_EXTERN_SYMBOL ${_SYMBOL_EXTERN})

# - Find c-ares
# Find the c-ares includes and library
# This module defines
#  CARES_INCLUDE_DIR, where to find ares.h, etc.
#  CARES_LIBRARIES, the libraries needed to use c-ares.
#  CARES_FOUND, If false, do not try to use c-ares.
# also defined, but not for general use are
# CARES_LIBRARY, where to find the c-ares library.

FIND_PATH(CARES_INCLUDE_DIR ares.h
  /usr/local/include
  /usr/include
  )

SET(CARES_NAMES ${CARES_NAMES} cares)
FIND_LIBRARY(CARES_LIBRARY
  NAMES ${CARES_NAMES}
  PATHS /usr/lib /usr/local/lib
  )

IF (CARES_LIBRARY AND CARES_INCLUDE_DIR)
  SET(CARES_LIBRARIES ${CARES_LIBRARY})
  SET(CARES_FOUND "YES")
ELSE (CARES_LIBRARY AND CARES_INCLUDE_DIR)
  SET(CARES_FOUND "NO")
ENDIF (CARES_LIBRARY AND CARES_INCLUDE_DIR)


IF (CARES_FOUND)
  IF (NOT CARES_FIND_QUIETLY)
    MESSAGE(STATUS "Found c-ares: ${CARES_LIBRARIES}")
  ENDIF (NOT CARES_FIND_QUIETLY)
ELSE (CARES_FOUND)
  IF (CARES_FIND_REQUIRED)
    MESSAGE(FATAL_ERROR "Could not find c-ares library")
  ENDIF (CARES_FIND_REQUIRED)
ENDIF (CARES_FOUND)

MARK_AS_ADVANCED(
  CARES_LIBRARY
  CARES_INCLUDE_DIR
  )

# - Try to find the libssh2 library
# Once done this will define
#
# LIBSSH2_FOUND - system has the libssh2 library
# LIBSSH2_INCLUDE_DIR - the libssh2 include directory
# LIBSSH2_LIBRARY - the libssh2 library name

if (LIBSSH2_INCLUDE_DIR AND LIBSSH2_LIBRARY)
  set(LibSSH2_FIND_QUIETLY TRUE)
endif (LIBSSH2_INCLUDE_DIR AND LIBSSH2_LIBRARY)

FIND_PATH(LIBSSH2_INCLUDE_DIR libssh2.h
)

FIND_LIBRARY(LIBSSH2_LIBRARY NAMES ssh2
)

if(LIBSSH2_INCLUDE_DIR)
  file(STRINGS "${LIBSSH2_INCLUDE_DIR}/libssh2.h" libssh2_version_str REGEX "^#define[\t ]+LIBSSH2_VERSION_NUM[\t ]+0x[0-9][0-9][0-9][0-9][0-9][0-9].*")

  string(REGEX REPLACE "^.*LIBSSH2_VERSION_NUM[\t ]+0x([0-9][0-9]).*$" "\\1" LIBSSH2_VERSION_MAJOR "${libssh2_version_str}")
  string(REGEX REPLACE "^.*LIBSSH2_VERSION_NUM[\t ]+0x[0-9][0-9]([0-9][0-9]).*$" "\\1" LIBSSH2_VERSION_MINOR  "${libssh2_version_str}")
  string(REGEX REPLACE "^.*LIBSSH2_VERSION_NUM[\t ]+0x[0-9][0-9][0-9][0-9]([0-9][0-9]).*$" "\\1" LIBSSH2_VERSION_PATCH "${libssh2_version_str}")

  string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_MAJOR "${LIBSSH2_VERSION_MAJOR}")
  string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_MINOR "${LIBSSH2_VERSION_MINOR}")
  string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_PATCH "${LIBSSH2_VERSION_PATCH}")

  set(LIBSSH2_VERSION "${LIBSSH2_VERSION_MAJOR}.${LIBSSH2_VERSION_MINOR}.${LIBSSH2_VERSION_PATCH}")
endif(LIBSSH2_INCLUDE_DIR)

include(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(LibSSH2 DEFAULT_MSG LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY )

MARK_AS_ADVANCED(LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY LIBSSH2_VERSION_MAJOR LIBSSH2_VERSION_MINOR LIBSSH2_VERSION_PATCH LIBSSH2_VERSION)

include(FindPackageHandleStandardArgs)

find_path(NGHTTP2_INCLUDE_DIR "nghttp2/nghttp2.h")

find_library(NGHTTP2_LIBRARY NAMES nghttp2)

find_package_handle_standard_args(NGHTTP2
    FOUND_VAR
      NGHTTP2_FOUND
    REQUIRED_VARS
      NGHTTP2_LIBRARY
      NGHTTP2_INCLUDE_DIR
    FAIL_MESSAGE
      "Could NOT find NGHTTP2"
)

set(NGHTTP2_INCLUDE_DIRS ${NGHTTP2_INCLUDE_DIR} )
set(NGHTTP2_LIBRARIES ${NGHTTP2_LIBRARY})

#***************************************************************************
#                                  _   _ ____  _
#  Project                     ___| | | |  _ \| |
#                             / __| | | | |_) | |
#                            | (__| |_| |  _ <| |___
#                             \___|\___/|_| \_\_____|
#
# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at https://curl.haxx.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is
# furnished to do so, under the terms of the COPYING file.
#
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
# KIND, either express or implied.
#
###########################################################################
# curl/libcurl CMake script
# by Tetetest and Sukender (Benoit Neil)

# TODO:
# The output .so file lacks the soname number which we currently have within the lib/Makefile.am file
# Add full (4 or 5 libs) SSL support
# Add INSTALL target (EXTRA_DIST variables in Makefile.am may be moved to Makefile.inc so that CMake/CPack is aware of what's to include).
# Add CTests(?)

# To check:
# (From Daniel Stenberg) The cmake build selected to run gcc with -fPIC on my box while the plain configure script did not.
# (From Daniel Stenberg) The gcc command line use neither -g nor any -O options. As a developer, I also treasure our configure scripts's --enable-debug option that sets a long range of "picky" compiler options.
cmake_minimum_required(VERSION 2.8 FATAL_ERROR)
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
include(Utilities)
include(Macros)
include(CMakeDependentOption)

project( CURL C )

message(WARNING "the curl cmake build system is poorly maintained. Be aware")

file (READ ${CURL_SOURCE_DIR}/include/curl/curlver.h CURL_VERSION_H_CONTENTS)
string (REGEX MATCH "#define LIBCURL_VERSION \"[^\"]*"

# SET(PACKAGE_BUGREPORT "a suitable curl mailing list => https://curl.haxx.se/mail/")
set(OPERATING_SYSTEM "${CMAKE_SYSTEM_NAME}")
set(OS "\"${CMAKE_SYSTEM_NAME}\"")

include_directories(${PROJECT_BINARY_DIR}/include/curl)
include_directories( ${CURL_SOURCE_DIR}/include )

option(BUILD_CURL_EXE "Set to ON to build curl executable." ON)

option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
option(ENABLE_ARES "Set to ON to enable c-ares support" OFF)
if(WIN32)
  CMAKE_DEPENDENT_OPTION(ENABLE_THREADED_RESOLVER
                         "Set to ON to enable threaded DNS lookup"
                         ON "NOT ENABLE_ARES"
                         OFF)
else()
  option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF)
endif()
option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF)
option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF)

if (ENABLE_DEBUG)
  # DEBUGBUILD will be defined only for Debug builds
  if(NOT CMAKE_VERSION VERSION_LESS 3.0)
    set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$<CONFIG:Debug>:DEBUGBUILD>)

if(ENABLE_ARES)
  set(USE_ARES 1)
  find_package(CARES REQUIRED)
  list(APPEND CURL_LIBS ${CARES_LIBRARY} )
  set(CURL_LIBS ${CURL_LIBS} ${CARES_LIBRARY})
endif()







if(MSVC)
  option(BUILD_RELEASE_DEBUG_DIRS "Set OFF to build each configuration to a separate directory" OFF)
  mark_as_advanced(BUILD_RELEASE_DEBUG_DIRS)
endif()

include(CurlSymbolHiding)


option(HTTP_ONLY "disables all protocols except HTTP (This overrides all CURL_DISABLE_* options)" OFF)
mark_as_advanced(HTTP_ONLY)
option(CURL_DISABLE_FTP "disables FTP" OFF)
mark_as_advanced(CURL_DISABLE_FTP)
option(CURL_DISABLE_LDAP "disables LDAP" OFF)
mark_as_advanced(CURL_DISABLE_LDAP)

# On windows preload settings
if(WIN32)
  set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_")
  include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake)
endif(WIN32)

if(ENABLE_THREADED_RESOLVER)
  if(WIN32)
    set(USE_THREADS_WIN32 ON)
  else()
    check_include_file_concat("pthread.h" HAVE_PTHREAD_H)
    if(HAVE_PTHREAD_H)
      set(CMAKE_THREAD_PREFER_PTHREAD 1)
      find_package(Threads)
      if(CMAKE_USE_PTHREADS_INIT)
        set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT})
        set(USE_THREADS_POSIX 1)
      endif()
    endif()
  endif()
endif()

# Check for all needed libraries
check_library_exists_concat("dl"     dlopen       HAVE_LIBDL)
check_library_exists_concat("socket" connect      HAVE_LIBSOCKET)

    check_include_file("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
    check_include_file("openssl/x509.h"   HAVE_OPENSSL_X509_H)
    check_include_file("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
  elseif(WIN32)
    set(CURL_WINDOWS_SSPI ON)
  endif()
endif()

option(USE_NGHTTP2 "Use Nghttp2 library" OFF)
if(USE_NGHTTP2)
  find_package(NGHTTP2 REQUIRED)
  include_directories(${NGHTTP2_INCLUDE_DIRS})
  list(APPEND CURL_LIBS ${NGHTTP2_LIBRARIES})
endif()

if(NOT CURL_DISABLE_LDAP)
  if(WIN32)
    option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON)
    if(USE_WIN32_LDAP)
      check_library_exists_concat("wldap32" cldap_open HAVE_WLDAP32)
      if(NOT HAVE_WLDAP32)
        set(USE_WIN32_LDAP OFF)
      endif()
    endif()
  endif()

  option(CMAKE_USE_OPENLDAP "Use OpenLDAP code." OFF)
  mark_as_advanced(CMAKE_USE_OPENLDAP)
  set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library")
  set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library")

  if(CMAKE_USE_OPENLDAP AND USE_WIN32_LDAP)
    message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CMAKE_USE_OPENLDAP at the same time")
  endif()

  # Now that we know, we're not using windows LDAP...
  if(USE_WIN32_LDAP)
    check_include_file_concat("winldap.h" HAVE_WINLDAP_H)
    check_include_file_concat("winber.h"  HAVE_WINBER_H)
  else()
    # Check for LDAP
    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
    check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP)
    check_library_exists_concat(${CMAKE_LBER_LIB} ber_init HAVE_LIBLBER)





    set(CMAKE_REQUIRED_INCLUDES_BAK ${CMAKE_REQUIRED_INCLUDES})
    set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory")
    if(CMAKE_LDAP_INCLUDE_DIR)
      list(APPEND CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR})
    endif()
    check_include_file_concat("ldap.h"           HAVE_LDAP_H)
    check_include_file_concat("lber.h"           HAVE_LBER_H)

    if(NOT HAVE_LDAP_H)
      message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON")
      set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
      set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used
    elseif(NOT HAVE_LIBLDAP)
      message(STATUS "LDAP library '${CMAKE_LDAP_LIB}' not found CURL_DISABLE_LDAP set ON")
      set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
      set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used
    else()
      if(CMAKE_USE_OPENLDAP)
        set(USE_OPENLDAP ON)
      endif()
      if(CMAKE_LDAP_INCLUDE_DIR)
        include_directories(${CMAKE_LDAP_INCLUDE_DIR})
      endif()
      set(NEED_LBER_H ON)
      set(_HEADER_LIST)
      if(HAVE_WINDOWS_H)
        list(APPEND _HEADER_LIST "windows.h")
      endif()
      if(HAVE_SYS_TYPES_H)
        list(APPEND _HEADER_LIST "sys/types.h")
      endif()
      list(APPEND _HEADER_LIST "ldap.h")

      set(_SRC_STRING "")
      foreach(_HEADER ${_HEADER_LIST})
        set(_INCLUDE_STRING "${_INCLUDE_STRING}#include <${_HEADER}>\n")
      endforeach()

      set(_SRC_STRING
        "
        ${_INCLUDE_STRING}
        int main(int argc, char ** argv)
        {
          BerValue *bvp = NULL;
          BerElement *bep = ber_init(bvp);
          ber_free(bep, 1);
          return 0;
        }"
      )
      set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1")
      list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB})
      if(HAVE_LIBLBER)
        list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB})
      endif()
      check_c_source_compiles("${_SRC_STRING}" NOT_NEED_LBER_H)

      if(NOT_NEED_LBER_H)
        set(NEED_LBER_H OFF)
      else()
        set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DNEED_LBER_H")
      endif()
    endif()
  endif()

endif()

# No ldap, no ldaps.
if(CURL_DISABLE_LDAP)
  if(NOT CURL_DISABLE_LDAPS)
    message(STATUS "LDAP needs to be enabled to support LDAPS")
    set(CURL_DISABLE_LDAPS ON CACHE BOOL "" FORCE)
  endif()
endif()

if(NOT CURL_DISABLE_LDAPS)
  check_include_file_concat("ldap_ssl.h" HAVE_LDAP_SSL_H)
  check_include_file_concat("ldapssl.h"  HAVE_LDAPSSL_H)
endif()

# Check for idn
check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2)

# Check for symbol dlopen (same as HAVE_LIBDL)
check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN)

option(CURL_ZLIB "Set to ON to enable building curl with zlib support." ON)
set(HAVE_LIBZ OFF)
set(HAVE_ZLIB_H OFF)
set(HAVE_ZLIB OFF)
if(CURL_ZLIB)
  find_package(ZLIB QUIET)
  if(ZLIB_FOUND)
    set(HAVE_ZLIB_H ON)

    check_include_file_concat("sspi.h"       HAVE_SSPI_H)
    if(HAVE_SSPI_H)
      check_include_file_concat("schannel.h" HAVE_SCHANNEL_H)
      set(USE_WINDOWS_SSPI ON)
      if(HAVE_SCHANNEL_H)
        set(USE_SCHANNEL ON)
        set(SSL_ENABLED ON)
        set(CURL_LIBS ${CURL_LIBS} "crypt32")
      endif()
    endif()
  endif()
endif(NOT UNIX)

check_include_file_concat("stdio.h"          HAVE_STDIO_H)
check_include_file_concat("inttypes.h"       HAVE_INTTYPES_H)

check_include_file_concat("arpa/tftp.h"      HAVE_ARPA_TFTP_H)
check_include_file_concat("assert.h"         HAVE_ASSERT_H)
check_include_file_concat("crypto.h"         HAVE_CRYPTO_H)
check_include_file_concat("des.h"            HAVE_DES_H)
check_include_file_concat("err.h"            HAVE_ERR_H)
check_include_file_concat("errno.h"          HAVE_ERRNO_H)
check_include_file_concat("fcntl.h"          HAVE_FCNTL_H)
check_include_file_concat("idn2.h"           HAVE_IDN2_H)
check_include_file_concat("ifaddrs.h"        HAVE_IFADDRS_H)
check_include_file_concat("io.h"             HAVE_IO_H)
check_include_file_concat("krb.h"            HAVE_KRB_H)
check_include_file_concat("libgen.h"         HAVE_LIBGEN_H)
check_include_file_concat("limits.h"         HAVE_LIMITS_H)
check_include_file_concat("locale.h"         HAVE_LOCALE_H)
check_include_file_concat("net/if.h"         HAVE_NET_IF_H)

check_include_file_concat("stdlib.h"         HAVE_STDLIB_H)
check_include_file_concat("string.h"         HAVE_STRING_H)
check_include_file_concat("strings.h"        HAVE_STRINGS_H)
check_include_file_concat("stropts.h"        HAVE_STROPTS_H)
check_include_file_concat("termio.h"         HAVE_TERMIO_H)
check_include_file_concat("termios.h"        HAVE_TERMIOS_H)
check_include_file_concat("time.h"           HAVE_TIME_H)

check_include_file_concat("unistd.h"         HAVE_UNISTD_H)
check_include_file_concat("utime.h"          HAVE_UTIME_H)
check_include_file_concat("x509.h"           HAVE_X509_H)

check_include_file_concat("process.h"        HAVE_PROCESS_H)
check_include_file_concat("stddef.h"         HAVE_STDDEF_H)
check_include_file_concat("dlfcn.h"          HAVE_DLFCN_H)
check_include_file_concat("malloc.h"         HAVE_MALLOC_H)
check_include_file_concat("memory.h"         HAVE_MEMORY_H)
check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H)
check_include_file_concat("stdint.h"        HAVE_STDINT_H)
check_include_file_concat("sockio.h"        HAVE_SOCKIO_H)
check_include_file_concat("sys/utsname.h"   HAVE_SYS_UTSNAME_H)




check_type_size(size_t  SIZEOF_SIZE_T)
check_type_size(ssize_t  SIZEOF_SSIZE_T)
check_type_size("long long"  SIZEOF_LONG_LONG)
check_type_size("long"  SIZEOF_LONG)
check_type_size("short"  SIZEOF_SHORT)
check_type_size("int"  SIZEOF_INT)
check_type_size("__int64"  SIZEOF___INT64)
check_type_size("long double"  SIZEOF_LONG_DOUBLE)
check_type_size("time_t"  SIZEOF_TIME_T)
if(NOT HAVE_SIZEOF_SSIZE_T)
  if(SIZEOF_LONG EQUAL SIZEOF_SIZE_T)
    set(ssize_t long)
  endif(SIZEOF_LONG EQUAL SIZEOF_SIZE_T)
  if(NOT ssize_t AND SIZEOF___INT64 EQUAL SIZEOF_SIZE_T)
    set(ssize_t __int64)
  endif(NOT ssize_t AND SIZEOF___INT64 EQUAL SIZEOF_SIZE_T)
endif(NOT HAVE_SIZEOF_SSIZE_T)
# off_t is sized later, after the HAVE_FILE_OFFSET_BITS test

# Different sizeofs, etc.

#    define CURL_SIZEOF_LONG        4
#    define CURL_TYPEOF_CURL_OFF_T  long long
#    define CURL_FORMAT_CURL_OFF_T  "lld"
#    define CURL_FORMAT_CURL_OFF_TU "llu"

check_symbol_exists(getpwuid      "${CURL_INCLUDES}" HAVE_GETPWUID)
check_symbol_exists(geteuid       "${CURL_INCLUDES}" HAVE_GETEUID)
check_symbol_exists(utime         "${CURL_INCLUDES}" HAVE_UTIME)
if(CMAKE_USE_OPENSSL)
  check_symbol_exists(RAND_status   "${CURL_INCLUDES}" HAVE_RAND_STATUS)
  check_symbol_exists(RAND_screen   "${CURL_INCLUDES}" HAVE_RAND_SCREEN)
  check_symbol_exists(RAND_egd      "${CURL_INCLUDES}" HAVE_RAND_EGD)


  if(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
    set(USE_OPENSSL 1)
  endif(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
endif(CMAKE_USE_OPENSSL)
check_symbol_exists(gmtime_r      "${CURL_INCLUDES}" HAVE_GMTIME_R)
check_symbol_exists(localtime_r   "${CURL_INCLUDES}" HAVE_LOCALTIME_R)

check_symbol_exists(getaddrinfo    "${CURL_INCLUDES}" HAVE_GETADDRINFO)
check_symbol_exists(freeaddrinfo   "${CURL_INCLUDES}" HAVE_FREEADDRINFO)
check_symbol_exists(freeifaddrs    "${CURL_INCLUDES}" HAVE_FREEIFADDRS)
check_symbol_exists(pipe           "${CURL_INCLUDES}" HAVE_PIPE)
check_symbol_exists(ftruncate      "${CURL_INCLUDES}" HAVE_FTRUNCATE)
check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME)
check_symbol_exists(getrlimit      "${CURL_INCLUDES}" HAVE_GETRLIMIT)



check_symbol_exists(setlocale      "${CURL_INCLUDES}" HAVE_SETLOCALE)
check_symbol_exists(setrlimit      "${CURL_INCLUDES}" HAVE_SETRLIMIT)
check_symbol_exists(fcntl          "${CURL_INCLUDES}" HAVE_FCNTL)
check_symbol_exists(ioctl          "${CURL_INCLUDES}" HAVE_IOCTL)
check_symbol_exists(setsockopt     "${CURL_INCLUDES}" HAVE_SETSOCKOPT)

# symbol exists in win32, but function does not.

    HAVE_INET_NTOA_R_DECL
    HAVE_INET_NTOA_R_DECL_REENTRANT
    HAVE_GETADDRINFO
    HAVE_FILE_OFFSET_BITS
    )
  curl_internal_test(${CURL_TEST})
endforeach(CURL_TEST)

if(HAVE_FILE_OFFSET_BITS)
  set(_FILE_OFFSET_BITS 64)
  set(CMAKE_REQUIRED_FLAGS "-D_FILE_OFFSET_BITS=64")
endif(HAVE_FILE_OFFSET_BITS)
check_type_size("off_t"  SIZEOF_OFF_T)
set(CMAKE_REQUIRED_FLAGS)

foreach(CURL_TEST
    HAVE_GLIBC_STRERROR_R
    HAVE_POSIX_STRERROR_R
    )
  curl_internal_test_run(${CURL_TEST})
endforeach(CURL_TEST)

    set(HAVE_ZLIB_H 0)
  endif(NOT HAVE_LIBZ)

  if(NOT HAVE_ZLIB_H)
    set(HAVE_LIBZ 0)
  endif(NOT HAVE_ZLIB_H)
endif(NOT CURL_SPECIAL_LIBZ)











# Check for nonblocking
set(HAVE_DISABLED_NONBLOCKING 1)
if(HAVE_FIONBIO OR
    HAVE_IOCTLSOCKET OR
    HAVE_IOCTLSOCKET_CASE OR
    HAVE_O_NONBLOCK)

add_definitions(-DHAVE_CONFIG_H)

# For windows, do not allow the compiler to use default target (Vista).
if(WIN32)
  add_definitions(-D_WIN32_WINNT=0x0501)
endif(WIN32)

# For windows, all compilers used by cmake should support large files
if(WIN32)
  set(USE_WIN32_LARGE_FILES ON)
endif(WIN32)

if(MSVC)
  add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE)
endif(MSVC)

# Ugly (but functional) way to include "Makefile.inc" by transforming it (= regenerate it).
function(TRANSFORM_MAKEFILE_INC INPUT_FILE OUTPUT_FILE)
  file(READ ${INPUT_FILE} MAKEFILE_INC_TEXT)

endfunction()

add_subdirectory(lib)
if(BUILD_CURL_EXE)
  add_subdirectory(src)
endif()

include(CTest)
if(BUILD_TESTING)
  add_subdirectory(tests)
endif()

# TODO support GNUTLS, NSS, POLARSSL, AXTLS, CYASSL, WINSSL, DARWINSSL
if(USE_OPENSSL)
  set(SSL_ENABLED 1)
endif()

# Clear list and try to detect available features
set(_items)
_add_if("WinSSL"        SSL_ENABLED AND USE_WINDOWS_SSPI)
_add_if("OpenSSL"       SSL_ENABLED AND USE_OPENSSL)
_add_if("IPv6"          ENABLE_IPV6)
_add_if("unix-sockets"  USE_UNIX_SOCKETS)
_add_if("libz"          HAVE_LIBZ)
_add_if("AsynchDNS"     USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32)
_add_if("IDN"           HAVE_LIBIDN2)
_add_if("Largefile"     (CURL_SIZEOF_CURL_OFF_T GREATER 4) AND
                        ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES))
# TODO SSP1 (WinSSL) check is missing
_add_if("SSPI"          USE_WINDOWS_SSPI)
_add_if("GSS-API"       HAVE_GSSAPI)
# TODO SSP1 missing for SPNEGO
_add_if("SPNEGO"        NOT CURL_DISABLE_CRYPTO_AUTH AND
                        (HAVE_GSSAPI OR USE_WINDOWS_SSPI))
_add_if("Kerberos"      NOT CURL_DISABLE_CRYPTO_AUTH AND

# TODO when to set "-DCURL_STATICLIB" for CPPFLAG_CURL_STATICLIB?
set(CPPFLAG_CURL_STATICLIB  "")
# TODO need to set this (see CURL_CHECK_CA_BUNDLE in acinclude.m4)
set(CURL_CA_BUNDLE          "")
set(CURLVERSION             "${CURL_VERSION}")
set(ENABLE_SHARED           "yes")
if(CURL_STATICLIB)


  set(ENABLE_STATIC         "yes")
else()
  set(ENABLE_STATIC         "no")
endif()
set(exec_prefix             "\${prefix}")
set(includedir              "\${prefix}/include")
set(LDFLAGS                 "${CMAKE_SHARED_LINKER_FLAGS}")
set(LIBCURL_LIBS            "")
set(libdir                  "${CMAKE_INSTALL_PREFIX}/lib")

foreach(_lib ${CMAKE_C_IMPLICIT_LINK_LIBRARIES} ${CURL_LIBS})
  if(_lib MATCHES ".*/.*")
    set(LIBCURL_LIBS          "${LIBCURL_LIBS} ${_lib}")
  else()
    set(LIBCURL_LIBS          "${LIBCURL_LIBS} -l${_lib}")
  endif()
endforeach()
# "a" (Linux) or "lib" (Windows)
string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}")
set(prefix                  "${CMAKE_INSTALL_PREFIX}")
# Set this to "yes" to append all libraries on which -lcurl is dependent
set(REQUIRE_LIB_DEPS        "no")
# SUPPORT_FEATURES

#
###########################################################################

AUTOMAKE_OPTIONS = foreign

ACLOCAL_AMFLAGS = -I m4

CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in      \
 CMake/CurlTests.c CMake/FindGSS.cmake CMake/OtherTests.cmake   \
 CMake/Platforms/WindowsCache.cmake CMake/Utilities.cmake       \
 include/curl/curlbuild.h.cmake CMake/Macros.cmake              \
 CMake/CurlSymbolHiding.cmake CMake/FindCARES.cmake             \
 CMake/FindLibSSH2.cmake CMake/FindNGHTTP2.cmake


VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl
VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist
VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc
VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl
VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist
VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc

sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AUTOMAKE_OPTIONS = foreign
ACLOCAL_AMFLAGS = -I m4
CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in      \
 CMake/CurlTests.c CMake/FindGSS.cmake CMake/OtherTests.cmake   \
 CMake/Platforms/WindowsCache.cmake CMake/Utilities.cmake       \
 include/curl/curlbuild.h.cmake CMake/Macros.cmake              \
 CMake/CurlSymbolHiding.cmake CMake/FindCARES.cmake             \
 CMake/FindLibSSH2.cmake CMake/FindNGHTTP2.cmake

VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl
VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist
VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc
VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl
VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist
VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc

  vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h   \
  vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h           \
  vtls/mbedtls.h

LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c   \
  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c       \
  ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c         \
  getinfo.c transfer.c strcase.c easy.c security.c curl_fnmatch.c       \
  fileinfo.c ftplistparser.c wildcard.c krb5.c memdebug.c http_chunks.c \
  strtok.c connect.c llist.c hash.c multi.c content_encoding.c share.c  \
  http_digest.c md4.c md5.c http_negotiate.c inet_pton.c strtoofft.c    \
  strerror.c amigaos.c hostasyn.c hostip4.c hostip6.c hostsyn.c         \
  inet_ntop.c parsedate.c select.c tftp.c splay.c strdup.c socks.c      \
  ssh.c curl_addrinfo.c socks_gssapi.c socks_sspi.c            \
  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c    \
  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c        \
  openldap.c curl_gethostname.c gopher.c idn_win32.c                    \
  http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c      \
  http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c               \
  curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c          \
  x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c

LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
  formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h         \
  speedcheck.h urldata.h curl_ldap.h escape.h telnet.h getinfo.h        \
  strcase.h curl_sec.h memdebug.h http_chunks.h curl_fnmatch.h          \
  wildcard.h fileinfo.h ftplistparser.h strtok.h connect.h llist.h      \
  hash.h content_encoding.h share.h curl_md4.h curl_md5.h http_digest.h \
  http_negotiate.h inet_pton.h amigaos.h strtoofft.h strerror.h         \
  inet_ntop.h curlx.h curl_memory.h curl_setup.h transfer.h select.h    \
  easyif.h multiif.h parsedate.h tftp.h sockaddr.h splay.h strdup.h     \
  socks.h ssh.h curl_base64.h curl_addrinfo.h curl_sspi.h      \
  slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h     \
  rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h              \
  curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h           \
  http_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h             \
  curl_sasl.h curl_multibyte.h hostcheck.h conncache.h                  \
  curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h       \
  x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h           \
  curl_printf.h system_win32.h

LIB_RCFILES = libcurl.rc
CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES)
HHEADERS = $(LIB_HFILES) $(LIB_VAUTH_HFILES) $(LIB_VTLS_HFILES)

# libcurl has sources that provide functions named curlx_* that aren't part of
# the official API, but we re-use the code here to avoid duplication.
CURLX_CFILES = \
	../lib/strtoofft.c \

	../lib/nonblock.c \
	../lib/warnless.c

CURLX_HFILES = \
	../lib/curl_setup.h \
	../lib/strtoofft.h \

	../lib/nonblock.h \
	../lib/warnless.h

CURL_CFILES = \
	slist_wc.c \
	tool_binmode.c \
	tool_bname.c \

Curl and libcurl 7.51.0

 Public curl releases:         160
 Command line options:         185
 curl_easy_setopt() options:   225
 Public functions in libcurl:  61
 Contributors:                 1467

This release includes the following changes:

 o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
 o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]

This release includes the following bugfixes:

 o CVE-2016-8615: cookie injection for other servers [28]
 o CVE-2016-8616: case insensitive password comparison [29]
 o CVE-2016-8617: OOB write via unchecked multiplication [30]
 o CVE-2016-8618: double-free in curl_maprintf [31]
 o CVE-2016-8619: double-free in krb5 code [32]
 o CVE-2016-8620: glob parser write/read out of bounds [33]
 o CVE-2016-8621: curl_getdate read out of bounds [34]
 o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
 o CVE-2016-8623: Use-after-free via shared cookies [36]
 o CVE-2016-8624: invalid URL parsing with '#' [37]
 o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
 o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
 o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
 o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
 o examples/imap-append: Set size of data to be uploaded [4]
 o test2048: fix url
 o darwinssl: disable RC4 cipher-suite support
 o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
 o openssl: don’t call CRYTPO_cleanup_all_ex_data [5]
 o libressl: fix version output [6]
 o easy: Reset all statistical session info in curl_easy_reset [7]
 o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
 o dist: add CurlSymbolHiding.cmake to the tarball
 o docs: Remove that --proto is just used for initial retrieval [9]
 o configure: Fixed builds with libssh2 in a custom location
 o curl.1: --trace supports % for sending to stderr!
 o cookies: same domain handling changed to match browser behavior [11]
 o formpost: trying to attach a directory no longer crashes [12]
 o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
 o formpost: avoid silent snprintf() truncation
 o ftp: fix Curl_ftpsendf
 o mprintf: return error on too many arguments
 o smb: properly check incoming packet boundaries [14]
 o GIT-INFO: remove the Mac 10.1-specific details [15]
 o resolve: add error message when resolving using SIGALRM [16]
 o cmake: add nghttp2 support [17]
 o dist: remove PDF and HTML converted docs from the releases [18]
 o configure: disable poll() in macOS builds [19]
 o vtls: only re-use session-ids using the same scheme
 o pipelining: skip to-be-closed connections when pipelining [20]
 o win: fix Universal Windows Platform build [21]
 o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
 o maketgz: make it support "only" generating version info
 o Curl_socket_check: add extra check to avoid integer overflow
 o gopher: properly return error for poll failures
 o curl: set INTERLEAVEDATA too
 o polarssl: clear thread array at init
 o polarssl: fix unaligned SSL session-id lock


 o polarssl: reduce #ifdef madness with a macro
 o curl_multi_add_handle: set timeouts in closure handles [23]
 o configure: set min version flags for builds on mac [24]
 o INSTALL: converted to markdown => INSTALL.md
 o curl_multi_remove_handle: fix a double-free [25]
 o multi: fix inifinte loop in curl_multi_cleanup() [26]
 o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
 o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
 o mbedtls: stop using deprecated include file [40]
 o docs: fix req->data in multi-uv example [41]
 o configure: Fix test syntax for monotonic clock_gettime
 o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
  Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
  Daniel Gustafsson, Daniel Stenberg, Darío Hereñú, David Woodhouse,
  Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luật Nguyễn,
  lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjö,
  Michael Kaufmann, Michael Osipov, Miloš Ljumović, Nick Zitzmann,
  nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro, Remo E,
  Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
  Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
  Valentin David,
  (40 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = https://curl.haxx.se/bug/?i=964
 [2] = https://curl.haxx.se/bug/?i=1013
 [3] = https://curl.haxx.se/bug/?i=1019
 [4] = https://curl.haxx.se/bug/?i=1011
 [5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
 [6] = https://curl.haxx.se/bug/?i=1029
 [7] = https://curl.haxx.se/bug/?i=1017
 [8] = https://curl.haxx.se/bug/?i=997
 [9] = https://curl.haxx.se/bug/?i=1031
 [10] = https://curl.haxx.se/libcurl/c/CURLOPT_KEEP_SENDING_ON_ERROR.html
 [11] = https://curl.haxx.se/bug/?i=1050
 [12] = https://curl.haxx.se/bug/?i=1053
 [13] = https://curl.haxx.se/bug/?i=1056
 [14] = https://curl.haxx.se/bug/?i=1052
 [15] = https://curl.haxx.se/bug/?i=1049
 [16] = https://curl.haxx.se/bug/?i=1066
 [17] = https://curl.haxx.se/bug/?i=922
 [18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
 [19] = https://curl.haxx.se/bug/?i=1057
 [20] = https://curl.haxx.se/bug/?i=1075
 [21] = https://curl.haxx.se/bug/?i=1048
 [22] = https://curl.haxx.se/bug/?i=1042
 [23] = https://curl.haxx.se/bug/?i=739
 [24] = https://curl.haxx.se/bug/?i=1069
 [25] = https://curl.haxx.se/bug/?i=1083
 [26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
 [27] = https://bugzilla.redhat.com/1388162
 [28] = https://curl.haxx.se/docs/adv_20161102A.html
 [29] = https://curl.haxx.se/docs/adv_20161102B.html
 [30] = https://curl.haxx.se/docs/adv_20161102C.html
 [31] = https://curl.haxx.se/docs/adv_20161102D.html
 [32] = https://curl.haxx.se/docs/adv_20161102E.html
 [33] = https://curl.haxx.se/docs/adv_20161102F.html
 [34] = https://curl.haxx.se/docs/adv_20161102G.html
 [35] = https://curl.haxx.se/docs/adv_20161102H.html
 [36] = https://curl.haxx.se/docs/adv_20161102I.html
 [37] = https://curl.haxx.se/docs/adv_20161102J.html
 [38] = https://curl.haxx.se/docs/adv_20161102K.html
 [39] = https://curl.haxx.se/bug/?i=1012
 [40] = https://curl.haxx.se/bug/?i=1087
 [41] = https://curl.haxx.se/bug/?i=1088
 [42] = https://curl.haxx.se/bug/?i=1059

#***************************************************************************
#                                  _   _ ____  _
#  Project                     ___| | | |  _ \| |
#                             / __| | | | |_) | |
#                            | (__| |_| |  _ <| |___
#                             \___|\___/|_| \_\_____|
#
# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at https://curl.haxx.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is

dnl silently when invoked with three arguments. If the expansion would
dnl result in a set of double-quoted strings the returned expansion will
dnl actually be a single double-quoted string concatenating all them.

AC_DEFUN([CURL_CHECK_DEF], [
  AC_REQUIRE([CURL_CPP_P])dnl
  OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
  AS_VAR_PUSHDEF([ac_HaveDef], [curl_cv_have_def_$1])dnl
  AS_VAR_PUSHDEF([ac_Def], [curl_cv_def_$1])dnl
  if test -z "$SED"; then
    AC_MSG_ERROR([SED not set. Cannot continue without SED being set.])
  fi
  if test -z "$GREP"; then
    AC_MSG_ERROR([GREP not set. Cannot continue without GREP being set.])

dnl Check if monotonic clock_gettime is available.

AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [
  AC_REQUIRE([AC_HEADER_TIME])dnl
  AC_CHECK_HEADERS(sys/types.h sys/time.h time.h)
  AC_MSG_CHECKING([for monotonic clock_gettime])
  #
  if test "x$dontwant_rt" = "xno" ; then
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>

dnl -------------------------------------------------
dnl Check if a default ca-bundle should be used
dnl
dnl regarding the paths this will scan:
dnl /etc/ssl/certs/ca-certificates.crt Debian systems
dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva
dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat
dnl /usr/local/share/certs/ca-root-nss.crt FreeBSD
dnl /etc/ssl/cert.pem OpenBSD, FreeBSD (symlink)
dnl /etc/ssl/certs/ (ca path) SUSE

AC_DEFUN([CURL_CHECK_CA_BUNDLE], [

  AC_MSG_CHECKING([default CA cert bundle/path])

  AC_ARG_WITH(ca-bundle,

        else
          cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
        fi

        for a in /etc/ssl/certs/ca-certificates.crt \
                 /etc/pki/tls/certs/ca-bundle.crt \
                 /usr/share/ssl/certs/ca-bundle.crt \
                 /usr/local/share/certs/ca-root-nss.crt \
                 /etc/ssl/cert.pem \
                 "$cac"; do
          if test -f "$a"; then
            ca="$a"
            break
          fi
        done

TEST EINVAL TEST
    ], [cpp_p=yes], [cpp_p=no])
    AC_MSG_RESULT([$cpp_p])

    if test "x$cpp_p" = "xno"; then
      AC_MSG_WARN([failed to figure out cpp -P alternative])
      # without -P
      CPPPFLAG=""
    else
      # with -P
      CPPPFLAG="-P"
    fi
    dnl restore CPPFLAGS
    CPPFLAGS=$OLDCPPFLAGS
  else
    # without -P
    CPPPFLAG=""
  fi
])


dnl CURL_MAC_CFLAGS
dnl
dnl Check if -mmacosx-version-min, -miphoneos-version-min or any
dnl similar are set manually, otherwise do. And set
dnl -Werror=partial-availability.
dnl

AC_DEFUN([CURL_MAC_CFLAGS], [

  tst_cflags="no"
  case $host_os in
    darwin*)
      tst_cflags="yes"
      ;;
  esac

  AC_MSG_CHECKING([for good-to-use Mac CFLAGS])
  AC_MSG_RESULT([$tst_cflags]);

  if test "$tst_cflags" = "yes"; then
    AC_MSG_CHECKING([for *version-min in CFLAGS])
    min=""
    if test -z "$(echo $CFLAGS | grep m.*os.*-version-min)"; then
      min="-mmacosx-version-min=10.8"
      CFLAGS="$CFLAGS $min"
    fi
    if test -z "$min"; then
      AC_MSG_RESULT([set by user])
    else
      AC_MSG_RESULT([$min set])
    fi
    CFLAGS="$CFLAGS -Werror=partial-availability"
  fi

])

USE_POLARSSL
HAVE_GNUTLS_SRP
USE_GNUTLS_NETTLE
USE_GNUTLS
HAVE_OPENSSL_SRP
RANDOM_FILE
SSL_LIBS

USE_DARWINSSL
USE_WINDOWS_SSPI
USE_SCHANNEL
USE_OPENLDAP
ZLIB_LIBS
HAVE_LIBZ_FALSE
HAVE_LIBZ_TRUE
HAVE_LIBZ
PKGCONFIG
CURL_DISABLE_GOPHER
CURL_DISABLE_SMTP
CURL_DISABLE_SMB
CURL_DISABLE_IMAP
CURL_DISABLE_POP3
CURL_DISABLE_TFTP
CURL_DISABLE_TELNET

  --with-lber-lib=libname Specify name of lber lib file
  --with-gssapi-includes=DIR
                          Specify location of GSS-API headers
  --with-gssapi-libs=DIR  Specify location of GSS-API libs
  --with-gssapi=DIR       Where to look for GSS-API
  --with-winssl           enable Windows native SSL/TLS
  --without-winssl        disable Windows native SSL/TLS
  --with-darwinssl        enable Apple OS native SSL/TLS
  --without-darwinssl     disable Apple OS native SSL/TLS
  --with-ssl=PATH         Where to look for OpenSSL, PATH points to the SSL
                          installation (default: /usr/local/ssl); when
                          possible, set the PKG_CONFIG_PATH environment
                          variable instead of using this option
  --without-ssl           disable OpenSSL
  --with-egd-socket=FILE  Entropy Gathering Daemon socket pathname
  --with-random=FILE      read randomness from FILE (default=/dev/urandom)

  --with-librtmp=PATH     Where to look for librtmp, PATH points to the
                          LIBRTMP installation; when possible, set the
                          PKG_CONFIG_PATH environment variable instead of
                          using this option
  --without-librtmp       disable LIBRTMP
  --with-winidn=PATH      enable Windows native IDN
  --without-winidn        disable Windows native IDN
  --with-libidn2=PATH     Enable libidn2 usage
  --without-libidn2       Disable libidn2 usage
  --with-nghttp2=PATH     Enable nghttp2 usage
  --without-nghttp2       Disable nghttp2 usage
  --with-zsh-functions-dir=PATH
                          Install zsh completions to PATH
  --without-zsh-functions-dir
                          Do not install zsh completions

VERSIONNUM=`$SED -ne 's/^#define LIBCURL_VERSION_NUM 0x\(.*\)/\1/p' ${srcdir}/include/curl/curlver.h`


PKGADD_PKG="HAXXcurl"
PKGADD_NAME="curl - a client that groks URLs"
PKGADD_VENDOR="curl.haxx.se"




    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )"
    curl_ssh_msg="no      (--with-libssh2)"
   curl_zlib_msg="no      (--with-zlib)"
    curl_gss_msg="no      (--with-gssapi)"
curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
   curl_ipv6_msg="no      (--enable-ipv6)"
curl_unix_sockets_msg="no      (--enable-unix-sockets)"
    curl_idn_msg="no      (--with-{libidn2,winidn})"
 curl_manual_msg="no      (--enable-manual)"
curl_libcurl_msg="enabled (--disable-libcurl-option)"
curl_verbose_msg="enabled (--disable-verbose)"
   curl_sspi_msg="no      (--enable-sspi)"
   curl_ldap_msg="no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)"
  curl_ldaps_msg="no      (--enable-ldaps)"
   curl_rtsp_msg="no      (--enable-rtsp)"

    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cpp_p" >&5
$as_echo "$cpp_p" >&6; }

    if test "x$cpp_p" = "xno"; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: failed to figure out cpp -P alternative" >&5
$as_echo "$as_me: WARNING: failed to figure out cpp -P alternative" >&2;}
      # without -P
      CPPPFLAG=""
    else
      # with -P
      CPPPFLAG="-P"
    fi
        CPPFLAGS=$OLDCPPFLAGS
  else
    # without -P
    CPPPFLAG=""
  fi


    #
        #
  if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5

      if test -z "$tmp_fmt"; then
        curl_typeof_curl_off_t="$t8"
        curl_sizeof_curl_off_t="8"
      else

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
  as_ac_HaveDef=`$as_echo "curl_cv_have_def_$tmp_fmt" | $as_tr_sh`
  as_ac_Def=`$as_echo "curl_cv_def_$tmp_fmt" | $as_tr_sh`
  if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5

      if test -z "$tmp_fmt"; then
        curl_typeof_curl_off_t="$t4"
        curl_sizeof_curl_off_t="4"
      else

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
  as_ac_HaveDef=`$as_echo "curl_cv_have_def_$tmp_fmt" | $as_tr_sh`
  as_ac_Def=`$as_echo "curl_cv_def_$tmp_fmt" | $as_tr_sh`
  if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5

  flags_prefer_cppflags="no"
  #

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is DEC/Compaq/HP C" >&5
$as_echo_n "checking if compiler is DEC/Compaq/HP C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

    curl_cv_def___DECC=$tmp_exp

  fi
      CPPFLAGS=$OLDCPPFLAGS


    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is HP-UX C" >&5
$as_echo_n "checking if compiler is HP-UX C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is IBM C" >&5
$as_echo_n "checking if compiler is IBM C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is Intel C" >&5
$as_echo_n "checking if compiler is Intel C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  if test "$curl_cv_have_def___INTEL_COMPILER" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
    compiler_num="$curl_cv_def___INTEL_COMPILER"

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is clang" >&5
$as_echo_n "checking if compiler is clang... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


      { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is GNU C" >&5
$as_echo_n "checking if compiler is GNU C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

    flags_dbg_yes="-g"
    flags_dbg_off=""
    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
    flags_opt_yes="-O2"
    flags_opt_off="-O0"

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is LCC" >&5
$as_echo_n "checking if compiler is LCC... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is SGI MIPSpro C" >&5
$as_echo_n "checking if compiler is SGI MIPSpro C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

    curl_cv_def___GNUC__=$tmp_exp

  fi
      CPPFLAGS=$OLDCPPFLAGS


    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

    curl_cv_def__COMPILER_VERSION=$tmp_exp

  fi
      CPPFLAGS=$OLDCPPFLAGS


    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is SGI MIPS C" >&5
$as_echo_n "checking if compiler is SGI MIPS C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

    curl_cv_def___GNUC__=$tmp_exp

  fi
      CPPFLAGS=$OLDCPPFLAGS


    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is SunPro C" >&5
$as_echo_n "checking if compiler is SunPro C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is Tiny C" >&5
$as_echo_n "checking if compiler is Tiny C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

  fi


  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler is Watcom C" >&5
$as_echo_n "checking if compiler is Watcom C... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

      CPPFLAGS=$OLDCPPFLAGS

  if test "$curl_cv_have_def___WATCOMC__" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

    CLANG)
            tmp_EXTERN="__attribute__ ((__visibility__ (\"default\")))"
      tmp_CFLAGS="-fvisibility=hidden"
      supports_symbol_hiding="yes"
      ;;
    GNU_C)
            if test "$compiler_num" -ge "304"; then
        if $CC --help --verbose 2>/dev/null | grep fvisibility= >/dev/null ; then
          tmp_EXTERN="__attribute__ ((__visibility__ (\"default\")))"
          tmp_CFLAGS="-fvisibility=hidden"
          supports_symbol_hiding="yes"
        fi
      fi
      ;;
    INTEL_UNIX_C)

      ;;
    *)
      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
      ;;
  esac




  tst_cflags="no"
  case $host_os in
    darwin*)
      tst_cflags="yes"
      ;;
  esac

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for good-to-use Mac CFLAGS" >&5
$as_echo_n "checking for good-to-use Mac CFLAGS... " >&6; }
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tst_cflags" >&5
$as_echo "$tst_cflags" >&6; };

  if test "$tst_cflags" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for *version-min in CFLAGS" >&5
$as_echo_n "checking for *version-min in CFLAGS... " >&6; }
    min=""
    if test -z "$(echo $CFLAGS | grep m.*os.*-version-min)"; then
      min="-mmacosx-version-min=10.8"
      CFLAGS="$CFLAGS $min"
    fi
    if test -z "$min"; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: result: set by user" >&5
$as_echo "set by user" >&6; }
    else
      { $as_echo "$as_me:${as_lineno-$LINENO}: result: $min set" >&5
$as_echo "$min set" >&6; }
    fi
    CFLAGS="$CFLAGS -Werror=partial-availability"
  fi



{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to support http" >&5
$as_echo_n "checking whether to support http... " >&6; }
# Check whether --enable-http was given.
if test "${enable_http+set}" = set; then :
  enableval=$enable_http;  case "$enableval" in

fi

done

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for monotonic clock_gettime" >&5
$as_echo_n "checking for monotonic clock_gettime... " >&6; }
  #
  if test "x$dontwant_rt" = "xno" ; then
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif

    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5
$as_echo "$as_me: WARNING: zlib disabled" >&2;}
else
  if test "$OPT_ZLIB" = "yes" ; then
    OPT_ZLIB=""
  fi


    if test -n "$PKG_CONFIG"; then
      PKGCONFIG="$PKG_CONFIG"
    else
      if test -n "$ac_tool_prefix"; then
  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
if ${ac_cv_path_PKGCONFIG+:} false; then :
  $as_echo_n "(cached) " >&6
else
  case $PKGCONFIG in
  [\\/]* | ?:[\\/]*)
  ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
  ;;
  *)
  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
as_dummy="$PATH:/usr/bin:/usr/local/bin"
for as_dir in $as_dummy
do
  IFS=$as_save_IFS
  test -z "$as_dir" && as_dir=.
    for ac_exec_ext in '' $ac_executable_extensions; do
  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
    ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
    break 2
  fi
done
  done
IFS=$as_save_IFS

  ;;
esac
fi
PKGCONFIG=$ac_cv_path_PKGCONFIG
if test -n "$PKGCONFIG"; then
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
$as_echo "$PKGCONFIG" >&6; }
else
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi


fi
if test -z "$ac_cv_path_PKGCONFIG"; then
  ac_pt_PKGCONFIG=$PKGCONFIG
  # Extract the first word of "pkg-config", so it can be a program name with args.
set dummy pkg-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
  $as_echo_n "(cached) " >&6
else
  case $ac_pt_PKGCONFIG in
  [\\/]* | ?:[\\/]*)
  ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
  ;;
  *)
  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
as_dummy="$PATH:/usr/bin:/usr/local/bin"
for as_dir in $as_dummy
do
  IFS=$as_save_IFS
  test -z "$as_dir" && as_dir=.
    for ac_exec_ext in '' $ac_executable_extensions; do
  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
    ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
    break 2
  fi
done
  done
IFS=$as_save_IFS

  ;;
esac
fi
ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
if test -n "$ac_pt_PKGCONFIG"; then
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
$as_echo "$ac_pt_PKGCONFIG" >&6; }
else
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi

  if test "x$ac_pt_PKGCONFIG" = x; then
    PKGCONFIG="no"
  else
    case $cross_compiling:$ac_tool_warned in
yes:)
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
    PKGCONFIG=$ac_pt_PKGCONFIG
  fi
else
  PKGCONFIG="$ac_cv_path_PKGCONFIG"
fi

    fi

    if test "x$PKGCONFIG" != "xno"; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for zlib options with pkg-config" >&5
$as_echo_n "checking for zlib options with pkg-config... " >&6; }
            itexists=`
    if test -n ""; then
      PKG_CONFIG_LIBDIR=""
      export PKG_CONFIG_LIBDIR
    fi
         $PKGCONFIG --exists zlib >/dev/null 2>&1 && echo 1`

      if test -z "$itexists"; then
                        PKGCONFIG="no"
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
      else
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5
$as_echo "found" >&6; }
      fi
    fi


  if test "$PKGCONFIG" != "no" ; then
    LIBS="`$PKGCONFIG --libs-only-l zlib` $LIBS"
    LDFLAGS="`$PKGCONFIG --libs-only-L zlib` $LDFLAGS"
    CPPFLAGS="`$PKGCONFIG --cflags-only-I zlib` $CPPFLAGS"
    OPT_ZLIB=""
    HAVE_LIBZ="1"
  fi

  if test -z "$OPT_ZLIB" ; then

    if test -z "$HAVE_LIBZ"; then


      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5
$as_echo_n "checking for inflateEnd in -lz... " >&6; }
if ${ac_cv_lib_z_inflateEnd+:} false; then :
  $as_echo_n "(cached) " >&6
else
  ac_check_lib_save_LIBS=$LIBS
LIBS="-lz  $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext

if test "x$ac_cv_lib_z_inflateEnd" = xyes; then :
                     HAVE_LIBZ="1"
                    LIBS="-lz $LIBS"
else
                     OPT_ZLIB="/usr/local"
fi

    fi
  fi

    if test -n "$OPT_ZLIB"; then
     CPPFLAGS="$CPPFLAGS -I$OPT_ZLIB -I$OPT_ZLIB/include"
     LDFLAGS="$LDFLAGS -L$OPT_ZLIB -L$OPT_ZLIB/lib$libsuff"
  fi

    # --with-winssl implies --enable-sspi

$as_echo "#define USE_WINDOWS_SSPI 1" >>confdefs.h

    USE_WINDOWS_SSPI=1

    curl_sspi_msg="enabled"
    LIBS="-lcrypt32 $LIBS"
  else
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
  fi
else
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi

OPT_DARWINSSL=no

# Check whether --with-darwinssl was given.
if test "${with_darwinssl+set}" = set; then :
  withval=$with_darwinssl; OPT_DARWINSSL=$withval
fi


{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable Apple OS native SSL/TLS" >&5
$as_echo_n "checking whether to enable Apple OS native SSL/TLS... " >&6; }
if test "$curl_ssl_msg" = "$init_ssl_msg"; then
  if test "x$OPT_DARWINSSL" != "xno" &&
     test -d "/System/Library/Frameworks/Security.framework"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }

$as_echo "#define USE_DARWINSSL 1" >>confdefs.h

    USE_DARWINSSL=1

    curl_ssl_msg="enabled (Apple OS-native)"
    DARWINSSL_ENABLED=1
    LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
  else
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
  fi
else

fi



    for ac_func in RAND_status \
                    RAND_screen \
                    ENGINE_cleanup \

                    SSL_get_shutdown \
                    SSLv2_client_method
do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF

  #
  tst_api="unknown"
  #
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL headers version" >&5
$as_echo_n "checking for OpenSSL headers version... " >&6; }

    OLDCPPFLAGS=$CPPFLAGS
  # CPPPFLAG comes from CURL_CPP_P
  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
      if test -z "$SED"; then
    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
  fi
  if test -z "$GREP"; then
    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
  fi

        else
          cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
        fi

        for a in /etc/ssl/certs/ca-certificates.crt \
                 /etc/pki/tls/certs/ca-bundle.crt \
                 /usr/share/ssl/certs/ca-bundle.crt \
                 /usr/local/share/certs/ca-root-nss.crt \
                 /etc/ssl/cert.pem \
                 "$cac"; do
          if test -f "$a"; then
            ca="$a"
            break
          fi
        done

    if test -n "$PREFIX_SSH2"; then
    LIB_SSH2="-lssh2"
    LD_SSH2=-L${PREFIX_SSH2}/lib$libsuff
    CPP_SSH2=-I${PREFIX_SSH2}/include
    DIR_SSH2=${PREFIX_SSH2}/lib$libsuff
  fi

  LDFLAGS="$LD_SSH2 $LDFLAGS"
  CPPFLAGS="$CPPFLAGS $CPP_SSH2"
  LIBS="$LIB_SSH2 $LIBS"

  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libssh2_channel_open_ex in -lssh2" >&5
$as_echo_n "checking for libssh2_channel_open_ex in -lssh2... " >&6; }
if ${ac_cv_lib_ssh2_libssh2_channel_open_ex+:} false; then :
  $as_echo_n "(cached) " >&6

    CPPFLAGS="$clean_CPPFLAGS"
    LDFLAGS="$clean_LDFLAGS"
    LIBS="$clean_LIBS"
  fi
fi


{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with libidn2" >&5
$as_echo_n "checking whether to build with libidn2... " >&6; }
OPT_IDN="default"

# Check whether --with-libidn was given.
if test "${with_libidn+set}" = set; then :
  withval=$with_libidn; OPT_IDN=$withval
fi

else
  PKGCONFIG="$ac_cv_path_PKGCONFIG"
fi

    fi

    if test "x$PKGCONFIG" != "xno"; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libidn2 options with pkg-config" >&5
$as_echo_n "checking for libidn2 options with pkg-config... " >&6; }
            itexists=`
    if test -n "$IDN_PCDIR"; then
      PKG_CONFIG_LIBDIR="$IDN_PCDIR"
      export PKG_CONFIG_LIBDIR
    fi
         $PKGCONFIG --exists libidn2 >/dev/null 2>&1 && echo 1`

      if test -z "$itexists"; then
                        PKGCONFIG="no"
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
      else
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5
$as_echo "found" >&6; }
      fi
    fi

    if test "$PKGCONFIG" != "no"; then
      IDN_LIBS=`
    if test -n "$IDN_PCDIR"; then
      PKG_CONFIG_LIBDIR="$IDN_PCDIR"
      export PKG_CONFIG_LIBDIR
    fi
         $PKGCONFIG --libs-only-l libidn2 2>/dev/null`
      IDN_LDFLAGS=`
    if test -n "$IDN_PCDIR"; then
      PKG_CONFIG_LIBDIR="$IDN_PCDIR"
      export PKG_CONFIG_LIBDIR
    fi
         $PKGCONFIG --libs-only-L libidn2 2>/dev/null`
      IDN_CPPFLAGS=`
    if test -n "$IDN_PCDIR"; then
      PKG_CONFIG_LIBDIR="$IDN_PCDIR"
      export PKG_CONFIG_LIBDIR
    fi
         $PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
      IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
    else
            IDN_LIBS="-lidn2"
      IDN_LDFLAGS="-L$want_idn_path/lib$libsuff"
      IDN_CPPFLAGS="-I$want_idn_path/include"
      IDN_DIR="$want_idn_path/lib$libsuff"
    fi
  else

    if test -n "$PKG_CONFIG"; then

else
  PKGCONFIG="$ac_cv_path_PKGCONFIG"
fi

    fi

    if test "x$PKGCONFIG" != "xno"; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libidn2 options with pkg-config" >&5
$as_echo_n "checking for libidn2 options with pkg-config... " >&6; }
            itexists=`
    if test -n ""; then
      PKG_CONFIG_LIBDIR=""
      export PKG_CONFIG_LIBDIR
    fi
         $PKGCONFIG --exists libidn2 >/dev/null 2>&1 && echo 1`

      if test -z "$itexists"; then
                        PKGCONFIG="no"
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
      else
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5
$as_echo "found" >&6; }
      fi
    fi

    if test "$PKGCONFIG" != "no"; then
      IDN_LIBS=`$PKGCONFIG --libs-only-l libidn2 2>/dev/null`
      IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn2 2>/dev/null`
      IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
      IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
    else
            IDN_LIBS="-lidn2"
    fi
  fi
  #
  if test "$PKGCONFIG" != "no"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: pkg-config: IDN_LIBS: \"$IDN_LIBS\"" >&5
$as_echo "$as_me: pkg-config: IDN_LIBS: \"$IDN_LIBS\"" >&6;}
    { $as_echo "$as_me:${as_lineno-$LINENO}: pkg-config: IDN_LDFLAGS: \"$IDN_LDFLAGS\"" >&5