856 files changed, 103882 insertions, 44883 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 71850de..ad3bb97 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,6 +36,10 @@ if("${CMake_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}")
   endmacro()
 endif()
 
+# Use most-recent available language dialects with GNU and Clang
+set(CMAKE_C_STANDARD 11)
+set(CMAKE_CXX_STANDARD 14)
+
 # option to set the internal encoding of CMake to UTF-8
 option(CMAKE_ENCODING_UTF8 "Use UTF-8 encoding internally (experimental)." OFF)
 mark_as_advanced(CMAKE_ENCODING_UTF8)
@@ -57,7 +61,7 @@ macro(CMAKE_HANDLE_SYSTEM_LIBRARIES)
 
   # Allow the user to enable/disable all system utility library options by
   # defining CMAKE_USE_SYSTEM_LIBRARIES or CMAKE_USE_SYSTEM_LIBRARY_${util}.
-  set(UTILITIES BZIP2 CURL EXPAT LIBARCHIVE LIBLZMA ZLIB)
+  set(UTILITIES BZIP2 CURL EXPAT FORM LIBARCHIVE LIBLZMA ZLIB)
   foreach(util ${UTILITIES})
     if(NOT DEFINED CMAKE_USE_SYSTEM_LIBRARY_${util}
         AND DEFINED CMAKE_USE_SYSTEM_LIBRARIES)
@@ -95,6 +99,7 @@ macro(CMAKE_HANDLE_SYSTEM_LIBRARIES)
     "${CMAKE_USE_SYSTEM_LIBRARY_BZIP2}" "NOT CMAKE_USE_SYSTEM_LIBARCHIVE" ON)
   CMAKE_DEPENDENT_OPTION(CMAKE_USE_SYSTEM_LIBLZMA "Use system-installed liblzma"
     "${CMAKE_USE_SYSTEM_LIBRARY_LIBLZMA}" "NOT CMAKE_USE_SYSTEM_LIBARCHIVE" ON)
+  option(CMAKE_USE_SYSTEM_FORM "Use system-installed libform" "${CMAKE_USE_SYSTEM_LIBRARY_FORM}")
 
   # Mention to the user what system libraries are being used.
   foreach(util ${UTILITIES})
@@ -115,7 +120,7 @@ endmacro()
 
 if(NOT CMake_TEST_EXTERNAL_CMAKE)
   set(CMAKE_BUILD_ON_VISUAL_STUDIO 0)
-  if(WIN32 AND NOT UNIX AND NOT BORLAND AND NOT MINGW )
+  if(WIN32 AND NOT UNIX AND NOT MINGW)
     set(CMAKE_BUILD_ON_VISUAL_STUDIO 1)
   endif()
 endif()
@@ -271,10 +276,7 @@ macro (CMAKE_BUILD_UTILITIES)
     set(CURL_SPECIAL_ZLIB_H ${CMAKE_ZLIB_HEADER})
     set(CURL_SPECIAL_LIBZ_INCLUDES ${CMAKE_ZLIB_INCLUDES})
     set(CURL_SPECIAL_LIBZ ${CMAKE_ZLIB_LIBRARIES})
-    option(CMAKE_BUILD_CURL_SHARED "Should curl be built shared" FALSE)
-    if(NOT CMAKE_BUILD_CURL_SHARED)
-      add_definitions(-DCURL_STATICLIB)
-    endif()
+    add_definitions(-DCURL_STATICLIB)
     set(CMAKE_CURL_INCLUDES)
     set(CMAKE_CURL_LIBRARIES cmcurl)
     if(CMAKE_TESTS_CDASH_SERVER)
@@ -397,7 +399,11 @@ macro (CMAKE_BUILD_UTILITIES)
     set(BUILD_CursesDialog 0)
   endif ()
   if(BUILD_CursesDialog)
-    add_subdirectory(Source/CursesDialog/form)
+    if(NOT CMAKE_USE_SYSTEM_FORM)
+      add_subdirectory(Source/CursesDialog/form)
+    elseif(NOT CURSES_FORM_LIBRARY)
+      message( FATAL_ERROR "CMAKE_USE_SYSTEM_FORM in ON but CURSES_FORM_LIBRARY is not set!" )
+    endif()
   endif()
 endmacro ()
 
@@ -555,7 +561,7 @@ CMAKE_SETUP_TESTING()
 
 if(NOT CMake_TEST_EXTERNAL_CMAKE)
   if(NOT CMake_VERSION_IS_RELEASE)
-    if("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU" AND
+    if(CMAKE_C_COMPILER_ID STREQUAL "GNU" AND
         NOT "${CMAKE_C_COMPILER_VERSION}" VERSION_LESS 4.2)
       set(C_FLAGS_LIST -Wcast-align -Werror-implicit-function-declaration -Wchar-subscripts
                        -Wall -W -Wpointer-arith -Wwrite-strings -Wformat-security
diff --git a/CompileFlags.cmake b/CompileFlags.cmake
index 7e9fb16..e7beb3f 100644
--- a/CompileFlags.cmake
+++ b/CompileFlags.cmake
@@ -20,7 +20,7 @@ if(CMAKE_GENERATOR MATCHES "Visual Studio 6")
   set(CMAKE_SKIP_COMPATIBILITY_TESTS 1)
 endif()
 
-if(WIN32 AND "${CMAKE_C_COMPILER_ID}" MATCHES "^(Intel)$")
+if(WIN32 AND CMAKE_C_COMPILER_ID STREQUAL "Intel")
   set(_INTEL_WINDOWS 1)
 endif()
 
diff --git a/Help/command/add_custom_command.rst b/Help/command/add_custom_command.rst
index e8b7cc8..9fbad4b 100644
--- a/Help/command/add_custom_command.rst
+++ b/Help/command/add_custom_command.rst
@@ -15,10 +15,12 @@ The first signature is for adding a custom command to produce an output::
                      [COMMAND command2 [ARGS] [args2...] ...]
                      [MAIN_DEPENDENCY depend]
                      [DEPENDS [depends...]]
+                     [BYPRODUCTS [files...]]
                      [IMPLICIT_DEPENDS <lang1> depend1
                                       [<lang2> depend2] ...]
                      [WORKING_DIRECTORY dir]
-                     [COMMENT comment] [VERBATIM] [APPEND])
+                     [COMMENT comment]
+                     [VERBATIM] [APPEND] [USES_TERMINAL])
 
 This defines a command to generate specified ``OUTPUT`` file(s).
 A target created in the same directory (``CMakeLists.txt`` file)
@@ -43,6 +45,27 @@ The options are:
   options are currently ignored when APPEND is given, but may be
   used in the future.
 
+``BYPRODUCTS``
+  Specify the files the command is expected to produce but whose
+  modification time may or may not be newer than the dependencies.
+  If a byproduct name is a relative path it will be interpreted
+  relative to the build tree directory corresponding to the
+  current source directory.
+  Each byproduct file will be marked with the :prop_sf:`GENERATED`
+  source file property automatically.
+
+  Explicit specification of byproducts is supported by the
+  :generator:`Ninja` generator to tell the ``ninja`` build tool
+  how to regenerate byproducts when they are missing.  It is
+  also useful when other build rules (e.g. custom commands)
+  depend on the byproducts.  Ninja requires a build rule for any
+  generated file on which another rule depends even if there are
+  order-only dependencies to ensure the byproducts will be
+  available before their dependents build.
+
+  The ``BYPRODUCTS`` option is ignored on non-Ninja generators
+  except to mark byproducts ``GENERATED``.
+
 ``COMMAND``
   Specify the command-line(s) to execute at build time.
   If more than one ``COMMAND`` is specified they will be executed in order,
@@ -114,10 +137,17 @@ The options are:
   If an output name is a relative path it will be interpreted
   relative to the build tree directory corresponding to the
   current source directory.
+  Each output file will be marked with the :prop_sf:`GENERATED`
+  source file property automatically.
   If the output of the custom command is not actually created
   as a file on disk it should be marked with the :prop_sf:`SYMBOLIC`
   source file property.
 
+``USES_TERMINAL``
+  The command will be given direct access to the terminal if possible.
+  With the :generator:`Ninja` generator, this places the command in
+  the ``console`` pool.
+
 ``VERBATIM``
   All arguments to the commands will be escaped properly for the
   build tool so that the invoked command receives each argument
@@ -148,8 +178,10 @@ target is already built, the command will not execute.
                      PRE_BUILD | PRE_LINK | POST_BUILD
                      COMMAND command1 [ARGS] [args1...]
                      [COMMAND command2 [ARGS] [args2...] ...]
+                     [BYPRODUCTS [files...]]
                      [WORKING_DIRECTORY dir]
-                     [COMMENT comment] [VERBATIM])
+                     [COMMENT comment]
+                     [VERBATIM] [USES_TERMINAL])
 
 This defines a new command that will be associated with building the
 specified target.  When the command will happen is determined by which
diff --git a/Help/command/add_custom_target.rst b/Help/command/add_custom_target.rst
index 1bf70bf..996d08e 100644
--- a/Help/command/add_custom_target.rst
+++ b/Help/command/add_custom_target.rst
@@ -8,38 +8,101 @@ Add a target with no output so it will always be built.
   add_custom_target(Name [ALL] [command1 [args1...]]
                     [COMMAND command2 [args2...] ...]
                     [DEPENDS depend depend depend ... ]
+                    [BYPRODUCTS [files...]]
                     [WORKING_DIRECTORY dir]
-                    [COMMENT comment] [VERBATIM]
+                    [COMMENT comment]
+                    [VERBATIM] [USES_TERMINAL]
                     [SOURCES src1 [src2...]])
 
 Adds a target with the given name that executes the given commands.
-The target has no output file and is ALWAYS CONSIDERED OUT OF DATE
+The target has no output file and is *always considered out of date*
 even if the commands try to create a file with the name of the target.
-Use ADD_CUSTOM_COMMAND to generate a file with dependencies.  By
-default nothing depends on the custom target.  Use ADD_DEPENDENCIES to
-add dependencies to or from other targets.  If the ALL option is
-specified it indicates that this target should be added to the default
-build target so that it will be run every time (the command cannot be
-called ALL).  The command and arguments are optional and if not
-specified an empty target will be created.  If WORKING_DIRECTORY is
-set, then the command will be run in that directory.  If it is a
-relative path it will be interpreted relative to the build tree
-directory corresponding to the current source directory.  If COMMENT
-is set, the value will be displayed as a message before the commands
-are executed at build time.  Dependencies listed with the DEPENDS
-argument may reference files and outputs of custom commands created
-with add_custom_command() in the same directory (CMakeLists.txt file).
-
-If VERBATIM is given then all arguments to the commands will be
-escaped properly for the build tool so that the invoked command
-receives each argument unchanged.  Note that one level of escapes is
-still used by the CMake language processor before add_custom_target
-even sees the arguments.  Use of VERBATIM is recommended as it enables
-correct behavior.  When VERBATIM is not given the behavior is platform
-specific because there is no protection of tool-specific special
-characters.
-
-The SOURCES option specifies additional source files to be included in
-the custom target.  Specified source files will be added to IDE
-project files for convenience in editing even if they have not build
-rules.
+Use the :command:`add_custom_command` command to generate a file with
+dependencies.  By default nothing depends on the custom target.  Use
+the :command:`add_dependencies` command to add dependencies to or
+from other targets.
+
+The options are:
+
+``ALL``
+  Indicate that this target should be added to the default build
+  target so that it will be run every time (the command cannot be
+  called ``ALL``).
+
+``BYPRODUCTS``
+  Specify the files the command is expected to produce but whose
+  modification time may or may not be updated on subsequent builds.
+  If a byproduct name is a relative path it will be interpreted
+  relative to the build tree directory corresponding to the
+  current source directory.
+  Each byproduct file will be marked with the :prop_sf:`GENERATED`
+  source file property automatically.
+
+  Explicit specification of byproducts is supported by the
+  :generator:`Ninja` generator to tell the ``ninja`` build tool
+  how to regenerate byproducts when they are missing.  It is
+  also useful when other build rules (e.g. custom commands)
+  depend on the byproducts.  Ninja requires a build rule for any
+  generated file on which another rule depends even if there are
+  order-only dependencies to ensure the byproducts will be
+  available before their dependents build.
+
+  The ``BYPRODUCTS`` option is ignored on non-Ninja generators
+  except to mark byproducts ``GENERATED``.
+
+``COMMAND``
+  Specify the command-line(s) to execute at build time.
+  If more than one ``COMMAND`` is specified they will be executed in order,
+  but *not* necessarily composed into a stateful shell or batch script.
+  (To run a full script, use the :command:`configure_file` command or the
+  :command:`file(GENERATE)` command to create it, and then specify
+  a ``COMMAND`` to launch it.)
+
+  If ``COMMAND`` specifies an executable target (created by the
+  :command:`add_executable` command) it will automatically be replaced
+  by the location of the executable created at build time.
+  Additionally a target-level dependency will be added so that the
+  executable target will be built before this custom target.
+
+  Arguments to ``COMMAND`` may use
+  :manual:`generator expressions <cmake-generator-expressions(7)>`.
+  References to target names in generator expressions imply target-level
+  dependencies.
+
+  The command and arguments are optional and if not specified an empty
+  target will be created.
+
+``COMMENT``
+  Display the given message before the commands are executed at
+  build time.
+
+``DEPENDS``
+  Reference files and outputs of custom commands created with
+  :command:`add_custom_command` command calls in the same directory
+  (``CMakeLists.txt`` file).  They will be brought up to date when
+  the target is built.
+
+``SOURCES``
+  Specify additional source files to be included in the custom target.
+  Specified source files will be added to IDE project files for
+  convenience in editing even if they have no build rules.
+
+``VERBATIM``
+  All arguments to the commands will be escaped properly for the
+  build tool so that the invoked command receives each argument
+  unchanged.  Note that one level of escapes is still used by the
+  CMake language processor before ``add_custom_target`` even sees
+  the arguments.  Use of ``VERBATIM`` is recommended as it enables
+  correct behavior.  When ``VERBATIM`` is not given the behavior
+  is platform specific because there is no protection of
+  tool-specific special characters.
+
+``USES_TERMINAL``
+  The command will be given direct access to the terminal if possible.
+  With the :generator:`Ninja` generator, this places the command in
+  the ``console`` pool.
+
+``WORKING_DIRECTORY``
+  Execute the command with the given current working directory.
+  If it is a relative path it will be interpreted relative to the
+  build tree directory corresponding to the current source directory.
diff --git a/Help/command/break.rst b/Help/command/break.rst
index 8f1067b..fc2cd3c 100644
--- a/Help/command/break.rst
+++ b/Help/command/break.rst
@@ -8,3 +8,5 @@ Break from an enclosing foreach or while loop.
   break()
 
 Breaks from an enclosing foreach loop or while loop
+
+See also the :command:`continue` command.
diff --git a/Help/command/continue.rst b/Help/command/continue.rst
new file mode 100644
index 0000000..1c7d673
--- /dev/null
+++ b/Help/command/continue.rst
@@ -0,0 +1,12 @@
+continue
+--------
+
+Continue to the top of enclosing foreach or while loop.
+
+::
+
+  continue()
+
+The ``continue`` command allows a cmake script to abort the rest of a block
+in a :command:`foreach` or :command:`while` loop, and start at the top of
+the next iteration.  See also the :command:`break` command.
diff --git a/Help/command/file.rst b/Help/command/file.rst
index 5d3c4a9..b0d4792 100644
--- a/Help/command/file.rst
+++ b/Help/command/file.rst
@@ -307,3 +307,33 @@ status messages (subject to the :variable:`CMAKE_INSTALL_MESSAGE` variable),
 and ``NO_SOURCE_PERMISSIONS`` is default.
 Installation scripts generated by the :command:`install` command
 use this signature (with some undocumented options for internal use).
+
+------------------------------------------------------------------------------
+
+::
+
+  file(LOCK <path> [DIRECTORY] [RELEASE]
+       [GUARD <FUNCTION|FILE|PROCESS>]
+       [RESULT_VARIABLE <variable>]
+       [TIMEOUT <seconds>])
+
+Lock a file specified by ``<path>`` if no ``DIRECTORY`` option present and file
+``<path>/cmake.lock`` otherwise. File will be locked for scope defined by
+``GUARD`` option (default value is ``PROCESS``). ``RELEASE`` option can be used
+to unlock file explicitly. If option ``TIMEOUT`` is not specified CMake will
+wait until lock succeed or until fatal error occurs. If ``TIMEOUT`` is set to
+``0`` lock will be tried once and result will be reported immediately. If
+``TIMEOUT`` is not ``0`` CMake will try to lock file for the period specified
+by ``<seconds>`` value. Any errors will be interpreted as fatal if there is no
+``RESULT_VARIABLE`` option. Otherwise result will be stored in ``<variable>``
+and will be ``0`` on success or error message on failure.
+
+Note that lock is advisory - there is no guarantee that other processes will
+respect this lock, i.e. lock synchronize two or more CMake instances sharing
+some modifiable resources. Similar logic applied to ``DIRECTORY`` option -
+locking parent directory doesn't prevent other ``LOCK`` commands to lock any
+child directory or file.
+
+Trying to lock file twice is not allowed.  Any intermediate directories and
+file itself will be created if they not exist.  ``GUARD`` and ``TIMEOUT``
+options ignored on ``RELEASE`` operation.
diff --git a/Help/command/string.rst b/Help/command/string.rst
index 07d0ff3..351385b 100644
--- a/Help/command/string.rst
+++ b/Help/command/string.rst
@@ -73,8 +73,13 @@ TOUPPER/TOLOWER will convert string to upper/lower characters.
 
 LENGTH will return a given string's length.
 
-SUBSTRING will return a substring of a given string.  If length is -1
+SUBSTRING will return a substring of a given string. If length is -1
 the remainder of the string starting at begin will be returned.
+If string is shorter than length then end of string is used instead.
+
+.. note::
+  CMake 3.1 and below reported an error if length pointed past
+  the end of string.
 
 STRIP will return a substring of a given string with leading and
 trailing spaces removed.
diff --git a/Help/command/target_include_directories.rst b/Help/command/target_include_directories.rst
index fd433a8..1d236ce 100644
--- a/Help/command/target_include_directories.rst
+++ b/Help/command/target_include_directories.rst
@@ -54,3 +54,6 @@ installation prefix.  For example:
     $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include/mylib>
     $<INSTALL_INTERFACE:include/mylib>  # <prefix>/include/mylib
   )
+
+.. |INTERFACE_PROPERTY_LINK| replace:: :prop_tgt:`INTERFACE_INCLUDE_DIRECTORIES`
+.. include:: /include/INTERFACE_INCLUDE_DIRECTORIES_WARNING.txt
diff --git a/Help/command/target_link_libraries.rst b/Help/command/target_link_libraries.rst
index 39537a7..e6a82b6 100644
--- a/Help/command/target_link_libraries.rst
+++ b/Help/command/target_link_libraries.rst
@@ -49,6 +49,9 @@ CMake will also propagate :ref:`usage requirements <Target Usage Requirements>`
 from linked library targets.  Usage requirements of dependencies affect
 compilation of sources in the ``<target>``.
 
+.. |INTERFACE_PROPERTY_LINK| replace:: :prop_tgt:`INTERFACE_LINK_LIBRARIES`
+.. include:: /include/INTERFACE_LINK_LIBRARIES_WARNING.txt
+
 If an ``<item>`` is a library in a Mac OX framework, the ``Headers``
 directory of the framework will also be processed as a
 :ref:`usage requirement <Target Usage Requirements>`.  This has the same
diff --git a/Help/include/INTERFACE_INCLUDE_DIRECTORIES_WARNING.txt b/Help/include/INTERFACE_INCLUDE_DIRECTORIES_WARNING.txt
new file mode 100644
index 0000000..33f7183
--- /dev/null
+++ b/Help/include/INTERFACE_INCLUDE_DIRECTORIES_WARNING.txt
@@ -0,0 +1,30 @@
+
+Note that it is not advisable to populate the ``INSTALL_INTERFACE`` of the
+|INTERFACE_PROPERTY_LINK| of a target with paths for dependencies.
+That would hard-code into installed packages the include directory paths
+for dependencies **as found on the machine the package was made on**.
+
+The ``INSTALL_INTERFACE`` of the |INTERFACE_PROPERTY_LINK| is only
+suitable for specifying the required include directories of the target itself,
+not its dependencies.
+
+That is, code like this is incorrect for targets which will be used to
+generate :manual:`cmake-packages(7)`:
+
+.. code-block:: cmake
+
+  target_include_directories(mylib INTERFACE
+    $<INSTALL_INTERFACE:${Boost_INCLUDE_DIRS};${OtherDep_INCLUDE_DIRS}>
+  )
+
+Dependencies must provide their own :ref:`IMPORTED targets <Imported Targets>`
+which have their own |INTERFACE_PROPERTY_LINK| populated
+appropriately.  Those :ref:`IMPORTED targets <Imported Targets>` may then be
+used with the :command:`target_link_libraries` command for ``mylib``.
+
+That way, when a consumer uses the installed package, the
+consumer will run the appropriate :command:`find_package` command to find
+the dependencies on their own machine and populate the
+:ref:`IMPORTED targets <Imported Targets>` with appropriate paths.  See
+:ref:`Creating Packages` for more.  Note that many modules currently shipped
+with CMake do not currently provide :ref:`IMPORTED targets <Imported Targets>`.
diff --git a/Help/include/INTERFACE_LINK_LIBRARIES_WARNING.txt b/Help/include/INTERFACE_LINK_LIBRARIES_WARNING.txt
new file mode 100644
index 0000000..ceefa4d
--- /dev/null
+++ b/Help/include/INTERFACE_LINK_LIBRARIES_WARNING.txt
@@ -0,0 +1,23 @@
+
+Note that it is not advisable to populate the
+|INTERFACE_PROPERTY_LINK| of a target with paths for dependencies.
+That would hard-code into installed packages the include directory paths
+for dependencies **as found on the machine the package was made on**.
+
+That is, code like this is incorrect for targets which will be used to
+generate :manual:`cmake-packages(7)`:
+
+.. code-block:: cmake
+
+  target_link_libraries(mylib INTERFACE
+    ${Boost_LIBRARIES};${OtherDep_LIBRARIES}
+  )
+
+Dependencies must provide their own :ref:`IMPORTED targets <Imported Targets>`
+which have their own :prop_tgt:`IMPORTED_LOCATION` populated
+appropriately.  That way, when a consumer uses the installed package, the
+consumer will run the appropriate :command:`find_package` command to find
+the dependencies on their own machine and populate the
+:ref:`IMPORTED targets <Imported Targets>` with appropriate paths.  See
+:ref:`Creating Packages` for more.  Note that many modules currently shipped
+with CMake do not currently provide :ref:`IMPORTED targets <Imported Targets>`.
diff --git a/Help/manual/cmake-buildsystem.7.rst b/Help/manual/cmake-buildsystem.7.rst
index 43f0e97..002f2c2 100644
--- a/Help/manual/cmake-buildsystem.7.rst
+++ b/Help/manual/cmake-buildsystem.7.rst
@@ -270,7 +270,11 @@ be specified in the order ``lib3`` ``lib1`` ``lib2``:
 
   target_link_libraries(myExe lib1 lib2 lib3)
   target_include_directories(myExe
-    PRIVATE $<TARGET_PROPERTY:INTERFACE_INCLUDE_DIRECTORIES:lib3>)
+    PRIVATE $<TARGET_PROPERTY:lib3,INTERFACE_INCLUDE_DIRECTORIES>)
+
+Note that care must be taken when specifying usage requirements for targets
+which will be exported for installation using the :command:`install(EXPORT)`
+command.  See :ref:`Creating Packages` for more.
 
 .. _`Compatible Interface Properties`:
 
diff --git a/Help/manual/cmake-commands.7.rst b/Help/manual/cmake-commands.7.rst
index 9c1d3b9..4616dd1 100644
--- a/Help/manual/cmake-commands.7.rst
+++ b/Help/manual/cmake-commands.7.rst
@@ -31,6 +31,7 @@ These commands may be used freely in CMake projects.
    /command/cmake_minimum_required
    /command/cmake_policy
    /command/configure_file
+   /command/continue
    /command/create_test_sourcelist
    /command/define_property
    /command/elseif
diff --git a/Help/manual/cmake-developer.7.rst b/Help/manual/cmake-developer.7.rst
index 0884a59..3b9b921 100644
--- a/Help/manual/cmake-developer.7.rst
+++ b/Help/manual/cmake-developer.7.rst
@@ -21,32 +21,6 @@ CMake is required to build with ancient C++ compilers and standard library
 implementations.  Some common C++ constructs may not be used in CMake in order
 to build with such toolchains.
 
-std::vector::at
----------------
-
-The ``at()`` member function of ``std::vector`` may not be used. Use
-``operator[]`` instead:
-
-.. code-block:: c++
-
-  std::vector<int> someVec = getVec();
-  int i1 = someVec.at(5); // Wrong
-  int i2 = someVec[5];    // Ok
-
-std::string::append and std::string::clear
-------------------------------------------
-
-The ``append()`` and ``clear()`` member functions of ``std::string`` may not
-be used. Use ``operator+=`` and ``operator=`` instead:
-
-.. code-block:: c++
-
-  std::string stringBuilder;
-  stringBuilder.append("chunk"); // Wrong
-  stringBuilder.clear(); // Wrong
-  stringBuilder += "chunk";      // Ok
-  stringBuilder = "";      // Ok
-
 std::set const iterators
 ------------------------
 
@@ -73,28 +47,6 @@ The return value of ``find()`` must be assigned to an intermediate
     // ...
     }
 
-Char Array to ``string`` Conversions with Algorithms
-----------------------------------------------------
-
-In some implementations, algorithms operating on iterators to a container of
-``std::string`` can not accept a ``const char*`` value:
-
-.. code-block:: c++
-
-  const char* dir = /*...*/;
-  std::vector<std::string> vec;
-  // ...
-  std::binary_search(vec.begin(), vec.end(), dir); // Wrong
-
-The ``std::string`` may need to be explicitly constructed:
-
-.. code-block:: c++
-
-  const char* dir = /*...*/;
-  std::vector<std::string> vec;
-  // ...
-  std::binary_search(vec.begin(), vec.end(), std::string(dir)); // Ok
-
 std::auto_ptr
 -------------
 
@@ -147,7 +99,7 @@ A loop must be used instead:
     theSet.insert(*it);
     }
 
-.. MSVC6, SunCC 5.9
+.. SunCC 5.9
 
 Template Parameter Defaults
 ---------------------------
@@ -177,12 +129,6 @@ this does not work with other ancient compilers:
 
 and invoke it with the value ``0`` explicitly in all cases.
 
-std::min and std::max
----------------------
-
-``min`` and ``max`` are defined as macros on some systems. ``std::min`` and
-``std::max`` may not be used.  Use ``cmMinimum`` and ``cmMaximum`` instead.
-
 size_t
 ------
 
@@ -774,7 +720,9 @@ by the :command:`find_package` command when invoked for ``<package>``.
 The primary task of a find module is to determine whether a package
 exists on the system, set the ``<package>_FOUND`` variable to reflect
 this and provide any variables, macros and imported targets required to
-use the package.
+use the package.  A find module is useful in cases where an upstream
+library does not provide a
+:ref:`config file package <Config File Packages>`.
 
 The traditional approach is to use variables for everything, including
 libraries and executables: see the `Standard Variable Names`_ section
@@ -782,13 +730,9 @@ below.  This is what most of the existing find modules provided by CMake
 do.
 
 The more modern approach is to behave as much like
-``<package>Config.cmake`` files as possible, by providing imported
-targets.  As well as matching how ``*Config.cmake`` files work, the
-libraries, include directories and compile definitions are all set just
-by using the target in a :command:`target_link_libraries` call.   The
-disadvantage is that ``*Config.cmake`` files of projects that use
-imported targets from find modules may require more work to make sure
-those imported targets that are in the link interface are available.
+:ref:`config file packages <Config File Packages>` files as possible, by
+providing :ref:`imported target <Imported targets>`.  This has the advantage
+of propagating :ref:`Target Usage Requirements` to consumers.
 
 In either case (or even when providing both variables and imported
 targets), find modules should provide backwards compatibility with old
@@ -932,7 +876,10 @@ To prevent users being overwhelmed with settings to configure, try to
 keep as many options as possible out of the cache, leaving at least one
 option which can be used to disable use of the module, or locate a
 not-found library (e.g. ``Xxx_ROOT_DIR``).  For the same reason, mark
-most cache options as advanced.
+most cache options as advanced.  For packages which provide both debug
+and release binaries, it is common to create cache variables with a
+``_LIBRARY_<CONFIG>`` suffix, such as ``Foo_LIBRARY_RELEASE`` and
+``Foo_LIBRARY_DEBUG``.
 
 While these are the standard variable names, you should provide
 backwards compatibility for any old names that were actually in use.
@@ -999,16 +946,6 @@ licence notice block
   # (To distribute this file outside of CMake, substitute the full
   #  License text for the above reference.)
 
-If the module is new to CMake, you may want to provide a warning for
-projects that do not require a high enough CMake version.
-
-.. code-block:: cmake
-
-  if(CMAKE_MINIMUM_REQUIRED_VERSION VERSION_LESS 3.0.0)
-    message(AUTHOR_WARNING
-      "Your project should require at least CMake 3.0.0 to use FindFoo.cmake")
-  endif()
-
 Now the actual libraries and so on have to be found.  The code here will
 obviously vary from module to module (dealing with that, after all, is the
 point of find modules), but there tends to be a common pattern for libraries.
@@ -1115,6 +1052,47 @@ not any of its dependencies.  Instead, those dependencies should also be
 targets, and CMake should be told that they are dependencies of this target.
 CMake will then combine all the necessary information automatically.
 
+The type of the :prop_tgt:`IMPORTED` target created in the
+:command:`add_library` command can always be specified as ``UNKNOWN``
+type.  This simplifies the code in cases where static or shared variants may
+be found, and CMake will determine the type by inspecting the files.
+
+If the library is available with multiple configurations, the
+:prop_tgt:`IMPORTED_CONFIGURATIONS` target property should also be
+populated:
+
+.. code-block:: cmake
+
+  if(Foo_FOUND)
+    if (NOT TARGET Foo::Foo)
+      add_library(Foo::Foo UNKNOWN IMPORTED)
+    endif()
+    if (Foo_LIBRARY_RELEASE)
+      set_property(TARGET Foo::Foo APPEND PROPERTY
+        IMPORTED_CONFIGURATIONS RELEASE
+      )
+      set_target_properties(Foo::Foo PROPERTIES
+        IMPORTED_LOCATION_RELEASE "${Foo_LIBRARY_RELEASE}"
+      )
+    endif()
+    if (Foo_LIBRARY_DEBUG)
+      set_property(TARGET Foo::Foo APPEND PROPERTY
+        IMPORTED_CONFIGURATIONS DEBUG
+      )
+      set_target_properties(Foo::Foo PROPERTIES
+        IMPORTED_LOCATION_DEBUG "${Foo_LIBRARY_DEBUG}"
+      )
+    endif()
+    set_target_properties(Foo::Foo PROPERTIES
+      INTERFACE_COMPILE_OPTIONS "${PC_Foo_CFLAGS_OTHER}"
+      INTERFACE_INCLUDE_DIRECTORIES "${Foo_INCLUDE_DIR}"
+    )
+  endif()
+
+The ``RELEASE`` variant should be listed first in the property
+so that that variant is chosen if the user uses a configuration which is
+not an exact match for any listed ``IMPORTED_CONFIGURATIONS``.
+
 We should also provide some information about the package, such as where to
 download it.
 
diff --git a/Help/manual/cmake-language.7.rst b/Help/manual/cmake-language.7.rst
index 9c511ca..15c101f 100644
--- a/Help/manual/cmake-language.7.rst
+++ b/Help/manual/cmake-language.7.rst
@@ -469,8 +469,10 @@ Loops
 
 The :command:`foreach`/:command:`endforeach` and
 :command:`while`/:command:`endwhile` commands delimit code
-blocks to be executed in a loop.  The :command:`break` command
-may be used inside such blocks to terminate the loop early.
+blocks to be executed in a loop.  Inside such blocks the
+:command:`break` command may be used to terminate the loop
+early whereas the :command:`continue` command may be used
+to start with the next iteration immediately.
 
 Command Definitions
 -------------------
diff --git a/Help/manual/cmake-modules.7.rst b/Help/manual/cmake-modules.7.rst
index f5a35b3..8337118 100644
--- a/Help/manual/cmake-modules.7.rst
+++ b/Help/manual/cmake-modules.7.rst
@@ -118,6 +118,7 @@ All Modules
    /module/FindIce
    /module/FindIcotool
    /module/FindImageMagick
+   /module/FindIntl
    /module/FindITK
    /module/FindJasper
    /module/FindJava
@@ -208,7 +209,7 @@ All Modules
    /module/FindWish
    /module/FindwxWidgets
    /module/FindwxWindows
-   /module/FindXerces
+   /module/FindXercesC
    /module/FindX11
    /module/FindXMLRPC
    /module/FindZLIB
diff --git a/Help/manual/cmake-packages.7.rst b/Help/manual/cmake-packages.7.rst
index 13e2ba0..fba1d61 100644
--- a/Help/manual/cmake-packages.7.rst
+++ b/Help/manual/cmake-packages.7.rst
@@ -76,6 +76,8 @@ By setting the :variable:`CMAKE_DISABLE_FIND_PACKAGE_<PackageName>` variable to
 ``TRUE``, the ``PackageName`` package will not be searched, and will always
 be ``NOTFOUND``.
 
+.. _`Config File Packages`:
+
 Config-file Packages
 --------------------
 
@@ -260,6 +262,8 @@ The variables report the version of the package that was actually found.
 The ``<package>`` part of their name matches the argument given to the
 :command:`find_package` command.
 
+.. _`Creating Packages`:
+
 Creating Packages
 =================
 
@@ -369,6 +373,38 @@ attempt to use version 3 together with version 4.  Packages can choose to
 employ such a pattern if different major versions of the package are designed
 to be incompatible.
 
+Note that it is not advisable to populate any properties which may contain
+paths, such as :prop_tgt:`INTERFACE_INCLUDE_DIRECTORIES` and
+:prop_tgt:`INTERFACE_LINK_LIBRARIES`, with paths relevnt to dependencies.
+That would hard-code into installed packages the include directory or library
+paths for dependencies **as found on the machine the package was made on**.
+
+That is, code like this is incorrect for targets which will be used to
+generate config file packages:
+
+.. code-block:: cmake
+
+  target_link_libraries(ClimbingStats INTERFACE
+    ${Boost_LIBRARIES};${OtherDep_LIBRARIES}>
+  )
+  target_include_directories(ClimbingStats INTERFACE
+    $<INSTALL_INTERFACE:${Boost_INCLUDE_DIRS};${OtherDep_INCLUDE_DIRS}>
+  )
+
+Dependencies must provide their own :ref:`IMPORTED targets <Imported Targets>`
+which have their own :prop_tgt:`INTERFACE_INCLUDE_DIRECTORIES` and
+:prop_tgt:`IMPORTED_LOCATION` populated appropriately.  Those
+:ref:`IMPORTED targets <Imported Targets>` may then be
+used with the :command:`target_link_libraries` command for ``ClimbingStats``.
+
+That way, when a consumer uses the installed package, the
+consumer will run the appropriate :command:`find_package` command (via the
+find_dependency macro described below) to find
+the dependencies on their own machine and populate the
+:ref:`IMPORTED targets <Imported Targets>` with appropriate paths. Note that
+many modules currently shipped with CMake do not currently provide
+:ref:`IMPORTED targets <Imported Targets>`.
+
 A ``NAMESPACE`` with double-colons is specified when exporting the targets
 for installation.  This convention of double-colons gives CMake a hint that
 the name is an :prop_tgt:`IMPORTED` target when it is used by downstreams
diff --git a/Help/manual/cmake-policies.7.rst b/Help/manual/cmake-policies.7.rst
index dfa423e..742fd63 100644
--- a/Help/manual/cmake-policies.7.rst
+++ b/Help/manual/cmake-policies.7.rst
@@ -20,6 +20,12 @@ for a policy, also avoiding the warning.  Each policy can also be set to
 either ``NEW`` or ``OLD`` behavior explicitly on the command line with the
 :variable:`CMAKE_POLICY_DEFAULT_CMP<NNNN>` variable.
 
+Note that policies are not reliable feature toggles.  A policy should
+almost never be set to ``OLD``, except to silence warnings in an otherwise
+frozen or stable codebase, or temporarily as part of a larger migration
+path. The ``OLD`` behavior of each policy is undesirable and will be
+replaced with an error condition in a future release.
+
 The :command:`cmake_minimum_required` command does more than report an
 error if a too-old version of CMake is used to build a project.  It
 also sets all policies introduced in that CMake version or earlier to
@@ -106,3 +112,4 @@ All Policies
    /policy/CMP0052
    /policy/CMP0053
    /policy/CMP0054
+   /policy/CMP0055
diff --git a/Help/manual/cmake-variables.7.rst b/Help/manual/cmake-variables.7.rst
index 99088e0..2de4103 100644
--- a/Help/manual/cmake-variables.7.rst
+++ b/Help/manual/cmake-variables.7.rst
@@ -47,6 +47,7 @@ Variables that Provide Information
    /variable/CMAKE_LINK_LIBRARY_SUFFIX
    /variable/CMAKE_MAJOR_VERSION
    /variable/CMAKE_MAKE_PROGRAM
+   /variable/CMAKE_MATCH_COUNT
    /variable/CMAKE_MINIMUM_REQUIRED_VERSION
    /variable/CMAKE_MINOR_VERSION
    /variable/CMAKE_PARENT_LIST_FILE
diff --git a/Help/module/FindIntl.rst b/Help/module/FindIntl.rst
new file mode 100644
index 0000000..813e2df
--- /dev/null
+++ b/Help/module/FindIntl.rst
@@ -0,0 +1 @@
+.. cmake-module:: ../../Modules/FindIntl.cmake
diff --git a/Help/module/FindXerces.rst b/Help/module/FindXerces.rst
deleted file mode 100644
index 166d8dd..0000000
--- a/Help/module/FindXerces.rst
+++ /dev/null
@@ -1 +0,0 @@
-.. cmake-module:: ../../Modules/FindXerces.cmake
diff --git a/Help/module/FindXercesC.rst b/Help/module/FindXercesC.rst
new file mode 100644
index 0000000..4818071
--- /dev/null
+++ b/Help/module/FindXercesC.rst
@@ -0,0 +1 @@
+.. cmake-module:: ../../Modules/FindXercesC.cmake
diff --git a/Help/policy/CMP0055.rst b/Help/policy/CMP0055.rst
new file mode 100644
index 0000000..fe7ab6f
--- /dev/null
+++ b/Help/policy/CMP0055.rst
@@ -0,0 +1,17 @@
+CMP0055
+-------
+
+Strict checking for the :command:`break` command.
+
+CMake 3.1 and lower allowed calls to the :command:`break` command
+outside of a loop context and also ignored any given arguments.
+This was undefined behavior.
+
+The OLD behavior for this policy is to allow :command:`break` to be placed
+outside of loop contexts and ignores any arguments.  The NEW behavior for this
+policy is to issue an error if a misplaced break or any arguments are found.
+
+This policy was introduced in CMake version 3.2.
+CMake version |release| warns when the policy is not set and uses
+OLD behavior.  Use the cmake_policy command to set it to OLD or
+NEW explicitly.
diff --git a/Help/prop_tgt/INTERFACE_BUILD_PROPERTY.txt b/Help/prop_tgt/INTERFACE_BUILD_PROPERTY.txt
new file mode 100644
index 0000000..4188b8d
--- /dev/null
+++ b/Help/prop_tgt/INTERFACE_BUILD_PROPERTY.txt
@@ -0,0 +1,16 @@
+
+List of public |property_name| requirements for a library.
+
+Targets may populate this property to publish the |property_name|
+required to compile against the headers for the target.  The |command_name|
+command populates this property with values given to the ``PUBLIC`` and
+``INTERFACE`` keywords.  Projects may also get and set the property directly.
+
+When target dependencies are specified using :command:`target_link_libraries`,
+CMake will read this property from all target dependencies to determine the
+build properties of the consumer.
+
+Contents of |PROPERTY_INTERFACE_NAME| may use "generator expressions"
+with the syntax ``$<...>``.  See the :manual:`cmake-generator-expressions(7)`
+manual for available expressions.  See the :manual:`cmake-buildsystem(7)`
+-manual for more on defining buildsystem properties.
diff --git a/Help/prop_tgt/INTERFACE_COMPILE_DEFINITIONS.rst b/Help/prop_tgt/INTERFACE_COMPILE_DEFINITIONS.rst
index 910b661..c74a319 100644
--- a/Help/prop_tgt/INTERFACE_COMPILE_DEFINITIONS.rst
+++ b/Help/prop_tgt/INTERFACE_COMPILE_DEFINITIONS.rst
@@ -1,15 +1,9 @@
 INTERFACE_COMPILE_DEFINITIONS
 -----------------------------
 
-List of public compile definitions for a library.
-
-Targets may populate this property to publish the compile definitions
-required to compile against the headers for the target.  Consuming
-targets can add entries to their own :prop_tgt:`COMPILE_DEFINITIONS`
-property such as ``$<TARGET_PROPERTY:foo,INTERFACE_COMPILE_DEFINITIONS>``
-to use the compile definitions specified in the interface of ``foo``.
-
-Contents of ``INTERFACE_COMPILE_DEFINITIONS`` may use "generator expressions"
-with the syntax ``$<...>``.  See the :manual:`cmake-generator-expressions(7)`
-manual for available expressions.  See the :manual:`cmake-buildsystem(7)`
-manual for more on defining buildsystem properties.
+.. |property_name| replace:: compile definitions
+.. |command_name| replace:: :command:`target_compile_definitions`
+.. |PROPERTY_INTERFACE_NAME| replace:: ``INTERFACE_COMPILE_DEFINITIONS``
+.. |PROPERTY_LINK| replace:: :prop_tgt:`COMPILE_DEFINITIONS`
+.. |PROPERTY_GENEX| replace:: ``$<TARGET_PROPERTY:foo,INTERFACE_COMPILE_DEFINITIONS>``
+.. include:: INTERFACE_BUILD_PROPERTY.txt
diff --git a/Help/prop_tgt/INTERFACE_COMPILE_FEATURES.rst b/Help/prop_tgt/INTERFACE_COMPILE_FEATURES.rst
index 7abdecb..8dfec5f 100644
--- a/Help/prop_tgt/INTERFACE_COMPILE_FEATURES.rst
+++ b/Help/prop_tgt/INTERFACE_COMPILE_FEATURES.rst
@@ -1,16 +1,12 @@
 INTERFACE_COMPILE_FEATURES
 --------------------------
 
-List of public compile requirements for a library.
+.. |property_name| replace:: compile features
+.. |command_name| replace:: :command:`target_compile_features`
+.. |PROPERTY_INTERFACE_NAME| replace:: ``INTERFACE_COMPILE_FEATURES``
+.. |PROPERTY_LINK| replace:: :prop_tgt:`COMPILE_FEATURES`
+.. |PROPERTY_GENEX| replace:: ``$<TARGET_PROPERTY:foo,INTERFACE_COMPILE_FEATURES>``
+.. include:: INTERFACE_BUILD_PROPERTY.txt
 
-Targets may populate this property to publish the compiler features
-required to compile against the headers for the target.  Consuming
-targets can add entries to their own :prop_tgt:`COMPILE_FEATURES`
-property such as ``$<TARGET_PROPERTY:foo,INTERFACE_COMPILE_FEATURES>``
-to require the features specified in the interface of ``foo``.
-
-Contents of ``INTERFACE_COMPILE_FEATURES`` may use "generator expressions"
-with the syntax ``$<...>``.  See the :manual:`cmake-generator-expressions(7)`
-manual for available expressions.  See the
-:manual:`cmake-compile-features(7)` manual for information on compile
+See the :manual:`cmake-compile-features(7)` manual for information on compile
 features.
diff --git a/Help/prop_tgt/INTERFACE_COMPILE_OPTIONS.rst b/Help/prop_tgt/INTERFACE_COMPILE_OPTIONS.rst
index d0a38d6..7f0b385 100644
--- a/Help/prop_tgt/INTERFACE_COMPILE_OPTIONS.rst
+++ b/Help/prop_tgt/INTERFACE_COMPILE_OPTIONS.rst
@@ -1,15 +1,9 @@
 INTERFACE_COMPILE_OPTIONS
 -------------------------
 
-List of interface options to pass to the compiler.
-
-Targets may populate this property to publish the compile options
-required to compile against the headers for the target.  Consuming
-targets can add entries to their own :prop_tgt:`COMPILE_OPTIONS` property
-such as ``$<TARGET_PROPERTY:foo,INTERFACE_COMPILE_OPTIONS>`` to use the
-compile options specified in the interface of ``foo``.
-
-Contents of ``INTERFACE_COMPILE_OPTIONS`` may use "generator expressions"
-with the syntax ``$<...>``.  See the :manual:`cmake-generator-expressions(7)`
-manual for available expressions.  See the :manual:`cmake-buildsystem(7)`
-manual for more on defining buildsystem properties.
+.. |property_name| replace:: compile options
+.. |command_name| replace:: :command:`target_compile_options`
+.. |PROPERTY_INTERFACE_NAME| replace:: ``INTERFACE_COMPILE_OPTIONS``
+.. |PROPERTY_LINK| replace:: :prop_tgt:`COMPILE_OPTIONS`
+.. |PROPERTY_GENEX| replace:: ``$<TARGET_PROPERTY:foo,INTERFACE_COMPILE_OPTIONS>``
+.. include:: INTERFACE_BUILD_PROPERTY.txt
diff --git a/Help/prop_tgt/INTERFACE_INCLUDE_DIRECTORIES.rst b/Help/prop_tgt/INTERFACE_INCLUDE_DIRECTORIES.rst
index 899e821..1cfd7a8 100644
--- a/Help/prop_tgt/INTERFACE_INCLUDE_DIRECTORIES.rst
+++ b/Help/prop_tgt/INTERFACE_INCLUDE_DIRECTORIES.rst
@@ -1,22 +1,12 @@
 INTERFACE_INCLUDE_DIRECTORIES
 -----------------------------
 
-List of public include directories for a library.
-
-The :command:`target_include_directories` command populates this property
-with values given to the ``PUBLIC`` and ``INTERFACE`` keywords.  Projects
-may also get and set the property directly.
-
-Targets may populate this property to publish the include directories
-required to compile against the headers for the target.  Consuming
-targets can add entries to their own :prop_tgt:`INCLUDE_DIRECTORIES`
-property such as ``$<TARGET_PROPERTY:foo,INTERFACE_INCLUDE_DIRECTORIES>``
-to use the include directories specified in the interface of ``foo``.
-
-Contents of ``INTERFACE_INCLUDE_DIRECTORIES`` may use "generator expressions"
-with the syntax ``$<...>``.  See the :manual:`cmake-generator-expressions(7)`
-manual for available expressions.  See the :manual:`cmake-buildsystem(7)`
-manual for more on defining buildsystem properties.
+.. |property_name| replace:: include directories
+.. |command_name| replace:: :command:`target_include_directories`
+.. |PROPERTY_INTERFACE_NAME| replace:: ``INTERFACE_INCLUDE_DIRECTORIES``
+.. |PROPERTY_LINK| replace:: :prop_tgt:`INCLUDE_DIRECTORIES`
+.. |PROPERTY_GENEX| replace:: ``$<TARGET_PROPERTY:foo,INTERFACE_INCLUDE_DIRECTORIES>``
+.. include:: INTERFACE_BUILD_PROPERTY.txt
 
 Include directories usage requirements commonly differ between the build-tree
 and the install-tree.  The ``BUILD_INTERFACE`` and ``INSTALL_INTERFACE``
@@ -27,7 +17,10 @@ installation prefix.  For example:
 
 .. code-block:: cmake
 
-  set_property(TARGET mylib APPEND PROPERTY INTERFACE_INCLUDE_DIRECTORIES
+  target_include_directories(mylib INTERFACE
     $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include/mylib>
     $<INSTALL_INTERFACE:include/mylib>  # <prefix>/include/mylib
-    )
+  )
+
+.. |INTERFACE_PROPERTY_LINK| replace:: ``INTERFACE_INCLUDE_DIRECTORIES``
+.. include:: /include/INTERFACE_INCLUDE_DIRECTORIES_WARNING.txt
diff --git a/Help/prop_tgt/INTERFACE_LINK_LIBRARIES.rst b/Help/prop_tgt/INTERFACE_LINK_LIBRARIES.rst
index 8e4843b..55b7b8d 100644
--- a/Help/prop_tgt/INTERFACE_LINK_LIBRARIES.rst
+++ b/Help/prop_tgt/INTERFACE_LINK_LIBRARIES.rst
@@ -4,7 +4,8 @@ INTERFACE_LINK_LIBRARIES
 List public interface libraries for a library.
 
 This property contains the list of transitive link dependencies.  When
-the target is linked into another target the libraries listed (and
+the target is linked into another target using the
+:command:`target_link_libraries` command, the libraries listed (and
 recursively their link interface libraries) will be provided to the
 other target also.  This property is overridden by the
 :prop_tgt:`LINK_INTERFACE_LIBRARIES` or
@@ -15,3 +16,6 @@ Contents of ``INTERFACE_LINK_LIBRARIES`` may use "generator expressions"
 with the syntax ``$<...>``.  See the :manual:`cmake-generator-expressions(7)`
 manual for available expressions.  See the :manual:`cmake-buildsystem(7)`
 manual for more on defining buildsystem properties.
+
+.. |INTERFACE_PROPERTY_LINK| replace:: ``INTERFACE_LINK_LIBRARIES``
+.. include:: /include/INTERFACE_LINK_LIBRARIES_WARNING.txt
diff --git a/Help/prop_tgt/INTERFACE_SOURCES.rst b/Help/prop_tgt/INTERFACE_SOURCES.rst
index c8ca2e8..696ee95 100644
--- a/Help/prop_tgt/INTERFACE_SOURCES.rst
+++ b/Help/prop_tgt/INTERFACE_SOURCES.rst
@@ -1,13 +1,16 @@
 INTERFACE_SOURCES
 -----------------
 
-List of interface sources to pass to the compiler.
+List of interface sources to compile into consuming targets.
 
 Targets may populate this property to publish the sources
-for consuming targets to compile.  Consuming
-targets can add entries to their own :prop_tgt:`SOURCES` property
-such as ``$<TARGET_PROPERTY:foo,INTERFACE_SOURCES>`` to use the
-sources specified in the interface of ``foo``.
+for consuming targets to compile.  The :command:`target_sources` command
+populates this property with values given to the ``PUBLIC`` and
+``INTERFACE`` keywords.  Projects may also get and set the property directly.
+
+When target dependencies are specified using :command:`target_link_libraries`,
+CMake will read this property from all target dependencies to determine the
+sources of the consumer.
 
 Targets with ``INTERFACE_SOURCES`` may not be exported with the
 :command:`export` or :command:`install(EXPORT)` commands. This limitation may be
diff --git a/Help/prop_tgt/INTERFACE_SYSTEM_INCLUDE_DIRECTORIES.rst b/Help/prop_tgt/INTERFACE_SYSTEM_INCLUDE_DIRECTORIES.rst
index 9e603ee..b54b6c1 100644
--- a/Help/prop_tgt/INTERFACE_SYSTEM_INCLUDE_DIRECTORIES.rst
+++ b/Help/prop_tgt/INTERFACE_SYSTEM_INCLUDE_DIRECTORIES.rst
@@ -5,8 +5,14 @@ List of public system include directories for a library.
 
 Targets may populate this property to publish the include directories
 which contain system headers, and therefore should not result in
-compiler warnings.  Consuming targets will then mark the same include
-directories as system headers.
+compiler warnings.  The :command:`target_include_directories(SYSTEM)`
+command signature populates this property with values given to the
+``PUBLIC`` and ``INTERFACE`` keywords.  Projects may also get and set the
+property directly.
+
+When target dependencies are specified using :command:`target_link_libraries`,
+CMake will read this property from all target dependencies to mark the
+same include directories as containing system headers.
 
 Contents of ``INTERFACE_SYSTEM_INCLUDE_DIRECTORIES`` may use "generator
 expressions" with the syntax ``$<...>``.  See the
diff --git a/Help/prop_tgt/LINK_INTERFACE_LIBRARIES.rst b/Help/prop_tgt/LINK_INTERFACE_LIBRARIES.rst
index 435e25e..2e859eb 100644
--- a/Help/prop_tgt/LINK_INTERFACE_LIBRARIES.rst
+++ b/Help/prop_tgt/LINK_INTERFACE_LIBRARIES.rst
@@ -5,18 +5,24 @@ List public interface libraries for a shared library or executable.
 
 By default linking to a shared library target transitively links to
 targets with which the library itself was linked.  For an executable
-with exports (see the ENABLE_EXPORTS property) no default transitive
-link dependencies are used.  This property replaces the default
+with exports (see the :prop_tgt:`ENABLE_EXPORTS` target property) no
+default transitive link dependencies are used.  This property replaces the default
 transitive link dependencies with an explicit list.  When the target
-is linked into another target the libraries listed (and recursively
+is linked into another target using the :command:`target_link_libraries`
+command, the libraries listed (and recursively
 their link interface libraries) will be provided to the other target
 also.  If the list is empty then no transitive link dependencies will
 be incorporated when this target is linked into another target even if
 the default set is non-empty.  This property is initialized by the
-value of the variable CMAKE_LINK_INTERFACE_LIBRARIES if it is set when
-a target is created.  This property is ignored for STATIC libraries.
+value of the :variable:`CMAKE_LINK_INTERFACE_LIBRARIES` variable if it is
+set when a target is created.  This property is ignored for ``STATIC``
+libraries.
 
-This property is overridden by the INTERFACE_LINK_LIBRARIES property if
-policy CMP0022 is NEW.
+This property is overridden by the :prop_tgt:`INTERFACE_LINK_LIBRARIES`
+property if policy :policy:`CMP0022` is ``NEW``.
 
-This property is deprecated.  Use INTERFACE_LINK_LIBRARIES instead.
+This property is deprecated.  Use :prop_tgt:`INTERFACE_LINK_LIBRARIES`
+instead.
+
+.. |INTERFACE_PROPERTY_LINK| replace:: ``LINK_INTERFACE_LIBRARIES``
+.. include:: /include/INTERFACE_LINK_LIBRARIES_WARNING.txt
diff --git a/Help/prop_tgt/LINK_INTERFACE_LIBRARIES_CONFIG.rst b/Help/prop_tgt/LINK_INTERFACE_LIBRARIES_CONFIG.rst
index 08bd650..7f2b5dd 100644
--- a/Help/prop_tgt/LINK_INTERFACE_LIBRARIES_CONFIG.rst
+++ b/Help/prop_tgt/LINK_INTERFACE_LIBRARIES_CONFIG.rst
@@ -4,10 +4,14 @@ LINK_INTERFACE_LIBRARIES_<CONFIG>
 Per-configuration list of public interface libraries for a target.
 
 This is the configuration-specific version of
-LINK_INTERFACE_LIBRARIES.  If set, this property completely overrides
-the generic property for the named configuration.
+:prop_tgt:`LINK_INTERFACE_LIBRARIES`.  If set, this property completely
+overrides the generic property for the named configuration.
 
-This property is overridden by the INTERFACE_LINK_LIBRARIES property if
-policy CMP0022 is NEW.
+This property is overridden by the :prop_tgt:`INTERFACE_LINK_LIBRARIES`
+property if policy :policy:`CMP0022` is ``NEW``.
 
-This property is deprecated.  Use INTERFACE_LINK_LIBRARIES instead.
+This property is deprecated.  Use :prop_tgt:`INTERFACE_LINK_LIBRARIES`
+instead.
+
+.. |INTERFACE_PROPERTY_LINK| replace:: ``LINK_INTERFACE_LIBRARIES_<CONFIG>``
+.. include:: /include/INTERFACE_LINK_LIBRARIES_WARNING.txt
diff --git a/Help/release/3.1.0.rst b/Help/release/3.1.0.rst
index 96717c6..a5b3e8e 100644
--- a/Help/release/3.1.0.rst
+++ b/Help/release/3.1.0.rst
@@ -245,6 +245,8 @@ Modules
 * The :module:`FindPkgConfig` module learned to use the ``PKG_CONFIG``
   environment variable value as the ``pkg-config`` executable, if set.
 
+* The :module:`FindXercesC` module was introduced.
+
 * The :module:`FindZLIB` module now provides imported targets.
 
 * The :module:`GenerateExportHeader` module ``generate_export_header``
diff --git a/Help/release/dev/0-sample-topic.rst b/Help/release/dev/0-sample-topic.rst
new file mode 100644
index 0000000..e4cc01e
--- /dev/null
+++ b/Help/release/dev/0-sample-topic.rst
@@ -0,0 +1,7 @@
+0-sample-topic
+--------------
+
+* This is a sample release note for the change in a topic.
+  Developers should add similar notes for each topic branch
+  making a noteworthy change.  Each document should be named
+  and titled to match the topic name to avoid merge conflicts.
diff --git a/Help/release/dev/ExternalProject_CMAKE_CACHE_DEFAULT_ARGS.rst b/Help/release/dev/ExternalProject_CMAKE_CACHE_DEFAULT_ARGS.rst
new file mode 100644
index 0000000..1838ab6
--- /dev/null
+++ b/Help/release/dev/ExternalProject_CMAKE_CACHE_DEFAULT_ARGS.rst
@@ -0,0 +1,6 @@
+ExternalProject_CMAKE_CACHE_DEFAULT_ARGS
+----------------------------------------
+
+* The :module:`ExternalProject` module ``ExternalProject_Add`` function
+  learned a new ``CMAKE_CACHE_DEFAULT_ARGS`` option to initialize cache
+  values in the external project without setting them on future builds.
diff --git a/Help/release/dev/ExternalProject_UPDATE_DISCONNECTED.rst b/Help/release/dev/ExternalProject_UPDATE_DISCONNECTED.rst
new file mode 100644
index 0000000..bed4a89
--- /dev/null
+++ b/Help/release/dev/ExternalProject_UPDATE_DISCONNECTED.rst
@@ -0,0 +1,6 @@
+ExternalProject_UPDATE_DISCONNECTED
+-----------------------------------
+
+* The :module:`ExternalProject` module ``ExternalProject_Add`` command
+  learned an ``UPDATE_DISCONNECTED`` option to avoid automatically
+  updating the source tree checkout from version control.
diff --git a/Help/release/dev/ExternalProject_independent-step-targets.rst b/Help/release/dev/ExternalProject_independent-step-targets.rst
new file mode 100644
index 0000000..02e8db8
--- /dev/null
+++ b/Help/release/dev/ExternalProject_independent-step-targets.rst
@@ -0,0 +1,6 @@
+ExternalProject_independent-step-targets
+----------------------------------------
+
+* The :module:`ExternalProject` module learned options to create
+  independent external project step targets that do not depend
+  on the builtin steps.
diff --git a/Help/release/dev/FindOpenGL-no-X11.rst b/Help/release/dev/FindOpenGL-no-X11.rst
new file mode 100644
index 0000000..dacf165
--- /dev/null
+++ b/Help/release/dev/FindOpenGL-no-X11.rst
@@ -0,0 +1,8 @@
+FindOpenGL-no-X11
+-----------------
+
+* The :module:`FindOpenGL` module no longer explicitly searches
+  for any dependency on X11 libraries with the :module:`FindX11`
+  module.  Such dependencies should not need to be explicit.
+  Applications using X11 APIs themselves should find and link
+  to X11 libraries explicitly.
diff --git a/Help/release/dev/FindOpenSSL-separate-libs.rst b/Help/release/dev/FindOpenSSL-separate-libs.rst
new file mode 100644
index 0000000..96e3961
--- /dev/null
+++ b/Help/release/dev/FindOpenSSL-separate-libs.rst
@@ -0,0 +1,7 @@
+FindOpenSSL-separate-libs
+-------------------------
+
+* The :module:`FindOpenSSL` module now reports ``crypto`` and ``ssl``
+  libraries separately in ``OPENSSL_CRYPTO_LIBRARY`` and
+  ``OPENSSL_SSL_LIBRARY``, respectively, to allow applications to
+  link to one without the other.
diff --git a/Help/release/dev/add-FindIntl.rst b/Help/release/dev/add-FindIntl.rst
new file mode 100644
index 0000000..ac048c9
--- /dev/null
+++ b/Help/release/dev/add-FindIntl.rst
@@ -0,0 +1,5 @@
+add-FindIntl
+------------
+
+* The :module:`FindIntl` module was added to find the Gettext ``libintl``
+  library.
diff --git a/Help/release/dev/add-continue-command.rst b/Help/release/dev/add-continue-command.rst
new file mode 100644
index 0000000..4995a8e
--- /dev/null
+++ b/Help/release/dev/add-continue-command.rst
@@ -0,0 +1,6 @@
+add-continue-command
+--------------------
+
+* A new :command:`continue` command was added that can be called inside loop
+  contexts to end the current iteration and start the next one at the top of
+  the loop block.
diff --git a/Help/release/dev/add_javascript_coverage_parser.rst b/Help/release/dev/add_javascript_coverage_parser.rst
new file mode 100644
index 0000000..0d068ee
--- /dev/null
+++ b/Help/release/dev/add_javascript_coverage_parser.rst
@@ -0,0 +1,4 @@
+add_javascript_coverage_parser
+------------------------------
+
+* The :command:`ctest_coverage` learned to support Javascript coverage.
diff --git a/Help/release/dev/break-command-strictness.rst b/Help/release/dev/break-command-strictness.rst
new file mode 100644
index 0000000..0723774
--- /dev/null
+++ b/Help/release/dev/break-command-strictness.rst
@@ -0,0 +1,6 @@
+break-command-strictness
+------------------------
+
+* The :command:`break` command now rejects calls outside of a loop
+  context or that pass arguments to the command.
+  See policy :policy:`CMP0055`.
diff --git a/Help/release/dev/cached-regex-clear-fixed.rst b/Help/release/dev/cached-regex-clear-fixed.rst
new file mode 100644
index 0000000..fbf08cc
--- /dev/null
+++ b/Help/release/dev/cached-regex-clear-fixed.rst
@@ -0,0 +1,5 @@
+cached-regex-clear-fixed
+------------------------
+
+* Add :variable:`CMAKE_MATCH_COUNT` for the number of matches made in the last
+  regular expression.
diff --git a/Help/release/dev/console-pool.rst b/Help/release/dev/console-pool.rst
new file mode 100644
index 0000000..19c2f19
--- /dev/null
+++ b/Help/release/dev/console-pool.rst
@@ -0,0 +1,8 @@
+console-pool
+------------
+
+* The :command:`add_custom_command` and :command:`add_custom_target`
+  commands learned a new ``USES_TERMINAL`` option to request that
+  the command be given direct access to the terminal if possible.
+  The :generator:`Ninja` generator will places such commands in the
+  ``console`` pool.
diff --git a/Help/release/dev/cpack-rpm-component-descriptions.rst b/Help/release/dev/cpack-rpm-component-descriptions.rst
new file mode 100644
index 0000000..769a912
--- /dev/null
+++ b/Help/release/dev/cpack-rpm-component-descriptions.rst
@@ -0,0 +1,7 @@
+cpack-rpm-component-descriptions
+--------------------------------
+
+* The :module:`CPackRPM` module learned options to set per-component
+  descriptions and summaries.  See the
+  :variable:`CPACK_RPM_<component>_PACKAGE_DESCRIPTION` and
+  :variable:`CPACK_RPM_<component>_PACKAGE_SUMMARY` variables.
diff --git a/Help/release/dev/cpack-rpm-pre-post-install.rst b/Help/release/dev/cpack-rpm-pre-post-install.rst
new file mode 100644
index 0000000..0909d94
--- /dev/null
+++ b/Help/release/dev/cpack-rpm-pre-post-install.rst
@@ -0,0 +1,12 @@
+cpack-rpm-pre-post-install
+--------------------------
+
+* The :module:`CPackRPM` module learned options to specify
+  requirements for pre- and post-install scripts.  See the
+  :variable:`CPACK_RPM_PACKAGE_REQUIRES_PRE` and
+  :variable:`CPACK_RPM_PACKAGE_REQUIRES_POST` variables.
+
+* The :module:`CPackRPM` module learned options to specify
+  requirements for pre- and post-uninstall scripts.  See the
+  :variable:`CPACK_RPM_PACKAGE_REQUIRES_PREUN` and
+  :variable:`CPACK_RPM_PACKAGE_REQUIRES_POSTUN` variables.
diff --git a/Help/release/dev/ctest-delphi-coverage.rst b/Help/release/dev/ctest-delphi-coverage.rst
new file mode 100644
index 0000000..efa97c9
--- /dev/null
+++ b/Help/release/dev/ctest-delphi-coverage.rst
@@ -0,0 +1,4 @@
+ctest-delphi-coverage
+---------------------
+
+* The :command:`ctest_coverage` learned to support Delphi coverage.
diff --git a/Help/release/dev/custom-command-byproducts.rst b/Help/release/dev/custom-command-byproducts.rst
new file mode 100644
index 0000000..dc85fdb
--- /dev/null
+++ b/Help/release/dev/custom-command-byproducts.rst
@@ -0,0 +1,7 @@
+custom-command-byproducts
+-------------------------
+
+* The :command:`add_custom_command` and :command:`add_custom_target`
+  commands learned a new ``BYPRODUCTS`` option to specify files
+  produced as side effects of the custom commands.  These are not
+  outputs because they do not always have to be newer than inputs.
diff --git a/Help/release/dev/file-LOCK-command.rst b/Help/release/dev/file-LOCK-command.rst
new file mode 100644
index 0000000..4b11e9e
--- /dev/null
+++ b/Help/release/dev/file-LOCK-command.rst
@@ -0,0 +1,5 @@
+file-LOCK-command
+-----------------
+
+* The :command:`file(LOCK)` subcommand was created to allow CMake
+  processes to synchronize through file and directory locks.
diff --git a/Help/release/index.rst b/Help/release/index.rst
index 616a582..abc19b8 100644
--- a/Help/release/index.rst
+++ b/Help/release/index.rst
@@ -5,6 +5,8 @@ CMake Release Notes
   This file should include the adjacent "dev.txt" file
   in development versions but not in release versions.
 
+.. include:: dev.txt
+
 Releases
 ========
 
diff --git a/Help/variable/CMAKE_MATCH_COUNT.rst b/Help/variable/CMAKE_MATCH_COUNT.rst
new file mode 100644
index 0000000..8b1c036
--- /dev/null
+++ b/Help/variable/CMAKE_MATCH_COUNT.rst
@@ -0,0 +1,8 @@
+CMAKE_MATCH_COUNT
+-----------------
+
+The number of matches with the last regular expression.
+
+When a regular expression match is used, CMake fills in ``CMAKE_MATCH_<n>``
+variables with the match contents. The ``CMAKE_MATCH_COUNT`` variable holds
+the number of match expressions when these are filled.
diff --git a/Modules/AutogenInfo.cmake.in b/Modules/AutogenInfo.cmake.in
index 602b065..7d89420 100644
--- a/Modules/AutogenInfo.cmake.in
+++ b/Modules/AutogenInfo.cmake.in
@@ -1,5 +1,6 @@
 set(AM_SOURCES @_cpp_files@ )
 set(AM_RCC_SOURCES @_rcc_files@ )
+set(AM_RCC_INPUTS @_qt_rcc_inputs@)
 set(AM_SKIP_MOC @_skip_moc@ )
 set(AM_SKIP_UIC @_skip_uic@ )
 set(AM_HEADERS @_moc_headers@ )
diff --git a/Modules/CMakeDetermineCCompiler.cmake b/Modules/CMakeDetermineCCompiler.cmake
index 6b425c6..937aa8c 100644
--- a/Modules/CMakeDetermineCCompiler.cmake
+++ b/Modules/CMakeDetermineCCompiler.cmake
@@ -108,7 +108,7 @@ if(NOT CMAKE_C_COMPILER_ID_RUN)
   CMAKE_DETERMINE_COMPILER_ID(C CFLAGS CMakeCCompilerId.c)
 
   # Set old compiler and platform id variables.
-  if("${CMAKE_C_COMPILER_ID}" MATCHES "GNU")
+  if(CMAKE_C_COMPILER_ID MATCHES "GNU")
     set(CMAKE_COMPILER_IS_GNUCC 1)
   endif()
   if("${CMAKE_C_PLATFORM_ID}" MATCHES "MinGW")
@@ -131,11 +131,11 @@ endif ()
 # "arm-unknown-nto-qnx6" instead of the correct "arm-unknown-nto-qnx6.3.0-"
 if (CMAKE_CROSSCOMPILING  AND NOT _CMAKE_TOOLCHAIN_PREFIX)
 
-  if("${CMAKE_C_COMPILER_ID}" MATCHES "GNU" OR "${CMAKE_C_COMPILER_ID}" MATCHES "Clang")
+  if(CMAKE_C_COMPILER_ID MATCHES "GNU" OR CMAKE_C_COMPILER_ID MATCHES "Clang")
     get_filename_component(COMPILER_BASENAME "${CMAKE_C_COMPILER}" NAME)
     if (COMPILER_BASENAME MATCHES "^(.+-)(clang|g?cc)(-[0-9]+\\.[0-9]+\\.[0-9]+)?(\\.exe)?$")
       set(_CMAKE_TOOLCHAIN_PREFIX ${CMAKE_MATCH_1})
-    elseif("${CMAKE_C_COMPILER_ID}" MATCHES "Clang")
+    elseif(CMAKE_C_COMPILER_ID MATCHES "Clang")
       if(CMAKE_C_COMPILER_TARGET)
         set(_CMAKE_TOOLCHAIN_PREFIX ${CMAKE_C_COMPILER_TARGET}-)
       endif()
@@ -150,7 +150,7 @@ if (CMAKE_CROSSCOMPILING  AND NOT _CMAKE_TOOLCHAIN_PREFIX)
     if ("${_CMAKE_TOOLCHAIN_PREFIX}" MATCHES "(.+-)?llvm-$")
       set(_CMAKE_TOOLCHAIN_PREFIX ${CMAKE_MATCH_1})
     endif ()
-  elseif("${CMAKE_C_COMPILER_ID}" MATCHES "TI")
+  elseif(CMAKE_C_COMPILER_ID MATCHES "TI")
     # TI compilers are named e.g. cl6x, cl470 or armcl.exe
     get_filename_component(COMPILER_BASENAME "${CMAKE_C_COMPILER}" NAME)
     if (COMPILER_BASENAME MATCHES "^(.+)?cl([^.]+)?(\\.exe)?$")
diff --git a/Modules/CMakeDetermineCompilerId.cmake b/Modules/CMakeDetermineCompilerId.cmake
index 6c6a914..0ea9ce1 100644
--- a/Modules/CMakeDetermineCompilerId.cmake
+++ b/Modules/CMakeDetermineCompilerId.cmake
@@ -48,7 +48,7 @@ function(CMAKE_DETERMINE_COMPILER_ID lang flagvar src)
     CMAKE_DETERMINE_COMPILER_ID_VENDOR(${lang})
   endif()
 
-  if (COMPILER_QNXNTO AND CMAKE_${lang}_COMPILER_ID STREQUAL GNU)
+  if (COMPILER_QNXNTO AND CMAKE_${lang}_COMPILER_ID STREQUAL "GNU")
     execute_process(
       COMMAND "${CMAKE_${lang}_COMPILER}"
       -V
diff --git a/Modules/CMakeDetermineFortranCompiler.cmake b/Modules/CMakeDetermineFortranCompiler.cmake
index 96df6a2..a4bb86c 100644
--- a/Modules/CMakeDetermineFortranCompiler.cmake
+++ b/Modules/CMakeDetermineFortranCompiler.cmake
@@ -152,12 +152,12 @@ if(NOT CMAKE_Fortran_COMPILER_ID_RUN)
   endif()
 
   # Set old compiler and platform id variables.
-  if("${CMAKE_Fortran_COMPILER_ID}" MATCHES "GNU")
+  if(CMAKE_Fortran_COMPILER_ID MATCHES "GNU")
     set(CMAKE_COMPILER_IS_GNUG77 1)
   endif()
-  if("${CMAKE_Fortran_PLATFORM_ID}" MATCHES "MinGW")
+  if(CMAKE_Fortran_PLATFORM_ID MATCHES "MinGW")
     set(CMAKE_COMPILER_IS_MINGW 1)
-  elseif("${CMAKE_Fortran_PLATFORM_ID}" MATCHES "Cygwin")
+  elseif(CMAKE_Fortran_PLATFORM_ID MATCHES "Cygwin")
     set(CMAKE_COMPILER_IS_CYGWIN 1)
   endif()
 endif()
@@ -175,7 +175,7 @@ endif ()
 # "arm-unknown-nto-qnx6" instead of the correct "arm-unknown-nto-qnx6.3.0-"
 if (CMAKE_CROSSCOMPILING  AND NOT _CMAKE_TOOLCHAIN_PREFIX)
 
-  if("${CMAKE_Fortran_COMPILER_ID}" MATCHES "GNU")
+  if(CMAKE_Fortran_COMPILER_ID MATCHES "GNU")
     get_filename_component(COMPILER_BASENAME "${CMAKE_Fortran_COMPILER}" NAME)
     if (COMPILER_BASENAME MATCHES "^(.+-)g?fortran(-[0-9]+\\.[0-9]+\\.[0-9]+)?(\\.exe)?$")
       set(_CMAKE_TOOLCHAIN_PREFIX ${CMAKE_MATCH_1})
diff --git a/Modules/CMakeExtraGeneratorDetermineCompilerMacrosAndIncludeDirs.cmake b/Modules/CMakeExtraGeneratorDetermineCompilerMacrosAndIncludeDirs.cmake
index 365d381..064e650 100644
--- a/Modules/CMakeExtraGeneratorDetermineCompilerMacrosAndIncludeDirs.cmake
+++ b/Modules/CMakeExtraGeneratorDetermineCompilerMacrosAndIncludeDirs.cmake
@@ -26,11 +26,18 @@ macro(_DETERMINE_GCC_SYSTEM_INCLUDE_DIRS _lang _resultIncludeDirs _resultDefines
   if (${_lang} STREQUAL "c++")
     set(_compilerExecutable "${CMAKE_CXX_COMPILER}")
     set(_arg1 "${CMAKE_CXX_COMPILER_ARG1}")
+
+    if (CMAKE_CXX_FLAGS MATCHES "(-stdlib=[^ ]+)")
+      set(_stdlib "${CMAKE_MATCH_1}")
+    endif ()
+    if (CMAKE_CXX_FLAGS MATCHES "(-std=[^ ]+)")
+      set(_stdver "${CMAKE_MATCH_1}")
+    endif ()
   else ()
     set(_compilerExecutable "${CMAKE_C_COMPILER}")
     set(_arg1 "${CMAKE_C_COMPILER_ARG1}")
   endif ()
-  execute_process(COMMAND ${_compilerExecutable} ${_arg1} -v -E -x ${_lang} -dD dummy
+  execute_process(COMMAND ${_compilerExecutable} ${_arg1} ${_stdver} ${_stdlib} -v -E -x ${_lang} -dD dummy
                   WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/CMakeFiles
                   ERROR_VARIABLE _gccOutput
                   OUTPUT_VARIABLE _gccStdout )
@@ -90,7 +97,7 @@ set(ENV{LANG}        C)
 
 # Now check for C, works for gcc and Intel compiler at least
 if (NOT CMAKE_EXTRA_GENERATOR_C_SYSTEM_INCLUDE_DIRS)
-  if ("${CMAKE_C_COMPILER_ID}" MATCHES GNU  OR  "${CMAKE_C_COMPILER_ID}" MATCHES Intel  OR  "${CMAKE_C_COMPILER_ID}" MATCHES Clang)
+  if (CMAKE_C_COMPILER_ID MATCHES GNU  OR  CMAKE_C_COMPILER_ID MATCHES Intel  OR  CMAKE_C_COMPILER_ID MATCHES Clang)
     _DETERMINE_GCC_SYSTEM_INCLUDE_DIRS(c _dirs _defines)
     set(CMAKE_EXTRA_GENERATOR_C_SYSTEM_INCLUDE_DIRS "${_dirs}" CACHE INTERNAL "C compiler system include directories")
     set(CMAKE_EXTRA_GENERATOR_C_SYSTEM_DEFINED_MACROS "${_defines}" CACHE INTERNAL "C compiler system defined macros")
diff --git a/Modules/CMakeForceCompiler.cmake b/Modules/CMakeForceCompiler.cmake
index 0e6b5af..1d8b110 100644
--- a/Modules/CMakeForceCompiler.cmake
+++ b/Modules/CMakeForceCompiler.cmake
@@ -70,7 +70,7 @@ macro(CMAKE_FORCE_C_COMPILER compiler id)
   set(CMAKE_C_COMPILER_FORCED TRUE)
 
   # Set old compiler id variables.
-  if("${CMAKE_C_COMPILER_ID}" MATCHES "GNU")
+  if(CMAKE_C_COMPILER_ID MATCHES "GNU")
     set(CMAKE_COMPILER_IS_GNUCC 1)
   endif()
 endmacro()
@@ -94,7 +94,7 @@ macro(CMAKE_FORCE_Fortran_COMPILER compiler id)
   set(CMAKE_Fortran_COMPILER_FORCED TRUE)
 
   # Set old compiler id variables.
-  if("${CMAKE_Fortran_COMPILER_ID}" MATCHES "GNU")
+  if(CMAKE_Fortran_COMPILER_ID MATCHES "GNU")
     set(CMAKE_COMPILER_IS_GNUG77 1)
   endif()
 endmacro()
diff --git a/Modules/CMakeNinjaFindMake.cmake b/Modules/CMakeNinjaFindMake.cmake
index c3ca767..2f35cf4 100644
--- a/Modules/CMakeNinjaFindMake.cmake
+++ b/Modules/CMakeNinjaFindMake.cmake
@@ -12,6 +12,7 @@
 # (To distribute this file outside of CMake, substitute the full
 #  License text for the above reference.)
 
-find_program(CMAKE_MAKE_PROGRAM ninja
+find_program(CMAKE_MAKE_PROGRAM
+  NAMES ninja-build ninja
   DOC "Program used to build from build.ninja files.")
 mark_as_advanced(CMAKE_MAKE_PROGRAM)
diff --git a/Modules/CPackBundle.cmake b/Modules/CPackBundle.cmake
index d8293c0..d26a0b3 100644
--- a/Modules/CPackBundle.cmake
+++ b/Modules/CPackBundle.cmake
@@ -33,6 +33,31 @@
 #  Path to a startup script. This is a path to an executable or script that
 #  will be run whenever an end-user double-clicks the generated bundle in the
 #  OSX Finder. Optional.
+#
+# .. variable:: CPACK_BUNDLE_APPLE_CERT_APP
+#
+#  The name of your Apple supplied code signing certificate for the application.
+#  The name usually takes the form "Developer ID Application: [Name]" or
+#  "3rd Party Mac Developer Application: [Name]". If this variable is not set
+#  the application will not be signed.
+#
+# .. variable:: CPACK_BUNDLE_APPLE_ENTITLEMENTS
+#
+#  The name of the plist file that contains your apple entitlements for sandboxing
+#  your application. This file is required for submission to the Mac App Store.
+#
+# .. variable:: CPACK_BUNDLE_APPLE_CODESIGN_FILES
+#
+#  A list of additional files that you wish to be signed. You do not need to
+#  list the main application folder, or the main executable. You should
+#  list any frameworks and plugins that are included in your app bundle.
+#
+# .. variable:: CPACK_COMMAND_CODESIGN
+#
+#  Path to the codesign(1) command used to sign applications with an
+#  Apple cert. This variable can be used to override the automatically
+#  detected command (or specify its location if the auto-detection fails
+#  to find it.)
 
 #=============================================================================
 # Copyright 2006-2009 Kitware, Inc.
diff --git a/Modules/CPackRPM.cmake b/Modules/CPackRPM.cmake
index 2864b21..d2cb2ee 100644
--- a/Modules/CPackRPM.cmake
+++ b/Modules/CPackRPM.cmake
@@ -29,6 +29,7 @@
 # However as a handy reminder here comes the list of specific variables:
 #
 # .. variable:: CPACK_RPM_PACKAGE_SUMMARY
+#               CPACK_RPM_<component>_PACKAGE_SUMMARY
 #
 #  The RPM package summary.
 #
@@ -100,11 +101,13 @@
 #  * Default   : -
 #
 # .. variable:: CPACK_RPM_PACKAGE_DESCRIPTION
+#               CPACK_RPM_<component>_PACKAGE_DESCRIPTION
 #
 #  RPM package description.
 #
 #  * Mandatory : YES
-#  * Default : CPACK_PACKAGE_DESCRIPTION_FILE if set or "no package
+#  * Default : CPACK_COMPONENT_<compName>_DESCRIPTION (component based installers
+#    only) if set, CPACK_PACKAGE_DESCRIPTION_FILE if set or "no package
 #    description available"
 #
 # .. variable:: CPACK_RPM_COMPRESSION_TYPE
@@ -135,6 +138,56 @@
 #
 #   rpm -qp --requires file.rpm
 #
+# .. variable:: CPACK_RPM_PACKAGE_REQUIRES_PRE
+#
+#  RPM spec requires(pre) field.
+#
+#  * Mandatory : NO
+#  * Default   : -
+#
+#  May be used to set RPM preinstall dependencies (requires(pre)).  Note that you must enclose
+#  the complete requires string between quotes, for example::
+#
+#   set(CPACK_RPM_PACKAGE_REQUIRES_PRE "shadow-utils, initscripts")
+#
+# .. variable:: CPACK_RPM_PACKAGE_REQUIRES_POST
+#
+#  RPM spec requires(post) field.
+#
+#  * Mandatory : NO
+#  * Default   : -
+#
+#  May be used to set RPM postinstall dependencies (requires(post)).  Note that you must enclose
+#  the complete requires string between quotes, for example::
+#
+#   set(CPACK_RPM_PACKAGE_REQUIRES_POST "shadow-utils, initscripts")
+#
+#
+# .. variable:: CPACK_RPM_PACKAGE_REQUIRES_POSTUN
+#
+#  RPM spec requires(postun) field.
+#
+#  * Mandatory : NO
+#  * Default   : -
+#
+#  May be used to set RPM postuninstall dependencies (requires(postun)).  Note that you must enclose
+#  the complete requires string between quotes, for example::
+#
+#   set(CPACK_RPM_PACKAGE_REQUIRES_POSTUN "shadow-utils, initscripts")
+#
+#
+# .. variable:: CPACK_RPM_PACKAGE_REQUIRES_PREUN
+#
+#  RPM spec requires(preun) field.
+#
+#  * Mandatory : NO
+#  * Default   : -
+#
+#  May be used to set RPM preuninstall dependencies (requires(preun)).  Note that you must enclose
+#  the complete requires string between quotes, for example::
+#
+#   set(CPACK_RPM_PACKAGE_REQUIRES_PREUN "shadow-utils, initscripts")
+#
 # .. variable:: CPACK_RPM_PACKAGE_SUGGESTS
 #
 #  RPM spec suggest field.
@@ -384,7 +437,7 @@ if(CPACK_RPM_PACKAGE_DEBUG)
                     OUTPUT_VARIABLE _TMP_LSB_RELEASE_OUTPUT
                     ERROR_QUIET
                     OUTPUT_STRIP_TRAILING_WHITESPACE)
-    string(REPLACE "\n" ", "
+    string(REGEX REPLACE "\n" ", "
            LSB_RELEASE_OUTPUT
            ${_TMP_LSB_RELEASE_OUTPUT})
   else ()
@@ -397,7 +450,7 @@ endif()
 # to shut down warning about space in buildtree
 # some recent RPM version should support space in different places.
 # not checked [yet].
-if(CPACK_TOPLEVEL_DIRECTORY MATCHES " ")
+if(CPACK_TOPLEVEL_DIRECTORY MATCHES ".* .*")
   message(FATAL_ERROR "${RPMBUILD_EXECUTABLE} can't handle paths with spaces, use a build directory without spaces for building RPMs.")
 endif()
 
@@ -414,6 +467,7 @@ endif()
 # Are we packaging components ?
 if(CPACK_RPM_PACKAGE_COMPONENT)
   set(CPACK_RPM_PACKAGE_COMPONENT_PART_NAME "-${CPACK_RPM_PACKAGE_COMPONENT}")
+  string(TOUPPER ${CPACK_RPM_PACKAGE_COMPONENT} CPACK_RPM_PACKAGE_COMPONENT_UPPER)
 else()
   set(CPACK_RPM_PACKAGE_COMPONENT_PART_NAME "")
 endif()
@@ -430,12 +484,31 @@ set(WDIR "${CPACK_TOPLEVEL_DIRECTORY}/${CPACK_PACKAGE_FILE_NAME}${CPACK_RPM_PACK
 #
 
 # CPACK_RPM_PACKAGE_SUMMARY (mandatory)
+
+# CPACK_RPM_PACKAGE_SUMMARY_ is used only locally so that it can be unset each time before use otherwise
+# component packaging could leak variable content between components
+unset(CPACK_RPM_PACKAGE_SUMMARY_)
+if(CPACK_RPM_PACKAGE_SUMMARY)
+  set(CPACK_RPM_PACKAGE_SUMMARY_ ${CPACK_RPM_PACKAGE_SUMMARY})
+  unset(CPACK_RPM_PACKAGE_SUMMARY)
+endif()
+
+#Check for component summary first.
+#If not set, it will use regular package summary logic.
+if(CPACK_RPM_PACKAGE_COMPONENT)
+  if(CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT}_PACKAGE_SUMMARY)
+    set(CPACK_RPM_PACKAGE_SUMMARY ${CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT}_PACKAGE_SUMMARY})
+  endif()
+endif()
+
 if(NOT CPACK_RPM_PACKAGE_SUMMARY)
-  # if neither var is defined lets use the name as summary
-  if(NOT CPACK_PACKAGE_DESCRIPTION_SUMMARY)
-    string(TOLOWER "${CPACK_PACKAGE_NAME}" CPACK_RPM_PACKAGE_SUMMARY)
-  else()
+  if(CPACK_RPM_PACKAGE_SUMMARY_)
+    set(CPACK_RPM_PACKAGE_SUMMARY ${CPACK_RPM_PACKAGE_SUMMARY_})
+  elseif(CPACK_PACKAGE_DESCRIPTION_SUMMARY)
     set(CPACK_RPM_PACKAGE_SUMMARY ${CPACK_PACKAGE_DESCRIPTION_SUMMARY})
+  else()
+    # if neither var is defined lets use the name as summary
+    string(TOLOWER "${CPACK_PACKAGE_NAME}" CPACK_RPM_PACKAGE_SUMMARY)
   endif()
 endif()
 
@@ -508,12 +581,33 @@ endif()
 #     if it is defined
 #   - set to a default value
 #
-if (NOT CPACK_RPM_PACKAGE_DESCRIPTION)
-        if (CPACK_PACKAGE_DESCRIPTION_FILE)
-                file(READ ${CPACK_PACKAGE_DESCRIPTION_FILE} CPACK_RPM_PACKAGE_DESCRIPTION)
-        else ()
-                set(CPACK_RPM_PACKAGE_DESCRIPTION "no package description available")
-        endif ()
+
+# CPACK_RPM_PACKAGE_DESCRIPTION_ is used only locally so that it can be unset each time before use otherwise
+# component packaging could leak variable content between components
+unset(CPACK_RPM_PACKAGE_DESCRIPTION_)
+if(CPACK_RPM_PACKAGE_DESCRIPTION)
+  set(CPACK_RPM_PACKAGE_DESCRIPTION_ ${CPACK_RPM_PACKAGE_DESCRIPTION})
+  unset(CPACK_RPM_PACKAGE_DESCRIPTION)
+endif()
+
+#Check for a component description first.
+#If not set, it will use regular package description logic.
+if(CPACK_RPM_PACKAGE_COMPONENT)
+  if(CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT}_PACKAGE_DESCRIPTION)
+    set(CPACK_RPM_PACKAGE_DESCRIPTION ${CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT}_PACKAGE_DESCRIPTION})
+  elseif(CPACK_COMPONENT_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DESCRIPTION)
+    set(CPACK_RPM_PACKAGE_DESCRIPTION ${CPACK_COMPONENT_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DESCRIPTION})
+  endif()
+endif()
+
+if(NOT CPACK_RPM_PACKAGE_DESCRIPTION)
+  if(CPACK_RPM_PACKAGE_DESCRIPTION_)
+    set(CPACK_RPM_PACKAGE_DESCRIPTION ${CPACK_RPM_PACKAGE_DESCRIPTION_})
+  elseif(CPACK_PACKAGE_DESCRIPTION_FILE)
+    file(READ ${CPACK_PACKAGE_DESCRIPTION_FILE} CPACK_RPM_PACKAGE_DESCRIPTION)
+  else ()
+    set(CPACK_RPM_PACKAGE_DESCRIPTION "no package description available")
+  endif ()
 endif ()
 
 # CPACK_RPM_COMPRESSION_TYPE
@@ -556,7 +650,7 @@ endif()
 # There may be some COMPONENT specific variables as well
 # If component specific var is not provided we use the global one
 # for each component
-foreach(_RPM_SPEC_HEADER URL REQUIRES SUGGESTS PROVIDES OBSOLETES PREFIX CONFLICTS AUTOPROV AUTOREQ AUTOREQPROV)
+foreach(_RPM_SPEC_HEADER URL REQUIRES SUGGESTS PROVIDES OBSOLETES PREFIX CONFLICTS AUTOPROV AUTOREQ AUTOREQPROV REQUIRES_PRE REQUIRES_POST REQUIRES_PREUN REQUIRES_POSTUN)
     if(CPACK_RPM_PACKAGE_DEBUG)
       message("CPackRPM:Debug: processing ${_RPM_SPEC_HEADER}")
     endif()
@@ -584,24 +678,29 @@ foreach(_RPM_SPEC_HEADER URL REQUIRES SUGGESTS PROVIDES OBSOLETES PREFIX CONFLIC
         endif()
     endif()
 
+  # Do not forget to unset previously set header (from previous component)
+  unset(TMP_RPM_${_RPM_SPEC_HEADER})
   # Treat the RPM Spec keyword iff it has been properly defined
   if(DEFINED CPACK_RPM_PACKAGE_${_RPM_SPEC_HEADER}_TMP)
     # Transform NAME --> Name e.g. PROVIDES --> Provides
     # The Upper-case first letter and lowercase tail is the
     # appropriate value required in the final RPM spec file.
-    string(LENGTH ${_RPM_SPEC_HEADER} _PACKAGE_HEADER_STRLENGTH)
-    math(EXPR _PACKAGE_HEADER_STRLENGTH "${_PACKAGE_HEADER_STRLENGTH} - 1")
-    string(SUBSTRING ${_RPM_SPEC_HEADER} 1 ${_PACKAGE_HEADER_STRLENGTH} _PACKAGE_HEADER_TAIL)
+    string(SUBSTRING ${_RPM_SPEC_HEADER} 1 -1 _PACKAGE_HEADER_TAIL)
     string(TOLOWER "${_PACKAGE_HEADER_TAIL}" _PACKAGE_HEADER_TAIL)
     string(SUBSTRING ${_RPM_SPEC_HEADER} 0 1 _PACKAGE_HEADER_NAME)
     set(_PACKAGE_HEADER_NAME "${_PACKAGE_HEADER_NAME}${_PACKAGE_HEADER_TAIL}")
+    # The following keywords require parentheses around the "pre" or "post" suffix in the final RPM spec file.
+    set(SCRIPTS_REQUIREMENTS_LIST REQUIRES_PRE REQUIRES_POST REQUIRES_PREUN REQUIRES_POSTUN)
+    list(FIND SCRIPTS_REQUIREMENTS_LIST ${_RPM_SPEC_HEADER} IS_SCRIPTS_REQUIREMENT_FOUND)
+    if(NOT ${IS_SCRIPTS_REQUIREMENT_FOUND} EQUAL -1)
+      string(REPLACE "_" "(" _PACKAGE_HEADER_NAME "${_PACKAGE_HEADER_NAME}")
+      set(_PACKAGE_HEADER_NAME "${_PACKAGE_HEADER_NAME})")
+    endif()
     if(CPACK_RPM_PACKAGE_DEBUG)
       message("CPackRPM:Debug: User defined ${_PACKAGE_HEADER_NAME}:\n ${CPACK_RPM_PACKAGE_${_RPM_SPEC_HEADER}_TMP}")
     endif()
     set(TMP_RPM_${_RPM_SPEC_HEADER} "${_PACKAGE_HEADER_NAME}: ${CPACK_RPM_PACKAGE_${_RPM_SPEC_HEADER}_TMP}")
-  else()
-    # Do not forget to unset previously set header (from previous component)
-    unset(TMP_RPM_${_RPM_SPEC_HEADER})
+    unset(CPACK_RPM_PACKAGE_${_RPM_SPEC_HEADER}_TMP)
   endif()
 endforeach()
 
@@ -991,6 +1090,10 @@ Group:          \@CPACK_RPM_PACKAGE_GROUP\@
 Vendor:         \@CPACK_RPM_PACKAGE_VENDOR\@
 \@TMP_RPM_URL\@
 \@TMP_RPM_REQUIRES\@
+\@TMP_RPM_REQUIRES_PRE\@
+\@TMP_RPM_REQUIRES_POST\@
+\@TMP_RPM_REQUIRES_PREUN\@
+\@TMP_RPM_REQUIRES_POSTUN\@
 \@TMP_RPM_PROVIDES\@
 \@TMP_RPM_OBSOLETES\@
 \@TMP_RPM_CONFLICTS\@
@@ -1100,3 +1203,15 @@ else()
     message(FATAL_ERROR "RPM packaging through alien not done (yet)")
   endif()
 endif()
+
+# reset variables from temporary variables
+if(CPACK_RPM_PACKAGE_SUMMARY_)
+  set(CPACK_RPM_PACKAGE_SUMMARY ${CPACK_RPM_PACKAGE_SUMMARY_})
+else()
+  unset(CPACK_RPM_PACKAGE_SUMMARY)
+endif()
+if(CPACK_RPM_PACKAGE_DESCRIPTION_)
+  set(CPACK_RPM_PACKAGE_DESCRIPTION ${CPACK_RPM_PACKAGE_DESCRIPTION_})
+else()
+  unset(CPACK_RPM_PACKAGE_DESCRIPTION)
+endif()
diff --git a/Modules/CheckStructHasMember.cmake b/Modules/CheckStructHasMember.cmake
index c8949cf..de31d2c 100644
--- a/Modules/CheckStructHasMember.cmake
+++ b/Modules/CheckStructHasMember.cmake
@@ -69,8 +69,7 @@ macro (CHECK_STRUCT_HAS_MEMBER _STRUCT _MEMBER _HEADER _RESULT)
 ${_INCLUDE_FILES}
 int main()
 {
-   ${_STRUCT}* tmp;
-   (void) tmp->${_MEMBER};
+   (void)((${_STRUCT} *)0)->${_MEMBER};
    return 0;
 }
 ")
diff --git a/Modules/Compiler/Clang-C.cmake b/Modules/Compiler/Clang-C.cmake
index d504d69..ebd5c43 100644
--- a/Modules/Compiler/Clang-C.cmake
+++ b/Modules/Compiler/Clang-C.cmake
@@ -25,16 +25,16 @@ endif()
 
 macro(cmake_record_c_compile_features)
   macro(_get_clang_features std_version list)
-    record_compiler_features(C "-std=${std_version}" ${list})
+    record_compiler_features(C "${std_version}" ${list})
   endmacro()
 
   if (UNIX AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.4)
-    _get_clang_features(c11 CMAKE_C11_COMPILE_FEATURES)
+    _get_clang_features(${CMAKE_C11_STANDARD_COMPILE_OPTION} CMAKE_C11_COMPILE_FEATURES)
     if (_result EQUAL 0)
-      _get_clang_features(c99 CMAKE_C99_COMPILE_FEATURES)
+      _get_clang_features(${CMAKE_C99_STANDARD_COMPILE_OPTION} CMAKE_C99_COMPILE_FEATURES)
     endif()
     if (_result EQUAL 0)
-      _get_clang_features(c90 CMAKE_C90_COMPILE_FEATURES)
+      _get_clang_features(${CMAKE_C90_STANDARD_COMPILE_OPTION} CMAKE_C90_COMPILE_FEATURES)
     endif()
   else()
     set(_result 0)
diff --git a/Modules/Compiler/Clang-CXX-FeatureTests.cmake b/Modules/Compiler/Clang-CXX-FeatureTests.cmake
index 4c532fb..df2e1a8 100644
--- a/Modules/Compiler/Clang-CXX-FeatureTests.cmake
+++ b/Modules/Compiler/Clang-CXX-FeatureTests.cmake
@@ -2,61 +2,9 @@
 # Reference: http://clang.llvm.org/cxx_status.html
 # http://clang.llvm.org/docs/LanguageExtensions.html
 
-set(testable_features
-  cxx_alias_templates
-  cxx_alignas
-  cxx_attributes
-  cxx_auto_type
-  cxx_binary_literals
-  cxx_constexpr
-  cxx_contextual_conversions
-  cxx_decltype
-  cxx_decltype_incomplete_return_types
-  cxx_default_function_template_args
-  cxx_defaulted_functions
-  cxx_delegating_constructors
-  cxx_deleted_functions
-  cxx_explicit_conversions
-  cxx_generalized_initializers
-  cxx_inheriting_constructors
-  cxx_lambdas
-  cxx_local_type_template_args
-  cxx_noexcept
-  cxx_nonstatic_member_init
-  cxx_nullptr
-  cxx_range_for
-  cxx_raw_string_literals
-  cxx_reference_qualified_functions
-  cxx_relaxed_constexpr
-  cxx_return_type_deduction
-  cxx_rvalue_references
-  cxx_static_assert
-  cxx_strong_enums
-  cxx_thread_local
-  cxx_unicode_literals
-  cxx_unrestricted_unions
-  cxx_user_literals
-  cxx_variable_templates
-  cxx_variadic_templates
-)
-
 set(_cmake_oldestSupported "((__clang_major__ * 100) + __clang_minor__) >= 304")
 
-foreach(feature ${testable_features})
-  set(_cmake_feature_test_${feature} "${_cmake_oldestSupported} && __has_feature(${feature})")
-endforeach()
-
-unset(testable_features)
-
-set(_cmake_feature_test_cxx_aggregate_default_initializers "${_cmake_oldestSupported} && __has_feature(cxx_aggregate_nsdmi)")
-
-set(_cmake_feature_test_cxx_trailing_return_types "${_cmake_oldestSupported} && __has_feature(cxx_trailing_return)")
-set(_cmake_feature_test_cxx_alignof "${_cmake_oldestSupported} && __has_feature(cxx_alignas)")
-set(_cmake_feature_test_cxx_final "${_cmake_oldestSupported} && __has_feature(cxx_override_control)")
-set(_cmake_feature_test_cxx_override "${_cmake_oldestSupported} && __has_feature(cxx_override_control)")
-set(_cmake_feature_test_cxx_uniform_initialization "${_cmake_oldestSupported} && __has_feature(cxx_generalized_initializers)")
-set(_cmake_feature_test_cxx_defaulted_move_initializers "${_cmake_oldestSupported} && __has_feature(cxx_defaulted_functions)")
-set(_cmake_feature_test_cxx_lambda_init_captures "${_cmake_oldestSupported} && __has_feature(cxx_init_captures)")
+include("${CMAKE_CURRENT_LIST_DIR}/Clang-CXX-TestableFeatures.cmake")
 
 set(Clang34_CXX14 "((__clang_major__ * 100) + __clang_minor__) >= 304 && __cplusplus > 201103L")
 # http://llvm.org/bugs/show_bug.cgi?id=19242
diff --git a/Modules/Compiler/Clang-CXX-TestableFeatures.cmake b/Modules/Compiler/Clang-CXX-TestableFeatures.cmake
new file mode 100644
index 0000000..b39475c
--- /dev/null
+++ b/Modules/Compiler/Clang-CXX-TestableFeatures.cmake
@@ -0,0 +1,54 @@
+
+set(testable_features
+  cxx_alias_templates
+  cxx_alignas
+  cxx_attributes
+  cxx_auto_type
+  cxx_binary_literals
+  cxx_constexpr
+  cxx_contextual_conversions
+  cxx_decltype
+  cxx_decltype_incomplete_return_types
+  cxx_default_function_template_args
+  cxx_defaulted_functions
+  cxx_delegating_constructors
+  cxx_deleted_functions
+  cxx_explicit_conversions
+  cxx_generalized_initializers
+  cxx_inheriting_constructors
+  cxx_lambdas
+  cxx_local_type_template_args
+  cxx_noexcept
+  cxx_nonstatic_member_init
+  cxx_nullptr
+  cxx_range_for
+  cxx_raw_string_literals
+  cxx_reference_qualified_functions
+  cxx_relaxed_constexpr
+  cxx_return_type_deduction
+  cxx_rvalue_references
+  cxx_static_assert
+  cxx_strong_enums
+  cxx_thread_local
+  cxx_unicode_literals
+  cxx_unrestricted_unions
+  cxx_user_literals
+  cxx_variable_templates
+  cxx_variadic_templates
+)
+
+foreach(feature ${testable_features})
+  set(_cmake_feature_test_${feature} "${_cmake_oldestSupported} && __has_feature(${feature})")
+endforeach()
+
+unset(testable_features)
+
+set(_cmake_feature_test_cxx_aggregate_default_initializers "${_cmake_oldestSupported} && __has_feature(cxx_aggregate_nsdmi)")
+
+set(_cmake_feature_test_cxx_trailing_return_types "${_cmake_oldestSupported} && __has_feature(cxx_trailing_return)")
+set(_cmake_feature_test_cxx_alignof "${_cmake_oldestSupported} && __has_feature(cxx_alignas)")
+set(_cmake_feature_test_cxx_final "${_cmake_oldestSupported} && __has_feature(cxx_override_control)")
+set(_cmake_feature_test_cxx_override "${_cmake_oldestSupported} && __has_feature(cxx_override_control)")
+set(_cmake_feature_test_cxx_uniform_initialization "${_cmake_oldestSupported} && __has_feature(cxx_generalized_initializers)")
+set(_cmake_feature_test_cxx_defaulted_move_initializers "${_cmake_oldestSupported} && __has_feature(cxx_defaulted_functions)")
+set(_cmake_feature_test_cxx_lambda_init_captures "${_cmake_oldestSupported} && __has_feature(cxx_init_captures)")
diff --git a/Modules/Compiler/Clang-CXX.cmake b/Modules/Compiler/Clang-CXX.cmake
index 9ef1413..6fe0b56 100644
--- a/Modules/Compiler/Clang-CXX.cmake
+++ b/Modules/Compiler/Clang-CXX.cmake
@@ -35,16 +35,16 @@ set(CMAKE_CXX_STANDARD_DEFAULT 98)
 
 macro(cmake_record_cxx_compile_features)
   macro(_get_clang_features std_version list)
-    record_compiler_features(CXX "-std=${std_version}" ${list})
+    record_compiler_features(CXX "${std_version}" ${list})
   endmacro()
 
   if (UNIX AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 3.4)
-    _get_clang_features(c++1y CMAKE_CXX14_COMPILE_FEATURES)
+    _get_clang_features(${CMAKE_CXX14_STANDARD_COMPILE_OPTION} CMAKE_CXX14_COMPILE_FEATURES)
     if (_result EQUAL 0)
-      _get_clang_features(c++11 CMAKE_CXX11_COMPILE_FEATURES)
+      _get_clang_features(${CMAKE_CXX11_STANDARD_COMPILE_OPTION} CMAKE_CXX11_COMPILE_FEATURES)
     endif()
     if (_result EQUAL 0)
-      _get_clang_features(c++98 CMAKE_CXX98_COMPILE_FEATURES)
+      _get_clang_features(${CMAKE_CXX98_STANDARD_COMPILE_OPTION} CMAKE_CXX98_COMPILE_FEATURES)
     endif()
   else()
     set(_result 0)
diff --git a/Modules/Compiler/GNU-C.cmake b/Modules/Compiler/GNU-C.cmake
index 24d439d..9018450 100644
--- a/Modules/Compiler/GNU-C.cmake
+++ b/Modules/Compiler/GNU-C.cmake
@@ -20,16 +20,16 @@ endif()
 
 macro(cmake_record_c_compile_features)
   macro(_get_gcc_features std_version list)
-    record_compiler_features(C "-std=${std_version}" ${list})
+    record_compiler_features(C "${std_version}" ${list})
   endmacro()
 
   if (UNIX AND NOT APPLE AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.7)
-    _get_gcc_features(c90 CMAKE_C90_COMPILE_FEATURES)
+    _get_gcc_features(${CMAKE_C11_STANDARD_COMPILE_OPTION} CMAKE_C11_COMPILE_FEATURES)
     if (_result EQUAL 0)
-      _get_gcc_features(c99 CMAKE_C99_COMPILE_FEATURES)
+      _get_gcc_features(${CMAKE_C99_STANDARD_COMPILE_OPTION} CMAKE_C99_COMPILE_FEATURES)
     endif()
     if (_result EQUAL 0)
-      _get_gcc_features(c11 CMAKE_C11_COMPILE_FEATURES)
+      _get_gcc_features(${CMAKE_C90_STANDARD_COMPILE_OPTION} CMAKE_C90_COMPILE_FEATURES)
     endif()
   else()
     set(_result 0)
diff --git a/Modules/Compiler/GNU-CXX.cmake b/Modules/Compiler/GNU-CXX.cmake
index 4129a38..a91c901 100644
--- a/Modules/Compiler/GNU-CXX.cmake
+++ b/Modules/Compiler/GNU-CXX.cmake
@@ -23,7 +23,10 @@ if (NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7)
   # 4.3 supports 0x variants
 endif()
 
-if (NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.8)
+if (NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.9)
+  set(CMAKE_CXX14_STANDARD_COMPILE_OPTION "-std=c++14")
+  set(CMAKE_CXX14_EXTENSION_COMPILE_OPTION "-std=gnu++14")
+elseif (NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.8)
   set(CMAKE_CXX14_STANDARD_COMPILE_OPTION "-std=c++1y")
   set(CMAKE_CXX14_EXTENSION_COMPILE_OPTION "-std=gnu++1y")
 endif()
@@ -32,19 +35,19 @@ set(CMAKE_CXX_STANDARD_DEFAULT 98)
 
 macro(cmake_record_cxx_compile_features)
   macro(_get_gcc_features std_version list)
-    record_compiler_features(CXX "-std=${std_version}" ${list})
+    record_compiler_features(CXX "${std_version}" ${list})
   endmacro()
 
   set(_result 0)
   if (UNIX AND NOT APPLE AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.8)
-    _get_gcc_features(c++1y CMAKE_CXX14_COMPILE_FEATURES)
+    _get_gcc_features(${CMAKE_CXX14_STANDARD_COMPILE_OPTION} CMAKE_CXX14_COMPILE_FEATURES)
   endif()
   if (UNIX AND NOT APPLE AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7)
     if (_result EQUAL 0)
-      _get_gcc_features(c++11 CMAKE_CXX11_COMPILE_FEATURES)
+      _get_gcc_features(${CMAKE_CXX11_STANDARD_COMPILE_OPTION} CMAKE_CXX11_COMPILE_FEATURES)
     endif()
     if (_result EQUAL 0)
-      _get_gcc_features(c++98 CMAKE_CXX98_COMPILE_FEATURES)
+      _get_gcc_features(${CMAKE_CXX98_STANDARD_COMPILE_OPTION} CMAKE_CXX98_COMPILE_FEATURES)
     endif()
   else()
     set(_result 0)
diff --git a/Modules/Compiler/GNU-Fortran.cmake b/Modules/Compiler/GNU-Fortran.cmake
index 313ccbd..dfd7927 100644
--- a/Modules/Compiler/GNU-Fortran.cmake
+++ b/Modules/Compiler/GNU-Fortran.cmake
@@ -8,10 +8,5 @@ set(CMAKE_Fortran_FORMAT_FREE_FLAG "-ffree-form")
 set(CMAKE_Fortran_FLAGS_MINSIZEREL_INIT "-Os")
 set(CMAKE_Fortran_FLAGS_RELEASE_INIT "-O3")
 
-# We require updates to CMake C++ code to support preprocessing rules
-# for Fortran.
-set(CMAKE_Fortran_CREATE_PREPROCESSED_SOURCE)
-set(CMAKE_Fortran_CREATE_ASSEMBLY_SOURCE)
-
 # Fortran-specific feature flags.
 set(CMAKE_Fortran_MODDIR_FLAG -J)
diff --git a/Modules/Compiler/HP-Fortran.cmake b/Modules/Compiler/HP-Fortran.cmake
index cc56b46..ad821ab 100644
--- a/Modules/Compiler/HP-Fortran.cmake
+++ b/Modules/Compiler/HP-Fortran.cmake
@@ -1,3 +1,6 @@
 set(CMAKE_Fortran_VERBOSE_FLAG "-v")
 set(CMAKE_Fortran_FORMAT_FIXED_FLAG "+source=fixed")
 set(CMAKE_Fortran_FORMAT_FREE_FLAG "+source=free")
+
+set(CMAKE_Fortran_CREATE_ASSEMBLY_SOURCE "<CMAKE_Fortran_COMPILER> <DEFINES> <FLAGS> -S <SOURCE> -o <ASSEMBLY_SOURCE>")
+set(CMAKE_Fortran_CREATE_PREPROCESSED_SOURCE "<CMAKE_Fortran_COMPILER> <DEFINES> <FLAGS> -E <SOURCE> > <PREPROCESSED_SOURCE>")
diff --git a/Modules/Compiler/Intel-Fortran.cmake b/Modules/Compiler/Intel-Fortran.cmake
index 84f6182..9ebac5a 100644
--- a/Modules/Compiler/Intel-Fortran.cmake
+++ b/Modules/Compiler/Intel-Fortran.cmake
@@ -7,3 +7,6 @@ set(CMAKE_Fortran_MODDIR_FLAG "-module ")
 set(CMAKE_Fortran_VERBOSE_FLAG "-v")
 set(CMAKE_Fortran_FORMAT_FIXED_FLAG "-fixed")
 set(CMAKE_Fortran_FORMAT_FREE_FLAG "-free")
+
+set(CMAKE_Fortran_CREATE_PREPROCESSED_SOURCE "<CMAKE_Fortran_COMPILER> <DEFINES> <FLAGS> -E <SOURCE> > <PREPROCESSED_SOURCE>")
+set(CMAKE_Fortran_CREATE_ASSEMBLY_SOURCE "<CMAKE_Fortran_COMPILER> <DEFINES> <FLAGS> -S <SOURCE> -o <ASSEMBLY_SOURCE>")
diff --git a/Modules/Compiler/PGI-Fortran.cmake b/Modules/Compiler/PGI-Fortran.cmake
index 264c23e..2866254 100644
--- a/Modules/Compiler/PGI-Fortran.cmake
+++ b/Modules/Compiler/PGI-Fortran.cmake
@@ -7,9 +7,4 @@ set(CMAKE_Fortran_FORMAT_FREE_FLAG "-Mfreeform")
 set(CMAKE_Fortran_FLAGS_INIT "${CMAKE_Fortran_FLAGS_INIT} -Mpreprocess -Kieee")
 set(CMAKE_Fortran_FLAGS_DEBUG_INIT "${CMAKE_Fortran_FLAGS_DEBUG_INIT} -Mbounds")
 
-# We require updates to CMake C++ code to support preprocessing rules
-# for Fortran.
-set(CMAKE_Fortran_CREATE_PREPROCESSED_SOURCE)
-set(CMAKE_Fortran_CREATE_ASSEMBLY_SOURCE)
-
 set(CMAKE_Fortran_MODDIR_FLAG "-module ")
diff --git a/Modules/Compiler/SunPro-Fortran.cmake b/Modules/Compiler/SunPro-Fortran.cmake
index 18e75b9..c38d5a5 100644
--- a/Modules/Compiler/SunPro-Fortran.cmake
+++ b/Modules/Compiler/SunPro-Fortran.cmake
@@ -16,3 +16,6 @@ set(CMAKE_Fortran_FLAGS_RELEASE_INIT "-xO3 -DNDEBUG")
 set(CMAKE_Fortran_FLAGS_RELWITHDEBINFO_INIT "-g -xO2 -DNDEBUG")
 set(CMAKE_Fortran_MODDIR_FLAG "-moddir=")
 set(CMAKE_Fortran_MODPATH_FLAG "-M")
+
+set(CMAKE_Fortran_CREATE_PREPROCESSED_SOURCE "<CMAKE_Fortran_COMPILER> <DEFINES> <FLAGS> -E <SOURCE> > <PREPROCESSED_SOURCE>")
+set(CMAKE_Fortran_CREATE_ASSEMBLY_SOURCE "<CMAKE_Fortran_COMPILER> <DEFINES> <FLAGS> -S <SOURCE> -o <ASSEMBLY_SOURCE>")
diff --git a/Modules/Compiler/XL-Fortran.cmake b/Modules/Compiler/XL-Fortran.cmake
index f1c9158..ae9df4e 100644
--- a/Modules/Compiler/XL-Fortran.cmake
+++ b/Modules/Compiler/XL-Fortran.cmake
@@ -12,6 +12,6 @@ set(CMAKE_Fortran_DEFINE_FLAG "-WF,-D")
 # -qhalt=e       = Halt on error messages (rather than just severe errors)
 set(CMAKE_Fortran_FLAGS_INIT "-qthreaded -qhalt=e")
 
-# We require updates to CMake C++ code to support preprocessing rules for Fortran.
+# xlf: 1501-214 (W) command option E reserved for future use - ignored
 set(CMAKE_Fortran_CREATE_PREPROCESSED_SOURCE)
 set(CMAKE_Fortran_CREATE_ASSEMBLY_SOURCE)
diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake
index 8832950..e5616b1 100644
--- a/Modules/ExternalProject.cmake
+++ b/Modules/ExternalProject.cmake
@@ -1,187 +1,340 @@
-#.rst:
-# ExternalProject
-# ---------------
-#
-# Create custom targets to build projects in external trees
-#
-# The ``ExternalProject_Add`` function creates a custom target to drive
-# download, update/patch, configure, build, install and test steps of an
-# external project:
-#
-# .. code-block:: cmake
-#
-#  ExternalProject_Add(<name>    # Name for custom target
-#    [DEPENDS projects...]       # Targets on which the project depends
-#    [PREFIX dir]                # Root dir for entire project
-#    [LIST_SEPARATOR sep]        # Sep to be replaced by ; in cmd lines
-#    [TMP_DIR dir]               # Directory to store temporary files
-#    [STAMP_DIR dir]             # Directory to store step timestamps
-#    [EXCLUDE_FROM_ALL 1]        # The "all" target does not depend on this
-#   #--Download step--------------
-#    [DOWNLOAD_NAME fname]       # File name to store (if not end of URL)
-#    [DOWNLOAD_DIR dir]          # Directory to store downloaded files
-#    [DOWNLOAD_COMMAND cmd...]   # Command to download source tree
-#    [DOWNLOAD_NO_PROGRESS 1]    # Disable download progress reports
-#    [CVS_REPOSITORY cvsroot]    # CVSROOT of CVS repository
-#    [CVS_MODULE mod]            # Module to checkout from CVS repo
-#    [CVS_TAG tag]               # Tag to checkout from CVS repo
-#    [SVN_REPOSITORY url]        # URL of Subversion repo
-#    [SVN_REVISION -r<rev>]      # Revision to checkout from Subversion repo
-#    [SVN_USERNAME john ]        # Username for Subversion checkout and update
-#    [SVN_PASSWORD doe ]         # Password for Subversion checkout and update
-#    [SVN_TRUST_CERT 1 ]         # Trust the Subversion server site certificate
-#    [GIT_REPOSITORY url]        # URL of git repo
-#    [GIT_TAG tag]               # Git branch name, commit id or tag
-#    [GIT_SUBMODULES modules...] # Git submodules that shall be updated, all if empty
-#    [HG_REPOSITORY url]         # URL of mercurial repo
-#    [HG_TAG tag]                # Mercurial branch name, commit id or tag
-#    [URL /.../src.tgz]          # Full path or URL of source
-#    [URL_HASH ALGO=value]       # Hash of file at URL
-#    [URL_MD5 md5]               # Equivalent to URL_HASH MD5=md5
-#    [TLS_VERIFY bool]           # Should certificate for https be checked
-#    [TLS_CAINFO file]           # Path to a certificate authority file
-#    [TIMEOUT seconds]           # Time allowed for file download operations
-#   #--Update/Patch step----------
-#    [UPDATE_COMMAND cmd...]     # Source work-tree update command
-#    [PATCH_COMMAND cmd...]      # Command to patch downloaded source
-#   #--Configure step-------------
-#    [SOURCE_DIR dir]            # Source dir to be used for build
-#    [CONFIGURE_COMMAND cmd...]  # Build tree configuration command
-#    [CMAKE_COMMAND /.../cmake]  # Specify alternative cmake executable
-#    [CMAKE_GENERATOR gen]       # Specify generator for native build
-#    [CMAKE_GENERATOR_PLATFORM p] # Generator-specific platform name
-#    [CMAKE_GENERATOR_TOOLSET t] # Generator-specific toolset name
-#    [CMAKE_ARGS args...]        # Arguments to CMake command line
-#    [CMAKE_CACHE_ARGS args...]  # Initial cache args with form -Dvar:string=on
-#   #--Build step-----------------
-#    [BINARY_DIR dir]            # Specify build dir location
-#    [BUILD_COMMAND cmd...]      # Command to drive the native build
-#    [BUILD_IN_SOURCE 1]         # Use source dir for build dir
-#    [BUILD_ALWAYS 1]            # No stamp file, build step always runs
-#   #--Install step---------------
-#    [INSTALL_DIR dir]           # Installation prefix
-#    [INSTALL_COMMAND cmd...]    # Command to drive install after build
-#   #--Test step------------------
-#    [TEST_BEFORE_INSTALL 1]     # Add test step executed before install step
-#    [TEST_AFTER_INSTALL 1]      # Add test step executed after install step
-#    [TEST_COMMAND cmd...]       # Command to drive test
-#   #--Output logging-------------
-#    [LOG_DOWNLOAD 1]            # Wrap download in script to log output
-#    [LOG_UPDATE 1]              # Wrap update in script to log output
-#    [LOG_CONFIGURE 1]           # Wrap configure in script to log output
-#    [LOG_BUILD 1]               # Wrap build in script to log output
-#    [LOG_TEST 1]                # Wrap test in script to log output
-#    [LOG_INSTALL 1]             # Wrap install in script to log output
-#   #--Custom targets-------------
-#    [STEP_TARGETS st1 st2 ...]  # Generate custom targets for these steps
-#    )
-#
-# The ``*_DIR`` options specify directories for the project, with default
-# directories computed as follows.  If the ``PREFIX`` option is given to
-# ``ExternalProject_Add()`` or the ``EP_PREFIX`` directory property is set,
-# then an external project is built and installed under the specified prefix::
-#
-#  TMP_DIR      = <prefix>/tmp
-#  STAMP_DIR    = <prefix>/src/<name>-stamp
-#  DOWNLOAD_DIR = <prefix>/src
-#  SOURCE_DIR   = <prefix>/src/<name>
-#  BINARY_DIR   = <prefix>/src/<name>-build
-#  INSTALL_DIR  = <prefix>
-#
-# Otherwise, if the ``EP_BASE`` directory property is set then components
-# of an external project are stored under the specified base::
-#
-#  TMP_DIR      = <base>/tmp/<name>
-#  STAMP_DIR    = <base>/Stamp/<name>
-#  DOWNLOAD_DIR = <base>/Download/<name>
-#  SOURCE_DIR   = <base>/Source/<name>
-#  BINARY_DIR   = <base>/Build/<name>
-#  INSTALL_DIR  = <base>/Install/<name>
-#
-# If no ``PREFIX``, ``EP_PREFIX``, or ``EP_BASE`` is specified then the
-# default is to set ``PREFIX`` to ``<name>-prefix``.  Relative paths are
-# interpreted with respect to the build directory corresponding to the
-# source directory in which ``ExternalProject_Add`` is invoked.
-#
-# If ``SOURCE_DIR`` is explicitly set to an existing directory the project
-# will be built from it.  Otherwise a download step must be specified
-# using one of the ``DOWNLOAD_COMMAND``, ``CVS_*``, ``SVN_*``, or ``URL``
-# options.  The ``URL`` option may refer locally to a directory or source
-# tarball, or refer to a remote tarball (e.g. ``http://.../src.tgz``).
-#
-# The ``ExternalProject_Add_Step`` function adds a custom step to an
-# external project:
-#
-# .. code-block:: cmake
-#
-#  ExternalProject_Add_Step(<name> <step> # Names of project and custom step
-#    [COMMAND cmd...]        # Command line invoked by this step
-#    [COMMENT "text..."]     # Text printed when step executes
-#    [DEPENDEES steps...]    # Steps on which this step depends
-#    [DEPENDERS steps...]    # Steps that depend on this step
-#    [DEPENDS files...]      # Files on which this step depends
-#    [ALWAYS 1]              # No stamp file, step always runs
-#    [EXCLUDE_FROM_MAIN 1]   # Main target does not depend on this step
-#    [WORKING_DIRECTORY dir] # Working directory for command
-#    [LOG 1]                 # Wrap step in script to log output
-#    )
-#
-# The command line, comment, and working directory of every standard and
-# custom step is processed to replace tokens ``<SOURCE_DIR>``,
-# ``<BINARY_DIR>``, ``<INSTALL_DIR>``, and ``<TMP_DIR>`` with
-# corresponding property values.
-#
-# Any builtin step that specifies a ``<step>_COMMAND cmd...`` or custom
-# step that specifies a ``COMMAND cmd...`` may specify additional command
-# lines using the form ``COMMAND cmd...``.  At build time the commands
-# will be executed in order and aborted if any one fails.  For example::
-#
-#  ... BUILD_COMMAND make COMMAND echo done ...
-#
-# specifies to run ``make`` and then ``echo done`` during the build step.
-# Whether the current working directory is preserved between commands is
-# not defined.  Behavior of shell operators like ``&&`` is not defined.
-#
-# The ``ExternalProject_Get_Property`` function retrieves external project
-# target properties::
-#
-#  ExternalProject_Get_Property(<name> [prop1 [prop2 [...]]])
-#
-# It stores property values in variables of the same name.  Property
-# names correspond to the keyword argument names of
-# ``ExternalProject_Add``.
-#
-# The ``ExternalProject_Add_StepTargets`` function generates custom
-# targets for the steps listed::
-#
-#  ExternalProject_Add_StepTargets(<name> [step1 [step2 [...]]])
-#
-# If ``STEP_TARGETS`` is set then ``ExternalProject_Add_StepTargets`` is
-# automatically called at the end of matching calls to
-# ``ExternalProject_Add_Step``.  Pass ``STEP_TARGETS`` explicitly to
-# individual ``ExternalProject_Add`` calls, or implicitly to all
-# ``ExternalProject_Add`` calls by setting the directory property
-# ``EP_STEP_TARGETS``.
-#
-# If ``STEP_TARGETS`` is not set, clients may still manually call
-# ``ExternalProject_Add_StepTargets`` after calling
-# ``ExternalProject_Add`` or ``ExternalProject_Add_Step``.
-#
-# This functionality is provided to make it easy to drive the steps
-# independently of each other by specifying targets on build command
-# lines.  For example, you may be submitting to a sub-project based
-# dashboard, where you want to drive the configure portion of the build,
-# then submit to the dashboard, followed by the build portion, followed
-# by tests.  If you invoke a custom target that depends on a step
-# halfway through the step dependency chain, then all the previous steps
-# will also run to ensure everything is up to date.
-#
-# For example, to drive configure, build and test steps independently
-# for each ``ExternalProject_Add`` call in your project, write the following
-# line prior to any ``ExternalProject_Add`` calls in your ``CMakeLists.txt``
-# file::
-#
-#  set_property(DIRECTORY PROPERTY EP_STEP_TARGETS configure build test)
+#[=======================================================================[.rst:
+ExternalProject
+---------------
+
+Create custom targets to build projects in external trees
+
+.. command:: ExternalProject_Add
+
+  The ``ExternalProject_Add`` function creates a custom target to drive
+  download, update/patch, configure, build, install and test steps of an
+  external project::
+
+   ExternalProject_Add(<name> [<option>...])
+
+  General options are:
+
+  ``DEPENDS <projects>...``
+    Targets on which the project depends
+  ``PREFIX <dir>``
+    Root dir for entire project
+  ``LIST_SEPARATOR <sep>``
+    Sep to be replaced by ; in cmd lines
+  ``TMP_DIR <dir>``
+    Directory to store temporary files
+  ``STAMP_DIR <dir>``
+    Directory to store step timestamps
+  ``EXCLUDE_FROM_ALL 1``
+    The "all" target does not depend on this
+
+  Download step options are:
+
+  ``DOWNLOAD_NAME <fname>``
+    File name to store (if not end of URL)
+  ``DOWNLOAD_DIR <dir>``
+    Directory to store downloaded files
+  ``DOWNLOAD_COMMAND <cmd>...``
+    Command to download source tree
+  ``DOWNLOAD_NO_PROGRESS 1``
+    Disable download progress reports
+  ``CVS_REPOSITORY <cvsroot>``
+    CVSROOT of CVS repository
+  ``CVS_MODULE <mod>``
+    Module to checkout from CVS repo
+  ``CVS_TAG <tag>``
+    Tag to checkout from CVS repo
+  ``SVN_REPOSITORY <url>``
+    URL of Subversion repo
+  ``SVN_REVISION -r<rev>``
+    Revision to checkout from Subversion repo
+  ``SVN_USERNAME <username>``
+    Username for Subversion checkout and update
+  ``SVN_PASSWORD <password>``
+    Password for Subversion checkout and update
+  ``SVN_TRUST_CERT 1``
+    Trust the Subversion server site certificate
+  ``GIT_REPOSITORY <url>``
+    URL of git repo
+  ``GIT_TAG <tag>``
+    Git branch name, commit id or tag
+  ``GIT_SUBMODULES <module>...``
+    Git submodules that shall be updated, all if empty
+  ``HG_REPOSITORY <url>``
+    URL of mercurial repo
+  ``HG_TAG <tag>``
+    Mercurial branch name, commit id or tag
+  ``URL /.../src.tgz``
+    Full path or URL of source
+  ``URL_HASH ALGO=value``
+    Hash of file at URL
+  ``URL_MD5 md5``
+    Equivalent to URL_HASH MD5=md5
+  ``TLS_VERIFY <bool>``
+    Should certificate for https be checked
+  ``TLS_CAINFO <file>``
+    Path to a certificate authority file
+  ``TIMEOUT <seconds>``
+    Time allowed for file download operations
+
+  Update/Patch step options are:
+
+  ``UPDATE_COMMAND <cmd>...``
+    Source work-tree update command
+  ``UPDATE_DISCONNECTED 1``
+    Never update automatically from the remote repository
+  ``PATCH_COMMAND <cmd>...``
+    Command to patch downloaded source
+
+  Configure step options are:
+
+  ``SOURCE_DIR <dir>``
+    Source dir to be used for build
+  ``CONFIGURE_COMMAND <cmd>...``
+    Build tree configuration command
+  ``CMAKE_COMMAND /.../cmake``
+    Specify alternative cmake executable
+  ``CMAKE_GENERATOR <gen>``
+    Specify generator for native build
+  ``CMAKE_GENERATOR_PLATFORM <platform>``
+    Generator-specific platform name
+  ``CMAKE_GENERATOR_TOOLSET <toolset>``
+    Generator-specific toolset name
+  ``CMAKE_ARGS <arg>...``
+    Arguments to CMake command line.
+    These arguments are passed to CMake command line, and can contain
+    arguments other than cache values, see also
+    :manual:`CMake Options <cmake(1)>`. Arguments in the form
+    ``-Dvar:string=on`` are always passed to the command line, and
+    therefore cannot be changed by the user.
+  ``CMAKE_CACHE_ARGS <arg>...``
+    Initial cache arguments, of the form ``-Dvar:string=on``.
+    These arguments are written in a pre-load a script that populates
+    CMake cache, see also :manual:`cmake -C <cmake(1)>`. This allows to
+    overcome command line length limits.
+    These arguments are :command:`set` using the ``FORCE`` argument,
+    and therefore cannot be changed by the user.
+  ``CMAKE_CACHE_DEFAULT_ARGS <arg>...``
+    Initial default cache arguments, of the form ``-Dvar:string=on``.
+    These arguments are written in a pre-load a script that populates
+    CMake cache, see also :manual:`cmake -C <cmake(1)>`. This allows to
+    overcome command line length limits.
+    These arguments can be used as default value that will be set if no
+    previous value is found in the cache, and that the user can change
+    later.
+
+  Build step options are:
+
+  ``BINARY_DIR <dir>``
+    Specify build dir location
+  ``BUILD_COMMAND <cmd>...``
+    Command to drive the native build
+  ``BUILD_IN_SOURCE 1``
+    Use source dir for build dir
+  ``BUILD_ALWAYS 1``
+    No stamp file, build step always runs
+  ``BUILD_BYPRODUCTS <file>...``
+    Files that will be generated by the build command but may or may
+    not have their modification time updated by subsequent builds.
+
+  Install step options are:
+
+  ``INSTALL_DIR <dir>``
+    Installation prefix
+  ``INSTALL_COMMAND <cmd>...``
+    Command to drive install after build
+
+  Test step options are:
+
+  ``TEST_BEFORE_INSTALL 1``
+    Add test step executed before install step
+  ``TEST_AFTER_INSTALL 1``
+    Add test step executed after install step
+  ``TEST_COMMAND <cmd>...``
+    Command to drive test
+
+  Output logging options are:
+
+  ``LOG_DOWNLOAD 1``
+    Wrap download in script to log output
+  ``LOG_UPDATE 1``
+    Wrap update in script to log output
+  ``LOG_CONFIGURE 1``
+    Wrap configure in script to log output
+  ``LOG_BUILD 1``
+    Wrap build in script to log output
+  ``LOG_TEST 1``
+    Wrap test in script to log output
+  ``LOG_INSTALL 1``
+    Wrap install in script to log output
+
+  Other options are:
+
+  ``STEP_TARGETS <step-target>...``
+    Generate custom targets for these steps
+  ``INDEPENDENT_STEP_TARGETS <step-target>...``
+    Generate custom targets for these steps that do not depend on other
+    external projects even if a dependency is set
+
+  The ``*_DIR`` options specify directories for the project, with default
+  directories computed as follows.  If the ``PREFIX`` option is given to
+  ``ExternalProject_Add()`` or the ``EP_PREFIX`` directory property is set,
+  then an external project is built and installed under the specified prefix::
+
+   TMP_DIR      = <prefix>/tmp
+   STAMP_DIR    = <prefix>/src/<name>-stamp
+   DOWNLOAD_DIR = <prefix>/src
+   SOURCE_DIR   = <prefix>/src/<name>
+   BINARY_DIR   = <prefix>/src/<name>-build
+   INSTALL_DIR  = <prefix>
+
+  Otherwise, if the ``EP_BASE`` directory property is set then components
+  of an external project are stored under the specified base::
+
+   TMP_DIR      = <base>/tmp/<name>
+   STAMP_DIR    = <base>/Stamp/<name>
+   DOWNLOAD_DIR = <base>/Download/<name>
+   SOURCE_DIR   = <base>/Source/<name>
+   BINARY_DIR   = <base>/Build/<name>
+   INSTALL_DIR  = <base>/Install/<name>
+
+  If no ``PREFIX``, ``EP_PREFIX``, or ``EP_BASE`` is specified then the
+  default is to set ``PREFIX`` to ``<name>-prefix``.  Relative paths are
+  interpreted with respect to the build directory corresponding to the
+  source directory in which ``ExternalProject_Add`` is invoked.
+
+  If ``SOURCE_DIR`` is explicitly set to an existing directory the project
+  will be built from it.  Otherwise a download step must be specified
+  using one of the ``DOWNLOAD_COMMAND``, ``CVS_*``, ``SVN_*``, or ``URL``
+  options.  The ``URL`` option may refer locally to a directory or source
+  tarball, or refer to a remote tarball (e.g. ``http://.../src.tgz``).
+
+  If ``UPDATE_DISCONNECTED`` is set, the update step is not executed
+  automatically when building the main target. The update step can still
+  be added as a step target and called manually. This is useful if you
+  want to allow to build the project when you are disconnected from the
+  network (you might still need the network for the download step).
+  This is disabled by default.
+  The directory property ``EP_UPDATE_DISCONNECTED`` can be used to change
+  the default value for all the external projects in the current
+  directory and its subdirectories.
+
+.. command:: ExternalProject_Add_Step
+
+  The ``ExternalProject_Add_Step`` function adds a custom step to an
+  external project::
+
+   ExternalProject_Add_Step(<name> <step> [<option>...])
+
+  Options are:
+
+  ``COMMAND <cmd>...``
+    Command line invoked by this step
+  ``COMMENT "<text>..."``
+    Text printed when step executes
+  ``DEPENDEES <step>...``
+    Steps on which this step depends
+  ``DEPENDERS <step>...``
+    Steps that depend on this step
+  ``DEPENDS <file>...``
+    Files on which this step depends
+  ``BYPRODUCTS <file>...``
+    Files that will be generated by this step but may or may not
+    have their modification time updated by subsequent builds.
+  ``ALWAYS 1``
+    No stamp file, step always runs
+  ``EXCLUDE_FROM_MAIN 1``
+    Main target does not depend on this step
+  ``WORKING_DIRECTORY <dir>``
+    Working directory for command
+  ``LOG 1``
+    Wrap step in script to log output
+
+  The command line, comment, and working directory of every standard and
+  custom step is processed to replace tokens ``<SOURCE_DIR>``,
+  ``<BINARY_DIR>``, ``<INSTALL_DIR>``, and ``<TMP_DIR>`` with
+  corresponding property values.
+
+Any builtin step that specifies a ``<step>_COMMAND cmd...`` or custom
+step that specifies a ``COMMAND cmd...`` may specify additional command
+lines using the form ``COMMAND cmd...``.  At build time the commands
+will be executed in order and aborted if any one fails.  For example::
+
+ ... BUILD_COMMAND make COMMAND echo done ...
+
+specifies to run ``make`` and then ``echo done`` during the build step.
+Whether the current working directory is preserved between commands is
+not defined.  Behavior of shell operators like ``&&`` is not defined.
+
+.. command:: ExternalProject_Get_Property
+
+  The ``ExternalProject_Get_Property`` function retrieves external project
+  target properties::
+
+    ExternalProject_Get_Property(<name> [prop1 [prop2 [...]]])
+
+  It stores property values in variables of the same name.  Property
+  names correspond to the keyword argument names of
+  ``ExternalProject_Add``.
+
+.. command:: ExternalProject_Add_StepTargets
+
+  The ``ExternalProject_Add_StepTargets`` function generates custom
+  targets for the steps listed::
+
+    ExternalProject_Add_StepTargets(<name> [NO_DEPENDS] [step1 [step2 [...]]])
+
+If ``NO_DEPENDS`` is set, the target will not depend on the
+dependencies of the complete project. This is usually safe to use for
+the download, update, and patch steps that do not require that all the
+dependencies are updated and built.  Using ``NO_DEPENDS`` for other
+of the default steps might break parallel builds, so you should avoid,
+it.  For custom steps, you should consider whether or not the custom
+commands requires that the dependencies are configured, built and
+installed.
+
+If ``STEP_TARGETS`` or ``INDEPENDENT_STEP_TARGETS`` is set then
+``ExternalProject_Add_StepTargets`` is automatically called at the end
+of matching calls to ``ExternalProject_Add_Step``.  Pass
+``STEP_TARGETS`` or ``INDEPENDENT_STEP_TARGETS`` explicitly to
+individual ``ExternalProject_Add`` calls, or implicitly to all
+``ExternalProject_Add`` calls by setting the directory properties
+``EP_STEP_TARGETS`` and ``EP_INDEPENDENT_STEP_TARGETS``.  The
+``INDEPENDENT`` version of the argument and of the property will call
+``ExternalProject_Add_StepTargets`` with the ``NO_DEPENDS`` argument.
+
+If ``STEP_TARGETS`` and ``INDEPENDENT_STEP_TARGETS`` are not set,
+clients may still manually call ``ExternalProject_Add_StepTargets``
+after calling ``ExternalProject_Add`` or ``ExternalProject_Add_Step``.
+
+This functionality is provided to make it easy to drive the steps
+independently of each other by specifying targets on build command
+lines.  For example, you may be submitting to a sub-project based
+dashboard, where you want to drive the configure portion of the build,
+then submit to the dashboard, followed by the build portion, followed
+by tests.  If you invoke a custom target that depends on a step
+halfway through the step dependency chain, then all the previous steps
+will also run to ensure everything is up to date.
+
+For example, to drive configure, build and test steps independently
+for each ``ExternalProject_Add`` call in your project, write the following
+line prior to any ``ExternalProject_Add`` calls in your ``CMakeLists.txt``
+file::
+
+ set_property(DIRECTORY PROPERTY EP_STEP_TARGETS configure build test)
+
+.. command:: ExternalProject_Add_StepDependencies
+
+  The ``ExternalProject_Add_StepDependencies`` function add some
+  dependencies for some external project step::
+
+    ExternalProject_Add_StepDependencies(<name> <step> [target1 [target2 [...]]])
+
+  This function takes care to set both target and file level
+  dependencies, and will ensure that parallel builds will not break.
+  It should be used instead of :command:`add_dependencies()` when adding
+  a dependency for some of the step targets generated by
+  ``ExternalProject``.
+#]=======================================================================]
 
 #=============================================================================
 # Copyright 2008-2013 Kitware, Inc.
@@ -200,9 +353,9 @@
 math(EXPR _ep_documentation_line_count "${CMAKE_CURRENT_LIST_LINE} - 16")
 file(STRINGS "${CMAKE_CURRENT_LIST_FILE}" lines
      LIMIT_COUNT ${_ep_documentation_line_count}
-     REGEX "^#  (  \\[[A-Z0-9_]+ [^]]*\\] +#.*$|[A-Za-z0-9_]+\\()")
+     REGEX "^\\.\\. command:: [A-Za-z0-9_]+|^  ``[A-Z0-9_]+ .*``$")
 foreach(line IN LISTS lines)
-  if("${line}" MATCHES "^#  ([A-Za-z0-9_]+)\\(")
+  if("${line}" MATCHES "^\\.\\. command:: ([A-Za-z0-9_]+)")
     if(_ep_func)
       set(_ep_keywords_${_ep_func} "${_ep_keywords_${_ep_func}})$")
     endif()
@@ -210,8 +363,8 @@ foreach(line IN LISTS lines)
     #message("function [${_ep_func}]")
     set(_ep_keywords_${_ep_func} "^(")
     set(_ep_keyword_sep)
-  else()
-    string(REGEX REPLACE "^#    \\[([A-Z0-9_]+) .*" "\\1" _ep_key "${line}")
+  elseif("${line}" MATCHES "^  ``([A-Z0-9_]+) .*``$")
+    set(_ep_key "${CMAKE_MATCH_1}")
     #message("  keyword [${_ep_key}]")
     set(_ep_keywords_${_ep_func}
       "${_ep_keywords_${_ep_func}}${_ep_keyword_sep}${_ep_key}")
@@ -290,10 +443,26 @@ define_property(DIRECTORY PROPERTY "EP_STEP_TARGETS" INHERITED
   BRIEF_DOCS
   "List of ExternalProject steps that automatically get corresponding targets"
   FULL_DOCS
+  "These targets will be dependent on the main target dependencies"
+  "See documentation of the ExternalProject_Add_StepTargets() function in the "
+  "ExternalProject module."
+  )
+
+define_property(DIRECTORY PROPERTY "EP_INDEPENDENT_STEP_TARGETS" INHERITED
+  BRIEF_DOCS
+  "List of ExternalProject steps that automatically get corresponding targets"
+  FULL_DOCS
+  "These targets will not be dependent on the main target dependencies"
   "See documentation of the ExternalProject_Add_StepTargets() function in the "
   "ExternalProject module."
   )
 
+define_property(DIRECTORY PROPERTY "EP_UPDATE_DISCONNECTED" INHERITED
+  BRIEF_DOCS "Never update automatically from the remote repo."
+  FULL_DOCS
+  "See documentation of the ExternalProject_Add() function in the "
+  "ExternalProject module."
+  )
 
 function(_ep_write_gitclone_script script_filename source_dir git_EXECUTABLE git_repository git_tag git_submodules src_name work_dir gitclone_infofile gitclone_stampfile)
   file(WRITE ${script_filename}
@@ -910,17 +1079,20 @@ macro(_ep_replace_location_tags target_name)
 endmacro()
 
 
-function(_ep_write_initial_cache target_name script_filename args)
-  # Write out values into an initial cache, that will be passed to CMake with -C
+function(_ep_command_line_to_initial_cache var args force)
   set(script_initial_cache "")
   set(regex "^([^:]+):([^=]+)=(.*)$")
   set(setArg "")
+  set(forceArg "")
+  if(force)
+    set(forceArg "FORCE")
+  endif()
   foreach(line ${args})
     if("${line}" MATCHES "^-D(.*)")
       set(line "${CMAKE_MATCH_1}")
       if(setArg)
         # This is required to build up lists in variables, or complete an entry
-        set(setArg "${setArg}${accumulator}\" CACHE ${type} \"Initial cache\" FORCE)")
+        set(setArg "${setArg}${accumulator}\" CACHE ${type} \"Initial cache\" ${forceArg})")
         set(script_initial_cache "${script_initial_cache}\n${setArg}")
         set(accumulator "")
         set(setArg "")
@@ -940,9 +1112,15 @@ function(_ep_write_initial_cache target_name script_filename args)
   endforeach()
   # Catch the final line of the args
   if(setArg)
-    set(setArg "${setArg}${accumulator}\" CACHE ${type} \"Initial cache\" FORCE)")
+    set(setArg "${setArg}${accumulator}\" CACHE ${type} \"Initial cache\" ${forceArg})")
     set(script_initial_cache "${script_initial_cache}\n${setArg}")
   endif()
+  set(${var} ${script_initial_cache} PARENT_SCOPE)
+endfunction()
+
+
+function(_ep_write_initial_cache target_name script_filename script_initial_cache)
+  # Write out values into an initial cache, that will be passed to CMake with -C
   # Replace location tags.
   _ep_replace_location_tags(${target_name} script_initial_cache)
   # Write out the initial cache file to the location specified.
@@ -1180,19 +1358,28 @@ endfunction()
 
 function(ExternalProject_Add_StepTargets name)
   set(steps ${ARGN})
-
+  if("${ARGV1}" STREQUAL "NO_DEPENDS")
+    set(no_deps 1)
+    list(REMOVE_AT steps 0)
+  endif()
   foreach(step ${steps})
+    if(no_deps  AND  "${step}" MATCHES "^(configure|build|install|test)$")
+      message(AUTHOR_WARNING "Using NO_DEPENDS for \"${step}\" step  might break parallel builds")
+    endif()
     _ep_get_step_stampfile(${name} ${step} stamp_file)
     add_custom_target(${name}-${step}
       DEPENDS ${stamp_file})
+    set_property(TARGET ${name}-${step} PROPERTY _EP_IS_EXTERNAL_PROJECT_STEP 1)
     set_property(TARGET ${name}-${step} PROPERTY LABELS ${name})
     set_property(TARGET ${name}-${step} PROPERTY FOLDER "ExternalProjectTargets/${name}")
 
     # Depend on other external projects (target-level).
-    get_property(deps TARGET ${name} PROPERTY _EP_DEPENDS)
-    foreach(arg IN LISTS deps)
-      add_dependencies(${name}-${step} ${arg})
-    endforeach()
+    if(NOT no_deps)
+      get_property(deps TARGET ${name} PROPERTY _EP_DEPENDS)
+      foreach(arg IN LISTS deps)
+        add_dependencies(${name}-${step} ${arg})
+      endforeach()
+    endif()
   endforeach()
 endfunction()
 
@@ -1228,6 +1415,9 @@ function(ExternalProject_Add_Step name step)
   # Dependencies on files.
   get_property(depends TARGET ${name} PROPERTY _EP_${step}_DEPENDS)
 
+  # Byproducts of the step.
+  get_property(byproducts TARGET ${name} PROPERTY _EP_${step}_BYPRODUCTS)
+
   # Dependencies on steps.
   get_property(dependees TARGET ${name} PROPERTY _EP_${step}_DEPENDEES)
   foreach(dependee IN LISTS dependees)
@@ -1274,8 +1464,18 @@ function(ExternalProject_Add_Step name step)
     _ep_write_log_script(${name} ${step} command)
   endif()
 
+  if("${command}" STREQUAL "")
+    # Some generators (i.e. Xcode) will not generate a file level target
+    # if no command is set, and therefore the dependencies on this
+    # target will be broken.
+    # The empty command is replaced by an echo command here in order to
+    # avoid this issue.
+    set(command ${CMAKE_COMMAND} -E echo_append)
+  endif()
+
   add_custom_command(
     OUTPUT ${stamp_file}
+    BYPRODUCTS ${byproducts}
     COMMENT ${comment}
     COMMAND ${command}
     COMMAND ${touch}
@@ -1283,6 +1483,7 @@ function(ExternalProject_Add_Step name step)
     WORKING_DIRECTORY ${work_dir}
     VERBATIM
     )
+  set_property(TARGET ${name} APPEND PROPERTY _EP_STEPS ${step})
 
   # Add custom "step target"?
   get_property(step_targets TARGET ${name} PROPERTY _EP_STEP_TARGETS)
@@ -1295,6 +1496,60 @@ function(ExternalProject_Add_Step name step)
       break()
     endif()
   endforeach()
+
+  get_property(independent_step_targets TARGET ${name} PROPERTY _EP_INDEPENDENT_STEP_TARGETS)
+  if(NOT independent_step_targets)
+    get_property(independent_step_targets DIRECTORY PROPERTY EP_INDEPENDENT_STEP_TARGETS)
+  endif()
+  foreach(st ${independent_step_targets})
+    if("${st}" STREQUAL "${step}")
+      ExternalProject_Add_StepTargets(${name} NO_DEPENDS ${step})
+      break()
+    endif()
+  endforeach()
+endfunction()
+
+
+function(ExternalProject_Add_StepDependencies name step)
+  set(dependencies ${ARGN})
+
+  # Sanity checks on "name" and "step".
+  if(NOT TARGET ${name})
+    message(FATAL_ERROR "Cannot find target \"${name}\". Perhaps it has not yet been created using ExternalProject_Add.")
+  endif()
+
+  get_property(is_ep TARGET ${name} PROPERTY _EP_IS_EXTERNAL_PROJECT)
+  if(NOT is_ep)
+    message(FATAL_ERROR "Target \"${name}\" was not generated by ExternalProject_Add.")
+  endif()
+
+  get_property(steps TARGET ${name} PROPERTY _EP_STEPS)
+  list(FIND steps ${step} is_step)
+  if(NOT is_step)
+    message(FATAL_ERROR "External project \"${name}\" does not have a step \"${step}\".")
+  endif()
+
+  if(TARGET ${name}-${step})
+    get_property(is_ep_step TARGET ${name}-${step} PROPERTY _EP_IS_EXTERNAL_PROJECT_STEP)
+    if(NOT is_ep_step)
+      message(FATAL_ERROR "Target \"${name}\" was not generated by ExternalProject_Add_StepTargets.")
+    endif()
+  endif()
+
+  # Always add file-level dependency, but add target-level dependency
+  # only if the target exists for that step.
+  _ep_get_step_stampfile(${name} ${step} stamp_file)
+  foreach(dep ${dependencies})
+    add_custom_command(APPEND
+      OUTPUT ${stamp_file}
+      DEPENDS ${dep})
+    if(TARGET ${name}-${step})
+      foreach(dep ${dependencies})
+        add_dependencies(${name}-${step} ${dep})
+      endforeach()
+    endif()
+  endforeach()
+
 endfunction()
 
 
@@ -1612,6 +1867,12 @@ function(_ep_add_update_command name)
   get_property(svn_repository TARGET ${name} PROPERTY _EP_SVN_REPOSITORY)
   get_property(git_repository TARGET ${name} PROPERTY _EP_GIT_REPOSITORY)
   get_property(hg_repository  TARGET ${name} PROPERTY _EP_HG_REPOSITORY )
+  get_property(update_disconnected_set TARGET ${name} PROPERTY _EP_UPDATE_DISCONNECTED SET)
+  if(update_disconnected_set)
+    get_property(update_disconnected TARGET ${name} PROPERTY _EP_UPDATE_DISCONNECTED)
+  else()
+    get_property(update_disconnected DIRECTORY PROPERTY EP_UPDATE_DISCONNECTED)
+  endif()
 
   set(work_dir)
   set(comment)
@@ -1701,10 +1962,26 @@ Update to Mercurial >= 2.1.1.
     COMMENT ${comment}
     COMMAND ${cmd}
     ALWAYS ${always}
+    EXCLUDE_FROM_MAIN ${update_disconnected}
     WORKING_DIRECTORY ${work_dir}
     DEPENDEES download
     ${log}
     )
+
+  if(always AND update_disconnected)
+    _ep_get_step_stampfile(${name} skip-update skip-update_stamp_file)
+    string(REPLACE "Performing" "Skipping" comment "${comment}")
+    ExternalProject_Add_Step(${name} skip-update
+      COMMENT ${comment}
+      ALWAYS 1
+      EXCLUDE_FROM_MAIN 1
+      WORKING_DIRECTORY ${work_dir}
+      DEPENDEES download
+      ${log}
+    )
+    set_property(SOURCE ${skip-update_stamp_file} PROPERTY SYMBOLIC 1)
+  endif()
+
 endfunction()
 
 
@@ -1757,11 +2034,20 @@ function(_ep_add_configure_command name)
     get_property(cmake_args TARGET ${name} PROPERTY _EP_CMAKE_ARGS)
     list(APPEND cmd ${cmake_args})
 
-    # If there are any CMAKE_CACHE_ARGS, write an initial cache and use it
+    # If there are any CMAKE_CACHE_ARGS or CMAKE_CACHE_DEFAULT_ARGS,
+    # write an initial cache and use it
     get_property(cmake_cache_args TARGET ${name} PROPERTY _EP_CMAKE_CACHE_ARGS)
-    if(cmake_cache_args)
+    get_property(cmake_cache_default_args TARGET ${name} PROPERTY _EP_CMAKE_CACHE_DEFAULT_ARGS)
+
+    if(cmake_cache_args OR cmake_cache_default_args)
       set(_ep_cache_args_script "${tmp_dir}/${name}-cache.cmake")
-      _ep_write_initial_cache(${name} "${_ep_cache_args_script}" "${cmake_cache_args}")
+      if(cmake_cache_args)
+        _ep_command_line_to_initial_cache(script_initial_cache_force "${cmake_cache_args}" 1)
+      endif()
+      if(cmake_cache_default_args)
+        _ep_command_line_to_initial_cache(script_initial_cache_default "${cmake_cache_default_args}" 0)
+      endif()
+      _ep_write_initial_cache(${name} "${_ep_cache_args_script}" "${script_initial_cache_force}${script_initial_cache_default}")
       list(APPEND cmd "-C${_ep_cache_args_script}")
     endif()
 
@@ -1817,10 +2103,22 @@ function(_ep_add_configure_command name)
     set(log "")
   endif()
 
+  get_property(update_disconnected_set TARGET ${name} PROPERTY _EP_UPDATE_DISCONNECTED SET)
+  if(update_disconnected_set)
+    get_property(update_disconnected TARGET ${name} PROPERTY _EP_UPDATE_DISCONNECTED)
+  else()
+    get_property(update_disconnected DIRECTORY PROPERTY EP_UPDATE_DISCONNECTED)
+  endif()
+  if(update_disconnected)
+    set(update_dep skip-update)
+  else()
+    set(update_dep update)
+  endif()
+
   ExternalProject_Add_Step(${name} configure
     COMMAND ${cmd}
     WORKING_DIRECTORY ${binary_dir}
-    DEPENDEES update patch
+    DEPENDEES ${update_dep} patch
     DEPENDS ${file_deps}
     ${log}
     )
@@ -1851,8 +2149,11 @@ function(_ep_add_build_command name)
     set(always 0)
   endif()
 
+  get_property(build_byproducts TARGET ${name} PROPERTY _EP_BUILD_BYPRODUCTS)
+
   ExternalProject_Add_Step(${name} build
     COMMAND ${cmd}
+    BYPRODUCTS ${build_byproducts}
     WORKING_DIRECTORY ${binary_dir}
     DEPENDEES configure
     ALWAYS ${always}
diff --git a/Modules/FindBoost.cmake b/Modules/FindBoost.cmake
index 3642b3e..aad6575 100644
--- a/Modules/FindBoost.cmake
+++ b/Modules/FindBoost.cmake
@@ -321,7 +321,7 @@ macro(_Boost_FIND_LIBRARY var)
 
   # If Boost_LIBRARY_DIR is known then search only there.
   if(Boost_LIBRARY_DIR)
-    set(_boost_LIBRARY_SEARCH_DIRS ${Boost_LIBRARY_DIR} NO_DEFAULT_PATH)
+    set(_boost_LIBRARY_SEARCH_DIRS ${Boost_LIBRARY_DIR} NO_DEFAULT_PATH NO_CMAKE_FIND_ROOT_PATH)
   endif()
 endmacro()
 
@@ -855,7 +855,7 @@ if(_Boost_CHANGE_LIBDIR AND NOT _Boost_LIBRARY_DIR_CHANGED)
 endif()
 
 if(Boost_LIBRARY_DIR)
-  set(_boost_LIBRARY_SEARCH_DIRS ${Boost_LIBRARY_DIR} NO_DEFAULT_PATH)
+  set(_boost_LIBRARY_SEARCH_DIRS ${Boost_LIBRARY_DIR} NO_DEFAULT_PATH NO_CMAKE_FIND_ROOT_PATH)
 else()
   set(_boost_LIBRARY_SEARCH_DIRS "")
   if(BOOST_LIBRARYDIR)
diff --git a/Modules/FindCurses.cmake b/Modules/FindCurses.cmake
index a21ca89..f94bd09 100644
--- a/Modules/FindCurses.cmake
+++ b/Modules/FindCurses.cmake
@@ -179,11 +179,6 @@ if(NOT DEFINED CURSES_HAVE_CURSES_H)
   endif()
 endif()
 
-if (NOT CURSES_TINFO_HAS_CBREAK)
-  find_library(CURSES_EXTRA_LIBRARY cur_colr HINTS "${_cursesLibDir}")
-  find_library(CURSES_EXTRA_LIBRARY cur_colr )
-endif()
-
 find_library(CURSES_FORM_LIBRARY form HINTS "${_cursesLibDir}")
 find_library(CURSES_FORM_LIBRARY form )
 
diff --git a/Modules/FindGettext.cmake b/Modules/FindGettext.cmake
index f972ad0..ac53c3f 100644
--- a/Modules/FindGettext.cmake
+++ b/Modules/FindGettext.cmake
@@ -50,6 +50,9 @@
 #      (by default use share/locale/).
 #      If ALL is specified, the po files are processed when building the all traget.
 #      It creates a custom target "pofiles".
+#
+# .. note::
+#   If you wish to use the Gettext library (libintl), use :module:`FindIntl`.
 
 #=============================================================================
 # Copyright 2007-2009 Kitware, Inc.
diff --git a/Modules/FindIntl.cmake b/Modules/FindIntl.cmake
new file mode 100644
index 0000000..cd2ec63
--- /dev/null
+++ b/Modules/FindIntl.cmake
@@ -0,0 +1,69 @@
+#.rst:
+# FindIntl
+# --------
+#
+# Find the Gettext libintl headers and libraries.
+#
+# This module reports information about the Gettext libintl
+# installation in several variables.  General variables::
+#
+#   Intl_FOUND - true if the libintl headers and libraries were found
+#   Intl_INCLUDE_DIRS - the directory containing the libintl headers
+#   Intl_LIBRARIES - libintl libraries to be linked
+#
+# The following cache variables may also be set::
+#
+#   Intl_INCLUDE_DIR - the directory containing the libintl headers
+#   Intl_LIBRARY - the libintl library (if any)
+#
+# .. note::
+#   On some platforms, such as Linux with GNU libc, the gettext
+#   functions are present in the C standard library and libintl
+#   is not required.  ``Intl_LIBRARIES`` will be empty in this
+#   case.
+#
+# .. note::
+#   If you wish to use the Gettext tools (``msgmerge``,
+#   ``msgfmt``, etc.), use :module:`FindGettext`.
+
+
+# Written by Roger Leigh <rleigh@codelibre.net>
+
+#=============================================================================
+# Copyright 2014 Roger Leigh <rleigh@codelibre.net>
+#
+# Distributed under the OSI-approved BSD License (the "License");
+# see accompanying file Copyright.txt for details.
+#
+# This software is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the License for more information.
+#=============================================================================
+# (To distribute this file outside of CMake, substitute the full
+#  License text for the above reference.)
+
+# Find include directory
+find_path(Intl_INCLUDE_DIR
+          NAMES "libintl.h"
+          DOC "libintl include directory")
+mark_as_advanced(Intl_INCLUDE_DIR)
+
+# Find all Intl libraries
+find_library(Intl_LIBRARY "intl"
+  DOC "libintl libraries (if not in the C library)")
+mark_as_advanced(Intl_LIBRARY)
+
+include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(Intl
+                                  FOUND_VAR Intl_FOUND
+                                  REQUIRED_VARS Intl_INCLUDE_DIR
+                                  FAIL_MESSAGE "Failed to find Gettext libintl")
+
+if(Intl_FOUND)
+  set(Intl_INCLUDE_DIRS "${Intl_INCLUDE_DIR}")
+  if(Intl_LIBRARY)
+    set(Intl_LIBRARIES "${Intl_LIBRARY}")
+  else()
+    unset(Intl_LIBRARIES)
+  endif()
+endif()
diff --git a/Modules/FindMPI.cmake b/Modules/FindMPI.cmake
index 3be5e3c..ba4ea5b 100644
--- a/Modules/FindMPI.cmake
+++ b/Modules/FindMPI.cmake
@@ -160,7 +160,7 @@ set(_MPI_XL_Fortran_COMPILER_NAMES         mpixlf95   mpixlf95_r mpxlf95 mpxlf95
 # or if we know it matches the regular compiler.
 foreach (lang C CXX Fortran)
   foreach (id GNU Intel PGI XL)
-    if (NOT CMAKE_${lang}_COMPILER_ID OR "${CMAKE_${lang}_COMPILER_ID}" STREQUAL "${id}")
+    if (NOT CMAKE_${lang}_COMPILER_ID OR CMAKE_${lang}_COMPILER_ID STREQUAL id)
       list(APPEND _MPI_${lang}_COMPILER_NAMES ${_MPI_${id}_${lang}_COMPILER_NAMES})
     endif()
     unset(_MPI_${id}_${lang}_COMPILER_NAMES)    # clean up the namespace here
diff --git a/Modules/FindOpenGL.cmake b/Modules/FindOpenGL.cmake
index a83a6c3..a7eefa7 100644
--- a/Modules/FindOpenGL.cmake
+++ b/Modules/FindOpenGL.cmake
@@ -128,19 +128,6 @@ else()
   unset(_OPENGL_INCLUDE_PATH)
   unset(_OPENGL_LIB_PATH)
 
-  # On Unix OpenGL most certainly always requires X11.
-  # Feel free to tighten up these conditions if you don't
-  # think this is always true.
-
-  if (OPENGL_gl_LIBRARY)
-    if(NOT X11_FOUND)
-      include(${CMAKE_CURRENT_LIST_DIR}/FindX11.cmake)
-    endif()
-    if (X11_FOUND)
-      set (OPENGL_LIBRARIES ${X11_LIBRARIES})
-    endif ()
-  endif ()
-
   find_library(OPENGL_glu_LIBRARY
     NAMES GLU MesaGLU
     PATHS ${OPENGL_gl_LIBRARY}
diff --git a/Modules/FindOpenSSL.cmake b/Modules/FindOpenSSL.cmake
index 340b417..b2722a6 100644
--- a/Modules/FindOpenSSL.cmake
+++ b/Modules/FindOpenSSL.cmake
@@ -16,10 +16,12 @@
 #
 # ::
 #
-#   OPENSSL_FOUND - system has the OpenSSL library
-#   OPENSSL_INCLUDE_DIR - the OpenSSL include directory
-#   OPENSSL_LIBRARIES - The libraries needed to use OpenSSL
-#   OPENSSL_VERSION - This is set to $major.$minor.$revision$path (eg. 0.9.8s)
+#   OPENSSL_FOUND - System has the OpenSSL library
+#   OPENSSL_INCLUDE_DIR - The OpenSSL include directory
+#   OPENSSL_CRYPTO_LIBRARY - The OpenSSL crypto library
+#   OPENSSL_SSL_LIBRARY - The OpenSSL SSL library
+#   OPENSSL_LIBRARIES - All OpenSSL libraries
+#   OPENSSL_VERSION - This is set to $major.$minor.$revision$patch (eg. 0.9.8s)
 
 #=============================================================================
 # Copyright 2006-2009 Kitware, Inc.
@@ -153,6 +155,8 @@ if(WIN32 AND NOT CYGWIN)
 
     mark_as_advanced(LIB_EAY_LIBRARY_DEBUG LIB_EAY_LIBRARY_RELEASE
                      SSL_EAY_LIBRARY_DEBUG SSL_EAY_LIBRARY_RELEASE)
+    set( OPENSSL_SSL_LIBRARY ${SSL_EAY_LIBRARY} )
+    set( OPENSSL_CRYPTO_LIBRARY ${LIB_EAY_LIBRARY} )
     set( OPENSSL_LIBRARIES ${SSL_EAY_LIBRARY} ${LIB_EAY_LIBRARY} )
   elseif(MINGW)
     # same player, for MinGW
@@ -181,6 +185,8 @@ if(WIN32 AND NOT CYGWIN)
     )
 
     mark_as_advanced(SSL_EAY LIB_EAY)
+    set( OPENSSL_SSL_LIBRARY ${SSL_EAY} )
+    set( OPENSSL_CRYPTO_LIBRARY ${LIB_EAY} )
     set( OPENSSL_LIBRARIES ${SSL_EAY} ${LIB_EAY} )
     unset(LIB_EAY_NAMES)
     unset(SSL_EAY_NAMES)
@@ -207,6 +213,8 @@ if(WIN32 AND NOT CYGWIN)
     )
 
     mark_as_advanced(SSL_EAY LIB_EAY)
+    set( OPENSSL_SSL_LIBRARY ${SSL_EAY} )
+    set( OPENSSL_CRYPTO_LIBRARY ${LIB_EAY} )
     set( OPENSSL_LIBRARIES ${SSL_EAY} ${LIB_EAY} )
   endif()
 else()
diff --git a/Modules/FindPackageHandleStandardArgs.cmake b/Modules/FindPackageHandleStandardArgs.cmake
index 6bcf1e7..2de1fb3 100644
--- a/Modules/FindPackageHandleStandardArgs.cmake
+++ b/Modules/FindPackageHandleStandardArgs.cmake
@@ -319,7 +319,7 @@ function(FIND_PACKAGE_HANDLE_STANDARD_ARGS _NAME _FIRST_ARG)
           endif ()
           unset(_VERSION_HEAD)
         else ()
-          if (NOT "${${_NAME}_FIND_VERSION}" VERSION_EQUAL "${VERSION}")
+          if (NOT ${_NAME}_FIND_VERSION VERSION_EQUAL VERSION)
             set(VERSION_MSG "Found unsuitable version \"${VERSION}\", but required is exact version \"${${_NAME}_FIND_VERSION}\"")
             set(VERSION_OK FALSE)
           else ()
@@ -329,7 +329,7 @@ function(FIND_PACKAGE_HANDLE_STANDARD_ARGS _NAME _FIRST_ARG)
         unset(_VERSION_DOTS)
 
       else()     # minimum version specified:
-        if ("${${_NAME}_FIND_VERSION}" VERSION_GREATER "${VERSION}")
+        if (${_NAME}_FIND_VERSION VERSION_GREATER VERSION)
           set(VERSION_MSG "Found unsuitable version \"${VERSION}\", but required is at least \"${${_NAME}_FIND_VERSION}\"")
           set(VERSION_OK FALSE)
         else ()
diff --git a/Modules/FindUnixCommands.cmake b/Modules/FindUnixCommands.cmake
index d4e5dcd..869ba38 100644
--- a/Modules/FindUnixCommands.cmake
+++ b/Modules/FindUnixCommands.cmake
@@ -2,12 +2,13 @@
 # FindUnixCommands
 # ----------------
 #
-# Find unix commands from cygwin
+# Find Unix commands, including the ones from Cygwin
 #
-# This module looks for some usual Unix commands.
+# This module looks for the Unix commands bash, cp, gzip, mv, rm, and tar
+# and stores the result in the variables BASH, CP, GZIP, MV, RM, and TAR.
 
 #=============================================================================
-# Copyright 2001-2009 Kitware, Inc.
+# Copyright 2001-2014 Kitware, Inc.
 #
 # Distributed under the OSI-approved BSD License (the "License");
 # see accompanying file Copyright.txt for details.
@@ -95,3 +96,8 @@ find_program(TAR
 mark_as_advanced(
   TAR
 )
+
+include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake)
+find_package_handle_standard_args(UnixCommands
+  REQUIRED_VARS BASH CP GZIP MV RM TAR
+)
diff --git a/Modules/FindXerces.cmake b/Modules/FindXercesC.cmake
index 6c6007a..5a8ea9d 100644
--- a/Modules/FindXerces.cmake
+++ b/Modules/FindXercesC.cmake
@@ -1,21 +1,21 @@
 #.rst:
-# FindXerces
-# ----------
+# FindXercesC
+# -----------
 #
 # Find the Apache Xerces-C++ validating XML parser headers and libraries.
 #
 # This module reports information about the Xerces installation in
 # several variables.  General variables::
 #
-#   Xerces_FOUND - true if the Xerces headers and libraries were found
-#   Xerces_VERSION - Xerces release version
-#   Xerces_INCLUDE_DIRS - the directory containing the Xerces headers
-#   Xerces_LIBRARIES - Xerces libraries to be linked
+#   XercesC_FOUND - true if the Xerces headers and libraries were found
+#   XercesC_VERSION - Xerces release version
+#   XercesC_INCLUDE_DIRS - the directory containing the Xerces headers
+#   XercesC_LIBRARIES - Xerces libraries to be linked
 #
 # The following cache variables may also be set::
 #
-#   Xerces_INCLUDE_DIR - the directory containing the Xerces headers
-#   Xerces_LIBRARY - the Xerces library
+#   XercesC_INCLUDE_DIR - the directory containing the Xerces headers
+#   XercesC_LIBRARY - the Xerces library
 
 # Written by Roger Leigh <rleigh@codelibre.net>
 
@@ -32,54 +32,54 @@
 # (To distribute this file outside of CMake, substitute the full
 #  License text for the above reference.)
 
-function(_Xerces_GET_VERSION  version_hdr)
+function(_XercesC_GET_VERSION  version_hdr)
     file(STRINGS ${version_hdr} _contents REGEX "^[ \t]*#define XERCES_VERSION_.*")
     if(_contents)
-        string(REGEX REPLACE ".*#define XERCES_VERSION_MAJOR[ \t]+([0-9]+).*" "\\1" Xerces_MAJOR "${_contents}")
-        string(REGEX REPLACE ".*#define XERCES_VERSION_MINOR[ \t]+([0-9]+).*" "\\1" Xerces_MINOR "${_contents}")
-        string(REGEX REPLACE ".*#define XERCES_VERSION_REVISION[ \t]+([0-9]+).*" "\\1" Xerces_PATCH "${_contents}")
+        string(REGEX REPLACE ".*#define XERCES_VERSION_MAJOR[ \t]+([0-9]+).*" "\\1" XercesC_MAJOR "${_contents}")
+        string(REGEX REPLACE ".*#define XERCES_VERSION_MINOR[ \t]+([0-9]+).*" "\\1" XercesC_MINOR "${_contents}")
+        string(REGEX REPLACE ".*#define XERCES_VERSION_REVISION[ \t]+([0-9]+).*" "\\1" XercesC_PATCH "${_contents}")
 
-        if(NOT Xerces_MAJOR MATCHES "^[0-9]+$")
+        if(NOT XercesC_MAJOR MATCHES "^[0-9]+$")
             message(FATAL_ERROR "Version parsing failed for XERCES_VERSION_MAJOR!")
         endif()
-        if(NOT Xerces_MINOR MATCHES "^[0-9]+$")
+        if(NOT XercesC_MINOR MATCHES "^[0-9]+$")
             message(FATAL_ERROR "Version parsing failed for XERCES_VERSION_MINOR!")
         endif()
-        if(NOT Xerces_PATCH MATCHES "^[0-9]+$")
+        if(NOT XercesC_PATCH MATCHES "^[0-9]+$")
             message(FATAL_ERROR "Version parsing failed for XERCES_VERSION_REVISION!")
         endif()
 
-        set(Xerces_VERSION "${Xerces_MAJOR}.${Xerces_MINOR}.${Xerces_PATCH}" PARENT_SCOPE)
+        set(XercesC_VERSION "${XercesC_MAJOR}.${XercesC_MINOR}.${XercesC_PATCH}" PARENT_SCOPE)
     else()
         message(FATAL_ERROR "Include file ${version_hdr} does not exist or does not contain expected version information")
     endif()
 endfunction()
 
 # Find include directory
-find_path(Xerces_INCLUDE_DIR
+find_path(XercesC_INCLUDE_DIR
           NAMES "xercesc/util/PlatformUtils.hpp"
           DOC "Xerces-C++ include directory")
-mark_as_advanced(Xerces_INCLUDE_DIR)
+mark_as_advanced(XercesC_INCLUDE_DIR)
 
-# Find all Xerces libraries
-find_library(Xerces_LIBRARY "xerces-c"
+# Find all XercesC libraries
+find_library(XercesC_LIBRARY "xerces-c"
   DOC "Xerces-C++ libraries")
-mark_as_advanced(Xerces_LIBRARY)
+mark_as_advanced(XercesC_LIBRARY)
 
-if(Xerces_INCLUDE_DIR)
-  _Xerces_GET_VERSION("${Xerces_INCLUDE_DIR}/xercesc/util/XercesVersion.hpp")
+if(XercesC_INCLUDE_DIR)
+  _XercesC_GET_VERSION("${XercesC_INCLUDE_DIR}/xercesc/util/XercesVersion.hpp")
 endif()
 
 include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake)
-FIND_PACKAGE_HANDLE_STANDARD_ARGS(Xerces
-                                  FOUND_VAR Xerces_FOUND
-                                  REQUIRED_VARS Xerces_LIBRARY
-                                                Xerces_INCLUDE_DIR
-                                                Xerces_VERSION
-                                  VERSION_VAR Xerces_VERSION
-                                  FAIL_MESSAGE "Failed to find Xerces")
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(XercesC
+                                  FOUND_VAR XercesC_FOUND
+                                  REQUIRED_VARS XercesC_LIBRARY
+                                                XercesC_INCLUDE_DIR
+                                                XercesC_VERSION
+                                  VERSION_VAR XercesC_VERSION
+                                  FAIL_MESSAGE "Failed to find XercesC")
 
-if(Xerces_FOUND)
-  set(Xerces_INCLUDE_DIRS "${Xerces_INCLUDE_DIR}")
-  set(Xerces_LIBRARIES "${Xerces_LIBRARY}")
+if(XercesC_FOUND)
+  set(XercesC_INCLUDE_DIRS "${XercesC_INCLUDE_DIR}")
+  set(XercesC_LIBRARIES "${XercesC_LIBRARY}")
 endif()
diff --git a/Modules/FortranCInterface/CMakeLists.txt b/Modules/FortranCInterface/CMakeLists.txt
index b6232ed..721a262 100644
--- a/Modules/FortranCInterface/CMakeLists.txt
+++ b/Modules/FortranCInterface/CMakeLists.txt
@@ -71,7 +71,7 @@ endif()
 
 # Generate C symbol sources.
 set(symbol_sources)
-if(NOT "${CMAKE_Fortran_COMPILER_ID}" MATCHES "^(PathScale|Cray)$")
+if(NOT CMAKE_Fortran_COMPILER_ID MATCHES "^(PathScale|Cray)$")
   # Provide mymodule_ and my_module_ init symbols because:
   #  - PGI Fortran uses module init symbols
   # but not for:
diff --git a/Modules/GetPrerequisites.cmake b/Modules/GetPrerequisites.cmake
index 9963517..712a41c 100644
--- a/Modules/GetPrerequisites.cmake
+++ b/Modules/GetPrerequisites.cmake
@@ -179,7 +179,7 @@ function(gp_append_unique list_var value)
   set(contains 0)
 
   foreach(item ${${list_var}})
-    if("${item}" STREQUAL "${value}")
+    if(item STREQUAL "${value}")
       set(contains 1)
       break()
     endif()
@@ -546,14 +546,14 @@ function(gp_resolved_file_type original_file file exepath dirs type_var)
     if(NOT is_system)
       get_filename_component(original_path "${original_lower}" PATH)
       get_filename_component(path "${lower}" PATH)
-      if("${original_path}" STREQUAL "${path}")
+      if(original_path STREQUAL path)
         set(is_local 1)
       else()
         string(LENGTH "${original_path}/" original_length)
         string(LENGTH "${lower}" path_length)
         if(${path_length} GREATER ${original_length})
           string(SUBSTRING "${lower}" 0 ${original_length} path)
-          if("${original_path}/" STREQUAL "${path}")
+          if("${original_path}/" STREQUAL path)
             set(is_embedded 1)
           endif()
         endif()
@@ -642,7 +642,7 @@ function(get_prerequisites target prerequisites_var exclude_system recurse exepa
   # Try to choose the right tool by default. Caller can set gp_tool prior to
   # calling this function to force using a different tool.
   #
-  if("${gp_tool}" STREQUAL "")
+  if(NOT gp_tool)
     set(gp_tool "ldd")
 
     if(APPLE)
@@ -666,45 +666,31 @@ function(get_prerequisites target prerequisites_var exclude_system recurse exepa
     return()
   endif()
 
-  set(gp_tool_known 0)
-
-  if("${gp_tool}" STREQUAL "ldd")
+  if(gp_tool STREQUAL "ldd")
     set(gp_cmd_args "")
     set(gp_regex "^[\t ]*[^\t ]+ => ([^\t\(]+) .*${eol_char}$")
     set(gp_regex_error "not found${eol_char}$")
     set(gp_regex_fallback "^[\t ]*([^\t ]+) => ([^\t ]+).*${eol_char}$")
     set(gp_regex_cmp_count 1)
-    set(gp_tool_known 1)
-  endif()
-
-  if("${gp_tool}" STREQUAL "otool")
+  elseif(gp_tool STREQUAL "otool")
     set(gp_cmd_args "-L")
     set(gp_regex "^\t([^\t]+) \\(compatibility version ([0-9]+.[0-9]+.[0-9]+), current version ([0-9]+.[0-9]+.[0-9]+)\\)${eol_char}$")
     set(gp_regex_error "")
     set(gp_regex_fallback "")
     set(gp_regex_cmp_count 3)
-    set(gp_tool_known 1)
-  endif()
-
-  if("${gp_tool}" STREQUAL "dumpbin")
+  elseif(gp_tool STREQUAL "dumpbin")
     set(gp_cmd_args "/dependents")
     set(gp_regex "^    ([^ ].*[Dd][Ll][Ll])${eol_char}$")
     set(gp_regex_error "")
     set(gp_regex_fallback "")
     set(gp_regex_cmp_count 1)
-    set(gp_tool_known 1)
-  endif()
-
-  if("${gp_tool}" STREQUAL "objdump")
+  elseif(gp_tool STREQUAL "objdump")
     set(gp_cmd_args "-p")
     set(gp_regex "^\t*DLL Name: (.*\\.[Dd][Ll][Ll])${eol_char}$")
     set(gp_regex_error "")
     set(gp_regex_fallback "")
     set(gp_regex_cmp_count 1)
-    set(gp_tool_known 1)
-  endif()
-
-  if(NOT gp_tool_known)
+  else()
     message(STATUS "warning: gp_tool='${gp_tool}' is an unknown tool...")
     message(STATUS "CMake function get_prerequisites needs more code to handle '${gp_tool}'")
     message(STATUS "Valid gp_tool values are dumpbin, ldd, objdump and otool.")
@@ -712,7 +698,7 @@ function(get_prerequisites target prerequisites_var exclude_system recurse exepa
   endif()
 
 
-  if("${gp_tool}" STREQUAL "dumpbin")
+  if(gp_tool STREQUAL "dumpbin")
     # When running dumpbin, it also needs the "Common7/IDE" directory in the
     # PATH. It will already be in the PATH if being run from a Visual Studio
     # command prompt. Add it to the PATH here in case we are running from a
@@ -727,7 +713,7 @@ function(get_prerequisites target prerequisites_var exclude_system recurse exepa
       set(gp_found_cmd_dlls_dir 0)
       file(TO_CMAKE_PATH "$ENV{PATH}" env_path)
       foreach(gp_env_path_element ${env_path})
-        if("${gp_env_path_element}" STREQUAL "${gp_cmd_dlls_dir}")
+        if(gp_env_path_element STREQUAL gp_cmd_dlls_dir)
           set(gp_found_cmd_dlls_dir 1)
         endif()
       endforeach()
@@ -741,7 +727,7 @@ function(get_prerequisites target prerequisites_var exclude_system recurse exepa
   #
   # </setup-gp_tool-vars>
 
-  if("${gp_tool}" STREQUAL "ldd")
+  if(gp_tool STREQUAL "ldd")
     set(old_ld_env "$ENV{LD_LIBRARY_PATH}")
     set(new_ld_env "${exepath}")
     foreach(dir ${dirs})
@@ -763,7 +749,7 @@ function(get_prerequisites target prerequisites_var exclude_system recurse exepa
     OUTPUT_VARIABLE gp_cmd_ov
     )
 
-  if("${gp_tool}" STREQUAL "ldd")
+  if(gp_tool STREQUAL "ldd")
     set(ENV{LD_LIBRARY_PATH} "${old_ld_env}")
   endif()
 
@@ -783,7 +769,7 @@ function(get_prerequisites target prerequisites_var exclude_system recurse exepa
   # check for install id and remove it from list, since otool -L can include a
   # reference to itself
   set(gp_install_id)
-  if("${gp_tool}" STREQUAL "otool")
+  if(gp_tool STREQUAL "otool")
     execute_process(
       COMMAND otool -D ${target}
       OUTPUT_VARIABLE gp_install_id_ov
@@ -833,7 +819,7 @@ function(get_prerequisites target prerequisites_var exclude_system recurse exepa
     #
     set(add_item 1)
 
-    if("${item}" STREQUAL "${gp_install_id}")
+    if(item STREQUAL gp_install_id)
       set(add_item 0)
     endif()
 
@@ -841,7 +827,7 @@ function(get_prerequisites target prerequisites_var exclude_system recurse exepa
       set(type "")
       gp_resolved_file_type("${target}" "${item}" "${exepath}" "${dirs}" type "${rpaths}")
 
-      if("${type}" STREQUAL "system")
+      if(type STREQUAL "system")
         set(add_item 0)
       endif()
     endif()
diff --git a/Modules/Platform/Darwin-GNU-Fortran.cmake b/Modules/Platform/Darwin-GNU-Fortran.cmake
index f4b509a..6724f9b 100644
--- a/Modules/Platform/Darwin-GNU-Fortran.cmake
+++ b/Modules/Platform/Darwin-GNU-Fortran.cmake
@@ -14,6 +14,8 @@
 
 include(Platform/Darwin-GNU)
 __darwin_compiler_gnu(Fortran)
+cmake_gnu_set_sysroot_flag(Fortran)
+cmake_gnu_set_osx_deployment_target_flag(Fortran)
 
 set(CMAKE_Fortran_OSX_COMPATIBILITY_VERSION_FLAG "-compatibility_version ")
 set(CMAKE_Fortran_OSX_CURRENT_VERSION_FLAG "-current_version ")
diff --git a/Modules/Platform/HP-UX-HP-Fortran.cmake b/Modules/Platform/HP-UX-HP-Fortran.cmake
index 30acab8..e5c5d10 100644
--- a/Modules/Platform/HP-UX-HP-Fortran.cmake
+++ b/Modules/Platform/HP-UX-HP-Fortran.cmake
@@ -1,2 +1,5 @@
 include(Platform/HP-UX-HP)
 __hpux_compiler_hp(Fortran)
+
+set(CMAKE_Fortran_CREATE_PREPROCESSED_SOURCE "<CMAKE_Fortran_COMPILER> <DEFINES> <FLAGS> -E <SOURCE> > <PREPROCESSED_SOURCE>")
+set(CMAKE_Fortran_CREATE_ASSEMBLY_SOURCE "<CMAKE_Fortran_COMPILER> <DEFINES> <FLAGS> -S <SOURCE> -o <ASSEMBLY_SOURCE>")
diff --git a/Modules/Platform/IRIX.cmake b/Modules/Platform/IRIX.cmake
index 03e98cc..12b0f37 100644
--- a/Modules/Platform/IRIX.cmake
+++ b/Modules/Platform/IRIX.cmake
@@ -31,6 +31,14 @@ if(NOT CMAKE_COMPILER_IS_GNUCXX)
     )
 endif()
 
+if(NOT CMAKE_COMPILER_IS_GNUG77)
+  set (CMAKE_Fortran_CREATE_PREPROCESSED_SOURCE "<CMAKE_Fortran_COMPILER> <FLAGS> -E <SOURCE> > <PREPROCESSED_SOURCE>")
+  set (CMAKE_Fortran_CREATE_ASSEMBLY_SOURCE
+    "<CMAKE_Fortran_COMPILER> <FLAGS> -S <SOURCE>"
+    "mv `basename \"<SOURCE>\" | sed 's/\\.[^./]*$$//'`.s <ASSEMBLY_SOURCE>"
+    )
+endif()
+
 # Initialize C link type selection flags.  These flags are used when
 # building a shared library, shared module, or executable that links
 # to other libraries to select whether to use the static or shared
diff --git a/Modules/Platform/eCos.cmake b/Modules/Platform/eCos.cmake
index a203826..e1279ef 100644
--- a/Modules/Platform/eCos.cmake
+++ b/Modules/Platform/eCos.cmake
@@ -28,7 +28,7 @@ include(Platform/UnixPaths)
 
 # eCos can be built only with gcc
 get_property(_IN_TC GLOBAL PROPERTY IN_TRY_COMPILE)
-if(CMAKE_C_COMPILER AND NOT  "${CMAKE_C_COMPILER_ID}" MATCHES "GNU" AND NOT _IN_TC)
+if(CMAKE_C_COMPILER AND NOT  CMAKE_C_COMPILER_ID MATCHES "GNU" AND NOT _IN_TC)
   message(FATAL_ERROR "GNU gcc is required for eCos")
 endif()
 if(CMAKE_CXX_COMPILER AND NOT  "${CMAKE_CXX_COMPILER_ID}" MATCHES "GNU" AND NOT _IN_TC)
diff --git a/Modules/UseJava.cmake b/Modules/UseJava.cmake
index 127012f..3a6acd8 100644
--- a/Modules/UseJava.cmake
+++ b/Modules/UseJava.cmake
@@ -398,7 +398,7 @@ function(add_jar _TARGET_NAME)
         ${CMAKE_JAVA_LIBRARY_OUTPUT_PATH}
     )
 
-    if (WIN32 AND NOT CYGWIN AND CMAKE_HOST_SYSTEM_NAME MATCHES "Windows")
+    if (CMAKE_HOST_WIN32 AND NOT CYGWIN AND CMAKE_HOST_SYSTEM_NAME MATCHES "Windows")
         set(CMAKE_JAVA_INCLUDE_FLAG_SEP ";")
     else ()
         set(CMAKE_JAVA_INCLUDE_FLAG_SEP ":")
diff --git a/Modules/UseSWIG.cmake b/Modules/UseSWIG.cmake
index 31ab48d..bab1b21 100644
--- a/Modules/UseSWIG.cmake
+++ b/Modules/UseSWIG.cmake
@@ -272,6 +272,8 @@ macro(SWIG_ADD_MODULE name language)
     if(WIN32 AND NOT CYGWIN)
       set_target_properties(${SWIG_MODULE_${name}_REAL_NAME} PROPERTIES SUFFIX ".pyd")
     endif()
+  elseif ("${swig_lowercase_language}" STREQUAL "r")
+    set_target_properties(${SWIG_MODULE_${name}_REAL_NAME} PROPERTIES PREFIX "")
   elseif ("${swig_lowercase_language}" STREQUAL "ruby")
     # In ruby you want:
     #      require 'LIBRARY'
diff --git a/Modules/WriteCompilerDetectionHeader.cmake b/Modules/WriteCompilerDetectionHeader.cmake
index 8d72d0f..0b6f0de 100644
--- a/Modules/WriteCompilerDetectionHeader.cmake
+++ b/Modules/WriteCompilerDetectionHeader.cmake
@@ -11,6 +11,7 @@
 #    write_compiler_detection_header(
 #              FILE <file>
 #              PREFIX <prefix>
+#              [OUTPUT_FILES_VAR <output_files_var> OUTPUT_DIR <output_dir>]
 #              COMPILERS <compiler> [...]
 #              FEATURES <feature> [...]
 #              [VERSION <version>]
@@ -21,6 +22,33 @@
 # The ``write_compiler_detection_header`` function generates the
 # file ``<file>`` with macros which all have the prefix ``<prefix>``.
 #
+# By default, all content is written directly to the ``<file>``.  The
+# ``OUTPUT_FILES_VAR`` may be specified to cause the compiler-specific
+# content to be written to separate files.  The separate files are then
+# available in the ``<output_files_var>`` and may be consumed by the caller
+# for installation for example.  The ``OUTPUT_DIR`` specifies a relative
+# path from the main ``<file>`` to the compiler-specific files. For example:
+#
+# .. code-block:: cmake
+#
+#    write_compiler_detection_header(
+#      FILE climbingstats_compiler_detection.h
+#      PREFIX ClimbingStats
+#      OUTPUT_FILES_VAR support_files
+#      OUTPUT_DIR compilers
+#      COMPILERS GNU Clang
+#      FEATURES cxx_variadic_templates
+#    )
+#    install(FILES
+#      ${CMAKE_CURRENT_BINARY_DIR}/climbingstats_compiler_detection.h
+#      DESTINATION include
+#    )
+#    install(FILES
+#      ${support_files}
+#      DESTINATION include/compilers
+#    )
+#
+#
 # ``VERSION`` may be used to specify the API version to be generated.
 # Future versions of CMake may introduce alternative APIs.  A given
 # API is selected by any ``<version>`` value greater than or equal
@@ -220,7 +248,7 @@ function(write_compiler_detection_header
     message(FATAL_ERROR "write_compiler_detection_header: PREFIX parameter missing.")
   endif()
   set(options)
-  set(oneValueArgs VERSION EPILOG PROLOG)
+  set(oneValueArgs VERSION EPILOG PROLOG OUTPUT_FILES_VAR OUTPUT_DIR)
   set(multiValueArgs COMPILERS FEATURES)
   cmake_parse_arguments(_WCD "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
 
@@ -255,6 +283,35 @@ function(write_compiler_detection_header
     message(FATAL_ERROR "${err}")
   endif()
 
+  if(_WCD_OUTPUT_FILES_VAR)
+    if(NOT _WCD_OUTPUT_DIR)
+      message(FATAL_ERROR "If OUTPUT_FILES_VAR is specified, then OUTPUT_DIR must also be specified.")
+    endif()
+  endif()
+  if(_WCD_OUTPUT_DIR)
+    if(NOT _WCD_OUTPUT_FILES_VAR)
+      message(FATAL_ERROR "If OUTPUT_DIR is specified, then OUTPUT_FILES_VAR must also be specified.")
+    endif()
+    get_filename_component(main_file_dir ${file_arg} DIRECTORY)
+    if (NOT IS_ABSOLUTE ${main_file_dir})
+      set(main_file_dir "${CMAKE_CURRENT_BINARY_DIR}/${main_file_dir}")
+    endif()
+    if (NOT IS_ABSOLUTE ${_WCD_OUTPUT_DIR})
+      set(_WCD_OUTPUT_DIR "${CMAKE_CURRENT_BINARY_DIR}/${_WCD_OUTPUT_DIR}")
+    endif()
+    get_filename_component(out_file_dir ${_WCD_OUTPUT_DIR} ABSOLUTE)
+    string(FIND ${out_file_dir} ${main_file_dir} idx)
+    if (NOT idx EQUAL 0)
+      message(FATAL_ERROR "The compiler-specific output directory must be within the same directory as the main file.")
+    endif()
+
+    if (main_file_dir STREQUAL out_file_dir)
+      unset(_WCD_OUTPUT_DIR)
+    else()
+      string(REPLACE "${main_file_dir}/" "" _WCD_OUTPUT_DIR "${out_file_dir}/")
+    endif()
+  endif()
+
   set(compilers
     GNU
     Clang
@@ -314,6 +371,14 @@ function(write_compiler_detection_header
   endforeach()
   list(REMOVE_DUPLICATES _langs)
 
+  if(_WCD_OUTPUT_FILES_VAR)
+    get_filename_component(main_file_name ${file_arg} NAME)
+    set(compiler_file_content_
+"#ifndef ${prefix_arg}_COMPILER_DETECTION_H
+#  error This file may only be included from ${main_file_name}
+#endif\n")
+  endif()
+
   foreach(_lang ${_langs})
 
     get_property(known_features GLOBAL PROPERTY CMAKE_${_lang}_KNOWN_FEATURES)
@@ -340,7 +405,19 @@ function(write_compiler_detection_header
     foreach(compiler ${_WCD_COMPILERS})
       _load_compiler_variables(${compiler} ${_lang} ${${_lang}_features})
       set(file_content "${file_content}\n#  ${pp_if} ${prefix_arg}_COMPILER_IS_${compiler}\n")
-      set(file_content "${file_content}
+
+      if(_WCD_OUTPUT_FILES_VAR)
+        set(compile_file_name "${_WCD_OUTPUT_DIR}${prefix_arg}_COMPILER_INFO_${compiler}.h")
+        set(file_content "${file_content}\n#    include \"${compile_file_name}\"\n")
+      endif()
+
+      if(_WCD_OUTPUT_FILES_VAR)
+        set(compiler_file_content compiler_file_content_${compiler})
+      else()
+        set(compiler_file_content file_content)
+      endif()
+
+      set(${compiler_file_content} "${${compiler_file_content}}
 #    if !(${_cmake_oldestSupported_${compiler}})
 #      error Unsupported compiler version
 #    endif\n")
@@ -354,7 +431,7 @@ function(write_compiler_detection_header
         set(MACRO_HEX)
       endif()
       string(CONFIGURE "${_compiler_id_version_compute_${compiler}}" VERSION_BLOCK @ONLY)
-      set(file_content "${file_content}${VERSION_BLOCK}\n")
+      set(${compiler_file_content} "${${compiler_file_content}}${VERSION_BLOCK}\n")
       set(PREFIX)
       set(MACRO_DEC)
       set(MACRO_HEX)
@@ -370,7 +447,7 @@ function(write_compiler_detection_header
           set(_define_item "\n#      define ${prefix_arg}_${feature_PP} 0\n")
           set(_define_item "\n#    if ${_cmake_feature_test_${compiler}_${feature}}\n#      define ${prefix_arg}_${feature_PP} 1\n#    else${_define_item}#    endif\n")
         endif()
-        set(file_content "${file_content}${_define_item}")
+        set(${compiler_file_content} "${${compiler_file_content}}${_define_item}")
       endforeach()
     endforeach()
     if(pp_if STREQUAL "elif")
@@ -522,6 +599,22 @@ function(write_compiler_detection_header
 
   endforeach()
 
+  if(_WCD_OUTPUT_FILES_VAR)
+    foreach(compiler ${_WCD_COMPILERS})
+      set(CMAKE_CONFIGURABLE_FILE_CONTENT "${compiler_file_content_}")
+      set(CMAKE_CONFIGURABLE_FILE_CONTENT "${CMAKE_CONFIGURABLE_FILE_CONTENT}${compiler_file_content_${compiler}}")
+
+      set(compile_file_name "${_WCD_OUTPUT_DIR}${prefix_arg}_COMPILER_INFO_${compiler}.h")
+      set(full_path "${main_file_dir}/${compile_file_name}")
+      list(APPEND ${_WCD_OUTPUT_FILES_VAR} ${full_path})
+      configure_file("${CMAKE_ROOT}/Modules/CMakeConfigurableFile.in"
+        "${full_path}"
+        @ONLY
+      )
+    endforeach()
+    set(${_WCD_OUTPUT_FILES_VAR} ${${_WCD_OUTPUT_FILES_VAR}} PARENT_SCOPE)
+  endif()
+
   if (_WCD_EPILOG)
     set(file_content "${file_content}\n${_WCD_EPILOG}\n")
   endif()
diff --git a/Source/CMakeLists.txt b/Source/CMakeLists.txt
index f9405b3..a4c982f 100644
--- a/Source/CMakeLists.txt
+++ b/Source/CMakeLists.txt
@@ -219,6 +219,12 @@ set(SRCS
   cmExtraKateGenerator.h
   cmExtraSublimeTextGenerator.cxx
   cmExtraSublimeTextGenerator.h
+  cmFileLock.cxx
+  cmFileLock.h
+  cmFileLockPool.cxx
+  cmFileLockPool.h
+  cmFileLockResult.cxx
+  cmFileLockResult.h
   cmFileTimeComparison.cxx
   cmFileTimeComparison.h
   cmGeneratedFileStream.cxx
@@ -473,7 +479,7 @@ set(SRCS ${SRCS}
   cmNinjaUtilityTargetGenerator.cxx
   cmNinjaUtilityTargetGenerator.h
   )
-if(WIN32 AND NOT CYGWIN AND NOT BORLAND)
+if(WIN32 AND NOT CYGWIN)
   set_source_files_properties(cmcldeps.cxx PROPERTIES COMPILE_DEFINITIONS _WIN32_WINNT=0x0501)
   add_executable(cmcldeps cmcldeps.cxx)
   target_link_libraries(cmcldeps CMakeLib)
@@ -522,8 +528,10 @@ set(CTEST_SRCS cmCTest.cxx
   CTest/cmParseCacheCoverage.cxx
   CTest/cmParseGTMCoverage.cxx
   CTest/cmParseJacocoCoverage.cxx
+  CTest/cmParseBlanketJSCoverage.cxx
   CTest/cmParsePHPCoverage.cxx
   CTest/cmParseCoberturaCoverage.cxx
+  CTest/cmParseDelphiCoverage.cxx
   CTest/cmCTestEmptyBinaryDirectoryCommand.cxx
   CTest/cmCTestGenericHandler.cxx
   CTest/cmCTestHandlerCommand.cxx
diff --git a/Source/CMakeVersion.cmake b/Source/CMakeVersion.cmake
index e1b62e9..3048b88 100644
--- a/Source/CMakeVersion.cmake
+++ b/Source/CMakeVersion.cmake
@@ -1,5 +1,5 @@
 # CMake version number components.
 set(CMake_VERSION_MAJOR 3)
 set(CMake_VERSION_MINOR 1)
-set(CMake_VERSION_PATCH 0)
-set(CMake_VERSION_RC 2)
+set(CMake_VERSION_PATCH 20141205)
+#set(CMake_VERSION_RC 1)
diff --git a/Source/CPack/cmCPackArchiveGenerator.cxx b/Source/CPack/cmCPackArchiveGenerator.cxx
index 6e7b8d7..e2437b5 100644
--- a/Source/CPack/cmCPackArchiveGenerator.cxx
+++ b/Source/CPack/cmCPackArchiveGenerator.cxx
@@ -56,7 +56,7 @@ int cmCPackArchiveGenerator::addOneComponentToArchive(cmArchiveWrite& archive,
   localToplevel += "/"+ component->Name;
   std::string dir = cmSystemTools::GetCurrentWorkingDirectory();
   // Change to local toplevel
-  cmSystemTools::ChangeDirectory(localToplevel.c_str());
+  cmSystemTools::ChangeDirectory(localToplevel);
   std::string filePrefix;
   if (this->IsOn("CPACK_COMPONENT_INCLUDE_TOPLEVEL_DIRECTORY"))
     {
@@ -80,7 +80,7 @@ int cmCPackArchiveGenerator::addOneComponentToArchive(cmArchiveWrite& archive,
       }
     }
   // Go back to previous dir
-  cmSystemTools::ChangeDirectory(dir.c_str());
+  cmSystemTools::ChangeDirectory(dir);
   return 1;
 }
 
@@ -270,7 +270,7 @@ int cmCPackArchiveGenerator::PackageFiles()
   DECLARE_AND_OPEN_ARCHIVE(packageFileNames[0],archive);
   std::vector<std::string>::const_iterator fileIt;
   std::string dir = cmSystemTools::GetCurrentWorkingDirectory();
-  cmSystemTools::ChangeDirectory(toplevel.c_str());
+  cmSystemTools::ChangeDirectory(toplevel);
   for ( fileIt = files.begin(); fileIt != files.end(); ++ fileIt )
     {
     // Get the relative path to the file
@@ -288,7 +288,7 @@ int cmCPackArchiveGenerator::PackageFiles()
       return 0;
       }
     }
-  cmSystemTools::ChangeDirectory(dir.c_str());
+  cmSystemTools::ChangeDirectory(dir);
   // The destructor of cmArchiveWrite will close and finish the write
   return 1;
 }
diff --git a/Source/CPack/cmCPackBundleGenerator.cxx b/Source/CPack/cmCPackBundleGenerator.cxx
index 6c994f1..fbd1d21 100644
--- a/Source/CPack/cmCPackBundleGenerator.cxx
+++ b/Source/CPack/cmCPackBundleGenerator.cxx
@@ -39,6 +39,21 @@ int cmCPackBundleGenerator::InitializeInternal()
     return 0;
     }
 
+  if(this->GetOption("CPACK_BUNDLE_APPLE_CERT_APP"))
+    {
+    const std::string codesign_path = cmSystemTools::FindProgram("codesign",
+       std::vector<std::string>(), false);
+
+    if(codesign_path.empty())
+      {
+      cmCPackLogger(cmCPackLog::LOG_ERROR,
+        "Cannot locate codesign command"
+        << std::endl);
+      return 0;
+      }
+    this->SetOptionIfNotSet("CPACK_COMMAND_CODESIGN", codesign_path.c_str());
+    }
+
   return this->Superclass::InitializeInternal();
 }
 
@@ -53,7 +68,7 @@ const char* cmCPackBundleGenerator::GetPackagingInstallPrefix()
 }
 
 //----------------------------------------------------------------------
-int cmCPackBundleGenerator::PackageFiles()
+int cmCPackBundleGenerator::ConstructBundle()
 {
 
   // Get required arguments ...
@@ -165,6 +180,22 @@ int cmCPackBundleGenerator::PackageFiles()
     cmSystemTools::SetPermissions(command_target.str().c_str(), 0777);
     }
 
+  return 1;
+}
+
+//----------------------------------------------------------------------
+int cmCPackBundleGenerator::PackageFiles()
+{
+  if(!this->ConstructBundle())
+    {
+    return 0;
+    }
+
+  if(!this->SignBundle(toplevel))
+    {
+    return 0;
+    }
+
   return this->CreateDMG(toplevel, packageFileNames[0]);
 }
 
@@ -172,3 +203,96 @@ bool cmCPackBundleGenerator::SupportsComponentInstallation() const
 {
   return false;
 }
+
+
+int cmCPackBundleGenerator::SignBundle(const std::string& src_dir)
+{
+  const std::string cpack_apple_cert_app =
+    this->GetOption("CPACK_BUNDLE_APPLE_CERT_APP")
+    ? this->GetOption("CPACK_BUNDLE_APPLE_CERT_APP") : "";
+
+  // codesign the application.
+  if(!cpack_apple_cert_app.empty())
+    {
+    std::string bundle_path;
+    bundle_path = src_dir + "/";
+    bundle_path += this->GetOption("CPACK_BUNDLE_NAME");
+    bundle_path += ".app";
+
+    // A list of additional files to sign, ie. frameworks and plugins.
+    const std::string sign_files =
+      this->GetOption("CPACK_BUNDLE_APPLE_CODESIGN_FILES")
+      ? this->GetOption("CPACK_BUNDLE_APPLE_CODESIGN_FILES") : "";
+
+    std::vector<std::string> relFiles;
+    cmSystemTools::ExpandListArgument(sign_files, relFiles);
+
+    // sign the files supplied by the user, ie. frameworks.
+    for(std::vector<std::string>::iterator it = relFiles.begin();
+      it != relFiles.end(); ++it)
+      {
+      cmOStringStream temp_sign_file_cmd;
+      temp_sign_file_cmd << this->GetOption("CPACK_COMMAND_CODESIGN");
+      temp_sign_file_cmd << " --deep -f -s \"" << cpack_apple_cert_app;
+      temp_sign_file_cmd << "\" -i ";
+      temp_sign_file_cmd << this->GetOption("CPACK_APPLE_BUNDLE_ID");
+      temp_sign_file_cmd << " \"";
+      temp_sign_file_cmd << bundle_path;
+      temp_sign_file_cmd << it->c_str() << "\"";
+
+      if(!this->RunCommand(temp_sign_file_cmd))
+        {
+        cmCPackLogger(cmCPackLog::LOG_ERROR,
+          "Error signing file:"
+          << bundle_path << it->c_str() << std::endl);
+
+        return 0;
+        }
+      }
+
+    // sign main binary
+    cmOStringStream temp_sign_binary_cmd;
+    temp_sign_binary_cmd << this->GetOption("CPACK_COMMAND_CODESIGN");
+    temp_sign_binary_cmd << " --deep -f -s \"" << cpack_apple_cert_app;
+    temp_sign_binary_cmd << "\" \"" << bundle_path << "\"";
+
+    if(!this->RunCommand(temp_sign_binary_cmd))
+      {
+      cmCPackLogger(cmCPackLog::LOG_ERROR,
+        "Error signing the application binary."
+        << std::endl);
+
+      return 0;
+      }
+
+    // sign app bundle
+    cmOStringStream temp_codesign_cmd;
+    temp_codesign_cmd << this->GetOption("CPACK_COMMAND_CODESIGN");
+    temp_codesign_cmd << " --deep -f -s \"" << cpack_apple_cert_app << "\"";
+    if(this->GetOption("CPACK_BUNDLE_APPLE_ENTITLEMENTS"))
+      {
+      temp_codesign_cmd << " --entitlements ";
+      temp_codesign_cmd << this->GetOption("CPACK_BUNDLE_APPLE_ENTITLEMENTS");
+      }
+    temp_codesign_cmd << " \"" << bundle_path << "\"";
+
+    if(!this->RunCommand(temp_codesign_cmd))
+      {
+      cmCPackLogger(cmCPackLog::LOG_ERROR,
+        "Error signing the application package."
+        << std::endl);
+
+      return 0;
+      }
+
+    cmCPackLogger(cmCPackLog::LOG_OUTPUT,
+      "- Application has been codesigned"
+      << std::endl);
+    cmCPackLogger(cmCPackLog::LOG_VERBOSE,
+       (this->GetOption("CPACK_BUNDLE_APPLE_ENTITLEMENTS")
+         ? "with entitlement sandboxing" : "without entitlement sandboxing")
+       << std::endl);
+  }
+
+  return 1;
+}
diff --git a/Source/CPack/cmCPackBundleGenerator.h b/Source/CPack/cmCPackBundleGenerator.h
index ed0187d..9cb2f0a 100644
--- a/Source/CPack/cmCPackBundleGenerator.h
+++ b/Source/CPack/cmCPackBundleGenerator.h
@@ -31,6 +31,8 @@ public:
 protected:
   virtual int InitializeInternal();
   virtual const char* GetPackagingInstallPrefix();
+  int ConstructBundle();
+  int SignBundle(const std::string& src_dir);
   int PackageFiles();
   bool SupportsComponentInstallation() const;
 
diff --git a/Source/CPack/cmCPackComponentGroup.cxx b/Source/CPack/cmCPackComponentGroup.cxx
index 77f11cb..fd20e9b 100644
--- a/Source/CPack/cmCPackComponentGroup.cxx
+++ b/Source/CPack/cmCPackComponentGroup.cxx
@@ -30,7 +30,7 @@ unsigned long cmCPackComponent::GetInstalledSize(
     std::string path = installDir;
     path += '/';
     path += *fileIt;
-    this->TotalSize += cmSystemTools::FileLength(path.c_str());
+    this->TotalSize += cmSystemTools::FileLength(path);
     }
 
   return this->TotalSize;
diff --git a/Source/CPack/cmCPackDebGenerator.cxx b/Source/CPack/cmCPackDebGenerator.cxx
index 936942b..0a64bd5 100644
--- a/Source/CPack/cmCPackDebGenerator.cxx
+++ b/Source/CPack/cmCPackDebGenerator.cxx
@@ -58,7 +58,7 @@ int cmCPackDebGenerator::PackageOnePack(std::string initialTopLevel,
   // Begin the archive for this pack
   std::string localToplevel(initialTopLevel);
   std::string packageFileName(
-      cmSystemTools::GetParentDirectory(toplevel.c_str())
+      cmSystemTools::GetParentDirectory(toplevel)
   );
   std::string outputFileName(
       std::string(this->GetOption("CPACK_PACKAGE_FILE_NAME"))
@@ -186,7 +186,7 @@ int cmCPackDebGenerator::PackageComponentsAllInOne()
   // The ALL GROUPS in ONE package case
   std::string localToplevel(initialTopLevel);
   std::string packageFileName(
-      cmSystemTools::GetParentDirectory(toplevel.c_str())
+      cmSystemTools::GetParentDirectory(toplevel)
                              );
   std::string outputFileName(
             std::string(this->GetOption("CPACK_PACKAGE_FILE_NAME"))
@@ -390,7 +390,7 @@ int cmCPackDebGenerator::createDeb()
               packageFiles.begin();
               fileIt != packageFiles.end(); ++ fileIt )
         {
-        totalSize += cmSystemTools::FileLength(fileIt->c_str());
+        totalSize += cmSystemTools::FileLength(*fileIt);
         }
     }
     out << "Installed-Size: " << (totalSize + 1023) / 1024 << "\n";
@@ -540,7 +540,7 @@ int cmCPackDebGenerator::createDeb()
       localcopy += filenamename;
       // if we can copy the file, it means it does exist, let's add it:
       if( cmsys::SystemTools::CopyFileIfDifferent(
-            i->c_str(), localcopy.c_str()) )
+            *i, localcopy) )
         {
         // debian is picky and need relative to ./ path in the tar.*
         cmd += " ./";
diff --git a/Source/CPack/cmCPackGenerator.cxx b/Source/CPack/cmCPackGenerator.cxx
index 1461bb1..e78f161 100644
--- a/Source/CPack/cmCPackGenerator.cxx
+++ b/Source/CPack/cmCPackGenerator.cxx
@@ -217,7 +217,7 @@ int cmCPackGenerator::InstallProject()
     {
     std::string destDir = "DESTDIR=";
     destDir += tempInstallDirectory;
-    cmSystemTools::PutEnv(destDir.c_str());
+    cmSystemTools::PutEnv(destDir);
     }
   else
     {
@@ -277,7 +277,7 @@ int cmCPackGenerator::InstallProjectViaInstallCommands(
     {
     std::string tempInstallDirectoryEnv = "CMAKE_INSTALL_PREFIX=";
     tempInstallDirectoryEnv += tempInstallDirectory;
-    cmSystemTools::PutEnv(tempInstallDirectoryEnv.c_str());
+    cmSystemTools::PutEnv(tempInstallDirectoryEnv);
     std::vector<std::string> installCommandsVector;
     cmSystemTools::ExpandListArgument(installCommands,installCommandsVector);
     std::vector<std::string>::iterator it;
@@ -399,12 +399,12 @@ int cmCPackGenerator::InstallProjectViaInstalledDirectories(
         cmCPackLogger(cmCPackLog::LOG_DEBUG, "Copy file: "
           << inFile << " -> " << filePath << std::endl);
         /* If the file is a symlink we will have to re-create it */
-        if ( cmSystemTools::FileIsSymlink(inFile.c_str()))
+        if ( cmSystemTools::FileIsSymlink(inFile))
           {
           std::string targetFile;
           std::string inFileRelative =
              cmSystemTools::RelativePath(top.c_str(),inFile.c_str());
-          cmSystemTools::ReadSymlink(inFile.c_str(),targetFile);
+          cmSystemTools::ReadSymlink(inFile,targetFile);
           symlinkedFiles.push_back(std::pair<std::string,
                                    std::string>(targetFile,inFileRelative));
           }
@@ -429,7 +429,7 @@ int cmCPackGenerator::InstallProjectViaInstalledDirectories(
         goToDir  += "/"+subdir;
         cmCPackLogger(cmCPackLog::LOG_DEBUG,
                       "Change dir to: " << goToDir <<std::endl);
-        cmSystemTools::ChangeDirectory(goToDir.c_str());
+        cmSystemTools::ChangeDirectory(goToDir);
         for (symlinkedIt=symlinkedFiles.begin();
              symlinkedIt != symlinkedFiles.end();
              ++symlinkedIt)
@@ -437,8 +437,8 @@ int cmCPackGenerator::InstallProjectViaInstalledDirectories(
           cmCPackLogger(cmCPackLog::LOG_DEBUG, "Will create a symlink: "
                          << symlinkedIt->second << "--> "
                          << symlinkedIt->first << std::endl);
-          if (!cmSystemTools::CreateSymlink((symlinkedIt->first).c_str(),
-                                            (symlinkedIt->second).c_str()))
+          if (!cmSystemTools::CreateSymlink(symlinkedIt->first,
+                                            symlinkedIt->second))
             {
             cmCPackLogger(cmCPackLog::LOG_ERROR, "Cannot create symlink: "
                             << symlinkedIt->second << "--> "
@@ -448,7 +448,7 @@ int cmCPackGenerator::InstallProjectViaInstalledDirectories(
           }
         cmCPackLogger(cmCPackLog::LOG_DEBUG, "Going back to: "
                       << curDir <<std::endl);
-        cmSystemTools::ChangeDirectory(curDir.c_str());
+        cmSystemTools::ChangeDirectory(curDir);
         }
       }
     }
@@ -787,7 +787,7 @@ int cmCPackGenerator::InstallProjectViaInstallCMakeProjects(
            *       in order to put things in subdirs...
            */
           cmSystemTools::PutEnv(
-              (std::string("DESTDIR=")+tempInstallDirectory).c_str()
+              std::string("DESTDIR=")+tempInstallDirectory
                                );
           cmCPackLogger(cmCPackLog::LOG_DEBUG,
                         "- Creating directory: '" << dir << "'" << std::endl);
diff --git a/Source/CPack/cmCPackGeneratorFactory.cxx b/Source/CPack/cmCPackGeneratorFactory.cxx
index c8737f4..94ca536 100644
--- a/Source/CPack/cmCPackGeneratorFactory.cxx
+++ b/Source/CPack/cmCPackGeneratorFactory.cxx
@@ -47,9 +47,6 @@
 
 #include "cmCPackLog.h"
 
-#if defined(__BORLANDC__)
-# pragma warn -8008 /* condition is always true */
-#endif
 
 //----------------------------------------------------------------------
 cmCPackGeneratorFactory::cmCPackGeneratorFactory()
diff --git a/Source/CPack/cmCPackNSISGenerator.cxx b/Source/CPack/cmCPackNSISGenerator.cxx
index a5eee6b..b506b06 100644
--- a/Source/CPack/cmCPackNSISGenerator.cxx
+++ b/Source/CPack/cmCPackNSISGenerator.cxx
@@ -657,8 +657,8 @@ bool cmCPackNSISGenerator::GetListOfSubdirectories(const char* topdir,
       cmsys_stl::string fullPath = topdir;
       fullPath += "/";
       fullPath += dir.GetFile(static_cast<unsigned long>(fileNum));
-      if(cmsys::SystemTools::FileIsDirectory(fullPath.c_str()) &&
-        !cmsys::SystemTools::FileIsSymlink(fullPath.c_str()))
+      if(cmsys::SystemTools::FileIsDirectory(fullPath) &&
+        !cmsys::SystemTools::FileIsSymlink(fullPath))
         {
         if (!this->GetListOfSubdirectories(fullPath.c_str(), dirs))
           {
@@ -771,7 +771,7 @@ CreateComponentDescription(cmCPackComponent *component,
                   << archiveFile << std::endl);
     if (cmSystemTools::FileExists(archiveFile.c_str(), true))
       {
-        if (!cmSystemTools::RemoveFile(archiveFile.c_str()))
+        if (!cmSystemTools::RemoveFile(archiveFile))
         {
         cmCPackLogger(cmCPackLog::LOG_ERROR,
           "Unable to remove archive file " << archiveFile
@@ -825,7 +825,7 @@ CreateComponentDescription(cmCPackComponent *component,
           }
         out << std::endl;
 
-        totalSize += cmSystemTools::FileLength((dirName + *fileIt).c_str());
+        totalSize += cmSystemTools::FileLength(dirName + *fileIt);
         }
     }
 
diff --git a/Source/CPack/cmCPackRPMGenerator.cxx b/Source/CPack/cmCPackRPMGenerator.cxx
index c6171dc..71ab3a0 100644
--- a/Source/CPack/cmCPackRPMGenerator.cxx
+++ b/Source/CPack/cmCPackRPMGenerator.cxx
@@ -57,7 +57,7 @@ int cmCPackRPMGenerator::PackageOnePack(std::string initialToplevel,
   // Begin the archive for this pack
   std::string localToplevel(initialToplevel);
   std::string packageFileName(
-      cmSystemTools::GetParentDirectory(toplevel.c_str())
+      cmSystemTools::GetParentDirectory(toplevel)
                              );
   std::string outputFileName(
    GetComponentPackageFileName(this->GetOption("CPACK_PACKAGE_FILE_NAME"),
@@ -166,7 +166,7 @@ int cmCPackRPMGenerator::PackageComponentsAllInOne()
   // The ALL GROUPS in ONE package case
   std::string localToplevel(initialTopLevel);
   std::string packageFileName(
-      cmSystemTools::GetParentDirectory(toplevel.c_str())
+      cmSystemTools::GetParentDirectory(toplevel)
                              );
   std::string outputFileName(
             std::string(this->GetOption("CPACK_PACKAGE_FILE_NAME"))
diff --git a/Source/CPack/cmCPackSTGZGenerator.cxx b/Source/CPack/cmCPackSTGZGenerator.cxx
index 6c1d201..e5da5cf 100644
--- a/Source/CPack/cmCPackSTGZGenerator.cxx
+++ b/Source/CPack/cmCPackSTGZGenerator.cxx
@@ -71,8 +71,6 @@ int cmCPackSTGZGenerator::PackageFiles()
     retval &= cmSystemTools::SetPermissions((*it).c_str(),
 #if defined( _MSC_VER ) || defined( __MINGW32__ )
       S_IREAD | S_IWRITE | S_IEXEC
-#elif defined( __BORLANDC__ )
-      S_IRUSR | S_IWUSR | S_IXUSR
 #else
       S_IRUSR | S_IWUSR | S_IXUSR |
       S_IRGRP | S_IWGRP | S_IXGRP |
diff --git a/Source/CPack/cpack.cxx b/Source/CPack/cpack.cxx
index c57028d..26bf607 100644
--- a/Source/CPack/cpack.cxx
+++ b/Source/CPack/cpack.cxx
@@ -267,7 +267,7 @@ int main (int argc, char const* const* argv)
     if ( cmSystemTools::FileExists(cpackConfigFile.c_str()) )
       {
       cpackConfigFile =
-        cmSystemTools::CollapseFullPath(cpackConfigFile.c_str());
+        cmSystemTools::CollapseFullPath(cpackConfigFile);
       cmCPack_Log(&log, cmCPackLog::LOG_VERBOSE,
         "Read CPack configuration file: " << cpackConfigFile
         << std::endl);
diff --git a/Source/CTest/cmCTestBuildAndTestHandler.cxx b/Source/CTest/cmCTestBuildAndTestHandler.cxx
index 41db042..a101e39 100644
--- a/Source/CTest/cmCTestBuildAndTestHandler.cxx
+++ b/Source/CTest/cmCTestBuildAndTestHandler.cxx
@@ -109,7 +109,7 @@ int cmCTestBuildAndTestHandler::RunCMake(std::string* outstring,
     out << "Error: cmake execution failed\n";
     out << cmakeOutString << "\n";
     // return to the original directory
-    cmSystemTools::ChangeDirectory(cwd.c_str());
+    cmSystemTools::ChangeDirectory(cwd);
     if(outstring)
       {
       *outstring = out.str();
@@ -128,7 +128,7 @@ int cmCTestBuildAndTestHandler::RunCMake(std::string* outstring,
       out << "Error: cmake execution failed\n";
       out << cmakeOutString << "\n";
       // return to the original directory
-      cmSystemTools::ChangeDirectory(cwd.c_str());
+      cmSystemTools::ChangeDirectory(cwd);
       if(outstring)
         {
         *outstring = out.str();
@@ -241,11 +241,11 @@ int cmCTestBuildAndTestHandler::RunCMakeAndTest(std::string* outstring)
   std::string cwd = cmSystemTools::GetCurrentWorkingDirectory();
   out << "Internal cmake changing into directory: "
     << this->BinaryDir << std::endl;
-  if (!cmSystemTools::FileIsDirectory(this->BinaryDir.c_str()))
+  if (!cmSystemTools::FileIsDirectory(this->BinaryDir))
     {
     cmSystemTools::MakeDirectory(this->BinaryDir.c_str());
     }
-  cmSystemTools::ChangeDirectory(this->BinaryDir.c_str());
+  cmSystemTools::ChangeDirectory(this->BinaryDir);
 
   if(this->BuildNoCMake)
     {
@@ -374,7 +374,7 @@ int cmCTestBuildAndTestHandler::RunCMakeAndTest(std::string* outstring)
       cmCTestLog(this->CTest, ERROR_MESSAGE, out.str());
       }
     // return to the original directory
-    cmSystemTools::ChangeDirectory(cwd.c_str());
+    cmSystemTools::ChangeDirectory(cwd);
     return 1;
     }
 
@@ -391,7 +391,7 @@ int cmCTestBuildAndTestHandler::RunCMakeAndTest(std::string* outstring)
   if(this->BuildRunDir.size())
     {
     out << "Run test in directory: " << this->BuildRunDir << "\n";
-    cmSystemTools::ChangeDirectory(this->BuildRunDir.c_str());
+    cmSystemTools::ChangeDirectory(this->BuildRunDir);
     }
   out << "Running test command: \"" << fullPath << "\"";
   for(size_t k=0; k < this->TestCommandArgs.size(); ++k)
@@ -453,9 +453,9 @@ int cmCTestBuildAndTestHandler::ProcessCommandLineArguments(
       // dir must exist before CollapseFullPath is called
       cmSystemTools::MakeDirectory(this->BinaryDir.c_str());
       this->BinaryDir
-        = cmSystemTools::CollapseFullPath(this->BinaryDir.c_str());
+        = cmSystemTools::CollapseFullPath(this->BinaryDir);
       this->SourceDir
-        = cmSystemTools::CollapseFullPath(this->SourceDir.c_str());
+        = cmSystemTools::CollapseFullPath(this->SourceDir);
       }
     else
       {
diff --git a/Source/CTest/cmCTestBuildHandler.cxx b/Source/CTest/cmCTestBuildHandler.cxx
index 2ec1365..d226a6c 100644
--- a/Source/CTest/cmCTestBuildHandler.cxx
+++ b/Source/CTest/cmCTestBuildHandler.cxx
@@ -36,9 +36,6 @@
 #include <math.h>
 #include <float.h>
 
-#if defined(__BORLANDC__)
-# pragma warn -8060 /* possibly incorrect assignment */
-#endif
 
 static const char* cmCTestErrorMatches[] = {
   "^[Bb]us [Ee]rror",
@@ -610,7 +607,7 @@ void cmCTestBuildHandler::GenerateXMLLaunched(std::ostream& os)
   int numWarningsAllowed = this->MaxWarnings;
   // Identify fragments on disk.
   cmsys::Directory launchDir;
-  launchDir.Load(this->CTestLaunchDir.c_str());
+  launchDir.Load(this->CTestLaunchDir);
   unsigned long n = launchDir.GetNumberOfFiles();
   for(unsigned long i=0; i < n; ++i)
     {
@@ -649,7 +646,7 @@ void cmCTestBuildHandler::GenerateXMLLogScraped(std::ostream& os)
   std::string srcdir = this->CTest->GetCTestConfiguration("SourceDirectory");
   // make sure the source dir is in the correct case on windows
   // via a call to collapse full path.
-  srcdir = cmSystemTools::CollapseFullPath(srcdir.c_str());
+  srcdir = cmSystemTools::CollapseFullPath(srcdir);
   srcdir += "/";
   for ( it = ew.begin();
         it != ew.end() && (numErrorsAllowed || numWarningsAllowed); it++ )
@@ -695,7 +692,7 @@ void cmCTestBuildHandler::GenerateXMLLogScraped(std::ostream& os)
             {
             // make sure it is a full path with the correct case
             cm->SourceFile = cmSystemTools::CollapseFullPath(
-              cm->SourceFile.c_str());
+              cm->SourceFile);
             cmSystemTools::ReplaceString(
               cm->SourceFile, srcdir.c_str(), "");
             }
@@ -822,7 +819,7 @@ cmCTestBuildHandler::LaunchHelper::LaunchHelper(cmCTestBuildHandler* handler):
     launchDir += "/Build";
 
     // Clean out any existing launcher fragments.
-    cmSystemTools::RemoveADirectory(launchDir.c_str());
+    cmSystemTools::RemoveADirectory(launchDir);
 
     if(this->Handler->UseCTestLaunch)
       {
@@ -831,7 +828,7 @@ cmCTestBuildHandler::LaunchHelper::LaunchHelper(cmCTestBuildHandler* handler):
       this->WriteLauncherConfig();
       std::string launchEnv = "CTEST_LAUNCH_LOGS=";
       launchEnv += launchDir;
-      cmSystemTools::PutEnv(launchEnv.c_str());
+      cmSystemTools::PutEnv(launchEnv);
       }
     }
 
diff --git a/Source/CTest/cmCTestCoverageHandler.cxx b/Source/CTest/cmCTestCoverageHandler.cxx
index 76f6584..e782886 100644
--- a/Source/CTest/cmCTestCoverageHandler.cxx
+++ b/Source/CTest/cmCTestCoverageHandler.cxx
@@ -15,6 +15,8 @@
 #include "cmParseGTMCoverage.h"
 #include "cmParseCacheCoverage.h"
 #include "cmParseJacocoCoverage.h"
+#include "cmParseDelphiCoverage.h"
+#include "cmParseBlanketJSCoverage.h"
 #include "cmCTest.h"
 #include "cmake.h"
 #include "cmMakefile.h"
@@ -164,7 +166,7 @@ void cmCTestCoverageHandler::CleanCoverageLogFiles(std::ostream& log)
       fi != files.end(); ++fi)
     {
     log << "Removing old coverage log: " << *fi << "\n";
-    cmSystemTools::RemoveFile(fi->c_str());
+    cmSystemTools::RemoveFile(*fi);
     }
 }
 
@@ -237,10 +239,10 @@ bool cmCTestCoverageHandler::ShouldIDoCoverage(const char* file,
   std::string fSrcDir = cmSystemTools::CollapseFullPath(srcDir);
   std::string fBinDir = cmSystemTools::CollapseFullPath(binDir);
   std::string fFile = cmSystemTools::CollapseFullPath(file);
-  bool sourceSubDir = cmSystemTools::IsSubDirectory(fFile.c_str(),
-    fSrcDir.c_str());
-  bool buildSubDir = cmSystemTools::IsSubDirectory(fFile.c_str(),
-    fBinDir.c_str());
+  bool sourceSubDir = cmSystemTools::IsSubDirectory(fFile,
+    fSrcDir);
+  bool buildSubDir = cmSystemTools::IsSubDirectory(fFile,
+    fBinDir);
   // Always check parent directory of the file.
   std::string fileDir = cmSystemTools::GetFilenamePath(fFile);
   std::string checkDir;
@@ -423,6 +425,19 @@ int cmCTestCoverageHandler::ProcessHandler()
     return error;
     }
 
+  file_count += this->HandleBlanketJSCoverage(&cont);
+  error = cont.Error;
+  if ( file_count < 0 )
+    {
+    return error;
+    }
+
+    file_count += this->HandleDelphiCoverage(&cont);
+  error = cont.Error;
+  if ( file_count < 0 )
+    {
+    return error;
+    }
   std::set<std::string> uncovered = this->FindUncoveredFiles(&cont);
 
   if ( file_count == 0 )
@@ -758,8 +773,8 @@ void cmCTestCoverageHandler::PopulateCustomVectors(cmMakefile *mf)
 //----------------------------------------------------------------------
 bool IsFileInDir(const std::string &infile, const std::string &indir)
 {
-  std::string file = cmSystemTools::CollapseFullPath(infile.c_str());
-  std::string dir = cmSystemTools::CollapseFullPath(indir.c_str());
+  std::string file = cmSystemTools::CollapseFullPath(infile);
+  std::string dir = cmSystemTools::CollapseFullPath(indir);
 
   if (
     file.size() > dir.size() &&
@@ -779,7 +794,7 @@ int cmCTestCoverageHandler::HandlePHPCoverage(
 {
   cmParsePHPCoverage cov(*cont, this->CTest);
   std::string coverageDir = this->CTest->GetBinaryDir() + "/xdebugCoverage";
-  if(cmSystemTools::FileIsDirectory(coverageDir.c_str()))
+  if(cmSystemTools::FileIsDirectory(coverageDir))
     {
     cov.ReadPHPCoverageDirectory(coverageDir.c_str());
     }
@@ -869,7 +884,7 @@ struct cmCTestCoverageHandlerLocale
     {
     if(!lc_all.empty())
       {
-      cmSystemTools::PutEnv(("LC_ALL=" + lc_all).c_str());
+      cmSystemTools::PutEnv("LC_ALL=" + lc_all);
       }
     else
       {
@@ -910,7 +925,68 @@ int cmCTestCoverageHandler::HandleJacocoCoverage(
   return static_cast<int>(cont->TotalCoverage.size());
 }
 
+//----------------------------------------------------------------------
+int cmCTestCoverageHandler::HandleDelphiCoverage(
+  cmCTestCoverageHandlerContainer* cont)
+{
+  cmParseDelphiCoverage cov =
+   cmParseDelphiCoverage(*cont, this->CTest);
+  cmsys::Glob g;
+  std::vector<std::string> files;
+  g.SetRecurse(true);
+
+
+  std::string BinDir
+    = this->CTest->GetBinaryDir();
+  std::string coverageFile = BinDir+ "/*.html";
+
 
+  g.FindFiles(coverageFile);
+  files=g.GetFiles();
+  if (files.size() > 0)
+    {
+    cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT,
+      "Found Delphi HTML Files, Performing Coverage" << std::endl);
+    cov.LoadCoverageData(files);
+    }
+  else
+    {
+    cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT,
+      " Cannot find Delphi coverage files: " << coverageFile
+      << std::endl);
+    }
+  return static_cast<int>(cont->TotalCoverage.size());
+}
+
+//----------------------------------------------------------------------
+int cmCTestCoverageHandler::HandleBlanketJSCoverage(
+  cmCTestCoverageHandlerContainer* cont)
+  {
+  cmParseBlanketJSCoverage cov =
+   cmParseBlanketJSCoverage(*cont, this->CTest);
+  std::string SourceDir
+    = this->CTest->GetCTestConfiguration("SourceDirectory");
+
+  //Look for something other than output.json, still JSON extension.
+  std::string coverageFile = SourceDir+ "/*.json";
+  cmsys::Glob g;
+  std::vector<std::string> files;
+  g.FindFiles(coverageFile);
+  files=g.GetFiles();
+  if (files.size() > 0)
+    {
+    cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT,
+      "Found BlanketJS output JSON, Performing Coverage" << std::endl);
+    cov.LoadCoverageData(files);
+    }
+  else
+    {
+    cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT,
+       " Cannot find BlanketJS coverage files: " << coverageFile
+       << std::endl);
+    }
+  return static_cast<int>(cont->TotalCoverage.size());
+  }
 //----------------------------------------------------------------------
 int cmCTestCoverageHandler::HandleGCovCoverage(
   cmCTestCoverageHandlerContainer* cont)
@@ -974,7 +1050,7 @@ int cmCTestCoverageHandler::HandleGCovCoverage(
   std::string tempDir = testingDir + "/CoverageInfo";
   std::string currentDirectory = cmSystemTools::GetCurrentWorkingDirectory();
   cmSystemTools::MakeDirectory(tempDir.c_str());
-  cmSystemTools::ChangeDirectory(tempDir.c_str());
+  cmSystemTools::ChangeDirectory(tempDir);
 
   int gcovStyle = 0;
 
@@ -1295,7 +1371,7 @@ int cmCTestCoverageHandler::HandleGCovCoverage(
           *cont->OFS << "  produced in source dir: " << sourceFile
             << std::endl;
           actualSourceFile
-            = cmSystemTools::CollapseFullPath(sourceFile.c_str());
+            = cmSystemTools::CollapseFullPath(sourceFile);
           }
         else if ( IsFileInDir(sourceFile, cont->BinaryDir) )
           {
@@ -1304,7 +1380,7 @@ int cmCTestCoverageHandler::HandleGCovCoverage(
           *cont->OFS << "  produced in binary dir: " << sourceFile
             << std::endl;
           actualSourceFile
-            = cmSystemTools::CollapseFullPath(sourceFile.c_str());
+            = cmSystemTools::CollapseFullPath(sourceFile);
           }
 
         if ( actualSourceFile.empty() )
@@ -1345,7 +1421,7 @@ int cmCTestCoverageHandler::HandleGCovCoverage(
       }
     }
 
-  cmSystemTools::ChangeDirectory(currentDirectory.c_str());
+  cmSystemTools::ChangeDirectory(currentDirectory);
   return file_count;
 }
 
@@ -1409,30 +1485,30 @@ int cmCTestCoverageHandler::HandleLCovCoverage(
   for ( it = files.begin(); it != files.end(); ++ it )
     {
     cmCTestLog(this->CTest, HANDLER_OUTPUT, "." << std::flush);
-    std::string fileDir = cmSystemTools::GetFilenamePath(it->c_str());
-    cmSystemTools::ChangeDirectory(fileDir.c_str());
+    std::string fileDir = cmSystemTools::GetFilenamePath(*it);
+    cmSystemTools::ChangeDirectory(fileDir);
     std::string command = "\"" + lcovCommand + "\" " +
       lcovExtraFlags + " ";
 
     cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, "Current coverage dir: "
-               << fileDir.c_str() << std::endl);
+               << fileDir << std::endl);
     cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, command.c_str()
                << std::endl);
 
     std::string output = "";
     std::string errors = "";
     int retVal = 0;
-    *cont->OFS << "* Run coverage for: " << fileDir.c_str() << std::endl;
-    *cont->OFS << "  Command: " << command.c_str() << std::endl;
+    *cont->OFS << "* Run coverage for: " << fileDir << std::endl;
+    *cont->OFS << "  Command: " << command << std::endl;
     int res = this->CTest->RunCommand(command.c_str(), &output, &errors,
                 &retVal, fileDir.c_str(), 0 /*this->TimeOut*/);
 
-    *cont->OFS << "  Output: " << output.c_str() << std::endl;
-    *cont->OFS << "  Errors: " << errors.c_str() << std::endl;
+    *cont->OFS << "  Output: " << output << std::endl;
+    *cont->OFS << "  Errors: " << errors << std::endl;
     if ( ! res )
       {
       cmCTestLog(this->CTest, ERROR_MESSAGE,
-        "Problem running coverage on file: " << it->c_str() << std::endl);
+        "Problem running coverage on file: " << *it << std::endl);
       cmCTestLog(this->CTest, ERROR_MESSAGE,
         "Command produced error: " << errors << std::endl);
       cont->Error ++;
@@ -1441,7 +1517,7 @@ int cmCTestCoverageHandler::HandleLCovCoverage(
     if ( retVal != 0 )
       {
       cmCTestLog(this->CTest, ERROR_MESSAGE, "Coverage command returned: "
-        << retVal << " while processing: " << it->c_str() << std::endl);
+        << retVal << " while processing: " << *it << std::endl);
       cmCTestLog(this->CTest, ERROR_MESSAGE,
         "Command produced error: " << cont->Error << std::endl);
       }
@@ -1609,7 +1685,7 @@ int cmCTestCoverageHandler::HandleLCovCoverage(
       }
     }
 
-  cmSystemTools::ChangeDirectory(currentDirectory.c_str());
+  cmSystemTools::ChangeDirectory(currentDirectory);
   return file_count;
 }
 
@@ -1653,7 +1729,7 @@ void cmCTestCoverageHandler::FindLCovFiles(std::vector<std::string>& files)
   gl.RecurseThroughSymlinksOff();
   std::string prevBinaryDir;
   cmSystemTools::ChangeDirectory(
-    this->CTest->GetCTestConfiguration("BuildDirectory").c_str());
+    this->CTest->GetCTestConfiguration("BuildDirectory"));
 
   // Run profmerge to merge all *.dyn files into dpi files
   cmSystemTools::RunSingleCommand("profmerge");
@@ -1696,9 +1772,9 @@ int cmCTestCoverageHandler::HandleTracePyCoverage(
   std::string tempDir = testingDir + "/CoverageInfo";
   std::string currentDirectory = cmSystemTools::GetCurrentWorkingDirectory();
   cmSystemTools::MakeDirectory(tempDir.c_str());
-  cmSystemTools::ChangeDirectory(tempDir.c_str());
+  cmSystemTools::ChangeDirectory(tempDir);
 
-  cmSystemTools::ChangeDirectory(currentDirectory.c_str());
+  cmSystemTools::ChangeDirectory(currentDirectory);
 
   std::vector<std::string>::iterator fileIt;
   int file_count = 0;
@@ -1714,7 +1790,7 @@ int cmCTestCoverageHandler::HandleTracePyCoverage(
       }
 
     std::string actualSourceFile
-      = cmSystemTools::CollapseFullPath(fileName.c_str());
+      = cmSystemTools::CollapseFullPath(fileName);
     cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT,
       "   Check coverage for file: " << actualSourceFile
       << std::endl);
@@ -1802,7 +1878,7 @@ int cmCTestCoverageHandler::HandleTracePyCoverage(
       }
     ++ file_count;
     }
-  cmSystemTools::ChangeDirectory(currentDirectory.c_str());
+  cmSystemTools::ChangeDirectory(currentDirectory);
   return file_count;
 }
 
@@ -2132,7 +2208,7 @@ int cmCTestCoverageHandler::RunBullseyeSourceSummary(
         file += "/";
         file += sourceFile;
         }
-      file = cmSystemTools::CollapseFullPath(file.c_str());
+      file = cmSystemTools::CollapseFullPath(file);
       bool shouldIDoCoverage
         = this->ShouldIDoCoverage(file.c_str(),
                                   cont->SourceDir.c_str(),
diff --git a/Source/CTest/cmCTestCoverageHandler.h b/Source/CTest/cmCTestCoverageHandler.h
index d0f274c..4aec795 100644
--- a/Source/CTest/cmCTestCoverageHandler.h
+++ b/Source/CTest/cmCTestCoverageHandler.h
@@ -84,6 +84,12 @@ private:
   //! Handle coverage for Jacoco
   int HandleJacocoCoverage(cmCTestCoverageHandlerContainer* cont);
 
+  //! Handle coverage for Delphi (Pascal)
+  int HandleDelphiCoverage(cmCTestCoverageHandlerContainer* cont);
+
+  //! Handle coverage for Jacoco
+  int HandleBlanketJSCoverage(cmCTestCoverageHandlerContainer* cont);
+
 //! Handle coverage using Bullseye
   int HandleBullseyeCoverage(cmCTestCoverageHandlerContainer* cont);
   int RunBullseyeSourceSummary(cmCTestCoverageHandlerContainer* cont);
diff --git a/Source/CTest/cmCTestGIT.cxx b/Source/CTest/cmCTestGIT.cxx
index aaa01b2..98bc9d7 100644
--- a/Source/CTest/cmCTestGIT.cxx
+++ b/Source/CTest/cmCTestGIT.cxx
@@ -158,7 +158,7 @@ std::string cmCTestGIT::FindTopDir()
     {
     top_dir += "/";
     top_dir += cdup;
-    top_dir = cmSystemTools::CollapseFullPath(top_dir.c_str());
+    top_dir = cmSystemTools::CollapseFullPath(top_dir);
     }
   return top_dir;
 }
diff --git a/Source/CTest/cmCTestHandlerCommand.cxx b/Source/CTest/cmCTestHandlerCommand.cxx
index 0e29160..5b525dd 100644
--- a/Source/CTest/cmCTestHandlerCommand.cxx
+++ b/Source/CTest/cmCTestHandlerCommand.cxx
@@ -137,7 +137,7 @@ bool cmCTestHandlerCommand
     }
   std::string current_dir = cmSystemTools::GetCurrentWorkingDirectory();
   cmSystemTools::ChangeDirectory(
-    this->CTest->GetCTestConfiguration("BuildDirectory").c_str());
+    this->CTest->GetCTestConfiguration("BuildDirectory"));
   int res = handler->ProcessHandler();
   if ( this->Values[ct_RETURN_VALUE] && *this->Values[ct_RETURN_VALUE])
     {
@@ -146,7 +146,7 @@ bool cmCTestHandlerCommand
     this->Makefile->AddDefinition(
       this->Values[ct_RETURN_VALUE], str.str().c_str());
     }
-  cmSystemTools::ChangeDirectory(current_dir.c_str());
+  cmSystemTools::ChangeDirectory(current_dir);
   return true;
 }
 
diff --git a/Source/CTest/cmCTestLaunch.cxx b/Source/CTest/cmCTestLaunch.cxx
index 10a5199..b65d23b 100644
--- a/Source/CTest/cmCTestLaunch.cxx
+++ b/Source/CTest/cmCTestLaunch.cxx
@@ -48,8 +48,8 @@ cmCTestLaunch::~cmCTestLaunch()
   cmsysProcess_Delete(this->Process);
   if(!this->Passthru)
     {
-    cmSystemTools::RemoveFile(this->LogOut.c_str());
-    cmSystemTools::RemoveFile(this->LogErr.c_str());
+    cmSystemTools::RemoveFile(this->LogOut);
+    cmSystemTools::RemoveFile(this->LogErr);
     }
 }
 
@@ -434,8 +434,8 @@ void cmCTestLaunch::WriteXMLAction(std::ostream& fxml)
     // If file is in source tree use its relative location.
     if(cmSystemTools::FileIsFullPath(this->SourceDir.c_str()) &&
        cmSystemTools::FileIsFullPath(source.c_str()) &&
-       cmSystemTools::IsSubDirectory(source.c_str(),
-                                     this->SourceDir.c_str()))
+       cmSystemTools::IsSubDirectory(source,
+                                     this->SourceDir))
       {
       source = cmSystemTools::RelativePath(this->SourceDir.c_str(),
                                            source.c_str());
diff --git a/Source/CTest/cmCTestMemCheckHandler.cxx b/Source/CTest/cmCTestMemCheckHandler.cxx
index 4835010..089e84b 100644
--- a/Source/CTest/cmCTestMemCheckHandler.cxx
+++ b/Source/CTest/cmCTestMemCheckHandler.cxx
@@ -1221,10 +1221,10 @@ cmCTestMemCheckHandler::PostProcessBoundsCheckerTest(cmCTestTestResult& res,
     }
   }
   cmSystemTools::Delay(1000);
-  cmSystemTools::RemoveFile(this->BoundsCheckerDPBDFile.c_str());
+  cmSystemTools::RemoveFile(this->BoundsCheckerDPBDFile);
   cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, "Remove: "
     << this->BoundsCheckerDPBDFile << std::endl);
-  cmSystemTools::RemoveFile(this->BoundsCheckerXMLFile.c_str());
+  cmSystemTools::RemoveFile(this->BoundsCheckerXMLFile);
   cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, "Remove: "
     << this->BoundsCheckerXMLFile << std::endl);
 }
@@ -1255,7 +1255,7 @@ cmCTestMemCheckHandler::AppendMemTesterOutput(cmCTestTestResult& res,
   }
   if(this->LogWithPID)
     {
-    cmSystemTools::RemoveFile(ofile.c_str());
+    cmSystemTools::RemoveFile(ofile);
     cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, "Remove: "<< ofile <<"\n");
     }
 }
diff --git a/Source/CTest/cmCTestMultiProcessHandler.cxx b/Source/CTest/cmCTestMultiProcessHandler.cxx
index 7ba434c..4c89caa 100644
--- a/Source/CTest/cmCTestMultiProcessHandler.cxx
+++ b/Source/CTest/cmCTestMultiProcessHandler.cxx
@@ -123,7 +123,7 @@ void cmCTestMultiProcessHandler::StartTestProcess(int test)
   testRun->SetTestProperties(this->Properties[test]);
 
   std::string current_dir = cmSystemTools::GetCurrentWorkingDirectory();
-  cmSystemTools::ChangeDirectory(this->Properties[test]->Directory.c_str());
+  cmSystemTools::ChangeDirectory(this->Properties[test]->Directory);
 
   // Lock the resources we'll be using
   this->LockResources(test);
@@ -156,7 +156,7 @@ void cmCTestMultiProcessHandler::StartTestProcess(int test)
     this->Failed->push_back(this->Properties[test]->Name);
     delete testRun;
     }
-  cmSystemTools::ChangeDirectory(current_dir.c_str());
+  cmSystemTools::ChangeDirectory(current_dir);
 }
 
 //---------------------------------------------------------
@@ -334,7 +334,7 @@ void cmCTestMultiProcessHandler::UpdateCostData()
       {
       if(line == "---") break;
       std::vector<cmsys::String> parts =
-        cmSystemTools::SplitString(line.c_str(), ' ');
+        cmSystemTools::SplitString(line, ' ');
       //Format: <name> <previous_runs> <avg_cost>
       if(parts.size() < 3) break;
 
@@ -357,7 +357,7 @@ void cmCTestMultiProcessHandler::UpdateCostData()
         }
       }
     fin.close();
-    cmSystemTools::RemoveFile(fname.c_str());
+    cmSystemTools::RemoveFile(fname);
     }
 
   // Add all tests not previously listed in the file
@@ -393,7 +393,7 @@ void cmCTestMultiProcessHandler::ReadCostData()
       if(line == "---") break;
 
       std::vector<cmsys::String> parts =
-        cmSystemTools::SplitString(line.c_str(), ' ');
+        cmSystemTools::SplitString(line, ' ');
 
       // Probably an older version of the file, will be fixed next run
       if(parts.size() < 3)
@@ -621,7 +621,7 @@ void cmCTestMultiProcessHandler::MarkFinished()
 {
   std::string fname = this->CTest->GetBinaryDir()
     + "/Testing/Temporary/CTestCheckpoint.txt";
-  cmSystemTools::RemoveFile(fname.c_str());
+  cmSystemTools::RemoveFile(fname);
 }
 
 //---------------------------------------------------------
@@ -639,7 +639,7 @@ void cmCTestMultiProcessHandler::PrintTestList()
 
     //push working dir
     std::string current_dir = cmSystemTools::GetCurrentWorkingDirectory();
-    cmSystemTools::ChangeDirectory(p.Directory.c_str());
+    cmSystemTools::ChangeDirectory(p.Directory);
 
     cmCTestRunTest testRun(this->TestHandler);
     testRun.SetIndex(p.Index);
@@ -676,7 +676,7 @@ void cmCTestMultiProcessHandler::PrintTestList()
     cmCTestLog(this->CTest, HANDLER_OUTPUT, " ");
     cmCTestLog(this->CTest, HANDLER_OUTPUT, p.Name.c_str() << std::endl);
     //pop working dir
-    cmSystemTools::ChangeDirectory(current_dir.c_str());
+    cmSystemTools::ChangeDirectory(current_dir);
     }
 
   cmCTestLog(this->CTest, HANDLER_OUTPUT, std::endl << "Total Tests: "
@@ -735,7 +735,7 @@ void cmCTestMultiProcessHandler::CheckResume()
     }
   else if(cmSystemTools::FileExists(fname.c_str(), true))
     {
-    cmSystemTools::RemoveFile(fname.c_str());
+    cmSystemTools::RemoveFile(fname);
     }
 }
 
diff --git a/Source/CTest/cmCTestRunTest.cxx b/Source/CTest/cmCTestRunTest.cxx
index bdd8c02..9e3c9fc 100644
--- a/Source/CTest/cmCTestRunTest.cxx
+++ b/Source/CTest/cmCTestRunTest.cxx
@@ -280,12 +280,12 @@ bool cmCTestRunTest::EndTest(size_t completed, size_t total, bool started)
 
   // Set the working directory to the tests directory
   std::string oldpath = cmSystemTools::GetCurrentWorkingDirectory();
-  cmSystemTools::ChangeDirectory(this->TestProperties->Directory.c_str());
+  cmSystemTools::ChangeDirectory(this->TestProperties->Directory);
 
   this->DartProcessing();
 
   // restore working directory
-  cmSystemTools::ChangeDirectory(oldpath.c_str());
+  cmSystemTools::ChangeDirectory(oldpath);
 
 
   // if this is doing MemCheck then all the output needs to be put into
diff --git a/Source/CTest/cmCTestScriptHandler.cxx b/Source/CTest/cmCTestScriptHandler.cxx
index f050148..749eb58 100644
--- a/Source/CTest/cmCTestScriptHandler.cxx
+++ b/Source/CTest/cmCTestScriptHandler.cxx
@@ -184,7 +184,7 @@ int cmCTestScriptHandler::ProcessHandler()
     {
     // for each script run it
     res += this->RunConfigurationScript
-      (cmSystemTools::CollapseFullPath(this->ConfigurationScripts[i].c_str()),
+      (cmSystemTools::CollapseFullPath(this->ConfigurationScripts[i]),
        this->ScriptProcessScope[i]);
     }
   if ( res )
@@ -482,8 +482,8 @@ int cmCTestScriptHandler::ExtractVariables()
     = this->Makefile->GetSafeDefinition("CTEST_BINARY_DIRECTORY");
 
   // add in translations for src and bin
-  cmSystemTools::AddKeepPath(this->SourceDir.c_str());
-  cmSystemTools::AddKeepPath(this->BinaryDir.c_str());
+  cmSystemTools::AddKeepPath(this->SourceDir);
+  cmSystemTools::AddKeepPath(this->BinaryDir);
 
   this->CTestCmd
     = this->Makefile->GetSafeDefinition("CTEST_COMMAND");
@@ -743,11 +743,11 @@ int cmCTestScriptHandler::BackupDirectories()
     // if for some reason those directories exist then first delete them
     if (cmSystemTools::FileExists(this->BackupSourceDir.c_str()))
       {
-      cmSystemTools::RemoveADirectory(this->BackupSourceDir.c_str());
+      cmSystemTools::RemoveADirectory(this->BackupSourceDir);
       }
     if (cmSystemTools::FileExists(this->BackupBinaryDir.c_str()))
       {
-      cmSystemTools::RemoveADirectory(this->BackupBinaryDir.c_str());
+      cmSystemTools::RemoveADirectory(this->BackupBinaryDir);
       }
 
     // first rename the src and binary directories
@@ -991,8 +991,8 @@ int cmCTestScriptHandler::RunConfigurationDashboard()
   // if all was succesful, delete the backup dirs to free up disk space
   if (this->Backup)
     {
-    cmSystemTools::RemoveADirectory(this->BackupSourceDir.c_str());
-    cmSystemTools::RemoveADirectory(this->BackupBinaryDir.c_str());
+    cmSystemTools::RemoveADirectory(this->BackupSourceDir);
+    cmSystemTools::RemoveADirectory(this->BackupBinaryDir);
     }
 
   return 0;
@@ -1033,11 +1033,11 @@ void cmCTestScriptHandler::RestoreBackupDirectories()
     // if for some reason those directories exist then first delete them
     if (cmSystemTools::FileExists(this->SourceDir.c_str()))
       {
-      cmSystemTools::RemoveADirectory(this->SourceDir.c_str());
+      cmSystemTools::RemoveADirectory(this->SourceDir);
       }
     if (cmSystemTools::FileExists(this->BinaryDir.c_str()))
       {
-      cmSystemTools::RemoveADirectory(this->BinaryDir.c_str());
+      cmSystemTools::RemoveADirectory(this->BinaryDir);
       }
     // rename the src and binary directories
     rename(this->BackupSourceDir.c_str(), this->SourceDir.c_str());
@@ -1100,7 +1100,7 @@ bool cmCTestScriptHandler::TryToRemoveBinaryDirectoryOnce(
   const std::string& directoryPath)
 {
   cmsys::Directory directory;
-  directory.Load(directoryPath.c_str());
+  directory.Load(directoryPath);
 
   for(unsigned long i = 0; i < directory.GetNumberOfFiles(); ++i)
     {
@@ -1113,26 +1113,26 @@ bool cmCTestScriptHandler::TryToRemoveBinaryDirectoryOnce(
 
     std::string fullPath = directoryPath + std::string("/") + path;
 
-    bool isDirectory = cmSystemTools::FileIsDirectory(fullPath.c_str()) &&
-      !cmSystemTools::FileIsSymlink(fullPath.c_str());
+    bool isDirectory = cmSystemTools::FileIsDirectory(fullPath) &&
+      !cmSystemTools::FileIsSymlink(fullPath);
 
     if(isDirectory)
       {
-      if(!cmSystemTools::RemoveADirectory(fullPath.c_str()))
+      if(!cmSystemTools::RemoveADirectory(fullPath))
         {
         return false;
         }
       }
     else
       {
-      if(!cmSystemTools::RemoveFile(fullPath.c_str()))
+      if(!cmSystemTools::RemoveFile(fullPath))
         {
         return false;
         }
       }
   }
 
-  return cmSystemTools::RemoveADirectory(directoryPath.c_str());
+  return cmSystemTools::RemoveADirectory(directoryPath);
 }
 
 //-------------------------------------------------------------------------
diff --git a/Source/CTest/cmCTestStartCommand.cxx b/Source/CTest/cmCTestStartCommand.cxx
index da46f4a..1a39a8a 100644
--- a/Source/CTest/cmCTestStartCommand.cxx
+++ b/Source/CTest/cmCTestStartCommand.cxx
@@ -124,7 +124,7 @@ bool cmCTestStartCommand
     {
     return false;
     }
-  if(!cmSystemTools::FileIsDirectory(sourceDir.c_str()))
+  if(!cmSystemTools::FileIsDirectory(sourceDir))
     {
     cmOStringStream e;
     e << "given source path\n"
diff --git a/Source/CTest/cmCTestSubmitHandler.cxx b/Source/CTest/cmCTestSubmitHandler.cxx
index 06fcb75..6aa1c2b 100644
--- a/Source/CTest/cmCTestSubmitHandler.cxx
+++ b/Source/CTest/cmCTestSubmitHandler.cxx
@@ -234,9 +234,9 @@ bool cmCTestSubmitHandler::SubmitUsingFTP(const std::string& localprefix,
         ::curl_global_cleanup();
         return false;
         }
-      unsigned long filelen = cmSystemTools::FileLength(local_file.c_str());
+      unsigned long filelen = cmSystemTools::FileLength(local_file);
 
-      ftpfile = cmsys::SystemTools::Fopen(local_file.c_str(), "rb");
+      ftpfile = cmsys::SystemTools::Fopen(local_file, "rb");
       *this->LogFile << "\tUpload file: " << local_file << " to "
           << upload_as << std::endl;
       cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, "   Upload file: "
@@ -475,9 +475,9 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP(const std::string& localprefix,
         ::curl_global_cleanup();
         return false;
         }
-      unsigned long filelen = cmSystemTools::FileLength(local_file.c_str());
+      unsigned long filelen = cmSystemTools::FileLength(local_file);
 
-      ftpfile = cmsys::SystemTools::Fopen(local_file.c_str(), "rb");
+      ftpfile = cmsys::SystemTools::Fopen(local_file, "rb");
       cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, "   Upload file: "
         << local_file << " to "
         << upload_as << " Size: " << filelen << std::endl);
@@ -567,7 +567,7 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP(const std::string& localprefix,
             << count << std::endl);
 
           ::fclose(ftpfile);
-          ftpfile = cmsys::SystemTools::Fopen(local_file.c_str(), "rb");
+          ftpfile = cmsys::SystemTools::Fopen(local_file, "rb");
           ::curl_easy_setopt(curl, CURLOPT_INFILE, ftpfile);
 
           chunk.clear();
@@ -931,13 +931,13 @@ bool cmCTestSubmitHandler::SubmitUsingCP(
     cmSystemTools::ConvertToUnixSlashes(lfname);
     lfname += "/" + *file;
     std::string rfname = destination + "/" + remoteprefix + *file;
-    cmSystemTools::CopyFileAlways(lfname.c_str(), rfname.c_str());
+    cmSystemTools::CopyFileAlways(lfname, rfname);
     cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, "   Copy file: "
         << lfname << " to "
         << rfname << std::endl);
     }
   std::string tagDoneFile = destination + "/" + remoteprefix + "DONE";
-  cmSystemTools::Touch(tagDoneFile.c_str(), true);
+  cmSystemTools::Touch(tagDoneFile, true);
   if ( problems )
     {
     return false;
@@ -1418,20 +1418,20 @@ int cmCTestSubmitHandler::ProcessHandler()
     // change to the build directory so that we can uses a relative path
     // on windows since scp dosn't support "c:" a drive in the path
     oldWorkingDirectory = cmSystemTools::GetCurrentWorkingDirectory();
-    cmSystemTools::ChangeDirectory(buildDirectory.c_str());
+    cmSystemTools::ChangeDirectory(buildDirectory);
 
     if ( !this->SubmitUsingSCP(
         this->CTest->GetCTestConfiguration("ScpCommand"),
         "Testing/"+this->CTest->GetCurrentTag(), files, prefix, url) )
       {
-      cmSystemTools::ChangeDirectory(oldWorkingDirectory.c_str());
+      cmSystemTools::ChangeDirectory(oldWorkingDirectory);
       cmCTestLog(this->CTest, ERROR_MESSAGE,
         "   Problems when submitting via SCP"
         << std::endl);
       ofs << "   Problems when submitting via SCP" << std::endl;
       return -1;
       }
-    cmSystemTools::ChangeDirectory(oldWorkingDirectory.c_str());
+    cmSystemTools::ChangeDirectory(oldWorkingDirectory);
     cmCTestLog(this->CTest, HANDLER_OUTPUT, "   Submission successful"
       << std::endl);
     ofs << "   Submission successful" << std::endl;
@@ -1447,7 +1447,7 @@ int cmCTestSubmitHandler::ProcessHandler()
     // on windows since scp dosn't support "c:" a drive in the path
     std::string
       oldWorkingDirectory = cmSystemTools::GetCurrentWorkingDirectory();
-    cmSystemTools::ChangeDirectory(buildDirectory.c_str());
+    cmSystemTools::ChangeDirectory(buildDirectory);
     cmCTestLog(this->CTest, HANDLER_VERBOSE_OUTPUT, "   Change directory: "
                << buildDirectory << std::endl);
 
@@ -1457,14 +1457,14 @@ int cmCTestSubmitHandler::ProcessHandler()
            prefix,
            location) )
       {
-      cmSystemTools::ChangeDirectory(oldWorkingDirectory.c_str());
+      cmSystemTools::ChangeDirectory(oldWorkingDirectory);
       cmCTestLog(this->CTest, ERROR_MESSAGE,
         "   Problems when submitting via CP"
         << std::endl);
       ofs << "   Problems when submitting via cp" << std::endl;
       return -1;
       }
-    cmSystemTools::ChangeDirectory(oldWorkingDirectory.c_str());
+    cmSystemTools::ChangeDirectory(oldWorkingDirectory);
     cmCTestLog(this->CTest, HANDLER_OUTPUT, "   Submission successful"
       << std::endl);
     ofs << "   Submission successful" << std::endl;
diff --git a/Source/CTest/cmCTestTestHandler.cxx b/Source/CTest/cmCTestTestHandler.cxx
index f21d166..f330e58 100644
--- a/Source/CTest/cmCTestTestHandler.cxx
+++ b/Source/CTest/cmCTestTestHandler.cxx
@@ -93,12 +93,12 @@ bool cmCTestSubdirCommand
       fname += *it;
       }
 
-    if ( !cmSystemTools::FileIsDirectory(fname.c_str()) )
+    if ( !cmSystemTools::FileIsDirectory(fname) )
       {
       // No subdirectory? So what...
       continue;
       }
-    cmSystemTools::ChangeDirectory(fname.c_str());
+    cmSystemTools::ChangeDirectory(fname);
     const char* testFilename;
     if( cmSystemTools::FileExists("CTestTestfile.cmake") )
       {
@@ -120,7 +120,7 @@ bool cmCTestSubdirCommand
     bool readit =
       this->Makefile->ReadListFile(this->Makefile->GetCurrentListFile(),
                                    fname.c_str());
-    cmSystemTools::ChangeDirectory(cwd.c_str());
+    cmSystemTools::ChangeDirectory(cwd);
     if(!readit)
       {
       std::string m = "Could not find include file: ";
@@ -129,7 +129,7 @@ bool cmCTestSubdirCommand
       return false;
       }
     }
-  cmSystemTools::ChangeDirectory(cwd.c_str());
+  cmSystemTools::ChangeDirectory(cwd);
   return true;
 }
 
@@ -175,7 +175,7 @@ bool cmCTestAddSubdirectoryCommand
     }
 
   std::string cwd = cmSystemTools::GetCurrentWorkingDirectory();
-  cmSystemTools::ChangeDirectory(cwd.c_str());
+  cmSystemTools::ChangeDirectory(cwd);
   std::string fname = cwd;
   fname += "/";
   fname += args[1];
@@ -185,7 +185,7 @@ bool cmCTestAddSubdirectoryCommand
     // No subdirectory? So what...
     return true;
     }
-  cmSystemTools::ChangeDirectory(fname.c_str());
+  cmSystemTools::ChangeDirectory(fname);
   const char* testFilename;
   if( cmSystemTools::FileExists("CTestTestfile.cmake") )
     {
@@ -200,7 +200,7 @@ bool cmCTestAddSubdirectoryCommand
   else
     {
     // No CTestTestfile? Who cares...
-    cmSystemTools::ChangeDirectory(cwd.c_str());
+    cmSystemTools::ChangeDirectory(cwd);
     return true;
     }
   fname += "/";
@@ -208,7 +208,7 @@ bool cmCTestAddSubdirectoryCommand
   bool readit =
     this->Makefile->ReadListFile(this->Makefile->GetCurrentListFile(),
                                  fname.c_str());
-  cmSystemTools::ChangeDirectory(cwd.c_str());
+  cmSystemTools::ChangeDirectory(cwd);
   if(!readit)
     {
     std::string m = "Could not find include file: ";
@@ -1498,9 +1498,9 @@ std::string cmCTestTestHandler
     {
     // first check without exe extension
     if(cmSystemTools::FileExists(attempted[ai].c_str())
-       && !cmSystemTools::FileIsDirectory(attempted[ai].c_str()))
+       && !cmSystemTools::FileIsDirectory(attempted[ai]))
       {
-      fullPath = cmSystemTools::CollapseFullPath(attempted[ai].c_str());
+      fullPath = cmSystemTools::CollapseFullPath(attempted[ai]);
       resultingConfig = attemptedConfigs[ai];
       }
     // then try with the exe extension
@@ -1510,9 +1510,9 @@ std::string cmCTestTestHandler
       tempPath = attempted[ai];
       tempPath += cmSystemTools::GetExecutableExtension();
       if(cmSystemTools::FileExists(tempPath.c_str())
-         && !cmSystemTools::FileIsDirectory(tempPath.c_str()))
+         && !cmSystemTools::FileIsDirectory(tempPath))
         {
-        fullPath = cmSystemTools::CollapseFullPath(tempPath.c_str());
+        fullPath = cmSystemTools::CollapseFullPath(tempPath);
         resultingConfig = attemptedConfigs[ai];
         }
       else
@@ -1746,7 +1746,7 @@ void cmCTestTestHandler::ExpandTestsToRunInformationForRerunFailed()
   std::string dirName = this->CTest->GetBinaryDir() + "/Testing/Temporary";
 
   cmsys::Directory directory;
-  if (directory.Load(dirName.c_str()) == 0)
+  if (directory.Load(dirName) == 0)
     {
     cmCTestLog(this->CTest, ERROR_MESSAGE, "Unable to read the contents of "
       << dirName << std::endl);
@@ -1754,7 +1754,7 @@ void cmCTestTestHandler::ExpandTestsToRunInformationForRerunFailed()
     }
 
   int numFiles = static_cast<int>
-    (cmsys::Directory::GetNumberOfFilesInDirectory(dirName.c_str()));
+    (cmsys::Directory::GetNumberOfFilesInDirectory(dirName));
   std::string pattern = "LastTestsFailed";
   std::string logName = "";
 
@@ -1777,7 +1777,7 @@ void cmCTestTestHandler::ExpandTestsToRunInformationForRerunFailed()
       // if multiple matching logs were found we use the most recently
       // modified one.
       int res;
-      cmSystemTools::FileTimeCompare(logName.c_str(), fileName.c_str(), &res);
+      cmSystemTools::FileTimeCompare(logName, fileName, &res);
       if (res == -1)
         {
         logName = fileName;
@@ -1939,7 +1939,7 @@ std::string cmCTestTestHandler::GenerateRegressionImages(
         cmCTest::CleanString(measurementfile.match(5));
       if ( cmSystemTools::FileExists(filename.c_str()) )
         {
-        long len = cmSystemTools::FileLength(filename.c_str());
+        long len = cmSystemTools::FileLength(filename);
         if ( len == 0 )
           {
           std::string k1 = measurementfile.match(1);
diff --git a/Source/CTest/cmCTestUpdateHandler.cxx b/Source/CTest/cmCTestUpdateHandler.cxx
index 68f5fe1..7206914 100644
--- a/Source/CTest/cmCTestUpdateHandler.cxx
+++ b/Source/CTest/cmCTestUpdateHandler.cxx
@@ -98,7 +98,7 @@ cmCTestUpdateHandlerLocale::~cmCTestUpdateHandlerLocale()
     {
     std::string put = "LC_MESSAGES=";
     put += saveLCMessages;
-    cmSystemTools::PutEnv(put.c_str());
+    cmSystemTools::PutEnv(put);
     }
   else
     {
diff --git a/Source/CTest/cmParseBlanketJSCoverage.cxx b/Source/CTest/cmParseBlanketJSCoverage.cxx
new file mode 100644
index 0000000..fc90bc1
--- /dev/null
+++ b/Source/CTest/cmParseBlanketJSCoverage.cxx
@@ -0,0 +1,166 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2000-2009 Kitware, Inc.
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+#include "cmStandardIncludes.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include "cmSystemTools.h"
+#include "cmParseBlanketJSCoverage.h"
+#include <cmsys/Directory.hxx>
+#include <cmsys/Glob.hxx>
+#include <cmsys/FStream.hxx>
+
+
+class cmParseBlanketJSCoverage::JSONParser
+  {
+public:
+  typedef cmCTestCoverageHandlerContainer::
+      SingleFileCoverageVector FileLinesType;
+  JSONParser(cmCTestCoverageHandlerContainer& cont)
+      : Coverage(cont)
+    {
+    }
+
+  virtual ~JSONParser()
+    {
+    }
+
+  std::string getValue(std::string line, int type)
+    {
+    size_t begIndex;
+    size_t endIndex;
+    endIndex = line.rfind(',');
+    begIndex = line.find_first_of(':');
+    if(type == 0)
+      {
+      //  A unique substring to remove the extra characters
+      //  around the files name in the JSON (extra " and ,)
+      std::string foundFileName =
+          line.substr(begIndex+3,endIndex-(begIndex+4));
+      return foundFileName;
+      }
+    else
+      {
+      return line.substr(begIndex,line.npos);
+      }
+    }
+  bool ParseFile(std::string file)
+    {
+    FileLinesType localCoverageVector;
+    std::string filename;
+    bool foundFile = false;
+    bool inSource  = false;
+    std::string covResult;
+    std::string line;
+
+    cmsys::ifstream in(file.c_str());
+    if(!in)
+      {
+      return false;
+      }
+    while(  cmSystemTools::GetLineFromStream(in, line))
+      {
+      if(line.find("filename") != line.npos)
+        {
+        if(foundFile)
+          {
+          /*
+          * Upon finding a second file name, generate a
+          * vector within the total coverage to capture the
+          * information in the local vector
+          */
+          FileLinesType& CoverageVector =
+              this->Coverage.TotalCoverage[filename];
+          CoverageVector = localCoverageVector;
+          localCoverageVector.clear();
+          foundFile=false;
+          }
+        foundFile= true;
+        inSource = false;
+        filename = getValue(line,0).c_str();
+        }
+      else if((line.find("coverage") != line.npos) && foundFile && inSource )
+        {
+        /*
+        *  two types of "coverage" in the JSON structure
+        *
+        *  The coverage result over the file or set of files
+        *  and the coverage for each individual line
+        *
+        *  FoundFile and foundSource ensure that
+        *  only the value of the line coverage is captured
+        */
+        std::string result = getValue(line,1);
+        result = result.substr(2,result.npos);
+        if(result == "\"\"")
+          {
+          // Empty quotation marks indicate that the
+          // line is not executable
+          localCoverageVector.push_back(-1);
+          }
+        else
+          {
+          // Else, it contains the number of time executed
+          localCoverageVector.push_back(atoi(result.c_str()));
+          }
+        }
+      else if(line.find("source") != line.npos)
+        {
+        inSource=true;
+        }
+      }
+
+    // On exit, capture end of last file covered.
+    FileLinesType& CoverageVector =
+        this->Coverage.TotalCoverage[filename];
+    CoverageVector = localCoverageVector;
+    foundFile=false;
+    localCoverageVector.clear();
+    return true;
+    }
+private:
+  cmCTestCoverageHandlerContainer& Coverage;
+};
+
+cmParseBlanketJSCoverage::cmParseBlanketJSCoverage(
+  cmCTestCoverageHandlerContainer& cont,  cmCTest* ctest)
+  :Coverage(cont), CTest(ctest)
+  {
+  }
+
+bool cmParseBlanketJSCoverage::LoadCoverageData(std::vector<std::string> files)
+  {
+  size_t i=0;
+  std::string path;
+      cmCTestLog(this->CTest,HANDLER_VERBOSE_OUTPUT,
+       "Found " << files.size() <<" Files" << std::endl);
+  for(i=0;i<files.size();i++)
+    {
+    cmCTestLog(this->CTest,HANDLER_VERBOSE_OUTPUT,
+       "Reading JSON File " << files[i]  << std::endl);
+
+    if(!this->ReadJSONFile(files[i]))
+      {
+      return false;
+      }
+    }
+  return true;
+  }
+
+bool cmParseBlanketJSCoverage::ReadJSONFile(std::string file)
+  {
+  cmParseBlanketJSCoverage::JSONParser parser
+     (this->Coverage);
+  cmCTestLog(this->CTest,HANDLER_VERBOSE_OUTPUT,
+       "Parsing " << file << std::endl);
+  parser.ParseFile(file);
+  return true;
+  }
diff --git a/Source/CTest/cmParseBlanketJSCoverage.h b/Source/CTest/cmParseBlanketJSCoverage.h
new file mode 100644
index 0000000..fc1d477
--- /dev/null
+++ b/Source/CTest/cmParseBlanketJSCoverage.h
@@ -0,0 +1,48 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2000-2009 Kitware, Inc.
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#ifndef cmParseBlanketJSCoverage_h
+#define cmParseBlanketJSCoverage_h
+
+#include "cmStandardIncludes.h"
+#include "cmCTestCoverageHandler.h"
+
+
+/** \class cmParseBlanketJSCoverage
+ * \brief Parse BlanketJS coverage information
+ *
+ * This class is used to parse BlanketJS(Pascal) coverage information
+ * generated by the Blanket.js library when used in conjunction with the
+ * test runner mocha.js, which is used to write out the JSON format.
+ *
+ *  Blanket.js:
+ *  http://blanketjs.org/
+ *
+ *  Mocha.js
+ *  http://visionmedia.github.io/mocha/
+ */
+class cmParseBlanketJSCoverage
+{
+public:
+  cmParseBlanketJSCoverage(cmCTestCoverageHandlerContainer& cont,
+       cmCTest* ctest);
+  bool LoadCoverageData(std::vector<std::string> files);
+  //  Read the JSON output
+  bool ReadJSONFile(std::string file);
+
+protected:
+
+  class JSONParser;
+  cmCTestCoverageHandlerContainer& Coverage;
+  cmCTest* CTest;
+};
+#endif
diff --git a/Source/CTest/cmParseCacheCoverage.cxx b/Source/CTest/cmParseCacheCoverage.cxx
index d17f169..97454a8 100644
--- a/Source/CTest/cmParseCacheCoverage.cxx
+++ b/Source/CTest/cmParseCacheCoverage.cxx
@@ -31,7 +31,7 @@ bool cmParseCacheCoverage::LoadCoverageData(const char* d)
     {
     std::string file = dir.GetFile(i);
     if(file != "." && file != ".."
-       && !cmSystemTools::FileIsDirectory(file.c_str()))
+       && !cmSystemTools::FileIsDirectory(file))
       {
       std::string path = d;
       path += "/";
diff --git a/Source/CTest/cmParseDelphiCoverage.cxx b/Source/CTest/cmParseDelphiCoverage.cxx
new file mode 100644
index 0000000..ad71c85
--- /dev/null
+++ b/Source/CTest/cmParseDelphiCoverage.cxx
@@ -0,0 +1,253 @@
+#include "cmStandardIncludes.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include "cmSystemTools.h"
+#include "cmXMLParser.h"
+#include "cmParseDelphiCoverage.h"
+#include <cmsys/Directory.hxx>
+#include <cmsys/Glob.hxx>
+#include <cmsys/FStream.hxx>
+
+
+class cmParseDelphiCoverage::HTMLParser
+{
+public:
+  typedef cmCTestCoverageHandlerContainer::SingleFileCoverageVector
+  FileLinesType;
+  HTMLParser(cmCTest* ctest, cmCTestCoverageHandlerContainer& cont)
+     : CTest(ctest), Coverage(cont)
+    {
+    }
+
+  virtual ~HTMLParser()
+    {
+    }
+
+  bool initializeDelphiFile(const std::string filename,
+     cmParseDelphiCoverage::HTMLParser::FileLinesType &coverageVector)
+    {
+    std::string line;
+    size_t comPos;
+    size_t semiPos;
+    bool blockComFlag= false;
+    bool lineComFlag= false;
+    std::vector<std::string> beginSet;
+    cmsys::ifstream in(filename.c_str());
+    if(!in)
+      {
+      return false;
+      }
+    while(cmSystemTools::GetLineFromStream(in, line))
+      {
+      lineComFlag=false;
+      // Unique cases found in lines.
+      size_t beginPos = line.find("begin");
+
+      //Check that the begin is the first non-space string on the line
+      if( (beginPos == line.find_first_not_of(' ')) && beginPos != line.npos )
+        {
+        beginSet.push_back("begin");
+        coverageVector.push_back(-1);
+        continue;
+        }
+      else if(line.find('{') != line.npos)
+        {
+        blockComFlag=true;
+        }
+      else if(line.find('}') != line.npos)
+        {
+        blockComFlag=false;
+        coverageVector.push_back(-1);
+        continue;
+        }
+      else if((line.find("end;") != line.npos)
+         && (beginSet.size() > 0))
+        {
+        beginSet.pop_back();
+        coverageVector.push_back(-1);
+        continue;
+        }
+
+      //  This checks for comments after lines of code, finding the
+      //  comment symbol after the ending semicolon.
+      comPos = line.find("//");
+      if(comPos != line.npos)
+        {
+        semiPos= line.find(';');
+        if(comPos < semiPos)
+          {
+          lineComFlag=true;
+          }
+        }
+      //Based up what was found, add a line to the coverageVector
+      if((beginSet.size() > 0) && line != ""  && !blockComFlag
+         && !lineComFlag)
+        {
+        coverageVector.push_back(0);
+        }
+      else
+        {
+        coverageVector.push_back(-1);
+        }
+      }
+      return true;
+    }
+  bool ParseFile(const char* file)
+    {
+    std::string line=file;
+    std::string lineresult;
+    std::string lastroutine;
+    std::string filename;
+    std::string filelineoffset;
+    size_t afterLineNum = 0;
+    size_t lastoffset = 0;
+    size_t endcovpos = 0;
+    size_t endnamepos = 0;
+    size_t pos = 0;
+
+    /*
+    *  This first 'while' section goes through the found HTML
+    *  file name and attempts to capture the source file name
+    *   which is set as part of the HTML file name: the name of
+    *   the file is found in parenthesis '()'
+    *
+    *   See test HTML file name: UTCovTest(UTCovTest.pas).html.
+    *
+    *   Find the text inside each pair of parenthesis and check
+    *   to see if it ends in '.pas'.  If it can't be found,
+    *   exit the function.
+    */
+    while(true)
+      {
+      lastoffset = line.find('(',pos);
+      if(lastoffset==line.npos)
+        {
+        cmCTestLog(this->CTest,HANDLER_VERBOSE_OUTPUT,
+           endnamepos << "File not found  " << lastoffset  << std::endl);
+        return false;
+        }
+      endnamepos = line.find(')',lastoffset);
+      filename = line.substr(lastoffset+1,
+         (endnamepos-1)-lastoffset);
+      if(filename.find(".pas") != filename.npos)
+        {
+        cmCTestLog(this->CTest,HANDLER_VERBOSE_OUTPUT,
+           "Coverage found for file:  " << filename  << std::endl);
+        break;
+        }
+      pos = lastoffset+1;
+      endnamepos = 0;
+      lastoffset =0;
+      }
+    /*
+    *  Glob through the source directory for the
+    *  file found above
+    */
+    cmsys::Glob gl;
+    gl.RecurseOn();
+    gl.RecurseThroughSymlinksOff();
+    std::string glob = Coverage.SourceDir + "*/" + filename;
+    gl.FindFiles(glob);
+    std::vector<std::string> const& files = gl.GetFiles();
+    if(files.size() == 0)
+      {
+      /*
+      *  If that doesn't find any matching files
+      *  return a failure.
+      */
+      cmCTestLog(this->CTest,HANDLER_VERBOSE_OUTPUT,
+         "Unable to find file matching" << glob << std::endl);
+      return false;
+      }
+    FileLinesType&  coverageVector =
+       this->Coverage.TotalCoverage[files[0]];
+
+    /*
+    *  Initialize the file to have all code between 'begin' and
+    *  'end' tags marked as executable
+    */
+
+    this->initializeDelphiFile(files[0],coverageVector);
+
+    cmsys::ifstream in(file);
+    if(!in)
+      {
+      return false;
+      }
+
+    /*
+    *  Now read the HTML file, looking for the lines that have an
+    *  "inline" in it. Then parse out the "class" value of that
+    *  line to determine if the line is executed or not.
+    *
+    *  Sample HTML line:
+    *
+    *  <tr class="covered"><td>47</td><td><pre style="display:inline;">
+    *    &nbsp;CheckEquals(1,2-1);</pre></td></tr>
+    *
+    */
+
+    while(  cmSystemTools::GetLineFromStream(in, line))
+      {
+      if(line.find("inline") == line.npos)
+        {
+        continue;
+        }
+
+      lastoffset = line.find("class=");
+      endcovpos = line.find(">",lastoffset);
+      lineresult = line.substr(lastoffset+7,(endcovpos-8)-lastoffset);
+
+      if(lineresult == "covered")
+        {
+        afterLineNum = line.find('<',endcovpos+5);
+        filelineoffset= line.substr(endcovpos+5,
+        afterLineNum-(endcovpos+5));
+        coverageVector[atoi(filelineoffset.c_str())-1] = 1;
+        }
+      }
+      return true;
+    }
+
+
+  private:
+    cmCTest* CTest;
+    cmCTestCoverageHandlerContainer& Coverage;
+};
+
+cmParseDelphiCoverage::cmParseDelphiCoverage(
+   cmCTestCoverageHandlerContainer& cont, cmCTest* ctest)
+   :Coverage(cont), CTest(ctest)
+  {
+  }
+
+bool cmParseDelphiCoverage::LoadCoverageData(
+  const std::vector<std::string> files)
+  {
+  size_t i;
+  std::string path;
+  size_t numf = files.size();
+  for (i = 0; i < numf; i++)
+    {
+    path = files[i];
+
+    cmCTestLog(this->CTest,HANDLER_VERBOSE_OUTPUT,
+       "Reading HTML File " << path  << std::endl);
+    if(cmSystemTools::GetFilenameLastExtension(path) == ".html")
+      {
+      if(!this->ReadDelphiHTML(path.c_str()))
+        {
+        return false;
+        }
+      }
+    }
+  return true;
+  };
+
+bool cmParseDelphiCoverage::ReadDelphiHTML(const char* file)
+  {
+  cmParseDelphiCoverage::HTMLParser
+     parser(this->CTest, this->Coverage);
+  parser.ParseFile(file);
+  return true;
+  };
diff --git a/Source/CTest/cmParseDelphiCoverage.h b/Source/CTest/cmParseDelphiCoverage.h
new file mode 100644
index 0000000..018340b
--- /dev/null
+++ b/Source/CTest/cmParseDelphiCoverage.h
@@ -0,0 +1,46 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2000-2009 Kitware, Inc.
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#ifndef cmParseDelphiCoverage_h
+#define cmParseDelphiCoverage_h
+
+#include "cmStandardIncludes.h"
+#include "cmCTestCoverageHandler.h"
+
+
+/** \class cmParseDelphiCoverage
+ * \brief Parse Delphi coverage information
+ *
+ * This class is used to parse Delphi(Pascal) coverage information
+ * generated by the Delphi-Code-Coverage tool
+ *
+ * https://code.google.com/p/delphi-code-coverage/
+ */
+
+class cmParseDelphiCoverage
+  {
+  public:
+    cmParseDelphiCoverage(cmCTestCoverageHandlerContainer& cont,
+        cmCTest* ctest);
+    bool LoadCoverageData(const std::vector<std::string> files);
+    bool ReadDelphiHTML(const char* file);
+    // Read a single HTML file from output
+    bool ReadHTMLFile(const char* f);
+
+
+  protected:
+
+    class HTMLParser;
+    cmCTestCoverageHandlerContainer& Coverage;
+    cmCTest* CTest;
+  };
+#endif
diff --git a/Source/CTest/cmParseGTMCoverage.cxx b/Source/CTest/cmParseGTMCoverage.cxx
index be10c2e..d77244a 100644
--- a/Source/CTest/cmParseGTMCoverage.cxx
+++ b/Source/CTest/cmParseGTMCoverage.cxx
@@ -30,7 +30,7 @@ bool cmParseGTMCoverage::LoadCoverageData(const char* d)
     {
     std::string file = dir.GetFile(i);
     if(file != "." && file != ".."
-       && !cmSystemTools::FileIsDirectory(file.c_str()))
+       && !cmSystemTools::FileIsDirectory(file))
       {
       std::string path = d;
       path += "/";
diff --git a/Source/CTest/cmParsePHPCoverage.cxx b/Source/CTest/cmParsePHPCoverage.cxx
index 3b7f968..c7f5a68 100644
--- a/Source/CTest/cmParsePHPCoverage.cxx
+++ b/Source/CTest/cmParsePHPCoverage.cxx
@@ -239,7 +239,7 @@ bool cmParsePHPCoverage::ReadPHPCoverageDirectory(const char* d)
     {
     std::string file = dir.GetFile(i);
     if(file != "." && file != ".."
-       && !cmSystemTools::FileIsDirectory(file.c_str()))
+       && !cmSystemTools::FileIsDirectory(file))
       {
       std::string path = d;
       path += "/";
diff --git a/Source/CursesDialog/CMakeLists.txt b/Source/CursesDialog/CMakeLists.txt
index 548f5a5..7d4e88c 100644
--- a/Source/CursesDialog/CMakeLists.txt
+++ b/Source/CursesDialog/CMakeLists.txt
@@ -26,13 +26,25 @@ set( CURSES_SRCS
               CursesDialog/ccmake
    )
 
-include_directories(${CMake_SOURCE_DIR}/Source/CursesDialog/form
-                    ${CMake_BINARY_DIR}/Source/CursesDialog/form)
+if( NOT CMAKE_USE_SYSTEM_FORM )
+  include_directories(${CMake_SOURCE_DIR}/Source/CursesDialog/form
+                      ${CMake_BINARY_DIR}/Source/CursesDialog/form)
+endif()
 include_directories(${CURSES_INCLUDE_PATH})
 
 
 add_executable(ccmake ${CURSES_SRCS} )
 target_link_libraries(ccmake CMakeLib)
-target_link_libraries(ccmake cmForm)
+if(CMAKE_USE_SYSTEM_FORM)
+  target_link_libraries(ccmake
+    ${CURSES_FORM_LIBRARY}
+    ${CURSES_LIBRARY}
+  )
+  if(CURSES_EXTRA_LIBRARY)
+    target_link_libraries(ccmake ${CURSES_EXTRA_LIBRARY})
+  endif()
+else()
+  target_link_libraries(ccmake cmForm)
+endif()
 
 install(TARGETS ccmake DESTINATION bin)
diff --git a/Source/CursesDialog/cmCursesMainForm.cxx b/Source/CursesDialog/cmCursesMainForm.cxx
index 0734927..4200e9e 100644
--- a/Source/CursesDialog/cmCursesMainForm.cxx
+++ b/Source/CursesDialog/cmCursesMainForm.cxx
@@ -47,7 +47,7 @@ cmCursesMainForm::cmCursesMainForm(std::vector<std::string> const& args,
     cmSystemTools::GetCMakeCursesCommand());
 
   // create the arguments for the cmake object
-  std::string whereCMake = cmSystemTools::GetProgramPath(this->Args[0].c_str());
+  std::string whereCMake = cmSystemTools::GetProgramPath(this->Args[0]);
   whereCMake += "/cmake";
   this->Args[0] = whereCMake;
   this->CMakeInstance->SetArgs(this->Args);
diff --git a/Source/CursesDialog/cmCursesPathWidget.cxx b/Source/CursesDialog/cmCursesPathWidget.cxx
index cd93bc3..89e2238 100644
--- a/Source/CursesDialog/cmCursesPathWidget.cxx
+++ b/Source/CursesDialog/cmCursesPathWidget.cxx
@@ -69,7 +69,7 @@ void cmCursesPathWidget::OnTab(cmCursesMainForm* fm, WINDOW* w)
     cstr = cstr.substr(0, cstr.size()-1);
     }
 
-  if ( cmSystemTools::FileIsDirectory(cstr.c_str()) )
+  if ( cmSystemTools::FileIsDirectory(cstr) )
     {
     cstr += "/";
     }
diff --git a/Source/CursesDialog/cmCursesStandardIncludes.h b/Source/CursesDialog/cmCursesStandardIncludes.h
index b157a28..791ac9b 100644
--- a/Source/CursesDialog/cmCursesStandardIncludes.h
+++ b/Source/CursesDialog/cmCursesStandardIncludes.h
@@ -15,30 +15,13 @@
  #define _MSE_INT_H
 #endif
 
-#include <cmFormConfigure.h>
-
 #if defined(__hpux)
 # define _BOOL_DEFINED
 # include <sys/time.h>
-# define _XOPEN_SOURCE_EXTENDED
-# include <curses.h>
-# include <form.h>
-# undef _XOPEN_SOURCE_EXTENDED
-#else
-/* figure out which curses.h to include */
-# if defined(CURSES_HAVE_NCURSES_H)
-#  include <ncurses.h>
-# elif defined(CURSES_HAVE_NCURSES_NCURSES_H)
-#  include <ncurses/ncurses.h>
-# elif defined(CURSES_HAVE_NCURSES_CURSES_H)
-#  include <ncurses/curses.h>
-# else
-#  include <curses.h>
-# endif
-
-# include <form.h>
 #endif
 
+#include <form.h>
+
 // This is a hack to prevent warnings about these functions being
 // declared but not referenced.
 #if defined(__sgi) && !defined(__GNUC__)
@@ -57,10 +40,6 @@ public:
 };
 #endif
 
-#ifndef getmaxyx
- #define getmaxyx(w,y,x) ((y) = getmaxy(w), (x) = getmaxx(w))
-#endif
-
 
 // on some machines move erase and clear conflict with stl
 // so remove them from the namespace
diff --git a/Source/CursesDialog/form/fld_attr.c b/Source/CursesDialog/form/fld_attr.c
index 8619588..35ea903 100644
--- a/Source/CursesDialog/form/fld_attr.c
+++ b/Source/CursesDialog/form/fld_attr.c
@@ -29,13 +29,7 @@
 /****************************************************************************
  *   Author: Juergen Pfeifer <juergen.pfeifer@gmx.net> 1995,1997            *
  ****************************************************************************/
-#if defined(__hpux)
- #define _XOPEN_SOURCE_EXTENDED
-#endif
- #include "form.priv.h"
-#if defined(__hpux)
-  #undef _XOPEN_SOURCE_EXTENDED
-#endif
+#include "form.priv.h"
 MODULE_ID("$Id$")
 
 /*----------------------------------------------------------------------------
diff --git a/Source/CursesDialog/form/form.h b/Source/CursesDialog/form/form.h
index 94f05af..1219cb5 100644
--- a/Source/CursesDialog/form/form.h
+++ b/Source/CursesDialog/form/form.h
@@ -47,7 +47,17 @@
 # elif defined(CURSES_HAVE_NCURSES_CURSES_H)
 #  include <ncurses/curses.h>
 # else
+#  if defined(__hpux)
+#   if defined(_XOPEN_SOURCE_EXTENDED)
+#    define HAVE__XOPEN_SOURCE_EXTENDED
+#   else
+#    define _XOPEN_SOURCE_EXTENDED
+#   endif
+#  endif
 #  include <curses.h>
+#  if defined(__hpux) && !defined(HAVE__XOPEN_SOURCE_EXTENDED)
+#   undef _XOPEN_SOURCE_EXTENDED
+#  endif
 # endif
 
 #include <eti.h>
diff --git a/Source/CursesDialog/form/form.priv.h b/Source/CursesDialog/form/form.priv.h
index 3691f2f..8516a6f 100644
--- a/Source/CursesDialog/form/form.priv.h
+++ b/Source/CursesDialog/form/form.priv.h
@@ -33,12 +33,6 @@
 #include "mf_common.h"
 #include "form.h"
 
-/* get around odd bug on aCC and itanium */
-#if defined(__hpux) && defined(__ia64)
-#define getmaxx __getmaxx
-#define getmaxy __getmaxy
-#endif
-
 /* form  status values */
 #define _OVLMODE         (0x04) /* Form is in overlay mode                */
 #define _WINDOW_MODIFIED (0x10) /* Current field window has been modified */
diff --git a/Source/CursesDialog/form/frm_driver.c b/Source/CursesDialog/form/frm_driver.c
index b9611bf..26f580e 100644
--- a/Source/CursesDialog/form/frm_driver.c
+++ b/Source/CursesDialog/form/frm_driver.c
@@ -29,13 +29,7 @@
 /****************************************************************************
  *   Author: Juergen Pfeifer <juergen.pfeifer@gmx.net> 1995,1997            *
  ****************************************************************************/
-#if defined(__hpux)
- #define _XOPEN_SOURCE_EXTENDED
-#endif
 #include "form.priv.h"
-#if defined(__hpux)
- #undef _XOPEN_SOURCE_EXTENDED
-#endif
 
 /* AIX seems to define this */
 #undef lines
@@ -357,12 +351,7 @@ static void Buffer_To_Window(const FIELD  * field, WINDOW * win)
 
   assert(win && field);
 
-#if defined(__LSB_VERSION__)
   getmaxyx(win, height, width);
-#else
-  width  = getmaxx(win);
-  height = getmaxy(win);
-#endif
 
   for(row=0, pBuffer=field->buf; 
       row < height; 
@@ -394,17 +383,13 @@ static void Window_To_Buffer(WINDOW * win, FIELD  * field)
   int pad;
   int len = 0;
   char *p;
-  int row, height;
+  int row, height, width;
   
   assert(win && field && field->buf );
 
   pad = field->pad;
   p = field->buf;
-#if defined(__LSB_VERSION__)
-  { int width; getmaxyx(win, height, width); }
-#else
-  height = getmaxy(win);
-#endif
+  getmaxyx(win, height, width);
 
   for(row=0; (row < height) && (row < field->drows); row++ )
     {
diff --git a/Source/CursesDialog/form/frm_post.c b/Source/CursesDialog/form/frm_post.c
index 3c63de7..924fe6a 100644
--- a/Source/CursesDialog/form/frm_post.c
+++ b/Source/CursesDialog/form/frm_post.c
@@ -63,12 +63,7 @@ int post_form(FORM * form)
     RETURN(E_NOT_CONNECTED);
   
   formwin = Get_Form_Window(form);
-#if defined(__LSB_VERSION__)
   getmaxyx(formwin, height, width);
-#else
-  width  = getmaxx(formwin);
-  height = getmaxy(formwin);
-#endif
   if ((form->cols > width) || (form->rows > height))
     RETURN(E_NO_ROOM);
 
diff --git a/Source/CursesDialog/form/frm_req_name.c b/Source/CursesDialog/form/frm_req_name.c
index b108dab..6fb9183 100644
--- a/Source/CursesDialog/form/frm_req_name.c
+++ b/Source/CursesDialog/form/frm_req_name.c
@@ -35,13 +35,7 @@
 * Routines to handle external names of menu requests                       *
 ***************************************************************************/
 
-#if defined(__hpux)
- #define _XOPEN_SOURCE_EXTENDED
-#endif
 #include "form.priv.h"
-#if defined(__hpux)
- #undef _XOPEN_SOURCE_EXTENDED
-#endif
 
 MODULE_ID("$Id$")
 
diff --git a/Source/QtDialog/CMake.desktop b/Source/QtDialog/CMake.desktop
index 7be495f..842091f 100644
--- a/Source/QtDialog/CMake.desktop
+++ b/Source/QtDialog/CMake.desktop
@@ -3,7 +3,7 @@ Version=1.0
 Name=CMake
 Comment=Cross-platform buildsystem
 Exec=cmake-gui %f
-Icon=CMakeSetup32
+Icon=CMakeSetup
 Terminal=false
 X-MultipleArgs=false
 Type=Application
diff --git a/Source/QtDialog/CMakeLists.txt b/Source/QtDialog/CMakeLists.txt
index 03c2fb4..b59af94 100644
--- a/Source/QtDialog/CMakeLists.txt
+++ b/Source/QtDialog/CMakeLists.txt
@@ -171,11 +171,17 @@ set(CMAKE_INSTALL_DESTINATION_ARGS
 
 install(TARGETS cmake-gui RUNTIME DESTINATION bin ${CMAKE_INSTALL_DESTINATION_ARGS})
 
-if(UNIX)
+if(UNIX AND NOT APPLE)
+  foreach (size IN ITEMS 32 128)
+    install(
+      FILES       "${CMAKE_CURRENT_SOURCE_DIR}/CMakeSetup${size}.png"
+      DESTINATION "share/icons/hicolor/${size}x${size}/apps"
+      RENAME      "CMakeSetup.png")
+  endforeach ()
+
   # install a desktop file so CMake appears in the application start menu
   # with an icon
   install(FILES CMake.desktop DESTINATION share/applications )
-  install(FILES CMakeSetup32.png DESTINATION share/pixmaps )
   install(FILES cmakecache.xml DESTINATION share/mime/packages )
 endif()
 
diff --git a/Source/cmAddCustomCommandCommand.cxx b/Source/cmAddCustomCommandCommand.cxx
index 6a95550..818b910 100644
--- a/Source/cmAddCustomCommandCommand.cxx
+++ b/Source/cmAddCustomCommandCommand.cxx
@@ -32,9 +32,10 @@ bool cmAddCustomCommandCommand
   std::string source, target, main_dependency, working;
   std::string comment_buffer;
   const char* comment = 0;
-  std::vector<std::string> depends, outputs, output;
+  std::vector<std::string> depends, outputs, output, byproducts;
   bool verbatim = false;
   bool append = false;
+  bool uses_terminal = false;
   std::string implicit_depends_lang;
   cmCustomCommand::ImplicitDependsList implicit_depends;
 
@@ -56,6 +57,7 @@ bool cmAddCustomCommandCommand
     doing_main_dependency,
     doing_output,
     doing_outputs,
+    doing_byproducts,
     doing_comment,
     doing_working_directory,
     doing_nothing
@@ -102,6 +104,10 @@ bool cmAddCustomCommandCommand
       {
       append = true;
       }
+    else if(copy == "USES_TERMINAL")
+      {
+      uses_terminal = true;
+      }
     else if(copy == "TARGET")
       {
       doing = doing_target;
@@ -122,6 +128,10 @@ bool cmAddCustomCommandCommand
       {
       doing = doing_output;
       }
+    else if (copy == "BYPRODUCTS")
+      {
+      doing = doing_byproducts;
+      }
     else if (copy == "WORKING_DIRECTORY")
       {
       doing = doing_working_directory;
@@ -145,6 +155,7 @@ bool cmAddCustomCommandCommand
         {
         case doing_output:
         case doing_outputs:
+        case doing_byproducts:
           if (!cmSystemTools::FileIsFullPath(copy.c_str()))
             {
             // This is an output to be generated, so it should be
@@ -228,6 +239,9 @@ bool cmAddCustomCommandCommand
          case doing_outputs:
            outputs.push_back(filename);
            break;
+         case doing_byproducts:
+           byproducts.push_back(filename);
+           break;
          case doing_comment:
            comment_buffer = copy;
            comment = comment_buffer.c_str();
@@ -267,7 +281,9 @@ bool cmAddCustomCommandCommand
     }
 
   // Make sure the output names and locations are safe.
-  if(!this->CheckOutputs(output) || !this->CheckOutputs(outputs))
+  if(!this->CheckOutputs(output) ||
+     !this->CheckOutputs(outputs) ||
+     !this->CheckOutputs(byproducts))
     {
     return false;
     }
@@ -300,7 +316,7 @@ bool cmAddCustomCommandCommand
   if(!working.empty())
     {
     const char* build_dir = this->Makefile->GetCurrentOutputDirectory();
-    working = cmSystemTools::CollapseFullPath(working.c_str(), build_dir);
+    working = cmSystemTools::CollapseFullPath(working, build_dir);
     }
 
   // Choose which mode of the command to use.
@@ -309,19 +325,19 @@ bool cmAddCustomCommandCommand
     {
     // Source is empty, use the target.
     std::vector<std::string> no_depends;
-    this->Makefile->AddCustomCommandToTarget(target, no_depends,
+    this->Makefile->AddCustomCommandToTarget(target, byproducts, no_depends,
                                              commandLines, cctype,
                                              comment, working.c_str(),
-                                             escapeOldStyle);
+                                             escapeOldStyle, uses_terminal);
     }
   else if(target.empty())
     {
     // Target is empty, use the output.
-    this->Makefile->AddCustomCommandToOutput(output, depends,
-                                             main_dependency,
+    this->Makefile->AddCustomCommandToOutput(output, byproducts,
+                                             depends, main_dependency,
                                              commandLines, comment,
                                              working.c_str(), false,
-                                             escapeOldStyle);
+                                             escapeOldStyle, uses_terminal);
 
     // Add implicit dependency scanning requests if any were given.
     if(!implicit_depends.empty())
@@ -346,6 +362,16 @@ bool cmAddCustomCommandCommand
         }
       }
     }
+  else if (!byproducts.empty())
+    {
+    this->SetError("BYPRODUCTS may not be specified with SOURCE signatures");
+    return false;
+    }
+  else if (uses_terminal)
+    {
+    this->SetError("USES_TERMINAL may not be used with SOURCE signatures");
+    return false;
+    }
   else
     {
     bool issueMessage = true;
diff --git a/Source/cmAddCustomTargetCommand.cxx b/Source/cmAddCustomTargetCommand.cxx
index 2fb0eb3..09c8af5 100644
--- a/Source/cmAddCustomTargetCommand.cxx
+++ b/Source/cmAddCustomTargetCommand.cxx
@@ -45,9 +45,10 @@ bool cmAddCustomTargetCommand
   cmCustomCommandLines commandLines;
 
   // Accumulate dependencies.
-  std::vector<std::string> depends;
+  std::vector<std::string> depends, byproducts;
   std::string working_directory;
   bool verbatim = false;
+  bool uses_terminal = false;
   std::string comment_buffer;
   const char* comment = 0;
   std::vector<std::string> sources;
@@ -56,10 +57,11 @@ bool cmAddCustomTargetCommand
   enum tdoing {
     doing_command,
     doing_depends,
+    doing_byproducts,
     doing_working_directory,
     doing_comment,
     doing_source,
-    doing_verbatim
+    doing_nothing
   };
   tdoing doing = doing_command;
 
@@ -84,15 +86,24 @@ bool cmAddCustomTargetCommand
       {
       doing = doing_depends;
       }
+    else if(copy == "BYPRODUCTS")
+      {
+      doing = doing_byproducts;
+      }
     else if(copy == "WORKING_DIRECTORY")
       {
       doing = doing_working_directory;
       }
     else if(copy == "VERBATIM")
       {
-      doing = doing_verbatim;
+      doing = doing_nothing;
       verbatim = true;
       }
+    else if(copy == "USES_TERMINAL")
+      {
+      doing = doing_nothing;
+      uses_terminal = true;
+      }
     else if (copy == "COMMENT")
       {
       doing = doing_comment;
@@ -122,6 +133,19 @@ bool cmAddCustomTargetCommand
         case doing_command:
           currentLine.push_back(copy);
           break;
+        case doing_byproducts:
+          {
+          std::string filename;
+          if (!cmSystemTools::FileIsFullPath(copy.c_str()))
+            {
+            filename = this->Makefile->GetCurrentOutputDirectory();
+            filename += "/";
+            }
+          filename += copy;
+          cmSystemTools::ConvertToUnixSlashes(filename);
+          byproducts.push_back(filename);
+          }
+          break;
         case doing_depends:
           {
           std::string dep = copy;
@@ -218,15 +242,30 @@ bool cmAddCustomTargetCommand
     {
     const char* build_dir = this->Makefile->GetCurrentOutputDirectory();
     working_directory =
-      cmSystemTools::CollapseFullPath(working_directory.c_str(), build_dir);
+      cmSystemTools::CollapseFullPath(working_directory, build_dir);
+    }
+
+  if (commandLines.empty() && !byproducts.empty())
+    {
+    this->Makefile->IssueMessage(cmake::FATAL_ERROR,
+      "BYPRODUCTS may not be specified without any COMMAND");
+    return true;
+    }
+  if (commandLines.empty() && uses_terminal)
+    {
+    this->Makefile->IssueMessage(cmake::FATAL_ERROR,
+      "USES_TERMINAL may not be specified without any COMMAND");
+    return true;
     }
 
   // Add the utility target to the makefile.
   bool escapeOldStyle = !verbatim;
   cmTarget* target =
     this->Makefile->AddUtilityCommand(targetName, excludeFromAll,
-                                      working_directory.c_str(), depends,
-                                      commandLines, escapeOldStyle, comment);
+                                      working_directory.c_str(),
+                                      byproducts, depends,
+                                      commandLines, escapeOldStyle, comment,
+                                      uses_terminal);
 
   // Add additional user-specified source files to the target.
   target->AddSources(sources);
diff --git a/Source/cmAddLibraryCommand.cxx b/Source/cmAddLibraryCommand.cxx
index cdc9f2a..bba4d41 100644
--- a/Source/cmAddLibraryCommand.cxx
+++ b/Source/cmAddLibraryCommand.cxx
@@ -328,9 +328,8 @@ bool cmAddLibraryCommand
     CMAKE_${LANG}_CREATE_SHARED_LIBRARY is defined and if not default to
     STATIC. But at this point we know only the name of the target, but not
     yet its linker language. */
-  if ((type != cmTarget::STATIC_LIBRARY) &&
-      (type != cmTarget::OBJECT_LIBRARY) &&
-      (type != cmTarget::INTERFACE_LIBRARY) &&
+  if ((type == cmTarget::SHARED_LIBRARY ||
+       type == cmTarget::MODULE_LIBRARY) &&
        (this->Makefile->GetCMakeInstance()->GetPropertyAsBool(
                                       "TARGET_SUPPORTS_SHARED_LIBS") == false))
     {
diff --git a/Source/cmAddSubDirectoryCommand.cxx b/Source/cmAddSubDirectoryCommand.cxx
index 4ea2524..477a3d9 100644
--- a/Source/cmAddSubDirectoryCommand.cxx
+++ b/Source/cmAddSubDirectoryCommand.cxx
@@ -61,7 +61,7 @@ bool cmAddSubDirectoryCommand::InitialPass
     srcPath += "/";
     srcPath += srcArg;
     }
-  if(!cmSystemTools::FileIsDirectory(srcPath.c_str()))
+  if(!cmSystemTools::FileIsDirectory(srcPath))
     {
     std::string error = "given source \"";
     error += srcArg;
@@ -69,7 +69,7 @@ bool cmAddSubDirectoryCommand::InitialPass
     this->SetError(error);
     return false;
     }
-  srcPath = cmSystemTools::CollapseFullPath(srcPath.c_str());
+  srcPath = cmSystemTools::CollapseFullPath(srcPath);
 
   // Compute the full path to the binary directory.
   std::string binPath;
@@ -78,7 +78,7 @@ bool cmAddSubDirectoryCommand::InitialPass
     // No binary directory was specified.  If the source directory is
     // not a subdirectory of the current directory then it is an
     // error.
-    if(!cmSystemTools::IsSubDirectory(srcPath.c_str(),
+    if(!cmSystemTools::IsSubDirectory(srcPath,
                                       this->Makefile->GetCurrentDirectory()))
       {
       cmOStringStream e;
@@ -118,7 +118,7 @@ bool cmAddSubDirectoryCommand::InitialPass
       binPath += binArg;
       }
     }
-  binPath = cmSystemTools::CollapseFullPath(binPath.c_str());
+  binPath = cmSystemTools::CollapseFullPath(binPath);
 
   // Add the subdirectory using the computed full paths.
   this->Makefile->AddSubDirectory(srcPath, binPath,
diff --git a/Source/cmBootstrapCommands1.cxx b/Source/cmBootstrapCommands1.cxx
index 9093579..4274d85 100644
--- a/Source/cmBootstrapCommands1.cxx
+++ b/Source/cmBootstrapCommands1.cxx
@@ -28,6 +28,7 @@
 #include "cmCMakePolicyCommand.cxx"
 #include "cmCommandArgumentsHelper.cxx"
 #include "cmConfigureFileCommand.cxx"
+#include "cmContinueCommand.cxx"
 #include "cmCoreTryCompile.cxx"
 #include "cmCreateTestSourceList.cxx"
 #include "cmDefinePropertyCommand.cxx"
@@ -52,6 +53,8 @@
 #include "cmFindProgramCommand.cxx"
 #include "cmForEachCommand.cxx"
 #include "cmFunctionCommand.cxx"
+#include "cmPathLabel.cxx"
+#include "cmSearchPath.cxx"
 
 void GetBootstrapCommands1(std::list<cmCommand*>& commands)
 {
@@ -68,6 +71,7 @@ void GetBootstrapCommands1(std::list<cmCommand*>& commands)
   commands.push_back(new cmCMakeMinimumRequired);
   commands.push_back(new cmCMakePolicyCommand);
   commands.push_back(new cmConfigureFileCommand);
+  commands.push_back(new cmContinueCommand);
   commands.push_back(new cmCreateTestSourceList);
   commands.push_back(new cmDefinePropertyCommand);
   commands.push_back(new cmElseCommand);
diff --git a/Source/cmBreakCommand.cxx b/Source/cmBreakCommand.cxx
index b70e400..ff527db 100644
--- a/Source/cmBreakCommand.cxx
+++ b/Source/cmBreakCommand.cxx
@@ -12,10 +12,76 @@
 #include "cmBreakCommand.h"
 
 // cmBreakCommand
-bool cmBreakCommand::InitialPass(std::vector<std::string> const&,
+bool cmBreakCommand::InitialPass(std::vector<std::string> const &args,
                                   cmExecutionStatus &status)
 {
+  if(!this->Makefile->IsLoopBlock())
+    {
+    bool issueMessage = true;
+    cmOStringStream e;
+    cmake::MessageType messageType = cmake::AUTHOR_WARNING;
+    switch(this->Makefile->GetPolicyStatus(cmPolicies::CMP0055))
+      {
+      case cmPolicies::WARN:
+        e << (this->Makefile->GetPolicies()
+                  ->GetPolicyWarning(cmPolicies::CMP0055)) << "\n";
+        break;
+      case cmPolicies::OLD:
+        issueMessage = false;
+        break;
+      case cmPolicies::REQUIRED_ALWAYS:
+      case cmPolicies::REQUIRED_IF_USED:
+      case cmPolicies::NEW:
+        messageType = cmake::FATAL_ERROR;
+        break;
+      }
+
+    if(issueMessage)
+      {
+      e << "A BREAK command was found outside of a proper "
+           "FOREACH or WHILE loop scope.";
+      this->Makefile->IssueMessage(messageType, e.str());
+       if(messageType == cmake::FATAL_ERROR)
+        {
+        return false;
+        }
+      }
+    }
+
   status.SetBreakInvoked(true);
+
+  if(!args.empty())
+    {
+    bool issueMessage = true;
+    cmOStringStream e;
+    cmake::MessageType messageType = cmake::AUTHOR_WARNING;
+    switch(this->Makefile->GetPolicyStatus(cmPolicies::CMP0055))
+      {
+      case cmPolicies::WARN:
+        e << (this->Makefile->GetPolicies()
+                  ->GetPolicyWarning(cmPolicies::CMP0055)) << "\n";
+        break;
+      case cmPolicies::OLD:
+        issueMessage = false;
+        break;
+      case cmPolicies::REQUIRED_ALWAYS:
+      case cmPolicies::REQUIRED_IF_USED:
+      case cmPolicies::NEW:
+        messageType = cmake::FATAL_ERROR;
+        break;
+      }
+
+    if(issueMessage)
+      {
+      e << "The BREAK command does not accept any arguments.";
+      this->Makefile->IssueMessage(messageType, e.str());
+       if(messageType == cmake::FATAL_ERROR)
+        {
+        return false;
+        }
+      }
+    }
+
   return true;
 }
 
diff --git a/Source/cmCPluginAPI.cxx b/Source/cmCPluginAPI.cxx
index dd2a1b8..b304f28 100644
--- a/Source/cmCPluginAPI.cxx
+++ b/Source/cmCPluginAPI.cxx
@@ -353,10 +353,11 @@ void CCONV cmAddCustomCommandToTarget(void *arg, const char* target,
     }
 
   // Pass the call to the makefile instance.
+  std::vector<std::string> no_byproducts;
   std::vector<std::string> no_depends;
   const char* no_comment = 0;
   const char* no_working_dir = 0;
-  mf->AddCustomCommandToTarget(target, no_depends, commandLines,
+  mf->AddCustomCommandToTarget(target, no_byproducts, no_depends, commandLines,
                                cctype, no_comment, no_working_dir);
 }
 
diff --git a/Source/cmCTest.cxx b/Source/cmCTest.cxx
index a7905a4..2bf7b77 100644
--- a/Source/cmCTest.cxx
+++ b/Source/cmCTest.cxx
@@ -208,7 +208,7 @@ int cmCTest::HTTPRequest(std::string url, HTTPMethod method,
         return -1;
         }
       ::curl_easy_setopt(curl, CURLOPT_PUT, 1);
-      file = cmsys::SystemTools::Fopen(putFile.c_str(), "rb");
+      file = cmsys::SystemTools::Fopen(putFile, "rb");
       ::curl_easy_setopt(curl, CURLOPT_INFILE, file);
       //fall through to append GET fields
     case cmCTest::HTTP_GET:
@@ -524,7 +524,7 @@ int cmCTest::Initialize(const char* binary_dir, cmCTestStartCommand* command)
     std::string testingDir = this->BinaryDir + "/Testing";
     if ( cmSystemTools::FileExists(testingDir.c_str()) )
       {
-      if ( !cmSystemTools::FileIsDirectory(testingDir.c_str()) )
+      if ( !cmSystemTools::FileIsDirectory(testingDir) )
         {
         cmCTestLog(this, ERROR_MESSAGE, "File " << testingDir
           << " is in the place of the testing directory" << std::endl);
@@ -809,7 +809,7 @@ bool cmCTest::UpdateCTestConfiguration()
   if ( !this->GetCTestConfiguration("BuildDirectory").empty() )
     {
     this->BinaryDir = this->GetCTestConfiguration("BuildDirectory");
-    cmSystemTools::ChangeDirectory(this->BinaryDir.c_str());
+    cmSystemTools::ChangeDirectory(this->BinaryDir);
     }
   this->TimeOut = atoi(this->GetCTestConfiguration("TimeOut").c_str());
   if ( this->ProduceXML )
@@ -884,7 +884,7 @@ bool cmCTest::OpenOutputFile(const std::string& path,
     }
   if ( cmSystemTools::FileExists(testingDir.c_str()) )
     {
-    if ( !cmSystemTools::FileIsDirectory(testingDir.c_str()) )
+    if ( !cmSystemTools::FileIsDirectory(testingDir) )
       {
       cmCTestLog(this, ERROR_MESSAGE, "File " << testingDir
                 << " is in the place of the testing directory"
@@ -1061,17 +1061,17 @@ int cmCTest::ProcessTests()
   if ( !notest )
     {
     std::string notes_dir = this->BinaryDir + "/Testing/Notes";
-    if ( cmSystemTools::FileIsDirectory(notes_dir.c_str()) )
+    if ( cmSystemTools::FileIsDirectory(notes_dir) )
       {
       cmsys::Directory d;
-      d.Load(notes_dir.c_str());
+      d.Load(notes_dir);
       unsigned long kk;
       for ( kk = 0; kk < d.GetNumberOfFiles(); kk ++ )
         {
         const char* file = d.GetFile(kk);
         std::string fullname = notes_dir + "/" + file;
         if ( cmSystemTools::FileExists(fullname.c_str()) &&
-          !cmSystemTools::FileIsDirectory(fullname.c_str()) )
+          !cmSystemTools::FileIsDirectory(fullname) )
           {
           if ( this->NotesFiles.size() > 0 )
             {
@@ -1294,7 +1294,7 @@ int cmCTest::RunTest(std::vector<const char*> argv,
   cmCTestLog(this, HANDLER_VERBOSE_OUTPUT,
              "Test timeout computed to be: " << timeout << "\n");
   if(cmSystemTools::SameFile(
-       argv[0], cmSystemTools::GetCTestCommand().c_str()) &&
+       argv[0], cmSystemTools::GetCTestCommand()) &&
      !this->ForceNewCTestProcess)
     {
     cmCTest inst;
@@ -1342,7 +1342,7 @@ int cmCTest::RunTest(std::vector<const char*> argv,
       {
       *log << *output;
       }
-    cmSystemTools::ChangeDirectory(oldpath.c_str());
+    cmSystemTools::ChangeDirectory(oldpath);
 
     cmCTestLog(this, HANDLER_VERBOSE_OUTPUT,
       "Internal cmCTest object used to run test." << std::endl
@@ -1681,14 +1681,14 @@ std::string cmCTest::Base64GzipEncodeFile(std::string file)
     return "";
     }
   std::string base64 = this->Base64EncodeFile(tarFile);
-  cmSystemTools::RemoveFile(tarFile.c_str());
+  cmSystemTools::RemoveFile(tarFile);
   return base64;
 }
 
 //----------------------------------------------------------------------
 std::string cmCTest::Base64EncodeFile(std::string file)
 {
-  long len = cmSystemTools::FileLength(file.c_str());
+  long len = cmSystemTools::FileLength(file);
   cmsys::ifstream ifs(file.c_str(), std::ios::in
 #ifdef _WIN32
     | std::ios::binary
@@ -2628,10 +2628,10 @@ std::string cmCTest::GetShortPathToFile(const char* cfname)
 {
   const std::string& sourceDir
     = cmSystemTools::CollapseFullPath(
-        this->GetCTestConfiguration("SourceDirectory").c_str());
+        this->GetCTestConfiguration("SourceDirectory"));
   const std::string& buildDir
     = cmSystemTools::CollapseFullPath(
-        this->GetCTestConfiguration("BuildDirectory").c_str());
+        this->GetCTestConfiguration("BuildDirectory"));
   std::string fname = cmSystemTools::CollapseFullPath(cfname);
 
   // Find relative paths to both directories
@@ -2860,7 +2860,7 @@ void cmCTest::SetConfigType(const char* ct)
   cmSystemTools::ReplaceString(this->ConfigType, ".\\", "");
   std::string confTypeEnv
     = "CMAKE_CONFIG_TYPE=" + this->ConfigType;
-  cmSystemTools::PutEnv(confTypeEnv.c_str());
+  cmSystemTools::PutEnv(confTypeEnv);
 }
 
 //----------------------------------------------------------------------
diff --git a/Source/cmCacheManager.cxx b/Source/cmCacheManager.cxx
index d6b84a0..6a47ea7 100644
--- a/Source/cmCacheManager.cxx
+++ b/Source/cmCacheManager.cxx
@@ -139,7 +139,7 @@ bool cmCacheManager::ParseEntry(const std::string& entry,
 {
   // input line is:         key:type=value
   static cmsys::RegularExpression reg(
-    "^([^:]*):([^=]*)=(.*[^\r\t ]|[\r\t ]*)[\r\t ]*$");
+    "^([^=:]*):([^=]*)=(.*[^\r\t ]|[\r\t ]*)[\r\t ]*$");
   // input line is:         "key":type=value
   static cmsys::RegularExpression regQuoted(
     "^\"([^\"]*)\":([^=]*)=(.*[^\r\t ]|[\r\t ]*)[\r\t ]*$");
@@ -189,7 +189,7 @@ void cmCacheManager::CleanCMakeFiles(const std::string& path)
   for(std::vector<std::string>::iterator i = files.begin();
       i != files.end(); ++i)
     {
-    cmSystemTools::RemoveFile(i->c_str());
+    cmSystemTools::RemoveFile(*i);
     }
 }
 
@@ -336,7 +336,7 @@ bool cmCacheManager::LoadCache(const std::string& path,
     cmSystemTools::ConvertToUnixSlashes(currentcwd);
     currentcwd += "/CMakeCache.txt";
     oldcwd += "/CMakeCache.txt";
-    if(!cmSystemTools::SameFile(oldcwd.c_str(), currentcwd.c_str()))
+    if(!cmSystemTools::SameFile(oldcwd, currentcwd))
       {
       std::string message =
         std::string("The current CMakeCache.txt directory ") +
@@ -586,13 +586,13 @@ bool cmCacheManager::DeleteCache(const std::string& path)
   cacheFile += "/CMakeCache.txt";
   if(cmSystemTools::FileExists(cacheFile.c_str()))
     {
-    cmSystemTools::RemoveFile(cacheFile.c_str());
+    cmSystemTools::RemoveFile(cacheFile);
     // now remove the files in the CMakeFiles directory
     // this cleans up language cache files
     cmakeFiles += cmake::GetCMakeFilesDirectory();
-    if(cmSystemTools::FileIsDirectory(cmakeFiles.c_str()))
+    if(cmSystemTools::FileIsDirectory(cmakeFiles))
       {
-      cmSystemTools::RemoveADirectory(cmakeFiles.c_str());
+      cmSystemTools::RemoveADirectory(cmakeFiles);
       }
     }
   return true;
diff --git a/Source/cmCallVisualStudioMacro.cxx b/Source/cmCallVisualStudioMacro.cxx
index 0c15477..c211111 100644
--- a/Source/cmCallVisualStudioMacro.cxx
+++ b/Source/cmCallVisualStudioMacro.cxx
@@ -34,8 +34,6 @@ static bool LogErrorsAsMessages;
 // Copied from a correct comdef.h to avoid problems with deficient versions
 // of comdef.h that exist in the wild... Fixes issue #7533.
 //
-#if ( _MSC_VER >= 1300 )
-// VS7 and later:
 #ifdef _NATIVE_WCHAR_T_DEFINED
 # ifdef _DEBUG
 # pragma comment(lib, "comsuppwd.lib")
@@ -49,10 +47,6 @@ static bool LogErrorsAsMessages;
 # pragma comment(lib, "comsupp.lib")
 # endif
 #endif
-#else
-// VS6 only had comsupp.lib:
-# pragma comment(lib, "comsupp.lib")
-#endif
 
 
 //----------------------------------------------------------------------------
@@ -63,12 +57,13 @@ static bool LogErrorsAsMessages;
     { \
     if (LogErrorsAsMessages) \
       { \
-      std::ostringstream oss; \
-      oss.flags(std::ios::hex); \
-      oss << context << " failed HRESULT, hr = 0x" << hr << std::endl; \
-      oss.flags(std::ios::dec); \
-      oss << __FILE__ << "(" << __LINE__ << ")"; \
-      cmSystemTools::Message(oss.str().c_str()); \
+      std::ostringstream _hresult_oss; \
+      _hresult_oss.flags(std::ios::hex); \
+      _hresult_oss << context << " failed HRESULT, hr = 0x" \
+                   << hr << std::endl; \
+      _hresult_oss.flags(std::ios::dec); \
+      _hresult_oss << __FILE__ << "(" << __LINE__ << ")"; \
+      cmSystemTools::Message(_hresult_oss.str().c_str()); \
       } \
     }
 
diff --git a/Source/cmCommandArgumentParser.cxx b/Source/cmCommandArgumentParser.cxx
index c5146c5..9f8a4de 100644
--- a/Source/cmCommandArgumentParser.cxx
+++ b/Source/cmCommandArgumentParser.cxx
@@ -183,12 +183,6 @@ static void cmCommandArgumentError(yyscan_t yyscanner, const char* message);
 #define YYINITDEPTH 10000
 
 /* Disable some warnings in the generated code.  */
-#ifdef __BORLANDC__
-# pragma warn -8004 /* Variable assigned a value that is not used.  */
-# pragma warn -8008 /* condition always returns true */
-# pragma warn -8060 /* possibly incorrect assignment */
-# pragma warn -8066 /* unreachable code */
-#endif
 #ifdef _MSC_VER
 # pragma warning (disable: 4102) /* Unused goto label.  */
 # pragma warning (disable: 4065) /* Switch statement contains default but no
diff --git a/Source/cmCommandArgumentParser.y b/Source/cmCommandArgumentParser.y
index 48f5c8e..b1d53f6 100644
--- a/Source/cmCommandArgumentParser.y
+++ b/Source/cmCommandArgumentParser.y
@@ -64,12 +64,6 @@ static void cmCommandArgumentError(yyscan_t yyscanner, const char* message);
 #define YYINITDEPTH 10000
 
 /* Disable some warnings in the generated code.  */
-#ifdef __BORLANDC__
-# pragma warn -8004 /* Variable assigned a value that is not used.  */
-# pragma warn -8008 /* condition always returns true */
-# pragma warn -8060 /* possibly incorrect assignment */
-# pragma warn -8066 /* unreachable code */
-#endif
 #ifdef _MSC_VER
 # pragma warning (disable: 4102) /* Unused goto label.  */
 # pragma warning (disable: 4065) /* Switch statement contains default but no
diff --git a/Source/cmComputeLinkInformation.cxx b/Source/cmComputeLinkInformation.cxx
index e1852a3..f4fa5c6 100644
--- a/Source/cmComputeLinkInformation.cxx
+++ b/Source/cmComputeLinkInformation.cxx
@@ -675,7 +675,7 @@ void cmComputeLinkInformation::AddItem(std::string const& item,
     // This is not a CMake target.  Use the name given.
     if(cmSystemTools::FileIsFullPath(item.c_str()))
       {
-      if(cmSystemTools::FileIsDirectory(item.c_str()))
+      if(cmSystemTools::FileIsDirectory(item))
         {
         // This is a directory.
         this->AddDirectoryItem(item);
@@ -1937,10 +1937,10 @@ void cmComputeLinkInformation::GetRPath(std::vector<std::string>& runtimeDirs,
         // Do not add any path inside the source or build tree.
         const char* topSourceDir = this->Makefile->GetHomeDirectory();
         const char* topBinaryDir = this->Makefile->GetHomeOutputDirectory();
-        if(!cmSystemTools::ComparePath(ri->c_str(), topSourceDir) &&
-           !cmSystemTools::ComparePath(ri->c_str(), topBinaryDir) &&
-           !cmSystemTools::IsSubDirectory(ri->c_str(), topSourceDir) &&
-           !cmSystemTools::IsSubDirectory(ri->c_str(), topBinaryDir))
+        if(!cmSystemTools::ComparePath(*ri, topSourceDir) &&
+           !cmSystemTools::ComparePath(*ri, topBinaryDir) &&
+           !cmSystemTools::IsSubDirectory(*ri, topSourceDir) &&
+           !cmSystemTools::IsSubDirectory(*ri, topBinaryDir))
           {
           std::string d = *ri;
           if (!rootPath.empty() && d.find(rootPath) == 0)
diff --git a/Source/cmConditionEvaluator.cxx b/Source/cmConditionEvaluator.cxx
index 6065b8a..aba26de 100644
--- a/Source/cmConditionEvaluator.cxx
+++ b/Source/cmConditionEvaluator.cxx
@@ -11,7 +11,6 @@
 ============================================================================*/
 
 #include "cmConditionEvaluator.h"
-#include "cmStringCommand.h"
 
 cmConditionEvaluator::cmConditionEvaluator(cmMakefile& makefile):
   Makefile(makefile),
@@ -556,7 +555,7 @@ bool cmConditionEvaluator::HandleLevel2(cmArgumentList &newArgs,
         {
         def = this->GetVariableOrString(*arg);
         const char* rex = argP2->c_str();
-        cmStringCommand::ClearMatches(&this->Makefile);
+        this->Makefile.ClearMatches();
         cmsys::RegularExpression regEntry;
         if ( !regEntry.compile(rex) )
           {
@@ -568,7 +567,7 @@ bool cmConditionEvaluator::HandleLevel2(cmArgumentList &newArgs,
           }
         if (regEntry.find(def))
           {
-          cmStringCommand::StoreMatches(&this->Makefile, regEntry);
+          this->Makefile.StoreMatches(regEntry);
           *arg = cmExpandedCommandArgument("1", true);
           }
         else
diff --git a/Source/cmConfigureFileCommand.cxx b/Source/cmConfigureFileCommand.cxx
index 395e6c8..cc6cf5f 100644
--- a/Source/cmConfigureFileCommand.cxx
+++ b/Source/cmConfigureFileCommand.cxx
@@ -32,7 +32,7 @@ bool cmConfigureFileCommand
   this->InputFile += inFile;
 
   // If the input location is a directory, error out.
-  if(cmSystemTools::FileIsDirectory(this->InputFile.c_str()))
+  if(cmSystemTools::FileIsDirectory(this->InputFile))
     {
     cmOStringStream e;
     e << "input location\n"
@@ -51,7 +51,7 @@ bool cmConfigureFileCommand
   this->OutputFile += outFile;
 
   // If the output location is already a directory put the file in it.
-  if(cmSystemTools::FileIsDirectory(this->OutputFile.c_str()))
+  if(cmSystemTools::FileIsDirectory(this->OutputFile))
     {
     this->OutputFile += "/";
     this->OutputFile += cmSystemTools::GetFilenameName(inFile);
@@ -74,6 +74,7 @@ bool cmConfigureFileCommand
   this->CopyOnly = false;
   this->EscapeQuotes = false;
 
+  std::string unknown_args;
   this->AtOnly = false;
   for(unsigned int i=2;i < args.size();++i)
     {
@@ -99,6 +100,18 @@ bool cmConfigureFileCommand
       {
       /* Ignore legacy option.  */
       }
+    else
+      {
+      unknown_args += " ";
+      unknown_args += args[i];
+      unknown_args += "\n";
+      }
+    }
+  if (!unknown_args.empty())
+    {
+    std::string msg = "configure_file called with unknown argument(s):\n";
+    msg += unknown_args;
+    this->Makefile->IssueMessage(cmake::AUTHOR_WARNING, msg);
     }
 
   if ( !this->ConfigureFile() )
diff --git a/Source/cmContinueCommand.cxx b/Source/cmContinueCommand.cxx
new file mode 100644
index 0000000..4a03caa
--- /dev/null
+++ b/Source/cmContinueCommand.cxx
@@ -0,0 +1,39 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2000-2014 Kitware, Inc., Insight Software Consortium
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+#include "cmContinueCommand.h"
+
+// cmContinueCommand
+bool cmContinueCommand::InitialPass(std::vector<std::string> const &args,
+                                  cmExecutionStatus &status)
+{
+  if(!this->Makefile->IsLoopBlock())
+    {
+    this->Makefile->IssueMessage(cmake::FATAL_ERROR,
+                                 "A CONTINUE command was found outside of a "
+                                 "proper FOREACH or WHILE loop scope.");
+    cmSystemTools::SetFatalErrorOccured();
+    return true;
+    }
+
+  status.SetContinueInvoked(true);
+
+  if(!args.empty())
+    {
+    this->Makefile->IssueMessage(cmake::FATAL_ERROR,
+                                 "The CONTINUE command does not accept any "
+                                 "arguments.");
+    cmSystemTools::SetFatalErrorOccured();
+    return true;
+    }
+
+  return true;
+}
diff --git a/Source/cmContinueCommand.h b/Source/cmContinueCommand.h
new file mode 100644
index 0000000..093b14f
--- /dev/null
+++ b/Source/cmContinueCommand.h
@@ -0,0 +1,55 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2000-2014 Kitware, Inc., Insight Software Consortium
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+#ifndef cmContinueCommand_h
+#define cmContinueCommand_h
+
+#include "cmCommand.h"
+
+/** \class cmContinueCommand
+ * \brief Continue from an enclosing foreach or while loop
+ *
+ * cmContinueCommand returns from an enclosing foreach or while loop
+ */
+class cmContinueCommand : public cmCommand
+{
+public:
+  /**
+   * This is a virtual constructor for the command.
+   */
+  virtual cmCommand* Clone()
+    {
+    return new cmContinueCommand;
+    }
+
+  /**
+   * This is called when the command is first encountered in
+   * the CMakeLists.txt file.
+   */
+  virtual bool InitialPass(std::vector<std::string> const& args,
+                           cmExecutionStatus &status);
+
+  /**
+   * This determines if the command is invoked when in script mode.
+   */
+  virtual bool IsScriptable() const { return true; }
+
+  /**
+   * The name of the command as specified in CMakeList.txt.
+   */
+  virtual std::string GetName() const { return "continue"; }
+
+  cmTypeMacro(cmContinueCommand, cmCommand);
+};
+
+
+
+#endif
diff --git a/Source/cmCoreTryCompile.cxx b/Source/cmCoreTryCompile.cxx
index bc5708d..512f5cf 100644
--- a/Source/cmCoreTryCompile.cxx
+++ b/Source/cmCoreTryCompile.cxx
@@ -233,7 +233,7 @@ int cmCoreTryCompile::TryCompileCode(std::vector<std::string> const& argv)
     {
     // remove any CMakeCache.txt files so we will have a clean test
     std::string ccFile = this->BinaryDirectory + "/CMakeCache.txt";
-    cmSystemTools::RemoveFile(ccFile.c_str());
+    cmSystemTools::RemoveFile(ccFile);
 
     // Choose sources.
     if(!useSources)
@@ -279,7 +279,7 @@ int cmCoreTryCompile::TryCompileCode(std::vector<std::string> const& argv)
     sourceDirectory = this->BinaryDirectory.c_str();
 
     // now create a CMakeLists.txt file in that directory
-    FILE *fout = cmsys::SystemTools::Fopen(outFileName.c_str(),"w");
+    FILE *fout = cmsys::SystemTools::Fopen(outFileName,"w");
     if (!fout)
       {
       cmOStringStream e;
@@ -514,8 +514,8 @@ int cmCoreTryCompile::TryCompileCode(std::vector<std::string> const& argv)
     if ((res==0) && (copyFile.size()))
       {
       if(this->OutputFile.empty() ||
-         !cmSystemTools::CopyFileAlways(this->OutputFile.c_str(),
-                                        copyFile.c_str()))
+         !cmSystemTools::CopyFileAlways(this->OutputFile,
+                                        copyFile))
         {
         cmOStringStream emsg;
         emsg << "Cannot copy output executable\n"
@@ -580,10 +580,10 @@ void cmCoreTryCompile::CleanupFiles(const char* binDir)
         std::string fullPath = binDir;
         fullPath += "/";
         fullPath += dir.GetFile(static_cast<unsigned long>(fileNum));
-        if(cmSystemTools::FileIsDirectory(fullPath.c_str()))
+        if(cmSystemTools::FileIsDirectory(fullPath))
           {
           this->CleanupFiles(fullPath.c_str());
-          cmSystemTools::RemoveADirectory(fullPath.c_str());
+          cmSystemTools::RemoveADirectory(fullPath);
           }
         else
           {
@@ -599,7 +599,7 @@ void cmCoreTryCompile::CleanupFiles(const char* binDir)
             }
           if(retry.Count == 0)
 #else
-          if(!cmSystemTools::RemoveFile(fullPath.c_str()))
+          if(!cmSystemTools::RemoveFile(fullPath))
 #endif
             {
             std::string m = "Remove failed on file: " + fullPath;
@@ -649,7 +649,7 @@ void cmCoreTryCompile::FindOutputFile(const std::string& targetName)
     command += tmpOutputFile;
     if(cmSystemTools::FileExists(command.c_str()))
       {
-      tmpOutputFile = cmSystemTools::CollapseFullPath(command.c_str());
+      tmpOutputFile = cmSystemTools::CollapseFullPath(command);
       this->OutputFile = tmpOutputFile;
       return;
       }
diff --git a/Source/cmCustomCommand.cxx b/Source/cmCustomCommand.cxx
index c161eb6..2afb029 100644
--- a/Source/cmCustomCommand.cxx
+++ b/Source/cmCustomCommand.cxx
@@ -22,11 +22,13 @@ cmCustomCommand::cmCustomCommand()
   this->HaveComment = false;
   this->EscapeOldStyle = true;
   this->EscapeAllowMakeVars = false;
+  this->UsesTerminal = false;
 }
 
 //----------------------------------------------------------------------------
 cmCustomCommand::cmCustomCommand(const cmCustomCommand& r):
   Outputs(r.Outputs),
+  Byproducts(r.Byproducts),
   Depends(r.Depends),
   CommandLines(r.CommandLines),
   HaveComment(r.HaveComment),
@@ -34,7 +36,8 @@ cmCustomCommand::cmCustomCommand(const cmCustomCommand& r):
   WorkingDirectory(r.WorkingDirectory),
   EscapeAllowMakeVars(r.EscapeAllowMakeVars),
   EscapeOldStyle(r.EscapeOldStyle),
-  Backtrace(r.Backtrace)
+  Backtrace(r.Backtrace),
+  UsesTerminal(r.UsesTerminal)
 {
 }
 
@@ -47,6 +50,7 @@ cmCustomCommand& cmCustomCommand::operator=(cmCustomCommand const& r)
     }
 
   this->Outputs = r.Outputs;
+  this->Byproducts= r.Byproducts;
   this->Depends = r.Depends;
   this->CommandLines = r.CommandLines;
   this->HaveComment = r.HaveComment;
@@ -56,6 +60,7 @@ cmCustomCommand& cmCustomCommand::operator=(cmCustomCommand const& r)
   this->EscapeOldStyle = r.EscapeOldStyle;
   this->ImplicitDepends = r.ImplicitDepends;
   this->Backtrace = r.Backtrace;
+  this->UsesTerminal = r.UsesTerminal;
 
   return *this;
 }
@@ -63,11 +68,13 @@ cmCustomCommand& cmCustomCommand::operator=(cmCustomCommand const& r)
 //----------------------------------------------------------------------------
 cmCustomCommand::cmCustomCommand(cmMakefile const* mf,
                                  const std::vector<std::string>& outputs,
+                                 const std::vector<std::string>& byproducts,
                                  const std::vector<std::string>& depends,
                                  const cmCustomCommandLines& commandLines,
                                  const char* comment,
                                  const char* workingDirectory):
   Outputs(outputs),
+  Byproducts(byproducts),
   Depends(depends),
   CommandLines(commandLines),
   HaveComment(comment?true:false),
@@ -97,6 +104,12 @@ const std::vector<std::string>& cmCustomCommand::GetOutputs() const
 }
 
 //----------------------------------------------------------------------------
+const std::vector<std::string>& cmCustomCommand::GetByproducts() const
+{
+  return this->Byproducts;
+}
+
+//----------------------------------------------------------------------------
 const std::vector<std::string>& cmCustomCommand::GetDepends() const
 {
   return this->Depends;
@@ -184,3 +197,15 @@ void cmCustomCommand::AppendImplicitDepends(ImplicitDependsList const& l)
   this->ImplicitDepends.insert(this->ImplicitDepends.end(),
                                l.begin(), l.end());
 }
+
+//----------------------------------------------------------------------------
+bool cmCustomCommand::GetUsesTerminal() const
+{
+  return this->UsesTerminal;
+}
+
+//----------------------------------------------------------------------------
+void cmCustomCommand::SetUsesTerminal(bool b)
+{
+  this->UsesTerminal = b;
+}
diff --git a/Source/cmCustomCommand.h b/Source/cmCustomCommand.h
index 21dbefb..0bfaef2 100644
--- a/Source/cmCustomCommand.h
+++ b/Source/cmCustomCommand.h
@@ -32,6 +32,7 @@ public:
   /** Main constructor specifies all information for the command.  */
   cmCustomCommand(cmMakefile const* mf,
                   const std::vector<std::string>& outputs,
+                  const std::vector<std::string>& byproducts,
                   const std::vector<std::string>& depends,
                   const cmCustomCommandLines& commandLines,
                   const char* comment,
@@ -42,6 +43,9 @@ public:
   /** Get the output file produced by the command.  */
   const std::vector<std::string>& GetOutputs() const;
 
+  /** Get the extra files produced by the command.  */
+  const std::vector<std::string>& GetByproducts() const;
+
   /** Get the vector that holds the list of dependencies.  */
   const std::vector<std::string>& GetDepends() const;
 
@@ -79,8 +83,14 @@ public:
   void AppendImplicitDepends(ImplicitDependsList const&);
   ImplicitDependsList const& GetImplicitDepends() const;
 
+  /** Set/Get whether this custom command should be given access to the
+      real console (if possible).  */
+  bool GetUsesTerminal() const;
+  void SetUsesTerminal(bool b);
+
 private:
   std::vector<std::string> Outputs;
+  std::vector<std::string> Byproducts;
   std::vector<std::string> Depends;
   cmCustomCommandLines CommandLines;
   bool HaveComment;
@@ -90,6 +100,7 @@ private:
   bool EscapeOldStyle;
   cmListFileBacktrace Backtrace;
   ImplicitDependsList ImplicitDepends;
+  bool UsesTerminal;
 };
 
 #endif
diff --git a/Source/cmCustomCommandGenerator.cxx b/Source/cmCustomCommandGenerator.cxx
index 1bca6e6..162d7a1 100644
--- a/Source/cmCustomCommandGenerator.cxx
+++ b/Source/cmCustomCommandGenerator.cxx
@@ -91,6 +91,12 @@ std::vector<std::string> const& cmCustomCommandGenerator::GetOutputs() const
 }
 
 //----------------------------------------------------------------------------
+std::vector<std::string> const& cmCustomCommandGenerator::GetByproducts() const
+{
+  return this->CC.GetByproducts();
+}
+
+//----------------------------------------------------------------------------
 std::vector<std::string> const& cmCustomCommandGenerator::GetDepends() const
 {
   if (!this->DependsDone)
diff --git a/Source/cmCustomCommandGenerator.h b/Source/cmCustomCommandGenerator.h
index 0d8a0a4..b4ae014 100644
--- a/Source/cmCustomCommandGenerator.h
+++ b/Source/cmCustomCommandGenerator.h
@@ -42,6 +42,7 @@ public:
   const char* GetComment() const;
   std::string GetWorkingDirectory() const;
   std::vector<std::string> const& GetOutputs() const;
+  std::vector<std::string> const& GetByproducts() const;
   std::vector<std::string> const& GetDepends() const;
 };
 
diff --git a/Source/cmDepends.cxx b/Source/cmDepends.cxx
index 134f45b..947db82 100644
--- a/Source/cmDepends.cxx
+++ b/Source/cmDepends.cxx
@@ -94,7 +94,7 @@ bool cmDepends::Check(const char *makeFile, const char *internalFile,
     // Get the CWD but do not call CollapseFullPath because
     // we only need it to cd back, and the form does not matter
     oldcwd = cmSystemTools::GetCurrentWorkingDirectory(false);
-    cmSystemTools::ChangeDirectory(this->CompileDirectory.c_str());
+    cmSystemTools::ChangeDirectory(this->CompileDirectory);
     }
 
   // Check whether dependencies must be regenerated.
@@ -111,7 +111,7 @@ bool cmDepends::Check(const char *makeFile, const char *internalFile,
   // Restore working directory.
   if(oldcwd != ".")
     {
-    cmSystemTools::ChangeDirectory(oldcwd.c_str());
+    cmSystemTools::ChangeDirectory(oldcwd);
     }
 
   return okay;
diff --git a/Source/cmDependsFortran.cxx b/Source/cmDependsFortran.cxx
index 8fc8347..4082d24 100644
--- a/Source/cmDependsFortran.cxx
+++ b/Source/cmDependsFortran.cxx
@@ -668,7 +668,7 @@ bool cmDependsFortran::CopyModule(const std::vector<std::string>& args)
     if(cmDependsFortran::ModulesDiffer(mod_upper.c_str(), stamp.c_str(),
                                        compilerId.c_str()))
       {
-      if(!cmSystemTools::CopyFileAlways(mod_upper.c_str(), stamp.c_str()))
+      if(!cmSystemTools::CopyFileAlways(mod_upper, stamp))
         {
         std::cerr << "Error copying Fortran module from \""
                   << mod_upper << "\" to \"" << stamp
@@ -683,7 +683,7 @@ bool cmDependsFortran::CopyModule(const std::vector<std::string>& args)
     if(cmDependsFortran::ModulesDiffer(mod_lower.c_str(), stamp.c_str(),
                                        compilerId.c_str()))
       {
-      if(!cmSystemTools::CopyFileAlways(mod_lower.c_str(), stamp.c_str()))
+      if(!cmSystemTools::CopyFileAlways(mod_lower, stamp))
         {
         std::cerr << "Error copying Fortran module from \""
                   << mod_lower << "\" to \"" << stamp
diff --git a/Source/cmDependsFortranParser.cxx b/Source/cmDependsFortranParser.cxx
index 7b49a9c..9d51025 100644
--- a/Source/cmDependsFortranParser.cxx
+++ b/Source/cmDependsFortranParser.cxx
@@ -144,12 +144,6 @@ static bool cmDependsFortranParserIsKeyword(const char* word,
 }
 
 /* Disable some warnings in the generated code.  */
-#ifdef __BORLANDC__
-# pragma warn -8004 /* Variable assigned a value that is not used.  */
-# pragma warn -8008 /* condition always returns true */
-# pragma warn -8060 /* possibly incorrect assignment */
-# pragma warn -8066 /* unreachable code */
-#endif
 #ifdef _MSC_VER
 # pragma warning (disable: 4102) /* Unused goto label.  */
 # pragma warning (disable: 4065) /* Switch contains default but no case. */
diff --git a/Source/cmDependsFortranParser.y b/Source/cmDependsFortranParser.y
index d814f30..a987c13 100644
--- a/Source/cmDependsFortranParser.y
+++ b/Source/cmDependsFortranParser.y
@@ -68,12 +68,6 @@ static bool cmDependsFortranParserIsKeyword(const char* word,
 }
 
 /* Disable some warnings in the generated code.  */
-#ifdef __BORLANDC__
-# pragma warn -8004 /* Variable assigned a value that is not used.  */
-# pragma warn -8008 /* condition always returns true */
-# pragma warn -8060 /* possibly incorrect assignment */
-# pragma warn -8066 /* unreachable code */
-#endif
 #ifdef _MSC_VER
 # pragma warning (disable: 4102) /* Unused goto label.  */
 # pragma warning (disable: 4065) /* Switch contains default but no case. */
diff --git a/Source/cmDependsJavaParser.cxx b/Source/cmDependsJavaParser.cxx
index 586c0de..899f4d2 100644
--- a/Source/cmDependsJavaParser.cxx
+++ b/Source/cmDependsJavaParser.cxx
@@ -336,12 +336,6 @@ static void cmDependsJavaError(yyscan_t yyscanner, const char* message);
 #define jpStoreClass(str) \
 yyGetParser->AddClassFound(str); yyGetParser->DeallocateParserType(&(str))
 /* Disable some warnings in the generated code.  */
-#ifdef __BORLANDC__
-# pragma warn -8004 /* Variable assigned a value that is not used.  */
-# pragma warn -8008 /* condition always returns true */
-# pragma warn -8060 /* possibly incorrect assignment */
-# pragma warn -8066 /* unreachable code */
-#endif
 #ifdef _MSC_VER
 # pragma warning (disable: 4102) /* Unused goto label.  */
 # pragma warning (disable: 4065) /* Switch statement contains default but
diff --git a/Source/cmDependsJavaParser.y b/Source/cmDependsJavaParser.y
index 944d4b5..b66dc6d 100644
--- a/Source/cmDependsJavaParser.y
+++ b/Source/cmDependsJavaParser.y
@@ -52,12 +52,6 @@ static void cmDependsJavaError(yyscan_t yyscanner, const char* message);
 #define jpElementStart(cnt) yyGetParser->PrepareElement(&yyval)
 #define jpStoreClass(str) yyGetParser->AddClassFound(str); yyGetParser->DeallocateParserType(&(str))
 /* Disable some warnings in the generated code.  */
-#ifdef __BORLANDC__
-# pragma warn -8004 /* Variable assigned a value that is not used.  */
-# pragma warn -8008 /* condition always returns true */
-# pragma warn -8060 /* possibly incorrect assignment */
-# pragma warn -8066 /* unreachable code */
-#endif
 #ifdef _MSC_VER
 # pragma warning (disable: 4102) /* Unused goto label.  */
 # pragma warning (disable: 4065) /* Switch statement contains default but no case. */
diff --git a/Source/cmExecutionStatus.h b/Source/cmExecutionStatus.h
index 5c94a97..d4da5a4 100644
--- a/Source/cmExecutionStatus.h
+++ b/Source/cmExecutionStatus.h
@@ -36,10 +36,16 @@ public:
   virtual bool GetBreakInvoked()
   { return this->BreakInvoked; }
 
+  virtual void SetContinueInvoked(bool val)
+  { this->ContinueInvoked = val; }
+  virtual bool GetContinueInvoked()
+  { return this->ContinueInvoked; }
+
   virtual void Clear()
     {
     this->ReturnInvoked = false;
     this->BreakInvoked = false;
+    this->ContinueInvoked = false;
     this->NestedError = false;
     }
   virtual void SetNestedError(bool val) { this->NestedError = val; }
@@ -49,6 +55,7 @@ public:
 protected:
   bool ReturnInvoked;
   bool BreakInvoked;
+  bool ContinueInvoked;
   bool NestedError;
 };
 
diff --git a/Source/cmExprParser.cxx b/Source/cmExprParser.cxx
index 77880c0..c12b42e 100644
--- a/Source/cmExprParser.cxx
+++ b/Source/cmExprParser.cxx
@@ -157,12 +157,6 @@ static void cmExprError(yyscan_t yyscanner, const char* message);
 
 
 /* Disable some warnings in the generated code.  */
-#ifdef __BORLANDC__
-# pragma warn -8004 /* Variable assigned a value that is not used.  */
-# pragma warn -8008 /* condition always returns true */
-# pragma warn -8060 /* possibly incorrect assignment */
-# pragma warn -8066 /* unreachable code */
-#endif
 #ifdef _MSC_VER
 # pragma warning (disable: 4102) /* Unused goto label.  */
 # pragma warning (disable: 4065) /* Switch statement contains default but
diff --git a/Source/cmExprParser.y b/Source/cmExprParser.y
index 12c2e48..f2c85d0 100644
--- a/Source/cmExprParser.y
+++ b/Source/cmExprParser.y
@@ -52,12 +52,6 @@ static void cmExprError(yyscan_t yyscanner, const char* message);
 
 
 /* Disable some warnings in the generated code.  */
-#ifdef __BORLANDC__
-# pragma warn -8004 /* Variable assigned a value that is not used.  */
-# pragma warn -8008 /* condition always returns true */
-# pragma warn -8060 /* possibly incorrect assignment */
-# pragma warn -8066 /* unreachable code */
-#endif
 #ifdef _MSC_VER
 # pragma warning (disable: 4102) /* Unused goto label.  */
 # pragma warning (disable: 4065) /* Switch statement contains default but no case. */
diff --git a/Source/cmExtraCodeBlocksGenerator.cxx b/Source/cmExtraCodeBlocksGenerator.cxx
index 56a6edb..79d7bcaff 100644
--- a/Source/cmExtraCodeBlocksGenerator.cxx
+++ b/Source/cmExtraCodeBlocksGenerator.cxx
@@ -276,7 +276,7 @@ void cmExtraCodeBlocksGenerator
                          it->second[0]->GetMakefile()->GetHomeDirectory(),
                          jt->c_str());
       std::vector<std::string> splitted;
-      cmSystemTools::SplitPath(relative.c_str(), splitted, false);
+      cmSystemTools::SplitPath(relative, splitted, false);
       // Split filename from path
       std::string fileName = *(splitted.end()-1);
       splitted.erase(splitted.end() - 1, splitted.end());
diff --git a/Source/cmExtraEclipseCDT4Generator.cxx b/Source/cmExtraEclipseCDT4Generator.cxx
index 1beb3fd..2f69882 100644
--- a/Source/cmExtraEclipseCDT4Generator.cxx
+++ b/Source/cmExtraEclipseCDT4Generator.cxx
@@ -124,8 +124,8 @@ void cmExtraEclipseCDT4Generator::Generate()
               "Enable CMAKE_ECLIPSE_GENERATE_SOURCE_PROJECT instead.");
     }
 
-  if (cmSystemTools::IsSubDirectory(this->HomeOutputDirectory.c_str(),
-                                    this->HomeDirectory.c_str()))
+  if (cmSystemTools::IsSubDirectory(this->HomeOutputDirectory,
+                                    this->HomeDirectory))
     {
     mf->IssueMessage(cmake::WARNING, "The build directory is a subdirectory "
                      "of the source directory.\n"
@@ -495,8 +495,8 @@ void cmExtraEclipseCDT4Generator::CreateProjectFile()
     std::string linkSourceDirectory = this->GetEclipsePath(
                                                       mf->GetStartDirectory());
     // .project dir can't be subdir of a linked resource dir
-    if (!cmSystemTools::IsSubDirectory(this->HomeOutputDirectory.c_str(),
-                                         linkSourceDirectory.c_str()))
+    if (!cmSystemTools::IsSubDirectory(this->HomeOutputDirectory,
+                                         linkSourceDirectory))
       {
       this->AppendLinkedResource(fout, sourceLinkedResourceName,
                                  this->GetEclipsePath(linkSourceDirectory),
@@ -590,7 +590,7 @@ void cmExtraEclipseCDT4Generator::CreateLinksForTargets(
                 ++fileIt)
               {
               std::string fullPath = (*fileIt)->GetFullPath();
-              if (!cmSystemTools::FileIsDirectory(fullPath.c_str()))
+              if (!cmSystemTools::FileIsDirectory(fullPath))
                 {
                 std::string linkName4 = linkName3;
                 linkName4 += "/";
@@ -635,8 +635,8 @@ void cmExtraEclipseCDT4Generator::CreateLinksToSubprojects(
     // a linked resource must not point to a parent directory of .project or
     // .project itself
     if ((baseDir != linkSourceDirectory) &&
-        !cmSystemTools::IsSubDirectory(baseDir.c_str(),
-                                       linkSourceDirectory.c_str()))
+        !cmSystemTools::IsSubDirectory(baseDir,
+                                       linkSourceDirectory))
       {
       std::string linkName = "[Subprojects]/";
       linkName += it->first;
@@ -663,7 +663,7 @@ void cmExtraEclipseCDT4Generator::AppendIncludeDirectories(
     {
     if (!inc->empty())
       {
-      std::string dir = cmSystemTools::CollapseFullPath(inc->c_str());
+      std::string dir = cmSystemTools::CollapseFullPath(*inc);
 
       // handle framework include dirs on OSX, the remainder after the
       // Frameworks/ part has to be stripped
@@ -819,7 +819,7 @@ void cmExtraEclipseCDT4Generator::CreateCProjectFile() const
     // exlude source directory from output search path
     // - only if not named the same as an output directory
     if (!cmSystemTools::FileIsDirectory(
-           std::string(this->HomeOutputDirectory + "/" + *it).c_str()))
+           std::string(this->HomeOutputDirectory + "/" + *it)))
       {
       excludeFromOut += this->EscapeForXML(*it) + "/|";
       }
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx
index 1325cec..a6eb8c4 100644
--- a/Source/cmFileCommand.cxx
+++ b/Source/cmFileCommand.cxx
@@ -21,6 +21,7 @@
 
 #if defined(CMAKE_BUILD_WITH_CMAKE)
 #include "cm_curl.h"
+#include "cmFileLockResult.h"
 #endif
 
 #undef GetCurrentDirectory
@@ -33,6 +34,7 @@
 #include <cmsys/Glob.hxx>
 #include <cmsys/RegularExpression.hxx>
 #include <cmsys/FStream.hxx>
+#include <cmsys/Encoding.hxx>
 
 // Table of permissions flags.
 #if defined(_WIN32) && !defined(__CYGWIN__)
@@ -61,6 +63,35 @@ static mode_t mode_setuid = S_ISUID;
 static mode_t mode_setgid = S_ISGID;
 #endif
 
+#if defined(WIN32) && defined(CMAKE_ENCODING_UTF8)
+// libcurl doesn't support file:// urls for unicode filenames on Windows.
+// Convert string from UTF-8 to ACP if this is a file:// URL.
+static std::string fix_file_url_windows(const std::string& url)
+{
+  std::string ret = url;
+  if(strncmp(url.c_str(), "file://", 7) == 0)
+    {
+    cmsys_stl::wstring wurl = cmsys::Encoding::ToWide(url);
+    if(!wurl.empty())
+      {
+      int mblen = WideCharToMultiByte(CP_ACP, 0, wurl.c_str(), -1,
+                                   NULL, 0, NULL, NULL);
+      if(mblen > 0)
+        {
+        std::vector<char> chars(mblen);
+        mblen = WideCharToMultiByte(CP_ACP, 0, wurl.c_str(), -1,
+                                   &chars[0], mblen, NULL, NULL);
+        if(mblen > 0)
+          {
+          ret = &chars[0];
+          }
+        }
+      }
+    }
+  return ret;
+}
+#endif
+
 // cmLibraryCommand
 bool cmFileCommand
 ::InitialPass(std::vector<std::string> const& args, cmExecutionStatus &)
@@ -172,6 +203,10 @@ bool cmFileCommand
     {
     return this->HandleGenerateCommand(args);
     }
+  else if ( subCommand == "LOCK" )
+    {
+    return this->HandleLockCommand(args);
+    }
 
   std::string e = "does not recognize sub-command "+subCommand;
   this->SetError(e);
@@ -220,8 +255,6 @@ bool cmFileCommand::HandleWriteCommand(std::vector<std::string> const& args,
     cmSystemTools::SetPermissions(fileName.c_str(),
 #if defined( _MSC_VER ) || defined( __MINGW32__ )
       mode | S_IWRITE
-#elif defined( __BORLANDC__ )
-      mode | S_IWUSR
 #else
       mode | S_IWUSR | S_IWGRP
 #endif
@@ -1504,7 +1537,7 @@ bool cmFileCopier::Run(std::vector<std::string> const& args)
     {
     // Split the input file into its directory and name components.
     std::vector<std::string> fromPathComponents;
-    cmSystemTools::SplitPath(files[i].c_str(), fromPathComponents);
+    cmSystemTools::SplitPath(files[i], fromPathComponents);
     std::string fromName = *(fromPathComponents.end()-1);
     std::string fromDir = cmSystemTools::JoinPath(fromPathComponents.begin(),
                                                   fromPathComponents.end()-1);
@@ -1612,7 +1645,7 @@ bool cmFileCopier::InstallSymlink(const char* fromFile, const char* toFile)
     cmSystemTools::RemoveFile(toFile);
 
     // Create the symlink.
-    if(!cmSystemTools::CreateSymlink(symlinkTarget.c_str(), toFile))
+    if(!cmSystemTools::CreateSymlink(symlinkTarget, toFile))
       {
       cmOStringStream e;
       e << this->Name <<  " cannot duplicate symlink \"" << fromFile
@@ -2203,7 +2236,7 @@ bool cmFileInstaller::HandleInstallDestination()
         return false;
         }
       }
-    if ( !cmSystemTools::FileIsDirectory(destination.c_str()) )
+    if ( !cmSystemTools::FileIsDirectory(destination) )
       {
       std::string errstring = "INSTALL destination: " + destination +
         " is not a directory.";
@@ -2553,14 +2586,14 @@ bool cmFileCommand::HandleRemove(std::vector<std::string> const& args,
       fileName += "/" + *i;
       }
 
-    if(cmSystemTools::FileIsDirectory(fileName.c_str()) &&
-       !cmSystemTools::FileIsSymlink(fileName.c_str()) && recurse)
+    if(cmSystemTools::FileIsDirectory(fileName) &&
+       !cmSystemTools::FileIsSymlink(fileName) && recurse)
       {
-      cmSystemTools::RemoveADirectory(fileName.c_str());
+      cmSystemTools::RemoveADirectory(fileName);
       }
     else
       {
-      cmSystemTools::RemoveFile(fileName.c_str());
+      cmSystemTools::RemoveFile(fileName);
       }
     }
   return true;
@@ -2584,7 +2617,7 @@ bool cmFileCommand::HandleCMakePathCommand(std::vector<std::string>
 #else
   char pathSep = ':';
 #endif
-  std::vector<cmsys::String> path = cmSystemTools::SplitString(i->c_str(),
+  std::vector<cmsys::String> path = cmSystemTools::SplitString(*i,
                                                              pathSep);
   i++;
   const char* var =  i->c_str();
@@ -2990,6 +3023,10 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
     return false;
     }
 
+#if defined(WIN32) && defined(CMAKE_ENCODING_UTF8)
+  url = fix_file_url_windows(url);
+#endif
+
   ::CURL *curl;
   ::curl_global_init(CURL_GLOBAL_DEFAULT);
   curl = ::curl_easy_init();
@@ -3241,7 +3278,7 @@ cmFileCommand::HandleUploadCommand(std::vector<std::string> const& args)
 
   // Open file for reading:
   //
-  FILE *fin = cmsys::SystemTools::Fopen(filename.c_str(), "rb");
+  FILE *fin = cmsys::SystemTools::Fopen(filename, "rb");
   if(!fin)
     {
     std::string errStr = "UPLOAD cannot open file '";
@@ -3250,7 +3287,11 @@ cmFileCommand::HandleUploadCommand(std::vector<std::string> const& args)
     return false;
     }
 
-  unsigned long file_size = cmsys::SystemTools::FileLength(filename.c_str());
+  unsigned long file_size = cmsys::SystemTools::FileLength(filename);
+
+#if defined(WIN32) && defined(CMAKE_ENCODING_UTF8)
+  url = fix_file_url_windows(url);
+#endif
 
   ::CURL *curl;
   ::curl_global_init(CURL_GLOBAL_DEFAULT);
@@ -3466,6 +3507,204 @@ bool cmFileCommand::HandleGenerateCommand(
 }
 
 //----------------------------------------------------------------------------
+bool cmFileCommand::HandleLockCommand(
+  std::vector<std::string> const& args)
+{
+#if defined(CMAKE_BUILD_WITH_CMAKE)
+  // Default values
+  bool directory = false;
+  bool release = false;
+  enum Guard {
+    GUARD_FUNCTION,
+    GUARD_FILE,
+    GUARD_PROCESS
+  };
+  Guard guard = GUARD_PROCESS;
+  std::string resultVariable;
+  unsigned timeout = static_cast<unsigned>(-1);
+
+  // Parse arguments
+  if(args.size() < 2)
+    {
+    this->Makefile->IssueMessage(
+        cmake::FATAL_ERROR,
+        "sub-command LOCK requires at least two arguments.");
+    return false;
+    }
+
+  std::string path = args[1];
+  for (unsigned i = 2; i < args.size(); ++i)
+    {
+    if (args[i] == "DIRECTORY")
+      {
+      directory = true;
+      }
+    else if (args[i] == "RELEASE")
+      {
+      release = true;
+      }
+    else if (args[i] == "GUARD")
+      {
+      ++i;
+      const char* merr = "expected FUNCTION, FILE or PROCESS after GUARD";
+      if (i >= args.size())
+        {
+        this->Makefile->IssueMessage(cmake::FATAL_ERROR, merr);
+        return false;
+        }
+      else
+        {
+        if (args[i] == "FUNCTION")
+          {
+          guard = GUARD_FUNCTION;
+          }
+        else if (args[i] == "FILE")
+          {
+          guard = GUARD_FILE;
+          }
+        else if (args[i] == "PROCESS")
+          {
+          guard = GUARD_PROCESS;
+          }
+        else
+          {
+          cmOStringStream e;
+          e << merr << ", but got:\n  \"" << args[i] << "\".";
+          this->Makefile->IssueMessage(cmake::FATAL_ERROR, e.str());
+          return false;
+          }
+        }
+      }
+    else if (args[i] == "RESULT_VARIABLE")
+      {
+      ++i;
+      if (i >= args.size())
+        {
+        this->Makefile->IssueMessage(
+            cmake::FATAL_ERROR,
+            "expected variable name after RESULT_VARIABLE");
+        return false;
+        }
+      resultVariable = args[i];
+      }
+    else if (args[i] == "TIMEOUT")
+      {
+      ++i;
+      if (i >= args.size())
+        {
+        this->Makefile->IssueMessage(
+            cmake::FATAL_ERROR,
+            "expected timeout value after TIMEOUT");
+        return false;
+        }
+      int scanned;
+      if(!cmSystemTools::StringToInt(args[i].c_str(), &scanned) || scanned < 0)
+        {
+        cmOStringStream e;
+        e << "TIMEOUT value \"" << args[i] << "\" is not an unsigned integer.";
+        this->Makefile->IssueMessage(cmake::FATAL_ERROR, e.str());
+        return false;
+        }
+      timeout = static_cast<unsigned>(scanned);
+      }
+    else
+      {
+      cmOStringStream e;
+      e << "expected DIRECTORY, RELEASE, GUARD, RESULT_VARIABLE or TIMEOUT\n";
+      e << "but got: \"" << args[i] << "\".";
+      this->Makefile->IssueMessage(cmake::FATAL_ERROR, e.str());
+      return false;
+      }
+    }
+
+  if (directory)
+    {
+    path += "/cmake.lock";
+    }
+
+  if (!cmsys::SystemTools::FileIsFullPath(path))
+    {
+    path = this->Makefile->GetCurrentDirectory() + ("/" + path);
+    }
+
+  // Unify path (remove '//', '/../', ...)
+  path = cmSystemTools::CollapseFullPath(path);
+
+  // Create file and directories if needed
+  std::string parentDir = cmSystemTools::GetParentDirectory(path);
+  if (!cmSystemTools::MakeDirectory(parentDir))
+    {
+    cmOStringStream e;
+    e << "directory\n  \"" << parentDir << "\"\ncreation failed ";
+    e << "(check permissions).";
+    this->Makefile->IssueMessage(cmake::FATAL_ERROR, e.str());
+    cmSystemTools::SetFatalErrorOccured();
+    return false;
+    }
+  FILE *file = cmsys::SystemTools::Fopen(path, "w");
+  if (!file)
+    {
+    cmOStringStream e;
+    e << "file\n  \"" << path << "\"\ncreation failed (check permissions).";
+    this->Makefile->IssueMessage(cmake::FATAL_ERROR, e.str());
+    cmSystemTools::SetFatalErrorOccured();
+    return false;
+    }
+  fclose(file);
+
+  // Actual lock/unlock
+  cmFileLockPool& lockPool = this->Makefile->GetLocalGenerator()->
+      GetGlobalGenerator()->GetFileLockPool();
+
+  cmFileLockResult fileLockResult(cmFileLockResult::MakeOk());
+  if (release)
+    {
+    fileLockResult = lockPool.Release(path);
+    }
+  else
+    {
+    switch (guard)
+      {
+      case GUARD_FUNCTION:
+        fileLockResult = lockPool.LockFunctionScope(path, timeout);
+        break;
+      case GUARD_FILE:
+        fileLockResult = lockPool.LockFileScope(path, timeout);
+        break;
+      case GUARD_PROCESS:
+        fileLockResult = lockPool.LockProcessScope(path, timeout);
+        break;
+      default:
+        cmSystemTools::SetFatalErrorOccured();
+        return false;
+      }
+    }
+
+  const std::string result = fileLockResult.GetOutputMessage();
+
+  if (resultVariable.empty() && !fileLockResult.IsOk())
+    {
+    cmOStringStream e;
+    e << "error locking file\n  \"" << path << "\"\n" << result << ".";
+    this->Makefile->IssueMessage(cmake::FATAL_ERROR, e.str());
+    cmSystemTools::SetFatalErrorOccured();
+    return false;
+    }
+
+  if (!resultVariable.empty())
+    {
+    this->Makefile->AddDefinition(resultVariable, result.c_str());
+    }
+
+  return true;
+#else
+  static_cast<void>(args);
+  this->SetError("sub-command LOCK not implemented in bootstrap cmake");
+  return false;
+#endif
+}
+
+//----------------------------------------------------------------------------
 bool cmFileCommand::HandleTimestampCommand(
   std::vector<std::string> const& args)
 {
diff --git a/Source/cmFileCommand.h b/Source/cmFileCommand.h
index 8d66fdf..a4d341f 100644
--- a/Source/cmFileCommand.h
+++ b/Source/cmFileCommand.h
@@ -75,6 +75,7 @@ protected:
 
   bool HandleTimestampCommand(std::vector<std::string> const& args);
   bool HandleGenerateCommand(std::vector<std::string> const& args);
+  bool HandleLockCommand(std::vector<std::string> const& args);
 
 private:
   void AddEvaluationFile(const std::string &inputName,
diff --git a/Source/cmFileLock.cxx b/Source/cmFileLock.cxx
new file mode 100644
index 0000000..5f75637
--- /dev/null
+++ b/Source/cmFileLock.cxx
@@ -0,0 +1,78 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2014 Ruslan Baratov
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#include "cmFileLock.h"
+
+#include <assert.h>
+#include "cmFileLockResult.h"
+
+// Common implementation
+
+cmFileLock::~cmFileLock()
+{
+  if (!this->Filename.empty())
+    {
+    const cmFileLockResult result = this->Release();
+    static_cast<void>(result);
+    assert(result.IsOk());
+    }
+}
+
+cmFileLockResult cmFileLock::Lock(
+    const std::string& filename, unsigned timeout)
+{
+  if (filename.empty())
+    {
+    // Error is internal since all the directories and file must be created
+    // before actual lock called.
+    return cmFileLockResult::MakeInternal();
+    }
+
+  if (!this->Filename.empty())
+    {
+    // Error is internal since double-lock must be checked in class
+    // cmFileLockPool by the cmFileLock::IsLocked method.
+    return cmFileLockResult::MakeInternal();
+    }
+
+  this->Filename = filename;
+  cmFileLockResult result = this->OpenFile();
+  if (result.IsOk())
+    {
+    if (timeout == static_cast<unsigned>(-1))
+      {
+      result = this->LockWithoutTimeout();
+      }
+    else
+      {
+      result = this->LockWithTimeout(timeout);
+      }
+    }
+
+  if (!result.IsOk())
+    {
+    this->Filename = "";
+    }
+
+  return result;
+}
+
+bool cmFileLock::IsLocked(const std::string& filename) const
+{
+  return filename == this->Filename;
+}
+
+#if defined(_WIN32)
+# include "cmFileLockWin32.cxx"
+#else
+# include "cmFileLockUnix.cxx"
+#endif
diff --git a/Source/cmFileLock.h b/Source/cmFileLock.h
new file mode 100644
index 0000000..4d922a0
--- /dev/null
+++ b/Source/cmFileLock.h
@@ -0,0 +1,74 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2014 Ruslan Baratov
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#ifndef cmFileLock_h
+#define cmFileLock_h
+
+#include "cmStandardIncludes.h"
+
+#if defined(_WIN32)
+# include <windows.h> // HANDLE
+#endif
+
+class cmFileLockResult;
+
+/**
+  * @brief Cross-platform file locking.
+  * @details Under the hood this class use 'fcntl' for Unix-like platforms and
+  * 'LockFileEx'/'UnlockFileEx' for Win32 platform. Locks are exclusive and
+  * advisory.
+  */
+class cmFileLock
+{
+ public:
+  cmFileLock();
+  ~cmFileLock();
+
+  /**
+    * @brief Lock the file.
+    * @param timeoutSec Lock timeout. If -1 try until success or fatal error.
+    */
+  cmFileLockResult Lock(const std::string& filename, unsigned timeoutSec);
+
+  /**
+    * @brief Unlock the file.
+    */
+  cmFileLockResult Release();
+
+  /**
+    * @brief Check file is locked by this class.
+    * @details This function helps to find double locks (deadlocks) and to do
+    * explicit unlocks.
+    */
+  bool IsLocked(const std::string& filename) const;
+
+ private:
+  cmFileLock(const cmFileLock&);
+  cmFileLock& operator=(const cmFileLock&);
+
+  cmFileLockResult OpenFile();
+  cmFileLockResult LockWithoutTimeout();
+  cmFileLockResult LockWithTimeout(unsigned timeoutSec);
+
+#if defined(_WIN32)
+  typedef HANDLE FileId;
+  BOOL LockFile(DWORD flags);
+#else
+  typedef int FileId;
+  int LockFile(int cmd, int type);
+#endif
+
+  FileId File;
+  std::string Filename;
+};
+
+#endif // cmFileLock_h
diff --git a/Source/cmFileLockPool.cxx b/Source/cmFileLockPool.cxx
new file mode 100644
index 0000000..e84e71a
--- /dev/null
+++ b/Source/cmFileLockPool.cxx
@@ -0,0 +1,198 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2014 Ruslan Baratov
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#include "cmFileLockPool.h"
+
+#include <assert.h>
+
+#include "cmFileLock.h"
+#include "cmFileLockResult.h"
+
+cmFileLockPool::cmFileLockPool()
+{
+}
+
+cmFileLockPool::~cmFileLockPool()
+{
+  for (It i = this->FunctionScopes.begin();
+      i != this->FunctionScopes.end(); ++i)
+    {
+    delete *i;
+    }
+
+  for (It i = this->FileScopes.begin(); i != this->FileScopes.end(); ++i)
+    {
+    delete *i;
+    }
+}
+
+void cmFileLockPool::PushFunctionScope()
+{
+  this->FunctionScopes.push_back(new ScopePool());
+}
+
+void cmFileLockPool::PopFunctionScope()
+{
+  assert(!this->FunctionScopes.empty());
+  delete this->FunctionScopes.back();
+  this->FunctionScopes.pop_back();
+}
+
+void cmFileLockPool::PushFileScope()
+{
+  this->FileScopes.push_back(new ScopePool());
+}
+
+void cmFileLockPool::PopFileScope()
+{
+  assert(!this->FileScopes.empty());
+  delete this->FileScopes.back();
+  this->FileScopes.pop_back();
+}
+
+cmFileLockResult cmFileLockPool::LockFunctionScope(
+    const std::string& filename, unsigned timeoutSec)
+{
+  if (this->IsAlreadyLocked(filename))
+    {
+    return cmFileLockResult::MakeAlreadyLocked();
+    }
+  if (this->FunctionScopes.empty())
+    {
+    return cmFileLockResult::MakeNoFunction();
+    }
+  return this->FunctionScopes.back()->Lock(filename, timeoutSec);
+}
+
+cmFileLockResult cmFileLockPool::LockFileScope(
+    const std::string& filename, unsigned timeoutSec)
+{
+  if (this->IsAlreadyLocked(filename))
+    {
+    return cmFileLockResult::MakeAlreadyLocked();
+    }
+  assert(!this->FileScopes.empty());
+  return this->FileScopes.back()->Lock(filename, timeoutSec);
+}
+
+cmFileLockResult cmFileLockPool::LockProcessScope(
+    const std::string& filename, unsigned timeoutSec)
+{
+  if (this->IsAlreadyLocked(filename))
+    {
+    return cmFileLockResult::MakeAlreadyLocked();
+    }
+  return this->ProcessScope.Lock(filename, timeoutSec);
+}
+
+cmFileLockResult cmFileLockPool::Release(const std::string& filename)
+{
+  for (It i = this->FunctionScopes.begin();
+      i != this->FunctionScopes.end(); ++i)
+    {
+    const cmFileLockResult result = (*i)->Release(filename);
+    if (!result.IsOk())
+      {
+      return result;
+      }
+    }
+
+  for (It i = this->FileScopes.begin(); i != this->FileScopes.end(); ++i)
+    {
+    const cmFileLockResult result = (*i)->Release(filename);
+    if (!result.IsOk())
+      {
+      return result;
+      }
+    }
+
+  return this->ProcessScope.Release(filename);
+}
+
+bool cmFileLockPool::IsAlreadyLocked(const std::string& filename) const
+{
+  for (CIt i = this->FunctionScopes.begin();
+      i != this->FunctionScopes.end(); ++i)
+    {
+    const bool result = (*i)->IsAlreadyLocked(filename);
+    if (result)
+      {
+      return true;
+      }
+    }
+
+  for (CIt i = this->FileScopes.begin(); i != this->FileScopes.end(); ++i)
+    {
+    const bool result = (*i)->IsAlreadyLocked(filename);
+    if (result)
+      {
+      return true;
+      }
+    }
+
+  return this->ProcessScope.IsAlreadyLocked(filename);
+}
+
+cmFileLockPool::ScopePool::ScopePool()
+{
+}
+
+cmFileLockPool::ScopePool::~ScopePool()
+{
+  for (It i = this->Locks.begin(); i != this->Locks.end(); ++i)
+    {
+    delete *i;
+    }
+}
+
+cmFileLockResult cmFileLockPool::ScopePool::Lock(
+    const std::string& filename, unsigned timeoutSec)
+{
+  cmFileLock *lock = new cmFileLock();
+  const cmFileLockResult result = lock->Lock(filename, timeoutSec);
+  if (result.IsOk())
+    {
+    this->Locks.push_back(lock);
+    return cmFileLockResult::MakeOk();
+    }
+  else
+    {
+    delete lock;
+    return result;
+    }
+}
+
+cmFileLockResult cmFileLockPool::ScopePool::Release(
+    const std::string& filename)
+{
+  for (It i = this->Locks.begin(); i != this->Locks.end(); ++i)
+    {
+    if ((*i)->IsLocked(filename))
+      {
+      return (*i)->Release();
+      }
+    }
+  return cmFileLockResult::MakeOk();
+}
+
+bool cmFileLockPool::ScopePool::IsAlreadyLocked(
+    const std::string& filename) const
+{
+  for (CIt i = this->Locks.begin(); i != this->Locks.end(); ++i)
+    {
+    if ((*i)->IsLocked(filename))
+      {
+      return true;
+      }
+    }
+  return false;
+}
diff --git a/Source/cmFileLockPool.h b/Source/cmFileLockPool.h
new file mode 100644
index 0000000..a63540c
--- /dev/null
+++ b/Source/cmFileLockPool.h
@@ -0,0 +1,100 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2014 Ruslan Baratov
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+#ifndef cmFileLockPool_h
+#define cmFileLockPool_h
+
+#include "cmStandardIncludes.h"
+
+class cmFileLockResult;
+class cmFileLock;
+
+class cmFileLockPool
+{
+ public:
+  cmFileLockPool();
+  ~cmFileLockPool();
+
+  //@{
+  /**
+    * @brief Function scope control.
+    */
+  void PushFunctionScope();
+  void PopFunctionScope();
+  //@}
+
+  //@{
+  /**
+    * @brief File scope control.
+    */
+  void PushFileScope();
+  void PopFileScope();
+  //@}
+
+  //@{
+  /**
+    * @brief Lock the file in given scope.
+    * @param timeoutSec Lock timeout. If -1 try until success or fatal error.
+    */
+  cmFileLockResult LockFunctionScope(
+      const std::string& filename, unsigned timeoutSec
+  );
+  cmFileLockResult LockFileScope(
+      const std::string& filename, unsigned timeoutSec
+  );
+  cmFileLockResult LockProcessScope(
+      const std::string& filename, unsigned timeoutSec
+  );
+  //@}
+
+  /**
+    * @brief Unlock the file explicitly.
+    */
+  cmFileLockResult Release(const std::string& filename);
+
+ private:
+  cmFileLockPool(const cmFileLockPool&);
+  cmFileLockPool& operator=(const cmFileLockPool&);
+
+  bool IsAlreadyLocked(const std::string& filename) const;
+
+  class ScopePool
+  {
+   public:
+    ScopePool();
+    ~ScopePool();
+
+    cmFileLockResult Lock(const std::string& filename, unsigned timeoutSec);
+    cmFileLockResult Release(const std::string& filename);
+    bool IsAlreadyLocked(const std::string& filename) const;
+
+   private:
+    ScopePool(const ScopePool&);
+    ScopePool& operator=(const ScopePool&);
+
+    typedef std::list<cmFileLock*> List;
+    typedef List::iterator It;
+    typedef List::const_iterator CIt;
+
+    List Locks;
+  };
+
+  typedef std::list<ScopePool*> List;
+
+  typedef List::iterator It;
+  typedef List::const_iterator CIt;
+
+  List FunctionScopes;
+  List FileScopes;
+  ScopePool ProcessScope;
+};
+
+#endif // cmFileLockPool_h
diff --git a/Source/cmFileLockResult.cxx b/Source/cmFileLockResult.cxx
new file mode 100644
index 0000000..045e7ee
--- /dev/null
+++ b/Source/cmFileLockResult.cxx
@@ -0,0 +1,111 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2014 Ruslan Baratov
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#include "cmFileLockResult.h"
+
+#include <errno.h>
+
+cmFileLockResult cmFileLockResult::MakeOk()
+{
+  return cmFileLockResult(OK, 0);
+}
+
+cmFileLockResult cmFileLockResult::MakeSystem()
+{
+#if defined(_WIN32)
+  const Error lastError = GetLastError();
+#else
+  const Error lastError = errno;
+#endif
+  return cmFileLockResult(SYSTEM, lastError);
+}
+
+cmFileLockResult cmFileLockResult::MakeTimeout()
+{
+  return cmFileLockResult(TIMEOUT, 0);
+}
+
+cmFileLockResult cmFileLockResult::MakeAlreadyLocked()
+{
+  return cmFileLockResult(ALREADY_LOCKED, 0);
+}
+
+cmFileLockResult cmFileLockResult::MakeInternal()
+{
+  return cmFileLockResult(INTERNAL, 0);
+}
+
+cmFileLockResult cmFileLockResult::MakeNoFunction()
+{
+  return cmFileLockResult(NO_FUNCTION, 0);
+}
+
+bool cmFileLockResult::IsOk() const
+{
+  return this->Type == OK;
+}
+
+std::string cmFileLockResult::GetOutputMessage() const
+{
+  switch (this->Type)
+    {
+    case OK:
+      return "0";
+    case SYSTEM:
+#if defined(_WIN32)
+      {
+      char* errorText = NULL;
+
+      // http://stackoverflow.com/a/455533/2288008
+      DWORD flags = FORMAT_MESSAGE_FROM_SYSTEM |
+          FORMAT_MESSAGE_ALLOCATE_BUFFER |
+          FORMAT_MESSAGE_IGNORE_INSERTS;
+      ::FormatMessageA(
+          flags,
+          NULL,
+          this->ErrorValue,
+          MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+          (LPSTR)&errorText,
+          0,
+          NULL
+      );
+
+      if (errorText != NULL)
+        {
+        const std::string message = errorText;
+        ::LocalFree(errorText);
+        return message;
+        }
+      else
+        {
+        return "Internal error (FormatMessageA failed)";
+        }
+      }
+#else
+      return strerror(this->ErrorValue);
+#endif
+    case TIMEOUT:
+      return "Timeout reached";
+    case ALREADY_LOCKED:
+      return "File already locked";
+    case NO_FUNCTION:
+      return "'GUARD FUNCTION' not used in function definition";
+    case INTERNAL:
+    default:
+      return "Internal error";
+    }
+}
+
+cmFileLockResult::cmFileLockResult(ErrorType typeValue, Error errorValue):
+    Type(typeValue), ErrorValue(errorValue)
+{
+}
diff --git a/Source/cmFileLockResult.h b/Source/cmFileLockResult.h
new file mode 100644
index 0000000..531fb49
--- /dev/null
+++ b/Source/cmFileLockResult.h
@@ -0,0 +1,85 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2014 Ruslan Baratov
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#ifndef cmFileLockResult_h
+#define cmFileLockResult_h
+
+#include "cmStandardIncludes.h"
+
+#if defined(_WIN32)
+# include <windows.h> // DWORD
+#endif
+
+/**
+  * @brief Result of the locking/unlocking file.
+  * @note See @c cmFileLock
+  */
+class cmFileLockResult
+{
+ public:
+#if defined(_WIN32)
+  typedef DWORD Error;
+#else
+  typedef int Error;
+#endif
+
+  /**
+    * @brief Successful lock/unlock.
+    */
+  static cmFileLockResult MakeOk();
+
+  /**
+    * @brief Lock/Unlock failed. Read error/GetLastError.
+    */
+  static cmFileLockResult MakeSystem();
+
+  /**
+    * @brief Lock/Unlock failed. Timeout reached.
+    */
+  static cmFileLockResult MakeTimeout();
+
+  /**
+    * @brief File already locked.
+    */
+  static cmFileLockResult MakeAlreadyLocked();
+
+  /**
+    * @brief Internal error.
+    */
+  static cmFileLockResult MakeInternal();
+
+  /**
+    * @brief Try to lock with function guard outside of the function
+    */
+  static cmFileLockResult MakeNoFunction();
+
+  bool IsOk() const;
+  std::string GetOutputMessage() const;
+
+ private:
+  enum ErrorType
+  {
+    OK,
+    SYSTEM,
+    TIMEOUT,
+    ALREADY_LOCKED,
+    INTERNAL,
+    NO_FUNCTION
+  };
+
+  cmFileLockResult(ErrorType type, Error errorValue);
+
+  ErrorType Type;
+  Error ErrorValue;
+};
+
+#endif // cmFileLockResult_h
diff --git a/Source/cmFileLockUnix.cxx b/Source/cmFileLockUnix.cxx
new file mode 100644
index 0000000..038011e
--- /dev/null
+++ b/Source/cmFileLockUnix.cxx
@@ -0,0 +1,102 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2014 Ruslan Baratov
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#include "cmFileLock.h"
+
+#include <errno.h> // errno
+#include <stdio.h> // SEEK_SET
+#include <fcntl.h>
+#include "cmSystemTools.h"
+
+cmFileLock::cmFileLock(): File(-1)
+{
+}
+
+cmFileLockResult cmFileLock::Release()
+{
+  if (this->Filename.empty())
+    {
+    return cmFileLockResult::MakeOk();
+    }
+  const int lockResult = this->LockFile(F_SETLK, F_UNLCK);
+
+  this->Filename = "";
+
+  if (lockResult == 0)
+    {
+    return cmFileLockResult::MakeOk();
+    }
+  else
+    {
+    return cmFileLockResult::MakeSystem();
+    }
+}
+
+cmFileLockResult cmFileLock::OpenFile()
+{
+  this->File = ::open(this->Filename.c_str(), O_RDWR);
+  if (this->File == -1)
+    {
+    return cmFileLockResult::MakeSystem();
+    }
+  else
+    {
+    return cmFileLockResult::MakeOk();
+    }
+}
+
+cmFileLockResult cmFileLock::LockWithoutTimeout()
+{
+  if (this->LockFile(F_SETLKW, F_WRLCK) == -1)
+    {
+    return cmFileLockResult::MakeSystem();
+    }
+  else
+    {
+    return cmFileLockResult::MakeOk();
+    }
+}
+
+cmFileLockResult cmFileLock::LockWithTimeout(unsigned seconds)
+{
+  while (true)
+    {
+    if (this->LockFile(F_SETLK, F_WRLCK) == -1)
+      {
+      if (errno != EACCES && errno != EAGAIN)
+        {
+        return cmFileLockResult::MakeSystem();
+        }
+      }
+    else
+      {
+      return cmFileLockResult::MakeOk();
+      }
+    if (seconds == 0)
+      {
+      return cmFileLockResult::MakeTimeout();
+      }
+    --seconds;
+    cmSystemTools::Delay(1000);
+    }
+}
+
+int cmFileLock::LockFile(int cmd, int type)
+{
+  struct ::flock lock;
+  lock.l_start = 0;
+  lock.l_len = 0; // lock all bytes
+  lock.l_pid = 0; // unused (for F_GETLK only)
+  lock.l_type = static_cast<short>(type); // exclusive lock
+  lock.l_whence = SEEK_SET;
+  return ::fcntl(this->File, cmd, &lock);
+}
diff --git a/Source/cmFileLockWin32.cxx b/Source/cmFileLockWin32.cxx
new file mode 100644
index 0000000..17231ea
--- /dev/null
+++ b/Source/cmFileLockWin32.cxx
@@ -0,0 +1,126 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2014 Ruslan Baratov
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#include "cmFileLock.h"
+
+#include <windows.h> // CreateFileW
+#include "cmSystemTools.h"
+
+cmFileLock::cmFileLock(): File(INVALID_HANDLE_VALUE)
+{
+}
+
+cmFileLockResult cmFileLock::Release()
+{
+  if (this->Filename.empty())
+    {
+    return cmFileLockResult::MakeOk();
+    }
+  const unsigned long len = static_cast<unsigned long>(-1);
+  static OVERLAPPED overlapped;
+  const DWORD reserved = 0;
+  const BOOL unlockResult = UnlockFileEx(
+      File,
+      reserved,
+      len,
+      len,
+      &overlapped
+  );
+
+  this->Filename = "";
+
+  if (unlockResult)
+    {
+    return cmFileLockResult::MakeOk();
+    }
+  else
+    {
+    return cmFileLockResult::MakeSystem();
+    }
+}
+
+cmFileLockResult cmFileLock::OpenFile()
+{
+  const DWORD access = GENERIC_READ | GENERIC_WRITE;
+  const DWORD shareMode = FILE_SHARE_READ | FILE_SHARE_WRITE;
+  const PSECURITY_ATTRIBUTES security = NULL;
+  const DWORD attr = 0;
+  const HANDLE templ = NULL;
+  this->File = CreateFileW(
+      cmSystemTools::ConvertToWindowsExtendedPath(this->Filename).c_str(),
+      access,
+      shareMode,
+      security,
+      OPEN_EXISTING,
+      attr,
+      templ
+  );
+  if (this->File == INVALID_HANDLE_VALUE)
+    {
+    return cmFileLockResult::MakeSystem();
+    }
+  else
+    {
+    return cmFileLockResult::MakeOk();
+    }
+}
+
+cmFileLockResult cmFileLock::LockWithoutTimeout()
+{
+  if (!this->LockFile(LOCKFILE_EXCLUSIVE_LOCK))
+    {
+    return cmFileLockResult::MakeSystem();
+    }
+  else
+    {
+    return cmFileLockResult::MakeOk();
+    }
+}
+
+cmFileLockResult cmFileLock::LockWithTimeout(unsigned seconds)
+{
+  const DWORD flags = LOCKFILE_EXCLUSIVE_LOCK | LOCKFILE_FAIL_IMMEDIATELY;
+  while (true)
+    {
+    const BOOL result = this->LockFile(flags);
+    if (result)
+      {
+      return cmFileLockResult::MakeOk();
+      }
+    const DWORD error = GetLastError();
+    if (error != ERROR_LOCK_VIOLATION)
+      {
+      return cmFileLockResult::MakeSystem();
+      }
+    if (seconds == 0)
+      {
+      return cmFileLockResult::MakeTimeout();
+      }
+    --seconds;
+    cmSystemTools::Delay(1000);
+    }
+}
+
+BOOL cmFileLock::LockFile(DWORD flags)
+{
+  const DWORD reserved = 0;
+  const unsigned long len = static_cast<unsigned long>(-1);
+  static OVERLAPPED overlapped;
+  return LockFileEx(
+      this->File,
+      flags,
+      reserved,
+      len,
+      len,
+      &overlapped
+  );
+}
diff --git a/Source/cmFindBase.cxx b/Source/cmFindBase.cxx
index e4e819a..beb6dde 100644
--- a/Source/cmFindBase.cxx
+++ b/Source/cmFindBase.cxx
@@ -140,11 +140,11 @@ bool cmFindBase::ParseArguments(std::vector<std::string> const& argsIn)
       }
     else if(doing == DoingPaths)
       {
-      this->AddUserPath(args[j], this->UserPaths);
+      this->UserGuessArgs.push_back(args[j]);
       }
     else if(doing == DoingHints)
       {
-      this->AddUserPath(args[j], this->UserHints);
+      this->UserHintsArgs.push_back(args[j]);
       }
     else if(doing == DoingPathSuffixes)
       {
@@ -186,16 +186,11 @@ bool cmFindBase::ParseArguments(std::vector<std::string> const& argsIn)
     this->Names.push_back(shortArgs[0]);
     for(unsigned int j = 1; j < shortArgs.size(); ++j)
       {
-      this->AddUserPath(shortArgs[j], this->UserPaths);
+      this->UserGuessArgs.push_back(shortArgs[j]);
       }
     }
   this->ExpandPaths();
 
-  // Filter out ignored paths from the prefix list
-  std::set<std::string> ignored;
-  this->GetIgnoredPaths(ignored);
-  this->FilterPaths(this->SearchPaths, ignored);
-
   this->ComputeFinalPaths();
 
   return true;
@@ -203,226 +198,142 @@ bool cmFindBase::ParseArguments(std::vector<std::string> const& argsIn)
 
 void cmFindBase::ExpandPaths()
 {
-  this->AddCMakeVariablePath();
-  this->AddCMakeEnvironmentPath();
-  this->AddUserHintsPath();
-  this->AddSystemEnvironmentPath();
-  this->AddCMakeSystemVariablePath();
-  this->AddUserGuessPath();
-
-  // Add suffixes and clean up paths.
-  this->AddPathSuffixes();
-}
-
-//----------------------------------------------------------------------------
-void cmFindBase::AddPrefixPaths(std::vector<std::string> const& in_paths,
-                                PathType pathType)
-{
-  // default for programs
-  std::string subdir = "bin";
-
-  if (this->CMakePathName == "INCLUDE")
-    {
-    subdir = "include";
-    }
-  else if (this->CMakePathName == "LIBRARY")
+  if(!this->NoDefaultPath)
     {
-    subdir = "lib";
-    }
-  else if (this->CMakePathName == "FRAMEWORK")
-    {
-    subdir = "";  // ? what to do for frameworks ?
-    }
-
-  for(std::vector<std::string>::const_iterator it = in_paths.begin();
-      it != in_paths.end(); ++it)
-    {
-    std::string dir = *it;
-    if(!subdir.empty() && !dir.empty() && dir[dir.size()-1] != '/')
-      {
-      dir += "/";
-      }
-    if(subdir == "include" || subdir == "lib")
+    if(!this->NoCMakePath)
       {
-      const char* arch =
-        this->Makefile->GetDefinition("CMAKE_LIBRARY_ARCHITECTURE");
-      if(arch && *arch)
-        {
-        this->AddPathInternal(dir+subdir+"/"+arch, pathType);
-        }
+      this->FillCMakeVariablePath();
       }
-    std::string add = dir + subdir;
-    if(add != "/")
+    if(!this->NoCMakeEnvironmentPath)
       {
-      this->AddPathInternal(add, pathType);
+      this->FillCMakeEnvironmentPath();
       }
-    if (subdir == "bin")
+    if(!this->NoSystemEnvironmentPath)
       {
-      this->AddPathInternal(dir+"sbin", pathType);
+      this->FillSystemEnvironmentPath();
       }
-    if(!subdir.empty() && *it != "/")
+    if(!this->NoCMakeSystemPath)
       {
-      this->AddPathInternal(*it, pathType);
+      this->FillCMakeSystemVariablePath();
       }
     }
-}
 
-//----------------------------------------------------------------------------
-void cmFindBase::AddCMakePrefixPath(const std::string& variable)
-{
-  // Get a path from a CMake variable.
-  if(const char* varPath = this->Makefile->GetDefinition(variable))
-    {
-    std::vector<std::string> tmp;
-    cmSystemTools::ExpandListArgument(varPath, tmp);
-    this->AddPrefixPaths(tmp, CMakePath);
-    }
+  this->FillUserHintsPath();
+  this->FillUserGuessPath();
 }
 
 //----------------------------------------------------------------------------
-void cmFindBase::AddEnvPrefixPath(const std::string& variable)
+void cmFindBase::FillCMakeEnvironmentPath()
 {
-  // Get a path from the environment.
-  std::vector<std::string> tmp;
-  cmSystemTools::GetPath(tmp, variable.c_str());
-  this->AddPrefixPaths(tmp, EnvPath);
-}
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::CMakeEnvironment];
 
-//----------------------------------------------------------------------------
-void cmFindBase::AddCMakeEnvironmentPath()
-{
-  if(!this->NoCMakeEnvironmentPath && !this->NoDefaultPath)
-    {
-    // Add CMAKE_*_PATH environment variables
-    std::string var = "CMAKE_";
-    var += this->CMakePathName;
-    var += "_PATH";
-    this->AddEnvPrefixPath("CMAKE_PREFIX_PATH");
-    this->AddEnvPath(var.c_str());
+  // Add CMAKE_*_PATH environment variables
+  std::string var = "CMAKE_";
+  var += this->CMakePathName;
+  var += "_PATH";
+  paths.AddEnvPrefixPath("CMAKE_PREFIX_PATH");
+  paths.AddEnvPath(var);
 
-    if(this->CMakePathName == "PROGRAM")
-      {
-      this->AddEnvPath("CMAKE_APPBUNDLE_PATH");
-      }
-    else
-      {
-      this->AddEnvPath("CMAKE_FRAMEWORK_PATH");
-      }
+  if(this->CMakePathName == "PROGRAM")
+    {
+    paths.AddEnvPath("CMAKE_APPBUNDLE_PATH");
     }
+  else
+    {
+    paths.AddEnvPath("CMAKE_FRAMEWORK_PATH");
+    }
+  paths.AddSuffixes(this->SearchPathSuffixes);
 }
 
 //----------------------------------------------------------------------------
-void cmFindBase::AddCMakeVariablePath()
+void cmFindBase::FillCMakeVariablePath()
 {
-  if(!this->NoCMakePath && !this->NoDefaultPath)
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::CMake];
+
+  // Add CMake varibles of the same name as the previous environment
+  // varibles CMAKE_*_PATH to be used most of the time with -D
+  // command line options
+  std::string var = "CMAKE_";
+  var += this->CMakePathName;
+  var += "_PATH";
+  paths.AddCMakePrefixPath("CMAKE_PREFIX_PATH");
+  paths.AddCMakePath(var);
+
+  if(this->CMakePathName == "PROGRAM")
     {
-    // Add CMake varibles of the same name as the previous environment
-    // varibles CMAKE_*_PATH to be used most of the time with -D
-    // command line options
-    std::string var = "CMAKE_";
-    var += this->CMakePathName;
-    var += "_PATH";
-    this->AddCMakePrefixPath("CMAKE_PREFIX_PATH");
-    this->AddCMakePath(var);
-
-    if(this->CMakePathName == "PROGRAM")
-      {
-      this->AddCMakePath("CMAKE_APPBUNDLE_PATH");
-      }
-    else
-      {
-      this->AddCMakePath("CMAKE_FRAMEWORK_PATH");
-      }
+    paths.AddCMakePath("CMAKE_APPBUNDLE_PATH");
+    }
+  else
+    {
+    paths.AddCMakePath("CMAKE_FRAMEWORK_PATH");
     }
+  paths.AddSuffixes(this->SearchPathSuffixes);
 }
 
 //----------------------------------------------------------------------------
-void cmFindBase::AddSystemEnvironmentPath()
+void cmFindBase::FillSystemEnvironmentPath()
 {
-  if(!this->NoSystemEnvironmentPath && !this->NoDefaultPath)
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::SystemEnvironment];
+
+  // Add LIB or INCLUDE
+  if(!this->EnvironmentPath.empty())
     {
-    // Add LIB or INCLUDE
-    if(!this->EnvironmentPath.empty())
-      {
-      this->AddEnvPath(this->EnvironmentPath.c_str());
-      }
-    // Add PATH
-    this->AddEnvPath(0);
+    paths.AddEnvPath(this->EnvironmentPath);
     }
+  // Add PATH
+  paths.AddEnvPath("PATH");
+  paths.AddSuffixes(this->SearchPathSuffixes);
 }
 
 //----------------------------------------------------------------------------
-void cmFindBase::AddCMakeSystemVariablePath()
+void cmFindBase::FillCMakeSystemVariablePath()
 {
-  if(!this->NoCMakeSystemPath && !this->NoDefaultPath)
-    {
-    std::string var = "CMAKE_SYSTEM_";
-    var += this->CMakePathName;
-    var += "_PATH";
-    this->AddCMakePrefixPath("CMAKE_SYSTEM_PREFIX_PATH");
-    this->AddCMakePath(var);
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::CMakeSystem];
 
-    if(this->CMakePathName == "PROGRAM")
-      {
-      this->AddCMakePath("CMAKE_SYSTEM_APPBUNDLE_PATH");
-      }
-    else
-      {
-      this->AddCMakePath("CMAKE_SYSTEM_FRAMEWORK_PATH");
-      }
+  std::string var = "CMAKE_SYSTEM_";
+  var += this->CMakePathName;
+  var += "_PATH";
+  paths.AddCMakePrefixPath("CMAKE_SYSTEM_PREFIX_PATH");
+  paths.AddCMakePath(var);
+
+  if(this->CMakePathName == "PROGRAM")
+    {
+    paths.AddCMakePath("CMAKE_SYSTEM_APPBUNDLE_PATH");
+    }
+  else
+    {
+    paths.AddCMakePath("CMAKE_SYSTEM_FRAMEWORK_PATH");
     }
+  paths.AddSuffixes(this->SearchPathSuffixes);
 }
 
 //----------------------------------------------------------------------------
-void cmFindBase::AddUserHintsPath()
+void cmFindBase::FillUserHintsPath()
 {
-  this->AddPathsInternal(this->UserHints, CMakePath);
-}
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::Hints];
 
-//----------------------------------------------------------------------------
-void cmFindBase::AddUserGuessPath()
-{
-  this->AddPathsInternal(this->UserPaths, CMakePath);
+  for(std::vector<std::string>::const_iterator p = this->UserHintsArgs.begin();
+      p != this->UserHintsArgs.end(); ++p)
+    {
+    paths.AddUserPath(*p);
+    }
+  paths.AddSuffixes(this->SearchPathSuffixes);
 }
 
 //----------------------------------------------------------------------------
-void cmFindBase::AddPathSuffixes()
+void cmFindBase::FillUserGuessPath()
 {
-  std::vector<std::string>& paths = this->SearchPaths;
-  std::vector<std::string> finalPath = paths;
-  std::vector<std::string>::iterator i;
-  // clear the path
-  paths.clear();
-  // convert all paths to unix slashes and add search path suffixes
-  // if there are any
-  for(i = finalPath.begin();
-      i != finalPath.end(); ++i)
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::Guess];
+
+  for(std::vector<std::string>::const_iterator p = this->UserGuessArgs.begin();
+      p != this->UserGuessArgs.end(); ++p)
     {
-    cmSystemTools::ConvertToUnixSlashes(*i);
-    // copy each finalPath combined with SearchPathSuffixes
-    // to the SearchPaths ivar
-    for(std::vector<std::string>::iterator j =
-          this->SearchPathSuffixes.begin();
-        j != this->SearchPathSuffixes.end(); ++j)
-      {
-      // if *i is only / then do not add a //
-      // this will get incorrectly considered a network
-      // path on windows and cause huge delays.
-      std::string p = *i;
-      if(p.size() && p[p.size()-1] != '/')
-        {
-        p += std::string("/");
-        }
-      p +=  *j;
-      // add to all paths because the search path may be modified
-      // later with lib being replaced for lib64 which may exist
-      paths.push_back(p);
-      }
-    // now put the path without the path suffixes in the SearchPaths
-    paths.push_back(*i);
+    paths.AddUserPath(*p);
     }
+  paths.AddSuffixes(this->SearchPathSuffixes);
 }
 
+//----------------------------------------------------------------------------
 void cmFindBase::PrintFindStuff()
 {
   std::cerr << "SearchFrameworkLast: " << this->SearchFrameworkLast << "\n";
@@ -457,9 +368,10 @@ void cmFindBase::PrintFindStuff()
     }
   std::cerr << "\n";
   std::cerr << "SearchPaths\n";
-  for(unsigned int i =0; i < this->SearchPaths.size(); ++i)
+  for(std::vector<std::string>::const_iterator i = this->SearchPaths.begin();
+      i != this->SearchPaths.end(); ++i)
     {
-    std::cerr << "[" << this->SearchPaths[i] << "]\n";
+    std::cerr << "[" << *i << "]\n";
     }
 }
 
diff --git a/Source/cmFindBase.h b/Source/cmFindBase.h
index 42d9bc1..8ca311d 100644
--- a/Source/cmFindBase.h
+++ b/Source/cmFindBase.h
@@ -34,7 +34,6 @@ public:
 protected:
   void PrintFindStuff();
   void ExpandPaths();
-  void AddPathSuffixes();
 
   // see if the VariableName is already set in the cache,
   // also copy the documentation from the cache to VariableDocumentation
@@ -55,18 +54,12 @@ protected:
   bool AlreadyInCacheWithoutMetaInfo;
 private:
   // Add pieces of the search.
-  void AddCMakeEnvironmentPath();
-  void AddCMakeVariablePath();
-  void AddSystemEnvironmentPath();
-  void AddCMakeSystemVariablePath();
-  void AddUserHintsPath();
-  void AddUserGuessPath();
-
-  // Helpers.
-  void AddCMakePrefixPath(const std::string& variable);
-  void AddEnvPrefixPath(const std::string& variable);
-  void AddPrefixPaths(std::vector<std::string> const& in_paths,
-                      PathType pathType);
+  void FillCMakeVariablePath();
+  void FillCMakeEnvironmentPath();
+  void FillUserHintsPath();
+  void FillSystemEnvironmentPath();
+  void FillCMakeSystemVariablePath();
+  void FillUserGuessPath();
 };
 
 
diff --git a/Source/cmFindCommon.cxx b/Source/cmFindCommon.cxx
index 10241f2..913985f 100644
--- a/Source/cmFindCommon.cxx
+++ b/Source/cmFindCommon.cxx
@@ -10,6 +10,19 @@
   See the License for more information.
 ============================================================================*/
 #include "cmFindCommon.h"
+#include <functional>
+#include <algorithm>
+
+//----------------------------------------------------------------------------
+cmFindCommon::PathGroup cmFindCommon::PathGroup::All("ALL");
+cmFindCommon::PathLabel cmFindCommon::PathLabel::CMake("CMAKE");
+cmFindCommon::PathLabel
+  cmFindCommon::PathLabel::CMakeEnvironment("CMAKE_ENVIRONMENT");
+cmFindCommon::PathLabel cmFindCommon::PathLabel::Hints("HINTS");
+cmFindCommon::PathLabel
+  cmFindCommon::PathLabel::SystemEnvironment("SYSTM_ENVIRONMENT");
+cmFindCommon::PathLabel cmFindCommon::PathLabel::CMakeSystem("CMAKE_SYSTEM");
+cmFindCommon::PathLabel cmFindCommon::PathLabel::Guess("GUESS");
 
 //----------------------------------------------------------------------------
 cmFindCommon::cmFindCommon()
@@ -34,6 +47,8 @@ cmFindCommon::cmFindCommon()
   this->SearchFrameworkLast = false;
   this->SearchAppBundleOnly = false;
   this->SearchAppBundleLast = false;
+
+  this->InitializeSearchPathGroups();
 }
 
 //----------------------------------------------------------------------------
@@ -42,11 +57,42 @@ cmFindCommon::~cmFindCommon()
 }
 
 //----------------------------------------------------------------------------
-void cmFindCommon::SelectDefaultRootPathMode()
+void cmFindCommon::InitializeSearchPathGroups()
 {
-  // Use both by default.
-  this->FindRootPathMode = RootPathModeBoth;
+  std::vector<PathLabel>* labels;
+
+  // Define the varoius different groups of path types
+
+  // All search paths
+  labels = &this->PathGroupLabelMap[PathGroup::All];
+  labels->push_back(PathLabel::CMake);
+  labels->push_back(PathLabel::CMakeEnvironment);
+  labels->push_back(PathLabel::Hints);
+  labels->push_back(PathLabel::SystemEnvironment);
+  labels->push_back(PathLabel::CMakeSystem);
+  labels->push_back(PathLabel::Guess);
+
+  // Define the search group order
+  this->PathGroupOrder.push_back(PathGroup::All);
+
+  // Create the idividual labeld search paths
+  this->LabeledPaths.insert(std::make_pair(PathLabel::CMake,
+    cmSearchPath(this)));
+  this->LabeledPaths.insert(std::make_pair(PathLabel::CMakeEnvironment,
+    cmSearchPath(this)));
+  this->LabeledPaths.insert(std::make_pair(PathLabel::Hints,
+    cmSearchPath(this)));
+  this->LabeledPaths.insert(std::make_pair(PathLabel::SystemEnvironment,
+    cmSearchPath(this)));
+  this->LabeledPaths.insert(std::make_pair(PathLabel::CMakeSystem,
+    cmSearchPath(this)));
+  this->LabeledPaths.insert(std::make_pair(PathLabel::Guess,
+    cmSearchPath(this)));
+}
 
+//----------------------------------------------------------------------------
+void cmFindCommon::SelectDefaultRootPathMode()
+{
   // Check the policy variable for this find command type.
   std::string findRootPathVar = "CMAKE_FIND_ROOT_PATH_MODE_";
   findRootPathVar += this->CMakePathName;
@@ -54,11 +100,11 @@ void cmFindCommon::SelectDefaultRootPathMode()
     this->Makefile->GetSafeDefinition(findRootPathVar);
   if (rootPathMode=="NEVER")
     {
-    this->FindRootPathMode = RootPathModeNoRootPath;
+    this->FindRootPathMode = RootPathModeNever;
     }
   else if (rootPathMode=="ONLY")
     {
-    this->FindRootPathMode = RootPathModeOnlyRootPath;
+    this->FindRootPathMode = RootPathModeOnly;
     }
   else if (rootPathMode=="BOTH")
     {
@@ -132,12 +178,12 @@ void cmFindCommon::RerootPaths(std::vector<std::string>& paths)
     fprintf(stderr, "[%s]\n", i->c_str());
     }
 #endif
-
   // Short-circuit if there is nothing to do.
-  if(this->FindRootPathMode == RootPathModeNoRootPath)
+  if(this->FindRootPathMode == RootPathModeNever)
     {
     return;
     }
+
   const char* sysroot =
     this->Makefile->GetDefinition("CMAKE_SYSROOT");
   const char* rootPath =
@@ -182,9 +228,9 @@ void cmFindCommon::RerootPaths(std::vector<std::string>& paths)
       // already inside.  Skip the unrooted path if it is relative to
       // a user home directory or is empty.
       std::string rootedDir;
-      if(cmSystemTools::IsSubDirectory(ui->c_str(), ri->c_str())
+      if(cmSystemTools::IsSubDirectory(*ui, *ri)
           || (stagePrefix
-            && cmSystemTools::IsSubDirectory(ui->c_str(), stagePrefix)))
+            && cmSystemTools::IsSubDirectory(*ui, stagePrefix)))
         {
         rootedDir = *ui;
         }
@@ -195,7 +241,7 @@ void cmFindCommon::RerootPaths(std::vector<std::string>& paths)
         rootedDir += "/";
 
         // Append the original path with its old root removed.
-        rootedDir += cmSystemTools::SplitPathRootComponent(ui->c_str());
+        rootedDir += cmSystemTools::SplitPathRootComponent(*ui);
         }
 
       // Store the new path.
@@ -212,24 +258,20 @@ void cmFindCommon::RerootPaths(std::vector<std::string>& paths)
 }
 
 //----------------------------------------------------------------------------
-void cmFindCommon::FilterPaths(std::vector<std::string>& paths,
-                               const std::set<std::string>& ignore)
+void cmFindCommon::FilterPaths(const std::vector<std::string>& inPaths,
+                               const std::set<std::string>& ignore,
+                               std::vector<std::string>& outPaths)
 {
-  // Now filter out anything that's in the ignore set.
-  std::vector<std::string> unfiltered;
-  unfiltered.swap(paths);
-
-  for(std::vector<std::string>::iterator pi = unfiltered.begin();
-      pi != unfiltered.end(); ++pi)
+  for(std::vector<std::string>::const_iterator i = inPaths.begin();
+      i != inPaths.end(); ++i)
     {
-    if (ignore.count(*pi) == 0)
+    if(ignore.count(*i) == 0)
       {
-      paths.push_back(*pi);
+      outPaths.push_back(*i);
       }
     }
 }
 
-
 //----------------------------------------------------------------------------
 void cmFindCommon::GetIgnoredPaths(std::vector<std::string>& ignore)
 {
@@ -266,8 +308,6 @@ void cmFindCommon::GetIgnoredPaths(std::set<std::string>& ignore)
   ignore.insert(ignoreVec.begin(), ignoreVec.end());
 }
 
-
-
 //----------------------------------------------------------------------------
 bool cmFindCommon::CheckCommonArgument(std::string const& arg)
 {
@@ -291,13 +331,13 @@ bool cmFindCommon::CheckCommonArgument(std::string const& arg)
     {
     this->NoCMakeSystemPath = true;
     }
-  else if(arg == "NO_CMAKE_FIND_ROOT_PATH")
+    else if(arg == "NO_CMAKE_FIND_ROOT_PATH")
     {
-    this->FindRootPathMode = RootPathModeNoRootPath;
+    this->FindRootPathMode = RootPathModeNever;
     }
   else if(arg == "ONLY_CMAKE_FIND_ROOT_PATH")
     {
-    this->FindRootPathMode = RootPathModeOnlyRootPath;
+    this->FindRootPathMode = RootPathModeOnly;
     }
   else if(arg == "CMAKE_FIND_ROOT_PATH_BOTH")
     {
@@ -345,116 +385,34 @@ void cmFindCommon::AddPathSuffix(std::string const& arg)
 }
 
 //----------------------------------------------------------------------------
-void cmFindCommon::AddUserPath(std::string const& p,
-                               std::vector<std::string>& paths)
-{
-  // We should view the registry as the target application would view
-  // it.
-  cmSystemTools::KeyWOW64 view = cmSystemTools::KeyWOW64_32;
-  cmSystemTools::KeyWOW64 other_view = cmSystemTools::KeyWOW64_64;
-  if(this->Makefile->PlatformIs64Bit())
-    {
-    view = cmSystemTools::KeyWOW64_64;
-    other_view = cmSystemTools::KeyWOW64_32;
-    }
-
-  // Expand using the view of the target application.
-  std::string expanded = p;
-  cmSystemTools::ExpandRegistryValues(expanded, view);
-  cmSystemTools::GlobDirs(expanded, paths);
-
-  // Executables can be either 32-bit or 64-bit, so expand using the
-  // alternative view.
-  if(expanded != p && this->CMakePathName == "PROGRAM")
-    {
-    expanded = p;
-    cmSystemTools::ExpandRegistryValues(expanded, other_view);
-    cmSystemTools::GlobDirs(expanded, paths);
-    }
-}
-
-//----------------------------------------------------------------------------
-void cmFindCommon::AddCMakePath(const std::string& variable)
-{
-  // Get a path from a CMake variable.
-  if(const char* varPath = this->Makefile->GetDefinition(variable))
-    {
-    std::vector<std::string> tmp;
-    cmSystemTools::ExpandListArgument(varPath, tmp);
-
-    // Relative paths are interpreted with respect to the current
-    // source directory.
-    this->AddPathsInternal(tmp, CMakePath);
-    }
-}
-
-//----------------------------------------------------------------------------
-void cmFindCommon::AddEnvPath(const char* variable)
-{
-  // Get a path from the environment.
-  std::vector<std::string> tmp;
-  cmSystemTools::GetPath(tmp, variable);
-  // Relative paths are interpreted with respect to the current
-  // working directory.
-  this->AddPathsInternal(tmp, EnvPath);
-}
-
-//----------------------------------------------------------------------------
-void cmFindCommon::AddPathsInternal(std::vector<std::string> const& in_paths,
-                                    PathType pathType)
+void AddTrailingSlash(std::string& s)
 {
-  for(std::vector<std::string>::const_iterator i = in_paths.begin();
-      i != in_paths.end(); ++i)
+  if(!s.empty() && *s.rbegin() != '/')
     {
-    this->AddPathInternal(*i, pathType);
+    s += '/';
     }
 }
-
-//----------------------------------------------------------------------------
-void cmFindCommon::AddPathInternal(std::string const& in_path,
-                                   PathType pathType)
+void cmFindCommon::ComputeFinalPaths()
 {
-  if(in_path.empty())
-    {
-    return;
-    }
+  // Filter out ignored paths from the prefix list
+  std::set<std::string> ignored;
+  this->GetIgnoredPaths(ignored);
 
-  // Select the base path with which to interpret relative paths.
-  const char* relbase = 0;
-  if(pathType == CMakePath)
+  // Combine the seperate path types, filtering out ignores
+  this->SearchPaths.clear();
+  std::vector<PathLabel>& allLabels = this->PathGroupLabelMap[PathGroup::All];
+  for(std::vector<PathLabel>::const_iterator l = allLabels.begin();
+      l != allLabels.end(); ++l)
     {
-    relbase = this->Makefile->GetCurrentDirectory();
+    this->LabeledPaths[*l].ExtractWithout(ignored, this->SearchPaths);
     }
 
-  // Convert to clean full path.
-  std::string fullPath =
-    cmSystemTools::CollapseFullPath(in_path.c_str(), relbase);
-
-  // Insert the path if has not already been emitted.
-  if(this->SearchPathsEmitted.insert(fullPath).second)
-    {
-    this->SearchPaths.push_back(fullPath);
-    }
-}
-
-//----------------------------------------------------------------------------
-void cmFindCommon::ComputeFinalPaths()
-{
-  std::vector<std::string>& paths = this->SearchPaths;
-
   // Expand list of paths inside all search roots.
-  this->RerootPaths(paths);
+  this->RerootPaths(this->SearchPaths);
 
   // Add a trailing slash to all paths to aid the search process.
-  for(std::vector<std::string>::iterator i = paths.begin();
-      i != paths.end(); ++i)
-    {
-    std::string& p = *i;
-    if(!p.empty() && p[p.size()-1] != '/')
-      {
-      p += "/";
-      }
-    }
+  std::for_each(this->SearchPaths.begin(), this->SearchPaths.end(),
+                &AddTrailingSlash);
 }
 
 //----------------------------------------------------------------------------
diff --git a/Source/cmFindCommon.h b/Source/cmFindCommon.h
index 5a905cd..3fefc8d 100644
--- a/Source/cmFindCommon.h
+++ b/Source/cmFindCommon.h
@@ -13,6 +13,8 @@
 #define cmFindCommon_h
 
 #include "cmCommand.h"
+#include "cmSearchPath.h"
+#include "cmPathLabel.h"
 
 /** \class cmFindCommon
  * \brief Base class for FIND_XXX implementations.
@@ -29,12 +31,39 @@ public:
   cmTypeMacro(cmFindCommon, cmCommand);
 
 protected:
-
-  enum RootPathMode { RootPathModeBoth,
-                      RootPathModeOnlyRootPath,
-                      RootPathModeNoRootPath };
-
-  enum PathType { FullPath, CMakePath, EnvPath };
+  friend class cmSearchPath;
+
+  /** Used to define groups of path labels */
+  class PathGroup : public cmPathLabel
+  {
+  protected:
+    PathGroup();
+  public:
+    PathGroup(const std::string& label) : cmPathLabel(label) { }
+    static PathGroup All;
+  };
+
+  /* Individual path types */
+  class PathLabel : public cmPathLabel
+  {
+  protected:
+    PathLabel();
+  public:
+    PathLabel(const std::string& label) : cmPathLabel(label) { }
+    static PathLabel CMake;
+    static PathLabel CMakeEnvironment;
+    static PathLabel Hints;
+    static PathLabel SystemEnvironment;
+    static PathLabel CMakeSystem;
+    static PathLabel Guess;
+  };
+
+  enum RootPathMode { RootPathModeNever,
+                      RootPathModeOnly,
+                      RootPathModeBoth };
+
+  /** Construct the various path groups and labels */
+  void InitializeSearchPathGroups();
 
   /** Place a set of search paths under the search roots.  */
   void RerootPaths(std::vector<std::string>& paths);
@@ -44,8 +73,9 @@ protected:
   void GetIgnoredPaths(std::set<std::string>& ignore);
 
   /** Remove paths in the ignore set from the supplied vector.  */
-  void FilterPaths(std::vector<std::string>& paths,
-                   const std::set<std::string>& ignore);
+  void FilterPaths(const std::vector<std::string>& inPaths,
+                   const std::set<std::string>& ignore,
+                   std::vector<std::string>& outPaths);
 
   /** Compute final search path list (reroot + trailing slash).  */
   void ComputeFinalPaths();
@@ -56,19 +86,15 @@ protected:
   /** Compute the current default bundle/framework search policy.  */
   void SelectDefaultMacMode();
 
+  // Path arguments prior to path manipulation routines
+  std::vector<std::string> UserHintsArgs;
+  std::vector<std::string> UserGuessArgs;
+
   std::string CMakePathName;
   RootPathMode FindRootPathMode;
 
   bool CheckCommonArgument(std::string const& arg);
   void AddPathSuffix(std::string const& arg);
-  void AddUserPath(std::string const& p,
-                   std::vector<std::string>& paths);
-  void AddCMakePath(const std::string& variable);
-  void AddEnvPath(const char* variable);
-  void AddPathsInternal(std::vector<std::string> const& in_paths,
-                        PathType pathType);
-  void AddPathInternal(std::string const& in_path, PathType pathType);
-
   void SetMakefile(cmMakefile* makefile);
 
   bool NoDefaultPath;
@@ -78,8 +104,12 @@ protected:
   bool NoCMakeSystemPath;
 
   std::vector<std::string> SearchPathSuffixes;
-  std::vector<std::string> UserPaths;
-  std::vector<std::string> UserHints;
+
+  std::map<PathGroup, std::vector<PathLabel> > PathGroupLabelMap;
+  std::vector<PathGroup> PathGroupOrder;
+  std::map<std::string, PathLabel> PathLabelStringMap;
+  std::map<PathLabel, cmSearchPath> LabeledPaths;
+
   std::vector<std::string> SearchPaths;
   std::set<std::string> SearchPathsEmitted;
 
diff --git a/Source/cmFindLibraryCommand.cxx b/Source/cmFindLibraryCommand.cxx
index fe5e45f..78f0e9e 100644
--- a/Source/cmFindLibraryCommand.cxx
+++ b/Source/cmFindLibraryCommand.cxx
@@ -88,7 +88,7 @@ void cmFindLibraryCommand::AddArchitecturePaths(const char* suffix)
 {
   std::vector<std::string> original;
   original.swap(this->SearchPaths);
-  for(std::vector<std::string>::iterator i = original.begin();
+  for(std::vector<std::string>::const_iterator i = original.begin();
       i != original.end(); ++i)
     {
     this->AddArchitecturePath(*i, 0, suffix);
@@ -107,7 +107,7 @@ void cmFindLibraryCommand::AddArchitecturePath(
 
     // Follow "lib<suffix>".
     std::string next_dir = cur_dir + suffix;
-    if(cmSystemTools::FileIsDirectory(next_dir.c_str()))
+    if(cmSystemTools::FileIsDirectory(next_dir))
       {
       next_dir += dir.substr(pos+3);
       std::string::size_type next_pos = pos+3+strlen(suffix)+1;
@@ -115,7 +115,7 @@ void cmFindLibraryCommand::AddArchitecturePath(
       }
 
     // Follow "lib".
-    if(cmSystemTools::FileIsDirectory(cur_dir.c_str()))
+    if(cmSystemTools::FileIsDirectory(cur_dir))
       {
       this->AddArchitecturePath(dir, pos+3+1, suffix, false);
       }
@@ -124,13 +124,13 @@ void cmFindLibraryCommand::AddArchitecturePath(
     {
     // Check for <dir><suffix>/.
     std::string cur_dir  = dir + suffix + "/";
-    if(cmSystemTools::FileIsDirectory(cur_dir.c_str()))
+    if(cmSystemTools::FileIsDirectory(cur_dir))
       {
       this->SearchPaths.push_back(cur_dir);
       }
 
     // Now add the original unchanged path
-    if(cmSystemTools::FileIsDirectory(dir.c_str()))
+    if(cmSystemTools::FileIsDirectory(dir))
       {
       this->SearchPaths.push_back(dir);
       }
@@ -353,7 +353,7 @@ bool cmFindLibraryHelper::CheckDirectoryForName(std::string const& path,
     if(cmSystemTools::FileExists(this->TestPath.c_str(), true))
       {
       this->BestPath =
-        cmSystemTools::CollapseFullPath(this->TestPath.c_str());
+        cmSystemTools::CollapseFullPath(this->TestPath);
       cmSystemTools::ConvertToUnixSlashes(this->BestPath);
       return true;
       }
@@ -382,7 +382,7 @@ bool cmFindLibraryHelper::CheckDirectoryForName(std::string const& path,
       {
       this->TestPath = path;
       this->TestPath += origName;
-      if(!cmSystemTools::FileIsDirectory(this->TestPath.c_str()))
+      if(!cmSystemTools::FileIsDirectory(this->TestPath))
         {
         // This is a matching file.  Check if it is better than the
         // best name found so far.  Earlier prefixes are preferred,
@@ -506,9 +506,9 @@ std::string cmFindLibraryCommand::FindFrameworkLibraryNamesPerDir()
       fwPath = *di;
       fwPath += *ni;
       fwPath += ".framework";
-      if(cmSystemTools::FileIsDirectory(fwPath.c_str()))
+      if(cmSystemTools::FileIsDirectory(fwPath))
         {
-        return cmSystemTools::CollapseFullPath(fwPath.c_str());
+        return cmSystemTools::CollapseFullPath(fwPath);
         }
       }
     }
@@ -532,9 +532,9 @@ std::string cmFindLibraryCommand::FindFrameworkLibraryDirsPerName()
       fwPath = *di;
       fwPath += *ni;
       fwPath += ".framework";
-      if(cmSystemTools::FileIsDirectory(fwPath.c_str()))
+      if(cmSystemTools::FileIsDirectory(fwPath))
         {
-        return cmSystemTools::CollapseFullPath(fwPath.c_str());
+        return cmSystemTools::CollapseFullPath(fwPath);
         }
       }
     }
diff --git a/Source/cmFindPackageCommand.cxx b/Source/cmFindPackageCommand.cxx
index 55a61f5..0130006 100644
--- a/Source/cmFindPackageCommand.cxx
+++ b/Source/cmFindPackageCommand.cxx
@@ -26,6 +26,14 @@
 #endif
 
 //----------------------------------------------------------------------------
+cmFindPackageCommand::PathLabel
+  cmFindPackageCommand::PathLabel::UserRegistry("PACKAGE_REGISTRY");
+cmFindPackageCommand::PathLabel
+  cmFindPackageCommand::PathLabel::Builds("BUILDS");
+cmFindPackageCommand::PathLabel
+  cmFindPackageCommand::PathLabel::SystemRegistry("SYSTEM_PACKAGE_REGISTRY");
+
+//----------------------------------------------------------------------------
 cmFindPackageCommand::cmFindPackageCommand()
 {
   this->CMakePathName = "PACKAGE";
@@ -51,6 +59,33 @@ cmFindPackageCommand::cmFindPackageCommand()
   this->VersionFoundTweak = 0;
   this->VersionFoundCount = 0;
   this->RequiredCMakeVersion = 0;
+
+  this->AppendSearchPathGroups();
+}
+
+//----------------------------------------------------------------------------
+void cmFindPackageCommand::AppendSearchPathGroups()
+{
+  std::vector<cmFindCommon::PathLabel>* labels;
+
+  // Update the All group with new paths
+  labels = &this->PathGroupLabelMap[PathGroup::All];
+  labels->insert(std::find(labels->begin(), labels->end(),
+                           PathLabel::CMakeSystem),
+                 PathLabel::UserRegistry);
+  labels->insert(std::find(labels->begin(), labels->end(),
+                           PathLabel::CMakeSystem),
+                 PathLabel::Builds);
+  labels->insert(std::find(labels->begin(), labels->end(), PathLabel::Guess),
+                 PathLabel::SystemRegistry);
+
+  // Create the new path objects
+  this->LabeledPaths.insert(std::make_pair(PathLabel::UserRegistry,
+    cmSearchPath(this)));
+  this->LabeledPaths.insert(std::make_pair(PathLabel::Builds,
+    cmSearchPath(this)));
+  this->LabeledPaths.insert(std::make_pair(PathLabel::SystemRegistry,
+    cmSearchPath(this)));
 }
 
 //----------------------------------------------------------------------------
@@ -248,11 +283,11 @@ bool cmFindPackageCommand
       }
     else if(doing == DoingPaths)
       {
-      this->AddUserPath(args[i], this->UserPaths);
+      this->UserGuessArgs.push_back(args[i]);
       }
     else if(doing == DoingHints)
       {
-      this->AddUserPath(args[i], this->UserHints);
+      this->UserHintsArgs.push_back(args[i]);
       }
     else if(doing == DoingPathSuffixes)
       {
@@ -1111,86 +1146,97 @@ void cmFindPackageCommand::AppendSuccessInformation()
 //----------------------------------------------------------------------------
 void cmFindPackageCommand::ComputePrefixes()
 {
-  this->AddPrefixesCMakeVariable();
-  this->AddPrefixesCMakeEnvironment();
-  this->AddPrefixesUserHints();
-  this->AddPrefixesSystemEnvironment();
-  this->AddPrefixesUserRegistry();
-  this->AddPrefixesBuilds();
-  this->AddPrefixesCMakeSystemVariable();
-  this->AddPrefixesSystemRegistry();
-  this->AddPrefixesUserGuess();
+  if(!this->NoDefaultPath)
+    {
+    if(!this->NoCMakePath)
+      {
+      this->FillPrefixesCMakeVariable();
+      }
+    if(!this->NoCMakeEnvironmentPath)
+      {
+      this->FillPrefixesCMakeEnvironment();
+      }
+    if(!this->NoSystemEnvironmentPath)
+      {
+      this->FillPrefixesSystemEnvironment();
+      }
+    if(!this->NoUserRegistry)
+      {
+      this->FillPrefixesUserRegistry();
+      }
+    if(!this->NoBuilds)
+      {
+      this->FillPrefixesBuilds();
+      }
+    if(!this->NoCMakeSystemPath)
+      {
+      this->FillPrefixesCMakeSystemVariable();
+      }
+    if(!this->NoSystemRegistry)
+      {
+      this->FillPrefixesSystemRegistry();
+      }
+    }
+  this->FillPrefixesUserHints();
+  this->FillPrefixesUserGuess();
+
   this->ComputeFinalPaths();
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::AddPrefixesCMakeEnvironment()
+void cmFindPackageCommand::FillPrefixesCMakeEnvironment()
 {
-  if(!this->NoCMakeEnvironmentPath && !this->NoDefaultPath)
-    {
-    // Check the environment variable with the same name as the cache
-    // entry.
-    std::string env;
-    if(cmSystemTools::GetEnv(this->Variable.c_str(), env) && env.length() > 0)
-      {
-      cmSystemTools::ConvertToUnixSlashes(env);
-      this->AddPathInternal(env, EnvPath);
-      }
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::CMakeEnvironment];
 
-    this->AddEnvPath("CMAKE_PREFIX_PATH");
-    this->AddEnvPath("CMAKE_FRAMEWORK_PATH");
-    this->AddEnvPath("CMAKE_APPBUNDLE_PATH");
-    }
+  // Check the environment variable with the same name as the cache
+  // entry.
+  paths.AddEnvPath(this->Variable);
+
+  // And now the general CMake environment variables
+  paths.AddEnvPath("CMAKE_PREFIX_PATH");
+  paths.AddEnvPath("CMAKE_FRAMEWORK_PATH");
+  paths.AddEnvPath("CMAKE_APPBUNDLE_PATH");
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::AddPrefixesCMakeVariable()
+void cmFindPackageCommand::FillPrefixesCMakeVariable()
 {
-  if(!this->NoCMakePath && !this->NoDefaultPath)
-    {
-    this->AddCMakePath("CMAKE_PREFIX_PATH");
-    this->AddCMakePath("CMAKE_FRAMEWORK_PATH");
-    this->AddCMakePath("CMAKE_APPBUNDLE_PATH");
-    }
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::CMake];
+
+  paths.AddCMakePath("CMAKE_PREFIX_PATH");
+  paths.AddCMakePath("CMAKE_FRAMEWORK_PATH");
+  paths.AddCMakePath("CMAKE_APPBUNDLE_PATH");
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::AddPrefixesSystemEnvironment()
+void cmFindPackageCommand::FillPrefixesSystemEnvironment()
 {
-  if(!this->NoSystemEnvironmentPath && !this->NoDefaultPath)
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::SystemEnvironment];
+
+  // Use the system search path to generate prefixes.
+  // Relative paths are interpreted with respect to the current
+  // working directory.
+  std::vector<std::string> tmp;
+  cmSystemTools::GetPath(tmp);
+  for(std::vector<std::string>::iterator i = tmp.begin();
+      i != tmp.end(); ++i)
     {
-    // Use the system search path to generate prefixes.
-    // Relative paths are interpreted with respect to the current
-    // working directory.
-    std::vector<std::string> tmp;
-    cmSystemTools::GetPath(tmp);
-    for(std::vector<std::string>::iterator i = tmp.begin();
-        i != tmp.end(); ++i)
+    // If the path is a PREFIX/bin case then add its parent instead.
+    if((cmHasLiteralSuffix(*i, "/bin")) ||
+       (cmHasLiteralSuffix(*i, "/sbin")))
       {
-      std::string const& d = *i;
-
-      // If the path is a PREFIX/bin case then add its parent instead.
-      if((cmHasLiteralSuffix(d, "/bin")) ||
-         (cmHasLiteralSuffix(d, "/sbin")))
-        {
-        this->AddPathInternal(cmSystemTools::GetFilenamePath(d), EnvPath);
-        }
-      else
-        {
-        this->AddPathInternal(d, EnvPath);
-        }
+      paths.AddPath(cmSystemTools::GetFilenamePath(*i));
+      }
+    else
+      {
+      paths.AddPath(*i);
       }
     }
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::AddPrefixesUserRegistry()
+void cmFindPackageCommand::FillPrefixesUserRegistry()
 {
-  if(this->NoUserRegistry || this->NoDefaultPath)
-    {
-    return;
-    }
-
 #if defined(_WIN32) && !defined(__CYGWIN__)
   this->LoadPackageRegistryWinUser();
 #elif defined(__HAIKU__)
@@ -1201,7 +1247,8 @@ void cmFindPackageCommand::AddPrefixesUserRegistry()
     std::string fname = dir;
     fname += "/cmake/packages/";
     fname += Name;
-    this->LoadPackageRegistryDir(fname);
+    this->LoadPackageRegistryDir(fname,
+                                 this->LabeledPaths[PathLabel::UserRegistry]);
     }
 #else
   if(const char* home = cmSystemTools::GetEnv("HOME"))
@@ -1209,13 +1256,14 @@ void cmFindPackageCommand::AddPrefixesUserRegistry()
     std::string dir = home;
     dir += "/.cmake/packages/";
     dir += this->Name;
-    this->LoadPackageRegistryDir(dir);
+    this->LoadPackageRegistryDir(dir,
+                                 this->LabeledPaths[PathLabel::UserRegistry]);
     }
 #endif
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::AddPrefixesSystemRegistry()
+void cmFindPackageCommand::FillPrefixesSystemRegistry()
 {
   if(this->NoSystemRegistry || this->NoDefaultPath)
     {
@@ -1241,29 +1289,32 @@ void cmFindPackageCommand::AddPrefixesSystemRegistry()
 void cmFindPackageCommand::LoadPackageRegistryWinUser()
 {
   // HKEY_CURRENT_USER\\Software shares 32-bit and 64-bit views.
-  this->LoadPackageRegistryWin(true, 0);
+  this->LoadPackageRegistryWin(true, 0,
+                               this->LabeledPaths[PathLabel::UserRegistry]);
 }
 
 //----------------------------------------------------------------------------
 void cmFindPackageCommand::LoadPackageRegistryWinSystem()
 {
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::SystemRegistry];
+
   // HKEY_LOCAL_MACHINE\\SOFTWARE has separate 32-bit and 64-bit views.
   // Prefer the target platform view first.
   if(this->Makefile->PlatformIs64Bit())
     {
-    this->LoadPackageRegistryWin(false, KEY_WOW64_64KEY);
-    this->LoadPackageRegistryWin(false, KEY_WOW64_32KEY);
+    this->LoadPackageRegistryWin(false, KEY_WOW64_64KEY, paths);
+    this->LoadPackageRegistryWin(false, KEY_WOW64_32KEY, paths);
     }
   else
     {
-    this->LoadPackageRegistryWin(false, KEY_WOW64_32KEY);
-    this->LoadPackageRegistryWin(false, KEY_WOW64_64KEY);
+    this->LoadPackageRegistryWin(false, KEY_WOW64_32KEY, paths);
+    this->LoadPackageRegistryWin(false, KEY_WOW64_64KEY, paths);
     }
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::LoadPackageRegistryWin(bool user,
-                                                  unsigned int view)
+void cmFindPackageCommand::LoadPackageRegistryWin(bool user, unsigned int view,
+                                                  cmSearchPath& outPaths)
 {
   std::wstring key = L"Software\\Kitware\\CMake\\Packages\\";
   key += cmsys::Encoding::ToWide(this->Name);
@@ -1289,8 +1340,8 @@ void cmFindPackageCommand::LoadPackageRegistryWin(bool user,
           if(valueType == REG_SZ)
             {
             data[dataSize] = 0;
-            cmsys_ios::stringstream ss(cmsys::Encoding::ToNarrow(&data[0]));
-            if(!this->CheckPackageRegistryEntry(ss))
+            if(!this->CheckPackageRegistryEntry(
+                  cmsys::Encoding::ToNarrow(&data[0]), outPaths))
               {
               // The entry is invalid.
               bad.insert(name);
@@ -1332,10 +1383,11 @@ public:
 };
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::LoadPackageRegistryDir(std::string const& dir)
+void cmFindPackageCommand::LoadPackageRegistryDir(std::string const& dir,
+                                                  cmSearchPath& outPaths)
 {
   cmsys::Directory files;
-  if(!files.Load(dir.c_str()))
+  if(!files.Load(dir))
     {
     return;
     }
@@ -1347,14 +1399,16 @@ void cmFindPackageCommand::LoadPackageRegistryDir(std::string const& dir)
     fname += "/";
     fname += files.GetFile(i);
 
-    if(!cmSystemTools::FileIsDirectory(fname.c_str()))
+    if(!cmSystemTools::FileIsDirectory(fname))
       {
       // Hold this file hostage until it behaves.
       cmFindPackageCommandHoldFile holdFile(fname.c_str());
 
       // Load the file.
       cmsys::ifstream fin(fname.c_str(), std::ios::in | cmsys_ios_binary);
-      if(fin && this->CheckPackageRegistryEntry(fin))
+      std::string fentry;
+      if(fin && cmSystemTools::GetLineFromStream(fin, fentry) &&
+         this->CheckPackageRegistryEntry(fentry, outPaths))
         {
         // The file references an existing package, so release it.
         holdFile.Release();
@@ -1367,23 +1421,25 @@ void cmFindPackageCommand::LoadPackageRegistryDir(std::string const& dir)
 #endif
 
 //----------------------------------------------------------------------------
-bool cmFindPackageCommand::CheckPackageRegistryEntry(std::istream& is)
+bool cmFindPackageCommand::CheckPackageRegistryEntry(const std::string& fname,
+                                                     cmSearchPath& outPaths)
 {
   // Parse the content of one package registry entry.
-  std::string fname;
-  if(cmSystemTools::GetLineFromStream(is, fname) &&
-     cmSystemTools::FileIsFullPath(fname.c_str()))
+  if(cmSystemTools::FileIsFullPath(fname.c_str()))
     {
     // The first line in the stream is the full path to a file or
     // directory containing the package.
     if(cmSystemTools::FileExists(fname.c_str()))
       {
       // The path exists.  Look for the package here.
-      if(!cmSystemTools::FileIsDirectory(fname.c_str()))
+      if(!cmSystemTools::FileIsDirectory(fname))
+        {
+        outPaths.AddPath(cmSystemTools::GetFilenamePath(fname));
+        }
+      else
         {
-        fname = cmSystemTools::GetFilenamePath(fname);
+        outPaths.AddPath(fname);
         }
-      this->AddPathInternal(fname, FullPath);
       return true;
       }
     else
@@ -1404,52 +1460,60 @@ bool cmFindPackageCommand::CheckPackageRegistryEntry(std::istream& is)
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::AddPrefixesBuilds()
+void cmFindPackageCommand::FillPrefixesBuilds()
 {
-  if(!this->NoBuilds && !this->NoDefaultPath)
-    {
-    // It is likely that CMake will have recently built the project.
-    for(int i=0; i <= 10; ++i)
-      {
-      cmOStringStream r;
-      r <<
-        "[HKEY_CURRENT_USER\\Software\\Kitware\\CMakeSetup\\"
-        "Settings\\StartPath;WhereBuild" << i << "]";
-      std::string f = r.str();
-      cmSystemTools::ExpandRegistryValues(f);
-      cmSystemTools::ConvertToUnixSlashes(f);
-      if(cmSystemTools::FileIsFullPath(f.c_str()) &&
-         cmSystemTools::FileIsDirectory(f.c_str()))
-        {
-        this->AddPathInternal(f, FullPath);
-        }
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::Builds];
+
+  // It is likely that CMake will have recently built the project.
+  for(int i=0; i <= 10; ++i)
+    {
+    cmOStringStream r;
+    r <<
+      "[HKEY_CURRENT_USER\\Software\\Kitware\\CMakeSetup\\"
+      "Settings\\StartPath;WhereBuild" << i << "]";
+    std::string f = r.str();
+    cmSystemTools::ExpandRegistryValues(f);
+    cmSystemTools::ConvertToUnixSlashes(f);
+    if(cmSystemTools::FileIsFullPath(f.c_str()) &&
+       cmSystemTools::FileIsDirectory(f))
+      {
+      paths.AddPath(f);
       }
     }
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::AddPrefixesCMakeSystemVariable()
+void cmFindPackageCommand::FillPrefixesCMakeSystemVariable()
 {
-  if(!this->NoCMakeSystemPath && !this->NoDefaultPath)
-    {
-    this->AddCMakePath("CMAKE_SYSTEM_PREFIX_PATH");
-    this->AddCMakePath("CMAKE_SYSTEM_FRAMEWORK_PATH");
-    this->AddCMakePath("CMAKE_SYSTEM_APPBUNDLE_PATH");
-    }
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::CMakeSystem];
+
+  paths.AddCMakePath("CMAKE_SYSTEM_PREFIX_PATH");
+  paths.AddCMakePath("CMAKE_SYSTEM_FRAMEWORK_PATH");
+  paths.AddCMakePath("CMAKE_SYSTEM_APPBUNDLE_PATH");
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::AddPrefixesUserGuess()
+void cmFindPackageCommand::FillPrefixesUserGuess()
 {
-  // Add guesses specified by the caller.
-  this->AddPathsInternal(this->UserPaths, CMakePath);
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::Guess];
+
+  for(std::vector<std::string>::const_iterator p = this->UserGuessArgs.begin();
+      p != this->UserGuessArgs.end(); ++p)
+    {
+    paths.AddUserPath(*p);
+    }
 }
 
 //----------------------------------------------------------------------------
-void cmFindPackageCommand::AddPrefixesUserHints()
+void cmFindPackageCommand::FillPrefixesUserHints()
 {
-  // Add hints specified by the caller.
-  this->AddPathsInternal(this->UserHints, CMakePath);
+  cmSearchPath &paths = this->LabeledPaths[PathLabel::Hints];
+
+  for(std::vector<std::string>::const_iterator p = this->UserHintsArgs.begin();
+      p != this->UserHintsArgs.end(); ++p)
+    {
+    paths.AddUserPath(*p);
+    }
 }
 
 //----------------------------------------------------------------------------
@@ -1847,7 +1911,7 @@ private:
     // Construct a list of matches.
     std::vector<std::string> matches;
     cmsys::Directory d;
-    d.Load(parent.c_str());
+    d.Load(parent);
     for(unsigned long i=0; i < d.GetNumberOfFiles(); ++i)
       {
       const char* fname = d.GetFile(i);
@@ -1901,7 +1965,7 @@ private:
     // Construct a list of matches.
     std::vector<std::string> matches;
     cmsys::Directory d;
-    d.Load(parent.c_str());
+    d.Load(parent);
     for(unsigned long i=0; i < d.GetNumberOfFiles(); ++i)
       {
       const char* fname = d.GetFile(i);
@@ -1955,7 +2019,7 @@ private:
     // Look for matching files.
     std::vector<std::string> matches;
     cmsys::Directory d;
-    d.Load(parent.c_str());
+    d.Load(parent);
     for(unsigned long i=0; i < d.GetNumberOfFiles(); ++i)
       {
       const char* fname = d.GetFile(i);
@@ -2007,7 +2071,7 @@ private:
     for(std::vector<std::string>::const_iterator fi = files.begin();
         fi != files.end(); ++fi)
       {
-      if(cmSystemTools::FileIsDirectory(fi->c_str()))
+      if(cmSystemTools::FileIsDirectory(*fi))
         {
         if(this->Consider(*fi, lister))
           {
@@ -2035,7 +2099,7 @@ bool cmFindPackageCommand::SearchPrefix(std::string const& prefix_in)
     }
 
   // Skip this if the prefix does not exist.
-  if(!cmSystemTools::FileIsDirectory(prefix_in.c_str()))
+  if(!cmSystemTools::FileIsDirectory(prefix_in))
     {
     return false;
     }
diff --git a/Source/cmFindPackageCommand.h b/Source/cmFindPackageCommand.h
index 2249459..949dcb1 100644
--- a/Source/cmFindPackageCommand.h
+++ b/Source/cmFindPackageCommand.h
@@ -53,6 +53,21 @@ public:
 
   cmTypeMacro(cmFindPackageCommand, cmFindCommon);
 private:
+  class PathLabel : public cmFindCommon::PathLabel
+  {
+  protected:
+    PathLabel();
+  public:
+    PathLabel(const std::string& label) : cmFindCommon::PathLabel(label) { }
+    static PathLabel UserRegistry;
+    static PathLabel Builds;
+    static PathLabel SystemRegistry;
+  };
+
+  // Add additional search path labels and groups not present in the
+  // parent class
+  void AppendSearchPathGroups();
+
   void AppendSuccessInformation();
   void AppendToFoundProperty(bool found);
   void SetModuleVariables(const std::string& components);
@@ -69,20 +84,22 @@ private:
   void StoreVersionFound();
 
   void ComputePrefixes();
-  void AddPrefixesCMakeEnvironment();
-  void AddPrefixesCMakeVariable();
-  void AddPrefixesSystemEnvironment();
-  void AddPrefixesUserRegistry();
-  void AddPrefixesSystemRegistry();
-  void AddPrefixesBuilds();
-  void AddPrefixesCMakeSystemVariable();
-  void AddPrefixesUserGuess();
-  void AddPrefixesUserHints();
-  void LoadPackageRegistryDir(std::string const& dir);
+  void FillPrefixesCMakeEnvironment();
+  void FillPrefixesCMakeVariable();
+  void FillPrefixesSystemEnvironment();
+  void FillPrefixesUserRegistry();
+  void FillPrefixesSystemRegistry();
+  void FillPrefixesBuilds();
+  void FillPrefixesCMakeSystemVariable();
+  void FillPrefixesUserGuess();
+  void FillPrefixesUserHints();
+  void LoadPackageRegistryDir(std::string const& dir, cmSearchPath& outPaths);
   void LoadPackageRegistryWinUser();
   void LoadPackageRegistryWinSystem();
-  void LoadPackageRegistryWin(bool user, unsigned int view);
-  bool CheckPackageRegistryEntry(std::istream& is);
+  void LoadPackageRegistryWin(bool user, unsigned int view,
+                              cmSearchPath& outPaths);
+  bool CheckPackageRegistryEntry(const std::string& fname,
+                                 cmSearchPath& outPaths);
   bool SearchDirectory(std::string const& dir);
   bool CheckDirectory(std::string const& dir);
   bool FindConfigFile(std::string const& dir, std::string& file);
diff --git a/Source/cmFindPathCommand.cxx b/Source/cmFindPathCommand.cxx
index 5531cdf..f4cc4c2 100644
--- a/Source/cmFindPathCommand.cxx
+++ b/Source/cmFindPathCommand.cxx
@@ -136,7 +136,7 @@ cmFindPathCommand::FindHeaderInFramework(std::string const& file,
   std::vector<std::string> files = globIt.GetFiles();
   if(files.size())
     {
-    std::string fheader = cmSystemTools::CollapseFullPath(files[0].c_str());
+    std::string fheader = cmSystemTools::CollapseFullPath(files[0]);
     if(this->IncludeFileInPath)
       {
       return fheader;
diff --git a/Source/cmFindProgramCommand.cxx b/Source/cmFindProgramCommand.cxx
index f6e37f6..4ee419c 100644
--- a/Source/cmFindProgramCommand.cxx
+++ b/Source/cmFindProgramCommand.cxx
@@ -88,7 +88,7 @@ std::string cmFindProgramCommand
     {
 
     std::string appName = *name + std::string(".app");
-    std::string appPath = cmSystemTools::FindDirectory(appName.c_str(),
+    std::string appPath = cmSystemTools::FindDirectory(appName,
                                                        this->SearchPaths,
                                                        true);
 
@@ -97,7 +97,7 @@ std::string cmFindProgramCommand
       std::string executable = GetBundleExecutable(appPath);
       if (!executable.empty())
         {
-        return cmSystemTools::CollapseFullPath(executable.c_str());
+        return cmSystemTools::CollapseFullPath(executable);
         }
       }
     }
diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx
index e3f66c1..03d6590 100644
--- a/Source/cmForEachCommand.cxx
+++ b/Source/cmForEachCommand.cxx
@@ -27,6 +27,8 @@ IsFunctionBlocked(const cmListFileFunction& lff, cmMakefile &mf,
     // if this is the endofreach for this statement
     if (!this->Depth)
       {
+      cmMakefile::LoopBlockPop loopBlockPop(&mf);
+
       // Remove the function blocker for this scope or bail.
       cmsys::auto_ptr<cmFunctionBlocker>
         fb(mf.RemoveFunctionBlocker(this, lff));
@@ -67,12 +69,17 @@ IsFunctionBlocked(const cmListFileFunction& lff, cmMakefile &mf,
             mf.AddDefinition(this->Args[0],oldDef.c_str());
             return true;
             }
+          if (status.GetContinueInvoked())
+            {
+            break;
+            }
           if(cmSystemTools::GetFatalErrorOccured() )
             {
             return true;
             }
           }
         }
+
       // restore the variable to its prior value
       mf.AddDefinition(this->Args[0],oldDef.c_str());
       return true;
@@ -199,6 +206,8 @@ bool cmForEachCommand
     }
   this->Makefile->AddFunctionBlocker(f);
 
+  this->Makefile->PushLoopBlock();
+
   return true;
 }
 
@@ -242,5 +251,8 @@ bool cmForEachCommand::HandleInMode(std::vector<std::string> const& args)
     }
 
   this->Makefile->AddFunctionBlocker(f.release()); // TODO: pass auto_ptr
+
+  this->Makefile->PushLoopBlock();
+
   return true;
 }
diff --git a/Source/cmGeneratedFileStream.cxx b/Source/cmGeneratedFileStream.cxx
index 78ad4b2..600b793 100644
--- a/Source/cmGeneratedFileStream.cxx
+++ b/Source/cmGeneratedFileStream.cxx
@@ -152,7 +152,7 @@ void cmGeneratedFileStreamBase::Open(const char* name)
 #endif
 
   // Make sure the temporary file that will be used is not present.
-  cmSystemTools::RemoveFile(this->TempName.c_str());
+  cmSystemTools::RemoveFile(this->TempName);
 
   std::string dir = cmSystemTools::GetFilenamePath(this->TempName);
   cmSystemTools::MakeDirectory(dir.c_str());
@@ -174,7 +174,7 @@ bool cmGeneratedFileStreamBase::Close()
   if(!this->Name.empty() &&
     this->Okay &&
     (!this->CopyIfDifferent ||
-     cmSystemTools::FilesDiffer(this->TempName.c_str(), resname.c_str())))
+     cmSystemTools::FilesDiffer(this->TempName, resname)))
     {
     // The destination is to be replaced.  Rename the temporary to the
     // destination atomically.
@@ -185,7 +185,7 @@ bool cmGeneratedFileStreamBase::Close()
         {
         this->RenameFile(gzname.c_str(), resname.c_str());
         }
-      cmSystemTools::RemoveFile(gzname.c_str());
+      cmSystemTools::RemoveFile(gzname);
       }
     else
       {
@@ -198,7 +198,7 @@ bool cmGeneratedFileStreamBase::Close()
   // Else, the destination was not replaced.
   //
   // Always delete the temporary file. We never want it to stay around.
-  cmSystemTools::RemoveFile(this->TempName.c_str());
+  cmSystemTools::RemoveFile(this->TempName);
 
   return replaced;
 }
diff --git a/Source/cmGeneratorExpression.cxx b/Source/cmGeneratorExpression.cxx
index 7fc1464..bff6f5f 100644
--- a/Source/cmGeneratorExpression.cxx
+++ b/Source/cmGeneratorExpression.cxx
@@ -33,18 +33,10 @@ cmGeneratorExpression::cmGeneratorExpression(
 cmsys::auto_ptr<cmCompiledGeneratorExpression>
 cmGeneratorExpression::Parse(std::string const& input)
 {
-#if !defined(__BORLANDC__)
   return cmsys::auto_ptr<cmCompiledGeneratorExpression>(
     new cmCompiledGeneratorExpression(
       this->Backtrace ? *this->Backtrace : cmListFileBacktrace(NULL),
       input));
-#else
-  cmListFileBacktrace emptyBacktrace(NULL);
-  return cmsys::auto_ptr<cmCompiledGeneratorExpression>(
-    new cmCompiledGeneratorExpression(
-      this->Backtrace ? *this->Backtrace : emptyBacktrace,
-      input));
-#endif
 }
 
 //----------------------------------------------------------------------------
@@ -98,6 +90,7 @@ const char *cmCompiledGeneratorExpression::Evaluate(
   context.HadError = false;
   context.HadContextSensitiveCondition = false;
   context.HadHeadSensitiveCondition = false;
+  context.SourceSensitiveTargets.clear();
   context.HeadTarget = headTarget;
   context.EvaluateForBuildsystem = this->EvaluateForBuildsystem;
   context.CurrentTarget = currentTarget ? currentTarget : headTarget;
@@ -126,6 +119,7 @@ const char *cmCompiledGeneratorExpression::Evaluate(
     {
     this->HadContextSensitiveCondition = context.HadContextSensitiveCondition;
     this->HadHeadSensitiveCondition = context.HadHeadSensitiveCondition;
+    this->SourceSensitiveTargets = context.SourceSensitiveTargets;
     }
 
   this->DependTargets = context.DependTargets;
diff --git a/Source/cmGeneratorExpression.h b/Source/cmGeneratorExpression.h
index b952520..57f78c5 100644
--- a/Source/cmGeneratorExpression.h
+++ b/Source/cmGeneratorExpression.h
@@ -115,6 +115,10 @@ public:
   {
     return this->HadHeadSensitiveCondition;
   }
+  std::set<cmTarget const*> GetSourceSensitiveTargets() const
+  {
+    return this->SourceSensitiveTargets;
+  }
 
   void SetEvaluateForBuildsystem(bool eval)
   {
@@ -146,6 +150,7 @@ private:
   mutable std::string Output;
   mutable bool HadContextSensitiveCondition;
   mutable bool HadHeadSensitiveCondition;
+  mutable std::set<cmTarget const*>  SourceSensitiveTargets;
   bool EvaluateForBuildsystem;
 };
 
diff --git a/Source/cmGeneratorExpressionEvaluationFile.cxx b/Source/cmGeneratorExpressionEvaluationFile.cxx
index f9067cf..03d0bc6 100644
--- a/Source/cmGeneratorExpressionEvaluationFile.cxx
+++ b/Source/cmGeneratorExpressionEvaluationFile.cxx
@@ -13,6 +13,9 @@
 #include "cmGeneratorExpressionEvaluationFile.h"
 
 #include "cmMakefile.h"
+#include "cmLocalGenerator.h"
+#include "cmGlobalGenerator.h"
+#include "cmSourceFile.h"
 #include "cmGeneratedFileStream.h"
 #include <cmsys/FStream.hxx>
 
@@ -36,7 +39,7 @@ cmGeneratorExpressionEvaluationFile::cmGeneratorExpressionEvaluationFile(
 //----------------------------------------------------------------------------
 void cmGeneratorExpressionEvaluationFile::Generate(const std::string& config,
               cmCompiledGeneratorExpression* inputExpression,
-              std::map<std::string, std::string> &outputFiles)
+              std::map<std::string, std::string> &outputFiles, mode_t perm)
 {
   std::string rawCondition = this->Condition->GetInput();
   if (!rawCondition.empty())
@@ -77,17 +80,37 @@ void cmGeneratorExpressionEvaluationFile::Generate(const std::string& config,
     return;
     }
 
+  this->Makefile->AddCMakeOutputFile(outputFileName.c_str());
   this->Files.push_back(outputFileName);
   outputFiles[outputFileName] = outputContent;
 
   cmGeneratedFileStream fout(outputFileName.c_str());
   fout.SetCopyIfDifferent(true);
   fout << outputContent;
+  if (fout.Close() && perm)
+    {
+    cmSystemTools::SetPermissions(outputFileName.c_str(), perm);
+    }
+}
+
+//----------------------------------------------------------------------------
+void cmGeneratorExpressionEvaluationFile::CreateOutputFile(
+                                              std::string const& config)
+{
+  std::string name = this->OutputFileExpr->Evaluate(this->Makefile, config);
+  cmSourceFile* sf = this->Makefile->GetOrCreateSource(name);
+  sf->SetProperty("GENERATED", "1");
+
+  cmGlobalGenerator *gg
+                  = this->Makefile->GetLocalGenerator()->GetGlobalGenerator();
+  gg->SetFilenameTargetDepends(sf,
+                          this->OutputFileExpr->GetSourceSensitiveTargets());
 }
 
 //----------------------------------------------------------------------------
 void cmGeneratorExpressionEvaluationFile::Generate()
 {
+  mode_t perm = 0;
   std::string inputContent;
   if (this->InputIsContent)
     {
@@ -95,6 +118,8 @@ void cmGeneratorExpressionEvaluationFile::Generate()
     }
   else
     {
+    this->Makefile->AddCMakeDependFile(this->Input.c_str());
+    cmSystemTools::GetPermissions(this->Input.c_str(), perm);
     cmsys::ifstream fin(this->Input.c_str());
     if(!fin)
       {
@@ -131,7 +156,7 @@ void cmGeneratorExpressionEvaluationFile::Generate()
   for(std::vector<std::string>::const_iterator li = allConfigs.begin();
       li != allConfigs.end(); ++li)
     {
-    this->Generate(*li, inputExpression.get(), outputFiles);
+    this->Generate(*li, inputExpression.get(), outputFiles, perm);
     if(cmSystemTools::GetFatalErrorOccured())
       {
       return;
diff --git a/Source/cmGeneratorExpressionEvaluationFile.h b/Source/cmGeneratorExpressionEvaluationFile.h
index f939916..3394ade 100644
--- a/Source/cmGeneratorExpressionEvaluationFile.h
+++ b/Source/cmGeneratorExpressionEvaluationFile.h
@@ -31,10 +31,12 @@ public:
 
   std::vector<std::string> GetFiles() const { return this->Files; }
 
+  void CreateOutputFile(std::string const& config);
+
 private:
   void Generate(const std::string& config,
               cmCompiledGeneratorExpression* inputExpression,
-              std::map<std::string, std::string> &outputFiles);
+              std::map<std::string, std::string> &outputFiles, mode_t perm);
 
 private:
   const std::string Input;
diff --git a/Source/cmGeneratorExpressionEvaluator.cxx b/Source/cmGeneratorExpressionEvaluator.cxx
index 84a4daa..17adad7 100644
--- a/Source/cmGeneratorExpressionEvaluator.cxx
+++ b/Source/cmGeneratorExpressionEvaluator.cxx
@@ -362,7 +362,7 @@ static const struct MakeCIdentifierNode : public cmGeneratorExpressionNode
                        const GeneratorExpressionContent *,
                        cmGeneratorExpressionDAGChecker *) const
   {
-    return cmSystemTools::MakeCidentifier(parameters.front().c_str());
+    return cmSystemTools::MakeCidentifier(parameters.front());
   }
 } makeCIdentifierNode;
 
@@ -960,7 +960,7 @@ static const struct TargetPropertyNode : public cmGeneratorExpressionNode
         reportError(context, content->GetOriginalExpression(), e.str());
         return std::string();
         }
-        context->AllTargets.insert(target);
+      context->AllTargets.insert(target);
       }
 
     if (target == context->HeadTarget)
@@ -971,6 +971,10 @@ static const struct TargetPropertyNode : public cmGeneratorExpressionNode
       // value for all evaluations.
       context->SeenTargetProperties.insert(propertyName);
       }
+    if (propertyName == "SOURCES")
+      {
+      context->SourceSensitiveTargets.insert(target);
+      }
 
     if (propertyName.empty())
       {
@@ -1259,7 +1263,7 @@ static const struct TargetObjectsNode : public cmGeneratorExpressionNode
 
     std::string tgtName = parameters.front();
     cmGeneratorTarget* gt =
-                context->Makefile->FindGeneratorTargetToUse(tgtName.c_str());
+                context->Makefile->FindGeneratorTargetToUse(tgtName);
     if (!gt)
       {
       cmOStringStream e;
diff --git a/Source/cmGeneratorExpressionEvaluator.h b/Source/cmGeneratorExpressionEvaluator.h
index 8a529e8..0bf1797 100644
--- a/Source/cmGeneratorExpressionEvaluator.h
+++ b/Source/cmGeneratorExpressionEvaluator.h
@@ -31,6 +31,7 @@ struct cmGeneratorExpressionContext
   std::set<cmTarget*> DependTargets;
   std::set<cmTarget const*> AllTargets;
   std::set<std::string> SeenTargetProperties;
+  std::set<cmTarget const*> SourceSensitiveTargets;
   std::map<cmTarget const*, std::map<std::string, std::string> >
                                                           MaxLanguageStandard;
   cmMakefile *Makefile;
diff --git a/Source/cmGeneratorTarget.cxx b/Source/cmGeneratorTarget.cxx
index 14b5a92..2b531e2 100644
--- a/Source/cmGeneratorTarget.cxx
+++ b/Source/cmGeneratorTarget.cxx
@@ -56,7 +56,6 @@ struct ModuleDefinitionFileTag {};
 struct AppManifestTag{};
 struct CertificatesTag{};
 
-#if !defined(_MSC_VER) || _MSC_VER >= 1310
 template<typename Tag, typename OtherTag>
 struct IsSameTag
 {
@@ -72,25 +71,6 @@ struct IsSameTag<Tag, Tag>
     Result = true
   };
 };
-#else
-struct IsSameTagBase
-{
-  typedef char (&no_type)[1];
-  typedef char (&yes_type)[2];
-  template<typename T> struct Check;
-  template<typename T> static yes_type check(Check<T>*, Check<T>*);
-  static no_type check(...);
-};
-template<typename Tag1, typename Tag2>
-struct IsSameTag: public IsSameTagBase
-{
-  enum {
-    Result = (sizeof(check(static_cast< Check<Tag1>* >(0),
-                           static_cast< Check<Tag2>* >(0))) ==
-              sizeof(yes_type))
-  };
-};
-#endif
 
 template<bool>
 struct DoAccept
@@ -646,6 +626,17 @@ cmTargetTraceDependencies
           si != sources.end(); ++si)
         {
         cmSourceFile* sf = *si;
+        const std::set<cmTarget const*> tgts =
+                          this->GlobalGenerator->GetFilenameTargetDepends(sf);
+        if (tgts.find(this->Target) != tgts.end())
+          {
+          cmOStringStream e;
+          e << "Evaluation output file\n  \"" << sf->GetFullPath()
+            << "\"\ndepends on the sources of a target it is used in.  This "
+              "is a dependency loop and is not allowed.";
+          this->Makefile->IssueMessage(cmake::FATAL_ERROR, e.str());
+          return;
+          }
         if(emitted.insert(sf).second && this->SourcesQueued.insert(sf).second)
           {
           this->SourceQueue.push(sf);
@@ -772,8 +763,8 @@ bool cmTargetTraceDependencies::IsUtility(std::string const& dep)
         std::string tLocation = t->GetLocationForBuild();
         tLocation = cmSystemTools::GetFilenamePath(tLocation);
         std::string depLocation = cmSystemTools::GetFilenamePath(dep);
-        depLocation = cmSystemTools::CollapseFullPath(depLocation.c_str());
-        tLocation = cmSystemTools::CollapseFullPath(tLocation.c_str());
+        depLocation = cmSystemTools::CollapseFullPath(depLocation);
+        tLocation = cmSystemTools::CollapseFullPath(tLocation);
         if(depLocation == tLocation)
           {
           this->Target->AddUtility(util);
diff --git a/Source/cmGetDirectoryPropertyCommand.cxx b/Source/cmGetDirectoryPropertyCommand.cxx
index fcc3da1..8fb2fa1 100644
--- a/Source/cmGetDirectoryPropertyCommand.cxx
+++ b/Source/cmGetDirectoryPropertyCommand.cxx
@@ -49,7 +49,7 @@ bool cmGetDirectoryPropertyCommand
       }
 
     // The local generators are associated with collapsed paths.
-    sd = cmSystemTools::CollapseFullPath(sd.c_str());
+    sd = cmSystemTools::CollapseFullPath(sd);
 
     // lookup the makefile from the directory name
     cmLocalGenerator *lg =
diff --git a/Source/cmGetFilenameComponentCommand.cxx b/Source/cmGetFilenameComponentCommand.cxx
index 10406d2..e7d2857 100644
--- a/Source/cmGetFilenameComponentCommand.cxx
+++ b/Source/cmGetFilenameComponentCommand.cxx
@@ -79,7 +79,7 @@ bool cmGetFilenameComponentCommand
           }
         }
       }
-    cmSystemTools::SplitProgramFromArgs(filename.c_str(),
+    cmSystemTools::SplitProgramFromArgs(filename,
                                         result, programArgs);
     }
   else if (args[2] == "EXT")
@@ -97,11 +97,11 @@ bool cmGetFilenameComponentCommand
     // If the path given is relative evaluate it relative to the
     // current source directory.
     result = cmSystemTools::CollapseFullPath(
-      filename.c_str(), this->Makefile->GetCurrentDirectory());
+      filename, this->Makefile->GetCurrentDirectory());
     if(args[2] == "REALPATH")
       {
       // Resolve symlinks if possible
-      result = cmSystemTools::GetRealPath(result.c_str());
+      result = cmSystemTools::GetRealPath(result);
       }
     }
   else
diff --git a/Source/cmGetPropertyCommand.cxx b/Source/cmGetPropertyCommand.cxx
index 9a88191..3c59c25 100644
--- a/Source/cmGetPropertyCommand.cxx
+++ b/Source/cmGetPropertyCommand.cxx
@@ -259,7 +259,7 @@ bool cmGetPropertyCommand::HandleDirectoryMode()
       }
 
     // The local generators are associated with collapsed paths.
-    dir = cmSystemTools::CollapseFullPath(dir.c_str());
+    dir = cmSystemTools::CollapseFullPath(dir);
 
     // Lookup the generator.
     if(cmLocalGenerator* lg =
diff --git a/Source/cmGlobalGenerator.cxx b/Source/cmGlobalGenerator.cxx
index 2f4d9bb..29ab7d0 100644
--- a/Source/cmGlobalGenerator.cxx
+++ b/Source/cmGlobalGenerator.cxx
@@ -11,6 +11,9 @@
 ============================================================================*/
 #if defined(_WIN32) && !defined(__CYGWIN__)
 #include "windows.h" // this must be first to define GetCurrentDirectory
+#if defined(_MSC_VER) && _MSC_VER >= 1800
+# define KWSYS_WINDOWS_DEPRECATED_GetVersionEx
+#endif
 #endif
 
 #include "cmGlobalGenerator.h"
@@ -297,11 +300,11 @@ void cmGlobalGenerator::FindMakeProgram(cmMakefile* mf)
     {
     std::string dir;
     std::string file;
-    cmSystemTools::SplitProgramPath(makeProgram.c_str(),
+    cmSystemTools::SplitProgramPath(makeProgram,
                                     dir, file);
     std::string saveFile = file;
-    cmSystemTools::GetShortPath(makeProgram.c_str(), makeProgram);
-    cmSystemTools::SplitProgramPath(makeProgram.c_str(),
+    cmSystemTools::GetShortPath(makeProgram, makeProgram);
+    cmSystemTools::SplitProgramPath(makeProgram,
                                     dir, file);
     makeProgram = dir;
     makeProgram += "/";
@@ -456,7 +459,14 @@ cmGlobalGenerator::EnableLanguage(std::vector<std::string>const& languages,
     OSVERSIONINFO osvi;
     ZeroMemory(&osvi, sizeof(osvi));
     osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+#ifdef KWSYS_WINDOWS_DEPRECATED_GetVersionEx
+# pragma warning (push)
+# pragma warning (disable:4996)
+#endif
     GetVersionEx (&osvi);
+#ifdef KWSYS_WINDOWS_DEPRECATED_GetVersionEx
+# pragma warning (pop)
+#endif
     cmOStringStream windowsVersionString;
     windowsVersionString << osvi.dwMajorVersion << "." << osvi.dwMinorVersion;
     windowsVersionString.str();
@@ -597,7 +607,7 @@ cmGlobalGenerator::EnableLanguage(std::vector<std::string>const& languages,
         std::string env = envVar;
         env += "=";
         env += envVarValue;
-        cmSystemTools::PutEnv(env.c_str());
+        cmSystemTools::PutEnv(env);
         }
 
       // if determineLanguage was called then load the file it
@@ -691,7 +701,7 @@ cmGlobalGenerator::EnableLanguage(std::vector<std::string>const& languages,
         compilerLangFile += "/CMake";
         compilerLangFile += lang;
         compilerLangFile += "Compiler.cmake";
-        cmSystemTools::RemoveFile(compilerLangFile.c_str());
+        cmSystemTools::RemoveFile(compilerLangFile);
         if(!this->CMakeInstance->GetIsInTryCompile())
           {
           this->PrintCompilerAdvice(noCompiler, lang,
@@ -758,7 +768,7 @@ cmGlobalGenerator::EnableLanguage(std::vector<std::string>const& languages,
           compilerLangFile += "/CMake";
           compilerLangFile += lang;
           compilerLangFile += "Compiler.cmake";
-          cmSystemTools::RemoveFile(compilerLangFile.c_str());
+          cmSystemTools::RemoveFile(compilerLangFile);
           }
         } // end if in try compile
       } // end need test language
@@ -1253,8 +1263,6 @@ void cmGlobalGenerator::Generate()
   // Create per-target generator information.
   this->CreateGeneratorTargets();
 
-  this->ForceLinkerLanguages();
-
 #ifdef CMAKE_BUILD_WITH_CMAKE
   for (AutogensType::iterator it = autogens.begin(); it != autogens.end();
        ++it)
@@ -1270,6 +1278,8 @@ void cmGlobalGenerator::Generate()
     this->LocalGenerators[i]->TraceDependencies();
     }
 
+  this->ForceLinkerLanguages();
+
   // Compute the manifest of main targets generated.
   for (i = 0; i < this->LocalGenerators.size(); ++i)
     {
@@ -1735,7 +1745,7 @@ int cmGlobalGenerator::Build(
    * Run an executable command and put the stdout in output.
    */
   std::string cwd = cmSystemTools::GetCurrentWorkingDirectory();
-  cmSystemTools::ChangeDirectory(bindir.c_str());
+  cmSystemTools::ChangeDirectory(bindir);
   output += "Change Dir: ";
   output += bindir;
   output += "\n";
@@ -1765,7 +1775,7 @@ int cmGlobalGenerator::Build(
       output += "\nGenerator: execution of make clean failed.\n";
 
       // return to the original directory
-      cmSystemTools::ChangeDirectory(cwd.c_str());
+      cmSystemTools::ChangeDirectory(cwd);
       return 1;
       }
     output += *outputPtr;
@@ -1792,7 +1802,7 @@ int cmGlobalGenerator::Build(
         + makeCommandStr + "\n";
 
     // return to the original directory
-    cmSystemTools::ChangeDirectory(cwd.c_str());
+    cmSystemTools::ChangeDirectory(cwd);
     return 1;
     }
   output += *outputPtr;
@@ -1806,7 +1816,7 @@ int cmGlobalGenerator::Build(
     retVal = 1;
     }
 
-  cmSystemTools::ChangeDirectory(cwd.c_str());
+  cmSystemTools::ChangeDirectory(cwd);
   return retVal;
 }
 
@@ -2197,7 +2207,7 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
       = this->CreateGlobalTarget(this->GetPackageTargetName(),
                                  "Run CPack packaging tool...",
                                  &cpackCommandLines, depends,
-                                 workingDir.c_str());
+                                 workingDir.c_str(), /*uses_terminal*/false);
     }
   // CPack source
   const char* packageSourceTargetName = this->GetPackageSourceTargetName();
@@ -2221,8 +2231,7 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
         = this->CreateGlobalTarget(packageSourceTargetName,
                                    "Run CPack packaging tool for source...",
                                    &cpackCommandLines, depends,
-                                   workingDir.c_str()
-                                   );
+                                   workingDir.c_str(), /*uses_terminal*/false);
       }
     }
 
@@ -2247,7 +2256,8 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
     cpackCommandLines.push_back(singleLine);
     (*targets)[this->GetTestTargetName()]
       = this->CreateGlobalTarget(this->GetTestTargetName(),
-        "Running tests...", &cpackCommandLines, depends, 0);
+        "Running tests...", &cpackCommandLines, depends, 0,
+        /*uses_terminal*/false);
     }
 
   //Edit Cache
@@ -2270,7 +2280,7 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
       (*targets)[editCacheTargetName] =
         this->CreateGlobalTarget(
           editCacheTargetName, "Running CMake cache editor...",
-          &cpackCommandLines, depends, 0);
+          &cpackCommandLines, depends, 0, /*uses_terminal*/true);
       }
     else
       {
@@ -2283,7 +2293,7 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
         this->CreateGlobalTarget(
           editCacheTargetName,
           "No interactive CMake dialog available...",
-          &cpackCommandLines, depends, 0);
+          &cpackCommandLines, depends, 0, /*uses_terminal*/false);
       }
     }
 
@@ -2302,7 +2312,7 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
     (*targets)[rebuildCacheTargetName] =
       this->CreateGlobalTarget(
         rebuildCacheTargetName, "Running CMake to regenerate build system...",
-        &cpackCommandLines, depends, 0);
+        &cpackCommandLines, depends, 0, /*uses_terminal*/false);
     }
 
   //Install
@@ -2342,7 +2352,7 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
       (*targets)["list_install_components"]
         = this->CreateGlobalTarget("list_install_components",
           ostr.str().c_str(),
-          &cpackCommandLines, depends, 0);
+          &cpackCommandLines, depends, 0, /*uses_terminal*/false);
       }
     std::string cmd = cmakeCommand;
     cpackCommandLines.erase(cpackCommandLines.begin(),
@@ -2383,7 +2393,7 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
     (*targets)[this->GetInstallTargetName()] =
       this->CreateGlobalTarget(
         this->GetInstallTargetName(), "Install the project...",
-        &cpackCommandLines, depends, 0);
+        &cpackCommandLines, depends, 0, /*uses_terminal*/false);
 
     // install_local
     if(const char* install_local = this->GetInstallLocalTargetName())
@@ -2399,7 +2409,7 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
       (*targets)[install_local] =
         this->CreateGlobalTarget(
           install_local, "Installing only the local directory...",
-          &cpackCommandLines, depends, 0);
+          &cpackCommandLines, depends, 0, /*uses_terminal*/false);
       }
 
     // install_strip
@@ -2416,7 +2426,7 @@ void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets* targets)
       (*targets)[install_strip] =
         this->CreateGlobalTarget(
           install_strip, "Installing the project stripped...",
-          &cpackCommandLines, depends, 0);
+          &cpackCommandLines, depends, 0, /*uses_terminal*/false);
       }
     }
 }
@@ -2459,7 +2469,7 @@ void cmGlobalGenerator::EnableMinGWLanguage(cmMakefile *mf)
   this->FindMakeProgram(mf);
   std::string makeProgram = mf->GetRequiredDefinition("CMAKE_MAKE_PROGRAM");
   std::vector<std::string> locations;
-  locations.push_back(cmSystemTools::GetProgramPath(makeProgram.c_str()));
+  locations.push_back(cmSystemTools::GetProgramPath(makeProgram));
   locations.push_back("/mingw/bin");
   locations.push_back("c:/mingw/bin");
   std::string tgcc = cmSystemTools::FindProgram("gcc", locations);
@@ -2490,7 +2500,8 @@ cmTarget cmGlobalGenerator::CreateGlobalTarget(
   const std::string& name, const char* message,
   const cmCustomCommandLines* commandLines,
   std::vector<std::string> depends,
-  const char* workingDirectory)
+  const char* workingDirectory,
+  bool uses_terminal)
 {
   // Package
   cmTarget target;
@@ -2499,10 +2510,12 @@ cmTarget cmGlobalGenerator::CreateGlobalTarget(
   target.SetProperty("EXCLUDE_FROM_ALL","TRUE");
 
   std::vector<std::string> no_outputs;
+  std::vector<std::string> no_byproducts;
   std::vector<std::string> no_depends;
   // Store the custom command in the target.
-  cmCustomCommand cc(0, no_outputs, no_depends, *commandLines, 0,
-                     workingDirectory);
+  cmCustomCommand cc(0, no_outputs, no_byproducts, no_depends,
+                     *commandLines, 0, workingDirectory);
+  cc.SetUsesTerminal(uses_terminal);
   target.AddPostBuildCommand(cc);
   target.SetProperty("EchoString", message);
   std::vector<std::string>::iterator dit;
@@ -2724,7 +2737,7 @@ cmGlobalGenerator::GetDirectoryContent(std::string const& dir, bool needDisk)
     {
     // Load the directory content from disk.
     cmsys::Directory d;
-    if(d.Load(dir.c_str()))
+    if(d.Load(dir))
       {
       unsigned long n = d.GetNumberOfFiles();
       for(unsigned long i = 0; i < n; ++i)
@@ -2831,8 +2844,8 @@ void cmGlobalGenerator::CheckRuleHashes(std::string const& pfile,
         {
         // The rule has changed.  Delete the output so it will be
         // built again.
-        fname = cmSystemTools::CollapseFullPath(fname.c_str(), home.c_str());
-        cmSystemTools::RemoveFile(fname.c_str());
+        fname = cmSystemTools::CollapseFullPath(fname, home.c_str());
+        cmSystemTools::RemoveFile(fname);
         }
       }
     else
@@ -2844,7 +2857,7 @@ void cmGlobalGenerator::CheckRuleHashes(std::string const& pfile,
       // that if the feature is turned back on and the rule has
       // changed the file is still rebuilt.
       std::string fpath =
-        cmSystemTools::CollapseFullPath(fname.c_str(), home.c_str());
+        cmSystemTools::CollapseFullPath(fname, home.c_str());
       if(cmSystemTools::FileExists(fpath.c_str()))
         {
         RuleHash hash;
@@ -2861,7 +2874,7 @@ void cmGlobalGenerator::WriteRuleHashes(std::string const& pfile)
   // Now generate a new persistence file with the current hashes.
   if(this->RuleHashes.empty())
     {
-    cmSystemTools::RemoveFile(pfile.c_str());
+    cmSystemTools::RemoveFile(pfile);
     }
   else
     {
@@ -2966,7 +2979,7 @@ void cmGlobalGenerator::WriteSummary(cmTarget* target)
     }
   else
     {
-    cmSystemTools::RemoveFile(file.c_str());
+    cmSystemTools::RemoveFile(file);
     }
 }
 
@@ -2984,6 +2997,32 @@ std::string cmGlobalGenerator::EscapeJSON(const std::string& s) {
 }
 
 //----------------------------------------------------------------------------
+void cmGlobalGenerator::SetFilenameTargetDepends(cmSourceFile* sf,
+                                              std::set<cmTarget const*> tgts)
+{
+  this->FilenameTargetDepends[sf] = tgts;
+}
+
+//----------------------------------------------------------------------------
+std::set<cmTarget const*> const&
+cmGlobalGenerator::GetFilenameTargetDepends(cmSourceFile* sf) const {
+  return this->FilenameTargetDepends[sf];
+}
+
+//----------------------------------------------------------------------------
+void cmGlobalGenerator::CreateEvaluationSourceFiles(
+                                              std::string const& config) const
+{
+  for(std::vector<cmGeneratorExpressionEvaluationFile*>::const_iterator
+      li = this->EvaluationFiles.begin();
+      li != this->EvaluationFiles.end();
+      ++li)
+    {
+    (*li)->CreateOutputFile(config);
+    }
+}
+
+//----------------------------------------------------------------------------
 void cmGlobalGenerator::AddEvaluationFile(const std::string &inputFile,
                     cmsys::auto_ptr<cmCompiledGeneratorExpression> outputExpr,
                     cmMakefile *makefile,
diff --git a/Source/cmGlobalGenerator.h b/Source/cmGlobalGenerator.h
index ddd7e91..6b75298 100644
--- a/Source/cmGlobalGenerator.h
+++ b/Source/cmGlobalGenerator.h
@@ -23,6 +23,7 @@
 #include "cmGeneratorExpression.h"
 
 #if defined(CMAKE_BUILD_WITH_CMAKE)
+# include "cmFileLockPool.h"
 # include <cmsys/hash_map.hxx>
 #endif
 
@@ -341,6 +342,17 @@ public:
 
   bool GenerateCPackPropertiesFile();
 
+  void CreateEvaluationSourceFiles(std::string const& config) const;
+
+  void SetFilenameTargetDepends(cmSourceFile* sf,
+                                std::set<cmTarget const*> tgts);
+  std::set<cmTarget const*> const&
+  GetFilenameTargetDepends(cmSourceFile* sf) const;
+
+#if defined(CMAKE_BUILD_WITH_CMAKE)
+  cmFileLockPool& GetFileLockPool() { return FileLockPool; }
+#endif
+
 protected:
   virtual void Generate();
 
@@ -378,7 +390,8 @@ protected:
   void CreateDefaultGlobalTargets(cmTargets* targets);
   cmTarget CreateGlobalTarget(const std::string& name, const char* message,
     const cmCustomCommandLines* commandLines,
-    std::vector<std::string> depends, const char* workingDir);
+    std::vector<std::string> depends, const char* workingDir,
+    bool uses_terminal);
 
   bool NeedSymbolicMark;
   bool UseLinkScript;
@@ -488,6 +501,14 @@ private:
 
   // track targets to issue CMP0042 warning for.
   std::set<std::string> CMP0042WarnTargets;
+
+  mutable std::map<cmSourceFile*, std::set<cmTarget const*> >
+  FilenameTargetDepends;
+
+#if defined(CMAKE_BUILD_WITH_CMAKE)
+  // Pool of file locks
+  cmFileLockPool FileLockPool;
+#endif
 };
 
 #endif
diff --git a/Source/cmGlobalKdevelopGenerator.cxx b/Source/cmGlobalKdevelopGenerator.cxx
index 89d25c4..ee0c583 100644
--- a/Source/cmGlobalKdevelopGenerator.cxx
+++ b/Source/cmGlobalKdevelopGenerator.cxx
@@ -222,7 +222,7 @@ bool cmGlobalKdevelopGenerator
        it!=files.end(); it++)
     {
     // get the full path to the file
-    tmp=cmSystemTools::CollapseFullPath(it->c_str(), projectDir.c_str());
+    tmp=cmSystemTools::CollapseFullPath(*it, projectDir.c_str());
     // just select the first source file
     if (fileToOpen.empty())
     {
@@ -274,7 +274,7 @@ void cmGlobalKdevelopGenerator
     // kdevelop blacklist so they are not monitored for added or removed files
     // since this is handled by adding files to the cmake files
     cmsys::Directory d;
-    if (d.Load(projectDir.c_str()))
+    if (d.Load(projectDir))
       {
       size_t numf = d.GetNumberOfFiles();
       for (unsigned int i = 0; i < numf; i++)
@@ -285,7 +285,7 @@ void cmGlobalKdevelopGenerator
           std::string tmp = projectDir;
           tmp += "/";
           tmp += nextFile;
-          if (cmSystemTools::FileIsDirectory(tmp.c_str()))
+          if (cmSystemTools::FileIsDirectory(tmp))
             {
             tmp += "/CMakeCache.txt";
             if ((nextFile == "CMakeFiles")
diff --git a/Source/cmGlobalNinjaGenerator.cxx b/Source/cmGlobalNinjaGenerator.cxx
index 6e7b06b..6f0586b 100644
--- a/Source/cmGlobalNinjaGenerator.cxx
+++ b/Source/cmGlobalNinjaGenerator.cxx
@@ -242,7 +242,7 @@ void cmGlobalNinjaGenerator::AddCustomCommandRule()
                 /*deptype*/ "",
                 /*rspfile*/ "",
                 /*rspcontent*/ "",
-                /*restat*/ true,
+                /*restat*/ "1",
                 /*generator*/ false);
 }
 
@@ -250,6 +250,7 @@ void
 cmGlobalNinjaGenerator::WriteCustomCommandBuild(const std::string& command,
                                                 const std::string& description,
                                                 const std::string& comment,
+                                                bool uses_terminal,
                                                 const cmNinjaDeps& outputs,
                                                 const cmNinjaDeps& deps,
                                                 const cmNinjaDeps& orderOnly)
@@ -266,6 +267,10 @@ cmGlobalNinjaGenerator::WriteCustomCommandBuild(const std::string& command,
   cmNinjaVars vars;
   vars["COMMAND"] = cmd;
   vars["DESC"] = EncodeLiteral(description);
+  if (uses_terminal && SupportsConsolePool())
+    {
+    vars["pool"] = "console";
+    }
 
   this->WriteBuild(*this->BuildFileStream,
                    comment,
@@ -304,7 +309,7 @@ cmGlobalNinjaGenerator::AddMacOSXContentRule()
                 /*deptype*/ "",
                 /*rspfile*/ "",
                 /*rspcontent*/ "",
-                /*restat*/ false,
+                /*restat*/ "",
                 /*generator*/ false);
 }
 
@@ -339,7 +344,7 @@ void cmGlobalNinjaGenerator::WriteRule(std::ostream& os,
                                        const std::string& deptype,
                                        const std::string& rspfile,
                                        const std::string& rspcontent,
-                                       bool restat,
+                                       const std::string& restat,
                                        bool generator)
 {
   // Make sure the rule has a name.
@@ -403,10 +408,10 @@ void cmGlobalNinjaGenerator::WriteRule(std::ostream& os,
     os << "rspfile_content = " << rspcontent << "\n";
     }
 
-  if(restat)
+  if(!restat.empty())
     {
     cmGlobalNinjaGenerator::Indent(os, 1);
-    os << "restat = 1\n";
+    os << "restat = " << restat << "\n";
     }
 
   if(generator)
@@ -602,7 +607,7 @@ void cmGlobalNinjaGenerator::AddRule(const std::string& name,
                                      const std::string& deptype,
                                      const std::string& rspfile,
                                      const std::string& rspcontent,
-                                     bool restat,
+                                     const std::string& restat,
                                      bool generator)
 {
   // Do not add the same rule twice.
@@ -771,7 +776,7 @@ void cmGlobalNinjaGenerator::AddCXXCompileCommand(
   if (!cmSystemTools::FileIsFullPath(sourceFileName.c_str()))
     {
     sourceFileName = cmSystemTools::CollapseFullPath(
-      sourceFileName.c_str(),
+      sourceFileName,
       this->GetCMakeInstance()->GetHomeOutputDirectory());
     }
 
@@ -826,6 +831,7 @@ void cmGlobalNinjaGenerator::WriteAssumedSourceDependencies()
     std::copy(i->second.begin(), i->second.end(), std::back_inserter(deps));
     WriteCustomCommandBuild(/*command=*/"", /*description=*/"",
                             "Assume dependencies for generated source file.",
+                            /*uses_terminal*/false,
                             cmNinjaDeps(1, i->first), deps);
   }
 }
@@ -851,7 +857,7 @@ cmGlobalNinjaGenerator
   case cmTarget::STATIC_LIBRARY:
   case cmTarget::MODULE_LIBRARY:
     outputs.push_back(ng->ConvertToNinjaPath(
-      target->GetFullPath(configName, false, realname).c_str()));
+      target->GetFullPath(configName, false, realname)));
     break;
 
   case cmTarget::OBJECT_LIBRARY:
@@ -970,7 +976,7 @@ void cmGlobalNinjaGenerator::WriteUnknownExplicitDependencies(std::ostream& os)
     typedef std::vector<std::string>::const_iterator vect_it;
     for(vect_it j = files.begin(); j != files.end(); ++j)
       {
-      knownDependencies.insert( ng->ConvertToNinjaPath( j->c_str() ) );
+      knownDependencies.insert( ng->ConvertToNinjaPath( *j ) );
       }
     //get list files which are implicit dependencies as well and will be phony
     //for rebuild manifest
@@ -978,7 +984,7 @@ void cmGlobalNinjaGenerator::WriteUnknownExplicitDependencies(std::ostream& os)
     typedef std::vector<std::string>::const_iterator vect_it;
     for(vect_it j = lf.begin(); j != lf.end(); ++j)
       {
-      knownDependencies.insert( ng->ConvertToNinjaPath( j->c_str() ) );
+      knownDependencies.insert( ng->ConvertToNinjaPath( *j ) );
       }
     }
   knownDependencies.insert( "CMakeCache.txt" );
@@ -994,7 +1000,7 @@ void cmGlobalNinjaGenerator::WriteUnknownExplicitDependencies(std::ostream& os)
     typedef std::vector<std::string>::const_iterator vect_it;
     for(vect_it j = files.begin(); j != files.end(); ++j)
       {
-      knownDependencies.insert( ng->ConvertToNinjaPath( j->c_str() ) );
+      knownDependencies.insert( ng->ConvertToNinjaPath( *j ) );
       }
     }
 
@@ -1002,7 +1008,7 @@ void cmGlobalNinjaGenerator::WriteUnknownExplicitDependencies(std::ostream& os)
       i != this->TargetAliases.end();
       ++i)
     {
-    knownDependencies.insert( ng->ConvertToNinjaPath(i->first.c_str()) );
+    knownDependencies.insert( ng->ConvertToNinjaPath(i->first) );
     }
 
   //remove all source files we know will exist.
@@ -1011,7 +1017,7 @@ void cmGlobalNinjaGenerator::WriteUnknownExplicitDependencies(std::ostream& os)
       i != this->AssumedSourceDependencies.end();
       ++i)
     {
-    knownDependencies.insert( ng->ConvertToNinjaPath(i->first.c_str()) );
+    knownDependencies.insert( ng->ConvertToNinjaPath(i->first) );
     }
 
   //insert outputs from all WirteBuild commands
@@ -1051,9 +1057,9 @@ void cmGlobalNinjaGenerator::WriteUnknownExplicitDependencies(std::ostream& os)
     {
     //verify the file is in the build directory
     std::string const absDepPath = cmSystemTools::CollapseFullPath(
-                                     i->c_str(), rootBuildDirectory.c_str());
-    bool const inBuildDir = cmSystemTools::IsSubDirectory(absDepPath.c_str(),
-                                                  rootBuildDirectory.c_str());
+                                     *i, rootBuildDirectory.c_str());
+    bool const inBuildDir = cmSystemTools::IsSubDirectory(absDepPath,
+                                                  rootBuildDirectory);
     if(inBuildDir)
       {
       cmNinjaDeps deps(1,*i);
@@ -1116,7 +1122,7 @@ void cmGlobalNinjaGenerator::WriteTargetRebuildManifest(std::ostream& os)
             /*deptype=*/ "",
             /*rspfile=*/ "",
             /*rspcontent*/ "",
-            /*restat=*/ false,
+            /*restat=*/ "",
             /*generator=*/ true);
 
   cmLocalNinjaGenerator *ng = static_cast<cmLocalNinjaGenerator *>(lg);
@@ -1129,7 +1135,7 @@ void cmGlobalNinjaGenerator::WriteTargetRebuildManifest(std::ostream& os)
     for(std::vector<std::string>::const_iterator fi = lf.begin();
         fi != lf.end(); ++fi)
       {
-      implicitDeps.push_back(ng->ConvertToNinjaPath(fi->c_str()));
+      implicitDeps.push_back(ng->ConvertToNinjaPath(*fi));
       }
     }
   implicitDeps.push_back("CMakeCache.txt");
@@ -1141,9 +1147,7 @@ void cmGlobalNinjaGenerator::WriteTargetRebuildManifest(std::ostream& os)
   cmNinjaVars variables;
   // Use 'console' pool to get non buffered output of the CMake re-run call
   // Available since Ninja 1.5
-  if(cmSystemTools::VersionCompare(cmSystemTools::OP_LESS,
-                                   ninjaVersion().c_str(),
-                                   "1.5") == false)
+  if(SupportsConsolePool())
     {
     variables["pool"] = "console";
     }
@@ -1185,6 +1189,12 @@ std::string cmGlobalNinjaGenerator::ninjaVersion() const
   return version;
 }
 
+bool cmGlobalNinjaGenerator::SupportsConsolePool() const
+{
+  return cmSystemTools::VersionCompare(cmSystemTools::OP_LESS,
+                                       ninjaVersion().c_str(), "1.5") == false;
+}
+
 void cmGlobalNinjaGenerator::WriteTargetClean(std::ostream& os)
 {
   WriteRule(*this->RulesFileStream,
@@ -1196,7 +1206,7 @@ void cmGlobalNinjaGenerator::WriteTargetClean(std::ostream& os)
             /*deptype=*/ "",
             /*rspfile=*/ "",
             /*rspcontent*/ "",
-            /*restat=*/ false,
+            /*restat=*/ "",
             /*generator=*/ false);
   WriteBuild(os,
              "Clean all the built files.",
@@ -1219,7 +1229,7 @@ void cmGlobalNinjaGenerator::WriteTargetHelp(std::ostream& os)
             /*deptype=*/ "",
             /*rspfile=*/ "",
             /*rspcontent*/ "",
-            /*restat=*/ false,
+            /*restat=*/ "",
             /*generator=*/ false);
   WriteBuild(os,
              "Print all primary targets available.",
diff --git a/Source/cmGlobalNinjaGenerator.h b/Source/cmGlobalNinjaGenerator.h
index f666ee3..3d443d8 100644
--- a/Source/cmGlobalNinjaGenerator.h
+++ b/Source/cmGlobalNinjaGenerator.h
@@ -103,6 +103,7 @@ public:
   void WriteCustomCommandBuild(const std::string& command,
                                const std::string& description,
                                const std::string& comment,
+                               bool uses_terminal,
                                const cmNinjaDeps& outputs,
                                const cmNinjaDeps& deps = cmNinjaDeps(),
                                const cmNinjaDeps& orderOnly = cmNinjaDeps());
@@ -124,7 +125,7 @@ public:
                         const std::string& deptype,
                         const std::string& rspfile,
                         const std::string& rspcontent,
-                        bool restat,
+                        const std::string& restat,
                         bool generator);
 
   /**
@@ -244,7 +245,7 @@ public:
                const std::string& deptype,
                const std::string& rspfile,
                const std::string& rspcontent,
-               bool restat,
+               const std::string& restat,
                bool generator);
 
   bool HasRule(const std::string& name);
@@ -299,6 +300,9 @@ public:
   virtual void ComputeTargetObjectDirectory(cmGeneratorTarget* gt) const;
 
   std::string ninjaVersion() const;
+
+  bool SupportsConsolePool() const;
+
 protected:
 
   /// Overloaded methods. @see cmGlobalGenerator::Generate()
diff --git a/Source/cmGlobalVisualStudio8Generator.cxx b/Source/cmGlobalVisualStudio8Generator.cxx
index 745515b..e6ce45d 100644
--- a/Source/cmGlobalVisualStudio8Generator.cxx
+++ b/Source/cmGlobalVisualStudio8Generator.cxx
@@ -341,9 +341,10 @@ bool cmGlobalVisualStudio8Generator::AddCheckTarget()
   // overwritten by the CreateVCProjBuildRule.
   // (this could be avoided with per-target source files)
   std::string no_main_dependency = "";
+  std::vector<std::string> no_byproducts;
   if(cmSourceFile* file =
      mf->AddCustomCommandToOutput(
-       stamps, listFiles,
+       stamps, no_byproducts, listFiles,
        no_main_dependency, commandLines, "Checking Build System",
        no_working_directory, true))
     {
diff --git a/Source/cmGlobalXCodeGenerator.cxx b/Source/cmGlobalXCodeGenerator.cxx
index 13e6988..d222288 100644
--- a/Source/cmGlobalXCodeGenerator.cxx
+++ b/Source/cmGlobalXCodeGenerator.cxx
@@ -477,7 +477,9 @@ cmGlobalXCodeGenerator::AddExtraTargets(cmLocalGenerator* root,
           this->PostBuildMakeTarget(target.GetName(), "$(CONFIGURATION)");
         cmCustomCommandLines commandLines;
         commandLines.push_back(makeHelper);
+        std::vector<std::string> no_byproducts;
         lg->GetMakefile()->AddCustomCommandToTarget(target.GetName(),
+                                                    no_byproducts,
                                                     no_depends,
                                                     commandLines,
                                                     cmTarget::POST_BUILD,
@@ -555,6 +557,7 @@ void cmGlobalXCodeGenerator::ClearXCodeObjects()
     }
   this->XCodeObjects.clear();
   this->XCodeObjectIDs.clear();
+  this->XCodeObjectMap.clear();
   this->GroupMap.clear();
   this->GroupNameMap.clear();
   this->TargetGroup.clear();
@@ -1368,6 +1371,7 @@ void cmGlobalXCodeGenerator::CreateCustomCommands(cmXCodeObject* buildPhases,
     cmCustomCommand command(this->CurrentMakefile,
       std::vector<std::string>(),
       std::vector<std::string>(),
+      std::vector<std::string>(),
       cmd,
       "Creating symlinks",
       "");
@@ -2314,6 +2318,7 @@ void cmGlobalXCodeGenerator::CreateBuildSettings(cmTarget& target,
     group->AddObject(this->CreateString("-Wmost"));
     group->AddObject(this->CreateString("-Wno-four-char-constants"));
     group->AddObject(this->CreateString("-Wno-unknown-pragmas"));
+    group->AddObject(this->CreateString("$(inherited)"));
     buildSettings->AddAttribute("WARNING_CFLAGS", group);
     }
   else
@@ -2454,6 +2459,7 @@ cmGlobalXCodeGenerator::CreateUtilityTarget(cmTarget& cmtarget)
   target->AddAttribute("name", this->CreateString(cmtarget.GetName()));
   target->AddAttribute("productName",this->CreateString(cmtarget.GetName()));
   target->SetTarget(&cmtarget);
+  this->XCodeObjectMap[&cmtarget] = target;
 
   // Add source files without build rules for editing convenience.
   if(cmtarget.GetType() == cmTarget::UTILITY)
@@ -2657,6 +2663,7 @@ cmGlobalXCodeGenerator::CreateXCodeTarget(cmTarget& cmtarget,
     target->AddAttribute("productType", this->CreateString(productType));
     }
   target->SetTarget(&cmtarget);
+  this->XCodeObjectMap[&cmtarget] = target;
   target->SetId(this->GetOrCreateId(
     cmtarget.GetName(), target->GetId()).c_str());
   return target;
@@ -2669,16 +2676,14 @@ cmXCodeObject* cmGlobalXCodeGenerator::FindXCodeTarget(cmTarget const* t)
     {
     return 0;
     }
-  for(std::vector<cmXCodeObject*>::iterator i = this->XCodeObjects.begin();
-      i != this->XCodeObjects.end(); ++i)
+
+  std::map<cmTarget const*, cmXCodeObject*>::const_iterator const i =
+    this->XCodeObjectMap.find(t);
+  if (i == this->XCodeObjectMap.end())
     {
-    cmXCodeObject* o = *i;
-    if(o->GetTarget() == t)
-      {
-      return o;
-      }
+    return 0;
     }
-  return 0;
+  return i->second;
 }
 
 //----------------------------------------------------------------------------
diff --git a/Source/cmGlobalXCodeGenerator.h b/Source/cmGlobalXCodeGenerator.h
index 9d7b784..d2bc9d1 100644
--- a/Source/cmGlobalXCodeGenerator.h
+++ b/Source/cmGlobalXCodeGenerator.h
@@ -241,6 +241,7 @@ private:
   std::map<std::string, cmXCodeObject* > GroupNameMap;
   std::map<std::string, cmXCodeObject* > TargetGroup;
   std::map<std::string, cmXCodeObject* > FileRefs;
+  std::map<cmTarget const*, cmXCodeObject* > XCodeObjectMap;
   std::vector<std::string> Architectures;
   std::string GeneratorToolset;
 };
diff --git a/Source/cmIfCommand.cxx b/Source/cmIfCommand.cxx
index f728c15..b8e30b7 100644
--- a/Source/cmIfCommand.cxx
+++ b/Source/cmIfCommand.cxx
@@ -151,6 +151,11 @@ IsFunctionBlocked(const cmListFileFunction& lff,
             inStatus.SetBreakInvoked(true);
             return true;
             }
+          if (status.GetContinueInvoked())
+            {
+            inStatus.SetContinueInvoked(true);
+            return true;
+            }
           }
         }
       return true;
diff --git a/Source/cmIncludeCommand.cxx b/Source/cmIncludeCommand.cxx
index 0a4f5c9..0a1d280 100644
--- a/Source/cmIncludeCommand.cxx
+++ b/Source/cmIncludeCommand.cxx
@@ -90,7 +90,7 @@ bool cmIncludeCommand
     }
 
   std::string fname_abs =
-      cmSystemTools::CollapseFullPath(fname.c_str(),
+      cmSystemTools::CollapseFullPath(fname,
                                       this->Makefile->GetStartDirectory());
 
   cmGlobalGenerator *gg = this->Makefile->GetLocalGenerator()
diff --git a/Source/cmInstallCommand.cxx b/Source/cmInstallCommand.cxx
index ec500d9..c3c9c55 100644
--- a/Source/cmInstallCommand.cxx
+++ b/Source/cmInstallCommand.cxx
@@ -167,7 +167,7 @@ bool cmInstallCommand::HandleScriptMode(std::vector<std::string> const& args)
         script += "/";
         script += args[i];
         }
-      if(cmSystemTools::FileIsDirectory(script.c_str()))
+      if(cmSystemTools::FileIsDirectory(script))
         {
         this->SetError("given a directory as value of SCRIPT argument.");
         return false;
@@ -1111,7 +1111,7 @@ cmInstallCommand::HandleDirectoryMode(std::vector<std::string> const& args)
 
       // Make sure the name is a directory.
       if(cmSystemTools::FileExists(dir.c_str()) &&
-         !cmSystemTools::FileIsDirectory(dir.c_str()))
+         !cmSystemTools::FileIsDirectory(dir))
         {
         cmOStringStream e;
         e << args[0] << " given non-directory \""
@@ -1393,7 +1393,7 @@ bool cmInstallCommand::MakeFilesFullPath(const char* modeName,
       }
 
     // Make sure the file is not a directory.
-    if(gpos == file.npos && cmSystemTools::FileIsDirectory(file.c_str()))
+    if(gpos == file.npos && cmSystemTools::FileIsDirectory(file))
       {
       cmOStringStream e;
       e << modeName << " given directory \"" << (*fileIt) << "\" to install.";
diff --git a/Source/cmListFileCache.cxx b/Source/cmListFileCache.cxx
index 3fc5b69..1c39563 100644
--- a/Source/cmListFileCache.cxx
+++ b/Source/cmListFileCache.cxx
@@ -19,9 +19,6 @@
 
 #include <cmsys/RegularExpression.hxx>
 
-#ifdef __BORLANDC__
-# pragma warn -8060 /* possibly incorrect assignment */
-#endif
 
 //----------------------------------------------------------------------------
 struct cmListFileParser
diff --git a/Source/cmLocalGenerator.cxx b/Source/cmLocalGenerator.cxx
index 50e279b..2de6c93 100644
--- a/Source/cmLocalGenerator.cxx
+++ b/Source/cmLocalGenerator.cxx
@@ -79,9 +79,15 @@ public:
     this->GG = lg->GetGlobalGenerator();
     this->LG = this->GG->GetCurrentLocalGenerator();
     this->GG->SetCurrentLocalGenerator(lg);
+#if defined(CMAKE_BUILD_WITH_CMAKE)
+    this->GG->GetFileLockPool().PushFileScope();
+#endif
     }
   ~cmLocalGeneratorCurrent()
     {
+#if defined(CMAKE_BUILD_WITH_CMAKE)
+    this->GG->GetFileLockPool().PopFileScope();
+#endif
     this->GG->SetCurrentLocalGenerator(this->LG);
     }
 };
@@ -221,19 +227,19 @@ void cmLocalGenerator::SetupPathConversions()
   std::string outdir;
   outdir =
     cmSystemTools::CollapseFullPath(this->Makefile->GetHomeDirectory());
-  cmSystemTools::SplitPath(outdir.c_str(), this->HomeDirectoryComponents);
+  cmSystemTools::SplitPath(outdir, this->HomeDirectoryComponents);
   outdir =
     cmSystemTools::CollapseFullPath(this->Makefile->GetStartDirectory());
-  cmSystemTools::SplitPath(outdir.c_str(), this->StartDirectoryComponents);
+  cmSystemTools::SplitPath(outdir, this->StartDirectoryComponents);
 
   outdir = cmSystemTools::CollapseFullPath
     (this->Makefile->GetHomeOutputDirectory());
-  cmSystemTools::SplitPath(outdir.c_str(),
+  cmSystemTools::SplitPath(outdir,
                            this->HomeOutputDirectoryComponents);
 
   outdir = cmSystemTools::CollapseFullPath
     (this->Makefile->GetStartOutputDirectory());
-  cmSystemTools::SplitPath(outdir.c_str(),
+  cmSystemTools::SplitPath(outdir,
                            this->StartOutputDirectoryComponents);
 }
 
@@ -259,6 +265,17 @@ void cmLocalGenerator::ConfigureFinalPass()
 
 void cmLocalGenerator::TraceDependencies()
 {
+  std::vector<std::string> configs;
+  this->Makefile->GetConfigurations(configs);
+  if (configs.empty())
+    {
+    configs.push_back("");
+    }
+  for(std::vector<std::string>::const_iterator ci = configs.begin();
+      ci != configs.end(); ++ci)
+    {
+    this->GlobalGenerator->CreateEvaluationSourceFiles(*ci);
+    }
   // Generate the rule files for each target.
   cmGeneratorTargetsType targets = this->Makefile->GetGeneratorTargets();
   for(cmGeneratorTargetsType::iterator t = targets.begin();
@@ -1247,7 +1264,7 @@ cmLocalGenerator::ConvertToOutputForExistingCommon(const std::string& remote,
      cmSystemTools::FileExists(remote.c_str()))
     {
     std::string tmp;
-    if(cmSystemTools::GetShortPath(remote.c_str(), tmp))
+    if(cmSystemTools::GetShortPath(remote, tmp))
       {
       return this->Convert(tmp, NONE, format, true);
       }
@@ -1371,7 +1388,7 @@ std::string cmLocalGenerator::GetIncludeFlags(
       {
       std::string frameworkDir = *i;
       frameworkDir += "/../";
-      frameworkDir = cmSystemTools::CollapseFullPath(frameworkDir.c_str());
+      frameworkDir = cmSystemTools::CollapseFullPath(frameworkDir);
       if(emitted.insert(frameworkDir).second)
         {
         if (sysFwSearchFlag && target &&
@@ -1613,10 +1630,10 @@ void cmLocalGenerator::GetIncludeDirectories(std::vector<std::string>& dirs,
       {
       // Emit this directory only if it is a subdirectory of the
       // top-level source or binary tree.
-      if(cmSystemTools::ComparePath(i->c_str(), topSourceDir) ||
-         cmSystemTools::ComparePath(i->c_str(), topBinaryDir) ||
-         cmSystemTools::IsSubDirectory(i->c_str(), topSourceDir) ||
-         cmSystemTools::IsSubDirectory(i->c_str(), topBinaryDir))
+      if(cmSystemTools::ComparePath(*i, topSourceDir) ||
+         cmSystemTools::ComparePath(*i, topBinaryDir) ||
+         cmSystemTools::IsSubDirectory(*i, topSourceDir) ||
+         cmSystemTools::IsSubDirectory(*i, topBinaryDir))
         {
         if(emitted.insert(*i).second)
           {
@@ -2109,11 +2126,11 @@ bool cmLocalGenerator::GetRealDependency(const std::string& inName,
         {
         tLocation = target->GetLocation(config);
         tLocation = cmSystemTools::GetFilenamePath(tLocation);
-        tLocation = cmSystemTools::CollapseFullPath(tLocation.c_str());
+        tLocation = cmSystemTools::CollapseFullPath(tLocation);
         }
       std::string depLocation = cmSystemTools::GetFilenamePath(
         std::string(inName));
-      depLocation = cmSystemTools::CollapseFullPath(depLocation.c_str());
+      depLocation = cmSystemTools::CollapseFullPath(depLocation);
       if(depLocation != tLocation)
         {
         // it is a full path to a depend that has the same name
@@ -2743,7 +2760,7 @@ std::string cmLocalGenerator::Convert(const std::string& source,
                                       result);
         break;
       case FULL:
-        result = cmSystemTools::CollapseFullPath(result.c_str());
+        result = cmSystemTools::CollapseFullPath(result);
         break;
       case NONE:
         break;
@@ -2807,7 +2824,7 @@ std::string cmLocalGenerator::Convert(RelativeRoot remote,
   if(!local.empty() && (!optional || this->UseRelativePaths))
     {
     std::vector<std::string> components;
-    cmSystemTools::SplitPath(local.c_str(), components);
+    cmSystemTools::SplitPath(local, components);
     std::string result = this->ConvertToRelativePath(components, remotePath);
     return this->ConvertToOutputFormat(result, output);
     }
@@ -2827,7 +2844,7 @@ std::string cmLocalGenerator::FindRelativePathTopSource()
     {
     std::string parentTop = parent->FindRelativePathTopSource();
     if(cmSystemTools::IsSubDirectory(
-         this->Makefile->GetStartDirectory(), parentTop.c_str()))
+         this->Makefile->GetStartDirectory(), parentTop))
       {
       return parentTop;
       }
@@ -2847,7 +2864,7 @@ std::string cmLocalGenerator::FindRelativePathTopBinary()
     {
     std::string parentTop = parent->FindRelativePathTopBinary();
     if(cmSystemTools::IsSubDirectory(
-         this->Makefile->GetStartOutputDirectory(), parentTop.c_str()))
+         this->Makefile->GetStartOutputDirectory(), parentTop))
       {
       return parentTop;
       }
@@ -2933,12 +2950,12 @@ cmLocalGenerator::ConvertToRelativePath(const std::vector<std::string>& local,
   // Identify the longest shared path component between the remote
   // path and the local path.
   std::vector<std::string> remote;
-  cmSystemTools::SplitPath(in_remote.c_str(), remote);
+  cmSystemTools::SplitPath(in_remote, remote);
   unsigned int common=0;
   while(common < remote.size() &&
         common < local.size() &&
-        cmSystemTools::ComparePath(remote[common].c_str(),
-                                   local[common].c_str()))
+        cmSystemTools::ComparePath(remote[common],
+                                   local[common]))
     {
     ++common;
     }
diff --git a/Source/cmLocalNinjaGenerator.cxx b/Source/cmLocalNinjaGenerator.cxx
index 398b55a..0b0d971 100644
--- a/Source/cmLocalNinjaGenerator.cxx
+++ b/Source/cmLocalNinjaGenerator.cxx
@@ -352,7 +352,7 @@ void cmLocalNinjaGenerator::AppendCustomCommandDeps(
        i != deps.end(); ++i) {
     std::string dep;
     if (this->GetRealDependency(*i, this->GetConfigName(), dep))
-      ninjaDeps.push_back(ConvertToNinjaPath(dep.c_str()));
+      ninjaDeps.push_back(ConvertToNinjaPath(dep));
   }
 }
 
@@ -440,10 +440,18 @@ cmLocalNinjaGenerator::WriteCustomCommandBuildStatement(
   cmCustomCommandGenerator ccg(*cc, this->GetConfigName(), this->Makefile);
 
   const std::vector<std::string> &outputs = ccg.GetOutputs();
-  cmNinjaDeps ninjaOutputs(outputs.size()), ninjaDeps;
+  const std::vector<std::string> &byproducts = ccg.GetByproducts();
+  cmNinjaDeps ninjaOutputs(outputs.size()+byproducts.size()), ninjaDeps;
 
+#if 0
+#error TODO: Once CC in an ExternalProject target must provide the \
+    file of each imported target that has an add_dependencies pointing \
+    at us.  How to know which ExternalProject step actually provides it?
+#endif
   std::transform(outputs.begin(), outputs.end(),
                  ninjaOutputs.begin(), MapToNinjaPath());
+  std::transform(byproducts.begin(), byproducts.end(),
+                 ninjaOutputs.begin() + outputs.size(), MapToNinjaPath());
   this->AppendCustomCommandDeps(ccg, ninjaDeps);
 
   for (cmNinjaDeps::iterator i = ninjaOutputs.begin(); i != ninjaOutputs.end();
@@ -468,6 +476,7 @@ cmLocalNinjaGenerator::WriteCustomCommandBuildStatement(
       this->BuildCommandLine(cmdLines),
       this->ConstructComment(ccg),
       "Custom command for " + ninjaOutputs[0],
+      cc->GetUsesTerminal(),
       ninjaOutputs,
       ninjaDeps,
       orderOnlyDeps);
diff --git a/Source/cmLocalNinjaGenerator.h b/Source/cmLocalNinjaGenerator.h
index 1d27224..01e16df 100644
--- a/Source/cmLocalNinjaGenerator.h
+++ b/Source/cmLocalNinjaGenerator.h
@@ -74,7 +74,7 @@ public:
     map_to_ninja_path(cmLocalNinjaGenerator *LocalGen)
       : LocalGenerator(LocalGen) {}
     std::string operator()(const std::string &path) {
-      return LocalGenerator->ConvertToNinjaPath(path.c_str());
+      return LocalGenerator->ConvertToNinjaPath(path);
     }
   };
 
diff --git a/Source/cmLocalUnixMakefileGenerator3.cxx b/Source/cmLocalUnixMakefileGenerator3.cxx
index 23513fa..ff8ba8b 100644
--- a/Source/cmLocalUnixMakefileGenerator3.cxx
+++ b/Source/cmLocalUnixMakefileGenerator3.cxx
@@ -315,36 +315,43 @@ void cmLocalUnixMakefileGenerator3::WriteLocalMakefile()
 
     // Check whether preprocessing and assembly rules make sense.
     // They make sense only for C and C++ sources.
-    bool lang_is_c_or_cxx = false;
+    bool lang_has_preprocessor = false;
+    bool lang_has_assembly = false;
+
     for(std::vector<LocalObjectEntry>::const_iterator ei =
           lo->second.begin(); ei != lo->second.end(); ++ei)
       {
-      if(ei->Language == "C" || ei->Language == "CXX")
+      if(ei->Language == "C" ||
+         ei->Language == "CXX" ||
+         ei->Language == "Fortran")
         {
-        lang_is_c_or_cxx = true;
+        // Right now, C, C++ and Fortran have both a preprocessor and the
+        // ability to generate assembly code
+        lang_has_preprocessor = true;
+        lang_has_assembly = true;
         break;
         }
       }
 
     // Add convenience rules for preprocessed and assembly files.
-    if(lang_is_c_or_cxx && (do_preprocess_rules || do_assembly_rules))
+    if(lang_has_preprocessor && do_preprocess_rules)
       {
       std::string::size_type dot_pos = lo->first.rfind(".");
       std::string base = lo->first.substr(0, dot_pos);
-      if(do_preprocess_rules)
-        {
-        this->WriteObjectConvenienceRule(
-          ruleFileStream, "target to preprocess a source file",
-          (base + ".i").c_str(), lo->second);
-          lo->second.HasPreprocessRule = true;
-        }
-      if(do_assembly_rules)
-        {
-        this->WriteObjectConvenienceRule(
-          ruleFileStream, "target to generate assembly for a file",
-          (base + ".s").c_str(), lo->second);
-          lo->second.HasAssembleRule = true;
-        }
+      this->WriteObjectConvenienceRule(
+        ruleFileStream, "target to preprocess a source file",
+       (base + ".i").c_str(), lo->second);
+      lo->second.HasPreprocessRule = true;
+      }
+
+    if(lang_has_assembly && do_assembly_rules)
+      {
+      std::string::size_type dot_pos = lo->first.rfind(".");
+      std::string base = lo->first.substr(0, dot_pos);
+      this->WriteObjectConvenienceRule(
+       ruleFileStream, "target to generate assembly for a file",
+       (base + ".s").c_str(), lo->second);
+      lo->second.HasAssembleRule = true;
       }
     }
 
@@ -700,7 +707,7 @@ cmLocalUnixMakefileGenerator3
     // name.  This is needed to avoid funny quoting problems on
     // lines with shell redirection operators.
     std::string scmd;
-    if(cmSystemTools::GetShortPath(cmd.c_str(), scmd))
+    if(cmSystemTools::GetShortPath(cmd, scmd))
       {
       return this->Convert(scmd, NONE, SHELL);
       }
@@ -1733,7 +1740,7 @@ void cmLocalUnixMakefileGenerator3::CheckMultipleOutputs(bool verbose)
             << depender << "\" does not exist." << std::endl;
         cmSystemTools::Stdout(msg.str().c_str());
         }
-      cmSystemTools::RemoveFile(dependee.c_str());
+      cmSystemTools::RemoveFile(dependee);
       }
     }
 }
@@ -1988,7 +1995,7 @@ void cmLocalUnixMakefileGenerator3::ClearDependencies(cmMakefile* mf,
     // Remove the internal dependency check file to force
     // regeneration.
     std::string internalDependFile = dir + "/depend.internal";
-    cmSystemTools::RemoveFile(internalDependFile.c_str());
+    cmSystemTools::RemoveFile(internalDependFile);
     }
 }
 
diff --git a/Source/cmLocalVisualStudio6Generator.cxx b/Source/cmLocalVisualStudio6Generator.cxx
index c14fb2b..b9a5074 100644
--- a/Source/cmLocalVisualStudio6Generator.cxx
+++ b/Source/cmLocalVisualStudio6Generator.cxx
@@ -821,10 +821,12 @@ cmLocalVisualStudio6Generator::MaybeCreateOutputDir(cmTarget& target,
   command.push_back("make_directory");
   command.push_back(outDir);
   std::vector<std::string> no_output;
+  std::vector<std::string> no_byproducts;
   std::vector<std::string> no_depends;
   cmCustomCommandLines commands;
   commands.push_back(command);
-  pcc.reset(new cmCustomCommand(0, no_output, no_depends, commands, 0, 0));
+  pcc.reset(new cmCustomCommand(0, no_output, no_byproducts,
+                                no_depends, commands, 0, 0));
   pcc->SetEscapeOldStyle(false);
   pcc->SetEscapeAllowMakeVars(true);
   return pcc;
diff --git a/Source/cmLocalVisualStudio7Generator.cxx b/Source/cmLocalVisualStudio7Generator.cxx
index eb45423..0e66764 100644
--- a/Source/cmLocalVisualStudio7Generator.cxx
+++ b/Source/cmLocalVisualStudio7Generator.cxx
@@ -592,6 +592,15 @@ cmVS7FlagTable cmLocalVisualStudio7GeneratorLinkFlagTable[] =
   {0,0,0,0,0}
 };
 
+cmVS7FlagTable cmLocalVisualStudio7GeneratorFortranLinkFlagTable[] =
+{
+  {"LinkIncremental", "INCREMENTAL:NO", "link incremental",
+   "linkIncrementalNo", 0},
+  {"LinkIncremental", "INCREMENTAL:YES", "link incremental",
+   "linkIncrementalYes", 0},
+  {0,0,0,0,0}
+};
+
 //----------------------------------------------------------------------------
 // Helper class to write build event <Tool .../> elements.
 class cmLocalVisualStudio7Generator::EventWriter
@@ -1056,8 +1065,13 @@ void cmLocalVisualStudio7Generator::OutputBuildTool(std::ostream& fout,
     extraLinkOptions += " ";
     extraLinkOptions += targetLinkFlags;
     }
-  Options linkOptions(this, Options::Linker,
-                      cmLocalVisualStudio7GeneratorLinkFlagTable);
+  Options linkOptions(this, Options::Linker);
+  if(this->FortranProject)
+    {
+    linkOptions.AddTable(cmLocalVisualStudio7GeneratorFortranLinkFlagTable);
+    }
+  linkOptions.AddTable(cmLocalVisualStudio7GeneratorLinkFlagTable);
+
   linkOptions.Parse(extraLinkOptions.c_str());
   if(!this->ModuleDefinitionFile.empty())
     {
diff --git a/Source/cmLocalVisualStudioGenerator.cxx b/Source/cmLocalVisualStudioGenerator.cxx
index 9680d43..f01aa6b 100644
--- a/Source/cmLocalVisualStudioGenerator.cxx
+++ b/Source/cmLocalVisualStudioGenerator.cxx
@@ -95,10 +95,12 @@ cmLocalVisualStudioGenerator::MaybeCreateImplibDir(cmTarget& target,
   command.push_back("make_directory");
   command.push_back(impDir);
   std::vector<std::string> no_output;
+  std::vector<std::string> no_byproducts;
   std::vector<std::string> no_depends;
   cmCustomCommandLines commands;
   commands.push_back(command);
-  pcc.reset(new cmCustomCommand(0, no_output, no_depends, commands, 0, 0));
+  pcc.reset(new cmCustomCommand(0, no_output, no_byproducts,
+                                no_depends, commands, 0, 0));
   pcc->SetEscapeOldStyle(false);
   pcc->SetEscapeAllowMakeVars(true);
   return pcc;
diff --git a/Source/cmMakeDepend.cxx b/Source/cmMakeDepend.cxx
index 52832db..1499e57 100644
--- a/Source/cmMakeDepend.cxx
+++ b/Source/cmMakeDepend.cxx
@@ -329,9 +329,9 @@ std::string cmMakeDepend::FullPath(const char* fname, const char *extraPath)
       }
     path = path + fname;
     if(cmSystemTools::FileExists(path.c_str(), true)
-       && !cmSystemTools::FileIsDirectory(path.c_str()))
+       && !cmSystemTools::FileIsDirectory(path))
       {
-      std::string fp = cmSystemTools::CollapseFullPath(path.c_str());
+      std::string fp = cmSystemTools::CollapseFullPath(path);
       this->DirectoryToFileToPathMap[extraPath? extraPath: ""][fname] = fp;
       return fp;
       }
@@ -346,9 +346,9 @@ std::string cmMakeDepend::FullPath(const char* fname, const char *extraPath)
       }
     path = path + fname;
     if(cmSystemTools::FileExists(path.c_str(), true)
-       && !cmSystemTools::FileIsDirectory(path.c_str()))
+       && !cmSystemTools::FileIsDirectory(path))
       {
-      std::string fp = cmSystemTools::CollapseFullPath(path.c_str());
+      std::string fp = cmSystemTools::CollapseFullPath(path);
       this->DirectoryToFileToPathMap[extraPath][fname] = fp;
       return fp;
       }
diff --git a/Source/cmMakefile.cxx b/Source/cmMakefile.cxx
index b7e89b8..20dae5a 100644
--- a/Source/cmMakefile.cxx
+++ b/Source/cmMakefile.cxx
@@ -169,6 +169,9 @@ void cmMakefile::Initialize()
   // Protect the directory-level policies.
   this->PushPolicyBarrier();
 
+  // push empty loop block
+  this->PushLoopBlockBarrier();
+
   // By default the check is not done.  It is enabled by
   // cmListFileCache in the top level if necessary.
   this->CheckCMP0000 = false;
@@ -878,12 +881,14 @@ void cmMakefile::ConfigureFinalPass()
 //----------------------------------------------------------------------------
 void
 cmMakefile::AddCustomCommandToTarget(const std::string& target,
+                                   const std::vector<std::string>& byproducts,
                                      const std::vector<std::string>& depends,
                                      const cmCustomCommandLines& commandLines,
                                      cmTarget::CustomCommandType type,
                                      const char* comment,
                                      const char* workingDir,
-                                     bool escapeOldStyle) const
+                                     bool escapeOldStyle,
+                                     bool uses_terminal)
 {
   // Find the target to which to add the custom command.
   cmTargets::iterator ti = this->Targets.find(target);
@@ -933,12 +938,24 @@ cmMakefile::AddCustomCommandToTarget(const std::string& target,
     this->IssueMessage(cmake::FATAL_ERROR, e.str());
     return;
     }
+
+  // Always create the byproduct sources and mark them generated.
+  for(std::vector<std::string>::const_iterator o = byproducts.begin();
+      o != byproducts.end(); ++o)
+    {
+    if(cmSourceFile* out = this->GetOrCreateSource(*o, true))
+      {
+      out->SetProperty("GENERATED", "1");
+      }
+    }
+
   // Add the command to the appropriate build step for the target.
   std::vector<std::string> no_output;
-  cmCustomCommand cc(this, no_output, depends,
+  cmCustomCommand cc(this, no_output, byproducts, depends,
                      commandLines, comment, workingDir);
   cc.SetEscapeOldStyle(escapeOldStyle);
   cc.SetEscapeAllowMakeVars(true);
+  cc.SetUsesTerminal(uses_terminal);
   switch(type)
     {
     case cmTarget::PRE_BUILD:
@@ -956,13 +973,15 @@ cmMakefile::AddCustomCommandToTarget(const std::string& target,
 //----------------------------------------------------------------------------
 cmSourceFile*
 cmMakefile::AddCustomCommandToOutput(const std::vector<std::string>& outputs,
+                                  const std::vector<std::string>& byproducts,
                                      const std::vector<std::string>& depends,
                                      const std::string& main_dependency,
                                      const cmCustomCommandLines& commandLines,
                                      const char* comment,
                                      const char* workingDir,
                                      bool replace,
-                                     bool escapeOldStyle)
+                                     bool escapeOldStyle,
+                                     bool uses_terminal)
 {
   // Make sure there is at least one output.
   if(outputs.empty())
@@ -1053,6 +1072,14 @@ cmMakefile::AddCustomCommandToOutput(const std::vector<std::string>& outputs,
       out->SetProperty("GENERATED", "1");
       }
     }
+  for(std::vector<std::string>::const_iterator o = byproducts.begin();
+      o != byproducts.end(); ++o)
+    {
+    if(cmSourceFile* out = this->GetOrCreateSource(*o, true))
+      {
+      out->SetProperty("GENERATED", "1");
+      }
+    }
 
   // Attach the custom command to the file.
   if(file)
@@ -1065,10 +1092,11 @@ cmMakefile::AddCustomCommandToOutput(const std::vector<std::string>& outputs,
       }
 
     cmCustomCommand* cc =
-      new cmCustomCommand(this, outputs, depends2, commandLines,
-                          comment, workingDir);
+      new cmCustomCommand(this, outputs, byproducts, depends2,
+                          commandLines, comment, workingDir);
     cc->SetEscapeOldStyle(escapeOldStyle);
     cc->SetEscapeAllowMakeVars(true);
+    cc->SetUsesTerminal(uses_terminal);
     file->SetCustomCommand(cc);
     this->UpdateOutputToSourceMap(outputs, file);
     }
@@ -1117,13 +1145,17 @@ cmMakefile::AddCustomCommandToOutput(const std::string& output,
                                      const char* comment,
                                      const char* workingDir,
                                      bool replace,
-                                     bool escapeOldStyle)
+                                     bool escapeOldStyle,
+                                     bool uses_terminal)
 {
   std::vector<std::string> outputs;
   outputs.push_back(output);
-  return this->AddCustomCommandToOutput(outputs, depends, main_dependency,
+  std::vector<std::string> no_byproducts;
+  return this->AddCustomCommandToOutput(outputs, no_byproducts,
+                                        depends, main_dependency,
                                         commandLines, comment, workingDir,
-                                        replace, escapeOldStyle);
+                                        replace, escapeOldStyle,
+                                        uses_terminal);
 }
 
 //----------------------------------------------------------------------------
@@ -1142,7 +1174,9 @@ cmMakefile::AddCustomCommandOldStyle(const std::string& target,
     // In the old-style signature if the source and target were the
     // same then it added a post-build rule to the target.  Preserve
     // this behavior.
-    this->AddCustomCommandToTarget(target, depends, commandLines,
+    std::vector<std::string> no_byproducts;
+    this->AddCustomCommandToTarget(target, no_byproducts,
+                                   depends, commandLines,
                                    cmTarget::POST_BUILD, comment, 0);
     return;
     }
@@ -1240,7 +1274,25 @@ cmMakefile::AddUtilityCommand(const std::string& utilityName,
                               const char* workingDirectory,
                               const std::vector<std::string>& depends,
                               const cmCustomCommandLines& commandLines,
-                              bool escapeOldStyle, const char* comment)
+                              bool escapeOldStyle, const char* comment,
+                              bool uses_terminal)
+{
+  std::vector<std::string> no_byproducts;
+  return this->AddUtilityCommand(utilityName, excludeFromAll, workingDirectory,
+                                 no_byproducts, depends, commandLines,
+                                 escapeOldStyle, comment, uses_terminal);
+}
+
+//----------------------------------------------------------------------------
+cmTarget*
+cmMakefile::AddUtilityCommand(const std::string& utilityName,
+                              bool excludeFromAll,
+                              const char* workingDirectory,
+                              const std::vector<std::string>& byproducts,
+                              const std::vector<std::string>& depends,
+                              const cmCustomCommandLines& commandLines,
+                              bool escapeOldStyle, const char* comment,
+                              bool uses_terminal)
 {
   // Create a target instance for this utility.
   cmTarget* target = this->AddNewTarget(cmTarget::UTILITY, utilityName);
@@ -1261,13 +1313,15 @@ cmMakefile::AddUtilityCommand(const std::string& utilityName,
     force += cmake::GetCMakeFilesDirectory();
     force += "/";
     force += utilityName;
+    std::vector<std::string> forced;
+    forced.push_back(force);
     std::string no_main_dependency = "";
     bool no_replace = false;
-    this->AddCustomCommandToOutput(force, depends,
-                                   no_main_dependency,
+    this->AddCustomCommandToOutput(forced, byproducts,
+                                   depends, no_main_dependency,
                                    commandLines, comment,
                                    workingDirectory, no_replace,
-                                   escapeOldStyle);
+                                   escapeOldStyle, uses_terminal);
     cmSourceFile* sf = target->AddSourceCMP0049(force);
 
     // The output is not actually created so mark it symbolic.
@@ -1280,6 +1334,16 @@ cmMakefile::AddUtilityCommand(const std::string& utilityName,
       cmSystemTools::Error("Could not get source file entry for ",
                           force.c_str());
       }
+
+    // Always create the byproduct sources and mark them generated.
+    for(std::vector<std::string>::const_iterator o = byproducts.begin();
+        o != byproducts.end(); ++o)
+      {
+      if(cmSourceFile* out = this->GetOrCreateSource(*o, true))
+        {
+        out->SetProperty("GENERATED", "1");
+        }
+      }
     }
   return target;
 }
@@ -1830,7 +1894,7 @@ void cmMakefile::AddCacheDefinition(const std::string& name, const char* value,
         {
         if(!cmSystemTools::IsOff(files[cc].c_str()))
           {
-          files[cc] = cmSystemTools::CollapseFullPath(files[cc].c_str());
+          files[cc] = cmSystemTools::CollapseFullPath(files[cc]);
           }
         if ( cc > 0 )
           {
@@ -1935,11 +1999,11 @@ void cmMakefile::CheckForUnused(const char* reason,
       bt.push_back(lfc);
       }
     if (this->CheckSystemVars ||
-        cmSystemTools::IsSubDirectory(path.c_str(),
+        cmSystemTools::IsSubDirectory(path,
                                       this->GetHomeDirectory()) ||
-        (cmSystemTools::IsSubDirectory(path.c_str(),
+        (cmSystemTools::IsSubDirectory(path,
                                       this->GetHomeOutputDirectory()) &&
-        !cmSystemTools::IsSubDirectory(path.c_str(),
+        !cmSystemTools::IsSubDirectory(path,
                                 cmake::GetCMakeFilesDirectory())))
       {
       cmOStringStream msg;
@@ -2876,7 +2940,7 @@ cmake::MessageType cmMakefile::ExpandVariablesInStringNew(
                 bt.push_back(lfc);
                 msg << "uninitialized variable \'" << lookup << "\'";
                 this->GetCMakeInstance()->IssueMessage(cmake::AUTHOR_WARNING,
-                                                       msg.str().c_str(), bt);
+                                                       msg.str(), bt);
                 }
               }
             }
@@ -3291,6 +3355,38 @@ void cmMakefile::PopFunctionBlockerBarrier(bool reportError)
 }
 
 //----------------------------------------------------------------------------
+void cmMakefile::PushLoopBlock()
+{
+  assert(!this->LoopBlockCounter.empty());
+  this->LoopBlockCounter.top()++;
+}
+
+void cmMakefile::PopLoopBlock()
+{
+  assert(!this->LoopBlockCounter.empty());
+  assert(this->LoopBlockCounter.top() > 0);
+  this->LoopBlockCounter.top()--;
+}
+
+void cmMakefile::PushLoopBlockBarrier()
+{
+  this->LoopBlockCounter.push(0);
+}
+
+void cmMakefile::PopLoopBlockBarrier()
+{
+  assert(!this->LoopBlockCounter.empty());
+  assert(this->LoopBlockCounter.top() == 0);
+  this->LoopBlockCounter.pop();
+}
+
+bool cmMakefile::IsLoopBlock() const
+{
+  assert(!this->LoopBlockCounter.empty());
+  return !this->LoopBlockCounter.empty() && this->LoopBlockCounter.top() > 0;
+}
+
+//----------------------------------------------------------------------------
 bool cmMakefile::ExpandArguments(
   std::vector<cmListFileArgument> const& inArgs,
   std::vector<std::string>& outArgs) const
@@ -3554,7 +3650,7 @@ int cmMakefile::TryCompile(const std::string& srcdir,
 {
   this->Internal->IsSourceFileTryCompile = fast;
   // does the binary directory exist ? If not create it...
-  if (!cmSystemTools::FileIsDirectory(bindir.c_str()))
+  if (!cmSystemTools::FileIsDirectory(bindir))
     {
     cmSystemTools::MakeDirectory(bindir.c_str());
     }
@@ -3562,7 +3658,7 @@ int cmMakefile::TryCompile(const std::string& srcdir,
   // change to the tests directory and run cmake
   // use the cmake object instead of calling cmake
   std::string cwd = cmSystemTools::GetCurrentWorkingDirectory();
-  cmSystemTools::ChangeDirectory(bindir.c_str());
+  cmSystemTools::ChangeDirectory(bindir);
 
   // make sure the same generator is used
   // use this program as the cmake to be run, it should not
@@ -3577,7 +3673,7 @@ int cmMakefile::TryCompile(const std::string& srcdir,
     cmSystemTools::Error(
       "Internal CMake error, TryCompile bad GlobalGenerator");
     // return to the original directory
-    cmSystemTools::ChangeDirectory(cwd.c_str());
+    cmSystemTools::ChangeDirectory(cwd);
     this->Internal->IsSourceFileTryCompile = false;
     return 1;
     }
@@ -3651,7 +3747,7 @@ int cmMakefile::TryCompile(const std::string& srcdir,
     cmSystemTools::Error(
       "Internal CMake error, TryCompile configure of cmake failed");
     // return to the original directory
-    cmSystemTools::ChangeDirectory(cwd.c_str());
+    cmSystemTools::ChangeDirectory(cwd);
     this->Internal->IsSourceFileTryCompile = false;
     return 1;
     }
@@ -3661,7 +3757,7 @@ int cmMakefile::TryCompile(const std::string& srcdir,
     cmSystemTools::Error(
       "Internal CMake error, TryCompile generation of cmake failed");
     // return to the original directory
-    cmSystemTools::ChangeDirectory(cwd.c_str());
+    cmSystemTools::ChangeDirectory(cwd);
     this->Internal->IsSourceFileTryCompile = false;
     return 1;
     }
@@ -3675,7 +3771,7 @@ int cmMakefile::TryCompile(const std::string& srcdir,
                                                            output,
                                                            this);
 
-  cmSystemTools::ChangeDirectory(cwd.c_str());
+  cmSystemTools::ChangeDirectory(cwd);
   this->Internal->IsSourceFileTryCompile = false;
   return ret;
 }
@@ -4034,7 +4130,7 @@ int cmMakefile::ConfigureFile(const char* infile, const char* outfile,
       {
       cmSystemTools::SetPermissions(soutfile.c_str(), perm);
       }
-    cmSystemTools::RemoveFile(tempOutputFile.c_str());
+    cmSystemTools::RemoveFile(tempOutputFile);
     }
   return res;
 }
@@ -4424,10 +4520,24 @@ void cmMakefile::PushScope()
   this->Internal->VarStack.push(cmDefinitions(parent));
   this->Internal->VarInitStack.push(init);
   this->Internal->VarUsageStack.push(usage);
+
+  this->PushLoopBlockBarrier();
+
+#if defined(CMAKE_BUILD_WITH_CMAKE)
+  this->GetLocalGenerator()->GetGlobalGenerator()->
+    GetFileLockPool().PushFunctionScope();
+#endif
 }
 
 void cmMakefile::PopScope()
 {
+#if defined(CMAKE_BUILD_WITH_CMAKE)
+  this->GetLocalGenerator()->GetGlobalGenerator()->
+    GetFileLockPool().PopFunctionScope();
+#endif
+
+  this->PopLoopBlockBarrier();
+
   cmDefinitions* current = &this->Internal->VarStack.top();
   std::set<std::string> init = this->Internal->VarInitStack.top();
   std::set<std::string> usage = this->Internal->VarUsageStack.top();
@@ -4741,6 +4851,64 @@ std::vector<cmSourceFile*> cmMakefile::GetQtUiFilesWithOptions() const
   return this->QtUiFilesWithOptions;
 }
 
+static std::string const matchVariables[] = {
+  "CMAKE_MATCH_0",
+  "CMAKE_MATCH_1",
+  "CMAKE_MATCH_2",
+  "CMAKE_MATCH_3",
+  "CMAKE_MATCH_4",
+  "CMAKE_MATCH_5",
+  "CMAKE_MATCH_6",
+  "CMAKE_MATCH_7",
+  "CMAKE_MATCH_8",
+  "CMAKE_MATCH_9"
+};
+
+static std::string const nMatchesVariable = "CMAKE_MATCH_COUNT";
+
+//----------------------------------------------------------------------------
+void cmMakefile::ClearMatches()
+{
+  const char* nMatchesStr = this->GetDefinition(nMatchesVariable);
+  if (!nMatchesStr)
+    {
+    return;
+    }
+  int nMatches = atoi(nMatchesStr);
+  for (int i=0; i<=nMatches; i++)
+    {
+    std::string const& var = matchVariables[i];
+    std::string const& s = this->GetSafeDefinition(var);
+    if(!s.empty())
+      {
+      this->AddDefinition(var, "");
+      this->MarkVariableAsUsed(var);
+      }
+    }
+  this->AddDefinition(nMatchesVariable, "0");
+  this->MarkVariableAsUsed(nMatchesVariable);
+}
+
+//----------------------------------------------------------------------------
+void cmMakefile::StoreMatches(cmsys::RegularExpression& re)
+{
+  char highest = 0;
+  for (int i=0; i<10; i++)
+    {
+    std::string const& m = re.match(i);
+    if(!m.empty())
+      {
+      std::string const& var = matchVariables[i];
+      this->AddDefinition(var, m.c_str());
+      this->MarkVariableAsUsed(var);
+      highest = static_cast<char>('0' + i);
+      }
+    }
+  char nMatches[] = {highest, '\0'};
+  this->AddDefinition(nMatchesVariable, nMatches);
+  this->MarkVariableAsUsed(nMatchesVariable);
+}
+
 //----------------------------------------------------------------------------
 cmPolicies::PolicyStatus
 cmMakefile::GetPolicyStatus(cmPolicies::PolicyID id) const
@@ -5161,7 +5329,7 @@ HaveCFeatureAvailable(cmTarget const* target, const std::string& feature) const
     cmOStringStream e;
     e << "The C_STANDARD property on target \"" << target->GetName()
       << "\" contained an invalid value: \"" << existingCStandard << "\".";
-    this->IssueMessage(cmake::FATAL_ERROR, e.str().c_str());
+    this->IssueMessage(cmake::FATAL_ERROR, e.str());
     return false;
     }
 
@@ -5412,7 +5580,7 @@ AddRequiredTargetCFeature(cmTarget *target, const std::string& feature) const
       cmOStringStream e;
       e << "The C_STANDARD property on target \"" << target->GetName()
         << "\" contained an invalid value: \"" << existingCStandard << "\".";
-      this->IssueMessage(cmake::FATAL_ERROR, e.str().c_str());
+      this->IssueMessage(cmake::FATAL_ERROR, e.str());
       return false;
       }
     }
diff --git a/Source/cmMakefile.h b/Source/cmMakefile.h
index 28f8686..fcfec8d 100644
--- a/Source/cmMakefile.h
+++ b/Source/cmMakefile.h
@@ -34,6 +34,8 @@
 # include <cmsys/hash_map.hxx>
 #endif
 
+#include <stack>
+
 class cmFunctionBlocker;
 class cmCommand;
 class cmInstallGenerator;
@@ -123,6 +125,15 @@ public:
   };
   friend class LexicalPushPop;
 
+  class LoopBlockPop
+  {
+  public:
+    LoopBlockPop(cmMakefile* mf) { this->Makefile = mf; }
+    ~LoopBlockPop() { this->Makefile->PopLoopBlock(); }
+  private:
+    cmMakefile* Makefile;
+  };
+
   /**
    * Try running cmake and building a file. This is used for dynalically
    * loaded commands, not as part of the usual build process.
@@ -170,19 +181,23 @@ public:
 
   /** Add a custom command to the build.  */
   void AddCustomCommandToTarget(const std::string& target,
+                                const std::vector<std::string>& byproducts,
                                 const std::vector<std::string>& depends,
                                 const cmCustomCommandLines& commandLines,
                                 cmTarget::CustomCommandType type,
                                 const char* comment, const char* workingDir,
-                                bool escapeOldStyle = true) const;
+                                bool escapeOldStyle = true,
+                                bool uses_terminal = false);
   cmSourceFile* AddCustomCommandToOutput(
     const std::vector<std::string>& outputs,
+    const std::vector<std::string>& byproducts,
     const std::vector<std::string>& depends,
     const std::string& main_dependency,
     const cmCustomCommandLines& commandLines,
     const char* comment, const char* workingDir,
     bool replace = false,
-    bool escapeOldStyle = true);
+    bool escapeOldStyle = true,
+    bool uses_terminal = false);
   cmSourceFile* AddCustomCommandToOutput(
     const std::string& output,
     const std::vector<std::string>& depends,
@@ -190,7 +205,8 @@ public:
     const cmCustomCommandLines& commandLines,
     const char* comment, const char* workingDir,
     bool replace = false,
-    bool escapeOldStyle = true);
+    bool escapeOldStyle = true,
+    bool uses_terminal = false);
   void AddCustomCommandOldStyle(const std::string& target,
                                 const std::vector<std::string>& outputs,
                                 const std::vector<std::string>& depends,
@@ -237,7 +253,17 @@ public:
                               const std::vector<std::string>& depends,
                               const cmCustomCommandLines& commandLines,
                               bool escapeOldStyle = true,
-                              const char* comment = 0);
+                              const char* comment = 0,
+                              bool uses_terminal = false);
+  cmTarget* AddUtilityCommand(const std::string& utilityName,
+                              bool excludeFromAll,
+                              const char* workingDirectory,
+                              const std::vector<std::string>& byproducts,
+                              const std::vector<std::string>& depends,
+                              const cmCustomCommandLines& commandLines,
+                              bool escapeOldStyle = true,
+                              const char* comment = 0,
+                              bool uses_terminal = false);
 
   /**
    * Add a link library to the build.
@@ -466,7 +492,7 @@ public:
       this->cmStartDirectory = dir;
       cmSystemTools::ConvertToUnixSlashes(this->cmStartDirectory);
       this->cmStartDirectory =
-        cmSystemTools::CollapseFullPath(this->cmStartDirectory.c_str());
+        cmSystemTools::CollapseFullPath(this->cmStartDirectory);
       this->AddDefinition("CMAKE_CURRENT_SOURCE_DIR",
                           this->cmStartDirectory.c_str());
     }
@@ -479,7 +505,7 @@ public:
       this->StartOutputDirectory = lib;
       cmSystemTools::ConvertToUnixSlashes(this->StartOutputDirectory);
       this->StartOutputDirectory =
-        cmSystemTools::CollapseFullPath(this->StartOutputDirectory.c_str());
+        cmSystemTools::CollapseFullPath(this->StartOutputDirectory);
       cmSystemTools::MakeDirectory(this->StartOutputDirectory.c_str());
       this->AddDefinition("CMAKE_CURRENT_BINARY_DIR",
                           this->StartOutputDirectory.c_str());
@@ -885,6 +911,10 @@ public:
   void PopScope();
   void RaiseScope(const std::string& var, const char *value);
 
+  // push and pop loop scopes
+  void PushLoopBlockBarrier();
+  void PopLoopBlockBarrier();
+
   /** Helper class to push and pop scopes automatically.  */
   class ScopePushPop
   {
@@ -942,6 +972,13 @@ public:
                        std::string const& lhs,
                        std::string const& rhs);
 
+  void PushLoopBlock();
+  void PopLoopBlock();
+  bool IsLoopBlock() const;
+
+  void ClearMatches();
+  void StoreMatches(cmsys::RegularExpression& re);
+
 protected:
   // add link libraries and directories to the target
   void AddGlobalLinkInformation(const std::string& name, cmTarget& target);
@@ -1036,6 +1073,8 @@ private:
   void PushFunctionBlockerBarrier();
   void PopFunctionBlockerBarrier(bool reportError = true);
 
+  std::stack<int> LoopBlockCounter;
+
   typedef std::map<std::string, std::string> StringStringMap;
   StringStringMap MacrosMap;
 
diff --git a/Source/cmMakefileTargetGenerator.cxx b/Source/cmMakefileTargetGenerator.cxx
index 85e371d..8444dfb 100644
--- a/Source/cmMakefileTargetGenerator.cxx
+++ b/Source/cmMakefileTargetGenerator.cxx
@@ -702,7 +702,14 @@ cmMakefileTargetGenerator
 
   vars.Defines = definesString.c_str();
 
-  bool lang_is_c_or_cxx = ((lang == "C") || (lang == "CXX"));
+  // At the moment, it is assumed that C, C++, and Fortran have both
+  // assembly and preprocessor capabilities. The same is true for the
+  // ability to export compile commands
+  bool lang_has_preprocessor = ((lang == "C") ||
+                                (lang == "CXX") ||
+                                (lang == "Fortran"));
+  bool const lang_has_assembly = lang_has_preprocessor;
+  bool const lang_can_export_cmds = lang_has_preprocessor;
 
   // Construct the compile rules.
   {
@@ -715,7 +722,7 @@ cmMakefileTargetGenerator
   cmSystemTools::ExpandListArgument(compileRule, compileCommands);
 
   if (this->Makefile->IsOn("CMAKE_EXPORT_COMPILE_COMMANDS") &&
-      lang_is_c_or_cxx && compileCommands.size() == 1)
+      lang_can_export_cmds && compileCommands.size() == 1)
     {
     std::string compileCommand = compileCommands[0];
     this->LocalGenerator->ExpandRuleVariables(compileCommand, vars);
@@ -771,9 +778,9 @@ cmMakefileTargetGenerator
       }
     }
 
-  bool do_preprocess_rules = lang_is_c_or_cxx &&
+  bool do_preprocess_rules = lang_has_preprocessor &&
     this->LocalGenerator->GetCreatePreprocessedSourceRules();
-  bool do_assembly_rules = lang_is_c_or_cxx &&
+  bool do_assembly_rules = lang_has_assembly &&
     this->LocalGenerator->GetCreateAssemblySourceRules();
   if(do_preprocess_rules || do_assembly_rules)
     {
@@ -1577,7 +1584,7 @@ std::string cmMakefileTargetGenerator::GetFrameworkFlags(std::string const& l)
       {
       std::string frameworkDir = *i;
       frameworkDir += "/../";
-      frameworkDir = cmSystemTools::CollapseFullPath(frameworkDir.c_str());
+      frameworkDir = cmSystemTools::CollapseFullPath(frameworkDir);
       emitted.insert(frameworkDir);
       }
     }
diff --git a/Source/cmNinjaNormalTargetGenerator.cxx b/Source/cmNinjaNormalTargetGenerator.cxx
index e344df4..25931f3 100644
--- a/Source/cmNinjaNormalTargetGenerator.cxx
+++ b/Source/cmNinjaNormalTargetGenerator.cxx
@@ -194,12 +194,7 @@ cmNinjaNormalTargetGenerator
 
     vars.ObjectDir = "$OBJECT_DIR";
 
-    // TODO:
-    // Makefile generator expands <TARGET> to the plain target name
-    // with suffix. $out expands to a relative path. This difference
-    // could make trouble when switching to Ninja generator. Maybe
-    // using TARGET_NAME and RuleVariables::TargetName is a fix.
-    vars.Target = "$out";
+    vars.Target = "$TARGET_FILE";
 
     vars.SONameFlag = "$SONAME_FLAG";
     vars.TargetSOName = "$SONAME";
@@ -252,7 +247,7 @@ cmNinjaNormalTargetGenerator
             << this->GetVisibleTypeName() << ".";
     cmOStringStream description;
     description << "Linking " << this->TargetLinkLanguage << " "
-                << this->GetVisibleTypeName() << " $out";
+                << this->GetVisibleTypeName() << " $TARGET_FILE";
     this->GetGlobalGenerator()->AddRule(ruleName,
                                         linkCmd,
                                         description.str(),
@@ -261,7 +256,7 @@ cmNinjaNormalTargetGenerator
                                         /*deptype*/ "",
                                         rspfile,
                                         rspcontent,
-                                        /*restat*/ false,
+                                        /*restat*/ "$RESTAT",
                                         /*generator*/ false);
   }
 
@@ -283,7 +278,7 @@ cmNinjaNormalTargetGenerator
                                           /*deptype*/ "",
                                           /*rspfile*/ "",
                                           /*rspcontent*/ "",
-                                          /*restat*/ false,
+                                          /*restat*/ "",
                                           /*generator*/ false);
     else
       this->GetGlobalGenerator()->AddRule("CMAKE_SYMLINK_LIBRARY",
@@ -297,7 +292,7 @@ cmNinjaNormalTargetGenerator
                                           /*deptype*/ "",
                                           /*rspfile*/ "",
                                           /*rspcontent*/ "",
-                                          /*restat*/ false,
+                                          /*restat*/ "",
                                           /*generator*/ false);
   }
 }
@@ -326,7 +321,7 @@ cmNinjaNormalTargetGenerator
         this->GetLocalGenerator()->ConvertToOutputFormat(
           mf->GetRequiredDefinition("CMAKE_COMMAND"),
           cmLocalGenerator::SHELL);
-      linkCmds.push_back(cmakeCommand + " -E remove $out");
+      linkCmds.push_back(cmakeCommand + " -E remove $TARGET_FILE");
       }
       // TODO: Use ARCHIVE_APPEND for archives over a certain size.
       {
@@ -375,14 +370,14 @@ void cmNinjaNormalTargetGenerator::WriteLinkStatement()
   cmTarget& target = *this->GetTarget();
   const std::string cfgName = this->GetConfigName();
   std::string targetOutput = ConvertToNinjaPath(
-                               target.GetFullPath(cfgName).c_str());
+                               target.GetFullPath(cfgName));
   std::string targetOutputReal = ConvertToNinjaPath(
                                    target.GetFullPath(cfgName,
                                       /*implib=*/false,
-                                      /*realpath=*/true).c_str());
+                                      /*realpath=*/true));
   std::string targetOutputImplib = ConvertToNinjaPath(
                                      target.GetFullPath(cfgName,
-                                       /*implib=*/true).c_str());
+                                       /*implib=*/true));
 
   if (target.IsAppBundleOnApple())
     {
@@ -394,11 +389,11 @@ void cmNinjaNormalTargetGenerator::WriteLinkStatement()
     targetOutput = outpath;
     targetOutput += "/";
     targetOutput += this->TargetNameOut;
-    targetOutput = this->ConvertToNinjaPath(targetOutput.c_str());
+    targetOutput = this->ConvertToNinjaPath(targetOutput);
     targetOutputReal = outpath;
     targetOutputReal += "/";
     targetOutputReal += this->TargetNameReal;
-    targetOutputReal = this->ConvertToNinjaPath(targetOutputReal.c_str());
+    targetOutputReal = this->ConvertToNinjaPath(targetOutputReal);
     }
   else if (target.IsFrameworkOnApple())
     {
@@ -450,6 +445,10 @@ void cmNinjaNormalTargetGenerator::WriteLinkStatement()
                                     this->GetConfigName());
   bool useWatcomQuote = mf->IsOn(createRule+"_USE_WATCOM_QUOTE");
   cmLocalNinjaGenerator& localGen = *this->GetLocalGenerator();
+
+  vars["TARGET_FILE"] =
+    localGen.ConvertToOutputFormat(targetOutputReal, cmLocalGenerator::SHELL);
+
   localGen.GetTargetFlags(vars["LINK_LIBRARIES"],
                           vars["FLAGS"],
                           vars["LINK_FLAGS"],
@@ -509,6 +508,10 @@ void cmNinjaNormalTargetGenerator::WriteLinkStatement()
                                               cmLocalGenerator::SHELL);
     vars["TARGET_IMPLIB"] = impLibPath;
     EnsureParentDirectoryExists(impLibPath);
+    if(target.HasImportLibrary())
+      {
+      outputs.push_back(targetOutputImplib);
+      }
     }
 
   if (!this->SetMsvcTargetPdbVariable(vars))
@@ -531,7 +534,7 @@ void cmNinjaNormalTargetGenerator::WriteLinkStatement()
   if (mf->IsOn("CMAKE_COMPILER_IS_MINGW"))
     {
     const std::string objPath = GetTarget()->GetSupportDirectory();
-    vars["OBJECT_DIR"] = ConvertToNinjaPath(objPath.c_str());
+    vars["OBJECT_DIR"] = ConvertToNinjaPath(objPath);
     EnsureDirectoryExists(objPath);
     // ar.exe can't handle backslashes in rsp files (implicitly used by gcc)
     std::string& linkLibraries = vars["LINK_LIBRARIES"];
@@ -553,6 +556,7 @@ void cmNinjaNormalTargetGenerator::WriteLinkStatement()
     &postBuildCmdLines
   };
 
+  cmNinjaDeps byproducts;
   for (unsigned i = 0; i != 3; ++i)
     {
     for (std::vector<cmCustomCommand>::const_iterator
@@ -561,6 +565,9 @@ void cmNinjaNormalTargetGenerator::WriteLinkStatement()
       {
       cmCustomCommandGenerator ccg(*ci, cfgName, mf);
       localGen.AppendCustomCommandLines(ccg, *cmdLineLists[i]);
+      std::vector<std::string> const& ccByproducts = ccg.GetByproducts();
+      std::transform(ccByproducts.begin(), ccByproducts.end(),
+                     std::back_inserter(byproducts), MapToNinjaPath());
       }
     }
 
@@ -608,6 +615,17 @@ void cmNinjaNormalTargetGenerator::WriteLinkStatement()
   this->GetLocalGenerator()->AppendTargetDepends(this->GetTarget(),
     orderOnlyDeps);
 
+  // Ninja should restat after linking if and only if there are byproducts.
+  vars["RESTAT"] = byproducts.empty()? "" : "1";
+
+  for (cmNinjaDeps::const_iterator oi = byproducts.begin(),
+         oe = byproducts.end();
+       oi != oe; ++oi)
+    {
+    this->GetGlobalGenerator()->SeenCustomCommandOutput(*oi);
+    outputs.push_back(*oi);
+    }
+
   // Write the build statement for this target.
   globalGen.WriteBuild(this->GetBuildFileStream(),
                         comment.str(),
@@ -659,16 +677,6 @@ void cmNinjaNormalTargetGenerator::WriteLinkStatement()
       }
     }
 
-  if (!this->TargetNameImport.empty())
-    {
-    // Since using multiple outputs would mess up the $out variable, use an
-    // alias for the import library.
-    globalGen.WritePhonyBuild(this->GetBuildFileStream(),
-                              "Alias for import library.",
-                              cmNinjaDeps(1, targetOutputImplib),
-                              cmNinjaDeps(1, targetOutputReal));
-    }
-
   // Add aliases for the file name and the target name.
   globalGen.AddTargetAlias(this->TargetNameOut, &target);
   globalGen.AddTargetAlias(this->GetTargetName(), &target);
diff --git a/Source/cmNinjaTargetGenerator.cxx b/Source/cmNinjaTargetGenerator.cxx
index 816e6d8..7967762 100644
--- a/Source/cmNinjaTargetGenerator.cxx
+++ b/Source/cmNinjaTargetGenerator.cxx
@@ -277,7 +277,7 @@ std::string
 cmNinjaTargetGenerator
 ::GetSourceFilePath(cmSourceFile const* source) const
 {
-  return ConvertToNinjaPath(source->GetFullPath().c_str());
+  return ConvertToNinjaPath(source->GetFullPath());
 }
 
 std::string
@@ -298,7 +298,7 @@ cmNinjaTargetGenerator
 std::string cmNinjaTargetGenerator::GetTargetOutputDir() const
 {
   std::string dir = this->Target->GetDirectory(this->GetConfigName());
-  return ConvertToNinjaPath(dir.c_str());
+  return ConvertToNinjaPath(dir);
 }
 
 std::string
@@ -346,11 +346,11 @@ bool cmNinjaTargetGenerator::SetMsvcTargetPdbVariable(cmNinjaVars& vars) const
       }
 
     vars["TARGET_PDB"] = this->GetLocalGenerator()->ConvertToOutputFormat(
-                          ConvertToNinjaPath(pdbPath.c_str()),
+                          ConvertToNinjaPath(pdbPath),
                           cmLocalGenerator::SHELL);
     vars["TARGET_COMPILE_PDB"] =
       this->GetLocalGenerator()->ConvertToOutputFormat(
-        ConvertToNinjaPath(compilePdbPath.c_str()),
+        ConvertToNinjaPath(compilePdbPath),
         cmLocalGenerator::SHELL);
 
     EnsureParentDirectoryExists(pdbPath);
@@ -477,7 +477,7 @@ cmNinjaTargetGenerator
                                       deptype,
                                       /*rspfile*/ "",
                                       /*rspcontent*/ "",
-                                      /*restat*/ false,
+                                      /*restat*/ "",
                                       /*generator*/ false);
 }
 
@@ -538,8 +538,11 @@ cmNinjaTargetGenerator
     cmCustomCommandGenerator ccg(*cc, this->GetConfigName(),
                                  this->GetMakefile());
     const std::vector<std::string>& ccoutputs = ccg.GetOutputs();
+    const std::vector<std::string>& ccbyproducts= ccg.GetByproducts();
     std::transform(ccoutputs.begin(), ccoutputs.end(),
                    std::back_inserter(orderOnlyDeps), MapToNinjaPath());
+    std::transform(ccbyproducts.begin(), ccbyproducts.end(),
+                   std::back_inserter(orderOnlyDeps), MapToNinjaPath());
     }
 
   if (!orderOnlyDeps.empty())
@@ -564,7 +567,7 @@ cmNinjaTargetGenerator
   std::string def = this->GeneratorTarget->GetModuleDefinitionFile(config);
   if(!def.empty())
     {
-    this->ModuleDefinitionFile = this->ConvertToNinjaPath(def.c_str());
+    this->ModuleDefinitionFile = this->ConvertToNinjaPath(def);
     }
 
   this->GetBuildFileStream() << "\n";
@@ -628,11 +631,11 @@ cmNinjaTargetGenerator
 
   std::string objectDir = this->Target->GetSupportDirectory();
   vars["OBJECT_DIR"] = this->GetLocalGenerator()->ConvertToOutputFormat(
-                         ConvertToNinjaPath(objectDir.c_str()),
+                         ConvertToNinjaPath(objectDir),
                          cmLocalGenerator::SHELL);
   std::string objectFileDir = cmSystemTools::GetFilenamePath(objectFileName);
   vars["OBJECT_FILE_DIR"] = this->GetLocalGenerator()->ConvertToOutputFormat(
-                              ConvertToNinjaPath(objectFileDir.c_str()),
+                              ConvertToNinjaPath(objectFileDir),
                               cmLocalGenerator::SHELL);
 
   this->addPoolNinjaVariable("JOB_POOL_COMPILE", this->GetTarget(), vars);
@@ -650,7 +653,7 @@ cmNinjaTargetGenerator
     if (!cmSystemTools::FileIsFullPath(sourceFileName.c_str()))
       {
       escapedSourceFileName = cmSystemTools::CollapseFullPath(
-        escapedSourceFileName.c_str(),
+        escapedSourceFileName,
         this->GetGlobalGenerator()->GetCMakeInstance()->
           GetHomeOutputDirectory());
       }
@@ -754,7 +757,7 @@ void
 cmNinjaTargetGenerator
 ::EnsureParentDirectoryExists(const std::string& path) const
 {
-  EnsureDirectoryExists(cmSystemTools::GetParentDirectory(path.c_str()));
+  EnsureDirectoryExists(cmSystemTools::GetParentDirectory(path));
 }
 
 
@@ -775,14 +778,14 @@ cmNinjaTargetGenerator::MacOSXContentGeneratorType::operator()(
   // Get the input file location.
   std::string input = source.GetFullPath();
   input =
-    this->Generator->GetLocalGenerator()->ConvertToNinjaPath(input.c_str());
+    this->Generator->GetLocalGenerator()->ConvertToNinjaPath(input);
 
   // Get the output file location.
   std::string output = macdir;
   output += "/";
   output += cmSystemTools::GetFilenameName(input);
   output =
-    this->Generator->GetLocalGenerator()->ConvertToNinjaPath(output.c_str());
+    this->Generator->GetLocalGenerator()->ConvertToNinjaPath(output);
 
   // Write a build statement to copy the content into the bundle.
   this->Generator->GetGlobalGenerator()->WriteMacOSXContentBuild(input,
diff --git a/Source/cmNinjaTargetGenerator.h b/Source/cmNinjaTargetGenerator.h
index 40a15a3..17cf517 100644
--- a/Source/cmNinjaTargetGenerator.h
+++ b/Source/cmNinjaTargetGenerator.h
@@ -116,7 +116,6 @@ protected:
   void WriteObjectBuildStatements();
   void WriteObjectBuildStatement(cmSourceFile const* source,
                                  bool writeOrderDependsTargetForTarget);
-  void WriteCustomCommandBuildStatement(cmCustomCommand *cc);
 
   cmNinjaDeps GetObjects() const
   { return this->Objects; }
diff --git a/Source/cmNinjaUtilityTargetGenerator.cxx b/Source/cmNinjaUtilityTargetGenerator.cxx
index f5d18dc..42d6b46 100644
--- a/Source/cmNinjaUtilityTargetGenerator.cxx
+++ b/Source/cmNinjaUtilityTargetGenerator.cxx
@@ -27,14 +27,19 @@ cmNinjaUtilityTargetGenerator::~cmNinjaUtilityTargetGenerator() {}
 
 void cmNinjaUtilityTargetGenerator::Generate()
 {
+  std::string utilCommandName = cmake::GetCMakeFilesDirectoryPostSlash();
+  utilCommandName += this->GetTargetName() + ".util";
+
   std::vector<std::string> commands;
-  cmNinjaDeps deps, outputs;
+  cmNinjaDeps deps, outputs, util_outputs(1, utilCommandName);
 
   const std::vector<cmCustomCommand> *cmdLists[2] = {
     &this->GetTarget()->GetPreBuildCommands(),
     &this->GetTarget()->GetPostBuildCommands()
   };
 
+  bool uses_terminal = false;
+
   for (unsigned i = 0; i != 2; ++i) {
     for (std::vector<cmCustomCommand>::const_iterator
          ci = cmdLists[i]->begin(); ci != cmdLists[i]->end(); ++ci) {
@@ -42,6 +47,11 @@ void cmNinjaUtilityTargetGenerator::Generate()
                                    this->GetMakefile());
       this->GetLocalGenerator()->AppendCustomCommandDeps(ccg, deps);
       this->GetLocalGenerator()->AppendCustomCommandLines(ccg, commands);
+      std::vector<std::string> const& ccByproducts = ccg.GetByproducts();
+      std::transform(ccByproducts.begin(), ccByproducts.end(),
+                     std::back_inserter(util_outputs), MapToNinjaPath());
+      if (ci->GetUsesTerminal())
+        uses_terminal = true;
     }
   }
 
@@ -60,8 +70,11 @@ void cmNinjaUtilityTargetGenerator::Generate()
 
       // Depend on all custom command outputs.
       const std::vector<std::string>& ccOutputs = ccg.GetOutputs();
+      const std::vector<std::string>& ccByproducts = ccg.GetByproducts();
       std::transform(ccOutputs.begin(), ccOutputs.end(),
                      std::back_inserter(deps), MapToNinjaPath());
+      std::transform(ccByproducts.begin(), ccByproducts.end(),
+                     std::back_inserter(deps), MapToNinjaPath());
       }
     }
 
@@ -103,14 +116,19 @@ void cmNinjaUtilityTargetGenerator::Generate()
     if (command.find('$') != std::string::npos)
       return;
 
-    std::string utilCommandName = cmake::GetCMakeFilesDirectoryPostSlash();
-    utilCommandName += this->GetTargetName() + ".util";
+    for (cmNinjaDeps::const_iterator
+           oi = util_outputs.begin(), oe = util_outputs.end();
+         oi != oe; ++oi)
+      {
+      this->GetGlobalGenerator()->SeenCustomCommandOutput(*oi);
+      }
 
     this->GetGlobalGenerator()->WriteCustomCommandBuild(
       command,
       desc,
       "Utility command for " + this->GetTargetName(),
-      cmNinjaDeps(1, utilCommandName),
+      uses_terminal,
+      util_outputs,
       deps);
 
     this->GetGlobalGenerator()->WritePhonyBuild(this->GetBuildFileStream(),
diff --git a/Source/cmOSXBundleGenerator.cxx b/Source/cmOSXBundleGenerator.cxx
index 786e6e2..55e20ab 100644
--- a/Source/cmOSXBundleGenerator.cxx
+++ b/Source/cmOSXBundleGenerator.cxx
@@ -112,8 +112,8 @@ void cmOSXBundleGenerator::CreateFramework(
   oldName = frameworkVersion;
   newName = versions;
   newName += "/Current";
-  cmSystemTools::RemoveFile(newName.c_str());
-  cmSystemTools::CreateSymlink(oldName.c_str(), newName.c_str());
+  cmSystemTools::RemoveFile(newName);
+  cmSystemTools::CreateSymlink(oldName, newName);
   this->Makefile->AddCMakeOutputFile(newName);
 
   // foo -> Versions/Current/foo
@@ -121,8 +121,8 @@ void cmOSXBundleGenerator::CreateFramework(
   oldName += name;
   newName = contentdir;
   newName += name;
-  cmSystemTools::RemoveFile(newName.c_str());
-  cmSystemTools::CreateSymlink(oldName.c_str(), newName.c_str());
+  cmSystemTools::RemoveFile(newName);
+  cmSystemTools::CreateSymlink(oldName, newName);
   this->Makefile->AddCMakeOutputFile(newName);
 
   // Resources -> Versions/Current/Resources
@@ -132,8 +132,8 @@ void cmOSXBundleGenerator::CreateFramework(
     oldName = "Versions/Current/Resources";
     newName = contentdir;
     newName += "Resources";
-    cmSystemTools::RemoveFile(newName.c_str());
-    cmSystemTools::CreateSymlink(oldName.c_str(), newName.c_str());
+    cmSystemTools::RemoveFile(newName);
+    cmSystemTools::CreateSymlink(oldName, newName);
     this->Makefile->AddCMakeOutputFile(newName);
     }
 
@@ -144,8 +144,8 @@ void cmOSXBundleGenerator::CreateFramework(
     oldName = "Versions/Current/Headers";
     newName = contentdir;
     newName += "Headers";
-    cmSystemTools::RemoveFile(newName.c_str());
-    cmSystemTools::CreateSymlink(oldName.c_str(), newName.c_str());
+    cmSystemTools::RemoveFile(newName);
+    cmSystemTools::CreateSymlink(oldName, newName);
     this->Makefile->AddCMakeOutputFile(newName);
     }
 
@@ -156,8 +156,8 @@ void cmOSXBundleGenerator::CreateFramework(
     oldName = "Versions/Current/PrivateHeaders";
     newName = contentdir;
     newName += "PrivateHeaders";
-    cmSystemTools::RemoveFile(newName.c_str());
-    cmSystemTools::CreateSymlink(oldName.c_str(), newName.c_str());
+    cmSystemTools::RemoveFile(newName);
+    cmSystemTools::CreateSymlink(oldName, newName);
     this->Makefile->AddCMakeOutputFile(newName);
     }
 }
diff --git a/Source/cmOrderDirectories.cxx b/Source/cmOrderDirectories.cxx
index 007364c..3cdd2f6 100644
--- a/Source/cmOrderDirectories.cxx
+++ b/Source/cmOrderDirectories.cxx
@@ -140,7 +140,7 @@ bool cmOrderDirectoriesConstraint::FileMayConflict(std::string const& dir,
     {
     // The file conflicts only if it is not the same as the original
     // file due to a symlink or hardlink.
-    return !cmSystemTools::SameFile(this->FullPath.c_str(), file.c_str());
+    return !cmSystemTools::SameFile(this->FullPath, file);
     }
 
   // Check if the file will be built by cmake.
diff --git a/Source/cmPathLabel.cxx b/Source/cmPathLabel.cxx
new file mode 100644
index 0000000..67d56e1
--- /dev/null
+++ b/Source/cmPathLabel.cxx
@@ -0,0 +1,41 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2000-2009 Kitware, Inc., Insight Software Consortium
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#include "cmPathLabel.h"
+
+//----------------------------------------------------------------------------
+cmPathLabel::cmPathLabel(const std::string& label)
+: Label(label), Hash(0)
+{
+  // Use a Jenkins one-at-a-time hash with under/over-flow protection
+  for(size_t i = 0; i < this->Label.size(); ++i)
+    {
+    this->Hash += this->Label[i];
+    this->Hash += ((this->Hash & 0x003FFFFF) << 10);
+    this->Hash ^= ((this->Hash & 0xFFFFFFC0) >> 6);
+    }
+  this->Hash += ((this->Hash & 0x1FFFFFFF) << 3);
+  this->Hash ^= ((this->Hash & 0xFFFFF800) >> 11);
+  this->Hash += ((this->Hash & 0x0001FFFF) << 15);
+}
+
+//----------------------------------------------------------------------------
+bool cmPathLabel::operator < (const cmPathLabel& l) const
+{
+  return this->Hash < l.Hash;
+}
+
+//----------------------------------------------------------------------------
+bool cmPathLabel::operator == (const cmPathLabel& l) const
+{
+  return this->Hash == l.Hash;
+}
diff --git a/Source/cmPathLabel.h b/Source/cmPathLabel.h
new file mode 100644
index 0000000..02d5261
--- /dev/null
+++ b/Source/cmPathLabel.h
@@ -0,0 +1,44 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2000-2009 Kitware, Inc., Insight Software Consortium
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+#ifndef cmPathLabel_h
+#define cmPathLabel_h
+
+#include "cmStandardIncludes.h"
+
+/** \class cmPathLabel
+ * \brief Helper class for text based labels
+ *
+ * cmPathLabel is extended in different classes to act as an inheritable
+ * enum.  Comparisons are done on a precomputed Jenkins hash of the string
+ * label for indexing and searchig.
+ */
+class cmPathLabel
+{
+public:
+  cmPathLabel(const std::string& label);
+
+  // The comparison operators are only for quick sorting and searching and
+  // in no way imply any lexicographical order of the label
+  bool operator < (const cmPathLabel& l) const;
+  bool operator == (const cmPathLabel& l) const;
+
+  const std::string& GetLabel() const { return this->Label; }
+  const unsigned int& GetHash() const { return this->Hash; }
+
+protected:
+  cmPathLabel();
+
+  std::string Label;
+  unsigned int Hash;
+};
+
+#endif
diff --git a/Source/cmPolicies.cxx b/Source/cmPolicies.cxx
index a420f59..64b87b7 100644
--- a/Source/cmPolicies.cxx
+++ b/Source/cmPolicies.cxx
@@ -364,6 +364,11 @@ cmPolicies::cmPolicies()
     CMP0054, "CMP0054",
     "Only interpret if() arguments as variables or keywords when unquoted.",
     3,1,0, cmPolicies::WARN);
+
+  this->DefinePolicy(
+    CMP0055, "CMP0055",
+    "Strict checking for break() command.",
+    3,2,0, cmPolicies::WARN);
 }
 
 cmPolicies::~cmPolicies()
diff --git a/Source/cmPolicies.h b/Source/cmPolicies.h
index 7c73da8..46ecc22 100644
--- a/Source/cmPolicies.h
+++ b/Source/cmPolicies.h
@@ -111,6 +111,7 @@ public:
     CMP0053, ///< Simplify variable reference and escape sequence evaluation
     CMP0054, ///< Only interpret if() arguments as variables
     /// or keywords when unquoted.
+    CMP0055, ///< Strict checking for break() command.
 
     /** \brief Always the last entry.
      *
diff --git a/Source/cmQtAutoGenerators.cxx b/Source/cmQtAutoGenerators.cxx
index 93ebde6..0c38366 100644
--- a/Source/cmQtAutoGenerators.cxx
+++ b/Source/cmQtAutoGenerators.cxx
@@ -166,6 +166,112 @@ static std::string getAutogenTargetDir(cmTarget const* target)
   return targetDir;
 }
 
+std::string cmQtAutoGenerators::ListQt5RccInputs(cmSourceFile* sf,
+                                            cmTarget const* target,
+                                            std::vector<std::string>& depends)
+{
+  std::string rccCommand = this->GetRccExecutable(target);
+  std::vector<std::string> qrcEntries;
+
+  std::vector<std::string> command;
+  command.push_back(rccCommand);
+  command.push_back("--list");
+
+  std::string absFile = cmsys::SystemTools::GetRealPath(
+                                              sf->GetFullPath());
+
+  command.push_back(absFile);
+
+  std::string output;
+  int retVal = 0;
+  bool result = cmSystemTools::RunSingleCommand(command, &output,
+                                            &retVal, 0,
+                                            cmSystemTools::OUTPUT_NONE);
+  if (!result || retVal)
+    {
+    std::cerr << "AUTOGEN: error: Rcc list process for " << sf->GetFullPath()
+              << " failed:\n" << output << std::endl;
+    return std::string();
+    }
+
+  std::istringstream ostr(output);
+  std::string oline;
+  while(std::getline(ostr, oline))
+    {
+    if (oline.empty())
+      {
+      // The output of rcc --list contains many empty lines.
+      continue;
+      }
+    if (cmHasLiteralPrefix(oline, "RCC: Error in"))
+      {
+      static std::string searchString = "Cannot find file '";
+
+      std::string::size_type pos = oline.find(searchString);
+      if (pos == std::string::npos)
+        {
+        std::cerr << "AUTOGEN: error: Rcc lists unparsable output "
+                  << oline << std::endl;
+        return std::string();
+        }
+      pos += searchString.length();
+      std::string::size_type sz = oline.size() - pos - 1;
+      qrcEntries.push_back(oline.substr(pos, sz));
+      }
+    else
+      {
+      qrcEntries.push_back(oline);
+      }
+    }
+  depends.insert(depends.end(), qrcEntries.begin(), qrcEntries.end());
+  std::string entriesList;
+  const char* sep = "";
+  for(std::vector<std::string>::const_iterator it = qrcEntries.begin();
+      it != qrcEntries.end(); ++it)
+    {
+    entriesList += sep;
+    entriesList += *it;
+    sep = "@list_sep@";
+    }
+  return entriesList;
+}
+
+std::string cmQtAutoGenerators::ListQt4RccInputs(cmSourceFile* sf,
+                                            std::vector<std::string>& depends)
+{
+  const std::string qrcContents = ReadAll(sf->GetFullPath());
+
+  cmsys::RegularExpression fileMatchRegex("(<file[^<]+)");
+
+  std::string entriesList;
+  const char* sep = "";
+
+  size_t offset = 0;
+  while (fileMatchRegex.find(qrcContents.c_str() + offset))
+    {
+    std::string qrcEntry = fileMatchRegex.match(1);
+
+    offset += qrcEntry.size();
+
+    cmsys::RegularExpression fileReplaceRegex("(^<file[^>]*>)");
+    fileReplaceRegex.find(qrcEntry);
+    std::string tag = fileReplaceRegex.match(1);
+
+    qrcEntry = qrcEntry.substr(tag.size());
+
+    if (!cmSystemTools::FileIsFullPath(qrcEntry.c_str()))
+      {
+      qrcEntry = sf->GetLocation().GetDirectory() + "/" + qrcEntry;
+      }
+
+    entriesList += sep;
+    entriesList += qrcEntry;
+    sep = "@list_sep@";
+    depends.push_back(qrcEntry);
+    }
+  return entriesList;
+}
+
 bool cmQtAutoGenerators::InitializeAutogenTarget(cmTarget* target)
 {
   cmMakefile* makefile = target->GetMakefile();
@@ -271,13 +377,69 @@ bool cmQtAutoGenerators::InitializeAutogenTarget(cmTarget* target)
         }
       }
     }
+#endif
+
+  std::vector<std::string> rcc_output;
+  if(makefile->GetLocalGenerator()->GetGlobalGenerator()->GetName() == "Ninja"
+#if defined(_WIN32) && !defined(__CYGWIN__)
+        || usePRE_BUILD
+#endif
+        )
+    {
+    std::vector<cmSourceFile*> srcFiles;
+    target->GetConfigCommonSourceFiles(srcFiles);
+    for(std::vector<cmSourceFile*>::const_iterator fileIt = srcFiles.begin();
+        fileIt != srcFiles.end();
+        ++fileIt)
+      {
+      cmSourceFile* sf = *fileIt;
+      std::string absFile = cmsys::SystemTools::GetRealPath(
+                                                sf->GetFullPath());
+
+      std::string ext = sf->GetExtension();
+
+      if (target->GetPropertyAsBool("AUTORCC"))
+        {
+        if (ext == "qrc"
+            && !cmSystemTools::IsOn(sf->GetPropertyForUser("SKIP_AUTORCC")))
+          {
+          std::string basename = cmsys::SystemTools::
+                                  GetFilenameWithoutLastExtension(absFile);
+
+          std::string rcc_output_dir = target->GetSupportDirectory();
+          cmSystemTools::MakeDirectory(rcc_output_dir.c_str());
+          std::string rcc_output_file = rcc_output_dir;
+          rcc_output_file += "/qrc_" + basename + ".cpp";
+          rcc_output.push_back(rcc_output_file);
+
+          if (!cmSystemTools::IsOn(sf->GetPropertyForUser("GENERATED")))
+            {
+            if (qtMajorVersion == "5")
+              {
+              this->ListQt5RccInputs(sf, target, depends);
+              }
+            else
+              {
+              this->ListQt4RccInputs(sf, depends);
+              }
+#if defined(_WIN32) && !defined(__CYGWIN__)
+            usePRE_BUILD = false;
+#endif
+            }
+          }
+        }
+      }
+    }
+
+#if defined(_WIN32) && !defined(__CYGWIN__)
   if(usePRE_BUILD)
     {
     // Add the pre-build command directly to bypass the OBJECT_LIBRARY
     // rejection in cmMakefile::AddCustomCommandToTarget because we know
     // PRE_BUILD will work for an OBJECT_LIBRARY in this specific case.
     std::vector<std::string> no_output;
-    cmCustomCommand cc(makefile, no_output, depends,
+    std::vector<std::string> no_byproducts;
+    cmCustomCommand cc(makefile, no_output, no_byproducts, depends,
                        commandLines, autogenComment.c_str(),
                        workingDirectory.c_str());
     cc.SetEscapeOldStyle(false);
@@ -287,10 +449,31 @@ bool cmQtAutoGenerators::InitializeAutogenTarget(cmTarget* target)
   else
 #endif
     {
-    cmTarget* autogenTarget = makefile->AddUtilityCommand(
+    cmTarget* autogenTarget = 0;
+    if (!rcc_output.empty())
+      {
+      std::vector<std::string> no_byproducts;
+      makefile->AddCustomCommandToOutput(rcc_output, no_byproducts,
+                                         depends, "",
+                                         commandLines, 0,
+                                         workingDirectory.c_str(),
+                                         false, false);
+
+      cmCustomCommandLines no_commands;
+      autogenTarget = makefile->AddUtilityCommand(
+                          autogenTargetName, true,
+                          workingDirectory.c_str(), rcc_output,
+                          no_commands, false, autogenComment.c_str());
+
+      }
+    else
+      {
+      autogenTarget = makefile->AddUtilityCommand(
                                 autogenTargetName, true,
                                 workingDirectory.c_str(), depends,
                                 commandLines, false, autogenComment.c_str());
+      }
+
     // Set target folder
     const char* autogenFolder = makefile->GetCMakeInstance()->GetProperty(
                                                      "AUTOMOC_TARGETS_FOLDER");
@@ -418,6 +601,8 @@ void cmQtAutoGenerators::SetupAutoGenerateTarget(cmTarget const* target)
   inputFile += "/Modules/AutogenInfo.cmake.in";
   std::string outputFile = targetDir;
   outputFile += "/AutogenInfo.cmake";
+  makefile->AddDefinition("_qt_rcc_inputs",
+              makefile->GetDefinition("_qt_rcc_inputs_" + target->GetName()));
   makefile->ConfigureFile(inputFile.c_str(), outputFile.c_str(),
                           false, true, false);
 
@@ -488,7 +673,7 @@ void cmQtAutoGenerators::SetupSourceFiles(cmTarget const* target)
     {
     cmSourceFile* sf = *fileIt;
     std::string absFile = cmsys::SystemTools::GetRealPath(
-                                                    sf->GetFullPath().c_str());
+                                                    sf->GetFullPath());
     bool skipMoc = cmSystemTools::IsOn(sf->GetPropertyForUser("SKIP_AUTOMOC"));
     bool generated = cmSystemTools::IsOn(sf->GetPropertyForUser("GENERATED"));
 
@@ -766,7 +951,7 @@ void cmQtAutoGenerators::SetupAutoUicTarget(cmTarget const* target,
     {
     cmSourceFile* sf = *fileIt;
     std::string absFile = cmsys::SystemTools::GetRealPath(
-                                                    sf->GetFullPath().c_str());
+                                                    sf->GetFullPath());
 
     if (!skipped.insert(absFile).second)
       {
@@ -869,9 +1054,12 @@ void cmQtAutoGenerators::SetupAutoRccTarget(cmTarget const* target)
   std::vector<cmSourceFile*> srcFiles;
   target->GetConfigCommonSourceFiles(srcFiles);
 
+  std::string qrcInputs;
+  const char* qrcInputsSep = "";
+
   std::string rccFileFiles;
   std::string rccFileOptions;
-  const char *sep = "";
+  const char *optionSep = "";
 
   const char *qtVersion = makefile->GetDefinition("_target_qt_version");
 
@@ -880,6 +1068,11 @@ void cmQtAutoGenerators::SetupAutoRccTarget(cmTarget const* target)
     {
     cmSystemTools::ExpandListArgument(opts, rccOptions);
     }
+  std::string qtMajorVersion = makefile->GetSafeDefinition("QT_VERSION_MAJOR");
+  if (qtMajorVersion == "")
+    {
+    qtMajorVersion = makefile->GetSafeDefinition("Qt5Core_VERSION_MAJOR");
+    }
 
   for(std::vector<cmSourceFile*>::const_iterator fileIt = srcFiles.begin();
       fileIt != srcFiles.end();
@@ -890,7 +1083,7 @@ void cmQtAutoGenerators::SetupAutoRccTarget(cmTarget const* target)
     if (ext == "qrc")
       {
       std::string absFile = cmsys::SystemTools::GetRealPath(
-                                                  sf->GetFullPath().c_str());
+                                                  sf->GetFullPath());
       bool skip = cmSystemTools::IsOn(sf->GetPropertyForUser("SKIP_AUTORCC"));
 
       if (!skip)
@@ -909,9 +1102,9 @@ void cmQtAutoGenerators::SetupAutoRccTarget(cmTarget const* target)
 
         if (!rccOptions.empty())
           {
-          rccFileFiles += sep;
+          rccFileFiles += optionSep;
           rccFileFiles += absFile;
-          rccFileOptions += sep;
+          rccFileOptions += optionSep;
           }
         const char *listSep = "";
         for(std::vector<std::string>::const_iterator it = rccOptions.begin();
@@ -922,10 +1115,34 @@ void cmQtAutoGenerators::SetupAutoRccTarget(cmTarget const* target)
           rccFileOptions += *it;
           listSep = "@list_sep@";
           }
-        sep = ";";
+        optionSep = ";";
+
+        std::vector<std::string> depends;
+
+        std::string entriesList;
+        if (!cmSystemTools::IsOn(sf->GetPropertyForUser("GENERATED")))
+          {
+          if (qtMajorVersion == "5")
+            {
+            entriesList = this->ListQt5RccInputs(sf, target, depends);
+            }
+          else
+            {
+            entriesList = this->ListQt4RccInputs(sf, depends);
+            }
+          if (entriesList.empty())
+            {
+            return;
+            }
+          }
+        qrcInputs += qrcInputsSep;
+        qrcInputs += entriesList;
+        qrcInputsSep = ";";
         }
       }
     }
+  makefile->AddDefinition("_qt_rcc_inputs_" + target->GetName(),
+                      cmLocalGenerator::EscapeForCMake(qrcInputs).c_str());
 
   makefile->AddDefinition("_rcc_files",
           cmLocalGenerator::EscapeForCMake(_rcc_files).c_str());
@@ -935,6 +1152,29 @@ void cmQtAutoGenerators::SetupAutoRccTarget(cmTarget const* target)
   makefile->AddDefinition("_qt_rcc_options_options",
             cmLocalGenerator::EscapeForCMake(rccFileOptions).c_str());
 
+  makefile->AddDefinition("_qt_rcc_executable",
+                          this->GetRccExecutable(target).c_str());
+}
+
+std::string cmQtAutoGenerators::GetRccExecutable(cmTarget const* target)
+{
+  cmMakefile *makefile = target->GetMakefile();
+  const char *qtVersion = makefile->GetDefinition("_target_qt_version");
+  if (!qtVersion)
+    {
+    qtVersion = makefile->GetDefinition("Qt5Core_VERSION_MAJOR");
+    if (!qtVersion)
+      {
+      qtVersion = makefile->GetDefinition("QT_VERSION_MAJOR");
+      }
+    if (const char *targetQtVersion =
+        target->GetLinkInterfaceDependentStringProperty("QT_MAJOR_VERSION",
+                                                        ""))
+      {
+      qtVersion = targetQtVersion;
+      }
+    }
+
   std::string targetName = target->GetName();
   if (strcmp(qtVersion, "5") == 0)
     {
@@ -943,9 +1183,9 @@ void cmQtAutoGenerators::SetupAutoRccTarget(cmTarget const* target)
       {
       cmSystemTools::Error("Qt5::rcc target not found ",
                           targetName.c_str());
-      return;
+      return std::string();
       }
-    makefile->AddDefinition("_qt_rcc_executable", qt5Rcc->GetLocation(""));
+    return qt5Rcc->GetLocation("");
     }
   else if (strcmp(qtVersion, "4") == 0)
     {
@@ -954,15 +1194,14 @@ void cmQtAutoGenerators::SetupAutoRccTarget(cmTarget const* target)
       {
       cmSystemTools::Error("Qt4::rcc target not found ",
                           targetName.c_str());
-      return;
+      return std::string();
       }
-    makefile->AddDefinition("_qt_rcc_executable", qt4Rcc->GetLocation(""));
-    }
-  else
-    {
-    cmSystemTools::Error("The CMAKE_AUTORCC feature supports only Qt 4 and "
-                        "Qt 5 ", targetName.c_str());
+    return qt4Rcc->GetLocation("");
     }
+
+  cmSystemTools::Error("The CMAKE_AUTORCC feature supports only Qt 4 and "
+                      "Qt 5 ", targetName.c_str());
+  return std::string();
 }
 
 static cmGlobalGenerator* CreateGlobalGenerator(cmake* cm,
@@ -1013,7 +1252,7 @@ bool cmQtAutoGenerators::ReadAutogenInfoFile(cmMakefile* makefile,
                                       const std::string& config)
 {
   std::string filename(
-      cmSystemTools::CollapseFullPath(targetDirectory.c_str()));
+      cmSystemTools::CollapseFullPath(targetDirectory));
   cmSystemTools::ConvertToUnixSlashes(filename);
   filename += "/AutogenInfo.cmake";
 
@@ -1030,7 +1269,10 @@ bool cmQtAutoGenerators::ReadAutogenInfoFile(cmMakefile* makefile,
                                      "AM_Qt5Core_VERSION_MAJOR");
     }
   this->Sources = makefile->GetSafeDefinition("AM_SOURCES");
-  this->RccSources = makefile->GetSafeDefinition("AM_RCC_SOURCES");
+  {
+  std::string rccSources = makefile->GetSafeDefinition("AM_RCC_SOURCES");
+  cmSystemTools::ExpandListArgument(rccSources, this->RccSources);
+  }
   this->SkipMoc = makefile->GetSafeDefinition("AM_SKIP_MOC");
   this->SkipUic = makefile->GetSafeDefinition("AM_SKIP_UIC");
   this->Headers = makefile->GetSafeDefinition("AM_HEADERS");
@@ -1128,6 +1370,28 @@ bool cmQtAutoGenerators::ReadAutogenInfoFile(cmMakefile* makefile,
     cmSystemTools::ReplaceString(*optionIt, "@list_sep@", ";");
     this->RccOptions[*fileIt] = *optionIt;
     }
+
+  const char *rccInputs = makefile->GetSafeDefinition("AM_RCC_INPUTS");
+  std::vector<std::string> rccInputLists;
+  cmSystemTools::ExpandListArgument(rccInputs, rccInputLists);
+
+  if (this->RccSources.size() != rccInputLists.size())
+    {
+    cmSystemTools::Error("Error processing file: ", filename.c_str());
+    return false;
+    }
+
+  for (std::vector<std::string>::iterator fileIt = this->RccSources.begin(),
+                                            inputIt = rccInputLists.begin();
+                                            fileIt != this->RccSources.end();
+                                            ++fileIt, ++inputIt)
+    {
+    cmSystemTools::ReplaceString(*inputIt, "@list_sep@", ";");
+    std::vector<std::string> rccInputFiles;
+    cmSystemTools::ExpandListArgument(*inputIt, rccInputFiles);
+
+    this->RccInputs[*fileIt] = rccInputFiles;
+    }
   }
   this->CurrentCompileSettingsStr = this->MakeCompileSettingsString(makefile);
 
@@ -1158,7 +1422,7 @@ bool cmQtAutoGenerators::ReadOldMocDefinitionsFile(cmMakefile* makefile,
                                             const std::string& targetDirectory)
 {
   std::string filename(
-      cmSystemTools::CollapseFullPath(targetDirectory.c_str()));
+      cmSystemTools::CollapseFullPath(targetDirectory));
   cmSystemTools::ConvertToUnixSlashes(filename);
   filename += "/AutomocOldMocDefinitions.cmake";
 
@@ -1176,7 +1440,7 @@ cmQtAutoGenerators::WriteOldMocDefinitionsFile(
                                             const std::string& targetDirectory)
 {
   std::string filename(
-      cmSystemTools::CollapseFullPath(targetDirectory.c_str()));
+      cmSystemTools::CollapseFullPath(targetDirectory));
   cmSystemTools::ConvertToUnixSlashes(filename);
   filename += "/AutomocOldMocDefinitions.cmake";
 
@@ -1218,11 +1482,11 @@ void cmQtAutoGenerators::Init()
     {
     const std::string &path = *it;
     this->MocIncludes.push_back("-I" + path);
-    if (this->EndsWith(path, ".framework/Headers"))
+    if (cmHasLiteralSuffix(path, ".framework/Headers"))
       {
       // Go up twice to get to the framework root
       std::vector<std::string> pathComponents;
-      cmsys::SystemTools::SplitPath(path.c_str(), pathComponents);
+      cmsys::SystemTools::SplitPath(path, pathComponents);
       std::string frameworkPath =cmsys::SystemTools::JoinPath(
                              pathComponents.begin(), pathComponents.end() - 2);
       frameworkPaths.insert(frameworkPath);
@@ -1239,7 +1503,7 @@ void cmQtAutoGenerators::Init()
 
     if (this->IncludeProjectDirsBefore)
       {
-      const std::string &binDir = "-I" + this->ProjectBinaryDir;
+      const std::string binDir = "-I" + this->ProjectBinaryDir;
 
       const std::string srcDir = "-I" + this->ProjectSourceDir;
 
@@ -1484,7 +1748,7 @@ void cmQtAutoGenerators::ParseCppFile(const std::string& absFilename,
     }
 
   const std::string absPath = cmsys::SystemTools::GetFilenamePath(
-                   cmsys::SystemTools::GetRealPath(absFilename.c_str())) + '/';
+                   cmsys::SystemTools::GetRealPath(absFilename)) + '/';
   const std::string scannedFileBasename = cmsys::SystemTools::
                                   GetFilenameWithoutLastExtension(absFilename);
   std::string macroName;
@@ -1510,7 +1774,7 @@ void cmQtAutoGenerators::ParseCppFile(const std::string& absFilename,
 
       std::string basename = cmsys::SystemTools::
                                    GetFilenameWithoutLastExtension(currentMoc);
-      const bool moc_style = this->StartsWith(basename, "moc_");
+      const bool moc_style = cmHasLiteralPrefix(basename, "moc_");
 
       // If the moc include is of the moc_foo.cpp style we expect
       // the Q_OBJECT class declaration in a header file.
@@ -1672,7 +1936,7 @@ void cmQtAutoGenerators::StrictParseCppFile(const std::string& absFilename,
     }
 
   const std::string absPath = cmsys::SystemTools::GetFilenamePath(
-                   cmsys::SystemTools::GetRealPath(absFilename.c_str())) + '/';
+                   cmsys::SystemTools::GetRealPath(absFilename)) + '/';
   const std::string scannedFileBasename = cmsys::SystemTools::
                                   GetFilenameWithoutLastExtension(absFilename);
 
@@ -1692,7 +1956,7 @@ void cmQtAutoGenerators::StrictParseCppFile(const std::string& absFilename,
 
       std::string basename = cmsys::SystemTools::
                                    GetFilenameWithoutLastExtension(currentMoc);
-      const bool mocUnderscoreStyle = this->StartsWith(basename, "moc_");
+      const bool mocUnderscoreStyle = cmHasLiteralPrefix(basename, "moc_");
 
       // If the moc include is of the moc_foo.cpp style we expect
       // the Q_OBJECT class declaration in a header file.
@@ -1802,7 +2066,7 @@ void cmQtAutoGenerators::ParseForUic(const std::string& absFilename,
   std::string::size_type matchOffset = 0;
 
   const std::string realName =
-                   cmsys::SystemTools::GetRealPath(absFilename.c_str());
+                   cmsys::SystemTools::GetRealPath(absFilename);
 
   matchOffset = 0;
   if ((strstr(contentsString.c_str(), "ui_") != NULL)
@@ -1836,7 +2100,7 @@ cmQtAutoGenerators::SearchHeadersForCppFile(const std::string& absFilename,
   const std::string basename =
               cmsys::SystemTools::GetFilenameWithoutLastExtension(absFilename);
   const std::string absPath = cmsys::SystemTools::GetFilenamePath(
-                   cmsys::SystemTools::GetRealPath(absFilename.c_str())) + '/';
+                   cmsys::SystemTools::GetRealPath(absFilename)) + '/';
 
   for(std::vector<std::string>::const_iterator ext = headerExtensions.begin();
       ext != headerExtensions.end();
@@ -1904,8 +2168,8 @@ bool cmQtAutoGenerators::GenerateMoc(const std::string& sourceFile,
 {
   const std::string mocFilePath = this->Builddir + mocFileName;
   int sourceNewerThanMoc = 0;
-  bool success = cmsys::SystemTools::FileTimeCompare(sourceFile.c_str(),
-                                                     mocFilePath.c_str(),
+  bool success = cmsys::SystemTools::FileTimeCompare(sourceFile,
+                                                     mocFilePath,
                                                      &sourceNewerThanMoc);
   if (this->GenerateAll || !success || sourceNewerThanMoc >= 0)
     {
@@ -1968,7 +2232,7 @@ bool cmQtAutoGenerators::GenerateMoc(const std::string& sourceFile,
       std::cerr << "AUTOGEN: error: process for " << mocFilePath <<" failed:\n"
                 << output << std::endl;
       this->RunMocFailed = true;
-      cmSystemTools::RemoveFile(mocFilePath.c_str());
+      cmSystemTools::RemoveFile(mocFilePath);
       }
     return true;
     }
@@ -1984,14 +2248,14 @@ bool cmQtAutoGenerators::GenerateUi(const std::string& realName,
     }
 
   const std::string path = cmsys::SystemTools::GetFilenamePath(
-                                                      realName.c_str()) + '/';
+                                                      realName) + '/';
 
   std::string ui_output_file = "ui_" + uiFileName + ".h";
   std::string ui_input_file = path + uiFileName + ".ui";
 
   int sourceNewerThanUi = 0;
-  bool success = cmsys::SystemTools::FileTimeCompare(ui_input_file.c_str(),
-                                    (this->Builddir + ui_output_file).c_str(),
+  bool success = cmsys::SystemTools::FileTimeCompare(ui_input_file,
+                                    this->Builddir + ui_output_file,
                                                      &sourceNewerThanUi);
   if (this->GenerateAll || !success || sourceNewerThanUi >= 0)
     {
@@ -2042,7 +2306,7 @@ bool cmQtAutoGenerators::GenerateUi(const std::string& realName,
       std::cerr << "AUTOUIC: error: process for " << ui_output_file <<
                 " failed:\n" << output << std::endl;
       this->RunUicFailed = true;
-      cmSystemTools::RemoveFile(ui_output_file.c_str());
+      cmSystemTools::RemoveFile(ui_output_file);
       return false;
       }
     return true;
@@ -2050,13 +2314,29 @@ bool cmQtAutoGenerators::GenerateUi(const std::string& realName,
   return false;
 }
 
-bool cmQtAutoGenerators::GenerateQrc()
+bool cmQtAutoGenerators::InputFilesNewerThanQrc(const std::string& qrcFile,
+                                                const std::string& rccOutput)
 {
-  std::vector<std::string> sourceFiles;
-  cmSystemTools::ExpandListArgument(this->RccSources, sourceFiles);
+  std::vector<std::string> const& files = this->RccInputs[qrcFile];
+  for (std::vector<std::string>::const_iterator it = files.begin();
+       it != files.end(); ++it)
+    {
+    int inputNewerThanQrc = 0;
+    bool success = cmsys::SystemTools::FileTimeCompare(*it,
+                                                      rccOutput,
+                                                      &inputNewerThanQrc);
+    if (!success || inputNewerThanQrc >= 0)
+      {
+      return true;
+      }
+    }
+  return false;
+}
 
-  for(std::vector<std::string>::const_iterator si = sourceFiles.begin();
-      si != sourceFiles.end(); ++si)
+bool cmQtAutoGenerators::GenerateQrc()
+{
+  for(std::vector<std::string>::const_iterator si = this->RccSources.begin();
+      si != this->RccSources.end(); ++si)
     {
     std::string ext = cmsys::SystemTools::GetFilenameLastExtension(*si);
 
@@ -2075,10 +2355,14 @@ bool cmQtAutoGenerators::GenerateQrc()
                                 + ".dir/qrc_" + basename + ".cpp";
 
     int sourceNewerThanQrc = 0;
-    bool success = cmsys::SystemTools::FileTimeCompare(si->c_str(),
-                                                      rcc_output_file.c_str(),
+    bool generateQrc = !cmsys::SystemTools::FileTimeCompare(*si,
+                                                      rcc_output_file,
                                                       &sourceNewerThanQrc);
-    if (this->GenerateAll || !success || sourceNewerThanQrc >= 0)
+    generateQrc = generateQrc || (sourceNewerThanQrc >= 0);
+    generateQrc = generateQrc || this->InputFilesNewerThanQrc(*si,
+                                                          rcc_output_file);
+
+    if (this->GenerateAll || generateQrc)
       {
       std::map<std::string, std::string>::const_iterator optionIt
               = this->RccOptions.find(*si);
@@ -2118,7 +2402,7 @@ bool cmQtAutoGenerators::GenerateQrc()
         std::cerr << "AUTORCC: error: process for " << rcc_output_file <<
                   " failed:\n" << output << std::endl;
         this->RunRccFailed = true;
-        cmSystemTools::RemoveFile(rcc_output_file.c_str());
+        cmSystemTools::RemoveFile(rcc_output_file);
         return false;
         }
       }
diff --git a/Source/cmQtAutoGenerators.h b/Source/cmQtAutoGenerators.h
index c298f5d..79fa5df 100644
--- a/Source/cmQtAutoGenerators.h
+++ b/Source/cmQtAutoGenerators.h
@@ -86,9 +86,20 @@ private:
   void MergeRccOptions(std::vector<std::string> &opts,
                        const std::vector<std::string> &fileOpts, bool isQt5);
 
+  std::string GetRccExecutable(cmTarget const* target);
+
+  std::string ListQt5RccInputs(cmSourceFile* sf, cmTarget const* target,
+                               std::vector<std::string>& depends);
+
+  std::string ListQt4RccInputs(cmSourceFile* sf,
+                               std::vector<std::string>& depends);
+
+  bool InputFilesNewerThanQrc(const std::string& qrcFile,
+                              const std::string& rccOutput);
+
   std::string QtMajorVersion;
   std::string Sources;
-  std::string RccSources;
+  std::vector<std::string> RccSources;
   std::string SkipMoc;
   std::string SkipUic;
   std::string Headers;
@@ -116,6 +127,7 @@ private:
   std::vector<std::string> UicTargetOptions;
   std::map<std::string, std::string> UicOptions;
   std::map<std::string, std::string> RccOptions;
+  std::map<std::string, std::vector<std::string> > RccInputs;
 
   bool Verbose;
   bool ColorOutput;
diff --git a/Source/cmSearchPath.cxx b/Source/cmSearchPath.cxx
new file mode 100644
index 0000000..861dbf1
--- /dev/null
+++ b/Source/cmSearchPath.cxx
@@ -0,0 +1,251 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2000-2009 Kitware, Inc., Insight Software Consortium
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+
+#include "cmSearchPath.h"
+#include "cmFindCommon.h"
+
+//----------------------------------------------------------------------------
+cmSearchPath::cmSearchPath(cmFindCommon* findCmd)
+: FC(findCmd)
+{
+}
+
+//----------------------------------------------------------------------------
+cmSearchPath::~cmSearchPath()
+{
+}
+
+//----------------------------------------------------------------------------
+
+void cmSearchPath::ExtractWithout(const std::set<std::string>& ignore,
+                                  std::vector<std::string>& outPaths,
+                                  bool clear) const
+{
+  if(clear)
+    {
+    outPaths.clear();
+    }
+  for(std::vector<std::string>::const_iterator p = this->Paths.begin();
+      p != this->Paths.end(); ++p)
+    {
+    if(ignore.count(*p) == 0)
+      {
+      outPaths.push_back(*p);
+      }
+    }
+}
+
+//----------------------------------------------------------------------------
+void cmSearchPath::AddPath(const std::string& path)
+{
+  this->AddPathInternal(path);
+}
+
+//----------------------------------------------------------------------------
+void cmSearchPath::AddUserPath(const std::string& path)
+{
+  assert(this->FC != NULL);
+
+  std::vector<std::string> outPaths;
+
+  // We should view the registry as the target application would view
+  // it.
+  cmSystemTools::KeyWOW64 view = cmSystemTools::KeyWOW64_32;
+  cmSystemTools::KeyWOW64 other_view = cmSystemTools::KeyWOW64_64;
+  if(this->FC->Makefile->PlatformIs64Bit())
+    {
+    view = cmSystemTools::KeyWOW64_64;
+    other_view = cmSystemTools::KeyWOW64_32;
+    }
+
+  // Expand using the view of the target application.
+  std::string expanded = path;
+  cmSystemTools::ExpandRegistryValues(expanded, view);
+  cmSystemTools::GlobDirs(expanded, outPaths);
+
+  // Executables can be either 32-bit or 64-bit, so expand using the
+  // alternative view.
+  if(expanded != path && this->FC->CMakePathName == "PROGRAM")
+    {
+    expanded = path;
+    cmSystemTools::ExpandRegistryValues(expanded, other_view);
+    cmSystemTools::GlobDirs(expanded, outPaths);
+    }
+
+  // Process them all from the current directory
+  for(std::vector<std::string>::const_iterator p = outPaths.begin();
+      p != outPaths.end(); ++p)
+    {
+    this->AddPathInternal(*p, this->FC->Makefile->GetCurrentDirectory());
+    }
+}
+
+//----------------------------------------------------------------------------
+void cmSearchPath::AddCMakePath(const std::string& variable)
+{
+  assert(this->FC != NULL);
+
+  // Get a path from a CMake variable.
+  if(const char* value = this->FC->Makefile->GetDefinition(variable))
+    {
+    std::vector<std::string> expanded;
+    cmSystemTools::ExpandListArgument(value, expanded);
+
+    for(std::vector<std::string>::const_iterator p = expanded.begin();
+        p!= expanded.end(); ++p)
+      {
+      this->AddPathInternal(*p, this->FC->Makefile->GetCurrentDirectory());
+      }
+    }
+}
+
+//----------------------------------------------------------------------------
+void cmSearchPath::AddEnvPath(const std::string& variable)
+{
+  std::vector<std::string> expanded;
+  cmSystemTools::GetPath(expanded, variable.c_str());
+  for(std::vector<std::string>::const_iterator p = expanded.begin();
+      p!= expanded.end(); ++p)
+    {
+    this->AddPathInternal(*p);
+    }
+}
+
+//----------------------------------------------------------------------------
+void cmSearchPath::AddCMakePrefixPath(const std::string& variable)
+{
+  assert(this->FC != NULL);
+
+  // Get a path from a CMake variable.
+  if(const char* value = this->FC->Makefile->GetDefinition(variable))
+    {
+    std::vector<std::string> expanded;
+    cmSystemTools::ExpandListArgument(value, expanded);
+
+    this->AddPrefixPaths(expanded, this->FC->Makefile->GetCurrentDirectory());
+    }
+}
+
+//----------------------------------------------------------------------------
+void cmSearchPath::AddEnvPrefixPath(const std::string& variable)
+{
+  std::vector<std::string> expanded;
+  cmSystemTools::GetPath(expanded, variable.c_str());
+  this->AddPrefixPaths(expanded);
+}
+
+//----------------------------------------------------------------------------
+void cmSearchPath::AddSuffixes(const std::vector<std::string>& suffixes)
+{
+  std::vector<std::string> inPaths;
+  inPaths.swap(this->Paths);
+  this->Paths.reserve(inPaths.size()*(suffixes.size()+1));
+
+  for(std::vector<std::string>::iterator ip = inPaths.begin();
+      ip != inPaths.end(); ++ip)
+    {
+    cmSystemTools::ConvertToUnixSlashes(*ip);
+
+    // if *i is only / then do not add a //
+    // this will get incorrectly considered a network
+    // path on windows and cause huge delays.
+    std::string p = *ip;
+    if(!p.empty() && *p.rbegin() != '/')
+      {
+      p += "/";
+      }
+
+    // Combine with all the suffixes
+    for(std::vector<std::string>::const_iterator s = suffixes.begin();
+        s != suffixes.end(); ++s)
+      {
+      this->Paths.push_back(p+*s);
+      }
+
+    // And now the original w/o any suffix
+    this->Paths.push_back(*ip);
+    }
+}
+
+//----------------------------------------------------------------------------
+void cmSearchPath::AddPrefixPaths(const std::vector<std::string>& paths,
+                                  const char *base)
+{
+  assert(this->FC != NULL);
+
+  // default for programs
+  std::string subdir = "bin";
+
+  if (this->FC->CMakePathName == "INCLUDE")
+    {
+    subdir = "include";
+    }
+  else if (this->FC->CMakePathName == "LIBRARY")
+    {
+    subdir = "lib";
+    }
+  else if (this->FC->CMakePathName == "FRAMEWORK")
+    {
+    subdir = "";  // ? what to do for frameworks ?
+    }
+
+  for(std::vector<std::string>::const_iterator p = paths.begin();
+      p != paths.end(); ++p)
+    {
+    std::string dir = *p;
+    if(!subdir.empty() && !dir.empty() && *dir.rbegin() != '/')
+      {
+      dir += "/";
+      }
+    if(subdir == "include" || subdir == "lib")
+      {
+      const char* arch =
+        this->FC->Makefile->GetDefinition("CMAKE_LIBRARY_ARCHITECTURE");
+      if(arch && *arch)
+        {
+        this->AddPathInternal(dir+subdir+"/"+arch, base);
+        }
+      }
+    std::string add = dir + subdir;
+    if(add != "/")
+      {
+      this->AddPathInternal(add, base);
+      }
+    if (subdir == "bin")
+      {
+      this->AddPathInternal(dir+"sbin", base);
+      }
+    if(!subdir.empty() && *p != "/")
+      {
+      this->AddPathInternal(*p, base);
+      }
+    }
+}
+
+//----------------------------------------------------------------------------
+void cmSearchPath::AddPathInternal(const std::string& path, const char *base)
+{
+  assert(this->FC != NULL);
+
+  std::string collapsed = cmSystemTools::CollapseFullPath(path, base);
+
+   if(collapsed.empty())
+    {
+    return;
+    }
+
+  // Insert the path if has not already been emitted.
+  if(this->FC->SearchPathsEmitted.insert(collapsed).second)
+    {
+    this->Paths.push_back(collapsed);
+    }
+}
diff --git a/Source/cmSearchPath.h b/Source/cmSearchPath.h
new file mode 100644
index 0000000..51a6149
--- /dev/null
+++ b/Source/cmSearchPath.h
@@ -0,0 +1,57 @@
+/*============================================================================
+  CMake - Cross Platform Makefile Generator
+  Copyright 2000-2009 Kitware, Inc., Insight Software Consortium
+
+  Distributed under the OSI-approved BSD License (the "License");
+  see accompanying file Copyright.txt for details.
+
+  This software is distributed WITHOUT ANY WARRANTY; without even the
+  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the License for more information.
+============================================================================*/
+#ifndef cmSearchPath_h
+#define cmSearchPath_h
+
+#include "cmStandardIncludes.h"
+
+class cmFindCommon;
+
+/** \class cmSearchPath
+ * \brief Container for encapsulating a set of search paths
+ *
+ * cmSearchPath is a container that encapsulates search path construction and
+ * management
+ */
+class cmSearchPath
+{
+public:
+  // cmSearchPath must be initialized from a valid pointer.  The only reason
+  // for teh default is to allow it to be easily used in stl containers.
+  // Attempting to initialize with a NULL value will fail an assertion
+  cmSearchPath(cmFindCommon* findCmd = 0);
+  ~cmSearchPath();
+
+  const std::vector<std::string>& GetPaths() const { return this->Paths; }
+
+  void ExtractWithout(const std::set<std::string>& ignore,
+                      std::vector<std::string>& outPaths,
+                      bool clear = false) const;
+
+  void AddPath(const std::string& path);
+  void AddUserPath(const std::string& path);
+  void AddCMakePath(const std::string& variable);
+  void AddEnvPath(const std::string& variable);
+  void AddCMakePrefixPath(const std::string& variable);
+  void AddEnvPrefixPath(const std::string& variable);
+  void AddSuffixes(const std::vector<std::string>& suffixes);
+
+protected:
+  void AddPrefixPaths(const std::vector<std::string>& paths,
+                      const char *base = 0);
+  void AddPathInternal(const std::string& path, const char *base = 0);
+
+  cmFindCommon *FC;
+  std::vector<std::string> Paths;
+};
+
+#endif
diff --git a/Source/cmSetCommand.cxx b/Source/cmSetCommand.cxx
index 0ca36eb..176a08d 100644
--- a/Source/cmSetCommand.cxx
+++ b/Source/cmSetCommand.cxx
@@ -43,7 +43,7 @@ bool cmSetCommand
       if (!currValue || strcmp(currValue,args[1].c_str()))
         {
         putEnvArg += args[1];
-        cmSystemTools::PutEnv(putEnvArg.c_str());
+        cmSystemTools::PutEnv(putEnvArg);
         }
       return true;
       }
@@ -51,7 +51,7 @@ bool cmSetCommand
     // if it will be cleared, then clear it if it isn;t already clear
     if (currValue)
       {
-      cmSystemTools::PutEnv(putEnvArg.c_str());
+      cmSystemTools::PutEnv(putEnvArg);
       }
     return true;
     }
diff --git a/Source/cmSetPropertyCommand.cxx b/Source/cmSetPropertyCommand.cxx
index c624d17..653d764 100644
--- a/Source/cmSetPropertyCommand.cxx
+++ b/Source/cmSetPropertyCommand.cxx
@@ -204,7 +204,7 @@ bool cmSetPropertyCommand::HandleDirectoryMode()
       }
 
     // The local generators are associated with collapsed paths.
-    dir = cmSystemTools::CollapseFullPath(dir.c_str());
+    dir = cmSystemTools::CollapseFullPath(dir);
 
     // Lookup the generator.
     if(cmLocalGenerator* lg =
diff --git a/Source/cmSourceFile.cxx b/Source/cmSourceFile.cxx
index b833d3f..6fe5c62 100644
--- a/Source/cmSourceFile.cxx
+++ b/Source/cmSourceFile.cxx
@@ -179,7 +179,7 @@ bool cmSourceFile::FindFullPath(std::string* error)
       tryPath += "/";
       }
     tryPath += this->Location.GetName();
-    tryPath = cmSystemTools::CollapseFullPath(tryPath.c_str(), *di);
+    tryPath = cmSystemTools::CollapseFullPath(tryPath, *di);
     if(this->TryFullPath(tryPath, ""))
       {
       return true;
diff --git a/Source/cmSourceFileLocation.cxx b/Source/cmSourceFileLocation.cxx
index 004fd1f..b81951d 100644
--- a/Source/cmSourceFileLocation.cxx
+++ b/Source/cmSourceFileLocation.cxx
@@ -63,7 +63,7 @@ cmSourceFileLocation
   if (cmSystemTools::FileIsFullPath(this->Directory.c_str()))
     {
     this->Directory
-                  = cmSystemTools::CollapseFullPath(this->Directory.c_str());
+                  = cmSystemTools::CollapseFullPath(this->Directory);
     }
   this->Name = cmSystemTools::GetFilenameName(name);
   this->UpdateExtension(name);
@@ -92,7 +92,7 @@ void cmSourceFileLocation::DirectoryUseSource()
     {
     this->Directory =
       cmSystemTools::CollapseFullPath(
-        this->Directory.c_str(), this->Makefile->GetCurrentDirectory());
+        this->Directory, this->Makefile->GetCurrentDirectory());
     this->AmbiguousDirectory = false;
     }
 }
@@ -105,7 +105,7 @@ void cmSourceFileLocation::DirectoryUseBinary()
     {
     this->Directory =
       cmSystemTools::CollapseFullPath(
-        this->Directory.c_str(), this->Makefile->GetCurrentOutputDirectory());
+        this->Directory, this->Makefile->GetCurrentOutputDirectory());
     this->AmbiguousDirectory = false;
     }
 }
@@ -281,10 +281,10 @@ bool cmSourceFileLocation::Matches(cmSourceFileLocation const& loc)
     // Compare possible directory combinations.
     std::string const& srcDir =
       cmSystemTools::CollapseFullPath(
-        this->Directory.c_str(), this->Makefile->GetCurrentDirectory());
+        this->Directory, this->Makefile->GetCurrentDirectory());
     std::string const& binDir =
       cmSystemTools::CollapseFullPath(
-        this->Directory.c_str(), this->Makefile->GetCurrentOutputDirectory());
+        this->Directory, this->Makefile->GetCurrentOutputDirectory());
     if(srcDir != loc.Directory &&
        binDir != loc.Directory)
       {
@@ -296,10 +296,10 @@ bool cmSourceFileLocation::Matches(cmSourceFileLocation const& loc)
     // Compare possible directory combinations.
     std::string const& srcDir =
       cmSystemTools::CollapseFullPath(
-        loc.Directory.c_str(), loc.Makefile->GetCurrentDirectory());
+        loc.Directory, loc.Makefile->GetCurrentDirectory());
     std::string const& binDir =
       cmSystemTools::CollapseFullPath(
-        loc.Directory.c_str(), loc.Makefile->GetCurrentOutputDirectory());
+        loc.Directory, loc.Makefile->GetCurrentOutputDirectory());
     if(srcDir != this->Directory &&
        binDir != this->Directory)
       {
diff --git a/Source/cmStandardIncludes.h b/Source/cmStandardIncludes.h
index 8baf7b3..6b85634 100644
--- a/Source/cmStandardIncludes.h
+++ b/Source/cmStandardIncludes.h
@@ -28,12 +28,6 @@
 #define CMAKE_NO_ANSI_FOR_SCOPE
 #endif
 
-#ifdef __BORLANDC__
-# pragma warn -8030 /* Temporary used for parameter */
-# pragma warn -8027 /* 'for' not inlined.  */
-# pragma warn -8026 /* 'exception' not inlined.  */
-# pragma warn -8004 /* value never used */
-#endif
 
 #ifdef __ICL
 #pragma warning ( disable : 985 )
@@ -78,10 +72,6 @@ public:
 #if defined(_MSC_VER)
 # pragma warning (push,1)
 #endif
-#if defined(__BORLANDC__)
-# pragma warn -8008 /* condition is always false (RESET BELOW!) */
-# pragma warn -8066 /* unreachable code (RESET BELOW!) */
-#endif
 
 #ifndef CMAKE_NO_ANSI_STREAM_HEADERS
 #  include <fstream>
@@ -112,10 +102,6 @@ public:
 #include <set>
 #include <deque>
 
-#if defined(__BORLANDC__)
-# pragma warn .8008 /* condition is always false (disabled above) */
-# pragma warn .8066 /* unreachable code (disabled above) */
-#endif
 #if defined(_MSC_VER)
 # pragma warning(pop)
 #endif
@@ -134,10 +120,6 @@ public:
 // include blockers are put in place that prevent including the
 // C-style versions from ever including the sub-headers.  Therefore we
 // have to include the sub-headers here to get the using declarations.
-#if defined(__BORLANDC__)
-# include <mem.h>    /* mem... functions from string.h */
-# include <search.h> /* search functions from stdlib.h */
-#endif
 
 
 #if !defined(_WIN32) && defined(__COMO__)
@@ -411,9 +393,7 @@ inline bool cmHasLiteralSuffixImpl(const char* str1,
   return len >= N && strcmp(str1 + len - N, str2) == 0;
 }
 
-#if defined(_MSC_VER) && _MSC_VER < 1300 \
-  || defined(__GNUC__) && __GNUC__ < 3 \
-  || defined(__BORLANDC__)
+#if defined(__GNUC__) && __GNUC__ < 3
 
 #define cmArrayBegin(a) a
 #define cmArraySize(a) (sizeof(a)/sizeof(*a))
diff --git a/Source/cmStandardLexer.h b/Source/cmStandardLexer.h
index acd636c..981e03e 100644
--- a/Source/cmStandardLexer.h
+++ b/Source/cmStandardLexer.h
@@ -25,25 +25,6 @@
 # pragma warning ( disable : 4786 )
 #endif
 
-#if defined(__BORLANDC__)
-# pragma warn -8008 /* condition always returns true */
-# pragma warn -8066 /* unreachable code */
-#endif
-
-/* Borland system header defines these macros without first undef-ing them. */
-#if defined(__BORLANDC__) && __BORLANDC__ >= 0x580
-# undef INT8_MIN
-# undef INT16_MIN
-# undef INT32_MIN
-# undef INT8_MAX
-# undef INT16_MAX
-# undef INT32_MAX
-# undef UINT8_MAX
-# undef UINT16_MAX
-# undef UINT32_MAX
-# include <stdint.h>
-#endif
-
 /* Make sure SGI termios does not define ECHO differently.  */
 #if defined(__sgi) && !defined(__GNUC__)
 # include <sys/termios.h>
diff --git a/Source/cmStringCommand.cxx b/Source/cmStringCommand.cxx
index 93aa083..8341027 100644
--- a/Source/cmStringCommand.cxx
+++ b/Source/cmStringCommand.cxx
@@ -310,7 +310,7 @@ bool cmStringCommand::RegexMatch(std::vector<std::string> const& args)
     input += args[i];
     }
 
-  this->ClearMatches(this->Makefile);
+  this->Makefile->ClearMatches();
   // Compile the regular expression.
   cmsys::RegularExpression re;
   if(!re.compile(regex.c_str()))
@@ -325,7 +325,7 @@ bool cmStringCommand::RegexMatch(std::vector<std::string> const& args)
   std::string output;
   if(re.find(input.c_str()))
     {
-    this->StoreMatches(this->Makefile, re);
+    this->Makefile->StoreMatches(re);
     std::string::size_type l = re.start();
     std::string::size_type r = re.end();
     if(r-l == 0)
@@ -359,7 +359,7 @@ bool cmStringCommand::RegexMatchAll(std::vector<std::string> const& args)
     input += args[i];
     }
 
-  this->ClearMatches(this->Makefile);
+  this->Makefile->ClearMatches();
   // Compile the regular expression.
   cmsys::RegularExpression re;
   if(!re.compile(regex.c_str()))
@@ -376,7 +376,7 @@ bool cmStringCommand::RegexMatchAll(std::vector<std::string> const& args)
   const char* p = input.c_str();
   while(re.find(p))
     {
-    this->StoreMatches(this->Makefile, re);
+    this->Makefile->StoreMatches(re);
     std::string::size_type l = re.start();
     std::string::size_type r = re.end();
     if(r-l == 0)
@@ -463,7 +463,7 @@ bool cmStringCommand::RegexReplace(std::vector<std::string> const& args)
     input += args[i];
     }
 
-  this->ClearMatches(this->Makefile);
+  this->Makefile->ClearMatches();
   // Compile the regular expression.
   cmsys::RegularExpression re;
   if(!re.compile(regex.c_str()))
@@ -480,7 +480,7 @@ bool cmStringCommand::RegexReplace(std::vector<std::string> const& args)
   std::string::size_type base = 0;
   while(re.find(input.c_str()+base))
     {
-    this->StoreMatches(this->Makefile, re);
+    this->Makefile->StoreMatches(re);
     std::string::size_type l2 = re.start();
     std::string::size_type r = re.end();
 
@@ -541,38 +541,6 @@ bool cmStringCommand::RegexReplace(std::vector<std::string> const& args)
 }
 
 //----------------------------------------------------------------------------
-void cmStringCommand::ClearMatches(cmMakefile* mf)
-{
-  for (unsigned int i=0; i<10; i++)
-    {
-    char name[128];
-    sprintf(name, "CMAKE_MATCH_%d", i);
-    const char* s = mf->GetDefinition(name);
-    if(s && *s != 0)
-      {
-      mf->AddDefinition(name, "");
-      mf->MarkVariableAsUsed(name);
-      }
-    }
-}
-
-//----------------------------------------------------------------------------
-void cmStringCommand::StoreMatches(cmMakefile* mf,cmsys::RegularExpression& re)
-{
-  for (unsigned int i=0; i<10; i++)
-    {
-    std::string m = re.match(i);
-    if(m.size() > 0)
-      {
-      char name[128];
-      sprintf(name, "CMAKE_MATCH_%d", i);
-      mf->AddDefinition(name, re.match(i).c_str());
-      mf->MarkVariableAsUsed(name);
-      }
-    }
-}
-
-//----------------------------------------------------------------------------
 bool cmStringCommand::HandleFindCommand(std::vector<std::string> const&
                                            args)
 {
@@ -743,12 +711,10 @@ bool cmStringCommand::HandleSubstringCommand(std::vector<std::string> const&
     this->SetError(ostr.str());
     return false;
     }
-  int leftOverLength = intStringLength - begin;
-  if ( end < -1 || end > leftOverLength )
+  if ( end < -1 )
     {
     cmOStringStream ostr;
-    ostr << "end index: " << end << " is out of range -1 - "
-         << leftOverLength;
+    ostr << "end index: " << end << " should be -1 or greater";
     this->SetError(ostr.str());
     return false;
     }
@@ -814,7 +780,7 @@ bool cmStringCommand
   const std::string& variableName = args[2];
 
   this->Makefile->AddDefinition(variableName,
-                      cmSystemTools::MakeCidentifier(input.c_str()).c_str());
+                      cmSystemTools::MakeCidentifier(input).c_str());
   return true;
 }
 
diff --git a/Source/cmStringCommand.h b/Source/cmStringCommand.h
index a5fe893..9c75095 100644
--- a/Source/cmStringCommand.h
+++ b/Source/cmStringCommand.h
@@ -53,8 +53,6 @@ public:
   virtual std::string GetName() const { return "string";}
 
   cmTypeMacro(cmStringCommand, cmCommand);
-  static void ClearMatches(cmMakefile* mf);
-  static void StoreMatches(cmMakefile* mf, cmsys::RegularExpression& re);
 protected:
   bool HandleConfigureCommand(std::vector<std::string> const& args);
   bool HandleAsciiCommand(std::vector<std::string> const& args);
diff --git a/Source/cmSubdirCommand.cxx b/Source/cmSubdirCommand.cxx
index cdde916..93ad4f3 100644
--- a/Source/cmSubdirCommand.cxx
+++ b/Source/cmSubdirCommand.cxx
@@ -42,7 +42,7 @@ bool cmSubdirCommand
     std::string srcPath =
       std::string(this->Makefile->GetCurrentDirectory()) +
         "/" + i->c_str();
-    if (cmSystemTools::FileIsDirectory(srcPath.c_str()))
+    if (cmSystemTools::FileIsDirectory(srcPath))
       {
       std::string binPath =
         std::string(this->Makefile->GetCurrentOutputDirectory()) +
@@ -51,7 +51,7 @@ bool cmSubdirCommand
                                   excludeFromAll, preorder, false);
       }
     // otherwise it is a full path
-    else if ( cmSystemTools::FileIsDirectory(i->c_str()) )
+    else if ( cmSystemTools::FileIsDirectory(*i) )
       {
       // we must compute the binPath from the srcPath, we just take the last
       // element from the source path and use that
diff --git a/Source/cmSystemTools.cxx b/Source/cmSystemTools.cxx
index fbb4416..9852dd6 100644
--- a/Source/cmSystemTools.cxx
+++ b/Source/cmSystemTools.cxx
@@ -9,9 +9,7 @@
   implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
   See the License for more information.
 ============================================================================*/
-#if defined(_MSC_VER) && _MSC_VER < 1300
-# define _WIN32_WINNT 0x0400 /* for wincrypt.h */
-#endif
+
 #include "cmSystemTools.h"
 #include <ctype.h>
 #include <errno.h>
@@ -52,8 +50,7 @@
 #include <sys/stat.h>
 
 #if defined(_WIN32) && \
-   (defined(_MSC_VER) || defined(__WATCOMC__) || \
-    defined(__BORLANDC__) || defined(__MINGW32__))
+   (defined(_MSC_VER) || defined(__WATCOMC__) || defined(__MINGW32__))
 # include <io.h>
 #endif
 
@@ -97,7 +94,7 @@ cm_archive_entry_pathname(struct archive_entry *entry)
 {
 #if cmsys_STL_HAS_WSTRING
   return cmsys::Encoding::ToNarrow(
-    archive_entry_pathname_w(entry)).c_str();
+    archive_entry_pathname_w(entry));
 #else
   return archive_entry_pathname(entry);
 #endif
@@ -881,7 +878,7 @@ std::string cmSystemTools::FileExistsInParentDirectories(const char* fname,
       break;
       }
     prevDir = dir;
-    dir = cmSystemTools::GetParentDirectory(dir.c_str());
+    dir = cmSystemTools::GetParentDirectory(dir);
     }
   return "";
 }
@@ -1014,7 +1011,7 @@ void cmSystemTools::Glob(const std::string& directory,
   cmsys::Directory d;
   cmsys::RegularExpression reg(regexp.c_str());
 
-  if (d.Load(directory.c_str()))
+  if (d.Load(directory))
     {
     size_t numf;
         unsigned int i;
@@ -1044,7 +1041,7 @@ void cmSystemTools::GlobDirs(const std::string& path,
   std::string finishPath = path.substr(pos+2);
 
   cmsys::Directory d;
-  if (d.Load(startPath.c_str()))
+  if (d.Load(startPath))
     {
     for (unsigned int i = 0; i < d.GetNumberOfFiles(); ++i)
       {
@@ -1054,7 +1051,7 @@ void cmSystemTools::GlobDirs(const std::string& path,
         std::string fname = startPath;
         fname +="/";
         fname += d.GetFile(i);
-        if(cmSystemTools::FileIsDirectory(fname.c_str()))
+        if(cmSystemTools::FileIsDirectory(fname))
           {
           fname += finishPath;
           cmSystemTools::GlobDirs(fname, files);
@@ -1168,7 +1165,7 @@ bool cmSystemTools::SimpleGlob(const std::string& glob,
 
   bool res = false;
   cmsys::Directory d;
-  if (d.Load(path.c_str()))
+  if (d.Load(path))
     {
     for (unsigned int i = 0; i < d.GetNumberOfFiles(); ++i)
       {
@@ -1182,11 +1179,11 @@ bool cmSystemTools::SimpleGlob(const std::string& glob,
           }
         fname += d.GetFile(i);
         std::string sfname = d.GetFile(i);
-        if ( type > 0 && cmSystemTools::FileIsDirectory(fname.c_str()) )
+        if ( type > 0 && cmSystemTools::FileIsDirectory(fname) )
           {
           continue;
           }
-        if ( type < 0 && !cmSystemTools::FileIsDirectory(fname.c_str()) )
+        if ( type < 0 && !cmSystemTools::FileIsDirectory(fname) )
           {
           continue;
           }
@@ -1354,8 +1351,8 @@ std::string cmSystemTools::CollapseCombinedPath(std::string const& dir,
 
   std::vector<std::string> dirComponents;
   std::vector<std::string> fileComponents;
-  cmSystemTools::SplitPath(dir.c_str(), dirComponents);
-  cmSystemTools::SplitPath(file.c_str(), fileComponents);
+  cmSystemTools::SplitPath(dir, dirComponents);
+  cmSystemTools::SplitPath(file, fileComponents);
 
   if(fileComponents.empty())
     {
@@ -1410,7 +1407,7 @@ void cmSystemTools::AppendEnv(std::vector<std::string> const& env)
   for(std::vector<std::string>::const_iterator eit = env.begin();
       eit != env.end(); ++eit)
     {
-    cmSystemTools::PutEnv(eit->c_str());
+    cmSystemTools::PutEnv(*eit);
     }
 }
 
@@ -1649,9 +1646,6 @@ namespace{
     fprintf(out, " -> %s", archive_entry_symlink(entry));
     }
 }
-#ifdef __BORLANDC__
-# pragma warn -8066 /* unreachable code */
-#endif
 
 long copy_data(struct archive *ar, struct archive *aw)
 {
@@ -2176,7 +2170,7 @@ void cmSystemTools::FindCMakeResources(const char* argv0)
   if(cmSystemTools::FindProgramPath(argv0, exe, errorMsg))
     {
     // remove symlinks
-    exe = cmSystemTools::GetRealPath(exe.c_str());
+    exe = cmSystemTools::GetRealPath(exe);
     exe_dir =
       cmSystemTools::GetFilenamePath(exe);
     }
@@ -2227,7 +2221,7 @@ void cmSystemTools::FindCMakeResources(const char* argv0)
     cmsys::ifstream fin(src_dir_txt.c_str());
     std::string src_dir;
     if(fin && cmSystemTools::GetLineFromStream(fin, src_dir) &&
-       cmSystemTools::FileIsDirectory(src_dir.c_str()))
+       cmSystemTools::FileIsDirectory(src_dir))
       {
       cmSystemToolsCMakeRoot = src_dir;
       }
@@ -2237,7 +2231,7 @@ void cmSystemTools::FindCMakeResources(const char* argv0)
       src_dir_txt = dir + "/CMakeFiles/CMakeSourceDir.txt";
       cmsys::ifstream fin2(src_dir_txt.c_str());
       if(fin2 && cmSystemTools::GetLineFromStream(fin2, src_dir) &&
-         cmSystemTools::FileIsDirectory(src_dir.c_str()))
+         cmSystemTools::FileIsDirectory(src_dir))
         {
         cmSystemToolsCMakeRoot = src_dir;
         }
@@ -2333,11 +2327,11 @@ bool cmSystemTools::GuessLibrarySOName(std::string const& fullPath,
 #endif
 
   // If the file is not a symlink we have no guess for its soname.
-  if(!cmSystemTools::FileIsSymlink(fullPath.c_str()))
+  if(!cmSystemTools::FileIsSymlink(fullPath))
     {
     return false;
     }
-  if(!cmSystemTools::ReadSymlink(fullPath.c_str(), soname))
+  if(!cmSystemTools::ReadSymlink(fullPath, soname))
     {
     return false;
     }
@@ -2638,29 +2632,37 @@ bool cmSystemTools::ChangeRPath(std::string const& file,
 bool cmSystemTools::VersionCompare(cmSystemTools::CompareOp op,
                                    const char* lhss, const char* rhss)
 {
-  // Parse out up to 8 components.
-  unsigned int lhs[8] = {0,0,0,0,0,0,0,0};
-  unsigned int rhs[8] = {0,0,0,0,0,0,0,0};
-  sscanf(lhss, "%u.%u.%u.%u.%u.%u.%u.%u",
-         &lhs[0], &lhs[1], &lhs[2], &lhs[3],
-         &lhs[4], &lhs[5], &lhs[6], &lhs[7]);
-  sscanf(rhss, "%u.%u.%u.%u.%u.%u.%u.%u",
-         &rhs[0], &rhs[1], &rhs[2], &rhs[3],
-         &rhs[4], &rhs[5], &rhs[6], &rhs[7]);
+  const char *endl = lhss;
+  const char *endr = rhss;
+  unsigned long lhs, rhs;
 
-  // Do component-wise comparison.
-  for(unsigned int i=0; i < 8; ++i)
+  while (((*endl >= '0') && (*endl <= '9')) ||
+         ((*endr >= '0') && (*endr <= '9')))
     {
-    if(lhs[i] < rhs[i])
+    // Do component-wise comparison.
+    lhs = strtoul(endl, const_cast<char**>(&endl), 10);
+    rhs = strtoul(endr, const_cast<char**>(&endr), 10);
+
+    if(lhs < rhs)
       {
       // lhs < rhs, so true if operation is LESS
       return op == cmSystemTools::OP_LESS;
       }
-    else if(lhs[i] > rhs[i])
+    else if(lhs > rhs)
       {
       // lhs > rhs, so true if operation is GREATER
       return op == cmSystemTools::OP_GREATER;
       }
+
+    if (*endr == '.')
+      {
+      endr++;
+      }
+
+    if (*endl == '.')
+      {
+      endl++;
+      }
     }
   // lhs == rhs, so true if operation is EQUAL
   return op == cmSystemTools::OP_EQUAL;
@@ -2921,3 +2923,11 @@ std::vector<std::string> cmSystemTools::tokenize(const std::string& str,
     }
   return tokens;
 }
+
+//----------------------------------------------------------------------------
+bool cmSystemTools::StringToInt(const char* str, int* value)
+{
+  char *endp;
+  *value = static_cast<int>(strtol(str, &endp, 10));
+  return (*endp == '\0') && (endp != str);
+}
diff --git a/Source/cmSystemTools.h b/Source/cmSystemTools.h
index 4455dd1..763389b 100644
--- a/Source/cmSystemTools.h
+++ b/Source/cmSystemTools.h
@@ -458,6 +458,9 @@ public:
   static std::vector<std::string> tokenize(const std::string& str,
                                            const std::string& sep);
 
+  /** Convert string to int. Expected that the whole string is an integer */
+  static bool StringToInt(const char* str, int* value);
+
 #ifdef _WIN32
   struct WindowsFileRetry
   {
diff --git a/Source/cmTarget.cxx b/Source/cmTarget.cxx
index ad1c83e..f0957d0 100644
--- a/Source/cmTarget.cxx
+++ b/Source/cmTarget.cxx
@@ -2191,7 +2191,7 @@ cmTarget::GetIncludeDirectories(const std::string& config) const
         it = impl->Libraries.begin();
         it != impl->Libraries.end(); ++it)
       {
-      std::string libDir = cmSystemTools::CollapseFullPath(it->c_str());
+      std::string libDir = cmSystemTools::CollapseFullPath(*it);
 
       static cmsys::RegularExpression
         frameworkCheck("(.*\\.framework)(/Versions/[^/]+)?/[^/]+$");
@@ -4575,7 +4575,7 @@ bool cmTarget::ComputeOutputDir(const std::string& config,
   // specified as a relative path.  Treat a relative path as
   // relative to the current output directory for this makefile.
   out = (cmSystemTools::CollapseFullPath
-         (out.c_str(), this->Makefile->GetStartOutputDirectory()));
+         (out, this->Makefile->GetStartOutputDirectory()));
 
   // The generator may add the configuration's subdirectory.
   if(!conf.empty())
@@ -4641,7 +4641,7 @@ bool cmTarget::ComputePDBOutputDir(const std::string& kind,
   // specified as a relative path.  Treat a relative path as
   // relative to the current output directory for this makefile.
   out = (cmSystemTools::CollapseFullPath
-         (out.c_str(), this->Makefile->GetStartOutputDirectory()));
+         (out, this->Makefile->GetStartOutputDirectory()));
 
   // The generator may add the configuration's subdirectory.
   if(!conf.empty())
@@ -4733,7 +4733,7 @@ const char* cmTarget::GetExportMacro() const
       {
       std::string in = this->GetName();
       in += "_EXPORTS";
-      this->ExportMacro = cmSystemTools::MakeCindentifier(in.c_str());
+      this->ExportMacro = cmSystemTools::MakeCindentifier(in);
       }
     return this->ExportMacro.c_str();
     }
@@ -4801,16 +4801,6 @@ std::pair<bool, const char*> consistentStringProperty(const char *lhs,
   return std::make_pair(b, b ? lhs : 0);
 }
 
-#if defined(_MSC_VER) && _MSC_VER <= 1200
-template<typename T> const T&
-cmMaximum(const T& l, const T& r) {return l > r ? l : r;}
-template<typename T> const T&
-cmMinimum(const T& l, const T& r) {return l < r ? l : r;}
-#else
-#define cmMinimum std::min
-#define cmMaximum std::max
-#endif
-
 //----------------------------------------------------------------------------
 std::pair<bool, const char*> consistentNumberProperty(const char *lhs,
                                                       const char *rhs,
@@ -4818,11 +4808,7 @@ std::pair<bool, const char*> consistentNumberProperty(const char *lhs,
 {
   char *pEnd;
 
-#if defined(_MSC_VER)
-  static const char* const null_ptr = 0;
-#else
-# define null_ptr 0
-#endif
+  const char* const null_ptr = 0;
 
   long lnum = strtol(lhs, &pEnd, 0);
   if (pEnd == lhs || *pEnd != '\0' || errno == ERANGE)
@@ -4836,17 +4822,13 @@ std::pair<bool, const char*> consistentNumberProperty(const char *lhs,
     return std::pair<bool, const char*>(false, null_ptr);
     }
 
-#if !defined(_MSC_VER)
-#undef null_ptr
-#endif
-
   if (t == NumberMaxType)
     {
-    return std::make_pair(true, cmMaximum(lnum, rnum) == lnum ? lhs : rhs);
+    return std::make_pair(true, std::max(lnum, rnum) == lnum ? lhs : rhs);
     }
   else
     {
-    return std::make_pair(true, cmMinimum(lnum, rnum) == lnum ? lhs : rhs);
+    return std::make_pair(true, std::min(lnum, rnum) == lnum ? lhs : rhs);
     }
 }
 
@@ -4869,11 +4851,7 @@ std::pair<bool, const char*> consistentProperty(const char *lhs,
     return std::make_pair(true, lhs);
     }
 
-#if defined(_MSC_VER)
-  static const char* const null_ptr = 0;
-#else
-# define null_ptr 0
-#endif
+  const char* const null_ptr = 0;
 
   switch(t)
   {
@@ -4888,11 +4866,6 @@ std::pair<bool, const char*> consistentProperty(const char *lhs,
   }
   assert(!"Unreachable!");
   return std::pair<bool, const char*>(false, null_ptr);
-
-#if !defined(_MSC_VER)
-#undef null_ptr
-#endif
-
 }
 
 template<typename PropertyType>
@@ -5306,7 +5279,7 @@ cmTarget::GetObjectLibrariesCMP0026(std::vector<cmTarget*>& objlibs) const
           {
           continue;
           }
-        cmTarget *objLib = this->Makefile->FindTargetToUse(objLibName.c_str());
+        cmTarget *objLib = this->Makefile->FindTargetToUse(objLibName);
         if(objLib)
           {
           objlibs.push_back(objLib);
diff --git a/Source/cmTryRunCommand.cxx b/Source/cmTryRunCommand.cxx
index cc6e139..8f2deeb 100644
--- a/Source/cmTryRunCommand.cxx
+++ b/Source/cmTryRunCommand.cxx
@@ -239,7 +239,7 @@ void cmTryRunCommand::DoNotRunExecutable(const std::string& runArgs,
   copyDest += "-";
   copyDest += this->RunResultVariable;
   copyDest += cmSystemTools::GetFilenameExtension(this->OutputFile);
-  cmSystemTools::CopyFileAlways(this->OutputFile.c_str(), copyDest.c_str());
+  cmSystemTools::CopyFileAlways(this->OutputFile, copyDest);
 
   std::string resultFileName =  this->Makefile->GetHomeOutputDirectory();
   resultFileName += "/TryRunResults.cmake";
diff --git a/Source/cmVisualStudio10TargetGenerator.cxx b/Source/cmVisualStudio10TargetGenerator.cxx
index 92ec421..68b6576 100644
--- a/Source/cmVisualStudio10TargetGenerator.cxx
+++ b/Source/cmVisualStudio10TargetGenerator.cxx
@@ -307,7 +307,7 @@ void cmVisualStudio10TargetGenerator::Generate()
   this->BuildFileStream->SetCopyIfDifferent(true);
 
   // Write the encoding header into the file
-  char magic[] = {0xEF,0xBB, 0xBF};
+  char magic[] = {char(0xEF), char(0xBB), char(0xBF)};
   this->BuildFileStream->write(magic, 3);
 
   //get the tools version to use
@@ -937,7 +937,7 @@ void cmVisualStudio10TargetGenerator::WriteGroups()
   path += ".vcxproj.filters";
   cmGeneratedFileStream fout(path.c_str());
   fout.SetCopyIfDifferent(true);
-  char magic[] = {0xEF,0xBB, 0xBF};
+  char magic[] = {char(0xEF), char(0xBB), char(0xBF)};
   fout.write(magic, 3);
   cmGeneratedFileStream* save = this->BuildFileStream;
   this->BuildFileStream = & fout;
@@ -1221,7 +1221,7 @@ void cmVisualStudio10TargetGenerator::WriteExtraSource(cmSourceFile const* sf)
       shaderEntryPoint = se;
       toolHasSettings = true;
       }
-    // Figure out which entry point to use if any
+    // Figure out which shader model to use if any
     if (const char* sm = sf->GetProperty("VS_SHADER_MODEL"))
       {
       shaderModel = sm;
diff --git a/Source/cmVisualStudioGeneratorOptions.cxx b/Source/cmVisualStudioGeneratorOptions.cxx
index cdc8879..00386f6 100644
--- a/Source/cmVisualStudioGeneratorOptions.cxx
+++ b/Source/cmVisualStudioGeneratorOptions.cxx
@@ -28,6 +28,26 @@ std::string cmVisualStudioGeneratorOptionsEscapeForXML(std::string ret)
 cmVisualStudioGeneratorOptions
 ::cmVisualStudioGeneratorOptions(cmLocalVisualStudioGenerator* lg,
                                  Tool tool,
+                                 cmVisualStudio10TargetGenerator* g):
+  cmIDEOptions(),
+  LocalGenerator(lg), Version(lg->GetVersion()), CurrentTool(tool),
+  TargetGenerator(g)
+{
+  // Preprocessor definitions are not allowed for linker tools.
+  this->AllowDefine = (tool != Linker);
+
+  // Slash options are allowed for VS.
+  this->AllowSlash = true;
+
+  this->FortranRuntimeDebug = false;
+  this->FortranRuntimeDLL = false;
+  this->FortranRuntimeMT = false;
+}
+
+//----------------------------------------------------------------------------
+cmVisualStudioGeneratorOptions
+::cmVisualStudioGeneratorOptions(cmLocalVisualStudioGenerator* lg,
+                                 Tool tool,
                                  cmVS7FlagTable const* table,
                                  cmVS7FlagTable const* extraTable,
                                  cmVisualStudio10TargetGenerator* g):
@@ -36,9 +56,8 @@ cmVisualStudioGeneratorOptions
   TargetGenerator(g)
 {
   // Store the given flag tables.
-  cmIDEFlagTable const** ft = this->FlagTable;
-  if(table) { *ft++ = table; }
-  if(extraTable) { *ft++ = extraTable; }
+  this->AddTable(table);
+  this->AddTable(extraTable);
 
   // Preprocessor definitions are not allowed for linker tools.
   this->AllowDefine = (tool != Linker);
@@ -52,6 +71,22 @@ cmVisualStudioGeneratorOptions
 }
 
 //----------------------------------------------------------------------------
+void cmVisualStudioGeneratorOptions::AddTable(cmVS7FlagTable const* table)
+{
+  if(table)
+    {
+    for(int i=0; i < FlagTableCount; ++i)
+      {
+      if (!this->FlagTable[i])
+        {
+        this->FlagTable[i] = table;
+        break;
+        }
+      }
+    }
+}
+
+//----------------------------------------------------------------------------
 void cmVisualStudioGeneratorOptions::FixExceptionHandlingDefault()
 {
   // Exception handling is on by default because the platform file has
diff --git a/Source/cmVisualStudioGeneratorOptions.h b/Source/cmVisualStudioGeneratorOptions.h
index 9951033..5490a43 100644
--- a/Source/cmVisualStudioGeneratorOptions.h
+++ b/Source/cmVisualStudioGeneratorOptions.h
@@ -38,6 +38,13 @@ public:
                                  cmVS7FlagTable const* extraTable = 0,
                                  cmVisualStudio10TargetGenerator* g = 0);
 
+  cmVisualStudioGeneratorOptions(cmLocalVisualStudioGenerator* lg,
+                                 Tool tool,
+                                 cmVisualStudio10TargetGenerator* g = 0);
+
+  // Add a table of flags.
+  void AddTable(cmVS7FlagTable const* table);
+
   // Store options from command line flags.
   void Parse(const char* flags);
   void ParseFinish();
diff --git a/Source/cmWhileCommand.cxx b/Source/cmWhileCommand.cxx
index 851c4cb..47edb03 100644
--- a/Source/cmWhileCommand.cxx
+++ b/Source/cmWhileCommand.cxx
@@ -27,6 +27,8 @@ IsFunctionBlocked(const cmListFileFunction& lff, cmMakefile &mf,
     // if this is the endwhile for this while loop then execute
     if (!this->Depth)
       {
+      cmMakefile::LoopBlockPop loopBlockPop(&mf);
+
       // Remove the function blocker for this scope or bail.
       cmsys::auto_ptr<cmFunctionBlocker>
         fb(mf.RemoveFunctionBlocker(this, lff));
@@ -81,6 +83,10 @@ IsFunctionBlocked(const cmListFileFunction& lff, cmMakefile &mf,
             {
             return true;
             }
+          if (status.GetContinueInvoked())
+            {
+            break;
+            }
           if(cmSystemTools::GetFatalErrorOccured() )
             {
             return true;
@@ -138,6 +144,8 @@ bool cmWhileCommand
   f->Args = args;
   this->Makefile->AddFunctionBlocker(f);
 
+  this->Makefile->PushLoopBlock();
+
   return true;
 }
 
diff --git a/Source/cmWriteFileCommand.cxx b/Source/cmWriteFileCommand.cxx
index af955ec..cc9f220 100644
--- a/Source/cmWriteFileCommand.cxx
+++ b/Source/cmWriteFileCommand.cxx
@@ -63,8 +63,6 @@ bool cmWriteFileCommand
     cmSystemTools::SetPermissions(fileName.c_str(),
 #if defined( _MSC_VER ) || defined( __MINGW32__ )
       mode | S_IWRITE
-#elif defined( __BORLANDC__ )
-      mode | S_IWUSR
 #else
       mode | S_IWUSR | S_IWGRP
 #endif
diff --git a/Source/cm_sha2.c b/Source/cm_sha2.c
index 24de2b2..4738920 100644
--- a/Source/cm_sha2.c
+++ b/Source/cm_sha2.c
@@ -103,9 +103,6 @@ typedef cm_sha2_uint32_t sha_word32;	/* Exactly 4 bytes */
 typedef cm_sha2_uint64_t sha_word64;	/* Exactly 8 bytes */
 #define SHA_UINT32_C(x) cmIML_INT_UINT32_C(x)
 #define SHA_UINT64_C(x) cmIML_INT_UINT64_C(x)
-#if defined(__BORLANDC__)
-# pragma warn -8004 /* variable assigned value that is never used */
-#endif
 #if defined(__clang__)
 # pragma clang diagnostic ignored "-Wcast-align"
 #endif
diff --git a/Source/cmake.cxx b/Source/cmake.cxx
index 36a0645..bbd3fe4 100644
--- a/Source/cmake.cxx
+++ b/Source/cmake.cxx
@@ -647,7 +647,7 @@ void cmake::SetArgs(const std::vector<std::string>& args,
       {
       directoriesSet = true;
       std::string path = arg.substr(2);
-      path = cmSystemTools::CollapseFullPath(path.c_str());
+      path = cmSystemTools::CollapseFullPath(path);
       cmSystemTools::ConvertToUnixSlashes(path);
       this->SetHomeDirectory(path);
       }
@@ -663,7 +663,7 @@ void cmake::SetArgs(const std::vector<std::string>& args,
       {
       directoriesSet = true;
       std::string path = arg.substr(2);
-      path = cmSystemTools::CollapseFullPath(path.c_str());
+      path = cmSystemTools::CollapseFullPath(path);
       cmSystemTools::ConvertToUnixSlashes(path);
       this->SetHomeOutputDirectory(path);
       }
@@ -723,7 +723,7 @@ void cmake::SetArgs(const std::vector<std::string>& args,
     else if(arg.find("--graphviz=",0) == 0)
       {
       std::string path = arg.substr(strlen("--graphviz="));
-      path = cmSystemTools::CollapseFullPath(path.c_str());
+      path = cmSystemTools::CollapseFullPath(path);
       cmSystemTools::ConvertToUnixSlashes(path);
       this->GraphVizFile = path;
       if ( this->GraphVizFile.empty() )
@@ -1135,13 +1135,13 @@ void cmake::SetGlobalGenerator(cmGlobalGenerator *gg)
       {
       env += this->CCEnvironment;
       }
-    cmSystemTools::PutEnv(env.c_str());
+    cmSystemTools::PutEnv(env);
     env = "CXX=";
     if(this->CXXEnvironment.size())
       {
       env += this->CXXEnvironment;
       }
-    cmSystemTools::PutEnv(env.c_str());
+    cmSystemTools::PutEnv(env);
     }
 
   // set the new
@@ -1212,7 +1212,7 @@ int cmake::DoPreConfigureChecks()
     cacheStart += "/CMakeLists.txt";
     std::string currentStart = this->GetHomeDirectory();
     currentStart += "/CMakeLists.txt";
-    if(!cmSystemTools::SameFile(cacheStart.c_str(), currentStart.c_str()))
+    if(!cmSystemTools::SameFile(cacheStart, currentStart))
       {
       std::string message = "The source \"";
       message += currentStart;
@@ -1377,9 +1377,7 @@ int cmake::ActualConfigure()
       }
     else
       {
-#if defined(__BORLANDC__) && defined(_WIN32)
-      this->SetGlobalGenerator(new cmGlobalBorlandMakefileGenerator);
-#elif defined(_WIN32) && !defined(__CYGWIN__) && !defined(CMAKE_BOOT_MINGW)
+#if defined(_WIN32) && !defined(__CYGWIN__) && !defined(CMAKE_BOOT_MINGW)
       std::string installedCompiler;
       // Try to find the newest VS installed on the computer and
       // use that as a default if -G is not specified
@@ -1948,7 +1946,7 @@ void cmake::UpdateConversionPathTable()
         {
         // two entries per line
         table >> a; table >> b;
-        cmSystemTools::AddTranslationPath( a.c_str(), b.c_str());
+        cmSystemTools::AddTranslationPath( a, b);
         }
       }
     }
@@ -2043,7 +2041,7 @@ int cmake::CheckBuildSystem()
       pi != products.end(); ++pi)
     {
     if(!(cmSystemTools::FileExists(pi->c_str()) ||
-         cmSystemTools::FileIsSymlink(pi->c_str())))
+         cmSystemTools::FileIsSymlink(*pi)))
       {
       if(verbose)
         {
@@ -2166,7 +2164,7 @@ void cmake::TruncateOutputLog(const char* fname)
     }
   if ( !this->CacheManager->GetCacheValue("CMAKE_CACHEFILE_DIR") )
     {
-    cmSystemTools::RemoveFile(fullPath.c_str());
+    cmSystemTools::RemoveFile(fullPath);
     return;
     }
   off_t fsize = st.st_size;
@@ -2392,7 +2390,7 @@ int cmake::GetSystemInformation(std::vector<std::string>& args)
   std::string resultFile;
   std::string cwd = cmSystemTools::GetCurrentWorkingDirectory();
   std::string destPath = cwd + "/__cmake_systeminformation";
-  cmSystemTools::RemoveADirectory(destPath.c_str());
+  cmSystemTools::RemoveADirectory(destPath);
   if (!cmSystemTools::MakeDirectory(destPath.c_str()))
     {
     std::cerr << "Error: --system-information must be run from a "
@@ -2474,7 +2472,7 @@ int cmake::GetSystemInformation(std::vector<std::string>& args)
     }
 
   // now run cmake on the CMakeLists file
-  cmSystemTools::ChangeDirectory(destPath.c_str());
+  cmSystemTools::ChangeDirectory(destPath);
   std::vector<std::string> args2;
   args2.push_back(args[0]);
   args2.push_back(destPath);
@@ -2490,12 +2488,12 @@ int cmake::GetSystemInformation(std::vector<std::string>& args)
     }
 
   // change back to the original directory
-  cmSystemTools::ChangeDirectory(cwd.c_str());
+  cmSystemTools::ChangeDirectory(cwd);
 
   // echo results to stdout if needed
   if (writeToStdout)
     {
-    FILE* fin = cmsys::SystemTools::Fopen(resultFile.c_str(), "r");
+    FILE* fin = cmsys::SystemTools::Fopen(resultFile, "r");
     if(fin)
       {
       const int bufferSize = 4096;
@@ -2514,7 +2512,7 @@ int cmake::GetSystemInformation(std::vector<std::string>& args)
     }
 
   // clean up the directory
-  cmSystemTools::RemoveADirectory(destPath.c_str());
+  cmSystemTools::RemoveADirectory(destPath);
   return 0;
 }
 
@@ -2770,7 +2768,7 @@ int cmake::Build(const std::string& dir,
                  const std::vector<std::string>& nativeOptions,
                  bool clean)
 {
-  if(!cmSystemTools::FileIsDirectory(dir.c_str()))
+  if(!cmSystemTools::FileIsDirectory(dir))
     {
     std::cerr << "Error: " << dir << " is not a directory\n";
     return 1;
diff --git a/Source/cmcmd.cxx b/Source/cmcmd.cxx
index a0c67e0..a97444d 100644
--- a/Source/cmcmd.cxx
+++ b/Source/cmcmd.cxx
@@ -128,7 +128,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
     // Copy directory content
     if (args[1] == "copy_directory" && args.size() == 4)
       {
-      if(!cmSystemTools::CopyADirectory(args[2].c_str(), args[3].c_str()))
+      if(!cmSystemTools::CopyADirectory(args[2], args[3]))
         {
         std::cerr << "Error copying directory from \""
                   << args[2] << "\" to \"" << args[3]
@@ -155,7 +155,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
     // Compare files
     if (args[1] == "compare_files" && args.size() == 4)
       {
-      if(cmSystemTools::FilesDiffer(args[2].c_str(), args[3].c_str()))
+      if(cmSystemTools::FilesDiffer(args[2], args[3]))
         {
         std::cerr << "Files \""
                   << args[2] << "\" to \"" << args[3]
@@ -215,7 +215,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
         else if(a.find("=") != a.npos)
           {
           // Set environment variable.
-          cmSystemTools::PutEnv(a.c_str());
+          cmSystemTools::PutEnv(a);
           }
         else
           {
@@ -269,8 +269,8 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
 
     else if (args[1] == "remove_directory" && args.size() == 3)
       {
-      if(cmSystemTools::FileIsDirectory(args[2].c_str()) &&
-         !cmSystemTools::RemoveADirectory(args[2].c_str()))
+      if(cmSystemTools::FileIsDirectory(args[2]) &&
+         !cmSystemTools::RemoveADirectory(args[2]))
         {
         std::cerr << "Error removing directory \"" << args[2]
                   << "\".\n";
@@ -293,7 +293,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
           {
           // Complain if the file could not be removed, still exists,
           // and the -f option was not given.
-          if(!cmSystemTools::RemoveFile(args[cc].c_str()) && !force &&
+          if(!cmSystemTools::RemoveFile(args[cc]) && !force &&
              cmSystemTools::FileExists(args[cc].c_str()))
             {
             return 1;
@@ -309,7 +309,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
         {
         // Complain if the file could not be removed, still exists,
         // and the -f option was not given.
-        if(!cmSystemTools::Touch(args[cc].c_str(), true))
+        if(!cmSystemTools::Touch(args[cc], true))
           {
           return 1;
           }
@@ -323,7 +323,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
         {
         // Complain if the file could not be removed, still exists,
         // and the -f option was not given.
-        if(!cmSystemTools::Touch(args[cc].c_str(), false))
+        if(!cmSystemTools::Touch(args[cc], false))
           {
           return 1;
           }
@@ -453,10 +453,10 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
       // basically remove the directory
       std::string dirName = args[2];
       dirName += "/Progress";
-      cmSystemTools::RemoveADirectory(dirName.c_str());
+      cmSystemTools::RemoveADirectory(dirName);
 
       // is the last argument a filename that exists?
-      FILE *countFile = cmsys::SystemTools::Fopen(args[3].c_str(),"r");
+      FILE *countFile = cmsys::SystemTools::Fopen(args[3],"r");
       int count;
       if (countFile)
         {
@@ -476,7 +476,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
         // write the count into the directory
         std::string fName = dirName;
         fName += "/count.txt";
-        FILE *progFile = cmsys::SystemTools::Fopen(fName.c_str(),"w");
+        FILE *progFile = cmsys::SystemTools::Fopen(fName,"w");
         if (progFile)
           {
           fprintf(progFile,"%i\n",count);
@@ -497,7 +497,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
       // read the count
       fName = dirName;
       fName += "/count.txt";
-      progFile = cmsys::SystemTools::Fopen(fName.c_str(),"r");
+      progFile = cmsys::SystemTools::Fopen(fName,"r");
       int count = 0;
       if (!progFile)
         {
@@ -517,7 +517,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
         fName = dirName;
         fName += "/";
         fName += args[i];
-        progFile = cmsys::SystemTools::Fopen(fName.c_str(),"w");
+        progFile = cmsys::SystemTools::Fopen(fName,"w");
         if (progFile)
           {
           fprintf(progFile,"empty");
@@ -525,7 +525,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
           }
         }
       int fileNum = static_cast<int>
-        (cmsys::Directory::GetNumberOfFilesInDirectory(dirName.c_str()));
+        (cmsys::Directory::GetNumberOfFilesInDirectory(dirName));
       if (count > 0)
         {
         // print the progress
@@ -549,7 +549,7 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
           "' because existing path cannot be removed: " << emsg << "\n";
         return 1;
         }
-      if(!cmSystemTools::CreateSymlink(args[2].c_str(), args[3].c_str()))
+      if(!cmSystemTools::CreateSymlink(args[2], args[3]))
         {
         std::string emsg = cmSystemTools::GetLastSystemError();
         std::cerr <<
@@ -660,10 +660,10 @@ int cmcmd::ExecuteCMakeCommand(std::vector<std::string>& args)
 
       // Create a local generator configured for the directory in
       // which dependencies will be scanned.
-      homeDir = cmSystemTools::CollapseFullPath(homeDir.c_str());
-      startDir = cmSystemTools::CollapseFullPath(startDir.c_str());
-      homeOutDir = cmSystemTools::CollapseFullPath(homeOutDir.c_str());
-      startOutDir = cmSystemTools::CollapseFullPath(startOutDir.c_str());
+      homeDir = cmSystemTools::CollapseFullPath(homeDir);
+      startDir = cmSystemTools::CollapseFullPath(startDir);
+      homeOutDir = cmSystemTools::CollapseFullPath(homeOutDir);
+      startOutDir = cmSystemTools::CollapseFullPath(startOutDir);
       cm.SetHomeDirectory(homeDir);
       cm.SetStartDirectory(startDir);
       cm.SetHomeOutputDirectory(homeOutDir);
@@ -885,15 +885,15 @@ int cmcmd::SymlinkExecutable(std::vector<std::string>& args)
 bool cmcmd::SymlinkInternal(std::string const& file, std::string const& link)
 {
   if(cmSystemTools::FileExists(link.c_str()) ||
-     cmSystemTools::FileIsSymlink(link.c_str()))
+     cmSystemTools::FileIsSymlink(link))
     {
-    cmSystemTools::RemoveFile(link.c_str());
+    cmSystemTools::RemoveFile(link);
     }
 #if defined(_WIN32) && !defined(__CYGWIN__)
   return cmSystemTools::CopyFileAlways(file.c_str(), link.c_str());
 #else
   std::string linktext = cmSystemTools::GetFilenameName(file);
-  return cmSystemTools::CreateSymlink(linktext.c_str(), link.c_str());
+  return cmSystemTools::CreateSymlink(linktext, link);
 #endif
 }
 
@@ -1318,7 +1318,7 @@ int cmcmd::VisualStudioLinkIncremental(std::vector<std::string>& args,
     }
   std::string manifestFile = targetName;
   manifestFile += ".embed.manifest";
-  std::string fullPath= cmSystemTools::CollapseFullPath(manifestFile.c_str());
+  std::string fullPath= cmSystemTools::CollapseFullPath(manifestFile);
   fout << type << " /* CREATEPROCESS_MANIFEST_RESOURCE_ID "
     "*/ 24 /* RT_MANIFEST */ " << "\"" << fullPath << "\"";
   fout.close();
diff --git a/Source/kwsys/CMakeLists.txt b/Source/kwsys/CMakeLists.txt
index 2067690..8069ee2 100644
--- a/Source/kwsys/CMakeLists.txt
+++ b/Source/kwsys/CMakeLists.txt
@@ -96,7 +96,7 @@ ENDIF()
 IF(NOT KWSYS_NAMESPACE)
   SET(KWSYS_NAMESPACE "kwsys")
   SET(KWSYS_STANDALONE 1)
-ENDIF(NOT KWSYS_NAMESPACE)
+ENDIF()
 
 #-----------------------------------------------------------------------------
 # The project name is that of the specified namespace.
@@ -130,49 +130,49 @@ IF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
   SET(KWSYS_USE_String 1)
   SET(KWSYS_USE_SystemInformation 1)
   SET(KWSYS_USE_CPU 1)
-ENDIF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
+ENDIF()
 
 # Enforce component dependencies.
 IF(KWSYS_USE_SystemTools)
   SET(KWSYS_USE_Directory 1)
   SET(KWSYS_USE_FStream 1)
   SET(KWSYS_USE_Encoding 1)
-ENDIF(KWSYS_USE_SystemTools)
+ENDIF()
 IF(KWSYS_USE_Glob)
   SET(KWSYS_USE_Directory 1)
   SET(KWSYS_USE_SystemTools 1)
   SET(KWSYS_USE_RegularExpression 1)
   SET(KWSYS_USE_FStream 1)
   SET(KWSYS_USE_Encoding 1)
-ENDIF(KWSYS_USE_Glob)
+ENDIF()
 IF(KWSYS_USE_Process)
   SET(KWSYS_USE_System 1)
   SET(KWSYS_USE_Encoding 1)
-ENDIF(KWSYS_USE_Process)
+ENDIF()
 IF(KWSYS_USE_SystemInformation)
   SET(KWSYS_USE_Process 1)
-ENDIF(KWSYS_USE_SystemInformation)
+ENDIF()
 IF(KWSYS_USE_System)
   SET(KWSYS_USE_Encoding 1)
-ENDIF(KWSYS_USE_System)
+ENDIF()
 IF(KWSYS_USE_Directory)
   SET(KWSYS_USE_Encoding 1)
-ENDIF(KWSYS_USE_Directory)
+ENDIF()
 IF(KWSYS_USE_FStream)
   SET(KWSYS_USE_Encoding 1)
-ENDIF(KWSYS_USE_FStream)
+ENDIF()
 
 # Setup the large file support default.
 IF(KWSYS_LFS_DISABLE)
   SET(KWSYS_LFS_REQUESTED 0)
-ELSE(KWSYS_LFS_DISABLE)
+ELSE()
   SET(KWSYS_LFS_REQUESTED 1)
-ENDIF(KWSYS_LFS_DISABLE)
+ENDIF()
 
 # Specify default 8 bit encoding for Windows
 IF(NOT KWSYS_ENCODING_DEFAULT_CODEPAGE)
   SET(KWSYS_ENCODING_DEFAULT_CODEPAGE CP_ACP)
-ENDIF(NOT KWSYS_ENCODING_DEFAULT_CODEPAGE)
+ENDIF()
 
 # Enable testing if building standalone.
 IF(KWSYS_STANDALONE)
@@ -180,8 +180,8 @@ IF(KWSYS_STANDALONE)
   MARK_AS_ADVANCED(BUILD_TESTING DART_ROOT TCL_TCLSH)
   IF(BUILD_TESTING)
     ENABLE_TESTING()
-  ENDIF(BUILD_TESTING)
-ENDIF(KWSYS_STANDALONE)
+  ENDIF()
+ENDIF()
 
 # Include helper macros.
 INCLUDE(${CMAKE_CURRENT_SOURCE_DIR}/kwsysPlatformTests.cmake)
@@ -197,15 +197,15 @@ INCLUDE_REGULAR_EXPRESSION("^.*$")
 IF(NOT KWSYS_INSTALL_INCLUDE_DIR)
   STRING(REGEX REPLACE "^/" "" KWSYS_INSTALL_INCLUDE_DIR
     "${KWSYS_HEADER_INSTALL_DIR}")
-ENDIF(NOT KWSYS_INSTALL_INCLUDE_DIR)
+ENDIF()
 IF(NOT KWSYS_INSTALL_LIB_DIR)
   STRING(REGEX REPLACE "^/" "" KWSYS_INSTALL_LIB_DIR
     "${KWSYS_LIBRARY_INSTALL_DIR}")
-ENDIF(NOT KWSYS_INSTALL_LIB_DIR)
+ENDIF()
 IF(NOT KWSYS_INSTALL_BIN_DIR)
   STRING(REGEX REPLACE "^/" "" KWSYS_INSTALL_BIN_DIR
     "${KWSYS_LIBRARY_INSTALL_DIR}")
-ENDIF(NOT KWSYS_INSTALL_BIN_DIR)
+ENDIF()
 
 # Setup header install rules.
 SET(KWSYS_INSTALL_INCLUDE_OPTIONS)
@@ -213,7 +213,7 @@ IF(KWSYS_INSTALL_COMPONENT_NAME_DEVELOPMENT)
   SET(KWSYS_INSTALL_INCLUDE_OPTIONS ${KWSYS_INSTALL_INCLUDE_OPTIONS}
     COMPONENT ${KWSYS_INSTALL_COMPONENT_NAME_DEVELOPMENT}
     )
-ENDIF(KWSYS_INSTALL_COMPONENT_NAME_DEVELOPMENT)
+ENDIF()
 
 # Setup library install rules.
 SET(KWSYS_INSTALL_LIBRARY_RULE)
@@ -230,7 +230,7 @@ IF(KWSYS_INSTALL_LIB_DIR)
     SET(KWSYS_INSTALL_LIBRARY_RULE ${KWSYS_INSTALL_LIBRARY_RULE}
       COMPONENT ${KWSYS_INSTALL_COMPONENT_NAME_RUNTIME}
       )
-  ENDIF(KWSYS_INSTALL_COMPONENT_NAME_RUNTIME)
+  ENDIF()
 
   # Install the archive to the lib directory.
   SET(KWSYS_INSTALL_LIBRARY_RULE ${KWSYS_INSTALL_LIBRARY_RULE}
@@ -241,8 +241,8 @@ IF(KWSYS_INSTALL_LIB_DIR)
     SET(KWSYS_INSTALL_LIBRARY_RULE ${KWSYS_INSTALL_LIBRARY_RULE}
       COMPONENT ${KWSYS_INSTALL_COMPONENT_NAME_DEVELOPMENT}
       )
-  ENDIF(KWSYS_INSTALL_COMPONENT_NAME_DEVELOPMENT)
-ENDIF(KWSYS_INSTALL_LIB_DIR)
+  ENDIF()
+ENDIF()
 IF(KWSYS_INSTALL_BIN_DIR)
   # Install the runtime library to the bin directory.
   SET(KWSYS_INSTALL_LIBRARY_RULE ${KWSYS_INSTALL_LIBRARY_RULE}
@@ -253,8 +253,8 @@ IF(KWSYS_INSTALL_BIN_DIR)
     SET(KWSYS_INSTALL_LIBRARY_RULE ${KWSYS_INSTALL_LIBRARY_RULE}
       COMPONENT ${KWSYS_INSTALL_COMPONENT_NAME_RUNTIME}
       )
-  ENDIF(KWSYS_INSTALL_COMPONENT_NAME_RUNTIME)
-ENDIF(KWSYS_INSTALL_BIN_DIR)
+  ENDIF()
+ENDIF()
 
 # Do not support old KWSYS_*a_INSTALL_DIR variable names.
 SET(KWSYS_HEADER_INSTALL_DIR)
@@ -266,7 +266,7 @@ STRING(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "${PROJECT_BINARY_DIR}"
 IF(NOT KWSYS_IN_SOURCE_BUILD)
   CONFIGURE_FILE(${PROJECT_SOURCE_DIR}/kwsysPrivate.h
     ${PROJECT_BINARY_DIR}/kwsysPrivate.h COPYONLY IMMEDIATE)
-ENDIF(NOT KWSYS_IN_SOURCE_BUILD)
+ENDIF()
 
 # Select plugin module file name convention.
 IF(NOT KWSYS_DynamicLoader_PREFIX)
@@ -280,7 +280,7 @@ ENDIF()
 # We require ANSI support from the C compiler.  Add any needed flags.
 IF(CMAKE_ANSI_CFLAGS)
   SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${CMAKE_ANSI_CFLAGS}")
-ENDIF(CMAKE_ANSI_CFLAGS)
+ENDIF()
 
 #-----------------------------------------------------------------------------
 # Adjust compiler flags for some platforms.
@@ -292,11 +292,11 @@ IF(NOT CMAKE_COMPILER_IS_GNUCXX)
       KWSYS_CXX_FLAGS_HAVE_NO_IMPLICIT_INCLUDE "${CMAKE_CXX_FLAGS}")
     IF(NOT KWSYS_CXX_FLAGS_HAVE_IMPLICIT_LOCAL)
       SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -timplicit_local")
-    ENDIF(NOT KWSYS_CXX_FLAGS_HAVE_IMPLICIT_LOCAL)
+    ENDIF()
     IF(NOT KWSYS_CXX_FLAGS_HAVE_NO_IMPLICIT_INCLUDE)
       SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -no_implicit_include")
-    ENDIF(NOT KWSYS_CXX_FLAGS_HAVE_NO_IMPLICIT_INCLUDE)
-  ENDIF(CMAKE_SYSTEM MATCHES "OSF1-V.*")
+    ENDIF()
+  ENDIF()
   IF(CMAKE_SYSTEM MATCHES "HP-UX")
     SET(KWSYS_PLATFORM_CXX_TEST_EXTRA_FLAGS "+p")
     IF(CMAKE_CXX_COMPILER_ID MATCHES "HP")
@@ -306,8 +306,8 @@ IF(NOT CMAKE_COMPILER_IS_GNUCXX)
         SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -AA +hpxstd98")
       ENDIF()
     ENDIF()
-  ENDIF(CMAKE_SYSTEM MATCHES "HP-UX")
-ENDIF(NOT CMAKE_COMPILER_IS_GNUCXX)
+  ENDIF()
+ENDIF()
 
 #-----------------------------------------------------------------------------
 # Configure Large File Support.
@@ -327,11 +327,11 @@ IF(KWSYS_LFS_REQUESTED)
 
   IF(KWSYS_LFS_WORKS)
     SET(KWSYS_LFS_AVAILABLE 1)
-  ENDIF(KWSYS_LFS_WORKS)
-ELSE(KWSYS_LFS_REQUESTED)
+  ENDIF()
+ELSE()
   # Large File Support is not requested.
   SET(KWSYS_LFS_REQUESTED 0)
-ENDIF(KWSYS_LFS_REQUESTED)
+ENDIF()
 
 #-----------------------------------------------------------------------------
 # Configure the standard library header wrappers based on compiler's
@@ -343,34 +343,34 @@ KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_HAVE_STD
 
 IF(KWSYS_IOS_FORCE_OLD)
   SET(KWSYS_IOS_USE_ANSI 0)
-ELSE(KWSYS_IOS_FORCE_OLD)
+ELSE()
   KWSYS_PLATFORM_CXX_TEST(KWSYS_IOS_USE_ANSI
     "Checking whether ANSI stream headers are available" DIRECT)
-ENDIF(KWSYS_IOS_FORCE_OLD)
+ENDIF()
 
 IF(KWSYS_IOS_USE_ANSI)
   KWSYS_PLATFORM_CXX_TEST(KWSYS_IOS_HAVE_STD
     "Checking whether ANSI streams are in std namespace" DIRECT)
   KWSYS_PLATFORM_CXX_TEST(KWSYS_IOS_USE_SSTREAM
     "Checking whether ANSI string stream is available" DIRECT)
-ELSE(KWSYS_IOS_USE_ANSI)
+ELSE()
   SET(KWSYS_IOS_HAVE_STD 0)
   SET(KWSYS_IOS_USE_SSTREAM 0)
-ENDIF(KWSYS_IOS_USE_ANSI)
+ENDIF()
 
 IF(KWSYS_IOS_USE_SSTREAM)
   SET(KWSYS_IOS_USE_STRSTREAM_H 0)
   SET(KWSYS_IOS_USE_STRSTREA_H 0)
-ELSE(KWSYS_IOS_USE_SSTREAM)
+ELSE()
   KWSYS_PLATFORM_CXX_TEST(KWSYS_IOS_USE_STRSTREAM_H
     "Checking whether strstream.h is available" DIRECT)
   IF(KWSYS_IOS_USE_STRSTREAM_H)
     SET(KWSYS_IOS_USE_STRSTREA_H 0)
-  ELSE(KWSYS_IOS_USE_STRSTREAM_H)
+  ELSE()
     KWSYS_PLATFORM_CXX_TEST(KWSYS_IOS_USE_STRSTREA_H
       "Checking whether strstrea.h is available" DIRECT)
-  ENDIF(KWSYS_IOS_USE_STRSTREAM_H)
-ENDIF(KWSYS_IOS_USE_SSTREAM)
+  ENDIF()
+ENDIF()
 
 KWSYS_PLATFORM_CXX_TEST(KWSYS_CXX_HAS_CSTDDEF
   "Checking whether header cstddef is available" DIRECT)
@@ -384,16 +384,16 @@ KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_HAS_ITERATOR_TRAITS
 IF(KWSYS_STL_HAS_ITERATOR_TRAITS)
   SET(KWSYS_STL_HAS_ITERATOR_CATEGORY 0)
   SET(KWSYS_STL_HAS___ITERATOR_CATEGORY 0)
-ELSE(KWSYS_STL_HAS_ITERATOR_TRAITS)
+ELSE()
   KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_HAS_ITERATOR_CATEGORY
     "Checking whether stl has old iterator_category" DIRECT)
   IF(KWSYS_STL_HAS_ITERATOR_CATEGORY)
     SET(KWSYS_STL_HAS___ITERATOR_CATEGORY 0)
-  ELSE(KWSYS_STL_HAS_ITERATOR_CATEGORY)
+  ELSE()
     KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_HAS___ITERATOR_CATEGORY
       "Checking whether stl has internal __iterator_category" DIRECT)
-  ENDIF(KWSYS_STL_HAS_ITERATOR_CATEGORY)
-ENDIF(KWSYS_STL_HAS_ITERATOR_TRAITS)
+  ENDIF()
+ENDIF()
 KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_HAS_ALLOCATOR_TEMPLATE
   "Checking whether stl has standard template allocator" DIRECT)
 IF(KWSYS_STL_HAS_ALLOCATOR_TEMPLATE)
@@ -402,25 +402,25 @@ IF(KWSYS_STL_HAS_ALLOCATOR_TEMPLATE)
     "Checking for rebind member of stl allocator" DIRECT)
   KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_HAS_ALLOCATOR_MAX_SIZE_ARGUMENT
     "Checking for non-standard argument to stl allocator<>::max_size" DIRECT)
-ELSE(KWSYS_STL_HAS_ALLOCATOR_TEMPLATE)
+ELSE()
   KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_HAS_ALLOCATOR_NONTEMPLATE
     "Checking whether stl has old non-template allocator" DIRECT)
   SET(KWSYS_STL_HAS_ALLOCATOR_REBIND 0)
   SET(KWSYS_STL_HAS_ALLOCATOR_MAX_SIZE_ARGUMENT 0)
-ENDIF(KWSYS_STL_HAS_ALLOCATOR_TEMPLATE)
+ENDIF()
 KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_HAS_ALLOCATOR_OBJECTS
   "Checking whether stl containers support allocator objects." DIRECT)
 IF(KWSYS_IOS_USE_ANSI AND NOT WATCOM)
   # ANSI streams always have string operators.
   SET(KWSYS_STL_STRING_HAVE_OSTREAM 1)
   SET(KWSYS_STL_STRING_HAVE_ISTREAM 1)
-ELSE(KWSYS_IOS_USE_ANSI AND NOT WATCOM)
+ELSE()
   # There may not be string operators for old streams.
   KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_STRING_HAVE_OSTREAM
     "Checking whether stl string has ostream operator<<" DIRECT)
   KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_STRING_HAVE_ISTREAM
     "Checking whether stl string has istream operator>>" DIRECT)
-ENDIF(KWSYS_IOS_USE_ANSI AND NOT WATCOM)
+ENDIF()
 SET(KWSYS_PLATFORM_CXX_TEST_DEFINES
   -DKWSYS_IOS_USE_ANSI=${KWSYS_IOS_USE_ANSI}
   -DKWSYS_IOS_HAVE_STD=${KWSYS_IOS_HAVE_STD})
@@ -440,7 +440,7 @@ KWSYS_PLATFORM_CXX_TEST(KWSYS_CXX_HAS_ARGUMENT_DEPENDENT_LOOKUP
 IF(UNIX)
   KWSYS_PLATFORM_CXX_TEST(KWSYS_STAT_HAS_ST_MTIM
     "Checking whether struct stat has st_mtim member" DIRECT)
-ENDIF(UNIX)
+ENDIF()
 
 # Check existence and uniqueness of long long and __int64.
 KWSYS_PLATFORM_CXX_TEST(KWSYS_CXX_HAS_LONG_LONG
@@ -528,20 +528,20 @@ IF(KWSYS_USE_FundamentalType)
   IF(KWSYS_USE___INT64)
     KWSYS_PLATFORM_CXX_TEST(KWSYS_CAN_CONVERT_UI64_TO_DOUBLE
       "Checking whether unsigned __int64 can convert to double" DIRECT)
-  ELSE(KWSYS_USE___INT64)
+  ELSE()
     SET(KWSYS_CAN_CONVERT_UI64_TO_DOUBLE 1)
-  ENDIF(KWSYS_USE___INT64)
+  ENDIF()
 
   # Check signedness of "char" type.
   KWSYS_PLATFORM_CXX_TEST_RUN(KWSYS_CHAR_IS_SIGNED
     "Checking whether char is signed" DIRECT)
-ENDIF(KWSYS_USE_FundamentalType)
+ENDIF()
 
 IF(KWSYS_USE_Encoding)
   # Look for type size helper macros.
   KWSYS_PLATFORM_CXX_TEST(KWSYS_STL_HAS_WSTRING
     "Checking whether wstring is available" DIRECT)
-ENDIF(KWSYS_USE_Encoding)
+ENDIF()
 
 IF(KWSYS_USE_IOStream)
   # Determine whether iostreams support long long.
@@ -567,26 +567,26 @@ IF(KWSYS_USE_IOStream)
     SET(KWSYS_IOS_HAS_OSTREAM___INT64 0)
   ENDIF()
   SET(KWSYS_PLATFORM_CXX_TEST_DEFINES)
-ENDIF(KWSYS_USE_IOStream)
+ENDIF()
 
 IF(KWSYS_NAMESPACE MATCHES "^kwsys$")
   SET(KWSYS_NAME_IS_KWSYS 1)
-ELSE(KWSYS_NAMESPACE MATCHES "^kwsys$")
+ELSE()
   SET(KWSYS_NAME_IS_KWSYS 0)
-ENDIF(KWSYS_NAMESPACE MATCHES "^kwsys$")
+ENDIF()
 
 # Choose default shared/static build if not specified.
 IF(KWSYS_BUILD_SHARED MATCHES "^KWSYS_BUILD_SHARED$")
   SET(KWSYS_BUILD_SHARED ${BUILD_SHARED_LIBS})
-ENDIF(KWSYS_BUILD_SHARED MATCHES "^KWSYS_BUILD_SHARED$")
+ENDIF()
 
 IF(KWSYS_BUILD_SHARED)
   SET(KWSYS_BUILD_SHARED 1)
   SET(KWSYS_LIBRARY_TYPE SHARED)
-ELSE(KWSYS_BUILD_SHARED)
+ELSE()
   SET(KWSYS_BUILD_SHARED 0)
   SET(KWSYS_LIBRARY_TYPE STATIC)
-ENDIF(KWSYS_BUILD_SHARED)
+ENDIF()
 
 #-----------------------------------------------------------------------------
 # Configure some implementation details.
@@ -789,7 +789,7 @@ ENDIF()
 # Choose a directory for the generated headers.
 IF(NOT KWSYS_HEADER_ROOT)
   SET(KWSYS_HEADER_ROOT "${PROJECT_BINARY_DIR}")
-ENDIF(NOT KWSYS_HEADER_ROOT)
+ENDIF()
 SET(KWSYS_HEADER_DIR "${KWSYS_HEADER_ROOT}/${KWSYS_NAMESPACE}")
 INCLUDE_DIRECTORIES(${KWSYS_HEADER_ROOT})
 
@@ -801,13 +801,13 @@ IF(KWSYS_INSTALL_DOC_DIR)
     SET(KWSYS_INSTALL_LICENSE_OPTIONS ${KWSYS_INSTALL_LICENSE_OPTIONS}
       COMPONENT ${KWSYS_INSTALL_COMPONENT_NAME_RUNTIME}
       )
-  ENDIF(KWSYS_INSTALL_COMPONENT_NAME_RUNTIME)
+  ENDIF()
 
   # Install the license under the documentation directory.
   INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/Copyright.txt
     DESTINATION ${KWSYS_INSTALL_DOC_DIR}/${KWSYS_NAMESPACE}
     ${KWSYS_INSTALL_LICENSE_OPTIONS})
-ENDIF(KWSYS_INSTALL_DOC_DIR)
+ENDIF()
 
 #-----------------------------------------------------------------------------
 # Create STL header wrappers to block warnings in the STL headers and
@@ -844,10 +844,10 @@ FOREACH(header
       INSTALL(FILES ${KWSYS_HEADER_DIR}/stl/${header}.hxx
         DESTINATION ${KWSYS_INSTALL_INCLUDE_DIR}/${KWSYS_NAMESPACE}/stl
         ${KWSYS_INSTALL_INCLUDE_OPTIONS})
-    ENDIF(KWSYS_INSTALL_INCLUDE_DIR)
-  ELSE(KWSYS_STL_HEADER_EXTRA_${header})
+    ENDIF()
+  ELSE()
     SET(KWSYS_STL_HEADER_EXTRA "")
-  ENDIF(KWSYS_STL_HEADER_EXTRA_${header})
+  ENDIF()
   CONFIGURE_FILE(${PROJECT_SOURCE_DIR}/kwsys_stl.hxx.in
                  ${KWSYS_HEADER_DIR}/stl/${header}
                  @ONLY IMMEDIATE)
@@ -857,8 +857,8 @@ FOREACH(header
     INSTALL(FILES ${KWSYS_HEADER_DIR}/stl/${header}
       DESTINATION ${KWSYS_INSTALL_INCLUDE_DIR}/${KWSYS_NAMESPACE}/stl
       ${KWSYS_INSTALL_INCLUDE_OPTIONS})
-  ENDIF(KWSYS_INSTALL_INCLUDE_DIR)
-ENDFOREACH(header)
+  ENDIF()
+ENDFOREACH()
 
 # Provide cstddef header.
 CONFIGURE_FILE(${PROJECT_SOURCE_DIR}/kwsys_cstddef.hxx.in
@@ -868,7 +868,7 @@ IF(KWSYS_INSTALL_INCLUDE_DIR)
   INSTALL(FILES ${KWSYS_HEADER_DIR}/cstddef
     DESTINATION ${KWSYS_INSTALL_INCLUDE_DIR}/${KWSYS_NAMESPACE}
     ${KWSYS_INSTALL_INCLUDE_OPTIONS})
-ENDIF(KWSYS_INSTALL_INCLUDE_DIR)
+ENDIF()
 
 #-----------------------------------------------------------------------------
 # Create streams header wrappers to give standard names by which they
@@ -884,8 +884,8 @@ FOREACH(header iostream fstream sstream iosfwd)
     INSTALL(FILES ${KWSYS_HEADER_DIR}/ios/${header}
       DESTINATION ${KWSYS_INSTALL_INCLUDE_DIR}/${KWSYS_NAMESPACE}/ios
       ${KWSYS_INSTALL_INCLUDE_OPTIONS})
-  ENDIF(KWSYS_INSTALL_INCLUDE_DIR)
-ENDFOREACH(header)
+  ENDIF()
+ENDFOREACH()
 
 #-----------------------------------------------------------------------------
 # Build a list of classes and headers we need to implement the
@@ -910,9 +910,9 @@ FOREACH(cpp ${cppclasses})
     # Load component-specific CMake code.
     IF(EXISTS ${PROJECT_SOURCE_DIR}/kwsys${cpp}.cmake)
       INCLUDE(${PROJECT_SOURCE_DIR}/kwsys${cpp}.cmake)
-    ENDIF(EXISTS ${PROJECT_SOURCE_DIR}/kwsys${cpp}.cmake)
-  ENDIF(KWSYS_USE_${cpp})
-ENDFOREACH(cpp)
+    ENDIF()
+  ENDIF()
+ENDFOREACH()
 
 # Add selected C components.
 FOREACH(c
@@ -925,9 +925,9 @@ FOREACH(c
     # Load component-specific CMake code.
     IF(EXISTS ${PROJECT_SOURCE_DIR}/kwsys${c}.cmake)
       INCLUDE(${PROJECT_SOURCE_DIR}/kwsys${c}.cmake)
-    ENDIF(EXISTS ${PROJECT_SOURCE_DIR}/kwsys${c}.cmake)
-  ENDIF(KWSYS_USE_${c})
-ENDFOREACH(c)
+    ENDIF()
+  ENDIF()
+ENDFOREACH()
 
 #-----------------------------------------------------------------------------
 # Build a list of sources for the library based on components that are
@@ -940,11 +940,11 @@ IF(KWSYS_USE_Process)
   IF(NOT UNIX)
     # Use the Windows implementation.
     SET(KWSYS_C_SRCS ${KWSYS_C_SRCS} ProcessWin32.c)
-  ELSE(NOT UNIX)
+  ELSE()
     # Use the UNIX implementation.
     SET(KWSYS_C_SRCS ${KWSYS_C_SRCS} ProcessUNIX.c)
-  ENDIF(NOT UNIX)
-ENDIF(KWSYS_USE_Process)
+  ENDIF()
+ENDIF()
 
 # Add selected C sources.
 FOREACH(c Base64 Encoding MD5 Terminal System String)
@@ -954,8 +954,8 @@ FOREACH(c Base64 Encoding MD5 Terminal System String)
     ELSE()
       LIST(APPEND KWSYS_C_SRCS ${c}.c)
     ENDIF()
-  ENDIF(KWSYS_USE_${c})
-ENDFOREACH(c)
+  ENDIF()
+ENDFOREACH()
 
 # Configure headers of C++ classes and construct the list of sources.
 FOREACH(c ${KWSYS_CLASSES})
@@ -976,8 +976,8 @@ FOREACH(c ${KWSYS_CLASSES})
     INSTALL(FILES ${KWSYS_HEADER_DIR}/${c}.hxx
       DESTINATION ${KWSYS_INSTALL_INCLUDE_DIR}/${KWSYS_NAMESPACE}
       ${KWSYS_INSTALL_INCLUDE_OPTIONS})
-  ENDIF(KWSYS_INSTALL_INCLUDE_DIR)
-ENDFOREACH(c)
+  ENDIF()
+ENDFOREACH()
 
 # Configure C headers.
 FOREACH(h ${KWSYS_H_FILES})
@@ -991,8 +991,8 @@ FOREACH(h ${KWSYS_H_FILES})
     INSTALL(FILES ${KWSYS_HEADER_DIR}/${h}.h
       DESTINATION ${KWSYS_INSTALL_INCLUDE_DIR}/${KWSYS_NAMESPACE}
       ${KWSYS_INSTALL_INCLUDE_OPTIONS})
-  ENDIF(KWSYS_INSTALL_INCLUDE_DIR)
-ENDFOREACH(h)
+  ENDIF()
+ENDFOREACH()
 
 # Configure other C++ headers.
 FOREACH(h ${KWSYS_HXX_FILES})
@@ -1006,8 +1006,8 @@ FOREACH(h ${KWSYS_HXX_FILES})
     INSTALL(FILES ${KWSYS_HEADER_DIR}/${h}.hxx
       DESTINATION ${KWSYS_INSTALL_INCLUDE_DIR}/${KWSYS_NAMESPACE}
       ${KWSYS_INSTALL_INCLUDE_OPTIONS})
-  ENDIF(KWSYS_INSTALL_INCLUDE_DIR)
-ENDFOREACH(h)
+  ENDIF()
+ENDFOREACH()
 
 #-----------------------------------------------------------------------------
 # Add the library with the configured name and list of sources.
@@ -1018,8 +1018,8 @@ IF(KWSYS_C_SRCS OR KWSYS_CXX_SRCS)
   IF(KWSYS_USE_DynamicLoader)
     IF(UNIX)
       TARGET_LINK_LIBRARIES(${KWSYS_NAMESPACE} ${CMAKE_DL_LIBS})
-    ENDIF(UNIX)
-  ENDIF(KWSYS_USE_DynamicLoader)
+    ENDIF()
+  ENDIF()
 
   IF(KWSYS_USE_SystemInformation)
     IF(WIN32)
@@ -1044,13 +1044,13 @@ IF(KWSYS_C_SRCS OR KWSYS_CXX_SRCS)
     SET_TARGET_PROPERTIES(${KWSYS_NAMESPACE} PROPERTIES
       ${KWSYS_PROPERTIES_CXX}
       )
-  ENDIF(KWSYS_PROPERTIES_CXX)
+  ENDIF()
 
   # Create an install target for the library.
   IF(KWSYS_INSTALL_LIBRARY_RULE)
     INSTALL(TARGETS ${KWSYS_NAMESPACE} ${KWSYS_INSTALL_LIBRARY_RULE})
-  ENDIF(KWSYS_INSTALL_LIBRARY_RULE)
-ENDIF(KWSYS_C_SRCS OR KWSYS_CXX_SRCS)
+  ENDIF()
+ENDIF()
 
 # Add a C-only library if requested.
 IF(KWSYS_ENABLE_C AND KWSYS_C_SRCS)
@@ -1062,20 +1062,20 @@ IF(KWSYS_ENABLE_C AND KWSYS_C_SRCS)
     SET_TARGET_PROPERTIES(${KWSYS_NAMESPACE} PROPERTIES
       ${KWSYS_PROPERTIES_C}
       )
-  ENDIF(KWSYS_PROPERTIES_C)
+  ENDIF()
 
   # Create an install target for the library.
   IF(KWSYS_INSTALL_LIBRARY_RULE)
     INSTALL(TARGETS ${KWSYS_NAMESPACE}_c ${KWSYS_INSTALL_LIBRARY_RULE})
-  ENDIF(KWSYS_INSTALL_LIBRARY_RULE)
-ENDIF(KWSYS_ENABLE_C AND KWSYS_C_SRCS)
+  ENDIF()
+ENDIF()
 
 # For building kwsys itself, we use a macro defined on the command
 # line to configure the namespace in the C and C++ source files.
 ADD_DEFINITIONS("-DKWSYS_NAMESPACE=${KWSYS_NAMESPACE}")
 
 # Disable deprecation warnings for standard C functions.
-IF(MSVC OR (WIN32 AND "${CMAKE_C_COMPILER_ID}" MATCHES "^(Intel)$"))
+IF(MSVC OR (WIN32 AND CMAKE_C_COMPILER_ID STREQUAL "Intel"))
   ADD_DEFINITIONS(
     -D_CRT_NONSTDC_NO_DEPRECATE
     -D_CRT_SECURE_NO_DEPRECATE
@@ -1093,13 +1093,13 @@ IF(KWSYS_USE_String)
   # Activate code in "String.c".  See the comment in the source.
   SET_SOURCE_FILES_PROPERTIES(String.c PROPERTIES
     COMPILE_FLAGS "-DKWSYS_STRING_C")
-ENDIF(KWSYS_USE_String)
+ENDIF()
 
 IF(KWSYS_USE_Encoding)
   # Set default 8 bit encoding in "EndcodingC.c".
   SET_PROPERTY(SOURCE EncodingC.c APPEND PROPERTY COMPILE_DEFINITIONS
     KWSYS_ENCODING_DEFAULT_CODEPAGE=${KWSYS_ENCODING_DEFAULT_CODEPAGE})
-ENDIF(KWSYS_USE_Encoding)
+ENDIF()
 
 #-----------------------------------------------------------------------------
 # Setup testing if not being built as part of another project.
@@ -1109,7 +1109,7 @@ IF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
     SET(EXEC_DIR "${CMAKE_CURRENT_BINARY_DIR}")
     IF(EXECUTABLE_OUTPUT_PATH)
       SET(EXEC_DIR "${EXECUTABLE_OUTPUT_PATH}")
-    ENDIF(EXECUTABLE_OUTPUT_PATH)
+    ENDIF()
 
     # C tests
     SET(KWSYS_C_TESTS
@@ -1129,7 +1129,7 @@ IF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
     FOREACH(test ${KWSYS_C_TESTS})
       ADD_TEST(kwsys.${test} ${EXEC_DIR}/${KWSYS_NAMESPACE}TestsC ${test} ${KWSYS_TEST_ARGS_${test}})
       SET_PROPERTY(TEST kwsys.${test} PROPERTY LABELS ${KWSYS_LABELS_TEST})
-    ENDFOREACH(test)
+    ENDFOREACH()
 
     # C++ tests
     IF(NOT WATCOM)
@@ -1137,7 +1137,7 @@ IF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
         testAutoPtr
         testHashSTL
         )
-    ENDIF(NOT WATCOM)
+    ENDIF()
     SET(KWSYS_CXX_TESTS ${KWSYS_CXX_TESTS}
       testIOS
       testSystemTools
@@ -1148,22 +1148,22 @@ IF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
       SET(KWSYS_CXX_TESTS ${KWSYS_CXX_TESTS}
         testEncoding
         )
-    ENDIF(KWSYS_STL_HAS_WSTRING)
+    ENDIF()
     IF(KWSYS_USE_FStream)
       SET(KWSYS_CXX_TESTS ${KWSYS_CXX_TESTS}
         testFStream
         )
-    ENDIF(KWSYS_USE_FStream)
+    ENDIF()
     IF(KWSYS_USE_SystemInformation)
       SET(KWSYS_CXX_TESTS ${KWSYS_CXX_TESTS} testSystemInformation)
-    ENDIF(KWSYS_USE_SystemInformation)
+    ENDIF()
     IF(KWSYS_USE_DynamicLoader)
       SET(KWSYS_CXX_TESTS ${KWSYS_CXX_TESTS} testDynamicLoader)
       # If kwsys contains the DynamicLoader, need extra library
       ADD_LIBRARY(${KWSYS_NAMESPACE}TestDynload MODULE testDynload.c)
       SET_PROPERTY(TARGET ${KWSYS_NAMESPACE}TestDynload PROPERTY LABELS ${KWSYS_LABELS_LIB})
       ADD_DEPENDENCIES(${KWSYS_NAMESPACE}TestDynload ${KWSYS_NAMESPACE})
-    ENDIF(KWSYS_USE_DynamicLoader)
+    ENDIF()
     CREATE_TEST_SOURCELIST(
       KWSYS_CXX_TEST_SRCS ${KWSYS_NAMESPACE}TestsCxx.cxx
       ${KWSYS_CXX_TESTS}
@@ -1183,7 +1183,7 @@ IF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
       CONFIGURE_FILE("${CMAKE_CURRENT_SOURCE_DIR}/ExtraTest.cmake.in"
         "${CMAKE_CURRENT_BINARY_DIR}/ExtraTest.cmake")
       SET_DIRECTORY_PROPERTIES(PROPERTIES TEST_INCLUDE_FILE "${CMAKE_CURRENT_BINARY_DIR}/ExtraTest.cmake")
-    ENDIF(CTEST_TEST_KWSYS)
+    ENDIF()
 
     SET(KWSYS_TEST_ARGS_testCommandLineArguments
       --another-bool-variable
@@ -1216,7 +1216,7 @@ IF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
     FOREACH(test ${KWSYS_CXX_TESTS})
       ADD_TEST(kwsys.${test} ${EXEC_DIR}/${KWSYS_NAMESPACE}TestsCxx ${test} ${KWSYS_TEST_ARGS_${test}})
       SET_PROPERTY(TEST kwsys.${test} PROPERTY LABELS ${KWSYS_LABELS_TEST})
-    ENDFOREACH(test)
+    ENDFOREACH()
 
     # Process tests.
     ADD_EXECUTABLE(${KWSYS_NAMESPACE}TestProcess testProcess.c)
@@ -1224,15 +1224,15 @@ IF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
     TARGET_LINK_LIBRARIES(${KWSYS_NAMESPACE}TestProcess ${KWSYS_NAMESPACE}_c)
     IF(NOT CYGWIN)
       SET(KWSYS_TEST_PROCESS_7 7)
-    ENDIF(NOT CYGWIN)
+    ENDIF()
     FOREACH(n 1 2 3 4 5 6 ${KWSYS_TEST_PROCESS_7})
       ADD_TEST(kwsys.testProcess-${n} ${EXEC_DIR}/${KWSYS_NAMESPACE}TestProcess ${n})
       SET_PROPERTY(TEST kwsys.testProcess-${n} PROPERTY LABELS ${KWSYS_LABELS_TEST})
       SET_TESTS_PROPERTIES(kwsys.testProcess-${n} PROPERTIES TIMEOUT 120)
-    ENDFOREACH(n)
+    ENDFOREACH()
 
     # Some Apple compilers produce bad optimizations in this source.
-    IF(APPLE AND "${CMAKE_C_COMPILER_ID}" MATCHES "^(GNU|LLVM)$")
+    IF(APPLE AND CMAKE_C_COMPILER_ID MATCHES "^(GNU|LLVM)$")
       SET_SOURCE_FILES_PROPERTIES(testProcess.c PROPERTIES COMPILE_FLAGS -O0)
     ELSEIF(CMAKE_C_COMPILER_ID STREQUAL "XL")
       # Tell IBM XL not to warn about our test infinite loop
@@ -1263,5 +1263,5 @@ IF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
       SET_TESTS_PROPERTIES(${KWSYS_TEST_BOGUS_FAILURES} PROPERTIES WILL_FAIL ON)
     ENDIF()
 
-  ENDIF(BUILD_TESTING)
-ENDIF(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
+  ENDIF()
+ENDIF()
diff --git a/Source/kwsys/Directory.hxx.in b/Source/kwsys/Directory.hxx.in
index 0acb191..1bcf90e 100644
--- a/Source/kwsys/Directory.hxx.in
+++ b/Source/kwsys/Directory.hxx.in
@@ -18,7 +18,6 @@
 /* Define these macros temporarily to keep the code readable.  */
 #if !defined (KWSYS_NAMESPACE) && !@KWSYS_NAMESPACE@_NAME_IS_KWSYS
 # define kwsys_stl @KWSYS_NAMESPACE@_stl
-# define kwsys_ios @KWSYS_NAMESPACE@_ios
 #endif
 
 namespace @KWSYS_NAMESPACE@
@@ -87,7 +86,6 @@ private:
 /* Undefine temporary macros.  */
 #if !defined (KWSYS_NAMESPACE) && !@KWSYS_NAMESPACE@_NAME_IS_KWSYS
 # undef kwsys_stl
-# undef kwsys_ios
 #endif
 
 #endif
diff --git a/Source/kwsys/DynamicLoader.cxx b/Source/kwsys/DynamicLoader.cxx
index 44cf6af..66c7d57 100644
--- a/Source/kwsys/DynamicLoader.cxx
+++ b/Source/kwsys/DynamicLoader.cxx
@@ -40,9 +40,9 @@ namespace KWSYS_NAMESPACE
 {
 
 //----------------------------------------------------------------------------
-DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const char* libname )
+DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const kwsys_stl::string& libname )
 {
-  return shl_load(libname, BIND_DEFERRED | DYNAMIC_PATH, 0L);
+  return shl_load(libname.c_str(), BIND_DEFERRED | DYNAMIC_PATH, 0L);
 }
 
 //----------------------------------------------------------------------------
@@ -53,7 +53,7 @@ int DynamicLoader::CloseLibrary(DynamicLoader::LibraryHandle lib)
 
 //----------------------------------------------------------------------------
 DynamicLoader::SymbolPointer
-DynamicLoader::GetSymbolAddress(DynamicLoader::LibraryHandle lib, const char* sym)
+DynamicLoader::GetSymbolAddress(DynamicLoader::LibraryHandle lib, const kwsys_stl::string& sym)
 {
   void* addr;
   int status;
@@ -62,7 +62,7 @@ DynamicLoader::GetSymbolAddress(DynamicLoader::LibraryHandle lib, const char* sy
    * TYPE_DATA      Look for a symbol in the data segment (for example, variables).
    * TYPE_UNDEFINED Look for any symbol.
    */
-  status = shl_findsym (&lib, sym, TYPE_UNDEFINED, &addr);
+  status = shl_findsym (&lib, sym.c_str(), TYPE_UNDEFINED, &addr);
   void* result = (status < 0) ? (void*)0 : addr;
 
   // Hack to cast pointer-to-data to pointer-to-function.
@@ -111,18 +111,18 @@ namespace KWSYS_NAMESPACE
 {
 
 //----------------------------------------------------------------------------
-DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const char* libname )
+DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const kwsys_stl::string& libname )
 {
   NSObjectFileImageReturnCode rc;
   NSObjectFileImage image = 0;
 
-  rc = NSCreateObjectFileImageFromFile(libname, &image);
+  rc = NSCreateObjectFileImageFromFile(libname.c_str(), &image);
   // rc == NSObjectFileImageInappropriateFile when trying to load a dylib file
   if( rc != NSObjectFileImageSuccess )
     {
     return 0;
     }
-  NSModule handle = NSLinkModule(image, libname,
+  NSModule handle = NSLinkModule(image, libname.c_str(),
     NSLINKMODULE_OPTION_BINDNOW|NSLINKMODULE_OPTION_RETURN_ON_ERROR);
   NSDestroyObjectFileImage(image);
   return handle;
@@ -142,14 +142,14 @@ int DynamicLoader::CloseLibrary( DynamicLoader::LibraryHandle lib)
 
 //----------------------------------------------------------------------------
 DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
-  DynamicLoader::LibraryHandle lib, const char* sym)
+  DynamicLoader::LibraryHandle lib, const kwsys_stl::string& sym)
 {
   void *result=0;
   // Need to prepend symbols with '_' on Apple-gcc compilers
-  size_t len = strlen(sym);
+  size_t len = sym.size();
   char *rsym = new char[len + 1 + 1];
   strcpy(rsym, "_");
-  strcat(rsym+1, sym);
+  strcat(rsym+1, sym.c_str());
 
   NSSymbol symbol = NSLookupSymbolInModule(lib, rsym);
   if(symbol)
@@ -183,13 +183,13 @@ namespace KWSYS_NAMESPACE
 {
 
 //----------------------------------------------------------------------------
-DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const char* libname)
+DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const kwsys_stl::string& libname)
 {
   DynamicLoader::LibraryHandle lh;
-  int length = MultiByteToWideChar(CP_UTF8, 0, libname, -1, NULL, 0);
+  int length = MultiByteToWideChar(CP_UTF8, 0, libname.c_str(), -1, NULL, 0);
   wchar_t* wchars = new wchar_t[length+1];
   wchars[0] = '\0';
-  MultiByteToWideChar(CP_UTF8, 0, libname, -1, wchars, length);
+  MultiByteToWideChar(CP_UTF8, 0, libname.c_str(), -1, wchars, length);
   lh = LoadLibraryW(wchars);
   delete [] wchars;
   return lh;
@@ -203,7 +203,7 @@ int DynamicLoader::CloseLibrary(DynamicLoader::LibraryHandle lib)
 
 //----------------------------------------------------------------------------
 DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
-  DynamicLoader::LibraryHandle lib, const char* sym)
+  DynamicLoader::LibraryHandle lib, const kwsys_stl::string& sym)
 {
   // TODO: The calling convention affects the name of the symbol.  We
   // should have a tool to help get the symbol with the desired
@@ -230,12 +230,12 @@ DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
   void *result;
 #if defined(__BORLANDC__) || defined(__WATCOMC__)
   // Need to prepend symbols with '_'
-  size_t len = strlen(sym);
+  size_t len = sym.size();
   char *rsym = new char[len + 1 + 1];
   strcpy(rsym, "_");
-  strcat(rsym, sym);
+  strcat(rsym, sym.c_str());
 #else
-  const char *rsym = sym;
+  const char *rsym = sym.c_str();
 #endif
   result = (void*)GetProcAddress(lib, rsym);
 #if defined(__BORLANDC__) || defined(__WATCOMC__)
@@ -298,11 +298,11 @@ namespace KWSYS_NAMESPACE
 static image_id last_dynamic_err = B_OK;
 
 //----------------------------------------------------------------------------
-DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const char* libname )
+DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const kwsys_stl::string& libname )
 {
   // image_id's are integers, errors are negative. Add one just in case we
   //  get a valid image_id of zero (is that even possible?).
-  image_id rc = load_add_on(libname);
+  image_id rc = load_add_on(libname.c_str());
   if (rc < 0)
     {
     last_dynamic_err = rc;
@@ -336,7 +336,7 @@ int DynamicLoader::CloseLibrary(DynamicLoader::LibraryHandle lib)
 
 //----------------------------------------------------------------------------
 DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
-  DynamicLoader::LibraryHandle lib, const char* sym)
+  DynamicLoader::LibraryHandle lib, const kwsys_stl::string& sym)
 {
   // Hack to cast pointer-to-data to pointer-to-function.
   union 
@@ -356,7 +356,7 @@ DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
     // !!! FIXME: BeOS can do function-only lookups...does this ever
     // !!! FIXME:  actually _want_ a data symbol lookup, or was this union
     // !!! FIXME:  a leftover of dlsym()? (s/ANY/TEXT for functions only).
-    status_t rc = get_image_symbol(lib-1,sym,B_SYMBOL_TYPE_ANY,&result.pvoid);
+    status_t rc = get_image_symbol(lib-1,sym.c_str(),B_SYMBOL_TYPE_ANY,&result.pvoid);
     if (rc != B_OK)
       {
       last_dynamic_err = rc;
@@ -389,7 +389,7 @@ namespace KWSYS_NAMESPACE
 {
 
 //----------------------------------------------------------------------------
-DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const char* libname )
+DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const kwsys_stl::string& libname )
 {
   return 0;
 }
@@ -407,7 +407,7 @@ int DynamicLoader::CloseLibrary(DynamicLoader::LibraryHandle lib)
 
 //----------------------------------------------------------------------------
 DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
-    DynamicLoader::LibraryHandle lib, const char* sym)
+    DynamicLoader::LibraryHandle lib, const kwsys_stl::string& sym)
 {
   return 0;
 }
@@ -433,12 +433,12 @@ namespace KWSYS_NAMESPACE
 {
 
 //----------------------------------------------------------------------------
-DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const char* libname )
+DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const kwsys_stl::string& libname )
 {
-  char *name = (char *)calloc(1, strlen(libname) + 1);
+  char *name = (char *)calloc(1, libname.size() + 1);
   dld_init(program_invocation_name);
-  strncpy(name, libname, strlen(libname));
-  dld_link(libname);
+  strncpy(name, libname.c_str(), libname.size());
+  dld_link(libname.c_str());
   return (void *)name;
 }
 
@@ -452,7 +452,7 @@ int DynamicLoader::CloseLibrary(DynamicLoader::LibraryHandle lib)
 
 //----------------------------------------------------------------------------
 DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
-  DynamicLoader::LibraryHandle lib, const char* sym)
+  DynamicLoader::LibraryHandle lib, const kwsys_stl::string& sym)
 {
   // Hack to cast pointer-to-data to pointer-to-function.
   union
@@ -460,7 +460,7 @@ DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
     void* pvoid;
     DynamicLoader::SymbolPointer psym;
   } result;
-  result.pvoid = dld_get_symbol(sym);
+  result.pvoid = dld_get_symbol(sym.c_str());
   return result.psym;
 }
 
@@ -485,9 +485,9 @@ namespace KWSYS_NAMESPACE
 {
 
 //----------------------------------------------------------------------------
-DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const char* libname )
+DynamicLoader::LibraryHandle DynamicLoader::OpenLibrary(const kwsys_stl::string& libname )
 {
-  return dlopen(libname, RTLD_LAZY);
+  return dlopen(libname.c_str(), RTLD_LAZY);
 }
 
 //----------------------------------------------------------------------------
@@ -504,7 +504,7 @@ int DynamicLoader::CloseLibrary(DynamicLoader::LibraryHandle lib)
 
 //----------------------------------------------------------------------------
 DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
-  DynamicLoader::LibraryHandle lib, const char* sym)
+  DynamicLoader::LibraryHandle lib, const kwsys_stl::string& sym)
 {
   // Hack to cast pointer-to-data to pointer-to-function.
   union 
@@ -512,7 +512,7 @@ DynamicLoader::SymbolPointer DynamicLoader::GetSymbolAddress(
     void* pvoid;
     DynamicLoader::SymbolPointer psym;
   } result;
-  result.pvoid = dlsym(lib, sym);
+  result.pvoid = dlsym(lib, sym.c_str());
   return result.psym;
 }
 
diff --git a/Source/kwsys/DynamicLoader.hxx.in b/Source/kwsys/DynamicLoader.hxx.in
index 64468ec..75811ab 100644
--- a/Source/kwsys/DynamicLoader.hxx.in
+++ b/Source/kwsys/DynamicLoader.hxx.in
@@ -13,6 +13,7 @@
 #define @KWSYS_NAMESPACE@_DynamicLoader_hxx
 
 #include <@KWSYS_NAMESPACE@/Configure.h>
+#include <@KWSYS_NAMESPACE@/stl/string>
 
 #if defined(__hpux)
   #include <dl.h>
@@ -27,6 +28,11 @@
   #include <be/kernel/image.h>
 #endif
 
+/* Define these macros temporarily to keep the code readable.  */
+#if !defined (KWSYS_NAMESPACE) && !@KWSYS_NAMESPACE@_NAME_IS_KWSYS
+# define kwsys_stl @KWSYS_NAMESPACE@_stl
+#endif
+
 namespace @KWSYS_NAMESPACE@
 {
 /** \class DynamicLoader
@@ -77,14 +83,14 @@ public:
   /** Load a dynamic library into the current process.
    * The returned LibraryHandle can be used to access the symbols in the
    * library. */
-  static LibraryHandle OpenLibrary(const char*);
+  static LibraryHandle OpenLibrary(const kwsys_stl::string&);
 
   /** Attempt to detach a dynamic library from the
    * process.  A value of true is returned if it is sucessful. */
   static int CloseLibrary(LibraryHandle);
 
   /** Find the address of the symbol in the given library. */
-  static SymbolPointer GetSymbolAddress(LibraryHandle, const char*);
+  static SymbolPointer GetSymbolAddress(LibraryHandle, const kwsys_stl::string&);
 
   /** Return the default module prefix for the current platform.  */
   static const char* LibPrefix() { return "@KWSYS_DynamicLoader_PREFIX@"; }
@@ -98,4 +104,9 @@ public:
 
 } // namespace @KWSYS_NAMESPACE@
 
+/* Undefine temporary macros.  */
+#if !defined (KWSYS_NAMESPACE) && !@KWSYS_NAMESPACE@_NAME_IS_KWSYS
+# undef kwsys_stl
+#endif
+
 #endif
diff --git a/Source/kwsys/Glob.cxx b/Source/kwsys/Glob.cxx
index 0916d2e..5a96aed 100644
--- a/Source/kwsys/Glob.cxx
+++ b/Source/kwsys/Glob.cxx
@@ -501,7 +501,7 @@ void Glob::AddFile(kwsys_stl::vector<kwsys_stl::string>& files, const kwsys_stl:
 {
   if ( !this->Relative.empty() )
     {
-    files.push_back(kwsys::SystemTools::RelativePath(this->Relative.c_str(), file.c_str()));
+    files.push_back(kwsys::SystemTools::RelativePath(this->Relative, file));
     }
   else
     {
diff --git a/Source/kwsys/SystemInformation.cxx b/Source/kwsys/SystemInformation.cxx
index c4aeb47..3e1a1ab 100644
--- a/Source/kwsys/SystemInformation.cxx
+++ b/Source/kwsys/SystemInformation.cxx
@@ -5156,7 +5156,7 @@ bool SystemInformationImplementation::QueryOSInformation()
             }
           }
 
-        sprintf (operatingSystem, "%s (Build %ld)", osvi.szCSDVersion, osvi.dwBuildNumber & 0xFFFF);
+        sprintf (operatingSystem, "%ls (Build %ld)", osvi.szCSDVersion, osvi.dwBuildNumber & 0xFFFF);
         this->OSVersion = operatingSystem;
         }
       else
@@ -5205,7 +5205,7 @@ bool SystemInformationImplementation::QueryOSInformation()
       if (osvi.dwMajorVersion <= 4)
         {
         // NB: NT 4.0 and earlier.
-        sprintf (operatingSystem, "version %ld.%ld %s (Build %ld)",
+        sprintf (operatingSystem, "version %ld.%ld %ls (Build %ld)",
                  osvi.dwMajorVersion,
                  osvi.dwMinorVersion,
                  osvi.szCSDVersion,
@@ -5236,7 +5236,7 @@ bool SystemInformationImplementation::QueryOSInformation()
       else
         {
         // Windows 2000 and everything else.
-        sprintf (operatingSystem,"%s (Build %ld)", osvi.szCSDVersion, osvi.dwBuildNumber & 0xFFFF);
+        sprintf (operatingSystem,"%ls (Build %ld)", osvi.szCSDVersion, osvi.dwBuildNumber & 0xFFFF);
         this->OSVersion = operatingSystem;
         }
       break;
diff --git a/Source/kwsys/SystemTools.cxx b/Source/kwsys/SystemTools.cxx
index b1221e3..e4c82d8 100644
--- a/Source/kwsys/SystemTools.cxx
+++ b/Source/kwsys/SystemTools.cxx
@@ -222,7 +222,7 @@ inline int Rmdir(const kwsys_stl::string& dir)
 inline const char* Getcwd(char* buf, unsigned int len)
 {
   std::vector<wchar_t> w_buf(len);
-  if(const wchar_t* ret = _wgetcwd(&w_buf[0], len))
+  if(_wgetcwd(&w_buf[0], len))
     {
     // make sure the drive letter is capital
     if(wcslen(&w_buf[0]) > 1 && w_buf[1] == L':')
@@ -385,6 +385,11 @@ const char* SystemTools::GetEnv(const char* key)
   return getenv(key);
 }
 
+const char* SystemTools::GetEnv(const kwsys_stl::string& key)
+{
+  return SystemTools::GetEnv(key.c_str());
+}
+
 bool SystemTools::GetEnv(const char* key, kwsys_stl::string& result)
 {
   const char* v = getenv(key);
@@ -399,6 +404,11 @@ bool SystemTools::GetEnv(const char* key, kwsys_stl::string& result)
     }
 }
 
+bool SystemTools::GetEnv(const kwsys_stl::string& key, kwsys_stl::string& result)
+{
+  return SystemTools::GetEnv(key.c_str(), result);
+}
+
 //----------------------------------------------------------------------------
 
 #if defined(__CYGWIN__) || defined(__GLIBC__)
@@ -410,27 +420,28 @@ bool SystemTools::GetEnv(const char* key, kwsys_stl::string& result)
 #if KWSYS_CXX_HAS_UNSETENV
 /* unsetenv("A") removes A from the environment.
    On older platforms it returns void instead of int.  */
-static int kwsysUnPutEnv(const char* env)
+static int kwsysUnPutEnv(const kwsys_stl::string& env)
 {
-  if(const char* eq = strchr(env, '='))
+  size_t pos = env.find('=');
+  if(pos != env.npos)
     {
-    std::string name(env, eq-env);
+    std::string name = env.substr(0, pos);
     unsetenv(name.c_str());
     }
   else
     {
-    unsetenv(env);
+    unsetenv(env.c_str());
     }
   return 0;
 }
 
 #elif defined(KWSYS_PUTENV_EMPTY) || defined(KWSYS_PUTENV_NAME)
 /* putenv("A=") or putenv("A") removes A from the environment.  */
-static int kwsysUnPutEnv(const char* env)
+static int kwsysUnPutEnv(const kwsys_stl::string& env)
 {
   int err = 0;
-  const char* eq = strchr(env, '=');
-  size_t const len = eq? (size_t)(eq-env) : strlen(env);
+  size_t pos = env.find('=');
+  size_t const len = pos == env.npos ? env.size() : pos;
 # ifdef KWSYS_PUTENV_EMPTY
   size_t const sz = len + 2;
 # else
@@ -442,7 +453,7 @@ static int kwsysUnPutEnv(const char* env)
     {
     return -1;
     }
-  strncpy(buf, env, len);
+  strncpy(buf, env.c_str(), len);
 # ifdef KWSYS_PUTENV_EMPTY
   buf[len] = '=';
   buf[len+1] = 0;
@@ -471,17 +482,17 @@ static int kwsysUnPutEnv(const char* env)
 
 #else
 /* Manipulate the "environ" global directly.  */
-static int kwsysUnPutEnv(const char* env)
+static int kwsysUnPutEnv(const kwsys_stl::string& env)
 {
-  const char* eq = strchr(env, '=');
-  size_t const len = eq? (size_t)(eq-env) : strlen(env);
+  size_t pos = env.find('=');
+  size_t const len = pos == env.npos ? env.size() : pos;
   int in = 0;
   int out = 0;
   while(environ[in])
     {
     if(strlen(environ[in]) > len &&
        environ[in][len] == '=' &&
-       strncmp(env, environ[in], len) == 0)
+       strncmp(env.c_str(), environ[in], len) == 0)
       {
       ++in;
       }
@@ -504,12 +515,13 @@ static int kwsysUnPutEnv(const char* env)
 
 /* setenv("A", "B", 1) will set A=B in the environment and makes its
    own copies of the strings.  */
-bool SystemTools::PutEnv(const char* env)
+bool SystemTools::PutEnv(const kwsys_stl::string& env)
 {
-  if(const char* eq = strchr(env, '='))
+  size_t pos = env.find('=');
+  if(pos != env.npos)
     {
-    std::string name(env, eq-env);
-    return setenv(name.c_str(), eq+1, 1) == 0;
+    std::string name = env.substr(0, pos);
+    return setenv(name.c_str(), env.c_str() + pos + 1, 1) == 0;
     }
   else
     {
@@ -517,7 +529,7 @@ bool SystemTools::PutEnv(const char* env)
     }
 }
 
-bool SystemTools::UnPutEnv(const char* env)
+bool SystemTools::UnPutEnv(const kwsys_stl::string& env)
 {
   return kwsysUnPutEnv(env) == 0;
 }
@@ -603,14 +615,14 @@ public:
 
 static kwsysEnv kwsysEnvInstance;
 
-bool SystemTools::PutEnv(const char* env)
+bool SystemTools::PutEnv(const kwsys_stl::string& env)
 {
-  return kwsysEnvInstance.Put(env);
+  return kwsysEnvInstance.Put(env.c_str());
 }
 
-bool SystemTools::UnPutEnv(const char* env)
+bool SystemTools::UnPutEnv(const kwsys_stl::string& env)
 {
-  return kwsysEnvInstance.UnPut(env);
+  return kwsysEnvInstance.UnPut(env.c_str());
 }
 
 #endif
@@ -689,8 +701,35 @@ bool SystemTools::MakeDirectory(const kwsys_stl::string& path)
 // replace replace with with as many times as it shows up in source.
 // write the result into source.
 void SystemTools::ReplaceString(kwsys_stl::string& source,
-                                   const char* replace,
-                                   const char* with)
+                                const kwsys_stl::string& replace,
+                                const kwsys_stl::string& with)
+{
+  // do while hangs if replaceSize is 0
+  if (replace.empty())
+    {
+    return;
+    }
+
+  SystemTools::ReplaceString(source, replace.c_str(), replace.size(), with);
+}
+
+void SystemTools::ReplaceString(kwsys_stl::string& source,
+                                const char* replace,
+                                const char* with)
+{
+  // do while hangs if replaceSize is 0
+  if (!*replace)
+    {
+    return;
+    }
+
+  SystemTools::ReplaceString(source, replace, strlen(replace), with ? with : "");
+}
+
+void SystemTools::ReplaceString(kwsys_stl::string& source,
+                                const char* replace,
+                                size_t replaceSize,
+                                const kwsys_stl::string& with)
 {
   const char *src = source.c_str();
   char *searchPos = const_cast<char *>(strstr(src,replace));
@@ -702,12 +741,6 @@ void SystemTools::ReplaceString(kwsys_stl::string& source,
     }
 
   // perform replacements until done
-  size_t replaceSize = strlen(replace);
-  // do while hangs if replaceSize is 0
-  if(replaceSize == 0)
-    {
-    return;
-    }
   char *orig = strdup(src);
   char *currentPos = orig;
   searchPos = searchPos - src + orig;
@@ -739,20 +772,20 @@ void SystemTools::ReplaceString(kwsys_stl::string& source,
 #endif
 
 #if defined(_WIN32) && !defined(__CYGWIN__)
-static bool SystemToolsParseRegistryKey(const char* key,
+static bool SystemToolsParseRegistryKey(const kwsys_stl::string& key,
                                         HKEY& primaryKey,
                                         kwsys_stl::string& second,
                                         kwsys_stl::string& valuename)
 {
   kwsys_stl::string primary = key;
 
-  size_t start = primary.find("\\");
+  size_t start = primary.find('\\');
   if (start == kwsys_stl::string::npos)
     {
     return false;
     }
 
-  size_t valuenamepos = primary.find(";");
+  size_t valuenamepos = primary.find(';');
   if (valuenamepos != kwsys_stl::string::npos)
     {
     valuename = primary.substr(valuenamepos+1);
@@ -810,7 +843,7 @@ static DWORD SystemToolsMakeRegistryMode(DWORD mode,
 
 #if defined(_WIN32) && !defined(__CYGWIN__)
 bool
-SystemTools::GetRegistrySubKeys(const char *key,
+SystemTools::GetRegistrySubKeys(const kwsys_stl::string& key,
                                 kwsys_stl::vector<kwsys_stl::string>& subkeys,
                                 KeyWOW64 view)
 {
@@ -849,7 +882,7 @@ SystemTools::GetRegistrySubKeys(const char *key,
   return true;
 }
 #else
-bool SystemTools::GetRegistrySubKeys(const char *,
+bool SystemTools::GetRegistrySubKeys(const kwsys_stl::string&,
                                      kwsys_stl::vector<kwsys_stl::string>&,
                                      KeyWOW64)
 {
@@ -865,7 +898,7 @@ bool SystemTools::GetRegistrySubKeys(const char *,
 //      =>  will return the data of the "Root" value of the key
 
 #if defined(_WIN32) && !defined(__CYGWIN__)
-bool SystemTools::ReadRegistryValue(const char *key, kwsys_stl::string &value,
+bool SystemTools::ReadRegistryValue(const kwsys_stl::string& key, kwsys_stl::string &value,
                                     KeyWOW64 view)
 {
   bool valueset = false;
@@ -922,7 +955,7 @@ bool SystemTools::ReadRegistryValue(const char *key, kwsys_stl::string &value,
   return valueset;
 }
 #else
-bool SystemTools::ReadRegistryValue(const char *, kwsys_stl::string &,
+bool SystemTools::ReadRegistryValue(const kwsys_stl::string&, kwsys_stl::string &,
                                     KeyWOW64)
 {
   return false;
@@ -938,7 +971,8 @@ bool SystemTools::ReadRegistryValue(const char *, kwsys_stl::string &,
 //      =>  will set the data of the "Root" value of the key
 
 #if defined(_WIN32) && !defined(__CYGWIN__)
-bool SystemTools::WriteRegistryValue(const char *key, const char *value,
+bool SystemTools::WriteRegistryValue(const kwsys_stl::string& key,
+                                     const kwsys_stl::string& value,
                                      KeyWOW64 view)
 {
   HKEY primaryKey = HKEY_CURRENT_USER;
@@ -978,7 +1012,7 @@ bool SystemTools::WriteRegistryValue(const char *key, const char *value,
   return false;
 }
 #else
-bool SystemTools::WriteRegistryValue(const char *, const char *, KeyWOW64)
+bool SystemTools::WriteRegistryValue(const kwsys_stl::string&, const kwsys_stl::string&, KeyWOW64)
 {
   return false;
 }
@@ -992,7 +1026,7 @@ bool SystemTools::WriteRegistryValue(const char *, const char *, KeyWOW64)
 //      =>  will delete  the data of the "Root" value of the key
 
 #if defined(_WIN32) && !defined(__CYGWIN__)
-bool SystemTools::DeleteRegistryValue(const char *key, KeyWOW64 view)
+bool SystemTools::DeleteRegistryValue(const kwsys_stl::string& key, KeyWOW64 view)
 {
   HKEY primaryKey = HKEY_CURRENT_USER;
   kwsys_stl::string second;
@@ -1023,7 +1057,7 @@ bool SystemTools::DeleteRegistryValue(const char *key, KeyWOW64 view)
   return false;
 }
 #else
-bool SystemTools::DeleteRegistryValue(const char *, KeyWOW64)
+bool SystemTools::DeleteRegistryValue(const kwsys_stl::string&, KeyWOW64)
 {
   return false;
 }
@@ -2245,12 +2279,13 @@ bool SystemTools::CopyFileAlways(const kwsys_stl::string& source, const kwsys_st
   SystemTools::MakeDirectory(destination_dir);
 
   // Open files
-
-#if defined(_WIN32) || defined(__CYGWIN__)
-  kwsys::ifstream fin(source.c_str(),
-                kwsys_ios::ios::binary | kwsys_ios::ios::in);
+#if defined(_WIN32)
+  kwsys::ifstream fin(Encoding::ToNarrow(
+    SystemTools::ConvertToWindowsExtendedPath(source)).c_str(),
+                kwsys_ios::ios::in | kwsys_ios_binary);
 #else
-  kwsys::ifstream fin(source.c_str());
+  kwsys::ifstream fin(source.c_str(),
+                kwsys_ios::ios::in | kwsys_ios_binary);
 #endif
   if(!fin)
     {
@@ -2263,12 +2298,13 @@ bool SystemTools::CopyFileAlways(const kwsys_stl::string& source, const kwsys_st
   // that do not allow file removal can be modified.
   SystemTools::RemoveFile(real_destination);
 
-#if defined(_WIN32) || defined(__CYGWIN__)
-  kwsys::ofstream fout(real_destination.c_str(),
-                     kwsys_ios::ios::binary | kwsys_ios::ios::out | kwsys_ios::ios::trunc);
+#if defined(_WIN32)
+  kwsys::ofstream fout(Encoding::ToNarrow(
+    SystemTools::ConvertToWindowsExtendedPath(real_destination)).c_str(),
+                     kwsys_ios::ios::out | kwsys_ios::ios::trunc | kwsys_ios_binary);
 #else
   kwsys::ofstream fout(real_destination.c_str(),
-                     kwsys_ios::ios::out | kwsys_ios::ios::trunc);
+                     kwsys_ios::ios::out | kwsys_ios::ios::trunc | kwsys_ios_binary);
 #endif
   if(!fout)
     {
@@ -2379,7 +2415,7 @@ bool SystemTools::CopyADirectory(const kwsys_stl::string& source, const kwsys_st
 
 
 // return size of file; also returns zero if no file exists
-unsigned long SystemTools::FileLength(const char* filename)
+unsigned long SystemTools::FileLength(const kwsys_stl::string& filename)
 {
   unsigned long length = 0;
 #ifdef _WIN32
@@ -2397,7 +2433,7 @@ unsigned long SystemTools::FileLength(const char* filename)
     }
 #else
   struct stat fs;
-  if (stat(filename, &fs) == 0)
+  if (stat(filename.c_str(), &fs) == 0)
     {
     length = static_cast<unsigned long>(fs.st_size);
     }
@@ -2663,7 +2699,7 @@ size_t SystemTools::GetMaximumFilePathLength()
  * found.  Otherwise, the empty string is returned.
  */
 kwsys_stl::string SystemTools
-::FindName(const char* name,
+::FindName(const kwsys_stl::string& name,
            const kwsys_stl::vector<kwsys_stl::string>& userPaths,
            bool no_system_path)
 {
@@ -2716,7 +2752,7 @@ kwsys_stl::string SystemTools
  * found.  Otherwise, the empty string is returned.
  */
 kwsys_stl::string SystemTools
-::FindFile(const char* name,
+::FindFile(const kwsys_stl::string& name,
            const kwsys_stl::vector<kwsys_stl::string>& userPaths,
            bool no_system_path)
 {
@@ -2735,7 +2771,7 @@ kwsys_stl::string SystemTools
  * found.  Otherwise, the empty string is returned.
  */
 kwsys_stl::string SystemTools
-::FindDirectory(const char* name,
+::FindDirectory(const kwsys_stl::string& name,
                 const kwsys_stl::vector<kwsys_stl::string>& userPaths,
                 bool no_system_path)
 {
@@ -3078,29 +3114,29 @@ bool SystemTools::FileIsSymlink(const kwsys_stl::string& name)
 }
 
 #if defined(_WIN32) && !defined(__CYGWIN__)
-bool SystemTools::CreateSymlink(const char*, const char*)
+bool SystemTools::CreateSymlink(const kwsys_stl::string&, const kwsys_stl::string&)
 {
   return false;
 }
 #else
-bool SystemTools::CreateSymlink(const char* origName, const char* newName)
+bool SystemTools::CreateSymlink(const kwsys_stl::string& origName, const kwsys_stl::string& newName)
 {
-  return symlink(origName, newName) >= 0;
+  return symlink(origName.c_str(), newName.c_str()) >= 0;
 }
 #endif
 
 #if defined(_WIN32) && !defined(__CYGWIN__)
-bool SystemTools::ReadSymlink(const char*, kwsys_stl::string&)
+bool SystemTools::ReadSymlink(const kwsys_stl::string&, kwsys_stl::string&)
 {
   return false;
 }
 #else
-bool SystemTools::ReadSymlink(const char* newName,
+bool SystemTools::ReadSymlink(const kwsys_stl::string& newName,
                               kwsys_stl::string& origName)
 {
   char buf[KWSYS_SYSTEMTOOLS_MAXPATH+1];
   int count =
-    static_cast<int>(readlink(newName, buf, KWSYS_SYSTEMTOOLS_MAXPATH));
+    static_cast<int>(readlink(newName.c_str(), buf, KWSYS_SYSTEMTOOLS_MAXPATH));
   if(count >= 0)
     {
     // Add null-terminator.
@@ -3136,14 +3172,14 @@ kwsys_stl::string SystemTools::GetCurrentWorkingDirectory(bool collapse)
   return path;
 }
 
-kwsys_stl::string SystemTools::GetProgramPath(const char* in_name)
+kwsys_stl::string SystemTools::GetProgramPath(const kwsys_stl::string& in_name)
 {
   kwsys_stl::string dir, file;
   SystemTools::SplitProgramPath(in_name, dir, file);
   return dir;
 }
 
-bool SystemTools::SplitProgramPath(const char* in_name,
+bool SystemTools::SplitProgramPath(const kwsys_stl::string& in_name,
                                    kwsys_stl::string& dir,
                                    kwsys_stl::string& file,
                                    bool)
@@ -3409,7 +3445,62 @@ kwsys_stl::string SystemTools::CollapseFullPath(const kwsys_stl::string& in_path
 
   SystemTools::CheckTranslationPath(newPath);
 #ifdef _WIN32
-  newPath = SystemTools::GetActualCaseForPath(newPath.c_str());
+  newPath = SystemTools::GetActualCaseForPath(newPath);
+  SystemTools::ConvertToUnixSlashes(newPath);
+#endif
+  // Return the reconstructed path.
+  return newPath;
+}
+
+kwsys_stl::string SystemTools::CollapseFullPath(const kwsys_stl::string& in_path,
+                                                const kwsys_stl::string& in_base)
+{
+  // Collect the output path components.
+  kwsys_stl::vector<kwsys_stl::string> out_components;
+
+  // Split the input path components.
+  kwsys_stl::vector<kwsys_stl::string> path_components;
+  SystemTools::SplitPath(in_path, path_components);
+
+  // If the input path is relative, start with a base path.
+  if(path_components[0].length() == 0)
+    {
+    kwsys_stl::vector<kwsys_stl::string> base_components;
+    // Use the given base path.
+    SystemTools::SplitPath(in_base, base_components);
+
+    // Append base path components to the output path.
+    out_components.push_back(base_components[0]);
+    SystemToolsAppendComponents(out_components,
+                                base_components.begin()+1,
+                                base_components.end());
+    }
+
+  // Append input path components to the output path.
+  SystemToolsAppendComponents(out_components,
+                              path_components.begin(),
+                              path_components.end());
+
+  // Transform the path back to a string.
+  kwsys_stl::string newPath = SystemTools::JoinPath(out_components);
+
+  // Update the translation table with this potentially new path.  I am not
+  // sure why this line is here, it seems really questionable, but yet I
+  // would put good money that if I remove it something will break, basically
+  // from what I can see it created a mapping from the collapsed path, to be
+  // replaced by the input path, which almost completely does the opposite of
+  // this function, the only thing preventing this from happening a lot is
+  // that if the in_path has a .. in it, then it is not added to the
+  // translation table. So for most calls this either does nothing due to the
+  // ..  or it adds a translation between identical paths as nothing was
+  // collapsed, so I am going to try to comment it out, and see what hits the
+  // fan, hopefully quickly.
+  // Commented out line below:
+  //SystemTools::AddTranslationPath(newPath, in_path);
+
+  SystemTools::CheckTranslationPath(newPath);
+#ifdef _WIN32
+  newPath = SystemTools::GetActualCaseForPath(newPath);
   SystemTools::ConvertToUnixSlashes(newPath);
 #endif
   // Return the reconstructed path.
@@ -3569,7 +3660,7 @@ static int GetCasePathName(const kwsys_stl::string & pathIn,
 
 
 //----------------------------------------------------------------------------
-kwsys_stl::string SystemTools::GetActualCaseForPath(const char* p)
+kwsys_stl::string SystemTools::GetActualCaseForPath(const kwsys_stl::string& p)
 {
 #ifndef _WIN32
   return p;
@@ -3930,7 +4021,7 @@ kwsys_stl::string SystemTools::GetFilenameName(const kwsys_stl::string& filename
 kwsys_stl::string SystemTools::GetFilenameExtension(const kwsys_stl::string& filename)
 {
   kwsys_stl::string name = SystemTools::GetFilenameName(filename);
-  kwsys_stl::string::size_type dot_pos = name.find(".");
+  kwsys_stl::string::size_type dot_pos = name.find('.');
   if(dot_pos != kwsys_stl::string::npos)
     {
     return name.substr(dot_pos);
@@ -3948,7 +4039,7 @@ kwsys_stl::string SystemTools::GetFilenameExtension(const kwsys_stl::string& fil
 kwsys_stl::string SystemTools::GetFilenameLastExtension(const kwsys_stl::string& filename)
 {
   kwsys_stl::string name = SystemTools::GetFilenameName(filename);
-  kwsys_stl::string::size_type dot_pos = name.rfind(".");
+  kwsys_stl::string::size_type dot_pos = name.rfind('.');
   if(dot_pos != kwsys_stl::string::npos)
     {
     return name.substr(dot_pos);
@@ -3966,7 +4057,7 @@ kwsys_stl::string SystemTools::GetFilenameLastExtension(const kwsys_stl::string&
 kwsys_stl::string SystemTools::GetFilenameWithoutExtension(const kwsys_stl::string& filename)
 {
   kwsys_stl::string name = SystemTools::GetFilenameName(filename);
-  kwsys_stl::string::size_type dot_pos = name.find(".");
+  kwsys_stl::string::size_type dot_pos = name.find('.');
   if(dot_pos != kwsys_stl::string::npos)
     {
     return name.substr(0, dot_pos);
@@ -3987,7 +4078,7 @@ kwsys_stl::string
 SystemTools::GetFilenameWithoutLastExtension(const kwsys_stl::string& filename)
 {
   kwsys_stl::string name = SystemTools::GetFilenameName(filename);
-  kwsys_stl::string::size_type dot_pos = name.rfind(".");
+  kwsys_stl::string::size_type dot_pos = name.rfind('.');
   if(dot_pos != kwsys_stl::string::npos)
     {
     return name.substr(0, dot_pos);
@@ -4276,7 +4367,7 @@ bool SystemTools::GetShortPath(const kwsys_stl::string& path, kwsys_stl::string&
 #endif
 }
 
-void SystemTools::SplitProgramFromArgs(const char* path,
+void SystemTools::SplitProgramFromArgs(const kwsys_stl::string& path,
                                        kwsys_stl::string& program, kwsys_stl::string& args)
 {
   // see if this is a full path to a program
@@ -4352,7 +4443,7 @@ kwsys_stl::string SystemTools::GetCurrentDateTime(const char* format)
   return kwsys_stl::string(buf);
 }
 
-kwsys_stl::string SystemTools::MakeCidentifier(const char* s)
+kwsys_stl::string SystemTools::MakeCidentifier(const kwsys_stl::string& s)
 {
   kwsys_stl::string str(s);
   if (str.find_first_of("0123456789") == 0)
diff --git a/Source/kwsys/SystemTools.hxx.in b/Source/kwsys/SystemTools.hxx.in
index e88bc8f..beb2a7e 100644
--- a/Source/kwsys/SystemTools.hxx.in
+++ b/Source/kwsys/SystemTools.hxx.in
@@ -89,9 +89,9 @@ public:
    * then an underscore is prepended.  Note that this can produce
    * identifiers that the standard reserves (_[A-Z].* and __.*).
    */
-  static kwsys_stl::string MakeCidentifier(const char* s);
+  static kwsys_stl::string MakeCidentifier(const kwsys_stl::string& s);
 
-  static kwsys_stl::string MakeCindentifier(const char* s)
+  static kwsys_stl::string MakeCindentifier(const kwsys_stl::string& s)
   {
     return MakeCidentifier(s);
   }
@@ -102,6 +102,9 @@ public:
   static void ReplaceString(kwsys_stl::string& source,
                             const char* replace,
                             const char* with);
+  static void ReplaceString(kwsys_stl::string& source,
+                            const kwsys_stl::string& replace,
+                            const kwsys_stl::string& with);
 
   /**
    * Return a capitalized string (i.e the first letter is uppercased,
@@ -306,7 +309,7 @@ public:
   /**
    * Return file length
    */
-  static unsigned long FileLength(const char *filename);
+  static unsigned long FileLength(const kwsys_stl::string& filename);
 
   /**
      Change the modification time or create a file
@@ -335,15 +338,15 @@ public:
    *  does not exist path is returned unchanged.  This does nothing
    *  on unix but return path.
    */
-  static kwsys_stl::string GetActualCaseForPath(const char* path);
+  static kwsys_stl::string GetActualCaseForPath(const kwsys_stl::string& path);
 
   /**
    * Given the path to a program executable, get the directory part of
    * the path with the file stripped off.  If there is no directory
    * part, the empty string is returned.
    */
-  static kwsys_stl::string GetProgramPath(const char*);
-  static bool SplitProgramPath(const char* in_name,
+  static kwsys_stl::string GetProgramPath(const kwsys_stl::string&);
+  static bool SplitProgramPath(const kwsys_stl::string& in_name,
                                kwsys_stl::string& dir,
                                kwsys_stl::string& file,
                                bool errorReport = true);
@@ -376,6 +379,8 @@ public:
   static kwsys_stl::string CollapseFullPath(const kwsys_stl::string& in_relative);
   static kwsys_stl::string CollapseFullPath(const kwsys_stl::string& in_relative,
                                             const char* in_base);
+  static kwsys_stl::string CollapseFullPath(const kwsys_stl::string& in_relative,
+                                            const kwsys_stl::string& in_base);
 
   /** 
    * Get the real path for a given path, removing all symlinks.  In
@@ -446,7 +451,7 @@ public:
    * Split a program from its arguments and handle spaces in the paths
    */
   static void SplitProgramFromArgs(
-    const char* path,
+    const kwsys_stl::string& path,
     kwsys_stl::string& program, kwsys_stl::string& args);
 
   /**
@@ -582,7 +587,7 @@ public:
    * Find a file in the system PATH, with optional extra paths
    */
   static kwsys_stl::string FindFile(
-    const char* name,
+    const kwsys_stl::string& name,
     const kwsys_stl::vector<kwsys_stl::string>& path = 
     kwsys_stl::vector<kwsys_stl::string>(),
     bool no_system_path = false);
@@ -591,7 +596,7 @@ public:
    * Find a directory in the system PATH, with optional extra paths
    */
   static kwsys_stl::string FindDirectory(
-    const char* name,
+    const kwsys_stl::string& name,
     const kwsys_stl::vector<kwsys_stl::string>& path = 
     kwsys_stl::vector<kwsys_stl::string>(),
     bool no_system_path = false);
@@ -662,13 +667,13 @@ public:
    * Create a symbolic link if the platform supports it.  Returns whether
    * creation succeded.
    */
-  static bool CreateSymlink(const char* origName, const char* newName);
+  static bool CreateSymlink(const kwsys_stl::string& origName, const kwsys_stl::string& newName);
 
   /**
    * Read the contents of a symbolic link.  Returns whether reading
    * succeded.
    */
-  static bool ReadSymlink(const char* newName, kwsys_stl::string& origName);
+  static bool ReadSymlink(const kwsys_stl::string& newName, kwsys_stl::string& origName);
 
   /**
    * Try to locate the file 'filename' in the directory 'dir'.
@@ -750,26 +755,26 @@ public:
   /**
    * Get a list of subkeys.
    */
-  static bool GetRegistrySubKeys(const char *key,
+  static bool GetRegistrySubKeys(const kwsys_stl::string& key,
                                  kwsys_stl::vector<kwsys_stl::string>& subkeys,
                                  KeyWOW64 view = KeyWOW64_Default);
 
   /**
    * Read a registry value
    */
-  static bool ReadRegistryValue(const char *key, kwsys_stl::string &value,
+  static bool ReadRegistryValue(const kwsys_stl::string& key, kwsys_stl::string &value,
                                 KeyWOW64 view = KeyWOW64_Default);
 
   /**
    * Write a registry value
    */
-  static bool WriteRegistryValue(const char *key, const char *value,
+  static bool WriteRegistryValue(const kwsys_stl::string& key, const kwsys_stl::string& value,
                                  KeyWOW64 view = KeyWOW64_Default);
 
   /**
    * Delete a registry value
    */
-  static bool DeleteRegistryValue(const char *key,
+  static bool DeleteRegistryValue(const kwsys_stl::string& key,
                                   KeyWOW64 view = KeyWOW64_Default);
 
   /** -----------------------------------------------------------------
@@ -789,15 +794,17 @@ public:
    * Read an environment variable
    */
   static const char* GetEnv(const char* key);
+  static const char* GetEnv(const kwsys_stl::string& key);
   static bool GetEnv(const char* key, kwsys_stl::string& result);
+  static bool GetEnv(const kwsys_stl::string& key, kwsys_stl::string& result);
 
   /** Put a string into the environment
       of the form var=value */
-  static bool PutEnv(const char* env);
+  static bool PutEnv(const kwsys_stl::string& env);
 
   /** Remove a string from the environment.
       Input is of the form "var" or "var=value" (value is ignored). */
-  static bool UnPutEnv(const char* env);
+  static bool UnPutEnv(const kwsys_stl::string& env);
 
   /**
    * Get current working directory CWD
@@ -906,6 +913,14 @@ private:
     }
 
   /**
+   * Actual implementation of ReplaceString.
+   */
+  static void ReplaceString(kwsys_stl::string& source,
+                            const char* replace,
+                            size_t replaceSize,
+                            const kwsys_stl::string& with);
+
+  /**
    * Actual implementation of FileIsFullPath.
    */
   static bool FileIsFullPath(const char*, size_t);
@@ -915,7 +930,7 @@ private:
    * optional extra paths.
    */
   static kwsys_stl::string FindName(
-    const char* name,
+    const kwsys_stl::string& name,
     const kwsys_stl::vector<kwsys_stl::string>& path = 
     kwsys_stl::vector<kwsys_stl::string>(),
     bool no_system_path = false);
diff --git a/Source/kwsys/kwsysPlatformTests.cmake b/Source/kwsys/kwsysPlatformTests.cmake
index 16bc969..0da0f63 100644
--- a/Source/kwsys/kwsysPlatformTests.cmake
+++ b/Source/kwsys/kwsysPlatformTests.cmake
@@ -25,39 +25,39 @@ MACRO(KWSYS_PLATFORM_TEST lang var description invert)
       FILE(APPEND
         ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
         "${description} compiled with the following output:\n${OUTPUT}\n\n")
-    ELSE(${var}_COMPILED)
+    ELSE()
       FILE(APPEND
         ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
         "${description} failed to compile with the following output:\n${OUTPUT}\n\n")
-    ENDIF(${var}_COMPILED)
+    ENDIF()
     IF(${invert} MATCHES INVERT)
       IF(${var}_COMPILED)
         MESSAGE(STATUS "${description} - no")
-      ELSE(${var}_COMPILED)
+      ELSE()
         MESSAGE(STATUS "${description} - yes")
-      ENDIF(${var}_COMPILED)
-    ELSE(${invert} MATCHES INVERT)
+      ENDIF()
+    ELSE()
       IF(${var}_COMPILED)
         MESSAGE(STATUS "${description} - yes")
-      ELSE(${var}_COMPILED)
+      ELSE()
         MESSAGE(STATUS "${description} - no")
-      ENDIF(${var}_COMPILED)
-    ENDIF(${invert} MATCHES INVERT)
+      ENDIF()
+    ENDIF()
   ENDIF()
   IF(${invert} MATCHES INVERT)
     IF(${var}_COMPILED)
       SET(${var} 0)
-    ELSE(${var}_COMPILED)
+    ELSE()
       SET(${var} 1)
-    ENDIF(${var}_COMPILED)
-  ELSE(${invert} MATCHES INVERT)
+    ENDIF()
+  ELSE()
     IF(${var}_COMPILED)
       SET(${var} 1)
-    ELSE(${var}_COMPILED)
+    ELSE()
       SET(${var} 0)
-    ENDIF(${var}_COMPILED)
-  ENDIF(${invert} MATCHES INVERT)
-ENDMACRO(KWSYS_PLATFORM_TEST)
+    ENDIF()
+  ENDIF()
+ENDMACRO()
 
 MACRO(KWSYS_PLATFORM_TEST_RUN lang var description invert)
   IF(NOT DEFINED ${var})
@@ -74,63 +74,63 @@ MACRO(KWSYS_PLATFORM_TEST_RUN lang var description invert)
         FILE(APPEND
           ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
           "${description} compiled but failed to run with the following output:\n${OUTPUT}\n\n")
-      ELSE(${var})
+      ELSE()
         FILE(APPEND
           ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
           "${description} compiled and ran with the following output:\n${OUTPUT}\n\n")
-      ENDIF(${var})
-    ELSE(${var}_COMPILED)
+      ENDIF()
+    ELSE()
       FILE(APPEND
         ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
         "${description} failed to compile with the following output:\n${OUTPUT}\n\n")
       SET(${var} -1 CACHE INTERNAL "${description} failed to compile.")
-    ENDIF(${var}_COMPILED)
+    ENDIF()
 
     IF(${invert} MATCHES INVERT)
       IF(${var}_COMPILED)
         IF(${var})
           MESSAGE(STATUS "${description} - yes")
-        ELSE(${var})
+        ELSE()
           MESSAGE(STATUS "${description} - no")
-        ENDIF(${var})
-      ELSE(${var}_COMPILED)
+        ENDIF()
+      ELSE()
         MESSAGE(STATUS "${description} - failed to compile")
-      ENDIF(${var}_COMPILED)
-    ELSE(${invert} MATCHES INVERT)
+      ENDIF()
+    ELSE()
       IF(${var}_COMPILED)
         IF(${var})
           MESSAGE(STATUS "${description} - no")
-        ELSE(${var})
+        ELSE()
           MESSAGE(STATUS "${description} - yes")
-        ENDIF(${var})
-      ELSE(${var}_COMPILED)
+        ENDIF()
+      ELSE()
         MESSAGE(STATUS "${description} - failed to compile")
-      ENDIF(${var}_COMPILED)
-    ENDIF(${invert} MATCHES INVERT)
+      ENDIF()
+    ENDIF()
   ENDIF()
 
   IF(${invert} MATCHES INVERT)
     IF(${var}_COMPILED)
       IF(${var})
         SET(${var} 1)
-      ELSE(${var})
+      ELSE()
         SET(${var} 0)
-      ENDIF(${var})
-    ELSE(${var}_COMPILED)
+      ENDIF()
+    ELSE()
       SET(${var} 1)
-    ENDIF(${var}_COMPILED)
-  ELSE(${invert} MATCHES INVERT)
+    ENDIF()
+  ELSE()
     IF(${var}_COMPILED)
       IF(${var})
         SET(${var} 0)
-      ELSE(${var})
+      ELSE()
         SET(${var} 1)
-      ENDIF(${var})
-    ELSE(${var}_COMPILED)
+      ENDIF()
+    ELSE()
       SET(${var} 0)
-    ENDIF(${var}_COMPILED)
-  ENDIF(${invert} MATCHES INVERT)
-ENDMACRO(KWSYS_PLATFORM_TEST_RUN)
+    ENDIF()
+  ENDIF()
+ENDMACRO()
 
 MACRO(KWSYS_PLATFORM_C_TEST var description invert)
   SET(KWSYS_PLATFORM_TEST_DEFINES ${KWSYS_PLATFORM_C_TEST_DEFINES})
@@ -138,7 +138,7 @@ MACRO(KWSYS_PLATFORM_C_TEST var description invert)
   KWSYS_PLATFORM_TEST(C "${var}" "${description}" "${invert}")
   SET(KWSYS_PLATFORM_TEST_DEFINES)
   SET(KWSYS_PLATFORM_TEST_EXTRA_FLAGS)
-ENDMACRO(KWSYS_PLATFORM_C_TEST)
+ENDMACRO()
 
 MACRO(KWSYS_PLATFORM_C_TEST_RUN var description invert)
   SET(KWSYS_PLATFORM_TEST_DEFINES ${KWSYS_PLATFORM_C_TEST_DEFINES})
@@ -146,7 +146,7 @@ MACRO(KWSYS_PLATFORM_C_TEST_RUN var description invert)
   KWSYS_PLATFORM_TEST_RUN(C "${var}" "${description}" "${invert}")
   SET(KWSYS_PLATFORM_TEST_DEFINES)
   SET(KWSYS_PLATFORM_TEST_EXTRA_FLAGS)
-ENDMACRO(KWSYS_PLATFORM_C_TEST_RUN)
+ENDMACRO()
 
 MACRO(KWSYS_PLATFORM_CXX_TEST var description invert)
   SET(KWSYS_PLATFORM_TEST_DEFINES ${KWSYS_PLATFORM_CXX_TEST_DEFINES})
@@ -156,7 +156,7 @@ MACRO(KWSYS_PLATFORM_CXX_TEST var description invert)
   SET(KWSYS_PLATFORM_TEST_DEFINES)
   SET(KWSYS_PLATFORM_TEST_EXTRA_FLAGS)
   SET(KWSYS_PLATFORM_TEST_LINK_LIBRARIES)
-ENDMACRO(KWSYS_PLATFORM_CXX_TEST)
+ENDMACRO()
 
 MACRO(KWSYS_PLATFORM_CXX_TEST_RUN var description invert)
   SET(KWSYS_PLATFORM_TEST_DEFINES ${KWSYS_PLATFORM_CXX_TEST_DEFINES})
@@ -164,7 +164,7 @@ MACRO(KWSYS_PLATFORM_CXX_TEST_RUN var description invert)
   KWSYS_PLATFORM_TEST_RUN(CXX "${var}" "${description}" "${invert}")
   SET(KWSYS_PLATFORM_TEST_DEFINES)
   SET(KWSYS_PLATFORM_TEST_EXTRA_FLAGS)
-ENDMACRO(KWSYS_PLATFORM_CXX_TEST_RUN)
+ENDMACRO()
 
 #-----------------------------------------------------------------------------
 # KWSYS_PLATFORM_INFO_TEST(lang var description)
diff --git a/Source/kwsys/testSystemTools.cxx b/Source/kwsys/testSystemTools.cxx
index b41532b..42b6249 100644
--- a/Source/kwsys/testSystemTools.cxx
+++ b/Source/kwsys/testSystemTools.cxx
@@ -124,7 +124,7 @@ static bool CheckFileOperations()
     res = false;
     }
 
-  if (kwsys::SystemTools::FileLength(testBinFile.c_str()) != 766)
+  if (kwsys::SystemTools::FileLength(testBinFile) != 766)
     {
     kwsys_ios::cerr
       << "Problem with FileLength - incorrect length for: "
@@ -512,7 +512,7 @@ static bool CheckStringOperations()
 
 //----------------------------------------------------------------------------
 
-static bool CheckPutEnv(const char* env, const char* name, const char* value)
+static bool CheckPutEnv(const kwsys_stl::string& env, const char* name, const char* value)
 {
   if(!kwsys::SystemTools::PutEnv(env))
     {
diff --git a/Tests/Assembler/CMakeLists.txt b/Tests/Assembler/CMakeLists.txt
index fdc5c00..fb17ebb 100644
--- a/Tests/Assembler/CMakeLists.txt
+++ b/Tests/Assembler/CMakeLists.txt
@@ -9,7 +9,7 @@ set(SRCS)
 # and also generate assembler files from C:
 if("${CMAKE_GENERATOR}" MATCHES "Makefile|Xcode" AND
     NOT CMAKE_OSX_ARCHITECTURES)
-  if(("${CMAKE_C_COMPILER_ID}" MATCHES "^(GNU|Clang|AppleClang|HP|SunPro|XL)$") OR ("${CMAKE_C_COMPILER_ID}" STREQUAL "Intel"  AND  UNIX))
+  if((CMAKE_C_COMPILER_ID MATCHES "^(GNU|Clang|AppleClang|HP|SunPro|XL)$") OR (CMAKE_C_COMPILER_ID STREQUAL "Intel"  AND  UNIX))
     set(C_FLAGS "${CMAKE_C_FLAGS}")
     separate_arguments(C_FLAGS)
     if(CMAKE_OSX_SYSROOT AND CMAKE_C_SYSROOT_FLAG AND NOT ";${C_FLAGS};" MATCHES ";${CMAKE_C_SYSROOT_FLAG};")
diff --git a/Tests/BuildDepends/CMakeLists.txt b/Tests/BuildDepends/CMakeLists.txt
index 8df331e..6209bb8 100644
--- a/Tests/BuildDepends/CMakeLists.txt
+++ b/Tests/BuildDepends/CMakeLists.txt
@@ -28,10 +28,6 @@ function(help_xcode_depends)
   endif()
 endfunction()
 
-if("${CMAKE_GENERATOR}" MATCHES "Ninja")
-  set(HELP_NINJA 1) # TODO Why is this needed?
-endif()
-
 # The Intel compiler causes the MSVC linker to crash during
 # incremental linking, so avoid the /INCREMENTAL:YES flag.
 if(WIN32 AND "${CMAKE_CXX_COMPILER_ID}" MATCHES "Intel")
@@ -218,7 +214,7 @@ try_compile(RESULT
   OUTPUT_VARIABLE OUTPUT)
 
 # Xcode is in serious need of help here
-if(HELP_XCODE OR HELP_NINJA)
+if(HELP_XCODE)
   try_compile(RESULT
     ${BuildDepends_BINARY_DIR}/Project
     ${BuildDepends_SOURCE_DIR}/Project
diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt
index a9cad14..fda9359 100644
--- a/Tests/CMakeLists.txt
+++ b/Tests/CMakeLists.txt
@@ -291,6 +291,7 @@ if(BUILD_TESTING)
     ADD_TEST_MACRO(ConfigSources ConfigSources)
   endif()
   ADD_TEST_MACRO(SourcesProperty SourcesProperty)
+  ADD_TEST_MACRO(SourceFileProperty SourceFileProperty)
   if(CMAKE_CXX_COMPILER_ID STREQUAL GNU
       AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7)
     set(runCxxDialectTest 1)
@@ -690,7 +691,8 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
     FAIL_REGULAR_EXPRESSION "Unexpected: ")
   list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/ArgumentExpansion")
 
-  add_test(GeneratorExpression  ${CMAKE_CTEST_COMMAND}
+  add_test(GeneratorExpression
+    ${CMAKE_CTEST_COMMAND} -C \${CTEST_CONFIGURATION_TYPE}
     --build-and-test
     "${CMake_SOURCE_DIR}/Tests/GeneratorExpression"
     "${CMake_BINARY_DIR}/Tests/GeneratorExpression"
@@ -715,6 +717,8 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
     )
   list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/CustomCommand")
 
+  ADD_TEST_MACRO(CustomCommandByproducts CustomCommandByproducts)
+
   ADD_TEST_MACRO(EmptyDepends ${CMAKE_CTEST_COMMAND})
 
   add_test(CustomCommandWorkingDirectory  ${CMAKE_CTEST_COMMAND}
@@ -950,7 +954,8 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
       set(CPackRun_CPackGen  "-DCPackGen=${CPackGen}")
       foreach(CPackComponentWay ${CWAYLST})
         set(CPackRun_CPackComponentWay "-DCPackComponentWay=${CPackComponentWay}")
-        add_test(CPackComponentsForAll-${CPackGen}-${CPackComponentWay} ${CMAKE_CTEST_COMMAND}
+        add_test(CPackComponentsForAll-${CPackGen}-${CPackComponentWay}
+          ${CMAKE_CTEST_COMMAND} -C \${CTEST_CONFIGURATION_TYPE}
           --build-and-test
           "${CMake_SOURCE_DIR}/Tests/CPackComponentsForAll"
           "${CMake_BINARY_DIR}/Tests/CPackComponentsForAll/build${CPackGen}-${CPackComponentWay}"
@@ -1501,7 +1506,7 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
   set_tests_properties ( SimpleInstall-Stage2 PROPERTIES DEPENDS SimpleInstall)
 
   # Test static linking on toolchains known to support it.
-  if("${CMAKE_C_COMPILER_ID}" MATCHES "^(GNU)$"
+  if(CMAKE_C_COMPILER_ID STREQUAL "GNU"
       AND NOT APPLE AND NOT WIN32 AND NOT CYGWIN
       AND EXISTS "/usr/lib/libm.a")
     add_test(LinkStatic  ${CMAKE_CTEST_COMMAND}
@@ -1781,6 +1786,27 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
   endif()
 
   if(WIN32)
+    # Macro to search for available Windows CE SDKs in the windows Registry
+    macro(select_wince_sdk selected_reg selected_sdk)
+      if(CMAKE_HOST_WIN32)
+        execute_process(COMMAND reg QUERY "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows CE Tools\\SDKs"
+                    OUTPUT_VARIABLE sdk_reg
+                    ERROR_VARIABLE my_err)
+        string(REGEX REPLACE "HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Wow6432Node\\\\Microsoft\\\\Windows CE Tools\\\\SDKs\\\\"  ";" sdk_list "${sdk_reg}")
+        list(LENGTH sdk_list sdk_list_len)
+        if (${sdk_list_len} GREATER 1)
+          list(GET sdk_list 1 _sdk) # The first entry is always empty due to the regex replace above
+          string(STRIP ${_sdk} _sdk) # Make sure there is no newline in the SDK name
+        endif()
+        # Build a key to be used by get_filename_component that is pointing to the SDK directory
+        set(_reg "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows CE Tools\\SDKs\\${_sdk}]")
+
+        # Set return values
+        set(${selected_reg} ${_reg})
+        set(${selected_sdk} ${_sdk})
+      endif(CMAKE_HOST_WIN32)
+    endmacro(select_wince_sdk)
+
     set(reg_vs10 "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\VisualStudio\\10.0;InstallDir]")
     set(reg_vs11 "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\VisualStudio\\11.0;InstallDir]")
     set(reg_vs12 "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\VisualStudio\\12.0;InstallDir]")
@@ -1788,8 +1814,9 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
     set(reg_ws81 "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SDKs\\Windows\\v8.1;InstallationFolder]")
     set(reg_wp80 "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SDKs\\WindowsPhone\\v8.0;InstallationFolder]")
     set(reg_wp81 "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SDKs\\WindowsPhone\\v8.1;InstallationFolder]")
+    select_wince_sdk(reg_wince wince_sdk)
     set(reg_tegra "[HKEY_LOCAL_MACHINE\\SOFTWARE\\NVIDIA Corporation\\Nsight Tegra;sdkRoot]")
-    foreach(reg vs10 vs11 vs12 ws80 ws81 wp80 wp81 tegra)
+    foreach(reg vs10 vs11 vs12 ws80 ws81 wp80 wp81 wince tegra)
       get_filename_component(r "${reg_${reg}}" ABSOLUTE)
       if(IS_DIRECTORY "${r}")
         set(${reg} 1)
@@ -1835,6 +1862,35 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
     endif()
   endif()
 
+  if(WIN32 AND wince)
+    macro(add_test_VSWinCE name generator systemName systemVersion generatorPlatform)
+      # TODO: Fix the tutorial to make it work in cross compile
+      # currently the MakeTable is build for target and can not be used on the host
+      # This happens in part 5 so we build only part 1-4 of the tutorial
+      foreach(STP RANGE 1 4)
+        add_test(NAME "TutorialStep${STP}.${name}" COMMAND ${CMAKE_CTEST_COMMAND}
+          --build-and-test
+          "${CMake_SOURCE_DIR}/Tests/Tutorial/Step${STP}"
+          "${CMake_BINARY_DIR}/Tests/Tutorial/Step${STP}_${name}"
+          --build-generator "${generator}"
+          --build-project Tutorial
+          --build-config $<CONFIGURATION>
+          --build-options -DCMAKE_SYSTEM_NAME=${systemName}
+                          -DCMAKE_SYSTEM_VERSION=${systemVersion}
+                          -DCMAKE_GENERATOR_PLATFORM=${generatorPlatform})
+        list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/Tutorial/Step${STP}_${name}")
+      endforeach()
+    endmacro()
+
+    if(vs11)
+      add_test_VSWinCE(vs11-ce80-ARM "Visual Studio 11 2012" WindowsCE 8.0 ${wince_sdk})
+    endif()
+
+    if(vs12)
+      add_test_VSWinCE(vs12-ce80-ARM "Visual Studio 12 2013" WindowsCE 8.0 ${wince_sdk})
+    endif()
+  endif()
+
   if(tegra AND NOT "${CMake_SOURCE_DIR};${CMake_BINARY_DIR}" MATCHES " ")
     macro(add_test_VSNsightTegra name generator)
       add_test(NAME VSNsightTegra.${name} COMMAND ${CMAKE_CTEST_COMMAND}
@@ -1990,7 +2046,8 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
     PASS_REGULAR_EXPRESSION "uninitialized variable 'USED_VARIABLE'")
   list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/WarnUninitialized")
 
-  add_test(TestsWorkingDirectory ${CMAKE_CTEST_COMMAND}
+  add_test(TestsWorkingDirectory
+    ${CMAKE_CTEST_COMMAND} -C \${CTEST_CONFIGURATION_TYPE}
     --build-and-test
     "${CMake_SOURCE_DIR}/Tests/TestsWorkingDirectory"
     "${CMake_BINARY_DIR}/Tests/TestsWorkingDirectory"
@@ -2339,6 +2396,42 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
       "Process file.*CoverageTest.java.*Total LOC:.*17.*Percentage Coverage: 76.47*"
       ENVIRONMENT COVFILE=)
 
+  # Adding a test case for Javascript Coverage
+  configure_file(
+     "${CMake_SOURCE_DIR}/Tests/JavascriptCoverage/DartConfiguration.tcl.in"
+     "${CMake_BINARY_DIR}/Testing/JavascriptCoverage/DartConfiguration.tcl")
+  configure_file(
+     "${CMake_SOURCE_DIR}/Tests/JavascriptCoverage/output.json.in"
+     "${CMake_BINARY_DIR}/Testing/JavascriptCoverage/output.json")
+  file(COPY "${CMake_SOURCE_DIR}/Tests/JavascriptCoverage/"
+    DESTINATION "${CMake_BINARY_DIR}/Testing/JavascriptCoverage"
+    FILES_MATCHING PATTERN "*.js")
+  add_test(NAME CTestJavascriptCoverage
+    COMMAND cmake -E chdir
+    ${CMake_BINARY_DIR}/Testing/JavascriptCoverage
+    $<TARGET_FILE:ctest> -T Coverage --debug)
+  set_tests_properties(CTestJavascriptCoverage PROPERTIES
+      PASS_REGULAR_EXPRESSION
+      "Process file.*test3.js.*Total LOC:.*49.*Percentage Coverage: 79.59*"
+      ENVIRONMENT COVFILE=)
+
+  # test coverage for Delphi-code-Coverage
+  configure_file(
+     "${CMake_SOURCE_DIR}/Tests/DelphiCoverage/DartConfiguration.tcl.in"
+     "${CMake_BINARY_DIR}/Testing/DelphiCoverage/DartConfiguration.tcl")
+  file(COPY "${CMake_SOURCE_DIR}/Tests/DelphiCoverage/src"
+    DESTINATION "${CMake_BINARY_DIR}/Testing/DelphiCoverage")
+  file(COPY "${CMake_SOURCE_DIR}/Tests/DelphiCoverage/UTCovTest(UTCovTest.pas).html"
+    DESTINATION "${CMake_BINARY_DIR}/Testing/DelphiCoverage")
+  add_test(NAME CTestDelphiCoverage
+    COMMAND cmake -E chdir
+    ${CMake_BINARY_DIR}/Testing/DelphiCoverage
+    $<TARGET_FILE:ctest> -T Coverage --debug)
+  set_tests_properties(CTestDelphiCoverage PROPERTIES
+      PASS_REGULAR_EXPRESSION
+      "Process file.*UTCovTest.pas.*Total LOC:.*20.*Percentage Coverage: 95.*"
+      ENVIRONMENT COVFILE=)
+
   function(add_config_tests cfg)
     set(base "${CMake_BINARY_DIR}/Tests/CTestConfig")
 
@@ -2639,6 +2732,7 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
   set(regex "${regex}([Cc]ould *n.t resolve host")
   set(regex "${regex}|[Cc]ould *n.t connect to host")
   set(regex "${regex}|Failed *t*o* connect to")
+  set(regex "${regex}|Connection timed out after [0-9]+ milliseconds")
   set(regex "${regex}|Empty reply from server")
   set(regex "${regex}|The requested URL returned error")
   set(regex "${regex}|libcurl was built with SSL disabled. https: not supported)")
diff --git a/Tests/CMakeTests/StringTest.cmake.in b/Tests/CMakeTests/StringTest.cmake.in
index a9fe428..92e70c3 100644
--- a/Tests/CMakeTests/StringTest.cmake.in
+++ b/Tests/CMakeTests/StringTest.cmake.in
@@ -63,7 +63,7 @@ check_cmake_test(String
 # Execute each test listed in StringTestScript.cmake:
 #
 set(scriptname "@CMAKE_CURRENT_SOURCE_DIR@/StringTestScript.cmake")
-set(number_of_tests_expected 69)
+set(number_of_tests_expected 70)
 
 include("@CMAKE_CURRENT_SOURCE_DIR@/ExecuteScriptTests.cmake")
 execute_all_script_tests(${scriptname} number_of_tests_executed)
@@ -75,6 +75,6 @@ message(STATUS "scriptname='${scriptname}'")
 message(STATUS "number_of_tests_executed='${number_of_tests_executed}'")
 message(STATUS "number_of_tests_expected='${number_of_tests_expected}'")
 
-if(number_of_tests_executed LESS number_of_tests_expected)
+if(NOT number_of_tests_executed EQUAL number_of_tests_expected)
   message(FATAL_ERROR "error: some test cases were skipped")
 endif()
diff --git a/Tests/CMakeTests/StringTestScript.cmake b/Tests/CMakeTests/StringTestScript.cmake
index a562e71..44d5653 100644
--- a/Tests/CMakeTests/StringTestScript.cmake
+++ b/Tests/CMakeTests/StringTestScript.cmake
@@ -122,14 +122,17 @@ elseif(testname STREQUAL substring_not_enough_args) # fail
 elseif(testname STREQUAL substring_begin_too_large) # fail
   string(SUBSTRING "abcdefg" 25 100 v)
 
-elseif(testname STREQUAL substring_end_too_large) # fail
+elseif(testname STREQUAL substring_end_larger_than_strlen) # pass
   string(SUBSTRING "abcdefg" 1 100 v)
 
 elseif(testname STREQUAL substring_begin_less_than_zero) # fail
-  string(SUBSTRING "abcdefg" -2 4 v)
+  string(SUBSTRING "abcdefg" -1 4 v)
 
-elseif(testname STREQUAL substring_end_less_than_begin) # fail
-  string(SUBSTRING "abcdefg" 6 3 v)
+elseif(testname STREQUAL substring_end_less_than_zero) # pass
+  string(SUBSTRING "abcdefg" 0 -1 v)
+
+elseif(testname STREQUAL substring_end_less_than_begin) # pass
+  string(SUBSTRING "abcdefg" 6 0 v)
 
 elseif(testname STREQUAL length_not_enough_args) # fail
   string(LENGTH)
diff --git a/Tests/CMakeTests/VersionTest.cmake.in b/Tests/CMakeTests/VersionTest.cmake.in
index 9e31cb4..4e946ab 100644
--- a/Tests/CMakeTests/VersionTest.cmake.in
+++ b/Tests/CMakeTests/VersionTest.cmake.in
@@ -8,9 +8,85 @@ else()
   message("CMAKE_VERSION=[${CMAKE_VERSION}] is not less than [${min_ver}]")
 endif()
 
-set(v 1.2.3.4.5.6.7)
-if("${v}.8" VERSION_LESS "${v}.9")
-  message(STATUS "${v}.8 is less than ${v}.9")
-else()
-  message(FATAL_ERROR "${v}.8 is not less than ${v}.9?")
-endif()
+set(EQUALV "1 1")
+list(APPEND EQUALV "1.0 1")
+list(APPEND EQUALV "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1")
+list(APPEND EQUALV "1.2.3.4.5.6.7 1.2.3.4.5.6.7")
+list(APPEND EQUALV "1.2.3.4.5.6.7.8.9 1.2.3.4.5.6.7.8.9")
+
+foreach(v IN LISTS EQUALV)
+  string(REGEX MATCH "(.*) (.*)" _dummy "${v}")
+  # modify any of the operands to see the negative check also works
+  if("${CMAKE_MATCH_1}.2" VERSION_EQUAL CMAKE_MATCH_2)
+    message(FATAL_ERROR "${CMAKE_MATCH_1}.2 is equal ${CMAKE_MATCH_2}?")
+  else()
+    message(STATUS "${CMAKE_MATCH_1}.2 is not equal ${CMAKE_MATCH_2}")
+  endif()
+
+  if(CMAKE_MATCH_1 VERSION_EQUAL "${CMAKE_MATCH_2}.2")
+    message(FATAL_ERROR "${CMAKE_MATCH_1} is equal ${CMAKE_MATCH_2}.2?")
+  else()
+    message(STATUS "${CMAKE_MATCH_1} is not equal ${CMAKE_MATCH_2}.2")
+  endif()
+endforeach()
+
+# test the negative outcomes first, due to the implementation the positive
+# allow some additional strings to pass that would not fail for the negative
+# tests
+
+list(APPEND EQUALV "1a 1")
+list(APPEND EQUALV "1.1a 1.1")
+list(APPEND EQUALV "1.0a 1")
+list(APPEND EQUALV "1a 1.0")
+
+foreach(v IN LISTS EQUALV)
+  # check equal versions
+  string(REGEX MATCH "(.*) (.*)" _dummy "${v}")
+  if(CMAKE_MATCH_1 VERSION_EQUAL CMAKE_MATCH_2)
+    message(STATUS "${CMAKE_MATCH_1} is equal ${CMAKE_MATCH_2}")
+  else()
+    message(FATAL_ERROR "${CMAKE_MATCH_1} is not equal ${CMAKE_MATCH_2}?")
+  endif()
+
+  # still equal, but inverted order of operands
+  string(REGEX MATCH "(.*) (.*)" _dummy "${v}")
+  if(CMAKE_MATCH_2 VERSION_EQUAL CMAKE_MATCH_1)
+    message(STATUS "${CMAKE_MATCH_2} is equal ${CMAKE_MATCH_1}")
+  else()
+    message(FATAL_ERROR "${CMAKE_MATCH_2} is not equal ${CMAKE_MATCH_1}?")
+  endif()
+endforeach()
+
+set(LESSV "1.2.3.4.5.6.7.8 1.2.3.4.5.6.7.9")
+list(APPEND LESSV "1.2.3.4.5.6.7 1.2.3.4.5.6.7.9")
+list(APPEND LESSV "1 1.0.0.1")
+foreach(v IN LISTS LESSV)
+  string(REGEX MATCH "(.*) (.*)" _dummy "${v}")
+  # check less
+  if(CMAKE_MATCH_1 VERSION_LESS CMAKE_MATCH_2)
+    message(STATUS "${CMAKE_MATCH_1} is less than ${CMAKE_MATCH_2}")
+  else()
+    message(FATAL_ERROR "${CMAKE_MATCH_1} is not less than ${CMAKE_MATCH_2}?")
+  endif()
+
+  # check greater
+  if(CMAKE_MATCH_2 VERSION_GREATER CMAKE_MATCH_1)
+    message(STATUS "${CMAKE_MATCH_2} is greater than ${CMAKE_MATCH_1}")
+  else()
+    message(FATAL_ERROR "${CMAKE_MATCH_2} is not greater than ${CMAKE_MATCH_1}?")
+  endif()
+
+  # check less negative case
+  if(NOT CMAKE_MATCH_2 VERSION_LESS CMAKE_MATCH_1)
+    message(STATUS "${CMAKE_MATCH_2} is not less than ${CMAKE_MATCH_1}")
+  else()
+    message(FATAL_ERROR "${CMAKE_MATCH_2} is less than ${CMAKE_MATCH_1}?")
+  endif()
+
+  # check greater negative case
+  if(NOT CMAKE_MATCH_1 VERSION_GREATER CMAKE_MATCH_2)
+    message(STATUS "${CMAKE_MATCH_1} is not greater than ${CMAKE_MATCH_2}")
+  else()
+    message(FATAL_ERROR "${CMAKE_MATCH_1} is greater than ${CMAKE_MATCH_2}?")
+  endif()
+endforeach()
diff --git a/Tests/CPackComponentsForAll/MyLibCPackConfig-IgnoreGroup.cmake.in b/Tests/CPackComponentsForAll/MyLibCPackConfig-IgnoreGroup.cmake.in
index 450c204..8c01b32 100644
--- a/Tests/CPackComponentsForAll/MyLibCPackConfig-IgnoreGroup.cmake.in
+++ b/Tests/CPackComponentsForAll/MyLibCPackConfig-IgnoreGroup.cmake.in
@@ -8,6 +8,13 @@ endif()
 if(CPACK_GENERATOR MATCHES "RPM")
    set(CPACK_RPM_COMPONENT_INSTALL "ON")
    set(CPACK_RPM_applications_PACKAGE_REQUIRES "mylib-libraries")
+
+   # test package summary override
+   set(CPACK_RPM_PACKAGE_SUMMARY "default summary")
+   set(CPACK_RPM_libraries_PACKAGE_SUMMARY "libraries summary")
+
+   # test package description override
+   set(CPACK_RPM_libraries_PACKAGE_DESCRIPTION "libraries description")
 endif()
 
 if(CPACK_GENERATOR MATCHES "DEB")
@@ -20,4 +27,4 @@ endif()
 #set(CPACK_COMPONENTS_ALL_GROUPS_IN_ONE_PACKAGE)
 #set(CPACK_COMPONENTS_GROUPING)
 set(CPACK_COMPONENTS_IGNORE_GROUPS 1)
-#set(CPACK_COMPONENTS_ALL_IN_ONE_PACKAGE 1)
\ No newline at end of file
+#set(CPACK_COMPONENTS_ALL_IN_ONE_PACKAGE 1)
diff --git a/Tests/CPackComponentsForAll/RunCPackVerifyResult.cmake b/Tests/CPackComponentsForAll/RunCPackVerifyResult.cmake
index 0b6d07d..4d56218 100644
--- a/Tests/CPackComponentsForAll/RunCPackVerifyResult.cmake
+++ b/Tests/CPackComponentsForAll/RunCPackVerifyResult.cmake
@@ -123,3 +123,62 @@ if(expected_file_mask)
     message(FATAL_ERROR "error: expected_count=${expected_count} does not match actual_count=${actual_count}: CPackComponents test fails. (CPack_output=${CPack_output}, CPack_error=${CPack_error})")
   endif()
 endif()
+
+# Validate content
+if(CPackGen MATCHES "RPM")
+  find_program(RPM_EXECUTABLE rpm)
+  if(NOT RPM_EXECUTABLE)
+    message(FATAL_ERROR "error: missing rpm executable required by the test")
+  endif()
+
+  set(CPACK_RPM_PACKAGE_SUMMARY "default summary")
+  set(CPACK_RPM_libraries_PACKAGE_SUMMARY "libraries summary")
+  set(CPACK_RPM_libraries_PACKAGE_DESCRIPTION "libraries description")
+  set(CPACK_COMPONENT_APPLICATIONS_DESCRIPTION
+    "An extremely useful application that makes use of MyLib")
+  set(CPACK_COMPONENT_HEADERS_DESCRIPTION
+    "C/C\\+\\+ header files for use with MyLib")
+
+  if(${CPackComponentWay} STREQUAL "IgnoreGroup")
+    foreach(check_file ${expected_file})
+      string(REGEX MATCH ".*libraries.*" check_file_libraries_match ${check_file})
+      string(REGEX MATCH ".*headers.*" check_file_headers_match ${check_file})
+      string(REGEX MATCH ".*applications.*" check_file_applications_match ${check_file})
+      string(REGEX MATCH ".*Unspecified.*" check_file_Unspecified_match ${check_file})
+
+      execute_process(COMMAND ${RPM_EXECUTABLE} -pqi ${check_file}
+          OUTPUT_VARIABLE check_file_content
+          ERROR_QUIET
+          OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+      if(check_file_libraries_match)
+        set(check_file_match_expected_summary ".*${CPACK_RPM_libraries_PACKAGE_SUMMARY}.*")
+        set(check_file_match_expected_description ".*${CPACK_RPM_libraries_PACKAGE_DESCRIPTION}.*")
+      elseif(check_file_headers_match)
+        set(check_file_match_expected_summary ".*${CPACK_RPM_PACKAGE_SUMMARY}.*")
+        set(check_file_match_expected_description ".*${CPACK_COMPONENT_HEADERS_DESCRIPTION}.*")
+      elseif(check_file_applications_match)
+        set(check_file_match_expected_summary ".*${CPACK_RPM_PACKAGE_SUMMARY}.*")
+        set(check_file_match_expected_description ".*${CPACK_COMPONENT_APPLICATIONS_DESCRIPTION}.*")
+      elseif(check_file_Unspecified_match)
+        set(check_file_match_expected_summary ".*${CPACK_RPM_PACKAGE_SUMMARY}.*")
+        set(check_file_match_expected_description ".*DESCRIPTION.*")
+      else()
+        message(FATAL_ERROR "error: unexpected rpm package '${check_file}'")
+      endif()
+
+      string(REGEX MATCH ${check_file_match_expected_summary} check_file_match_summary ${check_file_content})
+
+      if(NOT check_file_match_summary)
+          message(FATAL_ERROR "error: '${check_file}' rpm package summary does not match expected value - regex '${check_file_match_expected_summary}'")
+      endif()
+
+      string(REGEX MATCH ${check_file_match_expected_description} check_file_match_description ${check_file_content})
+
+      if(NOT check_file_match_description)
+          message(FATAL_ERROR "error: '${check_file}' rpm package description does not match expected value - regex '${check_file_match_expected_description}'")
+      endif()
+    endforeach()
+  elseif(${CPackComponentWay} STREQUAL "IgnoreGroup")
+  endif()
+endif()
diff --git a/Tests/CustomCommand/CMakeLists.txt b/Tests/CustomCommand/CMakeLists.txt
index b97cd16..915da0a 100644
--- a/Tests/CustomCommand/CMakeLists.txt
+++ b/Tests/CustomCommand/CMakeLists.txt
@@ -117,6 +117,7 @@ add_custom_command(
   COMMAND ${CMAKE_COMMAND} -E echo " Copying doc1pre.txt to doc2post.txt."
   COMMAND ${CMAKE_COMMAND} -E copy ${PROJECT_BINARY_DIR}/doc1pre.txt
                                    ${PROJECT_BINARY_DIR}/doc2post.txt
+  BYPRODUCTS ${PROJECT_BINARY_DIR}/doc2post.txt
   COMMENT "Running TDocument post-build commands"
   )
 
@@ -483,3 +484,26 @@ add_custom_command(
   COMMAND ${CMAKE_COMMAND} -E touch "${gen_file}")
 
 add_library(NormDepends "${gen_file}")
+
+# Test that USES_TERMINAL is parsed correctly.
+# It seems much more difficult to test that USES_TERMINAL actually gives
+# the subprocess console access, as test output is piped through CTest,
+# and CTest itself might not be connected to the console.
+
+set(gen_file "${gen_path}/bar2.cxx")
+
+add_custom_command(
+  OUTPUT "${gen_file}"
+  DEPENDS "${gen_path}"
+  COMMAND ${CMAKE_COMMAND} -E touch "${gen_file}"
+  VERBATIM
+  USES_TERMINAL
+)
+
+add_library(UseConsole "${gen_file}")
+
+add_custom_target(UseConsoleTarget ALL
+  COMMAND ${CMAKE_COMMAND} -E echo "Custom console target."
+  VERBATIM
+  USES_TERMINAL
+)
diff --git a/Tests/CustomCommandByproducts/CMakeLists.txt b/Tests/CustomCommandByproducts/CMakeLists.txt
new file mode 100644
index 0000000..884f8c2
--- /dev/null
+++ b/Tests/CustomCommandByproducts/CMakeLists.txt
@@ -0,0 +1,127 @@
+cmake_minimum_required(VERSION 3.1)
+project(CustomCommandByproducts C)
+
+# Generate a byproduct in a rule that runs in the target consuming it.
+add_custom_command(
+  OUTPUT timestamp1.txt
+  COMMAND ${CMAKE_COMMAND} -E copy_if_different
+    ${CMAKE_CURRENT_SOURCE_DIR}/byproduct1.c.in byproduct1.c
+  BYPRODUCTS byproduct1.c
+  COMMAND ${CMAKE_COMMAND} -E touch timestamp1.txt
+  DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/byproduct1.c.in
+  )
+
+# Generate a byproduct in a rule that runs in a dependency of the consumer.
+add_custom_command(
+  OUTPUT timestamp2.txt
+  COMMAND ${CMAKE_COMMAND} -E copy_if_different
+    ${CMAKE_CURRENT_SOURCE_DIR}/byproduct2.c.in byproduct2.c
+  BYPRODUCTS byproduct2.c
+  COMMAND ${CMAKE_COMMAND} -E touch timestamp2.txt
+  DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/byproduct2.c.in
+  )
+add_custom_target(Producer2 DEPENDS timestamp2.txt)
+
+# Generate a byproduct in a custom target.
+add_custom_target(Producer3_4
+  COMMAND ${CMAKE_COMMAND} -E copy_if_different
+    ${CMAKE_CURRENT_SOURCE_DIR}/byproduct3.c.in byproduct3.c
+  BYPRODUCTS byproduct3.c
+  )
+
+# Generate a byproduct in a custom target POST_BUILD command.
+add_custom_command(
+  TARGET Producer3_4 POST_BUILD
+  COMMAND ${CMAKE_COMMAND} -E copy_if_different
+    ${CMAKE_CURRENT_SOURCE_DIR}/byproduct4.c.in byproduct4.c
+  BYPRODUCTS byproduct4.c
+  )
+
+add_executable(ProducerExe ProducerExe.c)
+
+# Generate a byproduct in an executable POST_BUILD command.
+add_custom_command(
+  TARGET ProducerExe POST_BUILD
+  COMMAND ${CMAKE_COMMAND} -E copy_if_different
+    ${CMAKE_CURRENT_SOURCE_DIR}/byproduct5.c.in byproduct5.c
+  BYPRODUCTS byproduct5.c
+  )
+
+# Generate a byproduct in an executable PRE_LINK command.
+add_custom_command(
+  TARGET ProducerExe PRE_LINK
+  COMMAND ${CMAKE_COMMAND} -E copy_if_different
+    ${CMAKE_CURRENT_SOURCE_DIR}/byproduct6.c.in byproduct6.c
+  BYPRODUCTS byproduct6.c
+  )
+
+# Generate a byproduct in an executable PRE_BUILD command.
+add_custom_command(
+  TARGET ProducerExe PRE_BUILD
+  COMMAND ${CMAKE_COMMAND} -E copy_if_different
+    ${CMAKE_CURRENT_SOURCE_DIR}/byproduct7.c.in byproduct7.c
+  BYPRODUCTS byproduct7.c
+  )
+
+# Generate a byproduct in a custom command that consumes other byproducts.
+add_custom_command(OUTPUT timestamp8.txt
+  COMMAND ${CMAKE_COMMAND} -E copy_if_different
+    ${CMAKE_CURRENT_SOURCE_DIR}/byproduct8.c.in byproduct8.c
+  COMMAND ${CMAKE_COMMAND} -E touch timestamp8.txt
+  BYPRODUCTS byproduct8.c
+  DEPENDS
+    ${CMAKE_CURRENT_BINARY_DIR}/byproduct2.c
+    ${CMAKE_CURRENT_BINARY_DIR}/byproduct3.c
+    ${CMAKE_CURRENT_BINARY_DIR}/byproduct4.c
+    ${CMAKE_CURRENT_BINARY_DIR}/byproduct5.c
+    ${CMAKE_CURRENT_BINARY_DIR}/byproduct6.c
+    ${CMAKE_CURRENT_BINARY_DIR}/byproduct7.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/byproduct8.c.in
+  )
+
+# Generate the library file of an imported target as a byproduct
+# of an external project.
+if(CMAKE_CONFIGURATION_TYPES)
+  set(cfg /${CMAKE_CFG_INTDIR})
+else()
+  set(cfg)
+endif()
+set(ExternalLibrary_LIBRARY
+  ${CMAKE_CURRENT_BINARY_DIR}/External-build${cfg}/${CMAKE_STATIC_LIBRARY_PREFIX}ExternalLibrary${CMAKE_STATIC_LIBRARY_SUFFIX}
+  )
+include(ExternalProject)
+ExternalProject_Add(ExternalTarget
+  SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/External"
+  BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/External-build"
+  PREFIX     "${CMAKE_CURRENT_BINARY_DIR}/External-build/root"
+  DOWNLOAD_COMMAND ""
+  INSTALL_COMMAND ""
+  BUILD_BYPRODUCTS "${ExternalLibrary_LIBRARY}"
+  )
+add_library(ExternalLibrary STATIC IMPORTED)
+set_property(TARGET ExternalLibrary PROPERTY IMPORTED_LOCATION ${ExternalLibrary_LIBRARY})
+add_dependencies(ExternalLibrary ExternalTarget)
+
+# Add an executable consuming all the byproducts.
+add_executable(CustomCommandByproducts
+  CustomCommandByproducts.c
+  byproduct1.c timestamp1.txt
+  byproduct2.c
+  byproduct3.c
+  byproduct4.c
+  byproduct5.c
+  byproduct6.c
+  byproduct7.c
+  byproduct8.c timestamp8.txt
+  )
+add_dependencies(CustomCommandByproducts Producer2)
+add_dependencies(CustomCommandByproducts Producer3_4)
+add_dependencies(CustomCommandByproducts ProducerExe)
+target_link_libraries(CustomCommandByproducts ExternalLibrary)
+
+if(CMAKE_GENERATOR STREQUAL "Ninja")
+  add_custom_target(CheckNinja ALL
+    COMMENT "Checking build.ninja"
+    COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_SOURCE_DIR}/ninja-check.cmake
+    )
+endif()
diff --git a/Tests/CustomCommandByproducts/CustomCommandByproducts.c b/Tests/CustomCommandByproducts/CustomCommandByproducts.c
new file mode 100644
index 0000000..1916427
--- /dev/null
+++ b/Tests/CustomCommandByproducts/CustomCommandByproducts.c
@@ -0,0 +1,23 @@
+extern int byproduct1(void);
+extern int byproduct2(void);
+extern int byproduct3(void);
+extern int byproduct4(void);
+extern int byproduct5(void);
+extern int byproduct6(void);
+extern int byproduct7(void);
+extern int byproduct8(void);
+extern int ExternalLibrary(void);
+int main(void)
+{
+  return (
+    byproduct1() +
+    byproduct2() +
+    byproduct3() +
+    byproduct4() +
+    byproduct5() +
+    byproduct6() +
+    byproduct7() +
+    byproduct8() +
+    ExternalLibrary() +
+    0);
+}
diff --git a/Tests/CustomCommandByproducts/External/CMakeLists.txt b/Tests/CustomCommandByproducts/External/CMakeLists.txt
new file mode 100644
index 0000000..feaa12e
--- /dev/null
+++ b/Tests/CustomCommandByproducts/External/CMakeLists.txt
@@ -0,0 +1,4 @@
+cmake_minimum_required(VERSION 3.1)
+project(External C)
+
+add_library(ExternalLibrary STATIC ExternalLibrary.c)
diff --git a/Tests/CustomCommandByproducts/External/ExternalLibrary.c b/Tests/CustomCommandByproducts/External/ExternalLibrary.c
new file mode 100644
index 0000000..a1dacf0
--- /dev/null
+++ b/Tests/CustomCommandByproducts/External/ExternalLibrary.c
@@ -0,0 +1 @@
+int ExternalLibrary(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/ProducerExe.c b/Tests/CustomCommandByproducts/ProducerExe.c
new file mode 100644
index 0000000..78f2de1
--- /dev/null
+++ b/Tests/CustomCommandByproducts/ProducerExe.c
@@ -0,0 +1 @@
+int main(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/byproduct1.c.in b/Tests/CustomCommandByproducts/byproduct1.c.in
new file mode 100644
index 0000000..5c3cc24
--- /dev/null
+++ b/Tests/CustomCommandByproducts/byproduct1.c.in
@@ -0,0 +1 @@
+int byproduct1(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/byproduct2.c.in b/Tests/CustomCommandByproducts/byproduct2.c.in
new file mode 100644
index 0000000..eeb69ef
--- /dev/null
+++ b/Tests/CustomCommandByproducts/byproduct2.c.in
@@ -0,0 +1 @@
+int byproduct2(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/byproduct3.c.in b/Tests/CustomCommandByproducts/byproduct3.c.in
new file mode 100644
index 0000000..7d15310
--- /dev/null
+++ b/Tests/CustomCommandByproducts/byproduct3.c.in
@@ -0,0 +1 @@
+int byproduct3(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/byproduct4.c.in b/Tests/CustomCommandByproducts/byproduct4.c.in
new file mode 100644
index 0000000..8b243dd
--- /dev/null
+++ b/Tests/CustomCommandByproducts/byproduct4.c.in
@@ -0,0 +1 @@
+int byproduct4(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/byproduct5.c.in b/Tests/CustomCommandByproducts/byproduct5.c.in
new file mode 100644
index 0000000..47f5990
--- /dev/null
+++ b/Tests/CustomCommandByproducts/byproduct5.c.in
@@ -0,0 +1 @@
+int byproduct5(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/byproduct6.c.in b/Tests/CustomCommandByproducts/byproduct6.c.in
new file mode 100644
index 0000000..d70c14f
--- /dev/null
+++ b/Tests/CustomCommandByproducts/byproduct6.c.in
@@ -0,0 +1 @@
+int byproduct6(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/byproduct7.c.in b/Tests/CustomCommandByproducts/byproduct7.c.in
new file mode 100644
index 0000000..0be5006
--- /dev/null
+++ b/Tests/CustomCommandByproducts/byproduct7.c.in
@@ -0,0 +1 @@
+int byproduct7(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/byproduct8.c.in b/Tests/CustomCommandByproducts/byproduct8.c.in
new file mode 100644
index 0000000..abefd62
--- /dev/null
+++ b/Tests/CustomCommandByproducts/byproduct8.c.in
@@ -0,0 +1 @@
+int byproduct8(void) { return 0; }
diff --git a/Tests/CustomCommandByproducts/ninja-check.cmake b/Tests/CustomCommandByproducts/ninja-check.cmake
new file mode 100644
index 0000000..2fc3cc2
--- /dev/null
+++ b/Tests/CustomCommandByproducts/ninja-check.cmake
@@ -0,0 +1,20 @@
+file(READ build.ninja build_ninja)
+if("${build_ninja}" MATCHES [====[
+# Unknown Build Time Dependencies.
+# Tell Ninja that they may appear as side effects of build rules
+# otherwise ordered by order-only dependencies.
+
+((build [^:]*: phony [^\n]*
+)*)# ========]====])
+  set(phony "${CMAKE_MATCH_1}")
+  if(NOT phony)
+    message(STATUS "build.ninja correctly does not have extra phony rules")
+  else()
+    string(REGEX REPLACE "\n+$" "" phony "${phony}")
+    string(REGEX REPLACE "\n" "\n  " phony "  ${phony}")
+    message(FATAL_ERROR "build.ninja incorrectly has extra phony rules:\n"
+      "${phony}")
+  endif()
+else()
+  message(FATAL_ERROR "build.ninja is incorrectly missing expected block")
+endif()
diff --git a/Tests/DelphiCoverage/DartConfiguration.tcl.in b/Tests/DelphiCoverage/DartConfiguration.tcl.in
new file mode 100644
index 0000000..4edcea6
--- /dev/null
+++ b/Tests/DelphiCoverage/DartConfiguration.tcl.in
@@ -0,0 +1,8 @@
+# This file is configured by CMake automatically as DartConfiguration.tcl
+# If you choose not to use CMake, this file may be hand configured, by
+# filling in the required variables.
+
+
+# Configuration directories and files
+SourceDirectory: ${CMake_BINARY_DIR}/Testing/DelphiCoverage
+BuildDirectory: ${CMake_BINARY_DIR}/Testing/DelphiCoverage
diff --git a/Tests/DelphiCoverage/UTCovTest(UTCovTest.pas).html b/Tests/DelphiCoverage/UTCovTest(UTCovTest.pas).html
new file mode 100644
index 0000000..9caaea3
--- /dev/null
+++ b/Tests/DelphiCoverage/UTCovTest(UTCovTest.pas).html
@@ -0,0 +1,117 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
+    <title>Delphi CodeCoverage Coverage Report</title>
+<style type="text/css">
+table {border-spacing:0; border-collapse:collapse;}
+table, td, th {border: 1px solid black;}
+td, th {background: white; margin: 0; padding: 2px 0.5em 2px 0.5em}
+td {border-width: 0 1px 0 0;}
+th {border-width: 1px 1px 1px 0;}
+p, h1, h2, h3, th {font-family: verdana,arial,sans-serif; font-size: 10pt;}
+td {font-family: courier,monospace; font-size: 10pt;}
+th {background: #CCCCCC;}
+table.o tr td:nth-child(1) {font-weight: bold;}
+table.o tr td:nth-child(2) {text-align: right;}
+table.o tr td {border-width: 1px;}
+table.s {width: 100%;}
+table.s tr td {padding: 0 0.25em 0 0.25em;}
+table.s tr td:first-child {text-align: right; font-weight: bold;}
+table.s tr.notcovered td {background: #DDDDFF;}
+table.s tr.nocodegen td {background: #FFFFEE;}
+table.s tr.covered td {background: #CCFFCC;}
+table.s tr.covered td:first-child {color: green;}
+table.s {border-width: 1px 0 1px 1px;}
+table.sum tr td {border-width: 1px;}
+table.sum tr th {text-align:right;}
+table.sum tr th:first-child {text-align:center;}
+table.sum tr td {text-align:right;}
+table.sum tr td:first-child {text-align:left;}
+</style>
+</head>
+<body>
+<p>Coverage report for <strong>UTCovTest (C:\Users\joe.snyder\Work\OSEHRA\VistA\Packages\Order Entry Results Reporting\CPRS\Testing\Tests\UTCovTest.pas)</strong>.</p>
+<p> Generated at 10/3/2014 12:24:11 PM by <a href="http://code.google.com/p/delphi-code-coverage/" title="Code Coverage for Delphi 5+">DelphiCodeCoverage</a> - an open source tool for Delphi Code Coverage.</p>
+<p> Statistics for C:\Users\joe.snyder\Work\OSEHRA\VistA\Packages\Order Entry Results Reporting\CPRS\Testing\Tests\UTCovTest.pas </p>
+<table  class="o"><tr><td>Number of lines covered</td><td>19</td></tr><tr><td>Number of lines with code gen</td><td>19</td></tr><tr><td>Line coverage</td><td>100%</td></tr></table>
+<br /><br />
+<table  class="s">
+<tr class="nocodegen"><td>1</td><td><pre style="display:inline;">//---------------------------------------------------------------------------</pre></td></tr>
+<tr class="nocodegen"><td>2</td><td><pre style="display:inline;">// Copyright 2012 The Open Source Electronic Health Record Agent</pre></td></tr>
+<tr class="nocodegen"><td>3</td><td><pre style="display:inline;">//</pre></td></tr>
+<tr class="nocodegen"><td>4</td><td><pre style="display:inline;">// Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);</pre></td></tr>
+<tr class="nocodegen"><td>5</td><td><pre style="display:inline;">// you may not use this file except in compliance with the License.</pre></td></tr>
+<tr class="nocodegen"><td>6</td><td><pre style="display:inline;">// You may obtain a copy of the License at</pre></td></tr>
+<tr class="nocodegen"><td>7</td><td><pre style="display:inline;">//</pre></td></tr>
+<tr class="nocodegen"><td>8</td><td><pre style="display:inline;">// &nbsp; &nbsp; http://www.apache.org/licenses/LICENSE-2.0</pre></td></tr>
+<tr class="nocodegen"><td>9</td><td><pre style="display:inline;">//</pre></td></tr>
+<tr class="nocodegen"><td>10</td><td><pre style="display:inline;">// Unless required by applicable law or agreed to in writing, software</pre></td></tr>
+<tr class="nocodegen"><td>11</td><td><pre style="display:inline;">// distributed under the License is distributed on an &quot;AS IS&quot; BASIS,</pre></td></tr>
+<tr class="nocodegen"><td>12</td><td><pre style="display:inline;">// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</pre></td></tr>
+<tr class="nocodegen"><td>13</td><td><pre style="display:inline;">// See the License for the specific language governing permissions and</pre></td></tr>
+<tr class="nocodegen"><td>14</td><td><pre style="display:inline;">// limitations under the License.</pre></td></tr>
+<tr class="nocodegen"><td>15</td><td><pre style="display:inline;">//---------------------------------------------------------------------------</pre></td></tr>
+<tr class="nocodegen"><td>16</td><td><pre style="display:inline;">unit UTCovTest;</pre></td></tr>
+<tr class="nocodegen"><td>17</td><td><pre style="display:inline;">interface</pre></td></tr>
+<tr class="nocodegen"><td>18</td><td><pre style="display:inline;">uses UnitTest, TestFrameWork,SysUtils,Windows;</pre></td></tr>
+<tr class="nocodegen"><td>19</td><td><pre style="display:inline;"></pre></td></tr>
+<tr class="nocodegen"><td>20</td><td><pre style="display:inline;">implementation</pre></td></tr>
+<tr class="nocodegen"><td>21</td><td><pre style="display:inline;">type</pre></td></tr>
+<tr class="nocodegen"><td>22</td><td><pre style="display:inline;">UTCovTestTests=class(TTestCase)</pre></td></tr>
+<tr class="nocodegen"><td>23</td><td><pre style="display:inline;"> &nbsp;public</pre></td></tr>
+<tr class="nocodegen"><td>24</td><td><pre style="display:inline;"> &nbsp;procedure SetUp; override;</pre></td></tr>
+<tr class="nocodegen"><td>25</td><td><pre style="display:inline;"> &nbsp;procedure TearDown; override;</pre></td></tr>
+<tr class="nocodegen"><td>26</td><td><pre style="display:inline;"></pre></td></tr>
+<tr class="nocodegen"><td>27</td><td><pre style="display:inline;"> &nbsp;published</pre></td></tr>
+<tr class="nocodegen"><td>28</td><td><pre style="display:inline;"> &nbsp; &nbsp;procedure TestCov1;</pre></td></tr>
+<tr class="nocodegen"><td>29</td><td><pre style="display:inline;"> &nbsp; &nbsp;procedure TestCov2;</pre></td></tr>
+<tr class="nocodegen"><td>30</td><td><pre style="display:inline;"> &nbsp; &nbsp;procedure TestCov3;</pre></td></tr>
+<tr class="nocodegen"><td>31</td><td><pre style="display:inline;"> &nbsp;end;</pre></td></tr>
+<tr class="nocodegen"><td>32</td><td><pre style="display:inline;"></pre></td></tr>
+<tr class="nocodegen"><td>33</td><td><pre style="display:inline;">procedure NotRun;</pre></td></tr>
+<tr class="nocodegen"><td>34</td><td><pre style="display:inline;">begin</pre></td></tr>
+<tr class="nocodegen"><td>35</td><td><pre style="display:inline;"> &nbsp; &nbsp;WriteLn(&apos;This line will never run&apos;);</pre></td></tr>
+<tr class="nocodegen"><td>36</td><td><pre style="display:inline;">end;</pre></td></tr>
+<tr class="nocodegen"><td>37</td><td><pre style="display:inline;">procedure UTCovTestTests.SetUp;</pre></td></tr>
+<tr class="nocodegen"><td>38</td><td><pre style="display:inline;">begin</pre></td></tr>
+<tr class="covered"><td>39</td><td><pre style="display:inline;">end;</pre></td></tr>
+<tr class="nocodegen"><td>40</td><td><pre style="display:inline;"></pre></td></tr>
+<tr class="nocodegen"><td>41</td><td><pre style="display:inline;">procedure UTCovTestTests.TearDown;</pre></td></tr>
+<tr class="nocodegen"><td>42</td><td><pre style="display:inline;">begin</pre></td></tr>
+<tr class="covered"><td>43</td><td><pre style="display:inline;">end;</pre></td></tr>
+<tr class="nocodegen"><td>44</td><td><pre style="display:inline;"></pre></td></tr>
+<tr class="nocodegen"><td>45</td><td><pre style="display:inline;">procedure UTCovTestTests.TestCov1;</pre></td></tr>
+<tr class="covered"><td>46</td><td><pre style="display:inline;">begin</pre></td></tr>
+<tr class="nocodegen"><td>47</td><td><pre style="display:inline;"> &nbsp;{</pre></td></tr>
+<tr class="nocodegen"><td>48</td><td><pre style="display:inline;"> &nbsp;Block comment lines</pre></td></tr>
+<tr class="nocodegen"><td>49</td><td><pre style="display:inline;"> &nbsp;}</pre></td></tr>
+<tr class="covered"><td>50</td><td><pre style="display:inline;"> &nbsp;CheckEquals(1,2-1);</pre></td></tr>
+<tr class="covered"><td>51</td><td><pre style="display:inline;">end;</pre></td></tr>
+<tr class="nocodegen"><td>52</td><td><pre style="display:inline;"></pre></td></tr>
+<tr class="nocodegen"><td>53</td><td><pre style="display:inline;">procedure UTCovTestTests.TestCov2;</pre></td></tr>
+<tr class="nocodegen"><td>54</td><td><pre style="display:inline;">var</pre></td></tr>
+<tr class="nocodegen"><td>55</td><td><pre style="display:inline;"> &nbsp;i:DWORD;</pre></td></tr>
+<tr class="covered"><td>56</td><td><pre style="display:inline;">begin</pre></td></tr>
+<tr class="covered"><td>57</td><td><pre style="display:inline;"> &nbsp;for i := 0 to 1 do</pre></td></tr>
+<tr class="covered"><td>58</td><td><pre style="display:inline;"> &nbsp; &nbsp;WriteLn( IntToStr(i));</pre></td></tr>
+<tr class="nocodegen"><td>59</td><td><pre style="display:inline;"> &nbsp;// Comment</pre></td></tr>
+<tr class="covered"><td>60</td><td><pre style="display:inline;"> &nbsp;CheckEquals(i,2);</pre></td></tr>
+<tr class="covered"><td>61</td><td><pre style="display:inline;">end;</pre></td></tr>
+<tr class="nocodegen"><td>62</td><td><pre style="display:inline;"></pre></td></tr>
+<tr class="nocodegen"><td>63</td><td><pre style="display:inline;">procedure UTCovTestTests.TestCov3;</pre></td></tr>
+<tr class="nocodegen"><td>64</td><td><pre style="display:inline;">var</pre></td></tr>
+<tr class="nocodegen"><td>65</td><td><pre style="display:inline;"> i : DWORD;</pre></td></tr>
+<tr class="covered"><td>66</td><td><pre style="display:inline;">begin</pre></td></tr>
+<tr class="covered"><td>67</td><td><pre style="display:inline;"> &nbsp;i := 0;</pre></td></tr>
+<tr class="covered"><td>68</td><td><pre style="display:inline;"> &nbsp;while i &lt; 5 do</pre></td></tr>
+<tr class="covered"><td>69</td><td><pre style="display:inline;"> &nbsp; i := i+1;</pre></td></tr>
+<tr class="covered"><td>70</td><td><pre style="display:inline;"> &nbsp;CheckEquals(i,5);</pre></td></tr>
+<tr class="covered"><td>71</td><td><pre style="display:inline;">end;</pre></td></tr>
+<tr class="nocodegen"><td>72</td><td><pre style="display:inline;"></pre></td></tr>
+<tr class="covered"><td>73</td><td><pre style="display:inline;">begin</pre></td></tr>
+<tr class="covered"><td>74</td><td><pre style="display:inline;"> &nbsp;UnitTest.addSuite(UTCovTestTests.Suite);</pre></td></tr>
+<tr class="covered"><td>75</td><td><pre style="display:inline;">end.</pre></td></tr>
+</table>
+</body>
+</html>
diff --git a/Tests/DelphiCoverage/src/UTCovTest.pas b/Tests/DelphiCoverage/src/UTCovTest.pas
new file mode 100644
index 0000000..66db3c0
--- /dev/null
+++ b/Tests/DelphiCoverage/src/UTCovTest.pas
@@ -0,0 +1,75 @@
+//---------------------------------------------------------------------------
+// Copyright 2012 The Open Source Electronic Health Record Agent
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//---------------------------------------------------------------------------
+unit UTCovTest;
+interface
+uses UnitTest, TestFrameWork,SysUtils,Windows;
+
+implementation
+type
+UTCovTestTests=class(TTestCase)
+  public
+  procedure SetUp; override;
+  procedure TearDown; override;
+
+  published
+    procedure TestCov1;
+    procedure TestCov2;
+    procedure TestCov3;
+  end;
+
+procedure NotRun;
+begin
+    WriteLn('This line will never run');
+end;
+procedure UTCovTestTests.SetUp;
+begin
+end;
+
+procedure UTCovTestTests.TearDown;
+begin
+end;
+
+procedure UTCovTestTests.TestCov1;
+begin
+  {
+  Block comment lines
+  }
+  CheckEquals(1,2-1);
+end;
+
+procedure UTCovTestTests.TestCov2;
+var
+  i:DWORD;
+begin
+  for i := 0 to 1 do
+    WriteLn( IntToStr(i));
+  // Comment
+  CheckEquals(i,2);
+end;
+
+procedure UTCovTestTests.TestCov3;
+var
+ i : DWORD;
+begin
+  i := 0;
+  while i < 5 do
+   i := i+1;
+  CheckEquals(i,5);
+end;
+
+begin
+  UnitTest.addSuite(UTCovTestTests.Suite);
+end.
\ No newline at end of file
diff --git a/Tests/ExternalProjectLocal/CMakeLists.txt b/Tests/ExternalProjectLocal/CMakeLists.txt
index f942197..cbbb555 100644
--- a/Tests/ExternalProjectLocal/CMakeLists.txt
+++ b/Tests/ExternalProjectLocal/CMakeLists.txt
@@ -66,6 +66,7 @@ if(can_build_tutorial_step5)
   ExternalProject_Add(${proj}
     URL "${CMAKE_CURRENT_SOURCE_DIR}/../Tutorial/Step5"
     CMAKE_ARGS -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -G ${CMAKE_GENERATOR} <SOURCE_DIR>
+    CMAKE_CACHE_DEFAULT_ARGS -DUSE_MYMATH:BOOL=OFF
     TEST_AFTER_INSTALL 1
     LOG_TEST 1
   )
diff --git a/Tests/ExternalProjectUpdate/CMakeLists.txt b/Tests/ExternalProjectUpdate/CMakeLists.txt
index c33e90b..fbb3388 100644
--- a/Tests/ExternalProjectUpdate/CMakeLists.txt
+++ b/Tests/ExternalProjectUpdate/CMakeLists.txt
@@ -19,6 +19,7 @@ set(base "${CMAKE_BINARY_DIR}/CMakeExternals")
 set(binary_base "${base}/Build")
 set_property(DIRECTORY PROPERTY EP_BASE ${base})
 set_property(DIRECTORY PROPERTY EP_STEP_TARGETS configure build test)
+set_property(DIRECTORY PROPERTY EP_INDEPENDENT_STEP_TARGETS update)
 
 set(do_git_tests 0)
 
@@ -68,8 +69,20 @@ if(do_git_tests)
     CMAKE_GENERATOR "${CMAKE_GENERATOR}"
     CMAKE_ARGS -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR>
     INSTALL_COMMAND ""
-    DEPENDS "SetupLocalGITRepository"
   )
+  ExternalProject_Add_StepDependencies(${proj} download SetupLocalGITRepository)
+  set_property(TARGET ${proj} PROPERTY FOLDER "GIT")
+
+  set(proj TutorialStep2-GIT)
+  ExternalProject_Add(${proj}
+    GIT_REPOSITORY "${local_git_repo}"
+    GIT_TAG ${TEST_GIT_TAG}
+    CMAKE_GENERATOR "${CMAKE_GENERATOR}"
+    CMAKE_ARGS -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR>
+    INSTALL_COMMAND ""
+    UPDATE_DISCONNECTED 1
+  )
+  ExternalProject_Add_StepDependencies(${proj} download SetupLocalGITRepository)
   set_property(TARGET ${proj} PROPERTY FOLDER "GIT")
 endif()
 
diff --git a/Tests/ExternalProjectUpdate/ExternalProjectUpdateTest.cmake b/Tests/ExternalProjectUpdate/ExternalProjectUpdateTest.cmake
index 6c7bcfe..7065f36 100644
--- a/Tests/ExternalProjectUpdate/ExternalProjectUpdateTest.cmake
+++ b/Tests/ExternalProjectUpdate/ExternalProjectUpdateTest.cmake
@@ -59,6 +59,102 @@ was expected."
   if( EXISTS ${FETCH_HEAD_file} AND NOT ${fetch_expected})
     message( FATAL_ERROR "Fetch DID occur when it was not expected.")
   endif()
+
+  message( STATUS "Checking ExternalProjectUpdate to tag: ${desired_tag} (disconnected)" )
+
+  # Remove the FETCH_HEAD file, so we can check if it gets replaced with a 'git
+  # fetch'.
+  set( FETCH_HEAD_file ${ExternalProjectUpdate_BINARY_DIR}/CMakeExternals/Source/TutorialStep2-GIT/.git/FETCH_HEAD )
+  file( REMOVE ${FETCH_HEAD_file} )
+
+  # Check initial SHA
+  execute_process(COMMAND ${GIT_EXECUTABLE}
+    rev-list --max-count=1 HEAD
+    WORKING_DIRECTORY ${ExternalProjectUpdate_BINARY_DIR}/CMakeExternals/Source/TutorialStep2-GIT
+    RESULT_VARIABLE error_code
+    OUTPUT_VARIABLE initial_sha
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    )
+
+  # Configure
+  execute_process(COMMAND ${CMAKE_COMMAND}
+    -G ${CMAKE_GENERATOR} -T "${CMAKE_GENERATOR_TOOLSET}"
+    -A "${CMAKE_GENERATOR_PLATFORM}"
+    -DTEST_GIT_TAG:STRING=${desired_tag}
+    ${ExternalProjectUpdate_SOURCE_DIR}
+    WORKING_DIRECTORY ${ExternalProjectUpdate_BINARY_DIR}
+    RESULT_VARIABLE error_code
+    )
+  if(error_code)
+    message(FATAL_ERROR "Could not configure the project.")
+  endif()
+
+  # Build
+  execute_process(COMMAND ${CMAKE_COMMAND}
+    --build ${ExternalProjectUpdate_BINARY_DIR}
+    RESULT_VARIABLE error_code
+    )
+  if(error_code)
+    message(FATAL_ERROR "Could not build the project.")
+  endif()
+
+  if( EXISTS ${FETCH_HEAD_file} )
+    message( FATAL_ERROR "Fetch occured when it was not expected.")
+  endif()
+
+  # Check the resulting SHA
+  execute_process(COMMAND ${GIT_EXECUTABLE}
+    rev-list --max-count=1 HEAD
+    WORKING_DIRECTORY ${ExternalProjectUpdate_BINARY_DIR}/CMakeExternals/Source/TutorialStep2-GIT
+    RESULT_VARIABLE error_code
+    OUTPUT_VARIABLE tag_sha
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    )
+  if(error_code)
+    message(FATAL_ERROR "Could not check the sha.")
+  endif()
+
+  if(NOT (${tag_sha} STREQUAL ${initial_sha}))
+    message(FATAL_ERROR "Update occurred when it was not expected.")
+  endif()
+
+  # Update
+  execute_process(COMMAND ${CMAKE_COMMAND}
+    --build ${ExternalProjectUpdate_BINARY_DIR}
+    --target TutorialStep2-GIT-update
+    RESULT_VARIABLE error_code
+    )
+  if(error_code)
+    message(FATAL_ERROR "Could not build the project.")
+  endif()
+
+  # Check the resulting SHA
+  execute_process(COMMAND ${GIT_EXECUTABLE}
+    rev-list --max-count=1 HEAD
+    WORKING_DIRECTORY ${ExternalProjectUpdate_BINARY_DIR}/CMakeExternals/Source/TutorialStep2-GIT
+    RESULT_VARIABLE error_code
+    OUTPUT_VARIABLE tag_sha
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    )
+  if(error_code)
+    message(FATAL_ERROR "Could not check the sha.")
+  endif()
+
+  if(NOT (${tag_sha} STREQUAL ${resulting_sha}))
+    message(FATAL_ERROR "UPDATE_COMMAND produced
+  ${tag_sha}
+when
+  ${resulting_sha}
+was expected."
+    )
+  endif()
+
+  if( NOT EXISTS ${FETCH_HEAD_file} AND ${fetch_expected})
+    message( FATAL_ERROR "Fetch did NOT occur when it was expected.")
+  endif()
+  if( EXISTS ${FETCH_HEAD_file} AND NOT ${fetch_expected})
+    message( FATAL_ERROR "Fetch DID occur when it was not expected.")
+  endif()
 endmacro()
 
 find_package(Git)
diff --git a/Tests/ForceInclude/CMakeLists.txt b/Tests/ForceInclude/CMakeLists.txt
index 5c02ebb..e231054 100644
--- a/Tests/ForceInclude/CMakeLists.txt
+++ b/Tests/ForceInclude/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8.3.20110103)
 project(ForceInclude C)
 
 # Make sure the proper compiler is in use.
-if(NOT MSVC AND NOT "${CMAKE_C_COMPILER_ID}" MATCHES "^(Intel)$")
+if(NOT MSVC AND NOT CMAKE_C_COMPILER_ID STREQUAL "Intel")
   message(FATAL_ERROR "The ForceInclude test works only with MSVC or Intel")
 endif()
 
diff --git a/Tests/Fortran/CMakeLists.txt b/Tests/Fortran/CMakeLists.txt
index 1982a60..8700c94 100644
--- a/Tests/Fortran/CMakeLists.txt
+++ b/Tests/Fortran/CMakeLists.txt
@@ -13,11 +13,11 @@ message("CMAKE_Fortran_COMPILER = ${CMAKE_Fortran_COMPILER}")
 message("CMAKE_Fortran_FLAGS = ${CMAKE_Fortran_FLAGS}")
 
 set(_SHARED SHARED)
-if("${CMAKE_Fortran_COMPILER_ID}" MATCHES "^(XL|VisualAge)$")
+if(CMAKE_Fortran_COMPILER_ID MATCHES "^(XL|VisualAge)$")
   # We do not implement SHARED Fortran libs on AIX yet!
   # Workaround: Set LINKER_LANGUAGE to C, which uses 'xlc' and Fortran implicits.
   set(_SHARED STATIC)
-elseif("${CMAKE_Fortran_COMPILER_ID}" STREQUAL "GNU")
+elseif(CMAKE_Fortran_COMPILER_ID STREQUAL "GNU")
   # g77 2.96 does not support shared libs on Itanium because g2c is not -fPIC
   execute_process(COMMAND ${CMAKE_Fortran_COMPILER} --version
                   OUTPUT_VARIABLE output ERROR_VARIABLE output)
@@ -29,10 +29,10 @@ endif()
 # Pick a module .def file with the properly mangled symbol name.
 set(world_def "")
 if(WIN32 AND NOT CYGWIN)
-  if("${CMAKE_Fortran_COMPILER_ID}" MATCHES "GNU")
+  if(CMAKE_Fortran_COMPILER_ID MATCHES "GNU")
     set(world_def world_gnu.def)
-  elseif("${CMAKE_Fortran_COMPILER_ID}" MATCHES "Intel" OR
-      "${CMAKE_GENERATOR}" MATCHES "Visual Studio") # Intel plugin
+  elseif(CMAKE_Fortran_COMPILER_ID MATCHES "Intel" OR
+      CMAKE_GENERATOR MATCHES "Visual Studio") # Intel plugin
     set(world_def world_icl.def)
   endif()
 endif()
@@ -119,7 +119,7 @@ endfunction()
 # call the test_fortran_c_interface_module function
 if("${CMAKE_Fortran_COMPILER_ID}:${CMAKE_C_COMPILER_ID}" MATCHES
     "(Intel:MSVC|Absoft:GNU)"
-    OR ("${CMAKE_Fortran_COMPILER_ID}" MATCHES "${CMAKE_C_COMPILER_ID}" ))
+    OR (CMAKE_Fortran_COMPILER_ID MATCHES CMAKE_C_COMPILER_ID ))
   test_fortran_c_interface_module()
 else()
   message("Fortran does not match c compiler")
@@ -128,7 +128,7 @@ else()
   # hack to make g77 work after CL has been enabled
   # as a languge, cmake needs language specific versions
   # of these variables....
-  if(WIN32 AND "${CMAKE_Fortran_COMPILER_ID}" MATCHES "GNU")
+  if(WIN32 AND CMAKE_Fortran_COMPILER_ID MATCHES "GNU")
     set(CMAKE_CREATE_CONSOLE_EXE )
     set(CMAKE_LIBRARY_PATH_FLAG "-L")
     set(CMAKE_LINK_LIBRARY_FLAG "-l")
@@ -137,8 +137,8 @@ else()
   # gnu and sunpro do not use the same flags here...
   # however if LDFLAGS is used to set -m64 it causes odd stuf
   # with the fortran build
-  if( ("${CMAKE_C_COMPILER_ID}" MATCHES "GNU")
-      AND ("${CMAKE_Fortran_COMPILER_ID}" MATCHES "SunPro"))
+  if( (CMAKE_C_COMPILER_ID MATCHES "GNU")
+      AND (CMAKE_Fortran_COMPILER_ID MATCHES "SunPro"))
     set(CMAKE_EXE_LINKER_FLAGS "")
     set(CMAKE_Fortran_FLAGS "")
   endif()
diff --git a/Tests/FortranC/CMakeLists.txt b/Tests/FortranC/CMakeLists.txt
index f335583..79c670d 100644
--- a/Tests/FortranC/CMakeLists.txt
+++ b/Tests/FortranC/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
 project(FortranC C Fortran)
 
 # Skip this test for compilers not known to be compatible.
-if(NOT ("${CMAKE_C_COMPILER_ID}" STREQUAL "${CMAKE_Fortran_COMPILER_ID}" OR
+if(NOT (CMAKE_C_COMPILER_ID STREQUAL CMAKE_Fortran_COMPILER_ID OR
         "${CMAKE_C_COMPILER_ID}-${CMAKE_Fortran_COMPILER_ID}" MATCHES "^(MSVC-Intel)$"))
   message(STATUS "${CMAKE_C_COMPILER_ID} C and ${CMAKE_Fortran_COMPILER_ID} Fortran not known to be compatible!")
   return()
diff --git a/Tests/FortranOnly/CMakeLists.txt b/Tests/FortranOnly/CMakeLists.txt
index f55e727..1b2651d 100644
--- a/Tests/FortranOnly/CMakeLists.txt
+++ b/Tests/FortranOnly/CMakeLists.txt
@@ -66,3 +66,29 @@ if(NOT CMAKE_Fortran_COMPILER_ID STREQUAL XL)
       "${err}")
   endif()
 endif()
+
+# Test generation of preprocessed sources.
+if("${CMAKE_GENERATOR}" MATCHES "Makefile" AND CMAKE_MAKE_PROGRAM)
+  if(CMAKE_Fortran_CREATE_PREPROCESSED_SOURCE)
+    # Skip running this part of the test on certain platforms
+    # until they are fixed.
+    set(MAYBE_ALL ALL)
+    list(LENGTH CMAKE_OSX_ARCHITECTURES ARCH_COUNT)
+    if(ARCH_COUNT GREATER 1)
+      # OSX does not support preprocessing more than one architecture.
+      set(MAYBE_ALL)
+    endif()
+
+    add_executable(preprocess preprocess.F)
+
+    # Custom target to try preprocessing invocation.
+    add_custom_target(test_preprocess ${MAYBE_ALL}
+      COMMAND ${CMAKE_COMMAND} -E remove CMakeFiles/preprocess.dir/preprocess.F.i
+      COMMAND ${CMAKE_MAKE_PROGRAM} preprocess.i
+      COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_SOURCE_DIR}/test_preprocess.cmake
+      # Remove bogus file some compilers leave behind.
+      COMMAND ${CMAKE_COMMAND} -E remove ${CMAKE_CURRENT_SOURCE_DIR}/preprocess.s
+      WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+      )
+  endif()
+endif()
diff --git a/Tests/FortranOnly/preprocess.F b/Tests/FortranOnly/preprocess.F
new file mode 100644
index 0000000..f7df457
--- /dev/null
+++ b/Tests/FortranOnly/preprocess.F
@@ -0,0 +1,5 @@
+       PROGRAM PREPRO
+#ifndef TEST_PREPROCESSOR
+       PRINT *, 'Hello'
+#endif
+       END
diff --git a/Tests/FortranOnly/test_preprocess.cmake b/Tests/FortranOnly/test_preprocess.cmake
new file mode 100644
index 0000000..29ebdac
--- /dev/null
+++ b/Tests/FortranOnly/test_preprocess.cmake
@@ -0,0 +1,7 @@
+set(TEST_FILE CMakeFiles/preprocess.dir/preprocess.F.i)
+file(READ ${TEST_FILE} CONTENTS)
+if("${CONTENTS}" MATCHES "PRINT *")
+  message(STATUS "${TEST_FILE} created successfully!")
+else()
+  message(FATAL_ERROR "${TEST_FILE} creation failed!")
+endif()
diff --git a/Tests/JavascriptCoverage/DartConfiguration.tcl.in b/Tests/JavascriptCoverage/DartConfiguration.tcl.in
new file mode 100644
index 0000000..f94d988
--- /dev/null
+++ b/Tests/JavascriptCoverage/DartConfiguration.tcl.in
@@ -0,0 +1,8 @@
+# This file is configured by CMake automatically as DartConfiguration.tcl
+# If you choose not to use CMake, this file may be hand configured, by
+# filling in the required variables.
+
+
+# Configuration directories and files
+SourceDirectory: ${CMake_BINARY_DIR}/Testing/JavascriptCoverage
+BuildDirectory: ${CMake_BINARY_DIR}/Testing/JavascriptCoverage
diff --git a/Tests/JavascriptCoverage/output.json.in b/Tests/JavascriptCoverage/output.json.in
new file mode 100644
index 0000000..717cffe
--- /dev/null
+++ b/Tests/JavascriptCoverage/output.json.in
@@ -0,0 +1,448 @@
+{
+  "instrumentation": "node-jscoverage",
+  "sloc": 29,
+  "hits": 28,
+  "misses": 1,
+  "coverage": 96.55172413793103,
+  "files": [
+    {
+      "filename": "${CMake_BINARY_DIR}/Testing/JavascriptCoverage/test.js",
+      "coverage": 96.55172413793103,
+      "hits": 28,
+      "misses": 1,
+      "sloc": 29,
+      "source": {
+        "1": {
+          "source": "var assert = require(\"assert\")",
+          "coverage": 1
+        },
+        "2": {
+          "source": "var test  = {",
+          "coverage": 1
+        },
+        "3": {
+          "source": "  version: \"1.0.0\"",
+          "coverage": ""
+        },
+        "4": {
+          "source": "}",
+          "coverage": ""
+        },
+        "5": {
+          "source": "function covTest(p1,p2) {",
+          "coverage": 1
+        },
+        "6": {
+          "source": "  if (p1 > 3) {",
+          "coverage": 2
+        },
+        "7": {
+          "source": "    return 1;",
+          "coverage": 1
+        },
+        "8": {
+          "source": "  }",
+          "coverage": ""
+        },
+        "9": {
+          "source": "  else {",
+          "coverage": ""
+        },
+        "10": {
+          "source": "    return p1 + p2;",
+          "coverage": 1
+        },
+        "11": {
+          "source": "  }",
+          "coverage": ""
+        },
+        "12": {
+          "source": "}",
+          "coverage": ""
+        },
+        "13": {
+          "source": "",
+          "coverage": ""
+        },
+        "14": {
+          "source": "function covTest2(p1,p2) {",
+          "coverage": 1
+        },
+        "15": {
+          "source": "  return 0;",
+          "coverage": 0
+        },
+        "16": {
+          "source": "}",
+          "coverage": ""
+        },
+        "17": {
+          "source": "",
+          "coverage": ""
+        },
+        "18": {
+          "source": "function covTest3(p1) {",
+          "coverage": 1
+        },
+        "19": {
+          "source": "  for(i=0;i < p1;i++){",
+          "coverage": 1
+        },
+        "20": {
+          "source": "  }",
+          "coverage": ""
+        },
+        "21": {
+          "source": "  return i;",
+          "coverage": 1
+        },
+        "22": {
+          "source": "}",
+          "coverage": ""
+        },
+        "23": {
+          "source": "function covTest4(p1) {",
+          "coverage": 1
+        },
+        "24": {
+          "source": "  i=0;",
+          "coverage": 1
+        },
+        "25": {
+          "source": "  while(i < p1){",
+          "coverage": 1
+        },
+        "26": {
+          "source": "  i++;",
+          "coverage": 5
+        },
+        "27": {
+          "source": "  }",
+          "coverage": ""
+        },
+        "28": {
+          "source": "  return i;",
+          "coverage": 1
+        },
+        "29": {
+          "source": "}",
+          "coverage": ""
+        },
+        "30": {
+          "source": "",
+          "coverage": ""
+        },
+        "31": {
+          "source": "describe('Array', function(){",
+          "coverage": 1
+        },
+        "32": {
+          "source": "  describe('CovTest', function(){",
+          "coverage": 1
+        },
+        "33": {
+          "source": "    it('should return when the value is not present', function(){",
+          "coverage": 1
+        },
+        "34": {
+          "source": "      assert.equal(4,covTest(2,2));",
+          "coverage": 1
+        },
+        "35": {
+          "source": "    })",
+          "coverage": ""
+        },
+        "36": {
+          "source": "  })",
+          "coverage": ""
+        },
+        "37": {
+          "source": "  ",
+          "coverage": ""
+        },
+        "38": {
+          "source": "  describe('CovTest>3', function(){",
+          "coverage": 1
+        },
+        "39": {
+          "source": "    it('should return when the value is not present', function(){",
+          "coverage": 1
+        },
+        "40": {
+          "source": "      assert.equal(1,covTest(4,2));",
+          "coverage": 1
+        },
+        "41": {
+          "source": "    })",
+          "coverage": ""
+        },
+        "42": {
+          "source": "  })",
+          "coverage": ""
+        },
+        "43": {
+          "source": "  describe('covTest4', function(){",
+          "coverage": 1
+        },
+        "44": {
+          "source": "    it('should return when the value is not present', function(){",
+          "coverage": 1
+        },
+        "45": {
+          "source": "      assert.equal(5,covTest4(5));",
+          "coverage": 1
+        },
+        "46": {
+          "source": "    })",
+          "coverage": ""
+        },
+        "47": {
+          "source": "  })",
+          "coverage": ""
+        },
+        "48": {
+          "source": "  describe('covTest3', function(){",
+          "coverage": 1
+        },
+        "49": {
+          "source": "    it('should return when the value is not present', function(){",
+          "coverage": 1
+        },
+        "50": {
+          "source": "      assert.equal(5,covTest3(5));",
+          "coverage": 1
+        },
+        "51": {
+          "source": "    })",
+          "coverage": ""
+        },
+        "52": {
+          "source": "  })",
+          "coverage": ""
+        },
+        "53": {
+          "source": "})",
+          "coverage": ""
+        },
+        "54": {
+          "source": "",
+          "coverage": ""
+        }
+      }
+      "filename": "${CMake_BINARY_DIR}/Testing/JavascriptCoverage/test3.js",
+      "coverage": 55.00000000000001,
+      "hits": 11,
+      "misses": 9,
+      "sloc": 20,
+      "source": {
+        "1": {
+          "source": "var assert = require(\"assert\")",
+          "coverage": 1
+        },
+        "2": {
+          "source": "var test  = {",
+          "coverage": 1
+        },
+        "3": {
+          "source": "  version: \"1.0.0\"",
+          "coverage": ""
+        },
+        "4": {
+          "source": "}",
+          "coverage": ""
+        },
+        "5": {
+          "source": "function covTest(p1,p2) {",
+          "coverage": 1
+        },
+        "6": {
+          "source": "  if (p1 > 3) {",
+          "coverage": 0
+        },
+        "7": {
+          "source": "    return 1;",
+          "coverage": 0
+        },
+        "8": {
+          "source": "  }",
+          "coverage": ""
+        },
+        "9": {
+          "source": "  else {",
+          "coverage": ""
+        },
+        "10": {
+          "source": "    return p1 + p2;",
+          "coverage": 0
+        },
+        "11": {
+          "source": "  }",
+          "coverage": ""
+        },
+        "12": {
+          "source": "}",
+          "coverage": ""
+        },
+        "13": {
+          "source": "",
+          "coverage": ""
+        },
+        "14": {
+          "source": "function covTest2(p1,p2) {",
+          "coverage": 1
+        },
+        "15": {
+          "source": "  return 0;",
+          "coverage": 1
+        },
+        "16": {
+          "source": "}",
+          "coverage": ""
+        },
+        "17": {
+          "source": "",
+          "coverage": ""
+        },
+        "18": {
+          "source": "function covTest3(p1) {",
+          "coverage": 1
+        },
+        "19": {
+          "source": "  for(i=0;i < p1;i++){",
+          "coverage": 0
+        },
+        "20": {
+          "source": "  }",
+          "coverage": ""
+        },
+        "21": {
+          "source": "  return i;",
+          "coverage": 0
+        },
+        "22": {
+          "source": "}",
+          "coverage": ""
+        },
+        "23": {
+          "source": "function covTest4(p1) {",
+          "coverage": 1
+        },
+        "24": {
+          "source": "  i=0;",
+          "coverage": 0
+        },
+        "25": {
+          "source": "  while(i < p1){",
+          "coverage": 0
+        },
+        "26": {
+          "source": "  i++;",
+          "coverage": 0
+        },
+        "27": {
+          "source": "  }",
+          "coverage": ""
+        },
+        "28": {
+          "source": "  return i;",
+          "coverage": 0
+        },
+        "29": {
+          "source": "}",
+          "coverage": ""
+        },
+        "30": {
+          "source": "",
+          "coverage": ""
+        },
+        "31": {
+          "source": "describe('Array', function(){",
+          "coverage": 1
+        },
+        "32": {
+          "source": "  describe('CovTest2', function(){",
+          "coverage": 1
+        },
+        "33": {
+          "source": "    it('should return when the value is not present', function(){",
+          "coverage": 1
+        },
+        "34": {
+          "source": "      assert.equal(0,covTest2(2,2));",
+          "coverage": 1
+        },
+        "35": {
+          "source": "    })",
+          "coverage": ""
+        },
+        "36": {
+          "source": "  })",
+          "coverage": ""
+        },
+        "37": {
+          "source": "})",
+          "coverage": ""
+        },
+        "38": {
+          "source": "",
+          "coverage": ""
+        }
+      }
+    }
+  ],
+  "stats": {
+    "suites": 5,
+    "tests": 4,
+    "passes": 4,
+    "pending": 0,
+    "failures": 0,
+    "start": "2014-10-23T17:56:02.339Z",
+    "end": "2014-10-23T17:56:02.344Z",
+    "duration": 5
+  },
+  "tests": [
+    {
+      "title": "should return when the value is not present",
+      "fullTitle": "Array CovTest should return when the value is not present",
+      "duration": 0
+    },
+    {
+      "title": "should return when the value is not present",
+      "fullTitle": "Array CovTest>3 should return when the value is not present",
+      "duration": 0
+    },
+    {
+      "title": "should return when the value is not present",
+      "fullTitle": "Array covTest4 should return when the value is not present",
+      "duration": 0
+    },
+    {
+      "title": "should return when the value is not present",
+      "fullTitle": "Array covTest3 should return when the value is not present",
+      "duration": 0
+    }
+  ],
+  "failures": [],
+  "passes": [
+    {
+      "title": "should return when the value is not present",
+      "fullTitle": "Array CovTest should return when the value is not present",
+      "duration": 0
+    },
+    {
+      "title": "should return when the value is not present",
+      "fullTitle": "Array CovTest>3 should return when the value is not present",
+      "duration": 0
+    },
+    {
+      "title": "should return when the value is not present",
+      "fullTitle": "Array covTest4 should return when the value is not present",
+      "duration": 0
+    },
+    {
+      "title": "should return when the value is not present",
+      "fullTitle": "Array covTest3 should return when the value is not present",
+      "duration": 0
+    }
+  ]
+}
\ No newline at end of file
diff --git a/Tests/JavascriptCoverage/test.js b/Tests/JavascriptCoverage/test.js
new file mode 100644
index 0000000..273e921c
--- /dev/null
+++ b/Tests/JavascriptCoverage/test.js
@@ -0,0 +1,53 @@
+var assert = require("assert")
+var test  = {
+  version: "1.0.0"
+}
+function covTest(p1,p2) {
+  if (p1 > 3) {
+    return 1;
+  }
+  else {
+    return p1 + p2;
+  }
+}
+
+function covTest2(p1,p2) {
+  return 0;
+}
+
+function covTest3(p1) {
+  for(i=0;i < p1;i++){
+  }
+  return i;
+}
+function covTest4(p1) {
+  i=0;
+  while(i < p1){
+  i++;
+  }
+  return i;
+}
+
+describe('Array', function(){
+  describe('CovTest', function(){
+    it('should return when the value is not present', function(){
+      assert.equal(4,covTest(2,2));
+    })
+  })
+
+  describe('CovTest>3', function(){
+    it('should return when the value is not present', function(){
+      assert.equal(1,covTest(4,2));
+    })
+  })
+  describe('covTest4', function(){
+    it('should return when the value is not present', function(){
+      assert.equal(5,covTest4(5));
+    })
+  })
+  describe('covTest3', function(){
+    it('should return when the value is not present', function(){
+      assert.equal(5,covTest3(5));
+    })
+  })
+})
diff --git a/Tests/JavascriptCoverage/test3.js b/Tests/JavascriptCoverage/test3.js
new file mode 100644
index 0000000..a1e31bc
--- /dev/null
+++ b/Tests/JavascriptCoverage/test3.js
@@ -0,0 +1,37 @@
+var assert = require("assert")
+var test  = {
+  version: "1.0.0"
+}
+function covTest(p1,p2) {
+  if (p1 > 3) {
+    return 1;
+  }
+  else {
+    return p1 + p2;
+  }
+}
+
+function covTest2(p1,p2) {
+  return 0;
+}
+
+function covTest3(p1) {
+  for(i=0;i < p1;i++){
+  }
+  return i;
+}
+function covTest4(p1) {
+  i=0;
+  while(i < p1){
+  i++;
+  }
+  return i;
+}
+
+describe('Array', function(){
+  describe('CovTest2', function(){
+    it('should return when the value is not present', function(){
+      assert.equal(0,covTest2(2,2));
+    })
+  })
+})
diff --git a/Tests/LinkStatic/CMakeLists.txt b/Tests/LinkStatic/CMakeLists.txt
index 2062c43..200d4e5 100644
--- a/Tests/LinkStatic/CMakeLists.txt
+++ b/Tests/LinkStatic/CMakeLists.txt
@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 2.8.4.20110303 FATAL_ERROR)
 project(LinkStatic C)
 
-if(NOT "${CMAKE_C_COMPILER_ID}" MATCHES "^(GNU)$")
+if(NOT CMAKE_C_COMPILER_ID STREQUAL "GNU")
   message(FATAL_ERROR "This test works only with the GNU compiler!")
 endif()
 
diff --git a/Tests/Module/WriteCompilerDetectionHeader/CMakeLists.txt b/Tests/Module/WriteCompilerDetectionHeader/CMakeLists.txt
index 7bf9f28..62c7e8c 100644
--- a/Tests/Module/WriteCompilerDetectionHeader/CMakeLists.txt
+++ b/Tests/Module/WriteCompilerDetectionHeader/CMakeLists.txt
@@ -74,6 +74,22 @@ add_executable(WriteCompilerDetectionHeader main.cpp)
 set_property(TARGET WriteCompilerDetectionHeader PROPERTY CXX_STANDARD 98)
 set_defines(WriteCompilerDetectionHeader "${true_defs}" "${false_defs}")
 
+write_compiler_detection_header(
+  FILE "${CMAKE_CURRENT_BINARY_DIR}/compiler_multi_files/multi_file_compiler_detection.h"
+  PREFIX MULTI
+  OUTPUT_FILES_VAR multi_files
+  OUTPUT_DIR "${CMAKE_CURRENT_BINARY_DIR}/compiler_multi_files/compiler_support"
+  COMPILERS GNU Clang
+  VERSION 3.1
+  FEATURES
+    ${cxx_known_features} ${c_known_features}
+)
+
+add_executable(multi_files multi_files.cpp)
+set_property(TARGET multi_files PROPERTY CXX_STANDARD 98)
+target_include_directories(multi_files PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/compiler_multi_files)
+set_defines(multi_files "${true_defs}" "${false_defs}")
+
 if(MSVC)
   return() # MSVC has only one mode.
 endif()
@@ -93,3 +109,8 @@ endif()
 add_executable(WriteCompilerDetectionHeader_11 main.cpp)
 set_property(TARGET WriteCompilerDetectionHeader_11 PROPERTY CXX_STANDARD 11)
 set_defines(WriteCompilerDetectionHeader_11 "${true_defs}" "${false_defs}")
+
+add_executable(multi_files_11 multi_files.cpp)
+set_property(TARGET multi_files_11 PROPERTY CXX_STANDARD 11)
+target_include_directories(multi_files_11 PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/compiler_multi_files)
+set_defines(multi_files_11 "${true_defs}" "${false_defs}")
diff --git a/Tests/Module/WriteCompilerDetectionHeader/compile_tests.h b/Tests/Module/WriteCompilerDetectionHeader/compile_tests.h
new file mode 100644
index 0000000..8b547d8
--- /dev/null
+++ b/Tests/Module/WriteCompilerDetectionHeader/compile_tests.h
@@ -0,0 +1,25 @@
+
+#define JOIN_IMPL(A, B) A ## B
+#define JOIN(A, B) JOIN_IMPL(A, B)
+
+#define CHECK(FEATURE) (JOIN(PREFIX, JOIN(_COMPILER_, FEATURE)) == JOIN(EXPECTED_COMPILER_, FEATURE))
+
+#if !CHECK(CXX_DELEGATING_CONSTRUCTORS)
+#error cxx_delegating_constructors expected availability did not match.
+#endif
+
+#if !CHECK(CXX_VARIADIC_TEMPLATES)
+#error cxx_variadic_templates expected availability did not match.
+#endif
+
+#if !CHECK(VERSION_MAJOR)
+#error Compiler major version did not match.
+#endif
+
+#if !CHECK(VERSION_MINOR)
+#error Compiler minor version did not match.
+#endif
+
+#if !CHECK(VERSION_PATCH)
+#error Compiler patch version did not match.
+#endif
diff --git a/Tests/Module/WriteCompilerDetectionHeader/main.cpp b/Tests/Module/WriteCompilerDetectionHeader/main.cpp
index b807ad5..82b2191 100644
--- a/Tests/Module/WriteCompilerDetectionHeader/main.cpp
+++ b/Tests/Module/WriteCompilerDetectionHeader/main.cpp
@@ -1,29 +1,8 @@
 
 #include "test_compiler_detection.h"
 
-#define JOIN_IMPL(A, B) A ## B
-#define JOIN(A, B) JOIN_IMPL(A, B)
-#define CHECK(FEATURE) (JOIN(TEST_COMPILER_, FEATURE) == JOIN(EXPECTED_COMPILER_, FEATURE))
-
-#if !CHECK(CXX_DELEGATING_CONSTRUCTORS)
-#error cxx_delegating_constructors expected availability did not match.
-#endif
-
-#if !CHECK(CXX_VARIADIC_TEMPLATES)
-#error cxx_variadic_templates expected availability did not match.
-#endif
-
-#if !CHECK(VERSION_MAJOR)
-#error Compiler major version did not match.
-#endif
-
-#if !CHECK(VERSION_MINOR)
-#error Compiler minor version did not match.
-#endif
-
-#if !CHECK(VERSION_PATCH)
-#error Compiler patch version did not match.
-#endif
+#define PREFIX TEST
+#include "compile_tests.h"
 
 int main()
 {
diff --git a/Tests/Module/WriteCompilerDetectionHeader/multi_files.cpp b/Tests/Module/WriteCompilerDetectionHeader/multi_files.cpp
new file mode 100644
index 0000000..ca29823
--- /dev/null
+++ b/Tests/Module/WriteCompilerDetectionHeader/multi_files.cpp
@@ -0,0 +1,10 @@
+
+#include "multi_file_compiler_detection.h"
+
+#define PREFIX MULTI
+#include "compile_tests.h"
+
+int main()
+{
+  return 0;
+}
diff --git a/Tests/ModuleDefinition/CMakeLists.txt b/Tests/ModuleDefinition/CMakeLists.txt
index a30f643..bfbb343 100644
--- a/Tests/ModuleDefinition/CMakeLists.txt
+++ b/Tests/ModuleDefinition/CMakeLists.txt
@@ -13,7 +13,7 @@ add_custom_command(OUTPUT example_dll_gen.def
 add_library(example_dll_gen SHARED example_dll_gen.c example_dll_gen.def)
 
 # Test /DEF:<file> flag recognition for VS.
-if(MSVC OR "${CMAKE_C_COMPILER_ID}" MATCHES "^(Intel)$")
+if(MSVC OR CMAKE_C_COMPILER_ID STREQUAL "Intel")
   add_library(example_dll_2 SHARED example_dll_2.c)
   set_property(TARGET example_dll_2 PROPERTY LINK_FLAGS
     /DEF:"${ModuleDefinition_SOURCE_DIR}/example_dll_2.def")
diff --git a/Tests/PDBDirectoryAndName/CMakeLists.txt b/Tests/PDBDirectoryAndName/CMakeLists.txt
index 90af600..180f9fe 100644
--- a/Tests/PDBDirectoryAndName/CMakeLists.txt
+++ b/Tests/PDBDirectoryAndName/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
 project(PDBDirectoryAndName C)
 
 # Make sure the proper compiler is in use.
-if(NOT MSVC AND NOT "${CMAKE_C_COMPILER_ID}" MATCHES "^(Intel)$")
+if(NOT MSVC AND NOT CMAKE_C_COMPILER_ID STREQUAL "Intel")
   message(FATAL_ERROR "The PDBDirectoryAndName test works only with MSVC or Intel")
 endif()
 
diff --git a/Tests/PrecompiledHeader/CMakeLists.txt b/Tests/PrecompiledHeader/CMakeLists.txt
index 6958131..98bdd88 100644
--- a/Tests/PrecompiledHeader/CMakeLists.txt
+++ b/Tests/PrecompiledHeader/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required (VERSION 2.6)
 project(PrecompiledHeader C)
 
 # Make sure the proper compiler is in use.
-if(NOT MSVC AND NOT "${CMAKE_C_COMPILER_ID}" MATCHES "^(Intel)$")
+if(NOT MSVC AND NOT CMAKE_C_COMPILER_ID STREQUAL "Intel")
   message(FATAL_ERROR "The PrecompiledHeader test works only with MSVC or Intel")
 endif()
 
diff --git a/Tests/Preprocess/CMakeLists.txt b/Tests/Preprocess/CMakeLists.txt
index cdfdcc1..8ff0cfd 100644
--- a/Tests/Preprocess/CMakeLists.txt
+++ b/Tests/Preprocess/CMakeLists.txt
@@ -114,7 +114,7 @@ endif()
 
 set(EXPR_OP1 "/")
 if((NOT MSVC OR PP_NMAKE) AND
-   NOT "${CMAKE_C_COMPILER_ID}" MATCHES "^(Intel)$")
+   NOT CMAKE_C_COMPILER_ID STREQUAL "Intel")
   # MSVC cl, Intel icl: %
   # When the cl compiler is invoked from the command line then % must
   # be written %% (to distinguish from %ENV% syntax).  However cl does
diff --git a/Tests/QtAutogen/CMakeLists.txt b/Tests/QtAutogen/CMakeLists.txt
index 3fd00b8..a60b556 100644
--- a/Tests/QtAutogen/CMakeLists.txt
+++ b/Tests/QtAutogen/CMakeLists.txt
@@ -113,3 +113,35 @@ set_target_properties(no_link_language PROPERTIES AUTOMOC TRUE)
 qtx_wrap_cpp(uicOnlyMoc sub/uiconly.h)
 add_executable(uiconly sub/uiconly.cpp ${uicOnlyMoc})
 target_link_libraries(uiconly ${QT_LIBRARIES})
+
+try_compile(RCC_DEPENDS
+  "${CMAKE_CURRENT_BINARY_DIR}/autorcc_depends"
+  "${CMAKE_CURRENT_SOURCE_DIR}/autorcc_depends"
+  autorcc_depends
+  CMAKE_FLAGS "-DQT_QMAKE_EXECUTABLE:FILEPATH=${QT_QMAKE_EXECUTABLE}" "-DQT_TEST_VERSION=${QT_TEST_VERSION}"
+  OUTPUT_VARIABLE output
+)
+if (NOT RCC_DEPENDS)
+  message(SEND_ERROR "Initial build of autorcc_depends failed. Output: ${output}")
+endif()
+
+file(STRINGS "${CMAKE_CURRENT_BINARY_DIR}/autorcc_depends/info_file.txt" qrc_files)
+
+list(GET qrc_files 0 qrc_file1)
+
+set(timeformat "%Y%j%H%M%S")
+
+file(TIMESTAMP "${qrc_file1}" file1_before "${timeformat}")
+
+execute_process(COMMAND "${CMAKE_COMMAND}" -E sleep 1) # Ensure that the timestamp will change.
+execute_process(COMMAND "${CMAKE_COMMAND}" -E touch "${CMAKE_CURRENT_SOURCE_DIR}/autorcc_depends/res1_input.txt")
+
+execute_process(COMMAND "${CMAKE_COMMAND}" --build .
+  WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}/autorcc_depends"
+)
+
+file(TIMESTAMP "${qrc_file1}" file1_step1 "${timeformat}")
+
+if (NOT file1_step1 GREATER file1_before)
+  message(SEND_ERROR "file1 (${qrc_file1}) should have changed in the first step!")
+endif()
diff --git a/Tests/QtAutogen/autorcc_depends/CMakeLists.txt b/Tests/QtAutogen/autorcc_depends/CMakeLists.txt
new file mode 100644
index 0000000..afd95bc
--- /dev/null
+++ b/Tests/QtAutogen/autorcc_depends/CMakeLists.txt
@@ -0,0 +1,24 @@
+cmake_minimum_required(VERSION 2.8)
+project(autorcc_depends)
+
+set(CMAKE_AUTORCC ON)
+
+if (QT_TEST_VERSION STREQUAL 4)
+  find_package(Qt4 REQUIRED)
+  set(QT_CORE_TARGET Qt4::QtCore)
+else()
+  if (NOT QT_TEST_VERSION STREQUAL 5)
+    message(SEND_ERROR "Invalid Qt version specified.")
+  endif()
+
+  find_package(Qt5Core REQUIRED)
+  set(QT_CORE_TARGET Qt5::Core)
+endif()
+
+add_executable(test_res1
+  test_res1.cpp
+  res1.qrc
+)
+target_link_libraries(test_res1 ${QT_CORE_TARGET})
+add_custom_command(TARGET test_res1 POST_BUILD COMMAND
+  ${CMAKE_COMMAND} -E echo "$<TARGET_FILE:test_res1>" > info_file.txt)
diff --git a/Tests/QtAutogen/autorcc_depends/res1.qrc b/Tests/QtAutogen/autorcc_depends/res1.qrc
new file mode 100644
index 0000000..cfea618
--- /dev/null
+++ b/Tests/QtAutogen/autorcc_depends/res1.qrc
@@ -0,0 +1,5 @@
+<RCC>
+    <qresource prefix="/">
+        <file>res1_input.txt</file>
+    </qresource>
+</RCC>
diff --git a/Tests/QtAutogen/autorcc_depends/res1_input.txt b/Tests/QtAutogen/autorcc_depends/res1_input.txt
new file mode 100644
index 0000000..da62762
--- /dev/null
+++ b/Tests/QtAutogen/autorcc_depends/res1_input.txt
@@ -0,0 +1 @@
+Res1 input.
diff --git a/Tests/QtAutogen/autorcc_depends/test_res1.cpp b/Tests/QtAutogen/autorcc_depends/test_res1.cpp
new file mode 100644
index 0000000..766b775
--- /dev/null
+++ b/Tests/QtAutogen/autorcc_depends/test_res1.cpp
@@ -0,0 +1,5 @@
+
+int main()
+{
+  return 0;
+}
diff --git a/Tests/RunCMake/CMP0055/CMP0055-NEW-Out-of-Scope-result.txt b/Tests/RunCMake/CMP0055/CMP0055-NEW-Out-of-Scope-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-NEW-Out-of-Scope-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/CMP0055/CMP0055-NEW-Out-of-Scope-stderr.txt b/Tests/RunCMake/CMP0055/CMP0055-NEW-Out-of-Scope-stderr.txt
new file mode 100644
index 0000000..27e8140
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-NEW-Out-of-Scope-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at CMP0055-NEW-Out-of-Scope.cmake:4 \(break\):
+  A BREAK command was found outside of a proper FOREACH or WHILE loop scope.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/CMP0055/CMP0055-NEW-Out-of-Scope.cmake b/Tests/RunCMake/CMP0055/CMP0055-NEW-Out-of-Scope.cmake
new file mode 100644
index 0000000..53ac214
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-NEW-Out-of-Scope.cmake
@@ -0,0 +1,4 @@
+
+cmake_policy(SET CMP0055 NEW)
+
+break()
diff --git a/Tests/RunCMake/CMP0055/CMP0055-NEW-Reject-Arguments-result.txt b/Tests/RunCMake/CMP0055/CMP0055-NEW-Reject-Arguments-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-NEW-Reject-Arguments-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/CMP0055/CMP0055-NEW-Reject-Arguments-stderr.txt b/Tests/RunCMake/CMP0055/CMP0055-NEW-Reject-Arguments-stderr.txt
new file mode 100644
index 0000000..32947af
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-NEW-Reject-Arguments-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at CMP0055-NEW-Reject-Arguments.cmake:5 \(break\):
+  The BREAK command does not accept any arguments.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/CMP0055/CMP0055-NEW-Reject-Arguments.cmake b/Tests/RunCMake/CMP0055/CMP0055-NEW-Reject-Arguments.cmake
new file mode 100644
index 0000000..52eaa6a
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-NEW-Reject-Arguments.cmake
@@ -0,0 +1,6 @@
+
+cmake_policy(SET CMP0055 NEW)
+
+foreach(i RANGE 1 2)
+  break(1)
+endforeach()
\ No newline at end of file
diff --git a/Tests/RunCMake/CMP0055/CMP0055-OLD-Out-of-Scope-result.txt b/Tests/RunCMake/CMP0055/CMP0055-OLD-Out-of-Scope-result.txt
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-OLD-Out-of-Scope-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/CMP0055/CMP0055-OLD-Out-of-Scope-stderr.txt b/Tests/RunCMake/CMP0055/CMP0055-OLD-Out-of-Scope-stderr.txt
new file mode 100644
index 0000000..10f3293
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-OLD-Out-of-Scope-stderr.txt
@@ -0,0 +1 @@
+^$
diff --git a/Tests/RunCMake/CMP0055/CMP0055-OLD-Out-of-Scope.cmake b/Tests/RunCMake/CMP0055/CMP0055-OLD-Out-of-Scope.cmake
new file mode 100644
index 0000000..57195c2
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-OLD-Out-of-Scope.cmake
@@ -0,0 +1,4 @@
+
+cmake_policy(SET CMP0055 OLD)
+
+break()
diff --git a/Tests/RunCMake/CMP0055/CMP0055-OLD-Reject-Arguments-result.txt b/Tests/RunCMake/CMP0055/CMP0055-OLD-Reject-Arguments-result.txt
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-OLD-Reject-Arguments-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/CMP0055/CMP0055-OLD-Reject-Arguments-stderr.txt b/Tests/RunCMake/CMP0055/CMP0055-OLD-Reject-Arguments-stderr.txt
new file mode 100644
index 0000000..10f3293
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-OLD-Reject-Arguments-stderr.txt
@@ -0,0 +1 @@
+^$
diff --git a/Tests/RunCMake/CMP0055/CMP0055-OLD-Reject-Arguments.cmake b/Tests/RunCMake/CMP0055/CMP0055-OLD-Reject-Arguments.cmake
new file mode 100644
index 0000000..d8fdddf
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-OLD-Reject-Arguments.cmake
@@ -0,0 +1,6 @@
+
+cmake_policy(SET CMP0055 OLD)
+
+foreach(i RANGE 1 2)
+  break(1)
+endforeach()
\ No newline at end of file
diff --git a/Tests/RunCMake/CMP0055/CMP0055-WARN-Out-of-Scope-result.txt b/Tests/RunCMake/CMP0055/CMP0055-WARN-Out-of-Scope-result.txt
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-WARN-Out-of-Scope-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/CMP0055/CMP0055-WARN-Out-of-Scope-stderr.txt b/Tests/RunCMake/CMP0055/CMP0055-WARN-Out-of-Scope-stderr.txt
new file mode 100644
index 0000000..ad850ac
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-WARN-Out-of-Scope-stderr.txt
@@ -0,0 +1,9 @@
+CMake Warning \(dev\) at CMP0055-WARN-Out-of-Scope.cmake:2 \(break\):
+  Policy CMP0055 is not set: Strict checking for break\(\) command.  Run "cmake
+  --help-policy CMP0055" for policy details.  Use the cmake_policy command to
+  set the policy and suppress this warning.
+
+  A BREAK command was found outside of a proper FOREACH or WHILE loop scope.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
+This warning is for project developers.  Use -Wno-dev to suppress it.
diff --git a/Tests/RunCMake/CMP0055/CMP0055-WARN-Out-of-Scope.cmake b/Tests/RunCMake/CMP0055/CMP0055-WARN-Out-of-Scope.cmake
new file mode 100644
index 0000000..373a95a
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-WARN-Out-of-Scope.cmake
@@ -0,0 +1,2 @@
+
+break()
diff --git a/Tests/RunCMake/CMP0055/CMP0055-WARN-Reject-Arguments-result.txt b/Tests/RunCMake/CMP0055/CMP0055-WARN-Reject-Arguments-result.txt
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-WARN-Reject-Arguments-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/CMP0055/CMP0055-WARN-Reject-Arguments-stderr.txt b/Tests/RunCMake/CMP0055/CMP0055-WARN-Reject-Arguments-stderr.txt
new file mode 100644
index 0000000..3cc686d
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-WARN-Reject-Arguments-stderr.txt
@@ -0,0 +1,9 @@
+CMake Warning \(dev\) at CMP0055-WARN-Reject-Arguments.cmake:3 \(break\):
+  Policy CMP0055 is not set: Strict checking for break\(\) command.  Run "cmake
+  --help-policy CMP0055" for policy details.  Use the cmake_policy command to
+  set the policy and suppress this warning.
+
+  The BREAK command does not accept any arguments.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
+This warning is for project developers.  Use -Wno-dev to suppress it.
diff --git a/Tests/RunCMake/CMP0055/CMP0055-WARN-Reject-Arguments.cmake b/Tests/RunCMake/CMP0055/CMP0055-WARN-Reject-Arguments.cmake
new file mode 100644
index 0000000..ec6b90f
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMP0055-WARN-Reject-Arguments.cmake
@@ -0,0 +1,4 @@
+
+foreach(i RANGE 1 2)
+  break(1)
+endforeach()
diff --git a/Tests/RunCMake/CMP0055/CMakeLists.txt b/Tests/RunCMake/CMP0055/CMakeLists.txt
new file mode 100644
index 0000000..ef2163c
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION 3.1)
+project(${RunCMake_TEST} NONE)
+include(${RunCMake_TEST}.cmake)
diff --git a/Tests/RunCMake/CMP0055/RunCMakeTest.cmake b/Tests/RunCMake/CMP0055/RunCMakeTest.cmake
new file mode 100644
index 0000000..efcfcab
--- /dev/null
+++ b/Tests/RunCMake/CMP0055/RunCMakeTest.cmake
@@ -0,0 +1,9 @@
+include(RunCMake)
+
+run_cmake(CMP0055-OLD-Out-of-Scope)
+run_cmake(CMP0055-NEW-Out-of-Scope)
+run_cmake(CMP0055-WARN-Out-of-Scope)
+
+run_cmake(CMP0055-OLD-Reject-Arguments)
+run_cmake(CMP0055-NEW-Reject-Arguments)
+run_cmake(CMP0055-WARN-Reject-Arguments)
diff --git a/Tests/RunCMake/CMakeLists.txt b/Tests/RunCMake/CMakeLists.txt
index fd3bb03..54fe2d9 100644
--- a/Tests/RunCMake/CMakeLists.txt
+++ b/Tests/RunCMake/CMakeLists.txt
@@ -49,6 +49,7 @@ add_RunCMake_test(CMP0050)
 add_RunCMake_test(CMP0051)
 add_RunCMake_test(CMP0053)
 add_RunCMake_test(CMP0054)
+add_RunCMake_test(CMP0055)
 add_RunCMake_test(CTest)
 if(UNIX AND "${CMAKE_GENERATOR}" MATCHES "Unix Makefiles|Ninja")
   add_RunCMake_test(CompilerChange)
@@ -95,10 +96,13 @@ endif()
 add_RunCMake_test(CompatibleInterface)
 add_RunCMake_test(Syntax)
 
+add_RunCMake_test(add_custom_command)
+add_RunCMake_test(add_custom_target)
 add_RunCMake_test(add_dependencies)
 add_RunCMake_test(build_command)
 add_RunCMake_test(export)
 add_RunCMake_test(cmake_minimum_required)
+add_RunCMake_test(continue)
 add_RunCMake_test(file)
 add_RunCMake_test(find_package)
 add_RunCMake_test(get_filename_component)
@@ -108,6 +112,7 @@ add_RunCMake_test(include_directories)
 add_RunCMake_test(list)
 add_RunCMake_test(message)
 add_RunCMake_test(project)
+add_RunCMake_test(return)
 add_RunCMake_test(string)
 add_RunCMake_test(try_compile)
 add_RunCMake_test(set)
@@ -153,3 +158,4 @@ add_RunCMake_test(CommandLine)
 
 add_RunCMake_test(install)
 add_RunCMake_test(CPackInstallProperties)
+add_RunCMake_test(ExternalProject)
diff --git a/Tests/RunCMake/CommandLine/CMakeLists.txt b/Tests/RunCMake/CommandLine/CMakeLists.txt
new file mode 100644
index 0000000..2897109
--- /dev/null
+++ b/Tests/RunCMake/CommandLine/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION 3.0)
+project(${RunCMake_TEST} NONE)
+include(${RunCMake_TEST}.cmake)
diff --git a/Tests/RunCMake/CommandLine/D_nested_cache-stderr.txt b/Tests/RunCMake/CommandLine/D_nested_cache-stderr.txt
new file mode 100644
index 0000000..bba64bc
--- /dev/null
+++ b/Tests/RunCMake/CommandLine/D_nested_cache-stderr.txt
@@ -0,0 +1 @@
+^-->-DBAR:BOOL=BAZ<--$
diff --git a/Tests/RunCMake/CommandLine/D_nested_cache.cmake b/Tests/RunCMake/CommandLine/D_nested_cache.cmake
new file mode 100644
index 0000000..9b57284
--- /dev/null
+++ b/Tests/RunCMake/CommandLine/D_nested_cache.cmake
@@ -0,0 +1 @@
+message("-->${FOO}<--")
diff --git a/Tests/RunCMake/CommandLine/D_typed_nested_cache-stderr.txt b/Tests/RunCMake/CommandLine/D_typed_nested_cache-stderr.txt
new file mode 100644
index 0000000..bba64bc
--- /dev/null
+++ b/Tests/RunCMake/CommandLine/D_typed_nested_cache-stderr.txt
@@ -0,0 +1 @@
+^-->-DBAR:BOOL=BAZ<--$
diff --git a/Tests/RunCMake/CommandLine/D_typed_nested_cache.cmake b/Tests/RunCMake/CommandLine/D_typed_nested_cache.cmake
new file mode 100644
index 0000000..9b57284
--- /dev/null
+++ b/Tests/RunCMake/CommandLine/D_typed_nested_cache.cmake
@@ -0,0 +1 @@
+message("-->${FOO}<--")
diff --git a/Tests/RunCMake/CommandLine/RunCMakeTest.cmake b/Tests/RunCMake/CommandLine/RunCMakeTest.cmake
index 5622a5b..84e3614 100644
--- a/Tests/RunCMake/CommandLine/RunCMakeTest.cmake
+++ b/Tests/RunCMake/CommandLine/RunCMakeTest.cmake
@@ -43,3 +43,11 @@ run_cmake_command(E_sleep-bad-arg2 ${CMAKE_COMMAND} -E sleep 1 -1)
 run_cmake_command(E_sleep-one-tenth ${CMAKE_COMMAND} -E sleep 0.1)
 
 run_cmake_command(P_directory ${CMAKE_COMMAND} -P ${RunCMake_SOURCE_DIR})
+
+set(RunCMake_TEST_OPTIONS
+  "-DFOO=-DBAR:BOOL=BAZ")
+run_cmake(D_nested_cache)
+
+set(RunCMake_TEST_OPTIONS
+  "-DFOO:STRING=-DBAR:BOOL=BAZ")
+run_cmake(D_typed_nested_cache)
diff --git a/Tests/RunCMake/ExternalProject/Add_StepDependencies.cmake b/Tests/RunCMake/ExternalProject/Add_StepDependencies.cmake
new file mode 100644
index 0000000..38683f1
--- /dev/null
+++ b/Tests/RunCMake/ExternalProject/Add_StepDependencies.cmake
@@ -0,0 +1,20 @@
+cmake_minimum_required(VERSION ${CMAKE_VERSION})
+
+include(ExternalProject)
+
+ExternalProject_Add(BAR URL https://cmake.org/bar.tar.gz)
+
+ExternalProject_Add(FOO URL https://cmake.org/foo.tar.gz STEP_TARGETS update)
+ExternalProject_Add_Step(FOO do_something COMMAND ${CMAKE_COMMAND} -E echo "Doing something")
+ExternalProject_Add_Step(FOO do_something_else COMMAND ${CMAKE_COMMAND} -E echo "Doing something else")
+ExternalProject_Add_StepTargets(FOO do_something)
+
+# download and do_something_else are not targets, but the file-level
+# dependency are set.
+ExternalProject_Add_StepDependencies(FOO download BAR)
+ExternalProject_Add_StepDependencies(FOO do_something_else BAR)
+
+# update and do_something are targets, therefore both file-level and
+# target-level dependencies are set.
+ExternalProject_Add_StepDependencies(FOO update BAR)
+ExternalProject_Add_StepDependencies(FOO do_something BAR)
diff --git a/Tests/RunCMake/ExternalProject/Add_StepDependencies_no_target.cmake b/Tests/RunCMake/ExternalProject/Add_StepDependencies_no_target.cmake
new file mode 100644
index 0000000..264c3f0
--- /dev/null
+++ b/Tests/RunCMake/ExternalProject/Add_StepDependencies_no_target.cmake
@@ -0,0 +1,10 @@
+cmake_minimum_required(VERSION ${CMAKE_VERSION})
+
+include(ExternalProject)
+
+ExternalProject_Add(BAR URL https://cmake.org/bar.tar.gz)
+
+ExternalProject_Add(FOO URL https://cmake.org/foo.tar.gz STEP_TARGETS update)
+ExternalProject_Add_Step(FOO do_something COMMAND ${CMAKE_COMMAND} -E echo "Doing something")
+ExternalProject_Add_Step(FOO do_something_else COMMAND ${CMAKE_COMMAND} -E echo "Doing something else")
+ExternalProject_Add_StepTargets(FOO do_something)
diff --git a/Tests/RunCMake/ExternalProject/CMAKE_CACHE_ARGS.cmake b/Tests/RunCMake/ExternalProject/CMAKE_CACHE_ARGS.cmake
new file mode 100644
index 0000000..bf9b12d
--- /dev/null
+++ b/Tests/RunCMake/ExternalProject/CMAKE_CACHE_ARGS.cmake
@@ -0,0 +1,21 @@
+include(ExternalProject)
+
+set(_tmp_dir "${CMAKE_CURRENT_BINARY_DIR}/tmp")
+set(_cache_file "${_tmp_dir}/FOO-cache.cmake")
+
+ExternalProject_Add(FOO TMP_DIR "${_tmp_dir}"
+                        DOWNLOAD_COMMAND ""
+                        CMAKE_CACHE_ARGS "-DFOO:STRING=BAR")
+
+if(NOT EXISTS "${_cache_file}")
+  message(FATAL_ERROR "Initial cache not created")
+endif()
+
+file(READ "${_cache_file}" _cache)
+
+if(NOT "${_cache}" MATCHES "set\\(FOO \"BAR\".+\\)") # \(\)
+  message(FATAL_ERROR "Cannot find FOO argument in cache")
+endif()
+if(NOT "${CMAKE_MATCH_0}" MATCHES FORCE)
+  message(FATAL_ERROR "Expected forced FOO argument")
+endif()
diff --git a/Tests/RunCMake/ExternalProject/CMAKE_CACHE_DEFAULT_ARGS.cmake b/Tests/RunCMake/ExternalProject/CMAKE_CACHE_DEFAULT_ARGS.cmake
new file mode 100644
index 0000000..c216664
--- /dev/null
+++ b/Tests/RunCMake/ExternalProject/CMAKE_CACHE_DEFAULT_ARGS.cmake
@@ -0,0 +1,21 @@
+include(ExternalProject)
+
+set(_tmp_dir "${CMAKE_CURRENT_BINARY_DIR}/tmp")
+set(_cache_file "${_tmp_dir}/FOO-cache.cmake")
+
+ExternalProject_Add(FOO TMP_DIR "${_tmp_dir}"
+                        DOWNLOAD_COMMAND ""
+                        CMAKE_CACHE_DEFAULT_ARGS "-DFOO:STRING=BAR")
+
+if(NOT EXISTS "${_cache_file}")
+  message(FATAL_ERROR "Initial cache not created")
+endif()
+
+file(READ "${_cache_file}" _cache)
+
+if(NOT "${_cache}" MATCHES "set\\(FOO \"BAR\".+\\)") # \(\)
+  message(FATAL_ERROR "Cannot find FOO argument in cache")
+endif()
+if("${CMAKE_MATCH_0}" MATCHES FORCE)
+  message(FATAL_ERROR "Expected not forced FOO argument")
+endif()
diff --git a/Tests/RunCMake/ExternalProject/CMAKE_CACHE_mix.cmake b/Tests/RunCMake/ExternalProject/CMAKE_CACHE_mix.cmake
new file mode 100644
index 0000000..894e183
--- /dev/null
+++ b/Tests/RunCMake/ExternalProject/CMAKE_CACHE_mix.cmake
@@ -0,0 +1,29 @@
+include(ExternalProject)
+
+set(_tmp_dir "${CMAKE_CURRENT_BINARY_DIR}/tmp")
+set(_cache_file "${_tmp_dir}/FOO-cache.cmake")
+
+ExternalProject_Add(FOO TMP_DIR "${_tmp_dir}"
+                        DOWNLOAD_COMMAND ""
+                        CMAKE_CACHE_ARGS "-DFOO:STRING=BAR"
+                        CMAKE_CACHE_DEFAULT_ARGS "-DBAR:STRING=BAZ")
+
+if(NOT EXISTS "${_cache_file}")
+  message(FATAL_ERROR "Initial cache not created")
+endif()
+
+file(READ "${_cache_file}" _cache)
+
+if(NOT "${_cache}" MATCHES "set\\(FOO \"BAR\".+\\)") # \(\)
+  message(FATAL_ERROR "Cannot find FOO argument in cache")
+endif()
+if(NOT "${CMAKE_MATCH_0}" MATCHES FORCE)
+  message(FATAL_ERROR "Expected forced FOO argument")
+endif()
+
+if(NOT "${_cache}" MATCHES "set\\(BAR \"BAZ\".+\\)") # \(\)
+  message(FATAL_ERROR "Cannot find BAR argument in cache")
+endif()
+if("${CMAKE_MATCH_0}" MATCHES FORCE)
+  message(FATAL_ERROR "Expected not forced BAR argument")
+endif()
diff --git a/Tests/RunCMake/ExternalProject/CMakeLists.txt b/Tests/RunCMake/ExternalProject/CMakeLists.txt
new file mode 100644
index 0000000..c585733
--- /dev/null
+++ b/Tests/RunCMake/ExternalProject/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION ${CMAKE_VERSION})
+project(${RunCMake_TEST} NONE)
+include(${RunCMake_TEST}.cmake)
diff --git a/Tests/RunCMake/ExternalProject/NO_DEPENDS-stderr.txt b/Tests/RunCMake/ExternalProject/NO_DEPENDS-stderr.txt
new file mode 100644
index 0000000..4cb051d
--- /dev/null
+++ b/Tests/RunCMake/ExternalProject/NO_DEPENDS-stderr.txt
@@ -0,0 +1,36 @@
+CMake Warning \(dev\) at .*/Modules/ExternalProject.cmake:[0-9]+. \(message\):
+  Using NO_DEPENDS for "configure" step might break parallel builds
+Call Stack \(most recent call first\):
+  .*/Modules/ExternalProject.cmake:[0-9]+ \(ExternalProject_Add_StepTargets\)
+  .*/Modules/ExternalProject.cmake:[0-9]+ \(ExternalProject_Add_Step\)
+  .*/Modules/ExternalProject.cmake:[0-9]+ \(_ep_add_configure_command\)
+  NO_DEPENDS.cmake:[0-9]+ \(ExternalProject_Add\)
+  CMakeLists.txt:[0-9]+ \(include\)
+This warning is for project developers.  Use -Wno-dev to suppress it.
+
+CMake Warning \(dev\) at .*/Modules/ExternalProject.cmake:[0-9]+. \(message\):
+  Using NO_DEPENDS for "build" step might break parallel builds
+Call Stack \(most recent call first\):
+  .*/Modules/ExternalProject.cmake:[0-9]+ \(ExternalProject_Add_StepTargets\)
+  .*/Modules/ExternalProject.cmake:[0-9]+ \(ExternalProject_Add_Step\)
+  .*/Modules/ExternalProject.cmake:[0-9]+ \(_ep_add_build_command\)
+  NO_DEPENDS.cmake:[0-9]+ \(ExternalProject_Add\)
+  CMakeLists.txt:[0-9]+ \(include\)
+This warning is for project developers.  Use -Wno-dev to suppress it.
+
+CMake Warning \(dev\) at .*/Modules/ExternalProject.cmake:[0-9]+. \(message\):
+  Using NO_DEPENDS for "install" step might break parallel builds
+Call Stack \(most recent call first\):
+  .*/Modules/ExternalProject.cmake:[0-9]+ \(ExternalProject_Add_StepTargets\)
+  .*/Modules/ExternalProject.cmake:[0-9]+ \(ExternalProject_Add_Step\)
+  .*/Modules/ExternalProject.cmake:[0-9]+ \(_ep_add_install_command\)
+  NO_DEPENDS.cmake:[0-9]+ \(ExternalProject_Add\)
+  CMakeLists.txt:[0-9]+ \(include\)
+This warning is for project developers.  Use -Wno-dev to suppress it.
+
+CMake Warning \(dev\) at .*/Modules/ExternalProject.cmake:[0-9]+. \(message\):
+  Using NO_DEPENDS for "test" step might break parallel builds
+Call Stack \(most recent call first\):
+  NO_DEPENDS.cmake:[0-9]+ \(ExternalProject_Add_StepTargets\)
+  CMakeLists.txt:[0-9]+ \(include\)
+This warning is for project developers.  Use -Wno-dev to suppress it.
diff --git a/Tests/RunCMake/ExternalProject/NO_DEPENDS.cmake b/Tests/RunCMake/ExternalProject/NO_DEPENDS.cmake
new file mode 100644
index 0000000..57626d6
--- /dev/null
+++ b/Tests/RunCMake/ExternalProject/NO_DEPENDS.cmake
@@ -0,0 +1,18 @@
+cmake_minimum_required(VERSION 2.8.12)
+
+include(ExternalProject RESULT_VARIABLE GOO)
+
+set_property(DIRECTORY PROPERTY EP_INDEPENDENT_STEP_TARGETS download patch update configure build)
+
+ExternalProject_Add(FOO
+                    URL https://example.org/foo.tar.gz)
+
+ExternalProject_Add(BAR
+                    URL https://example.org/bar.tar.gz
+                    TEST_COMMAND echo test
+                    INDEPENDENT_STEP_TARGETS install)
+# This one should not give a warning
+ExternalProject_Add_Step(BAR bar
+                         COMMAND echo bar)
+
+ExternalProject_Add_StepTargets(BAR NO_DEPENDS test bar)
diff --git a/Tests/RunCMake/ExternalProject/RunCMakeTest.cmake b/Tests/RunCMake/ExternalProject/RunCMakeTest.cmake
new file mode 100644
index 0000000..0f5dcef
--- /dev/null
+++ b/Tests/RunCMake/ExternalProject/RunCMakeTest.cmake
@@ -0,0 +1,8 @@
+include(RunCMake)
+
+run_cmake(CMAKE_CACHE_ARGS)
+run_cmake(CMAKE_CACHE_DEFAULT_ARGS)
+run_cmake(CMAKE_CACHE_mix)
+run_cmake(NO_DEPENDS)
+run_cmake(Add_StepDependencies)
+run_cmake(Add_StepDependencies_no_target)
diff --git a/Tests/RunCMake/File_Generate/CarryPermissions-result.txt b/Tests/RunCMake/File_Generate/CarryPermissions-result.txt
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/CarryPermissions-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/File_Generate/CarryPermissions-stderr.txt b/Tests/RunCMake/File_Generate/CarryPermissions-stderr.txt
new file mode 100644
index 0000000..10f3293
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/CarryPermissions-stderr.txt
@@ -0,0 +1 @@
+^$
diff --git a/Tests/RunCMake/File_Generate/CarryPermissions.cmake b/Tests/RunCMake/File_Generate/CarryPermissions.cmake
new file mode 100644
index 0000000..a04334f
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/CarryPermissions.cmake
@@ -0,0 +1,5 @@
+
+file(GENERATE
+  OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/output_script.sh"
+  INPUT "${CMAKE_CURRENT_SOURCE_DIR}/input_script.sh"
+)
diff --git a/Tests/RunCMake/File_Generate/GenerateSource-result.txt b/Tests/RunCMake/File_Generate/GenerateSource-result.txt
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/GenerateSource-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/File_Generate/GenerateSource-stderr.txt b/Tests/RunCMake/File_Generate/GenerateSource-stderr.txt
new file mode 100644
index 0000000..10f3293
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/GenerateSource-stderr.txt
@@ -0,0 +1 @@
+^$
diff --git a/Tests/RunCMake/File_Generate/GenerateSource.cmake b/Tests/RunCMake/File_Generate/GenerateSource.cmake
new file mode 100644
index 0000000..147a7f6
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/GenerateSource.cmake
@@ -0,0 +1,12 @@
+
+enable_language(CXX)
+
+# Ensure re-generation
+file(REMOVE "${CMAKE_CURRENT_BINARY_DIR}/main.cpp")
+
+file(GENERATE
+  OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/main.cpp"
+  CONTENT "int main() { return 0; }\n"
+)
+
+add_executable(mn "${CMAKE_CURRENT_BINARY_DIR}/main.cpp")
diff --git a/Tests/RunCMake/File_Generate/OutputNameMatchesObjects-result.txt b/Tests/RunCMake/File_Generate/OutputNameMatchesObjects-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/OutputNameMatchesObjects-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/File_Generate/OutputNameMatchesObjects-stderr.txt b/Tests/RunCMake/File_Generate/OutputNameMatchesObjects-stderr.txt
new file mode 100644
index 0000000..d3aa973
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/OutputNameMatchesObjects-stderr.txt
@@ -0,0 +1,9 @@
+CMake Error at OutputNameMatchesObjects.cmake:2 \(file\):
+  Error evaluating generator expression:
+
+    \$<TARGET_OBJECTS:foo>
+
+  The evaluation of the TARGET_OBJECTS generator expression is only suitable
+  for consumption by CMake.  It is not suitable for writing out elsewhere.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:6 \(include\)
diff --git a/Tests/RunCMake/File_Generate/OutputNameMatchesObjects.cmake b/Tests/RunCMake/File_Generate/OutputNameMatchesObjects.cmake
new file mode 100644
index 0000000..d807450
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/OutputNameMatchesObjects.cmake
@@ -0,0 +1,10 @@
+
+file(GENERATE
+  OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/$<BOOL:$<TARGET_OBJECTS:foo>>somefile.cpp"
+  CONTENT "static const char content[] = \"$<TARGET_OBJECTS:foo>\";\n"
+)
+
+add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/input.txt"
+  COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_SOURCE_DIR}/input.txt" "${CMAKE_CURRENT_BINARY_DIR}")
+
+add_executable(foo empty.cpp "${CMAKE_CURRENT_BINARY_DIR}/1somefile.cpp" "${CMAKE_CURRENT_BINARY_DIR}/input.txt")
diff --git a/Tests/RunCMake/File_Generate/OutputNameMatchesOtherSources-result.txt b/Tests/RunCMake/File_Generate/OutputNameMatchesOtherSources-result.txt
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/OutputNameMatchesOtherSources-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/File_Generate/OutputNameMatchesOtherSources-stderr.txt b/Tests/RunCMake/File_Generate/OutputNameMatchesOtherSources-stderr.txt
new file mode 100644
index 0000000..10f3293
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/OutputNameMatchesOtherSources-stderr.txt
@@ -0,0 +1 @@
+^$
diff --git a/Tests/RunCMake/File_Generate/OutputNameMatchesOtherSources.cmake b/Tests/RunCMake/File_Generate/OutputNameMatchesOtherSources.cmake
new file mode 100644
index 0000000..ce601da
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/OutputNameMatchesOtherSources.cmake
@@ -0,0 +1,14 @@
+
+enable_language(CXX)
+
+file(GENERATE
+  OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/$<BOOL:$<TARGET_PROPERTY:foo,SOURCES>>somefile.cpp"
+  CONTENT "static const char content[] = \"$<TARGET_PROPERTY:foo,SOURCES>\";\n"
+)
+
+add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/generated.cpp"
+  COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_SOURCE_DIR}/generated.cpp" "${CMAKE_CURRENT_BINARY_DIR}")
+
+add_executable(foo empty.cpp "${CMAKE_CURRENT_BINARY_DIR}/generated.cpp")
+
+add_executable(bar "${CMAKE_CURRENT_BINARY_DIR}/1somefile.cpp")
diff --git a/Tests/RunCMake/File_Generate/OutputNameMatchesSources-result.txt b/Tests/RunCMake/File_Generate/OutputNameMatchesSources-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/OutputNameMatchesSources-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/File_Generate/OutputNameMatchesSources-stderr.txt b/Tests/RunCMake/File_Generate/OutputNameMatchesSources-stderr.txt
new file mode 100644
index 0000000..cefb4e5
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/OutputNameMatchesSources-stderr.txt
@@ -0,0 +1,7 @@
+CMake Error in CMakeLists.txt:
+  Evaluation output file
+
+    ".*Tests/RunCMake/File_Generate/OutputNameMatchesSources-build/1somefile.cpp"
+
+  depends on the sources of a target it is used in.  This is a dependency
+  loop and is not allowed.
diff --git a/Tests/RunCMake/File_Generate/OutputNameMatchesSources.cmake b/Tests/RunCMake/File_Generate/OutputNameMatchesSources.cmake
new file mode 100644
index 0000000..2feb9d1
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/OutputNameMatchesSources.cmake
@@ -0,0 +1,12 @@
+
+enable_language(CXX)
+
+file(GENERATE
+  OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/$<BOOL:$<TARGET_PROPERTY:foo,SOURCES>>somefile.cpp"
+  CONTENT "static const char content[] = \"$<TARGET_PROPERTY:foo,SOURCES>\";\n"
+)
+
+add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/renamed.cpp"
+  COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_SOURCE_DIR}/empty.cpp" "${CMAKE_CURRENT_BINARY_DIR}/renamed.cpp")
+
+add_executable(foo "${CMAKE_CURRENT_BINARY_DIR}/1somefile.cpp" "${CMAKE_CURRENT_BINARY_DIR}/renamed.cpp")
diff --git a/Tests/RunCMake/File_Generate/ReRunCMake-result.txt b/Tests/RunCMake/File_Generate/ReRunCMake-result.txt
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/ReRunCMake-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/File_Generate/ReRunCMake-stderr.txt b/Tests/RunCMake/File_Generate/ReRunCMake-stderr.txt
new file mode 100644
index 0000000..10f3293
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/ReRunCMake-stderr.txt
@@ -0,0 +1 @@
+^$
diff --git a/Tests/RunCMake/File_Generate/ReRunCMake.cmake b/Tests/RunCMake/File_Generate/ReRunCMake.cmake
new file mode 100644
index 0000000..109d60e
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/ReRunCMake.cmake
@@ -0,0 +1,5 @@
+
+file(GENERATE
+  OUTPUT output_file.txt
+  INPUT "${CMAKE_CURRENT_BINARY_DIR}/input_file.txt"
+)
diff --git a/Tests/RunCMake/File_Generate/RunCMakeTest.cmake b/Tests/RunCMake/File_Generate/RunCMakeTest.cmake
index dee0692..97f93d5 100644
--- a/Tests/RunCMake/File_Generate/RunCMakeTest.cmake
+++ b/Tests/RunCMake/File_Generate/RunCMakeTest.cmake
@@ -8,6 +8,14 @@ run_cmake(EmptyCondition1)
 run_cmake(EmptyCondition2)
 run_cmake(BadCondition)
 run_cmake(DebugEvaluate)
+run_cmake(GenerateSource)
+run_cmake(OutputNameMatchesSources)
+run_cmake(OutputNameMatchesObjects)
+run_cmake(OutputNameMatchesOtherSources)
+file(READ "${RunCMake_BINARY_DIR}/OutputNameMatchesOtherSources-build/1somefile.cpp" file_contents)
+if (NOT file_contents MATCHES "generated.cpp.rule")
+  message(SEND_ERROR "Rule file not in target sources! ${file_contents}")
+endif()
 
 set(timeformat "%Y%j%H%M%S")
 
@@ -35,3 +43,52 @@ unset(RunCMake_TEST_NO_CLEAN)
 if (NOT timestamp_after STREQUAL timestamp)
   message(SEND_ERROR "WriteIfDifferent changed output file.")
 endif()
+
+if (UNIX AND EXISTS /bin/sh)
+  set(RunCMake_TEST_NO_CLEAN ON)
+  run_cmake(CarryPermissions)
+  execute_process(
+    COMMAND "${RunCMake_BINARY_DIR}/CarryPermissions-build/output_script.sh"
+    OUTPUT_VARIABLE script_output
+    RESULT_VARIABLE script_result
+    ERROR_VARIABLE script_error
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+  )
+  if (script_result)
+    message(SEND_ERROR "Generated script did not execute correctly: [${script_result}]\n${script_output}\n====\n${script_error}")
+  endif()
+  if (NOT script_output STREQUAL SUCCESS)
+    message(SEND_ERROR "Generated script did not execute correctly:\n${script_output}\n====\n${script_error}")
+  endif()
+endif()
+
+if (RunCMake_GENERATOR MATCHES Makefiles)
+  file(MAKE_DIRECTORY "${RunCMake_BINARY_DIR}/ReRunCMake-build/")
+  file(WRITE "${RunCMake_BINARY_DIR}/ReRunCMake-build/input_file.txt" "InitialContent\n")
+
+  set(RunCMake_TEST_NO_CLEAN ON)
+  run_cmake(ReRunCMake)
+  unset(RunCMake_TEST_NO_CLEAN)
+  file(TIMESTAMP "${RunCMake_BINARY_DIR}/ReRunCMake-build/output_file.txt" timestamp ${timeformat})
+  if(NOT timestamp)
+    message(SEND_ERROR "Could not get timestamp for \"${RunCMake_BINARY_DIR}/ReRunCMake-build/output_file.txt\"")
+  endif()
+
+  execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 1)
+
+  file(WRITE "${RunCMake_BINARY_DIR}/ReRunCMake-build/input_file.txt" "ChangedContent\n")
+  execute_process(COMMAND ${CMAKE_COMMAND} --build "${RunCMake_BINARY_DIR}/ReRunCMake-build/")
+  file(READ "${RunCMake_BINARY_DIR}/ReRunCMake-build/output_file.txt" out_content)
+
+  if(NOT out_content STREQUAL "ChangedContent\n")
+    message(SEND_ERROR "File did not change: \"${RunCMake_BINARY_DIR}/ReRunCMake-build/output_file.txt\"")
+  endif()
+
+
+  file(REMOVE "${RunCMake_BINARY_DIR}/ReRunCMake-build/output_file.txt")
+  execute_process(COMMAND ${CMAKE_COMMAND} --build "${RunCMake_BINARY_DIR}/ReRunCMake-build/")
+
+  if (NOT EXISTS "${RunCMake_BINARY_DIR}/ReRunCMake-build/output_file.txt")
+    message(SEND_ERROR "File did not re-generate: \"${RunCMake_BINARY_DIR}/ReRunCMake-build/output_file.txt\"")
+  endif()
+endif()
diff --git a/Tests/RunCMake/File_Generate/empty.cpp b/Tests/RunCMake/File_Generate/empty.cpp
new file mode 100644
index 0000000..bfbbdde
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/empty.cpp
@@ -0,0 +1,7 @@
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+int empty()
+{
+  return 0;
+}
diff --git a/Tests/RunCMake/File_Generate/input_script.sh b/Tests/RunCMake/File_Generate/input_script.sh
new file mode 100755
index 0000000..2cc0983
--- /dev/null
+++ b/Tests/RunCMake/File_Generate/input_script.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "$<$<STREQUAL:foo,foo>:SUCCESS>"
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/MultiBadOutDir-result.txt b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiBadOutDir-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiBadOutDir-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/MultiBadOutDir-stderr.txt b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiBadOutDir-stderr.txt
new file mode 100644
index 0000000..6658d5d
--- /dev/null
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiBadOutDir-stderr.txt
@@ -0,0 +1,6 @@
+CMake Error at .*Modules/WriteCompilerDetectionHeader.cmake:[0-9]+ \(message\):
+  The compiler-specific output directory must be within the same directory as
+  the main file.
+Call Stack \(most recent call first\):
+  MultiBadOutDir.cmake:4 \(write_compiler_detection_header\)
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/MultiBadOutDir.cmake b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiBadOutDir.cmake
new file mode 100644
index 0000000..b545bee
--- /dev/null
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiBadOutDir.cmake
@@ -0,0 +1,12 @@
+
+include(WriteCompilerDetectionHeader)
+
+write_compiler_detection_header(
+  FILE "${CMAKE_CURRENT_BINARY_DIR}/dir/somefile"
+  PREFIX Pref
+  OUTPUT_FILES_VAR outfiles
+  OUTPUT_DIR "${CMAKE_CURRENT_BINARY_DIR}"
+  COMPILERS GNU
+  VERSION 3.1
+  FEATURES cxx_auto_type
+)
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutFileVar-result.txt b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutFileVar-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutFileVar-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutFileVar-stderr.txt b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutFileVar-stderr.txt
new file mode 100644
index 0000000..50f9b6f
--- /dev/null
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutFileVar-stderr.txt
@@ -0,0 +1,5 @@
+CMake Error at .*Modules/WriteCompilerDetectionHeader.cmake:[0-9]+ \(message\):
+  If OUTPUT_DIR is specified, then OUTPUT_FILES_VAR must also be specified.
+Call Stack \(most recent call first\):
+  MultiNoOutFileVar.cmake:4 \(write_compiler_detection_header\)
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutFileVar.cmake b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutFileVar.cmake
new file mode 100644
index 0000000..e42b0ed
--- /dev/null
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutFileVar.cmake
@@ -0,0 +1,11 @@
+
+include(WriteCompilerDetectionHeader)
+
+write_compiler_detection_header(
+  FILE "${CMAKE_CURRENT_BINARY_DIR}/somefile"
+  PREFIX Pref
+  OUTPUT_DIR outfiles
+  COMPILERS GNU
+  VERSION 3.1
+  FEATURES cxx_auto_type
+)
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutdir-result.txt b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutdir-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutdir-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutdir-stderr.txt b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutdir-stderr.txt
new file mode 100644
index 0000000..1c83a1a
--- /dev/null
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutdir-stderr.txt
@@ -0,0 +1,5 @@
+CMake Error at .*Modules/WriteCompilerDetectionHeader.cmake:[0-9]+ \(message\):
+  If OUTPUT_FILES_VAR is specified, then OUTPUT_DIR must also be specified.
+Call Stack \(most recent call first\):
+  MultiNoOutdir.cmake:4 \(write_compiler_detection_header\)
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutdir.cmake b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutdir.cmake
new file mode 100644
index 0000000..e8c2ae1
--- /dev/null
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/MultiNoOutdir.cmake
@@ -0,0 +1,11 @@
+
+include(WriteCompilerDetectionHeader)
+
+write_compiler_detection_header(
+  FILE "${CMAKE_CURRENT_BINARY_DIR}/somefile"
+  PREFIX Pref
+  OUTPUT_FILES_VAR outfiles
+  COMPILERS GNU
+  VERSION 3.1
+  FEATURES cxx_auto_type
+)
diff --git a/Tests/RunCMake/WriteCompilerDetectionHeader/RunCMakeTest.cmake b/Tests/RunCMake/WriteCompilerDetectionHeader/RunCMakeTest.cmake
index 6dded44..a834e6d 100644
--- a/Tests/RunCMake/WriteCompilerDetectionHeader/RunCMakeTest.cmake
+++ b/Tests/RunCMake/WriteCompilerDetectionHeader/RunCMakeTest.cmake
@@ -12,3 +12,7 @@ run_cmake(InvalidFeature)
 run_cmake(InvalidCXXFeature)
 run_cmake(EmptyPrefix)
 run_cmake(InvalidPrefix)
+run_cmake(MultiNoOutdir)
+run_cmake(MultiNoOutFileVar)
+set(NO_CACHE TRUE)
+run_cmake(MultiBadOutDir)
diff --git a/Tests/RunCMake/add_custom_command/AppendNoOutput-result.txt b/Tests/RunCMake/add_custom_command/AppendNoOutput-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/AppendNoOutput-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_command/AppendNoOutput-stderr.txt b/Tests/RunCMake/add_custom_command/AppendNoOutput-stderr.txt
new file mode 100644
index 0000000..abbfc5a
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/AppendNoOutput-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at AppendNoOutput.cmake:1 \(add_custom_command\):
+  add_custom_command given APPEND option with no OUTPUT.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_command/AppendNoOutput.cmake b/Tests/RunCMake/add_custom_command/AppendNoOutput.cmake
new file mode 100644
index 0000000..c6c716b
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/AppendNoOutput.cmake
@@ -0,0 +1 @@
+add_custom_command(TARGET x APPEND DEPENDS a b c d)
diff --git a/Tests/RunCMake/add_custom_command/AppendNotOutput-result.txt b/Tests/RunCMake/add_custom_command/AppendNotOutput-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/AppendNotOutput-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_command/AppendNotOutput-stderr.txt b/Tests/RunCMake/add_custom_command/AppendNotOutput-stderr.txt
new file mode 100644
index 0000000..96d0972
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/AppendNotOutput-stderr.txt
@@ -0,0 +1,5 @@
+CMake Error at AppendNotOutput.cmake:1 \(add_custom_command\):
+  add_custom_command given APPEND option with output.*
+  which is not already a custom command output.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_command/AppendNotOutput.cmake b/Tests/RunCMake/add_custom_command/AppendNotOutput.cmake
new file mode 100644
index 0000000..cc16129
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/AppendNotOutput.cmake
@@ -0,0 +1 @@
+add_custom_command(OUTPUT out APPEND DEPENDS dep)
diff --git a/Tests/RunCMake/add_custom_command/BadArgument-result.txt b/Tests/RunCMake/add_custom_command/BadArgument-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/BadArgument-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_command/BadArgument-stderr.txt b/Tests/RunCMake/add_custom_command/BadArgument-stderr.txt
new file mode 100644
index 0000000..04c5350
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/BadArgument-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at BadArgument.cmake:1 \(add_custom_command\):
+  add_custom_command Wrong syntax.  Unknown type of argument.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_command/BadArgument.cmake b/Tests/RunCMake/add_custom_command/BadArgument.cmake
new file mode 100644
index 0000000..d9e7bd4
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/BadArgument.cmake
@@ -0,0 +1 @@
+add_custom_command(bad_arg OUTPUT a b c d)
diff --git a/Tests/RunCMake/add_custom_command/CMakeLists.txt b/Tests/RunCMake/add_custom_command/CMakeLists.txt
new file mode 100644
index 0000000..ef2163c
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION 3.1)
+project(${RunCMake_TEST} NONE)
+include(${RunCMake_TEST}.cmake)
diff --git a/Tests/RunCMake/add_custom_command/NoArguments-result.txt b/Tests/RunCMake/add_custom_command/NoArguments-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/NoArguments-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_command/NoArguments-stderr.txt b/Tests/RunCMake/add_custom_command/NoArguments-stderr.txt
new file mode 100644
index 0000000..11e0cb0
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/NoArguments-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at NoArguments.cmake:1 \(add_custom_command\):
+  add_custom_command called with wrong number of arguments.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_command/NoArguments.cmake b/Tests/RunCMake/add_custom_command/NoArguments.cmake
new file mode 100644
index 0000000..8781a87
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/NoArguments.cmake
@@ -0,0 +1 @@
+add_custom_command()
diff --git a/Tests/RunCMake/add_custom_command/NoOutputOrTarget-result.txt b/Tests/RunCMake/add_custom_command/NoOutputOrTarget-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/NoOutputOrTarget-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_command/NoOutputOrTarget-stderr.txt b/Tests/RunCMake/add_custom_command/NoOutputOrTarget-stderr.txt
new file mode 100644
index 0000000..6a5c0a3
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/NoOutputOrTarget-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at NoOutputOrTarget.cmake:1 \(add_custom_command\):
+  add_custom_command Wrong syntax.  A TARGET or OUTPUT must be specified.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_command/NoOutputOrTarget.cmake b/Tests/RunCMake/add_custom_command/NoOutputOrTarget.cmake
new file mode 100644
index 0000000..933ee32
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/NoOutputOrTarget.cmake
@@ -0,0 +1 @@
+add_custom_command(COMMAND echo a b c d)
diff --git a/Tests/RunCMake/add_custom_command/OutputAndTarget-result.txt b/Tests/RunCMake/add_custom_command/OutputAndTarget-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/OutputAndTarget-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_command/OutputAndTarget-stderr.txt b/Tests/RunCMake/add_custom_command/OutputAndTarget-stderr.txt
new file mode 100644
index 0000000..632880e
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/OutputAndTarget-stderr.txt
@@ -0,0 +1,5 @@
+CMake Error at OutputAndTarget.cmake:1 \(add_custom_command\):
+  add_custom_command Wrong syntax.  A TARGET and OUTPUT can not both be
+  specified.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_command/OutputAndTarget.cmake b/Tests/RunCMake/add_custom_command/OutputAndTarget.cmake
new file mode 100644
index 0000000..55806f3
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/OutputAndTarget.cmake
@@ -0,0 +1 @@
+add_custom_command(OUTPUT out TARGET target)
diff --git a/Tests/RunCMake/add_custom_command/RunCMakeTest.cmake b/Tests/RunCMake/add_custom_command/RunCMakeTest.cmake
new file mode 100644
index 0000000..2f5c938
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/RunCMakeTest.cmake
@@ -0,0 +1,10 @@
+include(RunCMake)
+
+run_cmake(AppendNoOutput)
+run_cmake(AppendNotOutput)
+run_cmake(BadArgument)
+run_cmake(NoArguments)
+run_cmake(NoOutputOrTarget)
+run_cmake(OutputAndTarget)
+run_cmake(SourceByproducts)
+run_cmake(SourceUsesTerminal)
diff --git a/Tests/RunCMake/add_custom_command/SourceByproducts-result.txt b/Tests/RunCMake/add_custom_command/SourceByproducts-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/SourceByproducts-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_command/SourceByproducts-stderr.txt b/Tests/RunCMake/add_custom_command/SourceByproducts-stderr.txt
new file mode 100644
index 0000000..a9cd64c
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/SourceByproducts-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at SourceByproducts.cmake:1 \(add_custom_command\):
+  add_custom_command BYPRODUCTS may not be specified with SOURCE signatures
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_command/SourceByproducts.cmake b/Tests/RunCMake/add_custom_command/SourceByproducts.cmake
new file mode 100644
index 0000000..824f41d
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/SourceByproducts.cmake
@@ -0,0 +1 @@
+add_custom_command(SOURCE t TARGET t BYPRODUCTS b)
diff --git a/Tests/RunCMake/add_custom_command/SourceUsesTerminal-result.txt b/Tests/RunCMake/add_custom_command/SourceUsesTerminal-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/SourceUsesTerminal-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_command/SourceUsesTerminal-stderr.txt b/Tests/RunCMake/add_custom_command/SourceUsesTerminal-stderr.txt
new file mode 100644
index 0000000..1a76c54
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/SourceUsesTerminal-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at SourceUsesTerminal.cmake:1 \(add_custom_command\):
+  add_custom_command USES_TERMINAL may not be used with SOURCE signatures
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_command/SourceUsesTerminal.cmake b/Tests/RunCMake/add_custom_command/SourceUsesTerminal.cmake
new file mode 100644
index 0000000..295fab1
--- /dev/null
+++ b/Tests/RunCMake/add_custom_command/SourceUsesTerminal.cmake
@@ -0,0 +1 @@
+add_custom_command(SOURCE t TARGET t USES_TERMINAL)
diff --git a/Tests/RunCMake/add_custom_target/BadTargetName-result.txt b/Tests/RunCMake/add_custom_target/BadTargetName-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/BadTargetName-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_target/BadTargetName-stderr.txt b/Tests/RunCMake/add_custom_target/BadTargetName-stderr.txt
new file mode 100644
index 0000000..f352457
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/BadTargetName-stderr.txt
@@ -0,0 +1,17 @@
+CMake Error at BadTargetName.cmake:1 \(add_custom_target\):
+  add_custom_target called with target name containing a "#".  This character
+  is not allowed.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
++
+CMake Error at BadTargetName.cmake:2 \(add_custom_target\):
+  add_custom_target called with target name containing a "<".  This character
+  is not allowed.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
++
+CMake Error at BadTargetName.cmake:3 \(add_custom_target\):
+  add_custom_target called with target name containing a ">".  This character
+  is not allowed.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_target/BadTargetName.cmake b/Tests/RunCMake/add_custom_target/BadTargetName.cmake
new file mode 100644
index 0000000..c4381a2
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/BadTargetName.cmake
@@ -0,0 +1,3 @@
+add_custom_target("#")
+add_custom_target("<")
+add_custom_target(">")
diff --git a/Tests/RunCMake/add_custom_target/ByproductsNoCommand-result.txt b/Tests/RunCMake/add_custom_target/ByproductsNoCommand-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/ByproductsNoCommand-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_target/ByproductsNoCommand-stderr.txt b/Tests/RunCMake/add_custom_target/ByproductsNoCommand-stderr.txt
new file mode 100644
index 0000000..6c80ca6
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/ByproductsNoCommand-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at ByproductsNoCommand.cmake:1 \(add_custom_target\):
+  BYPRODUCTS may not be specified without any COMMAND
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_target/ByproductsNoCommand.cmake b/Tests/RunCMake/add_custom_target/ByproductsNoCommand.cmake
new file mode 100644
index 0000000..6c142a2
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/ByproductsNoCommand.cmake
@@ -0,0 +1 @@
+add_custom_target(MyTarget BYPRODUCTS a b c d)
diff --git a/Tests/RunCMake/add_custom_target/CMakeLists.txt b/Tests/RunCMake/add_custom_target/CMakeLists.txt
new file mode 100644
index 0000000..ef2163c
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION 3.1)
+project(${RunCMake_TEST} NONE)
+include(${RunCMake_TEST}.cmake)
diff --git a/Tests/RunCMake/add_custom_target/NoArguments-result.txt b/Tests/RunCMake/add_custom_target/NoArguments-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/NoArguments-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_target/NoArguments-stderr.txt b/Tests/RunCMake/add_custom_target/NoArguments-stderr.txt
new file mode 100644
index 0000000..2230093
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/NoArguments-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at NoArguments.cmake:1 \(add_custom_target\):
+  add_custom_target called with incorrect number of arguments
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_target/NoArguments.cmake b/Tests/RunCMake/add_custom_target/NoArguments.cmake
new file mode 100644
index 0000000..ec6a212
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/NoArguments.cmake
@@ -0,0 +1 @@
+add_custom_target()
diff --git a/Tests/RunCMake/add_custom_target/RunCMakeTest.cmake b/Tests/RunCMake/add_custom_target/RunCMakeTest.cmake
new file mode 100644
index 0000000..92c4a38
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/RunCMakeTest.cmake
@@ -0,0 +1,6 @@
+include(RunCMake)
+
+run_cmake(NoArguments)
+run_cmake(BadTargetName)
+run_cmake(ByproductsNoCommand)
+run_cmake(UsesTerminalNoCommand)
diff --git a/Tests/RunCMake/add_custom_target/UsesTerminalNoCommand-result.txt b/Tests/RunCMake/add_custom_target/UsesTerminalNoCommand-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/UsesTerminalNoCommand-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/add_custom_target/UsesTerminalNoCommand-stderr.txt b/Tests/RunCMake/add_custom_target/UsesTerminalNoCommand-stderr.txt
new file mode 100644
index 0000000..beafa7c
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/UsesTerminalNoCommand-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at UsesTerminalNoCommand.cmake:1 \(add_custom_target\):
+  USES_TERMINAL may not be specified without any COMMAND
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/add_custom_target/UsesTerminalNoCommand.cmake b/Tests/RunCMake/add_custom_target/UsesTerminalNoCommand.cmake
new file mode 100644
index 0000000..b0c207b
--- /dev/null
+++ b/Tests/RunCMake/add_custom_target/UsesTerminalNoCommand.cmake
@@ -0,0 +1 @@
+add_custom_target(MyTarget USES_TERMINAL)
diff --git a/Tests/RunCMake/configure_file/RunCMakeTest.cmake b/Tests/RunCMake/configure_file/RunCMakeTest.cmake
index c8bfa57..c010256 100644
--- a/Tests/RunCMake/configure_file/RunCMakeTest.cmake
+++ b/Tests/RunCMake/configure_file/RunCMakeTest.cmake
@@ -6,3 +6,4 @@ run_cmake(UTF16LE-BOM)
 run_cmake(UTF16BE-BOM)
 run_cmake(UTF32LE-BOM)
 run_cmake(UTF32BE-BOM)
+run_cmake(UnknownArg)
diff --git a/Tests/RunCMake/configure_file/UnknownArg-stderr.txt b/Tests/RunCMake/configure_file/UnknownArg-stderr.txt
new file mode 100644
index 0000000..46930c0
--- /dev/null
+++ b/Tests/RunCMake/configure_file/UnknownArg-stderr.txt
@@ -0,0 +1,10 @@
+CMake Warning \(dev\) at UnknownArg.cmake:1 \(configure_file\):
+  configure_file called with unknown argument\(s\):
+
+   COPY_ONLY
+   COPYFILE
+   COPY_FILE
+
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
+This warning is for project developers.  Use -Wno-dev to suppress it.
diff --git a/Tests/RunCMake/configure_file/UnknownArg.cmake b/Tests/RunCMake/configure_file/UnknownArg.cmake
new file mode 100644
index 0000000..5125c83
--- /dev/null
+++ b/Tests/RunCMake/configure_file/UnknownArg.cmake
@@ -0,0 +1,2 @@
+configure_file(${CMAKE_ROOT}/Modules/CMakeConfigurableFile.in UnknownArg.txt
+  @ONLY COPYONLY COPY_ONLY COPYFILE COPY_FILE)
diff --git a/Tests/RunCMake/continue/CMakeLists.txt b/Tests/RunCMake/continue/CMakeLists.txt
new file mode 100644
index 0000000..ef2163c
--- /dev/null
+++ b/Tests/RunCMake/continue/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION 3.1)
+project(${RunCMake_TEST} NONE)
+include(${RunCMake_TEST}.cmake)
diff --git a/Tests/RunCMake/continue/ContinueForEachInLists.cmake b/Tests/RunCMake/continue/ContinueForEachInLists.cmake
new file mode 100644
index 0000000..fbd7359
--- /dev/null
+++ b/Tests/RunCMake/continue/ContinueForEachInLists.cmake
@@ -0,0 +1,10 @@
+list(APPEND foo 1 2 3 4 5)
+
+message(STATUS "start")
+foreach(iter IN LISTS foo)
+  if("${iter}" EQUAL 1 OR "${iter}" EQUAL 3 OR "${iter}" EQUAL 5)
+    continue()
+  endif()
+  message(STATUS "${iter}")
+endforeach()
+message(STATUS "end")
diff --git a/Tests/RunCMake/continue/ContinueForeach-stdout.txt b/Tests/RunCMake/continue/ContinueForeach-stdout.txt
new file mode 100644
index 0000000..955b859
--- /dev/null
+++ b/Tests/RunCMake/continue/ContinueForeach-stdout.txt
@@ -0,0 +1,4 @@
+-- start
+-- 2
+-- 4
+-- end
diff --git a/Tests/RunCMake/continue/ContinueForeach.cmake b/Tests/RunCMake/continue/ContinueForeach.cmake
new file mode 100644
index 0000000..9b3e17f
--- /dev/null
+++ b/Tests/RunCMake/continue/ContinueForeach.cmake
@@ -0,0 +1,8 @@
+message(STATUS "start")
+foreach(iter RANGE 1 5)
+  if("${iter}" EQUAL 1 OR "${iter}" EQUAL 3 OR "${iter}" EQUAL 5)
+    continue()
+  endif()
+  message(STATUS "${iter}")
+endforeach()
+message(STATUS "end")
diff --git a/Tests/RunCMake/continue/ContinueNestedForeach-stdout.txt b/Tests/RunCMake/continue/ContinueNestedForeach-stdout.txt
new file mode 100644
index 0000000..adb02bc
--- /dev/null
+++ b/Tests/RunCMake/continue/ContinueNestedForeach-stdout.txt
@@ -0,0 +1,6 @@
+-- start
+-- 7 2
+-- 7 4
+-- 9 2
+-- 9 4
+-- end
diff --git a/Tests/RunCMake/continue/ContinueNestedForeach.cmake b/Tests/RunCMake/continue/ContinueNestedForeach.cmake
new file mode 100644
index 0000000..de7c51b
--- /dev/null
+++ b/Tests/RunCMake/continue/ContinueNestedForeach.cmake
@@ -0,0 +1,13 @@
+message(STATUS "start")
+foreach(outer RANGE 7 9)
+  if("${outer}" EQUAL 8)
+    continue()
+  endif()
+  foreach(inner RANGE 1 5)
+    if("${inner}" EQUAL 1 OR "${inner}" EQUAL 3 OR "${inner}" EQUAL 5)
+      continue()
+    endif()
+    message(STATUS "${outer} ${inner}")
+  endforeach()
+endforeach()
+message(STATUS "end")
diff --git a/Tests/RunCMake/continue/ContinueWhile-stdout.txt b/Tests/RunCMake/continue/ContinueWhile-stdout.txt
new file mode 100644
index 0000000..f99b2a1
--- /dev/null
+++ b/Tests/RunCMake/continue/ContinueWhile-stdout.txt
@@ -0,0 +1,6 @@
+-- start
+-- a
+-- aa
+-- aaaa
+-- aaaaa
+-- end
diff --git a/Tests/RunCMake/continue/ContinueWhile.cmake b/Tests/RunCMake/continue/ContinueWhile.cmake
new file mode 100644
index 0000000..c1fa87a
--- /dev/null
+++ b/Tests/RunCMake/continue/ContinueWhile.cmake
@@ -0,0 +1,10 @@
+message(STATUS "start")
+unset(iter)
+while(NOT "${iter}" STREQUAL "aaaaa")
+  set(iter "${iter}a")
+  if("${iter}" STREQUAL "aaa")
+    continue()
+  endif()
+  message(STATUS "${iter}")
+endwhile()
+message(STATUS "end")
diff --git a/Tests/RunCMake/continue/NoArgumentsToContinue-result.txt b/Tests/RunCMake/continue/NoArgumentsToContinue-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/continue/NoArgumentsToContinue-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/continue/NoArgumentsToContinue-stderr.txt b/Tests/RunCMake/continue/NoArgumentsToContinue-stderr.txt
new file mode 100644
index 0000000..66be4629
--- /dev/null
+++ b/Tests/RunCMake/continue/NoArgumentsToContinue-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at NoArgumentsToContinue.cmake:2 \(continue\):
+  The CONTINUE command does not accept any arguments.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/continue/NoArgumentsToContinue.cmake b/Tests/RunCMake/continue/NoArgumentsToContinue.cmake
new file mode 100644
index 0000000..609804d
--- /dev/null
+++ b/Tests/RunCMake/continue/NoArgumentsToContinue.cmake
@@ -0,0 +1,3 @@
+foreach(i RANGE 1 2)
+  continue(1)
+endforeach()
diff --git a/Tests/RunCMake/continue/NoEnclosingBlock-result.txt b/Tests/RunCMake/continue/NoEnclosingBlock-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/continue/NoEnclosingBlock-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/continue/NoEnclosingBlock-stderr.txt b/Tests/RunCMake/continue/NoEnclosingBlock-stderr.txt
new file mode 100644
index 0000000..24caf57
--- /dev/null
+++ b/Tests/RunCMake/continue/NoEnclosingBlock-stderr.txt
@@ -0,0 +1,5 @@
+CMake Error at NoEnclosingBlock.cmake:1 \(continue\):
+  A CONTINUE command was found outside of a proper FOREACH or WHILE loop
+  scope.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/continue/NoEnclosingBlock.cmake b/Tests/RunCMake/continue/NoEnclosingBlock.cmake
new file mode 100644
index 0000000..9661e0d
--- /dev/null
+++ b/Tests/RunCMake/continue/NoEnclosingBlock.cmake
@@ -0,0 +1 @@
+continue()
diff --git a/Tests/RunCMake/continue/NoEnclosingBlockInFunction-result.txt b/Tests/RunCMake/continue/NoEnclosingBlockInFunction-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/continue/NoEnclosingBlockInFunction-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/continue/NoEnclosingBlockInFunction-stderr.txt b/Tests/RunCMake/continue/NoEnclosingBlockInFunction-stderr.txt
new file mode 100644
index 0000000..af4f3b6
--- /dev/null
+++ b/Tests/RunCMake/continue/NoEnclosingBlockInFunction-stderr.txt
@@ -0,0 +1,6 @@
+CMake Error at NoEnclosingBlockInFunction.cmake:2 \(continue\):
+  A CONTINUE command was found outside of a proper FOREACH or WHILE loop
+  scope.
+Call Stack \(most recent call first\):
+  NoEnclosingBlockInFunction.cmake:6 \(foo\)
+  CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/continue/NoEnclosingBlockInFunction.cmake b/Tests/RunCMake/continue/NoEnclosingBlockInFunction.cmake
new file mode 100644
index 0000000..eb2a098
--- /dev/null
+++ b/Tests/RunCMake/continue/NoEnclosingBlockInFunction.cmake
@@ -0,0 +1,8 @@
+function(foo)
+  continue()
+endfunction(foo)
+
+foreach(i RANGE 1 2)
+  foo()
+  message(STATUS "Hello World")
+endforeach()
diff --git a/Tests/RunCMake/continue/RunCMakeTest.cmake b/Tests/RunCMake/continue/RunCMakeTest.cmake
new file mode 100644
index 0000000..37caf9c
--- /dev/null
+++ b/Tests/RunCMake/continue/RunCMakeTest.cmake
@@ -0,0 +1,9 @@
+include(RunCMake)
+
+run_cmake(ContinueForeach)
+run_cmake(ContinueForEachInLists)
+run_cmake(ContinueNestedForeach)
+run_cmake(ContinueWhile)
+run_cmake(NoArgumentsToContinue)
+run_cmake(NoEnclosingBlock)
+run_cmake(NoEnclosingBlockInFunction)
diff --git a/Tests/RunCMake/file/LOCK-error-file-create-fail-result.txt b/Tests/RunCMake/file/LOCK-error-file-create-fail-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-file-create-fail-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-file-create-fail-stderr.txt b/Tests/RunCMake/file/LOCK-error-file-create-fail-stderr.txt
new file mode 100644
index 0000000..72b7fe0
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-file-create-fail-stderr.txt
@@ -0,0 +1,8 @@
+CMake Error at LOCK-error-file-create-fail\.cmake:[0-9]+ \(file\):
+  file
+
+    ".*"
+
+  creation failed \(check permissions\)\.
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-file-create-fail.cmake b/Tests/RunCMake/file/LOCK-error-file-create-fail.cmake
new file mode 100644
index 0000000..4868cfe
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-file-create-fail.cmake
@@ -0,0 +1,3 @@
+set(tmp "${CMAKE_CURRENT_BINARY_DIR}/temp-directory")
+file(MAKE_DIRECTORY "${tmp}")
+file(LOCK "${tmp}")
diff --git a/Tests/RunCMake/file/LOCK-error-guard-incorrect-result.txt b/Tests/RunCMake/file/LOCK-error-guard-incorrect-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-guard-incorrect-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-guard-incorrect-stderr.txt b/Tests/RunCMake/file/LOCK-error-guard-incorrect-stderr.txt
new file mode 100644
index 0000000..85136b4
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-guard-incorrect-stderr.txt
@@ -0,0 +1,6 @@
+CMake Error at LOCK-error-guard-incorrect\.cmake:[0-9]+ \(file\):
+  expected FUNCTION, FILE or PROCESS after GUARD, but got:
+
+    "FUNCTIO"\.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-guard-incorrect.cmake b/Tests/RunCMake/file/LOCK-error-guard-incorrect.cmake
new file mode 100644
index 0000000..51daa7c
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-guard-incorrect.cmake
@@ -0,0 +1 @@
+file(LOCK "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock" GUARD FUNCTIO)
diff --git a/Tests/RunCMake/file/LOCK-error-incorrect-timeout-result.txt b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-incorrect-timeout-stderr.txt b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-stderr.txt
new file mode 100644
index 0000000..c6ae1e0
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at LOCK-error-incorrect-timeout\.cmake:[0-9]+ \(file\):
+  TIMEOUT value "qwerty" is not an unsigned integer\.
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-incorrect-timeout-trail-result.txt b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-trail-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-trail-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-incorrect-timeout-trail-stderr.txt b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-trail-stderr.txt
new file mode 100644
index 0000000..6ea2507
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-trail-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at LOCK-error-incorrect-timeout-trail\.cmake:[0-9]+ \(file\):
+  TIMEOUT value "123xyz" is not an unsigned integer\.
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-incorrect-timeout-trail.cmake b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-trail.cmake
new file mode 100644
index 0000000..c4f1b75
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-incorrect-timeout-trail.cmake
@@ -0,0 +1 @@
+file(LOCK "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock" TIMEOUT 123xyz)
diff --git a/Tests/RunCMake/file/LOCK-error-incorrect-timeout.cmake b/Tests/RunCMake/file/LOCK-error-incorrect-timeout.cmake
new file mode 100644
index 0000000..d882467
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-incorrect-timeout.cmake
@@ -0,0 +1 @@
+file(LOCK "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock" TIMEOUT qwerty)
diff --git a/Tests/RunCMake/file/LOCK-error-lock-fail-result.txt b/Tests/RunCMake/file/LOCK-error-lock-fail-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-lock-fail-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-lock-fail-stderr.txt b/Tests/RunCMake/file/LOCK-error-lock-fail-stderr.txt
new file mode 100644
index 0000000..a7b0447
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-lock-fail-stderr.txt
@@ -0,0 +1,6 @@
+CMake Error at LOCK-error-lock-fail.cmake:[0-9]+ \(file\):
+  directory
+
+    ".*"
+
+  creation failed \(check permissions\)\.
diff --git a/Tests/RunCMake/file/LOCK-error-lock-fail.cmake b/Tests/RunCMake/file/LOCK-error-lock-fail.cmake
new file mode 100644
index 0000000..aa7f663
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-lock-fail.cmake
@@ -0,0 +1,6 @@
+set(lfile "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock")
+FILE(WRITE "${lfile}" "")
+
+# Try to lock file '${lfile}/cmake.lock'. Since `lfile` is not a directory
+# expected that operation will fail.
+file(LOCK "${lfile}" DIRECTORY)
diff --git a/Tests/RunCMake/file/LOCK-error-negative-timeout-result.txt b/Tests/RunCMake/file/LOCK-error-negative-timeout-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-negative-timeout-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-negative-timeout-stderr.txt b/Tests/RunCMake/file/LOCK-error-negative-timeout-stderr.txt
new file mode 100644
index 0000000..0d159c1
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-negative-timeout-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at LOCK-error-negative-timeout\.cmake:[0-9]+ \(file\):
+  TIMEOUT value "-2" is not an unsigned integer\.
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-negative-timeout.cmake b/Tests/RunCMake/file/LOCK-error-negative-timeout.cmake
new file mode 100644
index 0000000..6a0f190
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-negative-timeout.cmake
@@ -0,0 +1 @@
+file(LOCK "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock" TIMEOUT -2)
diff --git a/Tests/RunCMake/file/LOCK-error-no-function-result.txt b/Tests/RunCMake/file/LOCK-error-no-function-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-function-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-no-function-stderr.txt b/Tests/RunCMake/file/LOCK-error-no-function-stderr.txt
new file mode 100644
index 0000000..51ed12d
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-function-stderr.txt
@@ -0,0 +1,8 @@
+CMake Error at LOCK-error-no-function\.cmake:[0-9]+ \(file\):
+  error locking file
+
+    ".*"
+
+  'GUARD FUNCTION' not used in function definition\.
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-no-function.cmake b/Tests/RunCMake/file/LOCK-error-no-function.cmake
new file mode 100644
index 0000000..1b8b06a
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-function.cmake
@@ -0,0 +1 @@
+file(LOCK "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock" GUARD FUNCTION)
diff --git a/Tests/RunCMake/file/LOCK-error-no-guard-result.txt b/Tests/RunCMake/file/LOCK-error-no-guard-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-guard-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-no-guard-stderr.txt b/Tests/RunCMake/file/LOCK-error-no-guard-stderr.txt
new file mode 100644
index 0000000..41177ce
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-guard-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at LOCK-error-no-guard\.cmake:[0-9]+ \(file\):
+  expected FUNCTION, FILE or PROCESS after GUARD
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-no-guard.cmake b/Tests/RunCMake/file/LOCK-error-no-guard.cmake
new file mode 100644
index 0000000..48ffc5e
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-guard.cmake
@@ -0,0 +1 @@
+file(LOCK "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock" GUARD)
diff --git a/Tests/RunCMake/file/LOCK-error-no-path-result.txt b/Tests/RunCMake/file/LOCK-error-no-path-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-path-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-no-path-stderr.txt b/Tests/RunCMake/file/LOCK-error-no-path-stderr.txt
new file mode 100644
index 0000000..2247aa6
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-path-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at LOCK-error-no-path.cmake:[0-9]+ \(file\):
+  file must be called with at least two arguments.
+Call Stack \(most recent call first\):
+  CMakeLists.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-no-path.cmake b/Tests/RunCMake/file/LOCK-error-no-path.cmake
new file mode 100644
index 0000000..12d79b7
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-path.cmake
@@ -0,0 +1 @@
+file(LOCK)
diff --git a/Tests/RunCMake/file/LOCK-error-no-result-variable-result.txt b/Tests/RunCMake/file/LOCK-error-no-result-variable-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-result-variable-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-no-result-variable-stderr.txt b/Tests/RunCMake/file/LOCK-error-no-result-variable-stderr.txt
new file mode 100644
index 0000000..b38e23c
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-result-variable-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at LOCK-error-no-result-variable\.cmake:[0-9]+ \(file\):
+  expected variable name after RESULT_VARIABLE
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-no-result-variable.cmake b/Tests/RunCMake/file/LOCK-error-no-result-variable.cmake
new file mode 100644
index 0000000..e6ac18d
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-result-variable.cmake
@@ -0,0 +1 @@
+file(LOCK "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock" RESULT_VARIABLE)
diff --git a/Tests/RunCMake/file/LOCK-error-no-timeout-result.txt b/Tests/RunCMake/file/LOCK-error-no-timeout-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-timeout-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-no-timeout-stderr.txt b/Tests/RunCMake/file/LOCK-error-no-timeout-stderr.txt
new file mode 100644
index 0000000..f34d46f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-timeout-stderr.txt
@@ -0,0 +1,4 @@
+CMake Error at LOCK-error-no-timeout\.cmake:[0-9]+ \(file\):
+  expected timeout value after TIMEOUT
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-no-timeout.cmake b/Tests/RunCMake/file/LOCK-error-no-timeout.cmake
new file mode 100644
index 0000000..1618192
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-no-timeout.cmake
@@ -0,0 +1 @@
+file(LOCK "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock" TIMEOUT)
diff --git a/Tests/RunCMake/file/LOCK-error-timeout-result.txt b/Tests/RunCMake/file/LOCK-error-timeout-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-timeout-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-timeout-stderr.txt b/Tests/RunCMake/file/LOCK-error-timeout-stderr.txt
new file mode 100644
index 0000000..4ad1f04
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-timeout-stderr.txt
@@ -0,0 +1,12 @@
+Output:[ ]*
+Error: CMake Error at .*.timeout-script\.cmake:[0-9]+ \(file\):
+  error locking file
+
+    ".*"
+
+  Timeout reached\.
++
+CMake Error at LOCK-error-timeout\.cmake:[0-9]+ \(message\):
+  Result: 1
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]+ \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-timeout-stdout.txt b/Tests/RunCMake/file/LOCK-error-timeout-stdout.txt
new file mode 100644
index 0000000..8d98f9d
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-timeout-stdout.txt
@@ -0,0 +1 @@
+.*
diff --git a/Tests/RunCMake/file/LOCK-error-timeout.cmake b/Tests/RunCMake/file/LOCK-error-timeout.cmake
new file mode 100644
index 0000000..b6b9476
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-timeout.cmake
@@ -0,0 +1,17 @@
+set(script "${CMAKE_CURRENT_LIST_DIR}/timeout-script.cmake")
+set(file_to_lock "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock")
+
+file(LOCK "${file_to_lock}")
+execute_process(
+    COMMAND "${CMAKE_COMMAND}" "-Dfile_to_lock=${file_to_lock}" -P "${script}"
+    RESULT_VARIABLE result
+    OUTPUT_VARIABLE output
+    ERROR_VARIABLE error
+)
+
+message("Output: ${output}")
+message("Error: ${error}")
+
+if(NOT result EQUAL 0)
+  message(FATAL_ERROR "Result: ${result}")
+endif()
diff --git a/Tests/RunCMake/file/LOCK-error-unknown-option-result.txt b/Tests/RunCMake/file/LOCK-error-unknown-option-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-unknown-option-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/file/LOCK-error-unknown-option-stderr.txt b/Tests/RunCMake/file/LOCK-error-unknown-option-stderr.txt
new file mode 100644
index 0000000..ad596af
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-unknown-option-stderr.txt
@@ -0,0 +1,6 @@
+CMake Error at LOCK-error-unknown-option\.cmake:[0-9]+ \(file\):
+  expected DIRECTORY, RELEASE, GUARD, RESULT_VARIABLE or TIMEOUT
+
+  but got: "UNKNOWN"\.
+Call Stack \(most recent call first\):
+  CMakeLists\.txt:[0-9]* \(include\)
diff --git a/Tests/RunCMake/file/LOCK-error-unknown-option.cmake b/Tests/RunCMake/file/LOCK-error-unknown-option.cmake
new file mode 100644
index 0000000..88ef002
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-error-unknown-option.cmake
@@ -0,0 +1 @@
+file(LOCK "${CMAKE_CURRENT_BINARY_DIR}/temp-file" UNKNOWN)
diff --git a/Tests/RunCMake/file/LOCK-stdout.txt b/Tests/RunCMake/file/LOCK-stdout.txt
new file mode 100644
index 0000000..416126a
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK-stdout.txt
@@ -0,0 +1,11 @@
+-- Simple lock
+-- Directory lock
+-- Release
+-- Lock function scope
+-- Lock file scope
+-- Lock in subdirectory
+-- Lock process scope
+-- Error double lock
+-- Ok
+-- Timeout 0
+-- Timeout not 0
diff --git a/Tests/RunCMake/file/LOCK.cmake b/Tests/RunCMake/file/LOCK.cmake
new file mode 100644
index 0000000..8eff084
--- /dev/null
+++ b/Tests/RunCMake/file/LOCK.cmake
@@ -0,0 +1,40 @@
+set(lfile "${CMAKE_CURRENT_BINARY_DIR}/file-to-lock")
+set(ldir "${CMAKE_CURRENT_BINARY_DIR}/dir-to-lock")
+
+message(STATUS "Simple lock")
+file(LOCK ${lfile})
+
+message(STATUS "Directory lock")
+file(LOCK ${ldir} DIRECTORY)
+
+message(STATUS "Release")
+file(LOCK ${lfile} RELEASE)
+
+function(foo)
+  file(LOCK "${lfile}" GUARD FUNCTION)
+endfunction()
+
+message(STATUS "Lock function scope")
+foo()
+
+message(STATUS "Lock file scope")
+add_subdirectory(subdir_test_unlock)
+
+message(STATUS "Lock process scope")
+file(LOCK "${lfile}" GUARD PROCESS)
+
+message(STATUS "Error double lock")
+file(LOCK "${lfile}" RESULT_VARIABLE lock_result)
+if(lock_result STREQUAL "File already locked")
+  message(STATUS "Ok")
+else()
+  message(STATUS FATAL_ERROR "Expected error message")
+endif()
+
+message(STATUS "Timeout 0")
+file(LOCK "${lfile}" RELEASE)
+file(LOCK "${lfile}" TIMEOUT 0)
+
+message(STATUS "Timeout not 0")
+file(LOCK "${lfile}" RELEASE)
+file(LOCK "${lfile}" TIMEOUT 3)
diff --git a/Tests/RunCMake/file/RunCMakeTest.cmake b/Tests/RunCMake/file/RunCMakeTest.cmake
index bf14263..14819e7 100644
--- a/Tests/RunCMake/file/RunCMakeTest.cmake
+++ b/Tests/RunCMake/file/RunCMakeTest.cmake
@@ -3,3 +3,17 @@ include(RunCMake)
 run_cmake(INSTALL-DIRECTORY)
 run_cmake(INSTALL-MESSAGE-bad)
 run_cmake(FileOpenFailRead)
+run_cmake(LOCK)
+run_cmake(LOCK-error-file-create-fail)
+run_cmake(LOCK-error-guard-incorrect)
+run_cmake(LOCK-error-incorrect-timeout)
+run_cmake(LOCK-error-incorrect-timeout-trail)
+run_cmake(LOCK-error-lock-fail)
+run_cmake(LOCK-error-negative-timeout)
+run_cmake(LOCK-error-no-function)
+run_cmake(LOCK-error-no-guard)
+run_cmake(LOCK-error-no-path)
+run_cmake(LOCK-error-no-result-variable)
+run_cmake(LOCK-error-no-timeout)
+run_cmake(LOCK-error-timeout)
+run_cmake(LOCK-error-unknown-option)
diff --git a/Tests/RunCMake/file/subdir_test_unlock/CMakeLists.txt b/Tests/RunCMake/file/subdir_test_unlock/CMakeLists.txt
new file mode 100644
index 0000000..c167cd7
--- /dev/null
+++ b/Tests/RunCMake/file/subdir_test_unlock/CMakeLists.txt
@@ -0,0 +1,2 @@
+message(STATUS "Lock in subdirectory")
+file(LOCK "${lfile}" GUARD FILE)
diff --git a/Tests/RunCMake/file/timeout-script.cmake b/Tests/RunCMake/file/timeout-script.cmake
new file mode 100644
index 0000000..e07dbf0
--- /dev/null
+++ b/Tests/RunCMake/file/timeout-script.cmake
@@ -0,0 +1,5 @@
+if(NOT file_to_lock)
+  message(FATAL_ERROR "file_to_lock is empty")
+endif()
+
+file(LOCK "${file_to_lock}" TIMEOUT 1)
diff --git a/Tests/RunCMake/return/CMakeLists.txt b/Tests/RunCMake/return/CMakeLists.txt
new file mode 100644
index 0000000..ef2163c
--- /dev/null
+++ b/Tests/RunCMake/return/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION 3.1)
+project(${RunCMake_TEST} NONE)
+include(${RunCMake_TEST}.cmake)
diff --git a/Tests/RunCMake/return/ReturnFromForeach-result.txt b/Tests/RunCMake/return/ReturnFromForeach-result.txt
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/Tests/RunCMake/return/ReturnFromForeach-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/return/ReturnFromForeach.cmake b/Tests/RunCMake/return/ReturnFromForeach.cmake
new file mode 100644
index 0000000..c71cf33
--- /dev/null
+++ b/Tests/RunCMake/return/ReturnFromForeach.cmake
@@ -0,0 +1,10 @@
+function(foo)
+  foreach(i RANGE 1 3)
+    foreach(j RANGE 1 3)
+      return()
+      message(FATAL_ERROR "unexpected")
+    endforeach()
+  endforeach()
+endfunction(foo)
+
+foo()
diff --git a/Tests/RunCMake/return/RunCMakeTest.cmake b/Tests/RunCMake/return/RunCMakeTest.cmake
new file mode 100644
index 0000000..2cc6c9d
--- /dev/null
+++ b/Tests/RunCMake/return/RunCMakeTest.cmake
@@ -0,0 +1,3 @@
+include(RunCMake)
+
+run_cmake(ReturnFromForeach)
diff --git a/Tests/RunCMake/string/RegexClear-stderr.txt b/Tests/RunCMake/string/RegexClear-stderr.txt
new file mode 100644
index 0000000..22b0159
--- /dev/null
+++ b/Tests/RunCMake/string/RegexClear-stderr.txt
@@ -0,0 +1,54 @@
+^Matched string properly
+results from: setting up initial state
+CMAKE_MATCH_0: -->01<--
+CMAKE_MATCH_1: -->0<--
+CMAKE_MATCH_2: -->1<--
+CMAKE_MATCH_COUNT: -->2<--
+Matched string properly
+results from: making a match inside of find_package
+CMAKE_MATCH_0: -->01<--
+CMAKE_MATCH_1: -->0<--
+CMAKE_MATCH_2: -->1<--
+CMAKE_MATCH_COUNT: -->2<--
+Matched nothing properly
+results from: making a failure inside of find_package
+CMAKE_MATCH_0: --><--
+CMAKE_MATCH_1: --><--
+CMAKE_MATCH_2: --><--
+CMAKE_MATCH_COUNT: -->0<--
+Matched nothing properly
+results from: checking after find_package
+CMAKE_MATCH_0: --><--
+CMAKE_MATCH_1: --><--
+CMAKE_MATCH_2: --><--
+CMAKE_MATCH_COUNT: -->0<--
+Matched nothing properly
+results from: clearing out results with a failing match
+CMAKE_MATCH_0: --><--
+CMAKE_MATCH_1: --><--
+CMAKE_MATCH_2: --><--
+CMAKE_MATCH_COUNT: -->0<--
+Matched string properly
+results from: making a successful match before add_subdirectory
+CMAKE_MATCH_0: -->01<--
+CMAKE_MATCH_1: -->0<--
+CMAKE_MATCH_2: -->1<--
+CMAKE_MATCH_COUNT: -->2<--
+Matched string properly
+results from: check for success in add_subdirectory
+CMAKE_MATCH_0: -->01<--
+CMAKE_MATCH_1: -->0<--
+CMAKE_MATCH_2: -->1<--
+CMAKE_MATCH_COUNT: -->2<--
+Matched nothing properly
+results from: failing inside of add_subdirectory
+CMAKE_MATCH_0: --><--
+CMAKE_MATCH_1: --><--
+CMAKE_MATCH_2: --><--
+CMAKE_MATCH_COUNT: -->0<--
+Matched string properly
+results from: ensuring the subdirectory did not interfere with the parent
+CMAKE_MATCH_0: -->01<--
+CMAKE_MATCH_1: -->0<--
+CMAKE_MATCH_2: -->1<--
+CMAKE_MATCH_COUNT: -->2<--$
diff --git a/Tests/RunCMake/string/RegexClear.cmake b/Tests/RunCMake/string/RegexClear.cmake
new file mode 100644
index 0000000..d5edaac
--- /dev/null
+++ b/Tests/RunCMake/string/RegexClear.cmake
@@ -0,0 +1,54 @@
+cmake_minimum_required (VERSION 3.0)
+project (RegexClear C)
+
+function (output_results msg)
+  message("results from: ${msg}")
+  message("CMAKE_MATCH_0: -->${CMAKE_MATCH_0}<--")
+  message("CMAKE_MATCH_1: -->${CMAKE_MATCH_1}<--")
+  message("CMAKE_MATCH_2: -->${CMAKE_MATCH_2}<--")
+  message("CMAKE_MATCH_COUNT: -->${CMAKE_MATCH_COUNT}<--")
+endfunction ()
+
+function (check_for_success msg)
+  if (CMAKE_MATCH_1 STREQUAL "0" AND
+      CMAKE_MATCH_2 STREQUAL "1")
+    message("Matched string properly")
+  else ()
+    message("Failed to match properly")
+  endif ()
+  output_results("${msg}")
+endfunction ()
+
+function (check_for_failure msg)
+  if (CMAKE_MATCH_1 STREQUAL "" AND
+      CMAKE_MATCH_2 STREQUAL "")
+    message("Matched nothing properly")
+  else ()
+    message("Found a match where there should be none")
+  endif ()
+  output_results("${msg}")
+endfunction ()
+
+macro (do_regex_success msg)
+  string(REGEX MATCH "(0)(1)" output "01")
+  check_for_success("${msg}")
+endmacro ()
+
+macro (do_regex_failure msg)
+  string(REGEX MATCH "(0)(1)" output "12")
+  check_for_failure("${msg}")
+endmacro ()
+
+do_regex_success("setting up initial state")
+
+list(INSERT CMAKE_MODULE_PATH 0
+  "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+find_package(dummy) # Ensure cmMakefile::PushScope/PopScope work.
+
+check_for_failure("checking after find_package")
+do_regex_failure("clearing out results with a failing match")
+do_regex_success("making a successful match before add_subdirectory")
+
+add_subdirectory(subdir)
+
+check_for_success("ensuring the subdirectory did not interfere with the parent") # Ensure that the subdir didn't mess with this scope.
diff --git a/Tests/RunCMake/string/RunCMakeTest.cmake b/Tests/RunCMake/string/RunCMakeTest.cmake
index e83db27..fc913c6 100644
--- a/Tests/RunCMake/string/RunCMakeTest.cmake
+++ b/Tests/RunCMake/string/RunCMakeTest.cmake
@@ -10,3 +10,5 @@ run_cmake(UuidBadNamespace)
 run_cmake(UuidMissingNameValue)
 run_cmake(UuidMissingTypeValue)
 run_cmake(UuidBadType)
+
+run_cmake(RegexClear)
diff --git a/Tests/RunCMake/string/cmake/Finddummy.cmake b/Tests/RunCMake/string/cmake/Finddummy.cmake
new file mode 100644
index 0000000..4cbc1fb
--- /dev/null
+++ b/Tests/RunCMake/string/cmake/Finddummy.cmake
@@ -0,0 +1,4 @@
+check_for_success("making a match inside of find_package")
+do_regex_failure("making a failure inside of find_package")
+
+set(dummy_FOUND 1)
diff --git a/Tests/RunCMake/string/subdir/CMakeLists.txt b/Tests/RunCMake/string/subdir/CMakeLists.txt
new file mode 100644
index 0000000..5573308
--- /dev/null
+++ b/Tests/RunCMake/string/subdir/CMakeLists.txt
@@ -0,0 +1,2 @@
+check_for_success("check for success in add_subdirectory")
+do_regex_failure("failing inside of add_subdirectory")
diff --git a/Tests/SourceFileProperty/CMakeLists.txt b/Tests/SourceFileProperty/CMakeLists.txt
new file mode 100644
index 0000000..1b6506d
--- /dev/null
+++ b/Tests/SourceFileProperty/CMakeLists.txt
@@ -0,0 +1,19 @@
+cmake_minimum_required(VERSION 3.0)
+project(SourceFileProperty C)
+
+set(sources)
+
+if (EXISTS icasetest.c)
+  # If a file exists by this name, use it.
+  set_source_files_properties(icasetest.c
+    PROPERTIES
+      COMPILE_FLAGS -DNEEDED_TO_WORK)
+else ()
+  # Work on case-sensitive file systems as well.
+  set_source_files_properties(main.c
+    PROPERTIES
+      COMPILE_FLAGS -DNO_NEED_TO_CALL)
+endif ()
+list(APPEND sources ICaseTest.c)
+
+add_executable(SourceFileProperty main.c ${sources})
diff --git a/Tests/SourceFileProperty/ICaseTest.c b/Tests/SourceFileProperty/ICaseTest.c
new file mode 100644
index 0000000..454c721
--- /dev/null
+++ b/Tests/SourceFileProperty/ICaseTest.c
@@ -0,0 +1,7 @@
+
+#ifdef NEEDED_TO_WORK
+int icasetest()
+{
+  return 0;
+}
+#endif
diff --git a/Tests/SourceFileProperty/main.c b/Tests/SourceFileProperty/main.c
new file mode 100644
index 0000000..b853408
--- /dev/null
+++ b/Tests/SourceFileProperty/main.c
@@ -0,0 +1,13 @@
+
+#ifndef NO_NEED_TO_CALL
+extern int icasetest();
+#endif
+
+int main(int argc, char** argv)
+{
+#ifdef NO_NEED_TO_CALL
+  return 0;
+#else
+  return icasetest();
+#endif
+}
diff --git a/Tests/StringFileTest/CMakeLists.txt b/Tests/StringFileTest/CMakeLists.txt
index e6c6152..faf3bc9 100644
--- a/Tests/StringFileTest/CMakeLists.txt
+++ b/Tests/StringFileTest/CMakeLists.txt
@@ -189,7 +189,7 @@ string(CONFIGURE "${infile}" infile+-/out @ONLY)
 set(infile "${infile+-/out}")
 
 # Write include file to a file
-string(REGEX REPLACE "includefile" "${file}" outfile "${infile}")
+string(REGEX REPLACE "includefile" "Includes/Values.h" outfile "${infile}")
 file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/OutputFile.h-tmp" "${outfile}")
 file(RENAME "${CMAKE_CURRENT_BINARY_DIR}/OutputFile.h-tmp"
             "${CMAKE_CURRENT_BINARY_DIR}/OutputFile.h")
diff --git a/Tests/TryCompile/CMakeLists.txt b/Tests/TryCompile/CMakeLists.txt
index a4d9490..e497503 100644
--- a/Tests/TryCompile/CMakeLists.txt
+++ b/Tests/TryCompile/CMakeLists.txt
@@ -265,7 +265,7 @@ TEST_FAIL(CXX_RUN_SHOULD_FAIL "CHECK_CXX_SOURCE_RUNS() succeeded, but should hav
 TEST_ASSERT(CXX_RUN_SHOULD_WORK "CHECK_CXX_SOURCE_RUNS() failed")
 
 foreach(lang C CXX)
-  if(NOT "${CMAKE_${lang}_COMPILER_ID}" MATCHES "^(PathScale)$")
+  if(NOT CMAKE_${lang}_COMPILER_ID STREQUAL "PathScale")
     set(${lang}_DD --)
   endif()
 endforeach()
@@ -280,7 +280,7 @@ include(CheckCXXCompilerFlag)
 CHECK_CXX_COMPILER_FLAG(${CXX_DD}-_this_is_not_a_flag_ CXX_BOGUS_FLAG)
 TEST_FAIL(CXX_BOGUS_FLAG "CHECK_CXX_COMPILER_FLAG() succeeded, but should have failed")
 
-if("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
   unset(C_STRICT_PROTOTYPES CACHE)
   CHECK_C_COMPILER_FLAG("-Werror;-Wstrict-prototypes" C_STRICT_PROTOTYPES)
   TEST_ASSERT(C_STRICT_PROTOTYPES "CHECK_C_COMPILER_FLAG failed -Werror -Wstrict-prototypes")
diff --git a/Tests/Tutorial/Step2/tutorial.cxx b/Tests/Tutorial/Step2/tutorial.cxx
index 82b416f..c27da0b 100644
--- a/Tests/Tutorial/Step2/tutorial.cxx
+++ b/Tests/Tutorial/Step2/tutorial.cxx
@@ -21,12 +21,16 @@ int main (int argc, char *argv[])
     }
 
   double inputValue = atof(argv[1]);
+  double outputValue = 0;
 
+  if(inputValue >= 0)
+    {
 #ifdef USE_MYMATH
-  double outputValue = mysqrt(inputValue);
+    outputValue = mysqrt(inputValue);
 #else
-  double outputValue = sqrt(inputValue);
+    outputValue = sqrt(inputValue);
 #endif
+    }
 
   fprintf(stdout,"The square root of %g is %g\n",
           inputValue, outputValue);
diff --git a/Tests/Tutorial/Step3/tutorial.cxx b/Tests/Tutorial/Step3/tutorial.cxx
index 82b416f..c27da0b 100644
--- a/Tests/Tutorial/Step3/tutorial.cxx
+++ b/Tests/Tutorial/Step3/tutorial.cxx
@@ -21,12 +21,16 @@ int main (int argc, char *argv[])
     }
 
   double inputValue = atof(argv[1]);
+  double outputValue = 0;
 
+  if(inputValue >= 0)
+    {
 #ifdef USE_MYMATH
-  double outputValue = mysqrt(inputValue);
+    outputValue = mysqrt(inputValue);
 #else
-  double outputValue = sqrt(inputValue);
+    outputValue = sqrt(inputValue);
 #endif
+    }
 
   fprintf(stdout,"The square root of %g is %g\n",
           inputValue, outputValue);
diff --git a/Tests/Tutorial/Step4/tutorial.cxx b/Tests/Tutorial/Step4/tutorial.cxx
index 82b416f..c27da0b 100644
--- a/Tests/Tutorial/Step4/tutorial.cxx
+++ b/Tests/Tutorial/Step4/tutorial.cxx
@@ -21,12 +21,16 @@ int main (int argc, char *argv[])
     }
 
   double inputValue = atof(argv[1]);
+  double outputValue = 0;
 
+  if(inputValue >= 0)
+    {
 #ifdef USE_MYMATH
-  double outputValue = mysqrt(inputValue);
+    outputValue = mysqrt(inputValue);
 #else
-  double outputValue = sqrt(inputValue);
+    outputValue = sqrt(inputValue);
 #endif
+    }
 
   fprintf(stdout,"The square root of %g is %g\n",
           inputValue, outputValue);
diff --git a/Tests/Tutorial/Step5/tutorial.cxx b/Tests/Tutorial/Step5/tutorial.cxx
index 82b416f..c27da0b 100644
--- a/Tests/Tutorial/Step5/tutorial.cxx
+++ b/Tests/Tutorial/Step5/tutorial.cxx
@@ -21,12 +21,16 @@ int main (int argc, char *argv[])
     }
 
   double inputValue = atof(argv[1]);
+  double outputValue = 0;
 
+  if(inputValue >= 0)
+    {
 #ifdef USE_MYMATH
-  double outputValue = mysqrt(inputValue);
+    outputValue = mysqrt(inputValue);
 #else
-  double outputValue = sqrt(inputValue);
+    outputValue = sqrt(inputValue);
 #endif
+    }
 
   fprintf(stdout,"The square root of %g is %g\n",
           inputValue, outputValue);
diff --git a/Tests/Tutorial/Step6/tutorial.cxx b/Tests/Tutorial/Step6/tutorial.cxx
index 82b416f..c27da0b 100644
--- a/Tests/Tutorial/Step6/tutorial.cxx
+++ b/Tests/Tutorial/Step6/tutorial.cxx
@@ -21,12 +21,16 @@ int main (int argc, char *argv[])
     }
 
   double inputValue = atof(argv[1]);
+  double outputValue = 0;
 
+  if(inputValue >= 0)
+    {
 #ifdef USE_MYMATH
-  double outputValue = mysqrt(inputValue);
+    outputValue = mysqrt(inputValue);
 #else
-  double outputValue = sqrt(inputValue);
+    outputValue = sqrt(inputValue);
 #endif
+    }
 
   fprintf(stdout,"The square root of %g is %g\n",
           inputValue, outputValue);
diff --git a/Tests/Tutorial/Step7/tutorial.cxx b/Tests/Tutorial/Step7/tutorial.cxx
index 82b416f..c27da0b 100644
--- a/Tests/Tutorial/Step7/tutorial.cxx
+++ b/Tests/Tutorial/Step7/tutorial.cxx
@@ -21,12 +21,16 @@ int main (int argc, char *argv[])
     }
 
   double inputValue = atof(argv[1]);
+  double outputValue = 0;
 
+  if(inputValue >= 0)
+    {
 #ifdef USE_MYMATH
-  double outputValue = mysqrt(inputValue);
+    outputValue = mysqrt(inputValue);
 #else
-  double outputValue = sqrt(inputValue);
+    outputValue = sqrt(inputValue);
 #endif
+    }
 
   fprintf(stdout,"The square root of %g is %g\n",
           inputValue, outputValue);
diff --git a/Utilities/KWIML/test/CMakeLists.txt b/Utilities/KWIML/test/CMakeLists.txt
index a2359cc..a16b5cd 100644
--- a/Utilities/KWIML/test/CMakeLists.txt
+++ b/Utilities/KWIML/test/CMakeLists.txt
@@ -20,7 +20,7 @@ set_property(DIRECTORY
 
 # Suppress printf/scanf format warnings; we test if the sizes match.
 foreach(lang C CXX)
-  if(KWIML_LANGUAGE_${lang} AND "${CMAKE_${lang}_COMPILER_ID}" STREQUAL GNU)
+  if(KWIML_LANGUAGE_${lang} AND CMAKE_${lang}_COMPILER_ID STREQUAL "GNU")
     set(CMAKE_${lang}_FLAGS "${CMAKE_${lang}_FLAGS} -Wno-format")
   endif()
 endforeach()
diff --git a/Utilities/Release/create-cmake-release.cmake b/Utilities/Release/create-cmake-release.cmake
index a3f7032..19f4cb1 100644
--- a/Utilities/Release/create-cmake-release.cmake
+++ b/Utilities/Release/create-cmake-release.cmake
@@ -10,6 +10,7 @@ set(RELEASE_SCRIPTS_BATCH_1
   dashmacmini2_release.cmake  # Mac Darwin universal ppc;i386
   dashmacmini5_release.cmake  # Mac Darwin64 universal x86_64;i386
   magrathea_release.cmake     # Linux
+  linux64_release.cmake       # Linux x86_64
   ibm_aix_release.cmake       # AIX
 )
 
diff --git a/Utilities/Release/linux64_release.cmake b/Utilities/Release/linux64_release.cmake
new file mode 100644
index 0000000..513f42f
--- /dev/null
+++ b/Utilities/Release/linux64_release.cmake
@@ -0,0 +1,23 @@
+set(PROCESSORS 4)
+set(HOST linux64)
+set(MAKE_PROGRAM "make")
+set(CC /opt/gcc-4.9.2/bin/gcc)
+set(CXX /opt/gcc-4.9.2/bin/g++)
+set(CFLAGS   "")
+set(CXXFLAGS "")
+set(INITIAL_CACHE "
+CMAKE_BUILD_TYPE:STRING=Release
+CURSES_LIBRARY:FILEPATH=/home/kitware/ncurses-5.9/lib/libncurses.a
+CURSES_INCLUDE_PATH:PATH=/home/kitware/ncurses-5.9/include
+FORM_LIBRARY:FILEPATH=/home/kitware/ncurses-5.9/lib/libform.a
+CMAKE_USE_OPENSSL:BOOL=ON
+OPENSSL_CRYPTO_LIBRARY:FILEPATH=/home/kitware/openssl-1.0.1j/lib/libcrypto.a
+OPENSSL_INCLUDE_DIR:PATH=/home/kitware/openssl-1.0.1j/include
+OPENSSL_SSL_LIBRARY:FILEPATH=/home/kitware/openssl-1.0.1j/lib/libssl.a
+CPACK_SYSTEM_NAME:STRING=Linux-x86_64
+BUILD_QtDialog:BOOL:=TRUE
+CMake_GUI_DISTRIBUTE_WITH_Qt_LGPL:BOOL=TRUE
+QT_QMAKE_EXECUTABLE:FILEPATH=/home/kitware/qt-4.8.6/bin/qmake
+")
+get_filename_component(path "${CMAKE_CURRENT_LIST_FILE}" PATH)
+include(${path}/release_cmake.cmake)
diff --git a/Utilities/Release/upload_release.cmake b/Utilities/Release/upload_release.cmake
index 5f4da8f..841f244 100644
--- a/Utilities/Release/upload_release.cmake
+++ b/Utilities/Release/upload_release.cmake
@@ -1,6 +1,6 @@
 set(CTEST_RUN_CURRENT_SCRIPT 0)
 if(NOT VERSION)
- set(VERSION 3.0)
+ set(VERSION 3.1)
 endif()
 if(NOT DEFINED PROJECT_PREFIX)
   set(PROJECT_PREFIX cmake-${VERSION})
diff --git a/Utilities/cmThirdParty.h.in b/Utilities/cmThirdParty.h.in
index b0b5779..726c843 100644
--- a/Utilities/cmThirdParty.h.in
+++ b/Utilities/cmThirdParty.h.in
@@ -19,6 +19,7 @@
 #cmakedefine CMAKE_USE_SYSTEM_BZIP2
 #cmakedefine CMAKE_USE_SYSTEM_LIBARCHIVE
 #cmakedefine CMAKE_USE_SYSTEM_LIBLZMA
+#cmakedefine CMAKE_USE_SYSTEM_FORM
 #cmakedefine CTEST_USE_XMLRPC
 
 #endif
diff --git a/Utilities/cm_curl.h b/Utilities/cm_curl.h
index 43944a3..a3b049b 100644
--- a/Utilities/cm_curl.h
+++ b/Utilities/cm_curl.h
@@ -17,7 +17,7 @@
 #ifdef CMAKE_USE_SYSTEM_CURL
 # include <curl/curl.h>
 #else
-# include <cmcurl/curl/curl.h>
+# include <cmcurl/include/curl/curl.h>
 #endif
 
 #endif
diff --git a/Utilities/cmcurl/.gitattributes b/Utilities/cmcurl/.gitattributes
new file mode 100644
index 0000000..562b12e
--- /dev/null
+++ b/Utilities/cmcurl/.gitattributes
@@ -0,0 +1 @@
+* -whitespace
diff --git a/Utilities/cmcurl/CMake/CurlCheckCSourceCompiles.cmake b/Utilities/cmcurl/CMake/CurlCheckCSourceCompiles.cmake
index 2f427a2..396001b 100644
--- a/Utilities/cmcurl/CMake/CurlCheckCSourceCompiles.cmake
+++ b/Utilities/cmcurl/CMake/CurlCheckCSourceCompiles.cmake
@@ -12,42 +12,39 @@
 #  CMAKE_REQUIRED_INCLUDES = list of include directories
 #  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
 
-MACRO(CURL_CHECK_C_SOURCE_COMPILES SOURCE VAR)
-  IF(NOT DEFINED ${VAR} OR ${VAR} MATCHES "UNKNOWN")
-    SET(message "${VAR}")
+macro(CURL_CHECK_C_SOURCE_COMPILES SOURCE VAR)
+  if(NOT DEFINED "${VAR}")
+    set(message "${VAR}")
     # If the number of arguments is greater than 2 (SOURCE VAR)
-    IF(${ARGC} GREATER 2)
+    if(${ARGC} GREATER 2)
       # then add the third argument as a message
-      SET(message "${ARGV2} (${VAR})")
-    ENDIF(${ARGC} GREATER 2)
-    SET(MACRO_CHECK_FUNCTION_DEFINITIONS
+      set(message "${ARGV2} (${VAR})")
+    endif()
+    set(MACRO_CHECK_FUNCTION_DEFINITIONS
       "-D${VAR} ${CMAKE_REQUIRED_FLAGS}")
-    IF(CMAKE_REQUIRED_LIBRARIES)
-      SET(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES
+    if(CMAKE_REQUIRED_LIBRARIES)
+      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES
         "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
-    ELSE(CMAKE_REQUIRED_LIBRARIES)
-      SET(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES)
-    ENDIF(CMAKE_REQUIRED_LIBRARIES)
-    IF(CMAKE_REQUIRED_INCLUDES)
-      SET(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES
+    endif()
+    if(CMAKE_REQUIRED_INCLUDES)
+      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES
         "-DINCLUDE_DIRECTORIES:STRING=${CMAKE_REQUIRED_INCLUDES}")
-    ELSE(CMAKE_REQUIRED_INCLUDES)
-      SET(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES)
-    ENDIF(CMAKE_REQUIRED_INCLUDES)
-    SET(src "")
-    FOREACH(def ${EXTRA_DEFINES})
-      SET(src "${src}#define ${def} 1\n")
-    ENDFOREACH(def)
-    FOREACH(inc ${HEADER_INCLUDES})
-      SET(src "${src}#include <${inc}>\n")
-    ENDFOREACH(inc)
+    endif()
+    set(src "")
+    foreach(def ${EXTRA_DEFINES})
+      set(src "${src}#define ${def} 1\n")
+    endforeach(def)
+    foreach(inc ${HEADER_INCLUDES})
+      set(src "${src}#include <${inc}>\n")
+    endforeach(inc)
 
-    SET(src "${src}\nint main() { ${SOURCE} ; return 0; }")
-    SET(CMAKE_CONFIGURABLE_FILE_CONTENT "${src}")
-    CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/CMake/CMakeConfigurableFile.in
-      "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c")
-    MESSAGE(STATUS "Performing Test ${message}")
-    TRY_COMPILE(${VAR}
+    set(src "${src}\nint main() { ${SOURCE} ; return 0; }")
+    set(CMAKE_CONFIGURABLE_FILE_CONTENT "${src}")
+    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMake/CMakeConfigurableFile.in
+      "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c"
+      IMMEDIATE)
+    message(STATUS "Performing Test ${message}")
+    try_compile(${VAR}
       ${CMAKE_BINARY_DIR}
       ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c
       COMPILE_DEFINITIONS ${CMAKE_REQUIRED_DEFINITIONS}
@@ -55,20 +52,20 @@ MACRO(CURL_CHECK_C_SOURCE_COMPILES SOURCE VAR)
       "${CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES}"
       "${CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES}"
       OUTPUT_VARIABLE OUTPUT)
-    IF(${VAR})
-      SET(${VAR} 1 CACHE INTERNAL "Test ${message}")
-      MESSAGE(STATUS "Performing Test ${message} - Success")
-      FILE(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
+    if(${VAR})
+      set(${VAR} 1 CACHE INTERNAL "Test ${message}")
+      message(STATUS "Performing Test ${message} - Success")
+      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
         "Performing C SOURCE FILE Test ${message} succeded with the following output:\n"
         "${OUTPUT}\n"
         "Source file was:\n${src}\n")
-    ELSE(${VAR})
-      MESSAGE(STATUS "Performing Test ${message} - Failed")
-      SET(${VAR} "" CACHE INTERNAL "Test ${message}")
-      FILE(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
+    else()
+      message(STATUS "Performing Test ${message} - Failed")
+      set(${VAR} "" CACHE INTERNAL "Test ${message}")
+      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
         "Performing C SOURCE FILE Test ${message} failed with the following output:\n"
         "${OUTPUT}\n"
         "Source file was:\n${src}\n")
-    ENDIF(${VAR})
-  ENDIF()
-ENDMACRO(CURL_CHECK_C_SOURCE_COMPILES)
+    endif()
+  endif()
+endmacro()
diff --git a/Utilities/cmcurl/CMake/CurlCheckCSourceRuns.cmake b/Utilities/cmcurl/CMake/CurlCheckCSourceRuns.cmake
index 1bd837a..e62eebe 100644
--- a/Utilities/cmcurl/CMake/CurlCheckCSourceRuns.cmake
+++ b/Utilities/cmcurl/CMake/CurlCheckCSourceRuns.cmake
@@ -12,42 +12,43 @@
 #  CMAKE_REQUIRED_INCLUDES = list of include directories
 #  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
 
-MACRO(CURL_CHECK_C_SOURCE_RUNS SOURCE VAR)
-  IF("${VAR}" MATCHES "^${VAR}$" OR "${VAR}" MATCHES "UNKNOWN")
-    SET(message "${VAR}")
+macro(CURL_CHECK_C_SOURCE_RUNS SOURCE VAR)
+  if(NOT DEFINED "${VAR}")
+    set(message "${VAR}")
     # If the number of arguments is greater than 2 (SOURCE VAR)
-    IF(${ARGC} GREATER 2)
+    if(${ARGC} GREATER 2)
       # then add the third argument as a message
-      SET(message "${ARGV2} (${VAR})")
-    ENDIF(${ARGC} GREATER 2)
-    SET(MACRO_CHECK_FUNCTION_DEFINITIONS
+      set(message "${ARGV2} (${VAR})")
+    endif(${ARGC} GREATER 2)
+    set(MACRO_CHECK_FUNCTION_DEFINITIONS
       "-D${VAR} ${CMAKE_REQUIRED_FLAGS}")
-    IF(CMAKE_REQUIRED_LIBRARIES)
-      SET(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES
+    if(CMAKE_REQUIRED_LIBRARIES)
+      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES
         "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
-    ELSE(CMAKE_REQUIRED_LIBRARIES)
-      SET(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES)
-    ENDIF(CMAKE_REQUIRED_LIBRARIES)
-    IF(CMAKE_REQUIRED_INCLUDES)
-      SET(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES
+    else(CMAKE_REQUIRED_LIBRARIES)
+      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES)
+    endif(CMAKE_REQUIRED_LIBRARIES)
+    if(CMAKE_REQUIRED_INCLUDES)
+      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES
         "-DINCLUDE_DIRECTORIES:STRING=${CMAKE_REQUIRED_INCLUDES}")
-    ELSE(CMAKE_REQUIRED_INCLUDES)
-      SET(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES)
-    ENDIF(CMAKE_REQUIRED_INCLUDES)
-    SET(src "")
-    FOREACH(def ${EXTRA_DEFINES})
-      SET(src "${src}#define ${def} 1\n")
-    ENDFOREACH(def)
-    FOREACH(inc ${HEADER_INCLUDES})
-      SET(src "${src}#include <${inc}>\n")
-    ENDFOREACH(inc)
+    else(CMAKE_REQUIRED_INCLUDES)
+      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES)
+    endif(CMAKE_REQUIRED_INCLUDES)
+    set(src "")
+    foreach(def ${EXTRA_DEFINES})
+      set(src "${src}#define ${def} 1\n")
+    endforeach(def)
+    foreach(inc ${HEADER_INCLUDES})
+      set(src "${src}#include <${inc}>\n")
+    endforeach(inc)
 
-    SET(src "${src}\nint main() { ${SOURCE} ; return 0; }")
-    SET(CMAKE_CONFIGURABLE_FILE_CONTENT "${src}")
-    CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/CMake/CMakeConfigurableFile.in
-      "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c")
-    MESSAGE(STATUS "Performing Test ${message}")
-    TRY_RUN(${VAR} ${VAR}_COMPILED
+    set(src "${src}\nint main() { ${SOURCE} ; return 0; }")
+    set(CMAKE_CONFIGURABLE_FILE_CONTENT "${src}")
+    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMake/CMakeConfigurableFile.in
+      "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c"
+      IMMEDIATE)
+    message(STATUS "Performing Test ${message}")
+    try_run(${VAR} ${VAR}_COMPILED
       ${CMAKE_BINARY_DIR}
       ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c
       COMPILE_DEFINITIONS ${CMAKE_REQUIRED_DEFINITIONS}
@@ -56,27 +57,27 @@ MACRO(CURL_CHECK_C_SOURCE_RUNS SOURCE VAR)
       "${CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES}"
       OUTPUT_VARIABLE OUTPUT)
     # if it did not compile make the return value fail code of 1
-    IF(NOT ${VAR}_COMPILED)
-      SET(${VAR} 1)
-    ENDIF(NOT ${VAR}_COMPILED)
+    if(NOT ${VAR}_COMPILED)
+      set(${VAR} 1)
+    endif(NOT ${VAR}_COMPILED)
     # if the return value was 0 then it worked
-    SET(result_var ${${VAR}})
-    IF("${result_var}" EQUAL 0)
-      SET(${VAR} 1 CACHE INTERNAL "Test ${message}")
-      MESSAGE(STATUS "Performing Test ${message} - Success")
-      FILE(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
+    set(result_var ${${VAR}})
+    if("${result_var}" EQUAL 0)
+      set(${VAR} 1 CACHE INTERNAL "Test ${message}")
+      message(STATUS "Performing Test ${message} - Success")
+      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
         "Performing C SOURCE FILE Test ${message} succeded with the following output:\n"
         "${OUTPUT}\n"
         "Return value: ${${VAR}}\n"
         "Source file was:\n${src}\n")
-    ELSE("${result_var}" EQUAL 0)
-      MESSAGE(STATUS "Performing Test ${message} - Failed")
-      SET(${VAR} "" CACHE INTERNAL "Test ${message}")
-      FILE(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
+    else("${result_var}" EQUAL 0)
+      message(STATUS "Performing Test ${message} - Failed")
+      set(${VAR} "" CACHE INTERNAL "Test ${message}")
+      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
         "Performing C SOURCE FILE Test ${message} failed with the following output:\n"
         "${OUTPUT}\n"
         "Return value: ${result_var}\n"
         "Source file was:\n${src}\n")
-    ENDIF("${result_var}" EQUAL 0)
-  ENDIF("${VAR}" MATCHES "^${VAR}$" OR "${VAR}" MATCHES "UNKNOWN")
-ENDMACRO(CURL_CHECK_C_SOURCE_RUNS)
+    endif("${result_var}" EQUAL 0)
+  endif()
+endmacro(CURL_CHECK_C_SOURCE_RUNS)
diff --git a/Utilities/cmcurl/CMake/CurlTests.c b/Utilities/cmcurl/CMake/CurlTests.c
index c5ba7c2..199871a 100644
--- a/Utilities/cmcurl/CMake/CurlTests.c
+++ b/Utilities/cmcurl/CMake/CurlTests.c
@@ -1,6 +1,27 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
 #ifdef TIME_WITH_SYS_TIME
 /* Time with sys/time test */
- 
+
 #include <sys/types.h>
 #include <sys/time.h>
 #include <time.h>
@@ -16,34 +37,37 @@ return 0;
 
 #endif
 
-#ifdef HAVE_O_NONBLOCK
+#ifdef HAVE_FCNTL_O_NONBLOCK
 
+/* headers for FCNTL_O_NONBLOCK test */
 #include <sys/types.h>
 #include <unistd.h>
 #include <fcntl.h>
-
-int
-main ()
-{
-  /* try to compile O_NONBLOCK */
-
-#if defined(sun) || defined(__sun__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+/* */
+#if defined(sun) || defined(__sun__) || \
+    defined(__SUNPRO_C) || defined(__SUNPRO_CC)
 # if defined(__SVR4) || defined(__srv4__)
 #  define PLATFORM_SOLARIS
 # else
 #  define PLATFORM_SUNOS4
 # endif
 #endif
-#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX4)
+#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
 # define PLATFORM_AIX_V3
 #endif
-
+/* */
 #if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) || defined(__BEOS__)
 #error "O_NONBLOCK does not work on this platform"
 #endif
-  int socket;
-  int flags = fcntl(socket, F_SETFL, flags | O_NONBLOCK);
-  return 0;
+
+int
+main ()
+{
+      /* O_NONBLOCK source test */
+      int flags = 0;
+      if(0 != fcntl(0, F_SETFL, flags | O_NONBLOCK))
+          return 1;
+      return 0;
 }
 #endif
 
@@ -339,6 +363,24 @@ if (sizeof (in_addr_t))
   return 0;
 }
 #endif
+
+#ifdef HAVE_BOOL_T
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_STDBOOL_H
+#include <stdbool.h>
+#endif
+int
+main ()
+{
+if (sizeof (bool *) )
+  return 0;
+  ;
+  return 0;
+}
+#endif
+
 #ifdef STDC_HEADERS
 #include <stdlib.h>
 #include <stdarg.h>
@@ -432,7 +474,20 @@ int main(void) {
 int main () { ; return 0; }
 #endif
 #ifdef HAVE_IOCTLSOCKET
-#include <windows.h>
+/* includes start */
+#ifdef HAVE_WINDOWS_H
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  ifdef HAVE_WINSOCK2_H
+#    include <winsock2.h>
+#  else
+#    ifdef HAVE_WINSOCK_H
+#      include <winsock.h>
+#    endif
+#  endif
+#endif
 
 int
 main ()
@@ -447,52 +502,182 @@ main ()
 }
 
 #endif
-#ifdef HAVE_IOCTLSOCKET_CASE
-#include <windows.h>
+#ifdef HAVE_IOCTLSOCKET_CAMEL
+/* includes start */
+#ifdef HAVE_WINDOWS_H
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  ifdef HAVE_WINSOCK2_H
+#    include <winsock2.h>
+#  else
+#    ifdef HAVE_WINSOCK_H
+#      include <winsock.h>
+#    endif
+#  endif
+#endif
 
 int
 main ()
 {
 
 /* IoctlSocket source code */
- int socket;
- int flags = IoctlSocket(socket, FIONBIO, (long)1);
+    if(0 != IoctlSocket(0, 0, 0))
+      return 1;
+  ;
+  return 0;
+}
+#endif
+#ifdef HAVE_IOCTLSOCKET_CAMEL_FIONBIO
+/* includes start */
+#ifdef HAVE_WINDOWS_H
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  ifdef HAVE_WINSOCK2_H
+#    include <winsock2.h>
+#  else
+#    ifdef HAVE_WINSOCK_H
+#      include <winsock.h>
+#    endif
+#  endif
+#endif
+
+int
+main ()
+{
 
+/* IoctlSocket source code */
+        long flags = 0;
+        if(0 != ioctlsocket(0, FIONBIO, &flags))
+          return 1;
   ;
   return 0;
 }
 #endif
-#ifdef HAVE_FIONBIO
+#ifdef HAVE_IOCTLSOCKET_FIONBIO
+/* includes start */
+#ifdef HAVE_WINDOWS_H
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  ifdef HAVE_WINSOCK2_H
+#    include <winsock2.h>
+#  else
+#    ifdef HAVE_WINSOCK_H
+#      include <winsock.h>
+#    endif
+#  endif
+#endif
+
+int
+main ()
+{
+
+        int flags = 0;
+        if(0 != ioctlsocket(0, FIONBIO, &flags))
+          return 1;
+
+  ;
+  return 0;
+}
+#endif
+#ifdef HAVE_IOCTL_FIONBIO
 /* headers for FIONBIO test */
-#include <unistd.h>
-#include <stropts.h>
+/* includes start */
+#ifdef HAVE_SYS_TYPES_H
+#  include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#  include <unistd.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#  include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#  include <sys/ioctl.h>
+#endif
+#ifdef HAVE_STROPTS_H
+#  include <stropts.h>
+#endif
 
 int
 main ()
 {
 
-/* FIONBIO source test (old-style unix) */
- int socket;
- int flags = ioctl(socket, FIONBIO, &flags);
+        int flags = 0;
+        if(0 != ioctl(0, FIONBIO, &flags))
+          return 1;
 
   ;
   return 0;
 }
 #endif
-#ifdef HAVE_SO_NONBLOCK
+#ifdef HAVE_IOCTL_SIOCGIFADDR
+/* headers for FIONBIO test */
+/* includes start */
+#ifdef HAVE_SYS_TYPES_H
+#  include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#  include <unistd.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#  include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#  include <sys/ioctl.h>
+#endif
+#ifdef HAVE_STROPTS_H
+#  include <stropts.h>
+#endif
+#include <net/if.h>
 
-/* headers for SO_NONBLOCK test (BeOS) */
-#include <sys/types.h>
-#include <unistd.h>
-#include <fcntl.h>
+int
+main ()
+{
+        struct ifreq ifr;
+        if(0 != ioctl(0, SIOCGIFADDR, &ifr))
+          return 1;
 
-int main()
+  ;
+  return 0;
+}
+#endif
+#ifdef HAVE_SETSOCKOPT_SO_NONBLOCK
+/* includes start */
+#ifdef HAVE_WINDOWS_H
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  ifdef HAVE_WINSOCK2_H
+#    include <winsock2.h>
+#  else
+#    ifdef HAVE_WINSOCK_H
+#      include <winsock.h>
+#    endif
+#  endif
+#endif
+/* includes start */
+#ifdef HAVE_SYS_TYPES_H
+#  include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#  include <sys/socket.h>
+#endif
+/* includes end */
+
+int
+main ()
 {
-/* SO_NONBLOCK source code */
- long b = 1;
- int socket;
- int flags = setsockopt(socket, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
- return 0;
+        if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0))
+          return 1;
+  ;
+  return 0;
 }
 #endif
 #ifdef HAVE_GLIBC_STRERROR_R
diff --git a/Utilities/cmcurl/CMake/FindCARES.cmake b/Utilities/cmcurl/CMake/FindCARES.cmake
new file mode 100644
index 0000000..c4ab5f1
--- /dev/null
+++ b/Utilities/cmcurl/CMake/FindCARES.cmake
@@ -0,0 +1,42 @@
+# - Find c-ares
+# Find the c-ares includes and library
+# This module defines
+#  CARES_INCLUDE_DIR, where to find ares.h, etc.
+#  CARES_LIBRARIES, the libraries needed to use c-ares.
+#  CARES_FOUND, If false, do not try to use c-ares.
+# also defined, but not for general use are
+# CARES_LIBRARY, where to find the c-ares library.
+
+FIND_PATH(CARES_INCLUDE_DIR ares.h
+  /usr/local/include
+  /usr/include
+  )
+
+SET(CARES_NAMES ${CARES_NAMES} cares)
+FIND_LIBRARY(CARES_LIBRARY
+  NAMES ${CARES_NAMES}
+  PATHS /usr/lib /usr/local/lib
+  )
+
+IF (CARES_LIBRARY AND CARES_INCLUDE_DIR)
+  SET(CARES_LIBRARIES ${CARES_LIBRARY})
+  SET(CARES_FOUND "YES")
+ELSE (CARES_LIBRARY AND CARES_INCLUDE_DIR)
+  SET(CARES_FOUND "NO")
+ENDIF (CARES_LIBRARY AND CARES_INCLUDE_DIR)
+
+
+IF (CARES_FOUND)
+  IF (NOT CARES_FIND_QUIETLY)
+    MESSAGE(STATUS "Found c-ares: ${CARES_LIBRARIES}")
+  ENDIF (NOT CARES_FIND_QUIETLY)
+ELSE (CARES_FOUND)
+  IF (CARES_FIND_REQUIRED)
+    MESSAGE(FATAL_ERROR "Could not find c-ares library")
+  ENDIF (CARES_FIND_REQUIRED)
+ENDIF (CARES_FOUND)
+
+MARK_AS_ADVANCED(
+  CARES_LIBRARY
+  CARES_INCLUDE_DIR
+  )
diff --git a/Utilities/cmcurl/CMake/FindLibSSH2.cmake b/Utilities/cmcurl/CMake/FindLibSSH2.cmake
new file mode 100644
index 0000000..12a7c61
--- /dev/null
+++ b/Utilities/cmcurl/CMake/FindLibSSH2.cmake
@@ -0,0 +1,35 @@
+# - Try to find the libssh2 library
+# Once done this will define
+#
+# LIBSSH2_FOUND - system has the libssh2 library
+# LIBSSH2_INCLUDE_DIR - the libssh2 include directory
+# LIBSSH2_LIBRARY - the libssh2 library name
+
+if (LIBSSH2_INCLUDE_DIR AND LIBSSH2_LIBRARY)
+  set(LibSSH2_FIND_QUIETLY TRUE)
+endif (LIBSSH2_INCLUDE_DIR AND LIBSSH2_LIBRARY)
+
+FIND_PATH(LIBSSH2_INCLUDE_DIR libssh2.h
+)
+
+FIND_LIBRARY(LIBSSH2_LIBRARY NAMES ssh2
+)
+
+if(LIBSSH2_INCLUDE_DIR)
+  file(STRINGS "${LIBSSH2_INCLUDE_DIR}/libssh2.h" libssh2_version_str REGEX "^#define[\t ]+LIBSSH2_VERSION_NUM[\t ]+0x[0-9][0-9][0-9][0-9][0-9][0-9].*")
+
+  string(REGEX REPLACE "^.*LIBSSH2_VERSION_NUM[\t ]+0x([0-9][0-9]).*$" "\\1" LIBSSH2_VERSION_MAJOR "${libssh2_version_str}")
+  string(REGEX REPLACE "^.*LIBSSH2_VERSION_NUM[\t ]+0x[0-9][0-9]([0-9][0-9]).*$" "\\1" LIBSSH2_VERSION_MINOR  "${libssh2_version_str}")
+  string(REGEX REPLACE "^.*LIBSSH2_VERSION_NUM[\t ]+0x[0-9][0-9][0-9][0-9]([0-9][0-9]).*$" "\\1" LIBSSH2_VERSION_PATCH "${libssh2_version_str}")
+
+  string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_MAJOR "${LIBSSH2_VERSION_MAJOR}")
+  string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_MINOR "${LIBSSH2_VERSION_MINOR}")
+  string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_PATCH "${LIBSSH2_VERSION_PATCH}")
+
+  set(LIBSSH2_VERSION "${LIBSSH2_VERSION_MAJOR}.${LIBSSH2_VERSION_MINOR}.${LIBSSH2_VERSION_PATCH}")
+endif(LIBSSH2_INCLUDE_DIR)
+
+include(FindPackageHandleStandardArgs)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(LibSSH2 DEFAULT_MSG LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY )
+
+MARK_AS_ADVANCED(LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY LIBSSH2_VERSION_MAJOR LIBSSH2_VERSION_MINOR LIBSSH2_VERSION_PATCH LIBSSH2_VERSION)
diff --git a/Utilities/cmcurl/CMake/Macros.cmake b/Utilities/cmcurl/CMake/Macros.cmake
new file mode 100644
index 0000000..0f8eb57
--- /dev/null
+++ b/Utilities/cmcurl/CMake/Macros.cmake
@@ -0,0 +1,89 @@
+#File defines convenience macros for available feature testing
+
+# This macro checks if the symbol exists in the library and if it
+# does, it prepends library to the list.
+macro(CHECK_LIBRARY_EXISTS_CONCAT LIBRARY SYMBOL VARIABLE)
+  check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}"
+    ${VARIABLE})
+  if(${VARIABLE})
+    set(CURL_LIBS ${LIBRARY} ${CURL_LIBS})
+  endif(${VARIABLE})
+endmacro(CHECK_LIBRARY_EXISTS_CONCAT)
+
+# Check if header file exists and add it to the list.
+macro(CHECK_INCLUDE_FILE_CONCAT FILE VARIABLE)
+  check_include_files("${CURL_INCLUDES};${FILE}" ${VARIABLE})
+  if(${VARIABLE})
+    set(CURL_INCLUDES ${CURL_INCLUDES} ${FILE})
+    set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -D${VARIABLE}")
+  endif(${VARIABLE})
+endmacro(CHECK_INCLUDE_FILE_CONCAT)
+
+# For other curl specific tests, use this macro.
+macro(CURL_INTERNAL_TEST CURL_TEST)
+  if(NOT DEFINED "${CURL_TEST}")
+    set(MACRO_CHECK_FUNCTION_DEFINITIONS
+      "-D${CURL_TEST} ${CURL_TEST_DEFINES} ${CMAKE_REQUIRED_FLAGS}")
+    if(CMAKE_REQUIRED_LIBRARIES)
+      set(CURL_TEST_ADD_LIBRARIES
+        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
+    endif(CMAKE_REQUIRED_LIBRARIES)
+
+    message(STATUS "Performing Curl Test ${CURL_TEST}")
+    try_compile(${CURL_TEST}
+      ${CMAKE_BINARY_DIR}
+      ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c
+      CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
+      "${CURL_TEST_ADD_LIBRARIES}"
+      OUTPUT_VARIABLE OUTPUT)
+    if(${CURL_TEST})
+      set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}")
+      message(STATUS "Performing Curl Test ${CURL_TEST} - Success")
+      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
+        "Performing Curl Test ${CURL_TEST} passed with the following output:\n"
+        "${OUTPUT}\n")
+    else(${CURL_TEST})
+      message(STATUS "Performing Curl Test ${CURL_TEST} - Failed")
+      set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}")
+      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
+        "Performing Curl Test ${CURL_TEST} failed with the following output:\n"
+        "${OUTPUT}\n")
+    endif(${CURL_TEST})
+  endif()
+endmacro(CURL_INTERNAL_TEST)
+
+macro(CURL_INTERNAL_TEST_RUN CURL_TEST)
+  if(NOT DEFINED "${CURL_TEST}_COMPILE")
+    set(MACRO_CHECK_FUNCTION_DEFINITIONS
+      "-D${CURL_TEST} ${CMAKE_REQUIRED_FLAGS}")
+    if(CMAKE_REQUIRED_LIBRARIES)
+      set(CURL_TEST_ADD_LIBRARIES
+        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
+    endif(CMAKE_REQUIRED_LIBRARIES)
+
+    message(STATUS "Performing Curl Test ${CURL_TEST}")
+    try_run(${CURL_TEST} ${CURL_TEST}_COMPILE
+      ${CMAKE_BINARY_DIR}
+      ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c
+      CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
+      "${CURL_TEST_ADD_LIBRARIES}"
+      OUTPUT_VARIABLE OUTPUT)
+    if(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
+      set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}")
+      message(STATUS "Performing Curl Test ${CURL_TEST} - Success")
+    else(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
+      message(STATUS "Performing Curl Test ${CURL_TEST} - Failed")
+      set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}")
+      file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
+        "Performing Curl Test ${CURL_TEST} failed with the following output:\n"
+        "${OUTPUT}")
+      if(${CURL_TEST}_COMPILE)
+        file(APPEND
+          "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
+          "There was a problem running this test\n")
+      endif(${CURL_TEST}_COMPILE)
+      file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
+        "\n\n")
+    endif(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
+  endif()
+endmacro(CURL_INTERNAL_TEST_RUN)
diff --git a/Utilities/cmcurl/CMake/OtherTests.cmake b/Utilities/cmcurl/CMake/OtherTests.cmake
index 7d2c66f..039d189 100644
--- a/Utilities/cmcurl/CMake/OtherTests.cmake
+++ b/Utilities/cmcurl/CMake/OtherTests.cmake
@@ -1,242 +1,253 @@
-INCLUDE(CurlCheckCSourceCompiles)
-SET(EXTRA_DEFINES "__unused1\n#undef inline\n#define __unused2")
-SET(HEADER_INCLUDES)
-SET(headers_hack)
-
-MACRO(add_header_include check header)
-  IF(${check})
-    SET(headers_hack
+include(CurlCheckCSourceCompiles)
+set(EXTRA_DEFINES "__unused1\n#undef inline\n#define __unused2")
+set(HEADER_INCLUDES)
+set(headers_hack)
+
+macro(add_header_include check header)
+  if(${check})
+    set(headers_hack
       "${headers_hack}\n#include <${header}>")
     #SET(HEADER_INCLUDES
     #  ${HEADER_INCLUDES}
     #  "${header}")
-  ENDIF(${check})
-ENDMACRO(add_header_include)
+  endif(${check})
+endmacro(add_header_include)
 
-SET(signature_call_conv)
-IF(HAVE_WINDOWS_H)
+set(signature_call_conv)
+if(HAVE_WINDOWS_H)
   add_header_include(HAVE_WINDOWS_H "windows.h")
   add_header_include(HAVE_WINSOCK2_H "winsock2.h")
   add_header_include(HAVE_WINSOCK_H "winsock.h")
-  SET(EXTRA_DEFINES ${EXTRA_DEFINES}
+  set(EXTRA_DEFINES ${EXTRA_DEFINES}
     "__unused7\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif\n#define __unused3")
-  SET(signature_call_conv "PASCAL")
-ELSE(HAVE_WINDOWS_H)
+  set(signature_call_conv "PASCAL")
+  if(HAVE_LIBWS2_32)
+    set(CMAKE_REQUIRED_LIBRARIES ws2_32)
+  endif()
+else(HAVE_WINDOWS_H)
   add_header_include(HAVE_SYS_TYPES_H "sys/types.h")
   add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h")
-ENDIF(HAVE_WINDOWS_H)
+endif(HAVE_WINDOWS_H)
 
-SET(EXTRA_DEFINES_BACKUP "${EXTRA_DEFINES}")
-SET(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5")
-CURL_CHECK_C_SOURCE_COMPILES("recv(0, 0, 0, 0)" curl_cv_recv)
-IF(curl_cv_recv)
+set(EXTRA_DEFINES_BACKUP "${EXTRA_DEFINES}")
+set(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5")
+curl_check_c_source_compiles("recv(0, 0, 0, 0)" curl_cv_recv)
+if(curl_cv_recv)
   #    AC_CACHE_CHECK([types of arguments and return type for recv],
   #[curl_cv_func_recv_args], [
   #SET(curl_cv_func_recv_args "unknown")
   #for recv_retv in 'int' 'ssize_t'; do
-  IF(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown")
-    FOREACH(recv_retv "int" "ssize_t" )
-      FOREACH(recv_arg1 "int" "ssize_t" "SOCKET")
-        FOREACH(recv_arg2 "void *" "char *")
-          FOREACH(recv_arg3 "size_t" "int" "socklen_t" "unsigned int")
-            FOREACH(recv_arg4 "int" "unsigned int")
-              IF(NOT curl_cv_func_recv_done)
-                SET(curl_cv_func_recv_test "UNKNOWN")
-                SET(extern_line "extern ${recv_retv} ${signature_call_conv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})\;")
-                SET(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5")
-                CURL_CHECK_C_SOURCE_COMPILES("
+  if(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown")
+    foreach(recv_retv "int" "ssize_t" )
+      foreach(recv_arg1 "int" "ssize_t" "SOCKET")
+        foreach(recv_arg2 "void *" "char *")
+          foreach(recv_arg3 "size_t" "int" "socklen_t" "unsigned int")
+            foreach(recv_arg4 "int" "unsigned int")
+              if(NOT curl_cv_func_recv_done)
+                unset(curl_cv_func_recv_test CACHE)
+                set(extern_line "extern ${recv_retv} ${signature_call_conv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})\;")
+                set(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5")
+                curl_check_c_source_compiles("
                     ${recv_arg1} s=0;
                     ${recv_arg2} buf=0;
                     ${recv_arg3} len=0;
                     ${recv_arg4} flags=0;
                     ${recv_retv} res = recv(s, buf, len, flags)"
-                    curl_cv_func_recv_test
-                    "${recv_retv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})")
-                IF(curl_cv_func_recv_test)
-                  SET(curl_cv_func_recv_args
+                  curl_cv_func_recv_test
+                  "${recv_retv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})")
+                if(curl_cv_func_recv_test)
+                  set(curl_cv_func_recv_args
                     "${recv_arg1},${recv_arg2},${recv_arg3},${recv_arg4},${recv_retv}")
-                  SET(RECV_TYPE_ARG1 "${recv_arg1}")
-                  SET(RECV_TYPE_ARG2 "${recv_arg2}")
-                  SET(RECV_TYPE_ARG3 "${recv_arg3}")
-                  SET(RECV_TYPE_ARG4 "${recv_arg4}")
-                  SET(RECV_TYPE_RETV "${recv_retv}")
-                  SET(HAVE_RECV 1)
-                  SET(curl_cv_func_recv_done 1)
-                ENDIF(curl_cv_func_recv_test)
-              ENDIF(NOT curl_cv_func_recv_done)
-            ENDFOREACH(recv_arg4)
-          ENDFOREACH(recv_arg3)
-        ENDFOREACH(recv_arg2)
-      ENDFOREACH(recv_arg1)
-    ENDFOREACH(recv_retv) 
-  ELSE(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown")
-    STRING(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG1 "${curl_cv_func_recv_args}")
-    STRING(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG2 "${curl_cv_func_recv_args}")
-    STRING(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG3 "${curl_cv_func_recv_args}")
-    STRING(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" RECV_TYPE_ARG4 "${curl_cv_func_recv_args}")
-    STRING(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" RECV_TYPE_RETV "${curl_cv_func_recv_args}")
+                  set(RECV_TYPE_ARG1 "${recv_arg1}")
+                  set(RECV_TYPE_ARG2 "${recv_arg2}")
+                  set(RECV_TYPE_ARG3 "${recv_arg3}")
+                  set(RECV_TYPE_ARG4 "${recv_arg4}")
+                  set(RECV_TYPE_RETV "${recv_retv}")
+                  set(HAVE_RECV 1)
+                  set(curl_cv_func_recv_done 1)
+                endif(curl_cv_func_recv_test)
+              endif(NOT curl_cv_func_recv_done)
+            endforeach(recv_arg4)
+          endforeach(recv_arg3)
+        endforeach(recv_arg2)
+      endforeach(recv_arg1)
+    endforeach(recv_retv)
+  else(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown")
+    string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG1 "${curl_cv_func_recv_args}")
+    string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG2 "${curl_cv_func_recv_args}")
+    string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG3 "${curl_cv_func_recv_args}")
+    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" RECV_TYPE_ARG4 "${curl_cv_func_recv_args}")
+    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" RECV_TYPE_RETV "${curl_cv_func_recv_args}")
     #MESSAGE("RECV_TYPE_ARG1 ${RECV_TYPE_ARG1}")
     #MESSAGE("RECV_TYPE_ARG2 ${RECV_TYPE_ARG2}")
     #MESSAGE("RECV_TYPE_ARG3 ${RECV_TYPE_ARG3}")
     #MESSAGE("RECV_TYPE_ARG4 ${RECV_TYPE_ARG4}")
     #MESSAGE("RECV_TYPE_RETV ${RECV_TYPE_RETV}")
-  ENDIF(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown")
-  
-  IF("${curl_cv_func_recv_args}" STREQUAL "unknown")
-    MESSAGE(FATAL_ERROR "Cannot find proper types to use for recv args")
-  ENDIF("${curl_cv_func_recv_args}" STREQUAL "unknown")
-ELSE(curl_cv_recv)
-  MESSAGE(FATAL_ERROR "Unable to link function recv")
-ENDIF(curl_cv_recv)
-SET(curl_cv_func_recv_args "${curl_cv_func_recv_args}" CACHE INTERNAL "Arguments for recv")
-SET(HAVE_RECV 1)
-
-CURL_CHECK_C_SOURCE_COMPILES("send(0, 0, 0, 0)" curl_cv_send)
-IF(curl_cv_send)
+  endif(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown")
+
+  if("${curl_cv_func_recv_args}" STREQUAL "unknown")
+    message(FATAL_ERROR "Cannot find proper types to use for recv args")
+  endif("${curl_cv_func_recv_args}" STREQUAL "unknown")
+else(curl_cv_recv)
+  message(FATAL_ERROR "Unable to link function recv")
+endif(curl_cv_recv)
+set(curl_cv_func_recv_args "${curl_cv_func_recv_args}" CACHE INTERNAL "Arguments for recv")
+set(HAVE_RECV 1)
+
+curl_check_c_source_compiles("send(0, 0, 0, 0)" curl_cv_send)
+if(curl_cv_send)
   #    AC_CACHE_CHECK([types of arguments and return type for send],
   #[curl_cv_func_send_args], [
   #SET(curl_cv_func_send_args "unknown")
   #for send_retv in 'int' 'ssize_t'; do
-  IF(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown")
-    FOREACH(send_retv "int" "ssize_t" )
-      FOREACH(send_arg1 "int" "ssize_t" "SOCKET")
-        FOREACH(send_arg2 "const void *" "void *" "char *" "const char *")
-          FOREACH(send_arg3 "size_t" "int" "socklen_t" "unsigned int")
-            FOREACH(send_arg4 "int" "unsigned int")
-              IF(NOT curl_cv_func_send_done)
-                SET(curl_cv_func_send_test "UNKNOWN")
-                SET(extern_line "extern ${send_retv} ${signature_call_conv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})\;")
-                SET(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5")
-                CURL_CHECK_C_SOURCE_COMPILES("
+  if(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown")
+    foreach(send_retv "int" "ssize_t" )
+      foreach(send_arg1 "int" "ssize_t" "SOCKET")
+        foreach(send_arg2 "const void *" "void *" "char *" "const char *")
+          foreach(send_arg3 "size_t" "int" "socklen_t" "unsigned int")
+            foreach(send_arg4 "int" "unsigned int")
+              if(NOT curl_cv_func_send_done)
+                unset(curl_cv_func_send_test CACHE)
+                set(extern_line "extern ${send_retv} ${signature_call_conv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})\;")
+                set(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5")
+                curl_check_c_source_compiles("
                     ${send_arg1} s=0;
                     ${send_arg2} buf=0;
                     ${send_arg3} len=0;
                     ${send_arg4} flags=0;
                     ${send_retv} res = send(s, buf, len, flags)"
-                    curl_cv_func_send_test
-                    "${send_retv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})")
-                IF(curl_cv_func_send_test)
+                  curl_cv_func_send_test
+                  "${send_retv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})")
+                if(curl_cv_func_send_test)
                   #MESSAGE("Found arguments: ${curl_cv_func_send_test}")
-                  STRING(REGEX REPLACE "(const) .*" "\\1" send_qual_arg2 "${send_arg2}")
-                  STRING(REGEX REPLACE "const (.*)" "\\1" send_arg2 "${send_arg2}")
-                  SET(curl_cv_func_send_args
+                  string(REGEX REPLACE "(const) .*" "\\1" send_qual_arg2 "${send_arg2}")
+                  string(REGEX REPLACE "const (.*)" "\\1" send_arg2 "${send_arg2}")
+                  set(curl_cv_func_send_args
                     "${send_arg1},${send_arg2},${send_arg3},${send_arg4},${send_retv},${send_qual_arg2}")
-                  SET(SEND_TYPE_ARG1 "${send_arg1}")
-                  SET(SEND_TYPE_ARG2 "${send_arg2}")
-                  SET(SEND_TYPE_ARG3 "${send_arg3}")
-                  SET(SEND_TYPE_ARG4 "${send_arg4}")
-                  SET(SEND_TYPE_RETV "${send_retv}")
-                  SET(HAVE_SEND 1)
-                  SET(curl_cv_func_send_done 1)
-                ENDIF(curl_cv_func_send_test)
-              ENDIF(NOT curl_cv_func_send_done)
-            ENDFOREACH(send_arg4)
-          ENDFOREACH(send_arg3)
-        ENDFOREACH(send_arg2)
-      ENDFOREACH(send_arg1)
-    ENDFOREACH(send_retv) 
-  ELSE(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown")
-    STRING(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG1 "${curl_cv_func_send_args}")
-    STRING(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG2 "${curl_cv_func_send_args}")
-    STRING(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG3 "${curl_cv_func_send_args}")
-    STRING(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG4 "${curl_cv_func_send_args}")
-    STRING(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" SEND_TYPE_RETV "${curl_cv_func_send_args}")
-    STRING(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" SEND_QUAL_ARG2 "${curl_cv_func_send_args}")
+                  set(SEND_TYPE_ARG1 "${send_arg1}")
+                  set(SEND_TYPE_ARG2 "${send_arg2}")
+                  set(SEND_TYPE_ARG3 "${send_arg3}")
+                  set(SEND_TYPE_ARG4 "${send_arg4}")
+                  set(SEND_TYPE_RETV "${send_retv}")
+                  set(HAVE_SEND 1)
+                  set(curl_cv_func_send_done 1)
+                endif(curl_cv_func_send_test)
+              endif(NOT curl_cv_func_send_done)
+            endforeach(send_arg4)
+          endforeach(send_arg3)
+        endforeach(send_arg2)
+      endforeach(send_arg1)
+    endforeach(send_retv)
+  else(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown")
+    string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG1 "${curl_cv_func_send_args}")
+    string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG2 "${curl_cv_func_send_args}")
+    string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG3 "${curl_cv_func_send_args}")
+    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG4 "${curl_cv_func_send_args}")
+    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" SEND_TYPE_RETV "${curl_cv_func_send_args}")
+    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" SEND_QUAL_ARG2 "${curl_cv_func_send_args}")
     #MESSAGE("SEND_TYPE_ARG1 ${SEND_TYPE_ARG1}")
     #MESSAGE("SEND_TYPE_ARG2 ${SEND_TYPE_ARG2}")
     #MESSAGE("SEND_TYPE_ARG3 ${SEND_TYPE_ARG3}")
     #MESSAGE("SEND_TYPE_ARG4 ${SEND_TYPE_ARG4}")
     #MESSAGE("SEND_TYPE_RETV ${SEND_TYPE_RETV}")
     #MESSAGE("SEND_QUAL_ARG2 ${SEND_QUAL_ARG2}")
-  ENDIF(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown")
-  
-  IF("${curl_cv_func_send_args}" STREQUAL "unknown")
-    MESSAGE(FATAL_ERROR "Cannot find proper types to use for send args")
-  ENDIF("${curl_cv_func_send_args}" STREQUAL "unknown")
-  SET(SEND_QUAL_ARG2 "const")
-ELSE(curl_cv_send)
-  MESSAGE(FATAL_ERROR "Unable to link function send")
-ENDIF(curl_cv_send)
-SET(curl_cv_func_send_args "${curl_cv_func_send_args}" CACHE INTERNAL "Arguments for send")
-SET(HAVE_SEND 1)
-
-SET(EXTRA_DEFINES "${EXTRA_DEFINES}\n${headers_hack}\n#define __unused5")
-CURL_CHECK_C_SOURCE_COMPILES("int flag = MSG_NOSIGNAL" HAVE_MSG_NOSIGNAL)
-
-SET(EXTRA_DEFINES "__unused1\n#undef inline\n#define __unused2")
-SET(HEADER_INCLUDES)
-SET(headers_hack)
-
-MACRO(add_header_include check header)
-  IF(${check})
-    SET(headers_hack
+  endif(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown")
+
+  if("${curl_cv_func_send_args}" STREQUAL "unknown")
+    message(FATAL_ERROR "Cannot find proper types to use for send args")
+  endif("${curl_cv_func_send_args}" STREQUAL "unknown")
+  set(SEND_QUAL_ARG2 "const")
+else(curl_cv_send)
+  message(FATAL_ERROR "Unable to link function send")
+endif(curl_cv_send)
+set(curl_cv_func_send_args "${curl_cv_func_send_args}" CACHE INTERNAL "Arguments for send")
+set(HAVE_SEND 1)
+
+set(EXTRA_DEFINES "${EXTRA_DEFINES}\n${headers_hack}\n#define __unused5")
+curl_check_c_source_compiles("int flag = MSG_NOSIGNAL" HAVE_MSG_NOSIGNAL)
+
+set(EXTRA_DEFINES "__unused1\n#undef inline\n#define __unused2")
+set(HEADER_INCLUDES)
+set(headers_hack)
+
+macro(add_header_include check header)
+  if(${check})
+    set(headers_hack
       "${headers_hack}\n#include <${header}>")
     #SET(HEADER_INCLUDES
     #  ${HEADER_INCLUDES}
     #  "${header}")
-  ENDIF(${check})
-ENDMACRO(add_header_include header)
+  endif(${check})
+endmacro(add_header_include header)
 
-IF(HAVE_WINDOWS_H)
-  SET(EXTRA_DEFINES ${EXTRA_DEFINES}
+if(HAVE_WINDOWS_H)
+  set(EXTRA_DEFINES ${EXTRA_DEFINES}
     "__unused7\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif\n#define __unused3")
   add_header_include(HAVE_WINDOWS_H "windows.h")
   add_header_include(HAVE_WINSOCK2_H "winsock2.h")
   add_header_include(HAVE_WINSOCK_H "winsock.h")
-ELSE(HAVE_WINDOWS_H)
+else(HAVE_WINDOWS_H)
   add_header_include(HAVE_SYS_TYPES_H "sys/types.h")
   add_header_include(HAVE_SYS_TIME_H "sys/time.h")
   add_header_include(TIME_WITH_SYS_TIME "time.h")
   add_header_include(HAVE_TIME_H "time.h")
-ENDIF(HAVE_WINDOWS_H)
-SET(EXTRA_DEFINES "${EXTRA_DEFINES}\n${headers_hack}\n#define __unused5")
-CURL_CHECK_C_SOURCE_COMPILES("struct timeval ts;\nts.tv_sec  = 0;\nts.tv_usec = 0" HAVE_STRUCT_TIMEVAL)
-
-
-SET(HAVE_SIG_ATOMIC_T 1)
-SET(EXTRA_DEFINES)
-SET(HEADER_INCLUDES)
-IF(HAVE_SIGNAL_H)
-  SET(HEADER_INCLUDES "signal.h")
-  SET(CMAKE_EXTRA_INCLUDE_FILES "signal.h")
-ENDIF(HAVE_SIGNAL_H)
-CHECK_TYPE_SIZE("sig_atomic_t" SIZEOF_SIG_ATOMIC_T)
-IF(HAVE_SIZEOF_SIG_ATOMIC_T)
-  CURL_CHECK_C_SOURCE_COMPILES("static volatile sig_atomic_t dummy = 0" HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
-  IF(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
-    SET(HAVE_SIG_ATOMIC_T_VOLATILE 1)
-  ENDIF(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
-ENDIF(HAVE_SIZEOF_SIG_ATOMIC_T)
-
-SET(CHECK_TYPE_SIZE_PREINCLUDE
+endif(HAVE_WINDOWS_H)
+set(EXTRA_DEFINES "${EXTRA_DEFINES}\n${headers_hack}\n#define __unused5")
+curl_check_c_source_compiles("struct timeval ts;\nts.tv_sec  = 0;\nts.tv_usec = 0" HAVE_STRUCT_TIMEVAL)
+
+
+include(CurlCheckCSourceRuns)
+set(EXTRA_DEFINES)
+set(HEADER_INCLUDES)
+if(HAVE_SYS_POLL_H)
+  set(HEADER_INCLUDES "sys/poll.h")
+endif(HAVE_SYS_POLL_H)
+curl_check_c_source_runs("return poll((void *)0, 0, 10 /*ms*/)" HAVE_POLL_FINE)
+
+set(HAVE_SIG_ATOMIC_T 1)
+set(EXTRA_DEFINES)
+set(HEADER_INCLUDES)
+if(HAVE_SIGNAL_H)
+  set(HEADER_INCLUDES "signal.h")
+  set(CMAKE_EXTRA_INCLUDE_FILES "signal.h")
+endif(HAVE_SIGNAL_H)
+check_type_size("sig_atomic_t" SIZEOF_SIG_ATOMIC_T)
+if(HAVE_SIZEOF_SIG_ATOMIC_T)
+  curl_check_c_source_compiles("static volatile sig_atomic_t dummy = 0" HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
+  if(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
+    set(HAVE_SIG_ATOMIC_T_VOLATILE 1)
+  endif(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
+endif(HAVE_SIZEOF_SIG_ATOMIC_T)
+
+set(CHECK_TYPE_SIZE_PREINCLUDE
   "#undef inline")
 
-IF(HAVE_WINDOWS_H)
-  SET(CHECK_TYPE_SIZE_PREINCLUDE "${CHECK_TYPE_SIZE_PREINCLUDE}
+if(HAVE_WINDOWS_H)
+  set(CHECK_TYPE_SIZE_PREINCLUDE "${CHECK_TYPE_SIZE_PREINCLUDE}
   #ifndef WIN32_LEAN_AND_MEAN
   #define WIN32_LEAN_AND_MEAN
   #endif
   #include <windows.h>")
-  IF(HAVE_WINSOCK2_H)
-    SET(CHECK_TYPE_SIZE_PREINCLUDE "${CHECK_TYPE_SIZE_PREINCLUDE}\n#include <winsock2.h>")
-  ENDIF(HAVE_WINSOCK2_H)
-ELSE(HAVE_WINDOWS_H)
-  IF(HAVE_SYS_SOCKET_H)
-    SET(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES}
+  if(HAVE_WINSOCK2_H)
+    set(CHECK_TYPE_SIZE_PREINCLUDE "${CHECK_TYPE_SIZE_PREINCLUDE}\n#include <winsock2.h>")
+  endif(HAVE_WINSOCK2_H)
+else(HAVE_WINDOWS_H)
+  if(HAVE_SYS_SOCKET_H)
+    set(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES}
       "sys/socket.h")
-  ENDIF(HAVE_SYS_SOCKET_H)
-  IF(HAVE_NETINET_IN_H)
-    SET(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES}
+  endif(HAVE_SYS_SOCKET_H)
+  if(HAVE_NETINET_IN_H)
+    set(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES}
       "netinet/in.h")
-  ENDIF(HAVE_NETINET_IN_H)
-  IF(HAVE_ARPA_INET_H)
-    SET(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES}
+  endif(HAVE_NETINET_IN_H)
+  if(HAVE_ARPA_INET_H)
+    set(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES}
       "arpa/inet.h")
-  ENDIF(HAVE_ARPA_INET_H)
-ENDIF(HAVE_WINDOWS_H)
+  endif(HAVE_ARPA_INET_H)
+endif(HAVE_WINDOWS_H)
 
-CHECK_TYPE_SIZE("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE)
-IF(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE)
-  SET(HAVE_STRUCT_SOCKADDR_STORAGE 1)
-ENDIF(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE)
+check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE)
+if(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE)
+  set(HAVE_STRUCT_SOCKADDR_STORAGE 1)
+endif(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE)
 
diff --git a/Utilities/cmcurl/CMake/Platforms/WindowsCache.cmake b/Utilities/cmcurl/CMake/Platforms/WindowsCache.cmake
new file mode 100644
index 0000000..0e26a17
--- /dev/null
+++ b/Utilities/cmcurl/CMake/Platforms/WindowsCache.cmake
@@ -0,0 +1,122 @@
+if(NOT UNIX)
+  if(WIN32)
+    set(HAVE_LIBDL 0)
+    set(HAVE_LIBUCB 0)
+    set(HAVE_LIBSOCKET 0)
+    set(NOT_NEED_LIBNSL 0)
+    set(HAVE_LIBNSL 0)
+    set(HAVE_LIBZ 0)
+    set(HAVE_LIBCRYPTO 0)
+
+    set(HAVE_DLOPEN 0)
+
+    set(HAVE_ALLOCA_H 0)
+    set(HAVE_ARPA_INET_H 0)
+    set(HAVE_DLFCN_H 0)
+    set(HAVE_FCNTL_H 1)
+    set(HAVE_FEATURES_H 0)
+    set(HAVE_INTTYPES_H 0)
+    set(HAVE_IO_H 1)
+    set(HAVE_MALLOC_H 1)
+    set(HAVE_MEMORY_H 1)
+    set(HAVE_NETDB_H 0)
+    set(HAVE_NETINET_IF_ETHER_H 0)
+    set(HAVE_NETINET_IN_H 0)
+    set(HAVE_NET_IF_H 0)
+    set(HAVE_PROCESS_H 1)
+    set(HAVE_PWD_H 0)
+    set(HAVE_SETJMP_H 1)
+    set(HAVE_SGTTY_H 0)
+    set(HAVE_SIGNAL_H 1)
+    set(HAVE_SOCKIO_H 0)
+    set(HAVE_STDINT_H 0)
+    set(HAVE_STDLIB_H 1)
+    set(HAVE_STRINGS_H 0)
+    set(HAVE_STRING_H 1)
+    set(HAVE_SYS_PARAM_H 0)
+    set(HAVE_SYS_POLL_H 0)
+    set(HAVE_SYS_SELECT_H 0)
+    set(HAVE_SYS_SOCKET_H 0)
+    set(HAVE_SYS_SOCKIO_H 0)
+    set(HAVE_SYS_STAT_H 1)
+    set(HAVE_SYS_TIME_H 0)
+    set(HAVE_SYS_TYPES_H 1)
+    set(HAVE_SYS_UTIME_H 1)
+    set(HAVE_TERMIOS_H 0)
+    set(HAVE_TERMIO_H 0)
+    set(HAVE_TIME_H 1)
+    set(HAVE_UNISTD_H 0)
+    set(HAVE_UTIME_H 0)
+    set(HAVE_X509_H 0)
+    set(HAVE_ZLIB_H 0)
+
+    set(HAVE_SOCKET 1)
+    set(HAVE_POLL 0)
+    set(HAVE_SELECT 1)
+    set(HAVE_STRDUP 1)
+    set(HAVE_STRSTR 1)
+    set(HAVE_STRTOK_R 0)
+    set(HAVE_STRFTIME 1)
+    set(HAVE_UNAME 0)
+    set(HAVE_STRCASECMP 0)
+    set(HAVE_STRICMP 1)
+    set(HAVE_STRCMPI 1)
+    set(HAVE_GETHOSTBYADDR 1)
+    set(HAVE_GETTIMEOFDAY 0)
+    set(HAVE_INET_ADDR 1)
+    set(HAVE_INET_NTOA 1)
+    set(HAVE_INET_NTOA_R 0)
+    set(HAVE_TCGETATTR 0)
+    set(HAVE_TCSETATTR 0)
+    set(HAVE_PERROR 1)
+    set(HAVE_CLOSESOCKET 1)
+    set(HAVE_SETVBUF 0)
+    set(HAVE_SIGSETJMP 0)
+    set(HAVE_GETPASS_R 0)
+    set(HAVE_STRLCAT 0)
+    set(HAVE_GETPWUID 0)
+    set(HAVE_GETEUID 0)
+    set(HAVE_UTIME 1)
+    set(HAVE_RAND_EGD 0)
+    set(HAVE_RAND_SCREEN 0)
+    set(HAVE_RAND_STATUS 0)
+    set(HAVE_GMTIME_R 0)
+    set(HAVE_LOCALTIME_R 0)
+    set(HAVE_GETHOSTBYADDR_R 0)
+    set(HAVE_GETHOSTBYNAME_R 0)
+    set(HAVE_SIGNAL_FUNC 1)
+    set(HAVE_SIGNAL_MACRO 0)
+
+    set(HAVE_GETHOSTBYADDR_R_5 0)
+    set(HAVE_GETHOSTBYADDR_R_5_REENTRANT 0)
+    set(HAVE_GETHOSTBYADDR_R_7 0)
+    set(HAVE_GETHOSTBYADDR_R_7_REENTRANT 0)
+    set(HAVE_GETHOSTBYADDR_R_8 0)
+    set(HAVE_GETHOSTBYADDR_R_8_REENTRANT 0)
+    set(HAVE_GETHOSTBYNAME_R_3 0)
+    set(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0)
+    set(HAVE_GETHOSTBYNAME_R_5 0)
+    set(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0)
+    set(HAVE_GETHOSTBYNAME_R_6 0)
+    set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0)
+
+    set(TIME_WITH_SYS_TIME 0)
+    set(HAVE_O_NONBLOCK 0)
+    set(HAVE_IN_ADDR_T 0)
+    set(HAVE_INET_NTOA_R_DECL 0)
+    set(HAVE_INET_NTOA_R_DECL_REENTRANT 0)
+    if(ENABLE_IPV6)
+      set(HAVE_GETADDRINFO 1)
+    else()
+      set(HAVE_GETADDRINFO 0)
+    endif()
+    set(STDC_HEADERS 1)
+    set(RETSIGTYPE_TEST 1)
+
+    set(HAVE_SIGACTION 0)
+    set(HAVE_MACRO_SIGSETJMP 0)
+  else(WIN32)
+    message("This file should be included on Windows platform only")
+  endif(WIN32)
+endif(NOT UNIX)
+
diff --git a/Utilities/cmcurl/CMake/Utilities.cmake b/Utilities/cmcurl/CMake/Utilities.cmake
new file mode 100644
index 0000000..37cdfe3
--- /dev/null
+++ b/Utilities/cmcurl/CMake/Utilities.cmake
@@ -0,0 +1,31 @@
+# File containing various utilities
+
+# Converts a CMake list to a string containing elements separated by spaces
+function(TO_LIST_SPACES _LIST_NAME OUTPUT_VAR)
+  set(NEW_LIST_SPACE)
+  foreach(ITEM ${${_LIST_NAME}})
+    set(NEW_LIST_SPACE "${NEW_LIST_SPACE} ${ITEM}")
+  endforeach()
+  string(STRIP ${NEW_LIST_SPACE} NEW_LIST_SPACE)
+  set(${OUTPUT_VAR} "${NEW_LIST_SPACE}" PARENT_SCOPE)
+endfunction()
+
+# Appends a lis of item to a string which is a space-separated list, if they don't already exist.
+function(LIST_SPACES_APPEND_ONCE LIST_NAME)
+  string(REPLACE " " ";" _LIST ${${LIST_NAME}})
+  list(APPEND _LIST ${ARGN})
+  list(REMOVE_DUPLICATES _LIST)
+  to_list_spaces(_LIST NEW_LIST_SPACE)
+  set(${LIST_NAME} "${NEW_LIST_SPACE}" PARENT_SCOPE)
+endfunction()
+
+# Convinience function that does the same as LIST(FIND ...) but with a TRUE/FALSE return value.
+# Ex: IN_STR_LIST(MY_LIST "Searched item" WAS_FOUND)
+function(IN_STR_LIST LIST_NAME ITEM_SEARCHED RETVAL)
+  list(FIND ${LIST_NAME} ${ITEM_SEARCHED} FIND_POS)
+  if(${FIND_POS} EQUAL -1)
+    set(${RETVAL} FALSE PARENT_SCOPE)
+  else()
+    set(${RETVAL} TRUE PARENT_SCOPE)
+  endif()
+endfunction()
diff --git a/Utilities/cmcurl/CMakeLists.txt b/Utilities/cmcurl/CMakeLists.txt
index 03f10a0..eaf276b 100644
--- a/Utilities/cmcurl/CMakeLists.txt
+++ b/Utilities/cmcurl/CMakeLists.txt
@@ -1,557 +1,733 @@
-CMAKE_MINIMUM_REQUIRED(VERSION 2.6.3 FATAL_ERROR)
-IF(POLICY CMP0025)
-  CMAKE_POLICY(SET CMP0025 NEW)
-ENDIF()
-PROJECT(LIBCURL C)
+# Set curl options as needed for CMake build
+set(BUILD_CURL_EXE OFF CACHE INTERNAL "No curl exe")
+set(BUILD_CURL_TESTS OFF CACHE INTERNAL "No curl tests")
+set(BUILD_DASHBOARD_REPORTS OFF CACHE INTERNAL "No curl dashboard reports")
+set(BUILD_RELEASE_DEBUG_DIRS OFF CACHE INTERNAL "No curl release/debug dirs")
+set(CMAKE_USE_LIBSSH2 OFF CACHE INTERNAL "Disable curl libssh2")
+set(CMAKE_USE_OPENLDAP OFF CACHE INTERNAL "No curl OpenLDAP")
+set(CURL_DISABLE_COOKIES OFF CACHE INTERNAL "Do not disable curl cookie support")
+set(CURL_DISABLE_CRYPTO_AUTH OFF CACHE INTERNAL "Do not disable curl crypto auth")
+set(CURL_DISABLE_DICT ON CACHE INTERNAL "Disable curl dict protocol?")
+set(CURL_DISABLE_FILE OFF CACHE INTERNAL "Disable curl file protocol?")
+set(CURL_DISABLE_FTP OFF CACHE INTERNAL "Disable curl ftp protocol?")
+set(CURL_DISABLE_GOPHER ON CACHE INTERNAL "Disable curl gopher protocol?")
+set(CURL_DISABLE_HTTP OFF CACHE INTERNAL "Disable curl http protocol?")
+set(CURL_DISABLE_IMAP ON CACHE INTERNAL "Disable curl imap protocol?")
+set(CURL_DISABLE_LDAP ON CACHE INTERNAL "Disable curl ldap protocol?")
+set(CURL_DISABLE_LDAPS ON CACHE INTERNAL "Disable curl ldaps protocol?")
+set(CURL_DISABLE_POP3 ON CACHE INTERNAL "Disable curl pop3 protocol?")
+set(CURL_DISABLE_RTSP ON CACHE INTERNAL "Disable curl rtsp protocol?")
+set(CURL_DISABLE_SMTP ON CACHE INTERNAL "Disable curl smtp protocol?")
+set(CURL_DISABLE_TELNET ON CACHE INTERNAL "Disable curl telnet protocol?")
+set(CURL_DISABLE_TFTP ON CACHE INTERNAL "Disable curl tftp protocol?")
+set(CURL_DISABLE_VERBOSE_STRING OFF CACHE INTERNAL "Do not disable curl verbosity")
+set(CURL_HIDDEN_SYMBOLS OFF CACHE INTERNAL "No curl hidden symbols")
+set(CURL_LDAP_WIN OFF CACHE INTERNAL "No curl Windows LDAP")
+set(CURL_STATICLIB ON CACHE INTERNAL "Static curl")
+set(CURL_USE_ARES OFF CACHE INTERNAL "No curl c-ares support")
+set(DISABLED_THREADSAFE OFF CACHE INTERNAL "Curl can use thread-safe functions")
+set(ENABLE_IPV6 OFF CACHE INTERNAL "Curl IPv6 support")
+set(HTTP_ONLY OFF CACHE INTERNAL "Curl is not http-only")
+
+# Windows Vista and above have inet_pton, but this will link on
+# older versions and then the executable will fail to launch at
+# runtime on older versions because no DLL provides the symbol.
+if(WIN32)
+  set(HAVE_INET_PTON 0 CACHE INTERNAL "Do not use inet_pton")
+endif()
+
+# Disable warnings to avoid changing 3rd party code.
+if(CMAKE_C_COMPILER_ID MATCHES
+    "^(GNU|Clang|AppleClang|XL|VisualAge|SunPro|MIPSpro|HP|Intel)$")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w")
+elseif(CMAKE_C_COMPILER_ID STREQUAL "PathScale")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -woffall")
+endif()
+
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+# cURL/libcurl CMake script
+# by Tetetest and Sukender (Benoit Neil)
+
+# TODO:
+# The output .so file lacks the soname number which we currently have within the lib/Makefile.am file
+# Add full (4 or 5 libs) SSL support
+# Add INSTALL target (EXTRA_DIST variables in Makefile.am may be moved to Makefile.inc so that CMake/CPack is aware of what's to include).
+# Add CTests(?)
+# Check on all possible platforms
+# Test with as many configurations possible (With or without any option)
+# Create scripts that help keeping the CMake build system up to date (to reduce maintenance). According to Tetetest:
+#  - lists of headers that 'configure' checks for;
+#  - curl-specific tests (the ones that are in m4/curl-*.m4 files);
+#  - (most obvious thing:) curl version numbers.
+# Add documentation subproject
+#
+# To check:
+# (From Daniel Stenberg) The cmake build selected to run gcc with -fPIC on my box while the plain configure script did not.
+# (From Daniel Stenberg) The gcc command line use neither -g nor any -O options. As a developer, I also treasure our configure scripts's --enable-debug option that sets a long range of "picky" compiler options.
+cmake_minimum_required(VERSION 2.8 FATAL_ERROR)
+set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
+include(Utilities)
+include(Macros)
+
+project( CURL C )
+
+if(0) # This code not needed for building within CMake.
+message(WARNING "the curl cmake build system is poorly maintained. Be aware")
+endif()
+
+file (READ ${CURL_SOURCE_DIR}/include/curl/curlver.h CURL_VERSION_H_CONTENTS)
+string (REGEX MATCH "LIBCURL_VERSION_MAJOR[ \t]+([0-9]+)"
+  LIBCURL_VERSION_MJ ${CURL_VERSION_H_CONTENTS})
+string (REGEX MATCH "([0-9]+)"
+  LIBCURL_VERSION_MJ ${LIBCURL_VERSION_MJ})
+string (REGEX MATCH
+  "LIBCURL_VERSION_MINOR[ \t]+([0-9]+)"
+  LIBCURL_VERSION_MI ${CURL_VERSION_H_CONTENTS})
+string (REGEX MATCH "([0-9]+)" LIBCURL_VERSION_MI ${LIBCURL_VERSION_MI})
+string (REGEX MATCH
+  "LIBCURL_VERSION_PATCH[ \t]+([0-9]+)"
+  LIBCURL_VERSION_PT ${CURL_VERSION_H_CONTENTS})
+string (REGEX MATCH "([0-9]+)" LIBCURL_VERSION_PT ${LIBCURL_VERSION_PT})
+set (CURL_MAJOR_VERSION ${LIBCURL_VERSION_MJ})
+set (CURL_MINOR_VERSION ${LIBCURL_VERSION_MI})
+set (CURL_PATCH_VERSION ${LIBCURL_VERSION_PT})
+
+include_regular_expression("^.*$")    # Sukender: Is it necessary?
 
 # Setup package meta-data
-SET(PACKAGE "curl")
-SET(VERSION "7.16.1")
-SET(PACKAGE_TARNAME "curl")
-SET(PACKAGE_BUGREPORT " ")
-SET(PACKAGE_NAME "curl")
-SET(PACKAGE_VERSION "-")
-SET(PACKAGE_STRING "curl-")
-SET(PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/")
-SET(OPERATING_SYSTEM "${CMAKE_SYSTEM_NAME}")
+# SET(PACKAGE "curl")
+set(CURL_VERSION ${CURL_MAJOR_VERSION}.${CURL_MINOR_VERSION}.${CURL_PATCH_VERSION})
+if(0) # This code not needed for building within CMake.
+message(STATUS "curl version=[${CURL_VERSION}]")
+endif()
+# SET(PACKAGE_TARNAME "curl")
+# SET(PACKAGE_NAME "curl")
+# SET(PACKAGE_VERSION "-")
+# SET(PACKAGE_STRING "curl-")
+# SET(PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/")
+set(OPERATING_SYSTEM "${CMAKE_SYSTEM_NAME}")
+set(OS "\"${CMAKE_SYSTEM_NAME}\"")
+
+include_directories(${PROJECT_BINARY_DIR}/include/curl)
+include_directories( ${CURL_SOURCE_DIR}/include )
+
+option(BUILD_CURL_EXE "Set to ON to build cURL executable." ON)
+option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON)
+option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
+option(CURL_USE_ARES "Set to ON to enable c-ares support" OFF)
+# initialize CURL_LIBS
+set(CURL_LIBS "")
+
+if(CURL_USE_ARES)
+  set(USE_ARES ${CURL_USE_ARES})
+  find_package(CARES REQUIRED)
+  list(APPEND CURL_LIBS ${CARES_LIBRARY} )
+  set(CURL_LIBS ${CURL_LIBS} ${CARES_LIBRARY})
+endif()
+
+option(BUILD_DASHBOARD_REPORTS "Set to ON to activate reporting of cURL builds here http://www.cdash.org/CDashPublic/index.php?project=CURL" OFF)
+if(BUILD_DASHBOARD_REPORTS)
+  #INCLUDE(Dart)
+  include(CTest)
+endif(BUILD_DASHBOARD_REPORTS)
+
+if(MSVC)
+  option(BUILD_RELEASE_DEBUG_DIRS "Set OFF to build each configuration to a separate directory" OFF)
+  mark_as_advanced(BUILD_RELEASE_DEBUG_DIRS)
+endif()
+
+option(CURL_HIDDEN_SYMBOLS "Set to ON to hide libcurl internal symbols (=hide all symbols that aren't officially external)." ON)
+mark_as_advanced(CURL_HIDDEN_SYMBOLS)
+
+# IF(WIN32)
+# OPTION(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON)
+# MARK_AS_ADVANCED(CURL_WINDOWS_SSPI)
+# ENDIF()
+
+option(HTTP_ONLY "disables all protocols except HTTP (This overrides all CURL_DISABLE_* options)" OFF)
+mark_as_advanced(HTTP_ONLY)
+option(CURL_DISABLE_FTP "disables FTP" OFF)
+mark_as_advanced(CURL_DISABLE_FTP)
+option(CURL_DISABLE_LDAP "disables LDAP" OFF)
+mark_as_advanced(CURL_DISABLE_LDAP)
+option(CURL_DISABLE_TELNET "disables Telnet" OFF)
+mark_as_advanced(CURL_DISABLE_TELNET)
+option(CURL_DISABLE_DICT "disables DICT" OFF)
+mark_as_advanced(CURL_DISABLE_DICT)
+option(CURL_DISABLE_FILE "disables FILE" OFF)
+mark_as_advanced(CURL_DISABLE_FILE)
+option(CURL_DISABLE_TFTP "disables TFTP" OFF)
+mark_as_advanced(CURL_DISABLE_TFTP)
+option(CURL_DISABLE_HTTP "disables HTTP" OFF)
+mark_as_advanced(CURL_DISABLE_HTTP)
+
+option(CURL_DISABLE_LDAPS "to disable LDAPS" OFF)
+mark_as_advanced(CURL_DISABLE_LDAPS)
+
+option(CURL_DISABLE_RTSP "to disable RTSP" OFF)
+mark_as_advanced(CURL_DISABLE_RTSP)
+option(CURL_DISABLE_PROXY "to disable proxy" OFF)
+mark_as_advanced(CURL_DISABLE_PROXY)
+option(CURL_DISABLE_POP3 "to disable POP3" OFF)
+mark_as_advanced(CURL_DISABLE_POP3)
+option(CURL_DISABLE_IMAP "to disable IMAP" OFF)
+mark_as_advanced(CURL_DISABLE_IMAP)
+option(CURL_DISABLE_SMTP "to disable SMTP" OFF)
+mark_as_advanced(CURL_DISABLE_SMTP)
+option(CURL_DISABLE_GOPHER "to disable Gopher" OFF)
+mark_as_advanced(CURL_DISABLE_GOPHER)
+
+if(HTTP_ONLY)
+  set(CURL_DISABLE_FTP ON)
+  set(CURL_DISABLE_LDAP ON)
+  set(CURL_DISABLE_LDAPS ON)
+  set(CURL_DISABLE_TELNET ON)
+  set(CURL_DISABLE_DICT ON)
+  set(CURL_DISABLE_FILE ON)
+  set(CURL_DISABLE_TFTP ON)
+  set(CURL_DISABLE_RTSP ON)
+  set(CURL_DISABLE_POP3 ON)
+  set(CURL_DISABLE_IMAP ON)
+  set(CURL_DISABLE_SMTP ON)
+  set(CURL_DISABLE_GOPHER ON)
+endif()
+
+option(CURL_DISABLE_COOKIES "to disable cookies support" OFF)
+mark_as_advanced(CURL_DISABLE_COOKIES)
+
+option(CURL_DISABLE_CRYPTO_AUTH "to disable cryptographic authentication" OFF)
+mark_as_advanced(CURL_DISABLE_CRYPTO_AUTH)
+option(CURL_DISABLE_VERBOSE_STRINGS "to disable verbose strings" OFF)
+mark_as_advanced(CURL_DISABLE_VERBOSE_STRINGS)
+option(DISABLED_THREADSAFE "Set to explicitly specify we don't want to use thread-safe functions" OFF)
+mark_as_advanced(DISABLED_THREADSAFE)
+option(ENABLE_IPV6 "Define if you want to enable IPv6 support" OFF)
+mark_as_advanced(ENABLE_IPV6)
+
 
 # We need ansi c-flags, especially on HP
-SET(CMAKE_C_FLAGS "${CMAKE_ANSI_CFLAGS} ${CMAKE_C_FLAGS}")
-SET(CMAKE_REQUIRED_FLAGS ${CMAKE_ANSI_CFLAGS})
+set(CMAKE_C_FLAGS "${CMAKE_ANSI_CFLAGS} ${CMAKE_C_FLAGS}")
+set(CMAKE_REQUIRED_FLAGS ${CMAKE_ANSI_CFLAGS})
 
 # Disable warnings on Borland to avoid changing 3rd party code.
-IF(BORLAND)
-  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w-")
-ENDIF(BORLAND)
+if(BORLAND)
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w-")
+endif(BORLAND)
 
 # If we are on AIX, do the _ALL_SOURCE magic
-IF(${CMAKE_SYSTEM_NAME} MATCHES AIX)
-  SET(_ALL_SOURCE 1)
-ENDIF(${CMAKE_SYSTEM_NAME} MATCHES AIX)
+if(${CMAKE_SYSTEM_NAME} MATCHES AIX)
+  set(_ALL_SOURCE 1)
+endif(${CMAKE_SYSTEM_NAME} MATCHES AIX)
 
 # Include all the necessary files for macros
-SET(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake")
-INCLUDE (CheckFunctionExists)
-INCLUDE (CheckIncludeFile)
-INCLUDE (CheckIncludeFiles)
-INCLUDE (CheckLibraryExists)
-INCLUDE (CheckSymbolExists)
-INCLUDE (CheckTypeSize)
-
-SET(libCurl_SRCS
-  #  amigaos.c - does not build on AmigaOS
-  base64.c
-  connect.c
-  content_encoding.c
-  cookie.c
-  dict.c
-  easy.c
-  escape.c
-  file.c
-  formdata.c
-  ftp.c
-  getenv.c
-  getinfo.c
-  gtls.c
-  hash.c
-  hostares.c
-  hostasyn.c
-  hostip4.c
-  hostip6.c
-  hostip.c
-  hostsyn.c
-  hostthre.c
-  http.c
-  http_chunks.c
-  http_digest.c
-  http_negotiate.c
-  http_ntlm.c
-  if2ip.c
-  inet_ntop.c
-  inet_pton.c
-  krb4.c
-  ldap.c
-  llist.c
-  md5.c
-#  memdebug.c -not used
-  mprintf.c
-  multi.c
-  netrc.c
-  # nwlib.c - Not used
-  parsedate.c
-  progress.c
-  security.c
-  select.c
-  sendf.c
-  share.c
-  socks.c
-  speedcheck.c
-  splay.c
-  ssh.c
-  sslgen.c
-  ssluse.c
-  strdup.c
-  strequal.c
-  strerror.c
-  # strtok.c - specify later
-  # strtoofft.c - specify later
-  telnet.c
-  tftp.c
-  timeval.c
-  transfer.c
-  url.c
-  version.c
-  )
-
-SET(CURL_DISABLE_LDAP 1)
-IF(NOT CURL_DISABLE_LDAP)
-  SET(libCurl_SRCS
-    ${libCurl_SRCS}
-    ldap.c
-    )
-ENDIF(NOT CURL_DISABLE_LDAP)
-
-# if we have Kerberos 4, right now this is never on
-#OPTION(CURL_KRB4 "Use Kerberos 4" OFF)
-IF(CURL_KRB4)
-  SET(libCurl_SRCS ${libCurl_SRCS}
-    krb4.c
-    security.c
-    )
-ENDIF(CURL_KRB4)
-
-#OPTION(CURL_MALLOC_DEBUG "Debug mallocs in Curl" OFF)
-MARK_AS_ADVANCED(CURL_MALLOC_DEBUG)
-IF(CURL_MALLOC_DEBUG)
-  SET(libCurl_SRCS ${libCurl_SRCS}
-    memdebug.c
-    )
-ENDIF(CURL_MALLOC_DEBUG)
+include (CheckFunctionExists)
+include (CheckIncludeFile)
+include (CheckIncludeFiles)
+include (CheckLibraryExists)
+include (CheckSymbolExists)
+include (CheckTypeSize)
+include (CheckCSourceCompiles)
 
 # On windows preload settings
-IF(WIN32 AND NOT MINGW)
-  INCLUDE(${LIBCURL_SOURCE_DIR}/Platforms/WindowsCache.cmake)
-ENDIF()
-
-# This macro checks if the symbol exists in the library and if it
-# does, it appends library to the list.
-SET(CURL_LIBS "")
-MACRO(CHECK_LIBRARY_EXISTS_CONCAT LIBRARY SYMBOL VARIABLE)
-  CHECK_LIBRARY_EXISTS("${LIBRARY};${CURL_LIBS}" ${SYMBOL} ""
-    ${VARIABLE})
-  IF(${VARIABLE})
-    SET(CURL_LIBS ${CURL_LIBS} ${LIBRARY})
-  ENDIF(${VARIABLE})
-ENDMACRO(CHECK_LIBRARY_EXISTS_CONCAT)
+if(WIN32)
+  include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake)
+endif(WIN32)
 
 # Check for all needed libraries
-# use the cmake defined dl libs as dl is should not be used
-# on HPUX, but rather dld this avoids a warning
-SET(CURL_LIBS ${CURL_LIBS} ${CMAKE_DL_LIBS})
-#CHECK_LIBRARY_EXISTS_CONCAT("dl"     dlopen       HAVE_LIBDL)
-#CHECK_LIBRARY_EXISTS_CONCAT("ucb"    gethostname  HAVE_LIBUCB)
-CHECK_LIBRARY_EXISTS_CONCAT("socket" connect      HAVE_LIBSOCKET)
-CHECK_LIBRARY_EXISTS("c" gethostbyname "" NOT_NEED_LIBNSL)
+if(0) # This code not needed for building within CMake.
+check_library_exists_concat("dl"     dlopen       HAVE_LIBDL)
+else()
+  # Use the cmake-defined dl libs as dl is should not be used
+  # on HPUX, but rather dld this avoids a warning
+  list(APPEND CURL_LIBS ${CMAKE_DL_LIBS})
+endif()
+check_library_exists_concat("socket" connect      HAVE_LIBSOCKET)
+check_library_exists("c" gethostbyname "" NOT_NEED_LIBNSL)
 
 # Yellowtab Zeta needs different libraries than BeOS 5.
-IF(BEOS)
-  SET(NOT_NEED_LIBNSL 1)
-  CHECK_LIBRARY_EXISTS_CONCAT("bind" gethostbyname HAVE_LIBBIND)
-  CHECK_LIBRARY_EXISTS_CONCAT("bnetapi" closesocket HAVE_LIBBNETAPI)
-ENDIF(BEOS)
-
-CHECK_LIBRARY_EXISTS_CONCAT("network" recv HAVE_LIBNETWORK)
-
-IF(NOT NOT_NEED_LIBNSL)
-  CHECK_LIBRARY_EXISTS_CONCAT("nsl"    gethostbyname  HAVE_LIBNSL)
-ENDIF(NOT NOT_NEED_LIBNSL)
-
-CHECK_LIBRARY_EXISTS_CONCAT("ws2_32" getch        HAVE_LIBWS2_32)
-CHECK_LIBRARY_EXISTS_CONCAT("winmm"  getch        HAVE_LIBWINMM)
-IF(NOT CURL_SPECIAL_LIBZ)
-  CHECK_LIBRARY_EXISTS_CONCAT("z"      inflateEnd   HAVE_LIBZ)
-ENDIF(NOT CURL_SPECIAL_LIBZ)
-
-# Include the local directories before any others so that we do not end up
-# including system curl's include directory first by mistake.
-INCLUDE_DIRECTORIES(${LIBCURL_SOURCE_DIR})
-INCLUDE_DIRECTORIES(${LIBCURL_BINARY_DIR})
-
-OPTION(CMAKE_USE_OPENSSL "Use OpenSSL code with curl." OFF)
-MARK_AS_ADVANCED(CMAKE_USE_OPENSSL)
-IF(CMAKE_USE_OPENSSL)
-  SET(USE_SSLEAY TRUE)
-  SET(USE_OPENSSL TRUE)
-  FIND_PACKAGE(OpenSSL REQUIRED)
-  INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
-  SET(CURL_LIBS  ${CURL_LIBS} ${OPENSSL_LIBRARIES})
-  SET(CURL_CA_BUNDLE "" CACHE FILEPATH "Path to SSL CA Certificate Bundle")
-  MARK_AS_ADVANCED(CURL_CA_BUNDLE)
-  IF(CURL_CA_BUNDLE)
-    ADD_DEFINITIONS(-DCURL_CA_BUNDLE="${CURL_CA_BUNDLE}")
-  ENDIF(CURL_CA_BUNDLE)
-  # for windows we want to install OPENSSL_LIBRARIES dlls
-  # and also copy them into the build tree so that testing
-  # can find them.
-  IF(WIN32)
-    FIND_FILE(CMAKE_EAY_DLL NAME libeay32.dll HINTS ${OPENSSL_INCLUDE_DIR}/..)
-    FIND_FILE(CMAKE_SSL_DLL NAME ssleay32.dll HINTS ${OPENSSL_INCLUDE_DIR}/..)
-    MARK_AS_ADVANCED(CMAKE_EAY_DLL CMAKE_SSL_DLL)
-    IF(CMAKE_SSL_DLL AND CMAKE_EAY_DLL)
-      SET(CMAKE_CURL_SSL_DLLS ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/libeay32.dll
-        ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/ssleay32.dll)
-      ADD_CUSTOM_COMMAND(OUTPUT
-        ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/libeay32.dll
-        DEPENDS ${CMAKE_EAY_DLL}
-        COMMAND ${CMAKE_COMMAND} -E copy  ${CMAKE_EAY_DLL}
-        ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/libeay32.dll)
-      ADD_CUSTOM_COMMAND(OUTPUT
-        ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/ssleay32.dll
-        DEPENDS ${CMAKE_SSL_DLL}
-        COMMAND ${CMAKE_COMMAND} -E copy  ${CMAKE_SSL_DLL}
-        ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/ssleay32.dll)
-      INSTALL(PROGRAMS ${CMAKE_EAY_DLL} ${CMAKE_SSL_DLL} DESTINATION bin)
-    ENDIF()
-  ENDIF()
-ENDIF(CMAKE_USE_OPENSSL)
+if(BEOS)
+  set(NOT_NEED_LIBNSL 1)
+  check_library_exists_concat("bind" gethostbyname HAVE_LIBBIND)
+  check_library_exists_concat("bnetapi" closesocket HAVE_LIBBNETAPI)
+endif(BEOS)
+
+check_library_exists_concat("network" recv HAVE_LIBNETWORK)
+
+if(NOT NOT_NEED_LIBNSL)
+  check_library_exists_concat("nsl"    gethostbyname  HAVE_LIBNSL)
+endif(NOT NOT_NEED_LIBNSL)
+
+if(WIN32)
+  check_library_exists_concat("ws2_32" getch        HAVE_LIBWS2_32)
+  check_library_exists_concat("winmm"  getch        HAVE_LIBWINMM)
+endif()
+
+if(NOT CURL_DISABLE_LDAP)
+
+  if(WIN32)
+    option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON)
+    if(CURL_LDAP_WIN)
+      check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32)
+      if(NOT HAVE_WLDAP32)
+        set(CURL_LDAP_WIN OFF)
+      endif()
+    endif()
+  endif()
+
+  option(CMAKE_USE_OPENLDAP "Use OpenLDAP code." OFF)
+  mark_as_advanced(CMAKE_USE_OPENLDAP)
+  set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library")
+  set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library")
+
+  if(CMAKE_USE_OPENLDAP AND CURL_LDAP_WIN)
+    message(FATAL_ERROR "Cannot use CURL_LDAP_WIN and CMAKE_USE_OPENLDAP at the same time")
+  endif()
+  
+  # Now that we know, we're not using windows LDAP...
+  if(NOT CURL_LDAP_WIN)
+    # Check for LDAP
+    check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP)
+    check_library_exists_concat(${CMAKE_LBER_LIB} ber_init HAVE_LIBLBER)
+  else()
+    check_include_file_concat("winldap.h" HAVE_WINLDAP_H)
+    check_include_file_concat("winber.h"  HAVE_WINBER_H)
+  endif()
+  
+  set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory")
+  if(CMAKE_LDAP_INCLUDE_DIR)
+    set(CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR})
+  endif()
+  check_include_file_concat("ldap.h"           HAVE_LDAP_H)
+  check_include_file_concat("lber.h"           HAVE_LBER_H)
+
+  if(NOT HAVE_LDAP_H)
+    message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON")
+    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
+  elseif(NOT HAVE_LIBLDAP)
+    message(STATUS "LDAP library '${CMAKE_LDAP_LIB}' not found CURL_DISABLE_LDAP set ON")
+    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
+  else()
+    if(CMAKE_USE_OPENLDAP)
+      set(USE_OPENLDAP ON)
+    endif()
+    if(CMAKE_LDAP_INCLUDE_DIR)
+      include_directories(${CMAKE_LDAP_INCLUDE_DIR})
+    endif()
+    set(NEED_LBER_H ON)
+    set(_HEADER_LIST)
+    if(HAVE_WINDOWS_H)
+      list(APPEND _HEADER_LIST "windows.h")
+    endif()
+    if(HAVE_SYS_TYPES_H)
+      list(APPEND _HEADER_LIST "sys/types.h")
+    endif()
+    list(APPEND _HEADER_LIST "ldap.h")
+
+    set(_SRC_STRING "")
+    foreach(_HEADER ${_HEADER_LIST})
+      set(_INCLUDE_STRING "${_INCLUDE_STRING}#include <${_HEADER}>\n")
+    endforeach()
+
+    set(_SRC_STRING
+      "
+      ${_INCLUDE_STRING}
+      int main(int argc, char ** argv)
+      {
+        BerValue *bvp = NULL;
+        BerElement *bep = ber_init(bvp);
+        ber_free(bep, 1);
+        return 0;
+      }"
+    )
+    set(CMAKE_REQUIRED_DEFINITIONS "-DLDAP_DEPRECATED=1" "-DWIN32_LEAN_AND_MEAN")
+    set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB})
+    if(HAVE_LIBLBER)
+      list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB})
+    endif()
+    check_c_source_compiles("${_SRC_STRING}" NOT_NEED_LBER_H)
+
+    if(NOT_NEED_LBER_H)
+      set(NEED_LBER_H OFF)
+    else()
+      set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DNEED_LBER_H")
+    endif()
+  endif()
+
+endif()
+
+# No ldap, no ldaps.
+if(CURL_DISABLE_LDAP)
+  if(NOT CURL_DISABLE_LDAPS)
+    message(STATUS "LDAP needs to be enabled to support LDAPS")
+    set(CURL_DISABLE_LDAPS ON CACHE BOOL "" FORCE)
+  endif()
+endif()
+
+if(NOT CURL_DISABLE_LDAPS)
+  check_include_file_concat("ldap_ssl.h" HAVE_LDAP_SSL_H)
+  check_include_file_concat("ldapssl.h"  HAVE_LDAPSSL_H)
+endif()
 
 # Check for idn
-CHECK_LIBRARY_EXISTS_CONCAT("idn" idna_to_ascii_lz HAVE_LIBIDN)
+check_library_exists_concat("idn" idna_to_ascii_lz HAVE_LIBIDN)
 
 # Check for symbol dlopen (same as HAVE_LIBDL)
-CHECK_LIBRARY_EXISTS("${CURL_LIBS}" dlopen "" HAVE_DLOPEN)
+check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN)
 
 # For other tests to use the same libraries
-SET(CMAKE_REQUIRED_LIBRARIES ${CURL_LIBS})
-
-IF(CURL_SPECIAL_LIBZ)
-  SET(CURL_LIBS ${CURL_LIBS} "${CURL_SPECIAL_LIBZ}")
-  INCLUDE_DIRECTORIES(${CURL_SPECIAL_LIBZ_INCLUDES})
-  SET(HAVE_LIBZ 0)
-  SET(HAVE_ZLIB_H 0)
-ENDIF(CURL_SPECIAL_LIBZ)
-
-# do we have process.h
-CHECK_INCLUDE_FILE("process.h" HAVE_PROCESS_H)
+set(CMAKE_REQUIRED_LIBRARIES ${CURL_LIBS})
+
+if(0) # This code not needed for building within CMake.
+option(CURL_ZLIB "Set to ON to enable building cURL with zlib support." ON)
+set(HAVE_LIBZ OFF)
+set(HAVE_ZLIB_H OFF)
+set(HAVE_ZLIB OFF)
+if(CURL_ZLIB)
+  find_package(ZLIB QUIET)
+  if(ZLIB_FOUND)
+    set(HAVE_ZLIB_H ON)
+    set(HAVE_ZLIB ON)
+    set(HAVE_LIBZ ON)
+    list(APPEND CURL_LIBS ${ZLIB_LIBRARIES})
+  endif()
+endif()
+endif()
+
+#-----------------------------------------------------------------------------
+# CMake-specific curl code.
+
+if(CURL_SPECIAL_LIBZ)
+  set(CURL_LIBS ${CURL_LIBS} "${CURL_SPECIAL_LIBZ}")
+  include_directories(${CURL_SPECIAL_LIBZ_INCLUDES})
+  set(HAVE_LIBZ 0)
+  set(HAVE_ZLIB_H 0)
+endif()
+
+#-----------------------------------------------------------------------------
+
+option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" OFF)
+mark_as_advanced(CMAKE_USE_OPENSSL)
+
+set(USE_SSLEAY OFF)
+set(USE_OPENSSL OFF)
+set(HAVE_LIBCRYPTO OFF)
+set(HAVE_LIBSSL OFF)
+
+if(CMAKE_USE_OPENSSL)
+  find_package(OpenSSL)
+  if(OPENSSL_FOUND)
+    list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
+    set(USE_SSLEAY ON)
+    set(USE_OPENSSL ON)
+    set(HAVE_LIBCRYPTO ON)
+    set(HAVE_LIBSSL ON)
+    include_directories(${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
+    check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
+    check_include_file("openssl/err.h"    HAVE_OPENSSL_ERR_H)
+    check_include_file("openssl/pem.h"    HAVE_OPENSSL_PEM_H)
+    check_include_file("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H)
+    check_include_file("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)
+    check_include_file("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
+    check_include_file("openssl/x509.h"   HAVE_OPENSSL_X509_H)
+    check_include_file("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
+
+    # Optionally build with a specific CA cert bundle.
+    set(CURL_CA_BUNDLE "" CACHE FILEPATH "Path to SSL CA Certificate Bundle")
+    mark_as_advanced(CURL_CA_BUNDLE)
+    if(CURL_CA_BUNDLE)
+      add_definitions(-DCURL_CA_BUNDLE="${CURL_CA_BUNDLE}")
+    endif()
+  endif(OPENSSL_FOUND)
+endif(CMAKE_USE_OPENSSL)
+
+#libSSH2
+option(CMAKE_USE_LIBSSH2 "Use libSSH2" ON)
+mark_as_advanced(CMAKE_USE_LIBSSH2)
+set(USE_LIBSSH2 OFF)
+set(HAVE_LIBSSH2 OFF)
+set(HAVE_LIBSSH2_H OFF)
+
+if(CMAKE_USE_LIBSSH2)
+  find_package(LibSSH2)
+  if(LIBSSH2_FOUND)
+    list(APPEND CURL_LIBS ${LIBSSH2_LIBRARY})
+    set(CMAKE_REQUIRED_LIBRARIES ${LIBSSH2_LIBRARY})
+    set(CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}")
+    set(HAVE_LIBSSH2 ON)
+    set(USE_LIBSSH2 ON)
+
+    # find_package has already found the headers
+    set(HAVE_LIBSSH2_H ON)
+    set(CURL_INCLUDES ${CURL_INCLUDES} "${LIBSSH2_INCLUDE_DIR}/libssh2.h")
+    set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DHAVE_LIBSSH2_H")
+
+    # now check for specific libssh2 symbols as they were added in different versions
+    set(CMAKE_EXTRA_INCLUDE_FILES "libssh2.h")
+    check_function_exists(libssh2_version           HAVE_LIBSSH2_VERSION)
+    check_function_exists(libssh2_init              HAVE_LIBSSH2_INIT)
+    check_function_exists(libssh2_exit              HAVE_LIBSSH2_EXIT)
+    check_function_exists(libssh2_scp_send64        HAVE_LIBSSH2_SCP_SEND64)
+    check_function_exists(libssh2_session_handshake HAVE_LIBSSH2_SESSION_HANDSHAKE)
+    set(CMAKE_EXTRA_INCLUDE_FILES "")
+
+  endif(LIBSSH2_FOUND)
+endif(CMAKE_USE_LIBSSH2)
 
 # If we have features.h, then do the _BSD_SOURCE magic
-CHECK_INCLUDE_FILE("features.h"       HAVE_FEATURES_H)
-IF(HAVE_FEATURES_H)
-  SET_SOURCE_FILES_PROPERTIES(
-    cookie.c
-    easy.c
-    formdata.c
-    getenv.c
-    hash.c
-    http.c
-    if2ip.c
-    mprintf.c
-    multi.c
-    sendf.c
-    telnet.c
-    transfer.c
-    url.c
-    COMPILE_FLAGS -D_BSD_SOURCE)
-ENDIF(HAVE_FEATURES_H)
-
-# Check if header file exists and add it to the list.
-MACRO(CHECK_INCLUDE_FILE_CONCAT FILE VARIABLE)
-  CHECK_INCLUDE_FILES("${CURL_INCLUDES};${FILE}" ${VARIABLE})
-  IF(${VARIABLE})
-    SET(CURL_INCLUDES ${CURL_INCLUDES} ${FILE})
-  ENDIF(${VARIABLE})
-ENDMACRO(CHECK_INCLUDE_FILE_CONCAT)
+check_include_file("features.h"       HAVE_FEATURES_H)
 
 # Check for header files
-IF(UNIX)
-  SET(HAVE_WINDOWS_H 0)
-  SET(HAVE_WINSOCK_H 0)
-  SET(HAVE_WS2TCPIP_H 0)
-  SET(HAVE_WINSOCK2_H 0)
-ENDIF(UNIX)
-IF(NOT UNIX)
-  CHECK_INCLUDE_FILE_CONCAT("ws2tcpip.h"     HAVE_WS2TCPIP_H)
-  CHECK_INCLUDE_FILE_CONCAT("winsock2.h"     HAVE_WINSOCK2_H)
-ENDIF(NOT UNIX)
-CHECK_INCLUDE_FILE_CONCAT("stdio.h"          HAVE_STDIO_H)
-IF(NOT UNIX)
-  CHECK_INCLUDE_FILE_CONCAT("windows.h"      HAVE_WINDOWS_H)
-  CHECK_INCLUDE_FILE_CONCAT("winsock.h"      HAVE_WINSOCK_H)
-ENDIF(NOT UNIX)
-CHECK_INCLUDE_FILE_CONCAT("stddef.h"         HAVE_STDDEF_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/types.h"      HAVE_SYS_TYPES_H)
-CHECK_INCLUDE_FILE_CONCAT("inttypes.h"       HAVE_INTTYPES_H)
-CHECK_INCLUDE_FILE_CONCAT("alloca.h"         HAVE_ALLOCA_H)
-CHECK_INCLUDE_FILE_CONCAT("arpa/inet.h"      HAVE_ARPA_INET_H)
-CHECK_INCLUDE_FILE_CONCAT("dlfcn.h"          HAVE_DLFCN_H)
-CHECK_INCLUDE_FILE_CONCAT("fcntl.h"          HAVE_FCNTL_H)
-CHECK_INCLUDE_FILE_CONCAT("malloc.h"         HAVE_MALLOC_H)
-CHECK_INCLUDE_FILE_CONCAT("memory.h"         HAVE_MEMORY_H)
-CHECK_INCLUDE_FILE_CONCAT("netdb.h"          HAVE_NETDB_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/poll.h"       HAVE_SYS_POLL_H)
-CHECK_INCLUDE_FILE_CONCAT("assert.h"         HAVE_ASSERT_H)
-CHECK_INCLUDE_FILE_CONCAT("limits.h"         HAVE_LIMITS_H)
-
-IF(CMAKE_USE_OPENSSL)
-  CHECK_INCLUDE_FILE_CONCAT("openssl/x509.h"   HAVE_OPENSSL_X509_H)
-  CHECK_INCLUDE_FILE_CONCAT("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
-  CHECK_INCLUDE_FILE_CONCAT("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)
-  CHECK_INCLUDE_FILE_CONCAT("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
-  CHECK_INCLUDE_FILE_CONCAT("openssl/pem.h"    HAVE_OPENSSL_PEM_H)
-  CHECK_INCLUDE_FILE_CONCAT("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
-  CHECK_INCLUDE_FILE_CONCAT("openssl/err.h"    HAVE_OPENSSL_ERR_H)
-  CHECK_INCLUDE_FILE_CONCAT("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
-  CHECK_INCLUDE_FILE_CONCAT("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H)
-ENDIF(CMAKE_USE_OPENSSL)
-
-IF(NOT CURL_SPECIAL_LIBZ)
-  CHECK_INCLUDE_FILE_CONCAT("zlib.h"           HAVE_ZLIB_H)
-ENDIF(NOT CURL_SPECIAL_LIBZ)
-CHECK_INCLUDE_FILE_CONCAT("sys/socket.h"     HAVE_SYS_SOCKET_H)
-CHECK_INCLUDE_FILE_CONCAT("netinet/in.h"     HAVE_NETINET_IN_H)
-CHECK_INCLUDE_FILE_CONCAT("net/if.h"         HAVE_NET_IF_H)
-CHECK_INCLUDE_FILE_CONCAT("netinet/if_ether.h"
-  HAVE_NETINET_IF_ETHER_H)
-CHECK_INCLUDE_FILE_CONCAT("netinet/tcp.h"
-  HAVE_NETINET_TCP_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/select.h"    HAVE_SYS_SELECT_H)
-CHECK_INCLUDE_FILE_CONCAT("utime.h"         HAVE_UTIME_H)
-CHECK_INCLUDE_FILE_CONCAT("netinet/in.h"    HAVE_NETINET_IN_H)
-CHECK_INCLUDE_FILE_CONCAT("pwd.h"           HAVE_PWD_H)
-CHECK_INCLUDE_FILE_CONCAT("sgtty.h"         HAVE_SGTTY_H)
-CHECK_INCLUDE_FILE_CONCAT("stdint.h"        HAVE_STDINT_H)
-CHECK_INCLUDE_FILE_CONCAT("stdlib.h"        HAVE_STDLIB_H)
-CHECK_INCLUDE_FILE_CONCAT("string.h"        HAVE_STRING_H)
-CHECK_INCLUDE_FILE_CONCAT("strings.h"       HAVE_STRINGS_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/param.h"     HAVE_SYS_PARAM_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/stat.h"      HAVE_SYS_STAT_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/time.h"      HAVE_SYS_TIME_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/resource.h"  HAVE_SYS_RESOURCE_H)
-CHECK_INCLUDE_FILE_CONCAT("termios.h"       HAVE_TERMIOS_H)
-CHECK_INCLUDE_FILE_CONCAT("termio.h"        HAVE_TERMIO_H)
-CHECK_INCLUDE_FILE_CONCAT("io.h"            HAVE_IO_H)
-CHECK_INCLUDE_FILE_CONCAT("time.h"          HAVE_TIME_H)
-CHECK_INCLUDE_FILE_CONCAT("unistd.h"        HAVE_UNISTD_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/utime.h"     HAVE_SYS_UTIME_H)
-CHECK_INCLUDE_FILE_CONCAT("sockio.h"        HAVE_SOCKIO_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/sockio.h"    HAVE_SYS_SOCKIO_H)
-CHECK_INCLUDE_FILE_CONCAT("x509.h"          HAVE_X509_H)
-CHECK_INCLUDE_FILE_CONCAT("locale.h"        HAVE_LOCALE_H)
-CHECK_INCLUDE_FILE_CONCAT("setjmp.h"        HAVE_SETJMP_H)
-CHECK_INCLUDE_FILE_CONCAT("signal.h"        HAVE_SIGNAL_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/ioctl.h"     HAVE_SYS_IOCTL_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/utsname.h"   HAVE_SYS_UTSNAME_H)
-CHECK_INCLUDE_FILE_CONCAT("idn-free.h"      HAVE_IDN_FREE_H)
-CHECK_INCLUDE_FILE_CONCAT("idna.h"          HAVE_IDNA_H)
-CHECK_INCLUDE_FILE_CONCAT("tld.h"           HAVE_TLD_H)
-CHECK_INCLUDE_FILE_CONCAT("arpa/tftp.h"     HAVE_ARPA_TFTP_H)
-CHECK_INCLUDE_FILE_CONCAT("errno.h"         HAVE_ERRNO_H)
-CHECK_INCLUDE_FILE_CONCAT("libgen.h"        HAVE_LIBGEN_H)
-CHECK_INCLUDE_FILE_CONCAT("sys/filio.h"     HAVE_SYS_FILIO_H)
-CHECK_TYPE_SIZE(size_t  SIZEOF_SIZE_T)
-CHECK_TYPE_SIZE(ssize_t  SIZEOF_SSIZE_T)
-CHECK_TYPE_SIZE("long long"  SIZEOF_LONG_LONG)
-CHECK_TYPE_SIZE("long"  SIZEOF_LONG)
-CHECK_TYPE_SIZE("__int64"  SIZEOF___INT64)
-CHECK_TYPE_SIZE("time_t"  SIZEOF_TIME_T)
-
-IF(HAVE_SIZEOF_LONG_LONG)
-  SET(HAVE_LONGLONG 1)
-  SET(HAVE_LL 1)
-ENDIF(HAVE_SIZEOF_LONG_LONG)
-
-FIND_FILE(RANDOM_FILE urandom /dev)
-MARK_AS_ADVANCED(RANDOM_FILE)
-
-#strtoll \
-#socket \
-#select \
-#strdup \
-#strstr \
-#strtok_r \
-#uname \
-#strcasecmp \
-#stricmp \
-#strcmpi \
-#gethostbyaddr \
-#gettimeofday \
-#inet_addr \
-#inet_ntoa \
-#inet_pton \
-#perror \
-#closesocket \
-#siginterrupt \
-#sigaction \
-#signal \
-#getpass_r \
-#getpwuid \
-#geteuid \
-#dlopen \
-#utime \
-#sigsetjmp \
-#basename \
-#setlocale \
-#ftruncate \
-#pipe \
-#poll \
-#getprotobyname \
-#getrlimit \
-#setrlimit \
-#fork
+if(NOT UNIX)
+  check_include_file_concat("ws2tcpip.h"     HAVE_WS2TCPIP_H)
+  check_include_file_concat("winsock2.h"     HAVE_WINSOCK2_H)
+endif(NOT UNIX)
+check_include_file_concat("stdio.h"          HAVE_STDIO_H)
+if(NOT UNIX)
+  check_include_file_concat("windows.h"      HAVE_WINDOWS_H)
+  check_include_file_concat("winsock.h"      HAVE_WINSOCK_H)
+endif(NOT UNIX)
+
+check_include_file_concat("inttypes.h"       HAVE_INTTYPES_H)
+check_include_file_concat("sys/filio.h"      HAVE_SYS_FILIO_H)
+check_include_file_concat("sys/ioctl.h"      HAVE_SYS_IOCTL_H)
+check_include_file_concat("sys/param.h"      HAVE_SYS_PARAM_H)
+check_include_file_concat("sys/poll.h"       HAVE_SYS_POLL_H)
+check_include_file_concat("sys/resource.h"   HAVE_SYS_RESOURCE_H)
+check_include_file_concat("sys/select.h"     HAVE_SYS_SELECT_H)
+check_include_file_concat("sys/socket.h"     HAVE_SYS_SOCKET_H)
+check_include_file_concat("sys/sockio.h"     HAVE_SYS_SOCKIO_H)
+check_include_file_concat("sys/stat.h"       HAVE_SYS_STAT_H)
+check_include_file_concat("sys/time.h"       HAVE_SYS_TIME_H)
+check_include_file_concat("sys/types.h"      HAVE_SYS_TYPES_H)
+check_include_file_concat("sys/uio.h"        HAVE_SYS_UIO_H)
+check_include_file_concat("sys/un.h"         HAVE_SYS_UN_H)
+check_include_file_concat("sys/utime.h"      HAVE_SYS_UTIME_H)
+check_include_file_concat("alloca.h"         HAVE_ALLOCA_H)
+check_include_file_concat("arpa/inet.h"      HAVE_ARPA_INET_H)
+check_include_file_concat("arpa/tftp.h"      HAVE_ARPA_TFTP_H)
+check_include_file_concat("assert.h"         HAVE_ASSERT_H)
+check_include_file_concat("crypto.h"         HAVE_CRYPTO_H)
+check_include_file_concat("des.h"            HAVE_DES_H)
+check_include_file_concat("err.h"            HAVE_ERR_H)
+check_include_file_concat("errno.h"          HAVE_ERRNO_H)
+check_include_file_concat("fcntl.h"          HAVE_FCNTL_H)
+check_include_file_concat("gssapi/gssapi.h"  HAVE_GSSAPI_GSSAPI_H)
+check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
+check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H)
+check_include_file_concat("idn-free.h"       HAVE_IDN_FREE_H)
+check_include_file_concat("ifaddrs.h"        HAVE_IFADDRS_H)
+check_include_file_concat("io.h"             HAVE_IO_H)
+check_include_file_concat("krb.h"            HAVE_KRB_H)
+check_include_file_concat("libgen.h"         HAVE_LIBGEN_H)
+check_include_file_concat("limits.h"         HAVE_LIMITS_H)
+check_include_file_concat("locale.h"         HAVE_LOCALE_H)
+check_include_file_concat("net/if.h"         HAVE_NET_IF_H)
+check_include_file_concat("netdb.h"          HAVE_NETDB_H)
+check_include_file_concat("netinet/in.h"     HAVE_NETINET_IN_H)
+check_include_file_concat("netinet/tcp.h"    HAVE_NETINET_TCP_H)
+
+check_include_file_concat("pem.h"            HAVE_PEM_H)
+check_include_file_concat("poll.h"           HAVE_POLL_H)
+check_include_file_concat("pwd.h"            HAVE_PWD_H)
+check_include_file_concat("rsa.h"            HAVE_RSA_H)
+check_include_file_concat("setjmp.h"         HAVE_SETJMP_H)
+check_include_file_concat("sgtty.h"          HAVE_SGTTY_H)
+check_include_file_concat("signal.h"         HAVE_SIGNAL_H)
+check_include_file_concat("ssl.h"            HAVE_SSL_H)
+check_include_file_concat("stdbool.h"        HAVE_STDBOOL_H)
+check_include_file_concat("stdint.h"         HAVE_STDINT_H)
+check_include_file_concat("stdio.h"          HAVE_STDIO_H)
+check_include_file_concat("stdlib.h"         HAVE_STDLIB_H)
+check_include_file_concat("string.h"         HAVE_STRING_H)
+check_include_file_concat("strings.h"        HAVE_STRINGS_H)
+check_include_file_concat("stropts.h"        HAVE_STROPTS_H)
+check_include_file_concat("termio.h"         HAVE_TERMIO_H)
+check_include_file_concat("termios.h"        HAVE_TERMIOS_H)
+check_include_file_concat("time.h"           HAVE_TIME_H)
+check_include_file_concat("tld.h"            HAVE_TLD_H)
+check_include_file_concat("unistd.h"         HAVE_UNISTD_H)
+check_include_file_concat("utime.h"          HAVE_UTIME_H)
+check_include_file_concat("x509.h"           HAVE_X509_H)
+
+check_include_file_concat("process.h"        HAVE_PROCESS_H)
+check_include_file_concat("stddef.h"         HAVE_STDDEF_H)
+check_include_file_concat("dlfcn.h"          HAVE_DLFCN_H)
+check_include_file_concat("malloc.h"         HAVE_MALLOC_H)
+check_include_file_concat("memory.h"         HAVE_MEMORY_H)
+check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H)
+check_include_file_concat("stdint.h"        HAVE_STDINT_H)
+check_include_file_concat("sockio.h"        HAVE_SOCKIO_H)
+check_include_file_concat("sys/utsname.h"   HAVE_SYS_UTSNAME_H)
+check_include_file_concat("idna.h"          HAVE_IDNA_H)
+
+
+
+check_type_size(size_t  SIZEOF_SIZE_T)
+check_type_size(ssize_t  SIZEOF_SSIZE_T)
+check_type_size("long long"  SIZEOF_LONG_LONG)
+check_type_size("long"  SIZEOF_LONG)
+check_type_size("short"  SIZEOF_SHORT)
+check_type_size("int"  SIZEOF_INT)
+check_type_size("__int64"  SIZEOF___INT64)
+check_type_size("time_t"  SIZEOF_TIME_T)
+check_type_size("off_t"  SIZEOF_OFF_T)
+
+# Make public versions of some type sizes for curlbuild.h.
+foreach(t INT LONG LONG_LONG SSIZE_T)
+  string(REPLACE "SIZEOF_" "CURL_SIZEOF_" CURL_SIZEOF_${t}_CODE "${SIZEOF_${t}_CODE}")
+endforeach()
+
+if(HAVE_SIZEOF_LONG_LONG)
+  set(HAVE_LONGLONG 1)
+  set(HAVE_LL 1)
+endif(HAVE_SIZEOF_LONG_LONG)
+
+find_file(RANDOM_FILE urandom /dev)
+mark_as_advanced(RANDOM_FILE)
 
 # Check for some functions that are used
-CHECK_SYMBOL_EXISTS(basename      "${CURL_INCLUDES}" HAVE_BASENAME)
-CHECK_SYMBOL_EXISTS(socket        "${CURL_INCLUDES}" HAVE_SOCKET)
-CHECK_SYMBOL_EXISTS(poll          "${CURL_INCLUDES}" HAVE_POLL)
-CHECK_SYMBOL_EXISTS(select        "${CURL_INCLUDES}" HAVE_SELECT)
-CHECK_SYMBOL_EXISTS(strdup        "${CURL_INCLUDES}" HAVE_STRDUP)
-CHECK_SYMBOL_EXISTS(strstr        "${CURL_INCLUDES}" HAVE_STRSTR)
-CHECK_SYMBOL_EXISTS(strtok_r      "${CURL_INCLUDES}" HAVE_STRTOK_R)
-CHECK_SYMBOL_EXISTS(strftime      "${CURL_INCLUDES}" HAVE_STRFTIME)
-CHECK_SYMBOL_EXISTS(uname         "${CURL_INCLUDES}" HAVE_UNAME)
-CHECK_SYMBOL_EXISTS(strcasecmp    "${CURL_INCLUDES}" HAVE_STRCASECMP)
-CHECK_SYMBOL_EXISTS(stricmp       "${CURL_INCLUDES}" HAVE_STRICMP)
-CHECK_SYMBOL_EXISTS(strcmpi       "${CURL_INCLUDES}" HAVE_STRCMPI)
-CHECK_SYMBOL_EXISTS(strncmpi      "${CURL_INCLUDES}" HAVE_STRNCMPI)
-CHECK_SYMBOL_EXISTS(basename      "${CURL_INCLUDES}" HAVE_BASENAME)
-IF(NOT HAVE_STRNCMPI)
-  SET(HAVE_STRCMPI)
-ENDIF(NOT HAVE_STRNCMPI)
-CHECK_SYMBOL_EXISTS(gethostbyaddr "${CURL_INCLUDES}" HAVE_GETHOSTBYADDR)
-CHECK_SYMBOL_EXISTS(gettimeofday  "${CURL_INCLUDES}" HAVE_GETTIMEOFDAY)
-CHECK_SYMBOL_EXISTS(inet_addr     "${CURL_INCLUDES}" HAVE_INET_ADDR)
-# windows only has this for vista, but will link with it and say
-# that it has it at link time!  So, force it off
-IF(WIN32)
-  SET(HAVE_INET_PTON 0 CACHE "" INTERNAL )
-ENDIF(WIN32)
-CHECK_SYMBOL_EXISTS(inet_pton     "${CURL_INCLUDES}" HAVE_INET_PTON)
-CHECK_SYMBOL_EXISTS(inet_ntoa     "${CURL_INCLUDES}" HAVE_INET_NTOA)
-CHECK_SYMBOL_EXISTS(inet_ntoa_r   "${CURL_INCLUDES}" HAVE_INET_NTOA_R)
-CHECK_SYMBOL_EXISTS(tcsetattr     "${CURL_INCLUDES}" HAVE_TCSETATTR)
-CHECK_SYMBOL_EXISTS(tcgetattr     "${CURL_INCLUDES}" HAVE_TCGETATTR)
-CHECK_SYMBOL_EXISTS(perror        "${CURL_INCLUDES}" HAVE_PERROR)
-CHECK_SYMBOL_EXISTS(closesocket   "${CURL_INCLUDES}" HAVE_CLOSESOCKET)
-CHECK_SYMBOL_EXISTS(setvbuf       "${CURL_INCLUDES}" HAVE_SETVBUF)
-CHECK_SYMBOL_EXISTS(sigsetjmp     "${CURL_INCLUDES}" HAVE_SIGSETJMP)
-CHECK_SYMBOL_EXISTS(getpass_r     "${CURL_INCLUDES}" HAVE_GETPASS_R)
-CHECK_SYMBOL_EXISTS(getpwuid      "${CURL_INCLUDES}" HAVE_GETPWUID)
-CHECK_SYMBOL_EXISTS(geteuid       "${CURL_INCLUDES}" HAVE_GETEUID)
-CHECK_SYMBOL_EXISTS(utime         "${CURL_INCLUDES}" HAVE_UTIME)
-IF(CMAKE_USE_OPENSSL)
-  CHECK_SYMBOL_EXISTS(RAND_status   "${CURL_INCLUDES}" HAVE_RAND_STATUS)
-  CHECK_SYMBOL_EXISTS(RAND_screen   "${CURL_INCLUDES}" HAVE_RAND_SCREEN)
-  CHECK_SYMBOL_EXISTS(RAND_egd      "${CURL_INCLUDES}" HAVE_RAND_EGD)
-  CHECK_SYMBOL_EXISTS(CRYPTO_cleanup_all_ex_data "${CURL_INCLUDES}"
+check_symbol_exists(basename      "${CURL_INCLUDES}" HAVE_BASENAME)
+check_symbol_exists(socket        "${CURL_INCLUDES}" HAVE_SOCKET)
+check_symbol_exists(poll          "${CURL_INCLUDES}" HAVE_POLL)
+check_symbol_exists(select        "${CURL_INCLUDES}" HAVE_SELECT)
+check_symbol_exists(strdup        "${CURL_INCLUDES}" HAVE_STRDUP)
+check_symbol_exists(strstr        "${CURL_INCLUDES}" HAVE_STRSTR)
+check_symbol_exists(strtok_r      "${CURL_INCLUDES}" HAVE_STRTOK_R)
+check_symbol_exists(strftime      "${CURL_INCLUDES}" HAVE_STRFTIME)
+check_symbol_exists(uname         "${CURL_INCLUDES}" HAVE_UNAME)
+check_symbol_exists(strcasecmp    "${CURL_INCLUDES}" HAVE_STRCASECMP)
+check_symbol_exists(stricmp       "${CURL_INCLUDES}" HAVE_STRICMP)
+check_symbol_exists(strcmpi       "${CURL_INCLUDES}" HAVE_STRCMPI)
+check_symbol_exists(strncmpi      "${CURL_INCLUDES}" HAVE_STRNCMPI)
+check_symbol_exists(alarm         "${CURL_INCLUDES}" HAVE_ALARM)
+if(NOT HAVE_STRNCMPI)
+  set(HAVE_STRCMPI)
+endif(NOT HAVE_STRNCMPI)
+check_symbol_exists(gethostbyaddr "${CURL_INCLUDES}" HAVE_GETHOSTBYADDR)
+check_symbol_exists(gethostbyaddr_r "${CURL_INCLUDES}" HAVE_GETHOSTBYADDR_R)
+check_symbol_exists(gettimeofday  "${CURL_INCLUDES}" HAVE_GETTIMEOFDAY)
+check_symbol_exists(inet_addr     "${CURL_INCLUDES}" HAVE_INET_ADDR)
+check_symbol_exists(inet_ntoa     "${CURL_INCLUDES}" HAVE_INET_NTOA)
+check_symbol_exists(inet_ntoa_r   "${CURL_INCLUDES}" HAVE_INET_NTOA_R)
+check_symbol_exists(tcsetattr     "${CURL_INCLUDES}" HAVE_TCSETATTR)
+check_symbol_exists(tcgetattr     "${CURL_INCLUDES}" HAVE_TCGETATTR)
+check_symbol_exists(perror        "${CURL_INCLUDES}" HAVE_PERROR)
+check_symbol_exists(closesocket   "${CURL_INCLUDES}" HAVE_CLOSESOCKET)
+check_symbol_exists(setvbuf       "${CURL_INCLUDES}" HAVE_SETVBUF)
+check_symbol_exists(sigsetjmp     "${CURL_INCLUDES}" HAVE_SIGSETJMP)
+check_symbol_exists(getpass_r     "${CURL_INCLUDES}" HAVE_GETPASS_R)
+check_symbol_exists(strlcat       "${CURL_INCLUDES}" HAVE_STRLCAT)
+check_symbol_exists(getpwuid      "${CURL_INCLUDES}" HAVE_GETPWUID)
+check_symbol_exists(geteuid       "${CURL_INCLUDES}" HAVE_GETEUID)
+check_symbol_exists(utime         "${CURL_INCLUDES}" HAVE_UTIME)
+if(CMAKE_USE_OPENSSL)
+  check_symbol_exists(RAND_status   "${CURL_INCLUDES}" HAVE_RAND_STATUS)
+  check_symbol_exists(RAND_screen   "${CURL_INCLUDES}" HAVE_RAND_SCREEN)
+  check_symbol_exists(RAND_egd      "${CURL_INCLUDES}" HAVE_RAND_EGD)
+  check_symbol_exists(CRYPTO_cleanup_all_ex_data "${CURL_INCLUDES}"
     HAVE_CRYPTO_CLEANUP_ALL_EX_DATA)
-ENDIF(CMAKE_USE_OPENSSL)
-CHECK_SYMBOL_EXISTS(gmtime_r      "${CURL_INCLUDES}" HAVE_GMTIME_R)
-CHECK_SYMBOL_EXISTS(localtime_r   "${CURL_INCLUDES}" HAVE_LOCALTIME_R)
-
-CHECK_SYMBOL_EXISTS(gethostbyname   "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME)
-CHECK_SYMBOL_EXISTS(gethostbyname_r "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME_R)
-CHECK_SYMBOL_EXISTS(gethostbyaddr_r "${CURL_INCLUDES}" HAVE_GETHOSTBYADDR_R)
-
-CHECK_SYMBOL_EXISTS(signal        "${CURL_INCLUDES}" HAVE_SIGNAL_FUNC)
-CHECK_SYMBOL_EXISTS(SIGALRM       "${CURL_INCLUDES}" HAVE_SIGNAL_MACRO)
-IF(HAVE_SIGNAL_FUNC AND HAVE_SIGNAL_MACRO)
-  SET(HAVE_SIGNAL 1)
-ENDIF(HAVE_SIGNAL_FUNC AND HAVE_SIGNAL_MACRO)
-CHECK_SYMBOL_EXISTS(uname          "${CURL_INCLUDES}" HAVE_UNAME)
-CHECK_SYMBOL_EXISTS(strtoll        "${CURL_INCLUDES}" HAVE_STRTOLL)
-CHECK_SYMBOL_EXISTS(_strtoi64      "${CURL_INCLUDES}" HAVE__STRTOI64)
-CHECK_SYMBOL_EXISTS(strerror_r     "${CURL_INCLUDES}" HAVE_STRERROR_R)
-CHECK_SYMBOL_EXISTS(siginterrupt   "${CURL_INCLUDES}" HAVE_SIGINTERRUPT)
-CHECK_SYMBOL_EXISTS(perror         "${CURL_INCLUDES}" HAVE_PERROR)
-CHECK_SYMBOL_EXISTS(fork           "${CURL_INCLUDES}" HAVE_FORK)
-CHECK_SYMBOL_EXISTS(pipe           "${CURL_INCLUDES}" HAVE_PIPE)
-CHECK_SYMBOL_EXISTS(ftruncate      "${CURL_INCLUDES}" HAVE_FTRUNCATE)
-CHECK_SYMBOL_EXISTS(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME)
-CHECK_SYMBOL_EXISTS(getrlimit      "${CURL_INCLUDES}" HAVE_GETRLIMIT)
-CHECK_SYMBOL_EXISTS(idn_free       "${CURL_INCLUDES}" HAVE_IDN_FREE)
-CHECK_SYMBOL_EXISTS(idna_strerror  "${CURL_INCLUDES}" HAVE_IDNA_STRERROR)
-CHECK_SYMBOL_EXISTS(tld_strerror   "${CURL_INCLUDES}" HAVE_TLD_STRERROR)
-CHECK_SYMBOL_EXISTS(setlocale      "${CURL_INCLUDES}" HAVE_SETLOCALE)
-CHECK_SYMBOL_EXISTS(setrlimit      "${CURL_INCLUDES}" HAVE_SETRLIMIT)
-
-# only build compat strtok if we need to
-IF (NOT HAVE_STRTOK_R)
-  SET(libCurl_SRCS ${libCurl_SRCS}
-    strtok.c
-    )
-ENDIF (NOT HAVE_STRTOK_R)
-
-# only build compat strtoofft if we need to
-IF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
-  SET(libCurl_SRCS ${libCurl_SRCS}
-    strtoofft.c
-    )
-ENDIF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
+  if(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
+    set(USE_OPENSSL 1)
+    set(USE_SSLEAY 1)
+  endif(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
+endif(CMAKE_USE_OPENSSL)
+check_symbol_exists(gmtime_r      "${CURL_INCLUDES}" HAVE_GMTIME_R)
+check_symbol_exists(localtime_r   "${CURL_INCLUDES}" HAVE_LOCALTIME_R)
+
+check_symbol_exists(gethostbyname   "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME)
+check_symbol_exists(gethostbyname_r "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME_R)
+
+check_symbol_exists(signal        "${CURL_INCLUDES}" HAVE_SIGNAL_FUNC)
+check_symbol_exists(SIGALRM       "${CURL_INCLUDES}" HAVE_SIGNAL_MACRO)
+if(HAVE_SIGNAL_FUNC AND HAVE_SIGNAL_MACRO)
+  set(HAVE_SIGNAL 1)
+endif(HAVE_SIGNAL_FUNC AND HAVE_SIGNAL_MACRO)
+check_symbol_exists(uname          "${CURL_INCLUDES}" HAVE_UNAME)
+check_symbol_exists(strtoll        "${CURL_INCLUDES}" HAVE_STRTOLL)
+check_symbol_exists(_strtoi64      "${CURL_INCLUDES}" HAVE__STRTOI64)
+check_symbol_exists(strerror_r     "${CURL_INCLUDES}" HAVE_STRERROR_R)
+check_symbol_exists(siginterrupt   "${CURL_INCLUDES}" HAVE_SIGINTERRUPT)
+check_symbol_exists(perror         "${CURL_INCLUDES}" HAVE_PERROR)
+check_symbol_exists(fork           "${CURL_INCLUDES}" HAVE_FORK)
+check_symbol_exists(freeaddrinfo   "${CURL_INCLUDES}" HAVE_FREEADDRINFO)
+check_symbol_exists(freeifaddrs    "${CURL_INCLUDES}" HAVE_FREEIFADDRS)
+check_symbol_exists(pipe           "${CURL_INCLUDES}" HAVE_PIPE)
+check_symbol_exists(ftruncate      "${CURL_INCLUDES}" HAVE_FTRUNCATE)
+check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME)
+check_symbol_exists(getrlimit      "${CURL_INCLUDES}" HAVE_GETRLIMIT)
+check_symbol_exists(idn_free       "${CURL_INCLUDES}" HAVE_IDN_FREE)
+check_symbol_exists(idna_strerror  "${CURL_INCLUDES}" HAVE_IDNA_STRERROR)
+check_symbol_exists(tld_strerror   "${CURL_INCLUDES}" HAVE_TLD_STRERROR)
+check_symbol_exists(setlocale      "${CURL_INCLUDES}" HAVE_SETLOCALE)
+check_symbol_exists(setrlimit      "${CURL_INCLUDES}" HAVE_SETRLIMIT)
+check_symbol_exists(fcntl          "${CURL_INCLUDES}" HAVE_FCNTL)
+check_symbol_exists(ioctl          "${CURL_INCLUDES}" HAVE_IOCTL)
+check_symbol_exists(setsockopt     "${CURL_INCLUDES}" HAVE_SETSOCKOPT)
+
+# symbol exists in win32, but function does not.
+check_function_exists(inet_pton HAVE_INET_PTON)
 
 # sigaction and sigsetjmp are special. Use special mechanism for
 # detecting those, but only if previous attempt failed.
-IF(HAVE_SIGNAL_H)
-  CHECK_SYMBOL_EXISTS(sigaction "signal.h" HAVE_SIGACTION)
-ENDIF(HAVE_SIGNAL_H)
-
-IF(NOT HAVE_SIGSETJMP)
-  IF(HAVE_SETJMP_H)
-    CHECK_SYMBOL_EXISTS(sigsetjmp "setjmp.h" HAVE_MACRO_SIGSETJMP)
-    IF(HAVE_MACRO_SIGSETJMP)
-      SET(HAVE_SIGSETJMP 1)
-    ENDIF(HAVE_MACRO_SIGSETJMP)
-  ENDIF(HAVE_SETJMP_H)
-ENDIF(NOT HAVE_SIGSETJMP)
-
-# For other curl specific tests, use this macro.
-MACRO(CURL_INTERNAL_TEST CURL_TEST)
-  IF(NOT DEFINED ${CURL_TEST})
-    SET(MACRO_CHECK_FUNCTION_DEFINITIONS
-      "-D${CURL_TEST} ${CMAKE_REQUIRED_FLAGS}")
-    IF(CMAKE_REQUIRED_LIBRARIES)
-      SET(CURL_TEST_ADD_LIBRARIES
-        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
-    ENDIF(CMAKE_REQUIRED_LIBRARIES)
-
-    MESSAGE(STATUS "Performing Curl Test ${CURL_TEST}")
-    TRY_COMPILE(${CURL_TEST}
-      ${CMAKE_BINARY_DIR}
-      ${LIBCURL_SOURCE_DIR}/CMake/CurlTests.c
-      CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
-      "${CURL_TEST_ADD_LIBRARIES}"
-      OUTPUT_VARIABLE OUTPUT)
-    IF(${CURL_TEST})
-      SET(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}")
-      MESSAGE(STATUS "Performing Curl Test ${CURL_TEST} - Success")
-      FILE(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
-        "Performing Curl Test ${CURL_TEST} passed with the following output:\n"
-        "${OUTPUT}\n")
-    ELSE(${CURL_TEST})
-      MESSAGE(STATUS "Performing Curl Test ${CURL_TEST} - Failed")
-      SET(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}")
-      FILE(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
-        "Performing Curl Test ${CURL_TEST} failed with the following output:\n"
-        "${OUTPUT}\n")
-    ENDIF(${CURL_TEST})
-  ENDIF()
-ENDMACRO(CURL_INTERNAL_TEST)
+if(HAVE_SIGNAL_H)
+  check_symbol_exists(sigaction "signal.h" HAVE_SIGACTION)
+endif(HAVE_SIGNAL_H)
+
+if(NOT HAVE_SIGSETJMP)
+  if(HAVE_SETJMP_H)
+    check_symbol_exists(sigsetjmp "setjmp.h" HAVE_MACRO_SIGSETJMP)
+    if(HAVE_MACRO_SIGSETJMP)
+      set(HAVE_SIGSETJMP 1)
+    endif(HAVE_MACRO_SIGSETJMP)
+  endif(HAVE_SETJMP_H)
+endif(NOT HAVE_SIGSETJMP)
+
+# If there is no stricmp(), do not allow LDAP to parse URLs
+if(NOT HAVE_STRICMP)
+  set(HAVE_LDAP_URL_PARSE 1)
+endif(NOT HAVE_STRICMP)
+
+
 
 # Do curl specific tests
-#OPTION(CURL_HAVE_DISABLED_NONBLOCKING "Disable non-blocking socket detection" OFF)
-SET(CURL_NONBLOCKING_TESTS)
-IF(NOT CURL_HAVE_DISABLED_NONBLOCKING)
-  SET(CURL_NONBLOCKING_TESTS
-    HAVE_FIONBIO
+if(HAVE_LIBWS2_32)
+  set(CMAKE_REQUIRED_LIBRARIES ws2_32)
+endif()
+foreach(CURL_TEST
+    HAVE_FCNTL_O_NONBLOCK
     HAVE_IOCTLSOCKET
-    HAVE_IOCTLSOCKET_CASE
-    HAVE_O_NONBLOCK
-    HAVE_SO_NONBLOCK
-    )
-ENDIF(NOT CURL_HAVE_DISABLED_NONBLOCKING)
-FOREACH(CURL_TEST
-    ${CURL_NONBLOCKING_TESTS}
+    HAVE_IOCTLSOCKET_CAMEL
+    HAVE_IOCTLSOCKET_CAMEL_FIONBIO
+    HAVE_IOCTLSOCKET_FIONBIO
+    HAVE_IOCTL_FIONBIO
+    HAVE_IOCTL_SIOCGIFADDR
+    HAVE_SETSOCKOPT_SO_NONBLOCK
+    HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
     TIME_WITH_SYS_TIME
-    HAVE_O_NONBLOCKHAVE_GETHOSTBYADDR_R_5
+    HAVE_O_NONBLOCK
+    HAVE_GETHOSTBYADDR_R_5
     HAVE_GETHOSTBYADDR_R_7
     HAVE_GETHOSTBYADDR_R_8
     HAVE_GETHOSTBYADDR_R_5_REENTRANT
@@ -565,6 +741,7 @@ FOREACH(CURL_TEST
     HAVE_GETHOSTBYNAME_R_6_REENTRANT
     HAVE_SOCKLEN_T
     HAVE_IN_ADDR_T
+    HAVE_BOOL_T
     STDC_HEADERS
     RETSIGTYPE_TEST
     HAVE_INET_NTOA_R_DECL
@@ -572,14 +749,20 @@ FOREACH(CURL_TEST
     HAVE_GETADDRINFO
     HAVE_FILE_OFFSET_BITS
     )
-  CURL_INTERNAL_TEST(${CURL_TEST})
-ENDFOREACH(CURL_TEST)
-IF(HAVE_FILE_OFFSET_BITS)
-  SET(_FILE_OFFSET_BITS 64)
-ENDIF(HAVE_FILE_OFFSET_BITS)
+  curl_internal_test(${CURL_TEST})
+endforeach(CURL_TEST)
+if(HAVE_FILE_OFFSET_BITS)
+  set(_FILE_OFFSET_BITS 64)
+endif(HAVE_FILE_OFFSET_BITS)
+foreach(CURL_TEST
+    HAVE_GLIBC_STRERROR_R
+    HAVE_POSIX_STRERROR_R
+    )
+  curl_internal_test_run(${CURL_TEST})
+endforeach(CURL_TEST)
 
 # Check for reentrant
-FOREACH(CURL_TEST
+foreach(CURL_TEST
     HAVE_GETHOSTBYADDR_R_5
     HAVE_GETHOSTBYADDR_R_7
     HAVE_GETHOSTBYADDR_R_8
@@ -587,154 +770,214 @@ FOREACH(CURL_TEST
     HAVE_GETHOSTBYNAME_R_5
     HAVE_GETHOSTBYNAME_R_6
     HAVE_INET_NTOA_R_DECL_REENTRANT)
-  IF(NOT ${CURL_TEST})
-    IF(${CURL_TEST}_REENTRANT)
-      SET(NEED_REENTRANT 1)
-    ENDIF(${CURL_TEST}_REENTRANT)
-  ENDIF(NOT ${CURL_TEST})
-ENDFOREACH(CURL_TEST)
-
-IF(NEED_REENTRANT)
-  FOREACH(CURL_TEST
+  if(NOT ${CURL_TEST})
+    if(${CURL_TEST}_REENTRANT)
+      set(NEED_REENTRANT 1)
+    endif(${CURL_TEST}_REENTRANT)
+  endif(NOT ${CURL_TEST})
+endforeach(CURL_TEST)
+
+if(NEED_REENTRANT)
+  foreach(CURL_TEST
       HAVE_GETHOSTBYADDR_R_5
       HAVE_GETHOSTBYADDR_R_7
       HAVE_GETHOSTBYADDR_R_8
       HAVE_GETHOSTBYNAME_R_3
       HAVE_GETHOSTBYNAME_R_5
       HAVE_GETHOSTBYNAME_R_6)
-    SET(${CURL_TEST} 0)
-    IF(${CURL_TEST}_REENTRANT)
-      SET(${CURL_TEST} 1)
-    ENDIF(${CURL_TEST}_REENTRANT)
-  ENDFOREACH(CURL_TEST)
-ENDIF(NEED_REENTRANT)
-
-IF(HAVE_INET_NTOA_R_DECL_REENTRANT)
-  SET(HAVE_INET_NTOA_R_DECL 1)
-  SET(NEED_REENTRANT 1)
-ENDIF(HAVE_INET_NTOA_R_DECL_REENTRANT)
+    set(${CURL_TEST} 0)
+    if(${CURL_TEST}_REENTRANT)
+      set(${CURL_TEST} 1)
+    endif(${CURL_TEST}_REENTRANT)
+  endforeach(CURL_TEST)
+endif(NEED_REENTRANT)
+
+if(HAVE_INET_NTOA_R_DECL_REENTRANT)
+  set(HAVE_INET_NTOA_R_DECL 1)
+  set(NEED_REENTRANT 1)
+endif(HAVE_INET_NTOA_R_DECL_REENTRANT)
 
 # Some other minor tests
 
-IF(NOT HAVE_SOCKLEN_T)
-  SET(socklen_t "int")
-ENDIF(NOT HAVE_SOCKLEN_T)
-
-IF(NOT HAVE_IN_ADDR_T)
-  SET(in_addr_t "unsigned long")
-ENDIF(NOT HAVE_IN_ADDR_T)
+if(NOT HAVE_IN_ADDR_T)
+  set(in_addr_t "unsigned long")
+endif(NOT HAVE_IN_ADDR_T)
 
 # Fix libz / zlib.h
 
-IF(NOT CURL_SPECIAL_LIBZ)
-  IF(NOT HAVE_LIBZ)
-    SET(HAVE_ZLIB_H 0)
-  ENDIF(NOT HAVE_LIBZ)
+if(NOT CURL_SPECIAL_LIBZ)
+  if(NOT HAVE_LIBZ)
+    set(HAVE_ZLIB_H 0)
+  endif(NOT HAVE_LIBZ)
 
-  IF(NOT HAVE_ZLIB_H)
-    SET(HAVE_LIBZ 0)
-  ENDIF(NOT HAVE_ZLIB_H)
-ENDIF(NOT CURL_SPECIAL_LIBZ)
+  if(NOT HAVE_ZLIB_H)
+    set(HAVE_LIBZ 0)
+  endif(NOT HAVE_ZLIB_H)
+endif(NOT CURL_SPECIAL_LIBZ)
 
-IF(_FILE_OFFSET_BITS)
-  SET(_FILE_OFFSET_BITS 64)
-ENDIF(_FILE_OFFSET_BITS)
-SET(CMAKE_REQUIRED_FLAGS "-D_FILE_OFFSET_BITS=64")
-SET(CMAKE_EXTRA_INCLUDE_FILES "${CMAKE_CURRENT_SOURCE_DIR}/curl/curl.h")
-CHECK_TYPE_SIZE("curl_off_t" SIZEOF_CURL_OFF_T)
-SET(CMAKE_EXTRA_INCLUDE_FILES)
-SET(CMAKE_REQUIRED_FLAGS)
+if(_FILE_OFFSET_BITS)
+  set(_FILE_OFFSET_BITS 64)
+endif(_FILE_OFFSET_BITS)
+set(CMAKE_REQUIRED_FLAGS "-D_FILE_OFFSET_BITS=64")
+set(CMAKE_EXTRA_INCLUDE_FILES "${CMAKE_CURRENT_SOURCE_DIR}/curl/curl.h")
+check_type_size("curl_off_t" SIZEOF_CURL_OFF_T)
+set(CMAKE_EXTRA_INCLUDE_FILES)
+set(CMAKE_REQUIRED_FLAGS)
 
 
 # Check for nonblocking
-SET(HAVE_DISABLED_NONBLOCKING 1)
-IF(HAVE_FIONBIO OR
+set(HAVE_DISABLED_NONBLOCKING 1)
+if(HAVE_FIONBIO OR
     HAVE_IOCTLSOCKET OR
     HAVE_IOCTLSOCKET_CASE OR
     HAVE_O_NONBLOCK)
-  SET(HAVE_DISABLED_NONBLOCKING)
-ENDIF(HAVE_FIONBIO OR
+  set(HAVE_DISABLED_NONBLOCKING)
+endif(HAVE_FIONBIO OR
   HAVE_IOCTLSOCKET OR
   HAVE_IOCTLSOCKET_CASE OR
   HAVE_O_NONBLOCK)
 
-IF(RETSIGTYPE_TEST)
-  SET(RETSIGTYPE void)
-ELSE(RETSIGTYPE_TEST)
-  SET(RETSIGTYPE int)
-ENDIF(RETSIGTYPE_TEST)
+if(RETSIGTYPE_TEST)
+  set(RETSIGTYPE void)
+else(RETSIGTYPE_TEST)
+  set(RETSIGTYPE int)
+endif(RETSIGTYPE_TEST)
 
-IF(CMAKE_COMPILER_IS_GNUCC AND APPLE)
-  INCLUDE(CheckCCompilerFlag)
-  CHECK_C_COMPILER_FLAG(-Wno-long-double HAVE_C_FLAG_Wno_long_double)
-  IF(HAVE_C_FLAG_Wno_long_double)
+if(CMAKE_COMPILER_IS_GNUCC AND APPLE)
+  include(CheckCCompilerFlag)
+  check_c_compiler_flag(-Wno-long-double HAVE_C_FLAG_Wno_long_double)
+  if(HAVE_C_FLAG_Wno_long_double)
     # The Mac version of GCC warns about use of long double.  Disable it.
-    GET_SOURCE_FILE_PROPERTY(MPRINTF_COMPILE_FLAGS mprintf.c COMPILE_FLAGS)
-    IF(MPRINTF_COMPILE_FLAGS)
-      SET(MPRINTF_COMPILE_FLAGS "${MPRINTF_COMPILE_FLAGS} -Wno-long-double")
-    ELSE(MPRINTF_COMPILE_FLAGS)
-      SET(MPRINTF_COMPILE_FLAGS "-Wno-long-double")
-    ENDIF(MPRINTF_COMPILE_FLAGS)
-    SET_SOURCE_FILES_PROPERTIES(mprintf.c PROPERTIES
+    get_source_file_property(MPRINTF_COMPILE_FLAGS mprintf.c COMPILE_FLAGS)
+    if(MPRINTF_COMPILE_FLAGS)
+      set(MPRINTF_COMPILE_FLAGS "${MPRINTF_COMPILE_FLAGS} -Wno-long-double")
+    else(MPRINTF_COMPILE_FLAGS)
+      set(MPRINTF_COMPILE_FLAGS "-Wno-long-double")
+    endif(MPRINTF_COMPILE_FLAGS)
+    set_source_files_properties(mprintf.c PROPERTIES
       COMPILE_FLAGS ${MPRINTF_COMPILE_FLAGS})
-  ENDIF(HAVE_C_FLAG_Wno_long_double)
-ENDIF(CMAKE_COMPILER_IS_GNUCC AND APPLE)
-
-INCLUDE(CMake/OtherTests.cmake)
-
-# The rest of the build
-
-OPTION(CMAKE_BUILD_CURL_SHARED "Should curl be built shared" TRUE)
-IF(CMAKE_BUILD_CURL_SHARED)
-  SET(LIBRARY_TYPE SHARED)
-  ADD_DEFINITIONS(-DHAVE_CONFIG_H)
-ELSE(CMAKE_BUILD_CURL_SHARED)
-   ADD_DEFINITIONS(-DHAVE_CONFIG_H
-    -DCURL_STATICLIB)
-ENDIF(CMAKE_BUILD_CURL_SHARED)
-SET(CURL_STATICLIB)
-
-# Support CheckTypeSize module from CMake 2.8.0 and lower.
-FOREACH(var
-    SIZEOF_CURL_OFF_T
-    SIZEOF_LONG
-    SIZEOF_LONG_LONG
-    SIZEOF___INT64
-    SIZEOF_SIZE_T
-    SIZEOF_SSIZE_T
-    SIZEOF_TIME_T
-    )
-  IF(NOT ${var}_CODE)
-    MESSAGE("creating ${var}_CODE")
-    IF(${var})
-      SET(${var}_CODE "#define ${var} ${${var}}")
-    ELSE()
-      SET(${var}_CODE "/* #undef ${var} */")
-    ENDIF()
-  ENDIF()
-ENDFOREACH()
-
-CONFIGURE_FILE(${LIBCURL_SOURCE_DIR}/config.h.in
-  ${LIBCURL_BINARY_DIR}/config.h)
-
-ADD_LIBRARY(cmcurl ${LIBRARY_TYPE} ${libCurl_SRCS} ${CMAKE_CURL_SSL_DLLS})
-TARGET_LINK_LIBRARIES(cmcurl ${CURL_LIBS})
-IF(CMAKE_BUILD_CURL_SHARED)
-  SET_TARGET_PROPERTIES(cmcurl PROPERTIES DEFINE_SYMBOL BUILDING_LIBCURL
-    RUNTIME_OUTPUT_DIRECTORY ${CMake_BIN_DIR})
-  INSTALL(TARGETS cmcurl RUNTIME DESTINATION bin)
-ENDIF(CMAKE_BUILD_CURL_SHARED)
-
-OPTION(CURL_TESTING "Do libCurl testing" OFF)
-IF(CURL_TESTING)
-  SUBDIRS(Testing)
-ENDIF(CURL_TESTING)
-
-ADD_EXECUTABLE(LIBCURL Testing/curltest.c)
-TARGET_LINK_LIBRARIES(LIBCURL cmcurl ${CMAKE_DL_LIBS})
-
-IF(CMAKE_CURL_TEST_URL)
-  ADD_TEST(curl LIBCURL ${CMAKE_CURL_TEST_URL})
-ENDIF(CMAKE_CURL_TEST_URL)
-
-INSTALL(FILES COPYING DESTINATION ${CMAKE_DOC_DIR}/cmcurl)
+  endif(HAVE_C_FLAG_Wno_long_double)
+endif(CMAKE_COMPILER_IS_GNUCC AND APPLE)
+
+if(HAVE_SOCKLEN_T)
+  set(CURL_HAVE_SOCKLEN_T 1)
+  set(CURL_TYPEOF_CURL_SOCKLEN_T "socklen_t")
+  if(WIN32)
+    set(CMAKE_EXTRA_INCLUDE_FILES "winsock2.h;ws2tcpip.h")
+  elseif(HAVE_SYS_SOCKET_H)
+    set(CMAKE_EXTRA_INCLUDE_FILES "sys/socket.h")
+  endif()
+  check_type_size("socklen_t" CURL_SIZEOF_CURL_SOCKLEN_T)
+  set(CMAKE_EXTRA_INCLUDE_FILES)
+  if(NOT HAVE_CURL_SIZEOF_CURL_SOCKLEN_T)
+    message(FATAL_ERROR
+     "Check for sizeof socklen_t failed, see CMakeFiles/CMakerror.log")
+  endif()
+else()
+  set(CURL_HAVE_SOCKLEN_T 0)
+endif()
+
+# TODO test which of these headers are required for the typedefs used in curlbuild.h
+if(WIN32)
+  set(CURL_PULL_WS2TCPIP_H ${HAVE_WS2TCPIP_H})
+else()
+  set(CURL_PULL_SYS_TYPES_H ${HAVE_SYS_TYPES_H})
+  set(CURL_PULL_SYS_SOCKET_H ${HAVE_SYS_SOCKET_H})
+  set(CURL_PULL_SYS_POLL_H ${HAVE_SYS_POLL_H})
+endif()
+set(CURL_PULL_STDINT_H ${HAVE_STDINT_H})
+set(CURL_PULL_INTTYPES_H ${HAVE_INTTYPES_H})
+
+include(CMake/OtherTests.cmake)
+
+add_definitions(-DHAVE_CONFIG_H)
+
+# For windows, do not allow the compiler to use default target (Vista).
+if(WIN32)
+  add_definitions(-D_WIN32_WINNT=0x0501)
+endif(WIN32)
+
+if(MSVC)
+  add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE)
+endif(MSVC)
+
+# Sets up the dependencies (zlib, OpenSSL, etc.) of a cURL subproject according to options.
+# TODO This is far to be complete!
+function(SETUP_CURL_DEPENDENCIES TARGET_NAME)
+  if(CURL_ZLIB AND ZLIB_FOUND)
+    include_directories(${ZLIB_INCLUDE_DIR})
+  endif()
+
+  if(CMAKE_USE_OPENSSL AND OPENSSL_FOUND)
+    include_directories(${OPENSSL_INCLUDE_DIR})
+  endif()
+
+  if(CMAKE_USE_LIBSSH2 AND LIBSSH2_FOUND)
+    include_directories(${LIBSSH2_INCLUDE_DIR})
+  endif()
+
+  target_link_libraries(${TARGET_NAME} ${CURL_LIBS})
+endfunction()
+
+# Ugly (but functional) way to include "Makefile.inc" by transforming it (= regenerate it).
+function(TRANSFORM_MAKEFILE_INC INPUT_FILE OUTPUT_FILE)
+  file(READ ${INPUT_FILE} MAKEFILE_INC_TEXT)
+  string(REPLACE "$(top_srcdir)"   "\${CURL_SOURCE_DIR}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})
+  string(REPLACE "$(top_builddir)" "\${CURL_BINARY_DIR}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})
+
+  string(REGEX REPLACE "\\\\\n" "§!§" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})
+  string(REGEX REPLACE "([a-zA-Z_][a-zA-Z0-9_]*)[\t ]*=[\t ]*([^\n]*)" "SET(\\1 \\2)" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})
+  string(REPLACE "§!§" "\n" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})
+
+  string(REGEX REPLACE "\\$\\(([a-zA-Z_][a-zA-Z0-9_]*)\\)" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})    # Replace $() with ${}
+  string(REGEX REPLACE "@([a-zA-Z_][a-zA-Z0-9_]*)@" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})    # Replace @@ with ${}, even if that may not be read by CMake scripts.
+  file(WRITE ${OUTPUT_FILE} ${MAKEFILE_INC_TEXT})
+
+endfunction()
+
+add_subdirectory(lib)
+if(BUILD_CURL_EXE)
+  add_subdirectory(src)
+endif()
+if(BUILD_CURL_TESTS)
+  add_subdirectory(tests)
+endif()
+
+#-----------------------------------------------------------------------------
+# CMake-specific curl code.
+add_executable(LIBCURL curltest.c)
+target_link_libraries(LIBCURL cmcurl)
+
+if(CMAKE_CURL_TEST_URL)
+  add_test(curl LIBCURL ${CMAKE_CURL_TEST_URL})
+endif()
+
+install(FILES COPYING DESTINATION ${CMAKE_DOC_DIR}/cmcurl)
+#-----------------------------------------------------------------------------
+
+if(0) # This code not needed for building within CMake.
+# This needs to be run very last so other parts of the scripts can take advantage of this.
+if(NOT CURL_CONFIG_HAS_BEEN_RUN_BEFORE)
+  set(CURL_CONFIG_HAS_BEEN_RUN_BEFORE 1 CACHE INTERNAL "Flag to track whether this is the first time running CMake or if CMake has been configured before")
+endif()
+
+# Installation.
+# First, install generated curlbuild.h
+install(FILES "${CMAKE_CURRENT_BINARY_DIR}/include/curl/curlbuild.h"
+    DESTINATION include/curl )
+# Next, install other headers excluding curlbuild.h
+install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl"
+    DESTINATION include
+    FILES_MATCHING PATTERN "*.h"
+    PATTERN "curlbuild.h" EXCLUDE)
+
+
+# Workaround for MSVS10 to avoid the Dialog Hell
+# FIXME: This could be removed with future version of CMake.
+if(MSVC_VERSION EQUAL 1600)
+  set(CURL_SLN_FILENAME "${CMAKE_CURRENT_BINARY_DIR}/CURL.sln")
+  if(EXISTS "${CURL_SLN_FILENAME}")
+    file(APPEND "${CURL_SLN_FILENAME}" "\n# This should be regenerated!\n")
+  endif()
+endif()
+endif()
diff --git a/Utilities/cmcurl/COPYING b/Utilities/cmcurl/COPYING
index 048cf56..dd990b6 100644
--- a/Utilities/cmcurl/COPYING
+++ b/Utilities/cmcurl/COPYING
@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE
 
-Copyright (c) 1996 - 2009, Daniel Stenberg, <daniel@haxx.se>.
+Copyright (c) 1996 - 2014, Daniel Stenberg, <daniel@haxx.se>.
 
 All rights reserved.
 
diff --git a/Utilities/cmcurl/Platforms/WindowsCache.cmake b/Utilities/cmcurl/Platforms/WindowsCache.cmake
deleted file mode 100644
index 57ab30b..0000000
--- a/Utilities/cmcurl/Platforms/WindowsCache.cmake
+++ /dev/null
@@ -1,120 +0,0 @@
-IF(NOT UNIX)
-  IF(WIN32)
-    SET(HAVE_LIBDL 0)
-    SET(HAVE_LIBUCB 0)
-    SET(HAVE_LIBSOCKET 0)
-    SET(NOT_NEED_LIBNSL 0)
-    SET(HAVE_LIBNSL 0)
-    SET(HAVE_LIBZ 0)
-    SET(HAVE_LIBCRYPTO 0)
-
-    SET(HAVE_DLOPEN 0)
-
-    SET(HAVE_ALLOCA_H 0)
-    SET(HAVE_ARPA_INET_H 0)
-    SET(HAVE_DLFCN_H 0)
-    SET(HAVE_FCNTL_H 1)
-    SET(HAVE_FEATURES_H 0)
-    SET(HAVE_INTTYPES_H 0)
-    SET(HAVE_IO_H 1)
-    SET(HAVE_MALLOC_H 1)
-    SET(HAVE_MEMORY_H 1)
-    SET(HAVE_NETDB_H 0)
-    SET(HAVE_NETINET_IF_ETHER_H 0)
-    SET(HAVE_NETINET_IN_H 0)
-    SET(HAVE_NET_IF_H 0)
-    SET(HAVE_PROCESS_H 1)
-    SET(HAVE_PWD_H 0)
-    SET(HAVE_SETJMP_H 1)
-    SET(HAVE_SGTTY_H 0)
-    SET(HAVE_SIGNAL_H 1)
-    SET(HAVE_SOCKIO_H 0)
-    SET(HAVE_STDINT_H 0)
-    SET(HAVE_STDLIB_H 1)
-    SET(HAVE_STRINGS_H 0)
-    SET(HAVE_STRING_H 1)
-    SET(HAVE_SYS_PARAM_H 0)
-    SET(HAVE_SYS_POLL_H 0)
-    SET(HAVE_SYS_SELECT_H 0)
-    SET(HAVE_SYS_SOCKET_H 0)
-    SET(HAVE_SYS_SOCKIO_H 0)
-    SET(HAVE_SYS_STAT_H 1)
-    SET(HAVE_SYS_TIME_H 0)
-    SET(HAVE_SYS_TYPES_H 1)
-    SET(HAVE_SYS_UTIME_H 1)
-    SET(HAVE_TERMIOS_H 0)
-    SET(HAVE_TERMIO_H 0)
-    SET(HAVE_TIME_H 1)
-    SET(HAVE_UNISTD_H 0)
-    SET(HAVE_UTIME_H 0)
-    SET(HAVE_X509_H 0)
-    SET(HAVE_ZLIB_H 0)
-
-    SET(HAVE_SIZEOF_LONG_DOUBLE 1)
-    SET(SIZEOF_LONG_DOUBLE 8)
-
-    SET(HAVE_SOCKET 1)
-    SET(HAVE_POLL 0)
-    SET(HAVE_SELECT 1)
-    SET(HAVE_STRDUP 1)
-    SET(HAVE_STRSTR 1)
-    SET(HAVE_STRTOK_R 0)
-    SET(HAVE_STRFTIME 1)
-    SET(HAVE_UNAME 0)
-    SET(HAVE_STRCASECMP 0)
-    SET(HAVE_STRICMP 1)
-    SET(HAVE_STRCMPI 1)
-    SET(HAVE_GETHOSTBYADDR 1)
-    SET(HAVE_GETTIMEOFDAY 0)
-    SET(HAVE_INET_ADDR 1)
-    SET(HAVE_INET_NTOA 1)
-    SET(HAVE_INET_NTOA_R 0)
-    SET(HAVE_TCGETATTR 0)
-    SET(HAVE_TCSETATTR 0)
-    SET(HAVE_PERROR 1)
-    SET(HAVE_CLOSESOCKET 1)
-    SET(HAVE_SETVBUF 0)
-    SET(HAVE_SIGSETJMP 0)
-    SET(HAVE_GETPASS_R 0)
-    SET(HAVE_GETPWUID 0)
-    SET(HAVE_GETEUID 0)
-    SET(HAVE_UTIME 1)
-    SET(HAVE_RAND_EGD 0)
-    SET(HAVE_RAND_SCREEN 0)
-    SET(HAVE_RAND_STATUS 0)
-    SET(HAVE_GMTIME_R 0)
-    SET(HAVE_LOCALTIME_R 0)
-    SET(HAVE_GETHOSTBYADDR_R 0)
-    SET(HAVE_GETHOSTBYNAME_R 0)
-    SET(HAVE_SIGNAL_FUNC 1)
-    SET(HAVE_SIGNAL_MACRO 0)
-
-    SET(HAVE_GETHOSTBYADDR_R_5 0)
-    SET(HAVE_GETHOSTBYADDR_R_5_REENTRANT 0)
-    SET(HAVE_GETHOSTBYADDR_R_7 0)
-    SET(HAVE_GETHOSTBYADDR_R_7_REENTRANT 0)
-    SET(HAVE_GETHOSTBYADDR_R_8 0)
-    SET(HAVE_GETHOSTBYADDR_R_8_REENTRANT 0)
-    SET(HAVE_GETHOSTBYNAME_R_3 0)
-    SET(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0)
-    SET(HAVE_GETHOSTBYNAME_R_5 0)
-    SET(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0)
-    SET(HAVE_GETHOSTBYNAME_R_6 0)
-    SET(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0)
-
-    SET(TIME_WITH_SYS_TIME 0)
-    SET(HAVE_O_NONBLOCK 0)
-    SET(HAVE_IN_ADDR_T 0)
-    SET(HAVE_INET_NTOA_R_DECL 0)
-    SET(HAVE_INET_NTOA_R_DECL_REENTRANT 0)
-    SET(HAVE_GETADDRINFO 0)
-    SET(STDC_HEADERS 1)
-    SET(RETSIGTYPE_TEST 1)
-
-    SET(HAVE_SIGACTION 0)
-    SET(HAVE_MACRO_SIGSETJMP 0)
-  ELSE(WIN32)
-    MESSAGE("This file should be included on Windows platform only")
-  ENDIF(WIN32)
-ENDIF(NOT UNIX)
-
diff --git a/Utilities/cmcurl/Platforms/config-aix.h b/Utilities/cmcurl/Platforms/config-aix.h
deleted file mode 100644
index c98b10f..0000000
--- a/Utilities/cmcurl/Platforms/config-aix.h
+++ /dev/null
@@ -1,483 +0,0 @@
-/* lib/config.h.  Generated by configure.  */
-/* lib/config.h.in.  Generated from configure.in by autoheader.  */
-/* Name of this package! */
-#define PACKAGE "curl"
-
-/* Version number of this archive. */
-#define VERSION "7.10.2"
-
-/* Define if you have the getpass function.  */
-/* #undef HAVE_GETPASS */
-
-/* Define cpu-machine-OS */
-#define OS "powerpc-ibm-aix5.1.0.0"
-
-/* Define if you have the gethostbyaddr_r() function with 5 arguments */
-#define HAVE_GETHOSTBYADDR_R_5 1
-
-/* Define if you have the gethostbyaddr_r() function with 7 arguments */
-/* #undef HAVE_GETHOSTBYADDR_R_7 */
-
-/* Define if you have the gethostbyaddr_r() function with 8 arguments */
-/* #undef HAVE_GETHOSTBYADDR_R_8 */
-
-/* Define if you have the gethostbyname_r() function with 3 arguments */
-#define HAVE_GETHOSTBYNAME_R_3 1
-
-/* Define if you have the gethostbyname_r() function with 5 arguments */
-/* #undef HAVE_GETHOSTBYNAME_R_5 */
-
-/* Define if you have the gethostbyname_r() function with 6 arguments */
-/* #undef HAVE_GETHOSTBYNAME_R_6 */
-
-/* Define if you have the inet_ntoa_r function declared. */
-/* #undef HAVE_INET_NTOA_R_DECL */
-
-/* Define if you need the _REENTRANT define for some functions */
-/* #undef NEED_REENTRANT */
-
-/* Define if you have the Kerberos4 libraries (including -ldes) */
-/* #undef KRB4 */
-
-/* Define if you want to enable IPv6 support */
-#define ENABLE_IPV6 1
-
-/* Define this to 'int' if ssize_t is not an available typedefed type */
-/* #undef ssize_t */
-
-/* Define this to 'int' if socklen_t is not an available typedefed type */
-/* #undef socklen_t */
-
-/* Define this as a suitable file to read random data from */
-/* #undef RANDOM_FILE */
-
-/* Define this to your Entropy Gathering Daemon socket pathname */
-/* #undef EGD_SOCKET */
-
-/* Define if you have a working OpenSSL installation */
-/* #undef OPENSSL_ENABLED */
-
-/* Define the one correct non-blocking socket method below */
-/* #undef HAVE_FIONBIO */
-/* #undef HAVE_IOCTLSOCKET */
-/* #undef HAVE_IOCTLSOCKET_CASE */
-/* #undef HAVE_O_NONBLOCK */
-#define HAVE_DISABLED_NONBLOCKING 1
-
-/* Define this to 'int' if in_addr_t is not an available typedefed type */
-/* #undef in_addr_t */
-
-/* Define to disable DICT */
-/* #undef CURL_DISABLE_DICT */
-
-/* Define to disable FILE */
-/* #undef CURL_DISABLE_FILE */
-
-/* Define to disable FTP */
-/* #undef CURL_DISABLE_FTP */
-
-/* Define to disable GOPHER */
-/* #undef CURL_DISABLE_GOPHER */
-
-/* Define to disable HTTP */
-/* #undef CURL_DISABLE_HTTP */
-
-/* Define to disable LDAP */
-/* #undef CURL_DISABLE_LDAP */
-
-/* Define to disable TELNET */
-/* #undef CURL_DISABLE_TELNET */
-
-/* Define if you have zlib present */
-#define HAVE_LIBZ 1
-
-/* CA bundle full path name */
-#define CURL_CA_BUNDLE "/usr/local/share/curl/curl-ca-bundle.crt"
-
-/* to disable FILE */
-/* #undef CURL_DISABLE_FILE */
-
-/* to disable FTP */
-/* #undef CURL_DISABLE_FTP */
-
-/* to disable GOPHER */
-/* #undef CURL_DISABLE_GOPHER */
-
-/* to disable HTTP */
-/* #undef CURL_DISABLE_HTTP */
-
-/* to disable LDAP */
-/* #undef CURL_DISABLE_LDAP */
-
-/* to disable TELNET */
-/* #undef CURL_DISABLE_TELNET */
-
-/* Set to explicitly specify we don't want to use thread-safe functions */
-/* #undef DISABLED_THREADSAFE */
-
-/* your Entropy Gathering Daemon socket pathname */
-/* #undef EGD_SOCKET */
-
-/* Define if you want to enable IPv6 support */
-#define ENABLE_IPV6 1
-
-/* Define to 1 if you have the <alloca.h> header file. */
-#define HAVE_ALLOCA_H 1
-
-/* Define to 1 if you have the <arpa/inet.h> header file. */
-#define HAVE_ARPA_INET_H 1
-
-/* Define to 1 if you have the `closesocket' function. */
-/* #undef HAVE_CLOSESOCKET */
-
-/* Define to 1 if you have the <crypto.h> header file. */
-/* #undef HAVE_CRYPTO_H */
-
-/* Define to 1 if you have the <des.h> header file. */
-/* #undef HAVE_DES_H */
-
-/* to disable NON-BLOCKING connections */
-#define HAVE_DISABLED_NONBLOCKING 1
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#define HAVE_DLFCN_H 1
-
-/* Define to 1 if you have the `dlopen' function. */
-#define HAVE_DLOPEN 1
-
-/* Define to 1 if you have the <err.h> header file. */
-/* #undef HAVE_ERR_H */
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#define HAVE_FCNTL_H 1
-
-/* Define if getaddrinfo exists and works */
-#define HAVE_GETADDRINFO 1
-
-/* Define to 1 if you have the `geteuid' function. */
-#define HAVE_GETEUID 1
-
-/* Define to 1 if you have the `gethostbyaddr' function. */
-#define HAVE_GETHOSTBYADDR 1
-
-/* Define to 1 if you have the `gethostbyaddr_r' function. */
-#define HAVE_GETHOSTBYADDR_R 1
-
-/* Define to 1 if you have the `gethostbyname_r' function. */
-#define HAVE_GETHOSTBYNAME_R 1
-
-/* Define to 1 if you have the `getpass_r' function. */
-/* #undef HAVE_GETPASS_R */
-
-/* Define to 1 if you have the `getpwuid' function. */
-#define HAVE_GETPWUID 1
-
-/* Define to 1 if you have the `gettimeofday' function. */
-#define HAVE_GETTIMEOFDAY 1
-
-/* Define to 1 if you have the `gmtime_r' function. */
-#define HAVE_GMTIME_R 1
-
-/* Define to 1 if you have the `inet_addr' function. */
-#define HAVE_INET_ADDR 1
-
-/* Define to 1 if you have the `inet_ntoa' function. */
-#define HAVE_INET_NTOA 1
-
-/* Define to 1 if you have the `inet_ntoa_r' function. */
-#define HAVE_INET_NTOA_R 1
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#define HAVE_INTTYPES_H 1
-
-/* Define to 1 if you have the <io.h> header file. */
-/* #undef HAVE_IO_H */
-
-/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */
-/* #undef HAVE_KRB_GET_OUR_IP_FOR_REALM */
-
-/* Define to 1 if you have the <krb.h> header file. */
-/* #undef HAVE_KRB_H */
-
-/* Define to 1 if you have the `crypto' library (-lcrypto). */
-/* #undef HAVE_LIBCRYPTO */
-
-/* Define to 1 if you have the `dl' library (-ldl). */
-/* #undef HAVE_LIBDL */
-
-/* Define to 1 if you have the `nsl' library (-lnsl). */
-/* #undef HAVE_LIBNSL */
-
-/* Define to 1 if you have the `resolv' library (-lresolv). */
-/* #undef HAVE_LIBRESOLV */
-
-/* Define to 1 if you have the `resolve' library (-lresolve). */
-/* #undef HAVE_LIBRESOLVE */
-
-/* Define to 1 if you have the `socket' library (-lsocket). */
-/* #undef HAVE_LIBSOCKET */
-
-/* Define to 1 if you have the `ssl' library (-lssl). */
-/* #undef HAVE_LIBSSL */
-
-/* If zlib is available */
-#define HAVE_LIBZ 1
-
-/* Define to 1 if you have the `localtime_r' function. */
-#define HAVE_LOCALTIME_R 1
-
-/* Define to 1 if you have the <malloc.h> header file. */
-#define HAVE_MALLOC_H 1
-
-/* Define to 1 if you have the <memory.h> header file. */
-#define HAVE_MEMORY_H 1
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#define HAVE_NETDB_H 1
-
-/* Define to 1 if you have the <netinet/if_ether.h> header file. */
-#define HAVE_NETINET_IF_ETHER_H 1
-
-/* Define to 1 if you have the <netinet/in.h> header file. */
-#define HAVE_NETINET_IN_H 1
-
-/* Define to 1 if you have the <net/if.h> header file. */
-#define HAVE_NET_IF_H 1
-
-/* Define to 1 if you have the <openssl/crypto.h> header file. */
-/* #undef HAVE_OPENSSL_CRYPTO_H */
-
-/* Define to 1 if you have the <openssl/engine.h> header file. */
-/* #undef HAVE_OPENSSL_ENGINE_H */
-
-/* Define to 1 if you have the <openssl/err.h> header file. */
-/* #undef HAVE_OPENSSL_ERR_H */
-
-/* Define to 1 if you have the <openssl/pem.h> header file. */
-/* #undef HAVE_OPENSSL_PEM_H */
-
-/* Define to 1 if you have the <openssl/rsa.h> header file. */
-/* #undef HAVE_OPENSSL_RSA_H */
-
-/* Define to 1 if you have the <openssl/ssl.h> header file. */
-/* #undef HAVE_OPENSSL_SSL_H */
-
-/* Define to 1 if you have the <openssl/x509.h> header file. */
-/* #undef HAVE_OPENSSL_X509_H */
-
-/* Define to 1 if you have the <pem.h> header file. */
-/* #undef HAVE_PEM_H */
-
-/* Define to 1 if you have the `perror' function. */
-#define HAVE_PERROR 1
-
-/* Define to 1 if you have the `poll' function. */
-#define HAVE_POLL 1
-
-/* Define to 1 if you have the <pwd.h> header file. */
-#define HAVE_PWD_H 1
-
-/* Define to 1 if you have the `RAND_egd' function. */
-/* #undef HAVE_RAND_EGD */
-
-/* Define to 1 if you have the `RAND_screen' function. */
-/* #undef HAVE_RAND_SCREEN */
-
-/* Define to 1 if you have the `RAND_status' function. */
-/* #undef HAVE_RAND_STATUS */
-
-/* Define to 1 if you have the <rsa.h> header file. */
-/* #undef HAVE_RSA_H */
-
-/* Define to 1 if you have the `select' function. */
-#define HAVE_SELECT 1
-
-/* Define to 1 if you have the <setjmp.h> header file. */
-#define HAVE_SETJMP_H 1
-
-/* Define to 1 if you have the `setvbuf' function. */
-#define HAVE_SETVBUF 1
-
-/* Define to 1 if you have the <sgtty.h> header file. */
-#define HAVE_SGTTY_H 1
-
-/* Define to 1 if you have the `sigaction' function. */
-#define HAVE_SIGACTION 1
-
-/* Define to 1 if you have the `signal' function. */
-#define HAVE_SIGNAL 1
-
-/* If you have sigsetjmp */
-#define HAVE_SIGSETJMP 1
-
-/* Define to 1 if you have the `socket' function. */
-#define HAVE_SOCKET 1
-
-/* Define to 1 if you have the <ssl.h> header file. */
-/* #undef HAVE_SSL_H */
-
-/* Define to 1 if you have the <stdint.h> header file. */
-/* #undef HAVE_STDINT_H */
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#define HAVE_STDLIB_H 1
-
-/* Define to 1 if you have the `strcasecmp' function. */
-#define HAVE_STRCASECMP 1
-
-/* Define to 1 if you have the `strcmpi' function. */
-/* #undef HAVE_STRCMPI */
-
-/* Define to 1 if you have the `strdup' function. */
-#define HAVE_STRDUP 1
-
-/* Define to 1 if you have the `strftime' function. */
-#define HAVE_STRFTIME 1
-
-/* Define to 1 if you have the `stricmp' function. */
-/* #undef HAVE_STRICMP */
-
-/* Define to 1 if you have the <strings.h> header file. */
-#define HAVE_STRINGS_H 1
-
-/* Define to 1 if you have the <string.h> header file. */
-#define HAVE_STRING_H 1
-
-/* Define to 1 if you have the `strlcpy' function. */
-/* #undef HAVE_STRLCPY */
-
-/* Define to 1 if you have the `strstr' function. */
-#define HAVE_STRSTR 1
-
-/* Define to 1 if you have the `strtok_r' function. */
-#define HAVE_STRTOK_R 1
-
-/* Define to 1 if you have the <sys/param.h> header file. */
-#define HAVE_SYS_PARAM_H 1
-
-/* Define to 1 if you have the <sys/poll.h> header file. */
-#define HAVE_SYS_POLL_H 1
-
-/* Define to 1 if you have the <sys/select.h> header file. */
-#define HAVE_SYS_SELECT_H 1
-
-/* Define to 1 if you have the <sys/socket.h> header file. */
-#define HAVE_SYS_SOCKET_H 1
-
-/* Define to 1 if you have the <sys/sockio.h> header file. */
-/* #undef HAVE_SYS_SOCKIO_H */
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#define HAVE_SYS_STAT_H 1
-
-/* Define to 1 if you have the <sys/time.h> header file. */
-#define HAVE_SYS_TIME_H 1
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#define HAVE_SYS_TYPES_H 1
-
-/* Define to 1 if you have the <sys/utime.h> header file. */
-/* #undef HAVE_SYS_UTIME_H */
-
-/* Define to 1 if you have the `tcgetattr' function. */
-#define HAVE_TCGETATTR 1
-
-/* Define to 1 if you have the `tcsetattr' function. */
-#define HAVE_TCSETATTR 1
-
-/* Define to 1 if you have the <termios.h> header file. */
-#define HAVE_TERMIOS_H 1
-
-/* Define to 1 if you have the <termio.h> header file. */
-#define HAVE_TERMIO_H 1
-
-/* Define to 1 if you have the <time.h> header file. */
-#define HAVE_TIME_H 1
-
-/* Define to 1 if you have the `uname' function. */
-#define HAVE_UNAME 1
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#define HAVE_UNISTD_H 1
-
-/* Define to 1 if you have the `utime' function. */
-#define HAVE_UTIME 1
-
-/* Define to 1 if you have the <utime.h> header file. */
-#define HAVE_UTIME_H 1
-
-/* Define to 1 if you have the <winsock.h> header file. */
-/* #undef HAVE_WINSOCK_H */
-
-/* Define to 1 if you have the <x509.h> header file. */
-/* #undef HAVE_X509_H */
-
-/* if you have the zlib.h header file */
-/* #undef HAVE_ZLIB_H */
-
-/* if you have the Kerberos4 libraries (including -ldes) */
-/* #undef KRB4 */
-
-/* cpu-machine-OS */
-#define OS "powerpc-ibm-aix5.1.0.0"
-
-/* Name of package */
-#define PACKAGE "curl"
-
-/* Define to the address where bug reports for this package should be sent. */
-#define PACKAGE_BUGREPORT ""
-
-/* Define to the full name of this package. */
-#define PACKAGE_NAME ""
-
-/* Define to the full name and version of this package. */
-#define PACKAGE_STRING ""
-
-/* Define to the one symbol short name of this package. */
-#define PACKAGE_TARNAME ""
-
-/* Define to the version of this package. */
-#define PACKAGE_VERSION ""
-
-/* a suitable file to read random data from */
-/* #undef RANDOM_FILE */
-
-/* Define as the return type of signal handlers (`int' or `void'). */
-#define RETSIGTYPE void
-
-/* Define to 1 if you have the ANSI C header files. */
-#define STDC_HEADERS 1
-
-/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
-#define TIME_WITH_SYS_TIME 1
-
-/* Version number of package */
-#define VERSION "7.10.2"
-
-/* Define to 1 if on AIX 3.
-   System headers sometimes define this.
-   We just want to avoid a redefinition error message.  */
-#ifndef _ALL_SOURCE
-# define _ALL_SOURCE 1
-#endif
-
-/* Number of bits in a file offset, on hosts where this is settable. */
-/* #undef _FILE_OFFSET_BITS */
-
-/* Define for large files, on AIX-style hosts. */
-#define _LARGE_FILES 1
-
-/* Define to empty if `const' does not conform to ANSI C. */
-/* #undef const */
-
-/* type to use in place of in_addr_t if not defined */
-/* #undef in_addr_t */
-
-/* Define to `unsigned' if <sys/types.h> does not define. */
-/* #undef size_t */
-
-/* type to use in place of socklen_t if not defined */
-/* #undef socklen_t */
-
-/* Define to `int' if <sys/types.h> does not define. */
-/* #undef ssize_t */
diff --git a/Utilities/cmcurl/Testing/CMakeLists.txt b/Utilities/cmcurl/Testing/CMakeLists.txt
deleted file mode 100644
index 214410f..0000000
--- a/Utilities/cmcurl/Testing/CMakeLists.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-SET(CURL_TESTS
-    ftpget
-    ftpgetresp
-    ftpupload
-    getinmemory
-    persistant
-    sepheaders
-    simple
-   )
-
-CONFIGURE_FILE(${LIBCURL_SOURCE_DIR}/Testing/testconfig.h.in
-               ${LIBCURL_BINARY_DIR}/Testing/testconfig.h)
-
-INCLUDE_DIRECTORIES(${LIBCURL_BINARY_DIR}/Testing)
-
-FOREACH(TEST ${CURL_TESTS})
-  ADD_EXECUTABLE(${TEST} ${TEST}.c)
-  TARGET_LINK_LIBRARIES(${TEST} cmcurl)
-ENDFOREACH(TEST)
diff --git a/Utilities/cmcurl/Testing/curlgtk.c b/Utilities/cmcurl/Testing/curlgtk.c
deleted file mode 100644
index 7c9ce2a..0000000
--- a/Utilities/cmcurl/Testing/curlgtk.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-/* Copyright (c) 2000 David Odin (aka DindinX) for MandrakeSoft */
-/* an attempt to use the curl library in concert with a gtk-threaded application */
-
-#include <stdio.h>
-#include <gtk/gtk.h>
-
-#include <curl/curl.h>
-#include <curl/types.h> /* new for v7 */
-#include <curl/easy.h> /* new for v7 */
-
-#include <pthread.h>
-
-GtkWidget *Bar;
-
-size_t my_read_func(void *ptr, size_t size, size_t nmemb, FILE *stream)
-{
-  return fread(ptr, size, nmemb, stream);
-}
-
-int my_progress_func(GtkWidget *Bar, int t, int d)
-{
-/*  printf("%d / %d (%g %%)\n", d, t, d*100.0/t);*/
-  gdk_threads_enter();
-  gtk_progress_set_value(GTK_PROGRESS(Bar), d*100.0/t);
-  gdk_threads_leave();
-  return 0;
-}
-
-void *curl_thread(void *ptr)
-{
-  CURL *curl;
-  CURLcode res;
-  FILE *outfile;
-  gchar *url = ptr;
-  
-  curl = curl_easy_init();
-  if(curl)
-  {
-    outfile = fopen("/tmp/test.curl", "w");
-
-    curl_easy_setopt(curl, CURLOPT_URL, url);
-    curl_easy_setopt(curl, CURLOPT_FILE, outfile);
-    curl_easy_setopt(curl, CURLOPT_READFUNCTION, my_read_func);
-    curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, my_progress_func);
-    curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, Bar);
-    
-    res = curl_easy_perform(curl);
-
-    fclose(outfile);
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-  }
-  return NULL;
-}
-
-int main(int argc, char **argv)
-{
-  GtkWidget *Window, *Frame, *Frame2;
-  GtkAdjustment *adj;
-  pthread_t curl_tid;
-
-  /* Init thread */
-  g_thread_init(NULL);
-  
-  gtk_init(&argc, &argv);
-  Window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
-  Frame = gtk_frame_new(NULL);
-  gtk_frame_set_shadow_type(GTK_FRAME(Frame), GTK_SHADOW_OUT);
-  gtk_container_add(GTK_CONTAINER(Window), Frame);
-  Frame2 = gtk_frame_new(NULL);
-  gtk_frame_set_shadow_type(GTK_FRAME(Frame2), GTK_SHADOW_IN);
-  gtk_container_add(GTK_CONTAINER(Frame), Frame2);
-  gtk_container_set_border_width(GTK_CONTAINER(Frame2), 5);
-  adj = (GtkAdjustment*)gtk_adjustment_new(0, 0, 100, 0, 0, 0);
-  Bar = gtk_progress_bar_new_with_adjustment(adj);
-  gtk_container_add(GTK_CONTAINER(Frame2), Bar);
-  gtk_widget_show_all(Window);
-
-  pthread_create(&curl_tid, NULL, curl_thread, argv[1]);
-    
-  gdk_threads_enter();
-  gtk_main();
-  gdk_threads_leave();
-  return 0;
-}
-
diff --git a/Utilities/cmcurl/Testing/ftpget.c b/Utilities/cmcurl/Testing/ftpget.c
deleted file mode 100644
index 1a3633e..0000000
--- a/Utilities/cmcurl/Testing/ftpget.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-#include "curl/curl.h"
-#include "curl/types.h"
-#include "curl/easy.h"
-#include "setup.h"
-
-#include "testconfig.h"
-
-/*
- * This is an example showing how to get a single file from an FTP server.
- * It delays the actual destination file creation until the first write
- * callback so that it won't create an empty file in case the remote file
- * doesn't exist or something else fails.
- */
-
-struct FtpFile {
-  char *filename;
-  FILE *stream;
-};
-
-int my_fwrite(void *buffer, size_t size, size_t nmemb, void *stream)
-{
-  struct FtpFile *out=(struct FtpFile *)stream;
-  if(out && !out->stream) {
-    /* open file for writing */
-    out->stream=fopen(out->filename, "wb");
-    if(!out->stream)
-      return -1; /* failure, can't open file to write */
-  }
-  return fwrite(buffer, size, nmemb, out->stream);
-}
-
-
-int main(void)
-{
-  CURL *curl;
-  CURLcode res;
-  struct FtpFile ftpfile={
-    LIBCURL_BINARY_DIR "/Testing/ftpget-download.txt", /* name to store the file as if succesful */
-    NULL
-  };
-
-  curl_global_init(CURL_GLOBAL_DEFAULT);
-  
-  curl = curl_easy_init();
-  if(curl) {
-    /* Get curl 7.9.2 from sunet.se's FTP site: */
-    curl_easy_setopt(curl, CURLOPT_URL,
-                     "ftp://public.kitware.com/pub/cmake/cygwin/setup.hint");
-    /* Define our callback to get called when there's data to be written */
-    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_fwrite);
-    /* Set a pointer to our struct to pass to the callback */
-    curl_easy_setopt(curl, CURLOPT_FILE, &ftpfile);
-
-    /* Switch on full protocol/debug output */
-    curl_easy_setopt(curl, CURLOPT_VERBOSE, TRUE);
-
-    res = curl_easy_perform(curl);
-
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-
-    if(CURLE_OK != res) {
-      /* we failed */
-      fprintf(stderr, "curl told us %d\n", res);
-    }
-  }
-
-  if(ftpfile.stream)
-    fclose(ftpfile.stream); /* close the local file */
-
-  curl_global_cleanup();
-
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/ftpgetresp.c b/Utilities/cmcurl/Testing/ftpgetresp.c
deleted file mode 100644
index 9548b2a..0000000
--- a/Utilities/cmcurl/Testing/ftpgetresp.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-#include "curl/curl.h"
-#include "curl/types.h"
-#include "curl/easy.h"
-
-#include "testconfig.h"
-
-/*
- * Similar to ftpget.c but this also stores the received response-lines
- * in a separate file using our own callback!
- *
- * This functionality was introduced in libcurl 7.9.3.
- */
-
-size_t
-write_response(void *ptr, size_t size, size_t nmemb, void *data)
-{
-  FILE *writehere = (FILE *)data;
-  return fwrite(ptr, size, nmemb, writehere);
-}
-
-int main(int argc, char **argv)
-{
-  CURL *curl;
-  CURLcode res;
-  FILE *ftpfile;
-  FILE *respfile;
-  (void)argc; (void)argv;
-  
-  /* local file name to store the file as */
-  ftpfile = fopen(LIBCURL_BINARY_DIR "/Testing/ftpgetresp-list.txt", "wb"); /* b is binary, needed on win32 */
-
-  /* local file name to store the FTP server's response lines in */
-  respfile = fopen(LIBCURL_BINARY_DIR "/Testing/ftpgetresp-responses.txt", "wb"); /* b is binary, needed on win32 */
-
-  curl_global_init(CURL_GLOBAL_DEFAULT);
-
-  curl = curl_easy_init();
-  if(curl) {
-    /* Get a file listing from sunet */
-    curl_easy_setopt(curl, CURLOPT_URL, "ftp://public.kitware.com/");
-    curl_easy_setopt(curl, CURLOPT_FILE, ftpfile);
-    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, write_response);
-    curl_easy_setopt(curl, CURLOPT_WRITEHEADER, respfile);
-    res = curl_easy_perform(curl);
-
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-  }
-
-  fclose(ftpfile); /* close the local file */
-  fclose(respfile); /* close the response file */
-
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/ftpupload.c b/Utilities/cmcurl/Testing/ftpupload.c
deleted file mode 100644
index 780c9cd..0000000
--- a/Utilities/cmcurl/Testing/ftpupload.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-#include "curl/curl.h"
-#include "setup.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#include "testconfig.h"
-
-/*
- * This example shows an FTP upload, with a rename of the file just after
- * a successful upload.
- *
- * Example based on source code provided by Erick Nuwendam. Thanks!
- */
-
-#define LOCAL_FILE      LIBCURL_SOURCE_DIR "/Testing/ftpupload.c"
-#define UPLOAD_FILE_AS  "while-uploading.txt"
-#define REMOTE_URL      "ftp://public.kitware.com/incoming/"  UPLOAD_FILE_AS
-#define RENAME_FILE_TO  "renamed-and-fine.txt"
-
-int main(int argc, char **argv)
-{
-  CURL *curl;
-  CURLcode res;
-  FILE *ftpfile;
-  FILE * hd_src ;
-  int hd ;
-  struct stat file_info;
-
-  struct curl_slist *headerlist=NULL;
-  char buf_1 [] = "RNFR " UPLOAD_FILE_AS;
-  char buf_2 [] = "RNTO " RENAME_FILE_TO;
-
-  /* get the file size of the local file */
-  hd = open(LOCAL_FILE, O_RDONLY) ;
-  fstat(hd, &file_info);
-  close(hd) ;
-
-  /* get a FILE * of the same file, could also be made with
-     fdopen() from the previous descriptor, but hey this is just 
-     an example! */
-  hd_src = fopen(LOCAL_FILE, "rb");
-
-  /* In windows, this will init the winsock stuff */
-  curl_global_init(CURL_GLOBAL_ALL);
-
-  /* get a curl handle */
-  curl = curl_easy_init();
-  if(curl) {
-    /* build a list of commands to pass to libcurl */
-    headerlist = curl_slist_append(headerlist, buf_1);
-    headerlist = curl_slist_append(headerlist, buf_2);
-
-    /* enable uploading */
-    curl_easy_setopt(curl, CURLOPT_UPLOAD, TRUE) ;
-
-    /* specify target */
-    curl_easy_setopt(curl,CURLOPT_URL, REMOTE_URL);
-
-    /* pass in that last of FTP commands to run after the transfer */
-    curl_easy_setopt(curl, CURLOPT_POSTQUOTE, headerlist);
-
-    /* now specify which file to upload */
-    curl_easy_setopt(curl, CURLOPT_INFILE, hd_src);
-
-    /* and give the size of the upload (optional) */
-    curl_easy_setopt(curl, CURLOPT_INFILESIZE, (long)file_info.st_size);
-
-    /* Now run off and do what you've been told! */
-    res = curl_easy_perform(curl);
-
-    /* clean up the FTP commands list */
-    curl_slist_free_all (headerlist);
-
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-  }
-  fclose(hd_src); /* close the local file */
-
-  curl_global_cleanup();
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/getinmemory.c b/Utilities/cmcurl/Testing/getinmemory.c
deleted file mode 100644
index a8872da..0000000
--- a/Utilities/cmcurl/Testing/getinmemory.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- *
- * Example source code to show how the callback function can be used to
- * download data into a chunk of memory instead of storing it in a file.
- *
- * This exact source code has not been verified to work.
- */
-
-/* to make this work under windows, use the win32-functions from the
-   win32socket.c file as well */
-
-#include "curl/curl.h"
-#include "curl/types.h"
-#include "curl/easy.h"
-
-struct MemoryStruct {
-  char *memory;
-  size_t size;
-};
-
-size_t
-WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
-{
-  register int realsize = size * nmemb;
-  struct MemoryStruct *mem = (struct MemoryStruct *)data;
-  
-  mem->memory = (char *)realloc(mem->memory, mem->size + realsize + 1);
-  if (mem->memory) {
-    memcpy(&(mem->memory[mem->size]), ptr, realsize);
-    mem->size += realsize;
-    mem->memory[mem->size] = 0;
-  }
-  return realsize;
-}
-
-int main(int argc, char **argv)
-{
-  CURL *curl_handle;
-
-  struct MemoryStruct chunk;
-
-  chunk.memory=NULL; /* we expect realloc(NULL, size) to work */
-  chunk.size = 0;    /* no data at this point */
-
-  curl_global_init(CURL_GLOBAL_DEFAULT);
-
-  /* init the curl session */
-  curl_handle = curl_easy_init();
-
-  /* specify URL to get */
-  curl_easy_setopt(curl_handle, CURLOPT_URL, "http://www.cmake.org/HTML/Index.html");
-
-  /* send all data to this function  */
-  curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
-
-  /* we pass our 'chunk' struct to the callback function */
-  curl_easy_setopt(curl_handle, CURLOPT_FILE, (void *)&chunk);
-
-  /* get it! */
-  curl_easy_perform(curl_handle);
-
-  /* cleanup curl stuff */
-  curl_easy_cleanup(curl_handle);
-
-  /*
-   * Now, our chunk.memory points to a memory block that is chunk.size
-   * bytes big and contains the remote file.
-   *
-   * Do something nice with it!
-   */
-
-  /* For example display it... */
-  write(1, chunk.memory, chunk.size);
-
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/http-post.c b/Utilities/cmcurl/Testing/http-post.c
deleted file mode 100644
index 1b4154f..0000000
--- a/Utilities/cmcurl/Testing/http-post.c
+++ /dev/null
@@ -1,35 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-#include <stdio.h>
-#include <curl/curl.h>
-
-int main(void)
-{
-  CURL *curl;
-  CURLcode res;
-
-  curl = curl_easy_init();
-  if(curl) {
-    /* First set the URL that is about to receive our POST. This URL can
-       just as well be a https:// URL if that is what should receive the
-       data. */
-    curl_easy_setopt(curl, CURLOPT_URL, "http://postit.example.com/moo.cgi");
-    /* Now specify the POST data */
-    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "name=daniel&project=curl");
-
-    /* Perform the request, res will get the return code */
-    res = curl_easy_perform(curl);
-
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-  }
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/httpput.c b/Utilities/cmcurl/Testing/httpput.c
deleted file mode 100644
index 78275c4..0000000
--- a/Utilities/cmcurl/Testing/httpput.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-#include <stdio.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-
-#include <curl/curl.h>
-
-/*
- * This example shows a HTTP PUT operation. PUTs a file given as a command
- * line argument to the URL also given on the command line.
- *
- * This example also uses its own read callback.
- */
-
-size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
-{
-  size_t retcode;
-
-  /* in real-world cases, this would probably get this data differently
-     as this fread() stuff is exactly what the library already would do
-     by default internally */
-  retcode = fread(ptr, size, nmemb, stream);
-
-  fprintf(stderr, "*** We read %d bytes from file\n", retcode);
-
-  return retcode;
-}
-
-int main(int argc, char **argv)
-{
-  CURL *curl;
-  CURLcode res;
-  FILE *ftpfile;
-  FILE * hd_src ;
-  int hd ;
-  struct stat file_info;
-
-  char *file;
-  char *url;
-
-  if(argc < 3)
-    return 1;
- 
-  file= argv[1];
-  url = argv[2];
-  
-  /* get the file size of the local file */
-  hd = open(file, O_RDONLY) ;
-  fstat(hd, &file_info);
-  close(hd) ;
-
-  /* get a FILE * of the same file, could also be made with
-     fdopen() from the previous descriptor, but hey this is just 
-     an example! */
-  hd_src = fopen(file, "rb");
-
-  /* In windows, this will init the winsock stuff */
-  curl_global_init(CURL_GLOBAL_ALL);
-
-  /* get a curl handle */
-  curl = curl_easy_init();
-  if(curl) {
-    /* we want to use our own read function */
-    curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
-
-    /* enable uploading */
-    curl_easy_setopt(curl, CURLOPT_UPLOAD, TRUE) ;
-
-    /* HTTP PUT please */
-    curl_easy_setopt(curl, CURLOPT_PUT, TRUE);
-
-    /* specify target */
-    curl_easy_setopt(curl,CURLOPT_URL, url);
-
-    /* now specify which file to upload */
-    curl_easy_setopt(curl, CURLOPT_INFILE, hd_src);
-
-    /* and give the size of the upload (optional) */
-    curl_easy_setopt(curl, CURLOPT_INFILESIZE, file_info.st_size);
-
-    /* Now run off and do what you've been told! */
-    res = curl_easy_perform(curl);
-
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-  }
-  fclose(hd_src); /* close the local file */
-
-  curl_global_cleanup();
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/multithread.c b/Utilities/cmcurl/Testing/multithread.c
deleted file mode 100644
index c3936ef..0000000
--- a/Utilities/cmcurl/Testing/multithread.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-/* A multi-threaded example that uses pthreads extensively to fetch
- * X remote files at once */
-
-#include <stdio.h>
-#include <pthread.h>
-#include <curl/curl.h>
-
-/* silly list of test-URLs */
-char *urls[]= {
-  "http://curl.haxx.se/",
-  "ftp://cool.haxx.se/",
-  "http://www.contactor.se/",
-  "www.haxx.se"
-};
-
-void *pull_one_url(void *url)
-{
-  CURL *curl;
-
-  curl = curl_easy_init();
-
-  curl_easy_setopt(curl, CURLOPT_URL, url);
-  curl_easy_perform(curl);
-
-  curl_easy_cleanup(curl);
-
-  return NULL;
-}
-
-
-/* 
-   int pthread_create(pthread_t *new_thread_ID,
-   const pthread_attr_t *attr,
-   void * (*start_func)(void *), void *arg);
-*/
-
-int main(int argc, char **argv)
-{
-  pthread_t tid[4];
-  int i;
-  int error;
-  for(i=0; i< 4; i++) {
-    error = pthread_create(&tid[i],
-                           NULL, /* default attributes please */
-                           pull_one_url,
-                           urls[i]);
-    if(0 != error)
-      fprintf(stderr, "Couldn't run thread number %d, errno %d\n", i, error);
-    else 
-      fprintf(stderr, "Thread %d, gets %s\n", i, urls[i]);
-  }
-
-  /* now wait for all threads to terminate */
-  for(i=0; i< 4; i++) {
-    error = pthread_join(tid[i], NULL);
-    fprintf(stderr, "Thread %d terminated\n", i);
-  }
-
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/persistant.c b/Utilities/cmcurl/Testing/persistant.c
deleted file mode 100644
index 8534703..0000000
--- a/Utilities/cmcurl/Testing/persistant.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-#include <stdio.h>
-
-#include "curl/curl.h"
-
-/* to make this work under windows, use the win32-functions from the
-   docs/examples/win32socket.c file as well */
-
-/* This example REQUIRES libcurl 7.7 or later */
-#if (LIBCURL_VERSION_NUM < 0x070700)
-#error Too old libcurl version, upgrade or stay away.
-#endif
-
-int main(int argc, char **argv)
-{
-  CURL *curl;
-  CURLcode res;
-
-#ifdef MALLOCDEBUG
-  /* this sends all memory debug messages to a specified logfile */
-  curl_memdebug("memdump");
-#endif
-
-  curl_global_init(CURL_GLOBAL_DEFAULT);
-  curl = curl_easy_init();
-  if(curl) {
-    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
-    curl_easy_setopt(curl, CURLOPT_HEADER, 1);
-
-    /* get the first document */
-    curl_easy_setopt(curl, CURLOPT_URL, "http://www.cmake.org/");
-    res = curl_easy_perform(curl);
-
-    /* get another document from the same server using the same
-       connection */
-    curl_easy_setopt(curl, CURLOPT_URL, "http://www.cmake.org/HTML/Index.html");
-    res = curl_easy_perform(curl);
-
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-  }
-
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/postit2.c b/Utilities/cmcurl/Testing/postit2.c
deleted file mode 100644
index 9b7cda0..0000000
--- a/Utilities/cmcurl/Testing/postit2.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- *
- * Example code that uploads a file name 'foo' to a remote script that accepts
- * "HTML form based" (as described in RFC1738) uploads using HTTP POST.
- *
- * The imaginary form we'll fill in looks like:
- *
- * <form method="post" enctype="multipart/form-data" action="examplepost.cgi">
- * Enter file: <input type="file" name="sendfile" size="40">
- * Enter file name: <input type="text" name="filename" size="30">
- * <input type="submit" value="send" name="submit">
- * </form>
- *
- * This exact source code has not been verified to work.
- */
-
-/* to make this work under windows, use the win32-functions from the
-   win32socket.c file as well */
-
-#include <stdio.h>
-#include <string.h>
-
-#include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
-
-#if LIBCURL_VERSION_NUM < 0x070900
-#error "curl_formadd() is not introduced until libcurl 7.9 and later"
-#endif
-
-int main(int argc, char *argv[])
-{
-  CURL *curl;
-  CURLcode res;
-
-  struct HttpPost *formpost=NULL;
-  struct HttpPost *lastptr=NULL;
-  struct curl_slist *headerlist=NULL;
-  char buf[] = "Expect:";
-
-  /* Fill in the file upload field */
-  curl_formadd(&formpost,
-               &lastptr,
-               CURLFORM_COPYNAME, "sendfile",
-               CURLFORM_FILE, "postit2.c",
-               CURLFORM_END);
-
-  /* Fill in the filename field */
-  curl_formadd(&formpost,
-               &lastptr,
-               CURLFORM_COPYNAME, "filename",
-               CURLFORM_COPYCONTENTS, "postit2.c",
-               CURLFORM_END);
-  
-
-  /* Fill in the submit field too, even if this is rarely needed */
-  curl_formadd(&formpost,
-               &lastptr,
-               CURLFORM_COPYNAME, "submit",
-               CURLFORM_COPYCONTENTS, "send",
-               CURLFORM_END);
-
-  curl = curl_easy_init();
-  /* initalize custom header list (stating that Expect: 100-continue is not
-     wanted */
-  headerlist = curl_slist_append(headerlist, buf);
-  if(curl) {
-    /* what URL that receives this POST */
-    curl_easy_setopt(curl, CURLOPT_URL, "http://curl.haxx.se/examplepost.cgi");
-    if ( (argc == 2) && (!strcmp(argv[1], "noexpectheader")) )
-      /* only disable 100-continue header if explicitly requested */
-      curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
-    curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
-    res = curl_easy_perform(curl);
-
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-
-    /* then cleanup the formpost chain */
-    curl_formfree(formpost);
-    /* free slist */
-    curl_slist_free_all (headerlist);
-  }
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/sepheaders.c b/Utilities/cmcurl/Testing/sepheaders.c
deleted file mode 100644
index fc5b783..0000000
--- a/Utilities/cmcurl/Testing/sepheaders.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-/* to make this work under windows, use the win32-functions from the
-   win32socket.c file as well */
-
-#include "curl/curl.h"
-#include "curl/types.h"
-#include "curl/easy.h"
-
-#include "testconfig.h"
-
-size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
-{
-  int written = fwrite(ptr, size, nmemb, (FILE *)stream);
-  return written;
-}
-
-int main(int argc, char **argv)
-{
-  CURL *curl_handle;
-  char *headerfilename = LIBCURL_BINARY_DIR "/Testing/sepheaders-head.out";
-  FILE *headerfile;
-  char *bodyfilename = LIBCURL_BINARY_DIR "/Testing/sepheaders-body.out";
-  FILE *bodyfile;
-
-  curl_global_init(CURL_GLOBAL_DEFAULT);
-  /* init the curl session */
-  curl_handle = curl_easy_init();
-
-  /* set URL to get */
-  curl_easy_setopt(curl_handle, CURLOPT_URL, "http://www.cmake.org/HTML/Index.html");
-
-  /* no progress meter please */
-  curl_easy_setopt(curl_handle, CURLOPT_NOPROGRESS, 1);
-
-  /* shut up completely */
-  //curl_easy_setopt(curl_handle, CURLOPT_MUTE, 1);
-
-  /* send all data to this function  */
-  curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, write_data);
-
-  /* open the files */
-  headerfile = fopen(headerfilename,"w");
-  if (headerfile == NULL) {
-    curl_easy_cleanup(curl_handle);
-    return -1;
-  }
-  bodyfile = fopen(bodyfilename,"w");
-  if (bodyfile == NULL) {
-    curl_easy_cleanup(curl_handle);
-    fclose(headerfile);
-    return -1;
-  }
-
-  /* we want the headers to this file handle */
-  curl_easy_setopt(curl_handle,   CURLOPT_WRITEHEADER ,headerfile);
-
-  /* we want the body to this file handle */
-  curl_easy_setopt(curl_handle,   CURLOPT_FILE ,bodyfile);
-
-  /* get it! */
-  curl_easy_perform(curl_handle);
-
-  /* close the header file */
-  fclose(headerfile);
-  fclose(bodyfile);
-
-  /* cleanup curl stuff */
-  curl_easy_cleanup(curl_handle);
-
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/simple.c b/Utilities/cmcurl/Testing/simple.c
deleted file mode 100644
index 6dd6050..0000000
--- a/Utilities/cmcurl/Testing/simple.c
+++ /dev/null
@@ -1,28 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-#include "curl/curl.h"
-
-int main(void)
-{
-  CURL *curl;
-  CURLcode res;
-
-  curl_global_init(CURL_GLOBAL_DEFAULT);
-  curl = curl_easy_init();
-  if(curl) {
-    curl_easy_setopt(curl, CURLOPT_URL, "http://www.cmake.org/HTML/Index.html");
-    res = curl_easy_perform(curl);
-
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-  }
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/simplessl.c b/Utilities/cmcurl/Testing/simplessl.c
deleted file mode 100644
index e307eaa..0000000
--- a/Utilities/cmcurl/Testing/simplessl.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-#include <stdio.h>
-
-#include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
-
-
-/* some requirements for this to work:
-   1.   set pCertFile to the file with the client certificate
-   2.   if the key is passphrase protected, set pPassphrase to the
-        passphrase you use
-   3.   if you are using a crypto engine:
-   3.1. set a #define USE_ENGINE
-   3.2. set pEngine to the name of the crypto engine you use
-   3.3. set pKeyName to the key identifier you want to use
-   4.   if you don't use a crypto engine:
-   4.1. set pKeyName to the file name of your client key
-   4.2. if the format of the key file is DER, set pKeyType to "DER"
-
-   !! verify of the server certificate is not implemented here !!
-
-   **** This example only works with libcurl 7.9.3 and later! ****
-
-*/
-
-int main(int argc, char **argv)
-{
-  CURL *curl;
-  CURLcode res;
-  FILE *headerfile;
-
-  const char *pCertFile = "testcert.pem";
-  const char *pCACertFile="cacert.pem"
-
-  const char *pKeyName;
-  const char *pKeyType;
-
-  const char *pEngine;
-
-#if USE_ENGINE
-  pKeyName  = "rsa_test";
-  pKeyType  = "ENG";
-  pEngine   = "chil";            /* for nChiper HSM... */
-#else
-  pKeyName  = "testkey.pem";
-  pKeyType  = "PEM";
-  pEngine   = NULL;
-#endif
-
-  const char *pPassphrase = NULL;
-
-  headerfile = fopen("dumpit", "w");
-
-  curl_global_init(CURL_GLOBAL_DEFAULT);
-
-  curl = curl_easy_init();
-  if(curl) {
-    /* what call to write: */
-    curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://curl.haxx.se");
-    curl_easy_setopt(curl, CURLOPT_WRITEHEADER, headerfile);
-
-    while(1)                    /* do some ugly short cut... */
-    {
-       if (pEngine)             /* use crypto engine */
-       {
-          if (curl_easy_setopt(curl, CURLOPT_SSLENGINE,pEngine) != CURLE_OK)
-          {                     /* load the crypto engine */
-             fprintf(stderr,"can't set crypto engine\n");
-             break;
-          }
-          if (curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT,1) != CURLE_OK)
-          {                     /* set the crypto engine as default */
-                                /* only needed for the first time you load
-                                   a engine in a curl object... */
-             fprintf(stderr,"can't set crypto engine as default\n");
-             break;
-          }
-       }
-                                /* cert is stored PEM coded in file... */
-                                /* since PEM is default, we needn't set it for PEM */
-       curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
-                                /* set the cert for client authentication */
-       curl_easy_setopt(curl,CURLOPT_SSLCERT,pCertFile);
-                                /* sorry, for engine we must set the passphrase
-                                   (if the key has one...) */
-       if (pPassphrase)
-          curl_easy_setopt(curl,CURLOPT_SSLKEYPASSWD,pPassphrase);
-                                /* if we use a key stored in a crypto engine,
-                                   we must set the key type to "ENG" */
-       curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,pKeyType);
-                                /* set the private key (file or ID in engine) */
-       curl_easy_setopt(curl,CURLOPT_SSLKEY,pKeyName);
-                                /* set the file with the certs vaildating the server */
-       curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);
-                                /* disconnect if we can't validate server's cert */
-       curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1);
-       
-       res = curl_easy_perform(curl);
-       break;                   /* we are done... */
-    }
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-  }
-
-  curl_global_cleanup();
-
-  if (headerfile)
-    fclose(headerfile);
-  return 0;
-}
diff --git a/Utilities/cmcurl/Testing/testconfig.h.in b/Utilities/cmcurl/Testing/testconfig.h.in
deleted file mode 100644
index faab462..0000000
--- a/Utilities/cmcurl/Testing/testconfig.h.in
+++ /dev/null
@@ -1,7 +0,0 @@
-#ifndef __testconfig_h__
-#define __testconfig_h__
-
-#define LIBCURL_SOURCE_DIR "${LIBCURL_SOURCE_DIR}"
-#define LIBCURL_BINARY_DIR "${LIBCURL_BINARY_DIR}"
-
-#endif /* __testconfig_h__ */
diff --git a/Utilities/cmcurl/Testing/win32sockets.c b/Utilities/cmcurl/Testing/win32sockets.c
deleted file mode 100644
index 5f791c8..0000000
--- a/Utilities/cmcurl/Testing/win32sockets.c
+++ /dev/null
@@ -1,49 +0,0 @@
-
-/*
- * Note: This is only required if you use curl 7.8 or lower, later 
- * versions provide an option to curl_global_init() that does the
- * win32 initialization for you.
- */
-
-/*
- * These are example functions doing socket init that Windows
- * require. If you don't use windows, you can safely ignore this crap.
- */
-
-#include <windows.h>
-
-void win32_cleanup(void)
-{
-  WSACleanup();
-}
-
-int win32_init(void)
-{
-  WORD wVersionRequested;  
-  WSADATA wsaData; 
-  int err; 
-  wVersionRequested = MAKEWORD(1, 1); 
-    
-  err = WSAStartup(wVersionRequested, &wsaData); 
-    
-  if (err != 0) 
-    /* Tell the user that we couldn't find a useable */ 
-    /* winsock.dll.     */ 
-    return 1;
-    
-  /* Confirm that the Windows Sockets DLL supports 1.1.*/ 
-  /* Note that if the DLL supports versions greater */ 
-  /* than 1.1 in addition to 1.1, it will still return */ 
-  /* 1.1 in wVersion since that is the version we */ 
-  /* requested. */ 
-    
-  if ( LOBYTE( wsaData.wVersion ) != 1 || 
-       HIBYTE( wsaData.wVersion ) != 1 ) { 
-    /* Tell the user that we couldn't find a useable */ 
-
-    /* winsock.dll. */ 
-    WSACleanup(); 
-    return 1; 
-  }
-  return 0; /* 0 is ok */
-}
diff --git a/Utilities/cmcurl/amigaos.h b/Utilities/cmcurl/amigaos.h
deleted file mode 100644
index e5786d4..0000000
--- a/Utilities/cmcurl/amigaos.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#ifndef LIBCURL_AMIGAOS_H
-#define LIBCURL_AMIGAOS_H
-
-#ifndef __ixemul__
-
-#include <exec/types.h>
-#include <exec/execbase.h>
-
-#include <proto/exec.h>
-#include <proto/dos.h>
-
-#include <sys/socket.h>
-
-#include "config-amigaos.h"
-
-#ifndef select
-# define select(args...) WaitSelect( args, NULL)
-#endif
-#ifndef inet_ntoa
-# define inet_ntoa(x)    Inet_NtoA( x ## .s_addr)
-#endif
-#ifndef ioctl
-# define ioctl(a,b,c,d)  IoctlSocket( (LONG)a, (ULONG)b, (char*)c)
-#endif
-#define _AMIGASF        1
-
-extern void amiga_cleanup();
-extern BOOL amiga_init();
-
-#else /* __ixemul__ */
-
-#warning compiling with ixemul...
-
-#endif /* __ixemul__ */
-#endif /* LIBCURL_AMIGAOS_H */
diff --git a/Utilities/cmcurl/base64.c b/Utilities/cmcurl/base64.c
deleted file mode 100644
index aa03f83..0000000
--- a/Utilities/cmcurl/base64.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-/* Base64 encoding/decoding
- *
- * Test harnesses down the bottom - compile with -DTEST_ENCODE for
- * a program that will read in raw data from stdin and write out
- * a base64-encoded version to stdout, and the length returned by the
- * encoding function to stderr. Compile with -DTEST_DECODE for a program that
- * will go the other way.
- *
- * This code will break if int is smaller than 32 bits
- */
-
-#include "setup.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#include "urldata.h" /* for the SessionHandle definition */
-#include "easyif.h"  /* for Curl_convert_... prototypes */
-#include "base64.h"
-#include "memory.h"
-
-/* include memdebug.h last */
-#include "memdebug.h"
-
-/* ---- Base64 Encoding/Decoding Table --- */
-static const char table64[]=
-  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-static void decodeQuantum(unsigned char *dest, const char *src)
-{
-  unsigned int x = 0;
-  int i;
-  char *found;
-
-  for(i = 0; i < 4; i++) {
-    if((found = strchr(table64, src[i])))
-      x = (x << 6) + (unsigned int)(found - table64);
-    else if(src[i] == '=')
-      x = (x << 6);
-  }
-
-  dest[2] = (unsigned char)(x & 255);
-  x >>= 8;
-  dest[1] = (unsigned char)(x & 255);
-  x >>= 8;
-  dest[0] = (unsigned char)(x & 255);
-}
-
-/*
- * Curl_base64_decode()
- *
- * Given a base64 string at src, decode it and return an allocated memory in
- * the *outptr. Returns the length of the decoded data.
- */
-size_t Curl_base64_decode(const char *src, unsigned char **outptr)
-{
-  int length = 0;
-  int equalsTerm = 0;
-  int i;
-  int numQuantums;
-  unsigned char lastQuantum[3];
-  size_t rawlen=0;
-  unsigned char *newstr;
-
-  *outptr = NULL;
-
-  while((src[length] != '=') && src[length])
-    length++;
-  /* A maximum of two = padding characters is allowed */
-  if(src[length] == '=') {
-    equalsTerm++;
-    if(src[length+equalsTerm] == '=')
-      equalsTerm++;
-  }
-  numQuantums = (length + equalsTerm) / 4;
-
-  /* Don't allocate a buffer if the decoded length is 0 */
-  if (numQuantums <= 0)
-    return 0;
-
-  rawlen = (numQuantums * 3) - equalsTerm;
-
-  /* The buffer must be large enough to make room for the last quantum
-  (which may be partially thrown out) and the zero terminator. */
-  newstr = malloc(rawlen+4);
-  if(!newstr)
-    return 0;
-
-  *outptr = newstr;
-
-  /* Decode all but the last quantum (which may not decode to a
-  multiple of 3 bytes) */
-  for(i = 0; i < numQuantums - 1; i++) {
-    decodeQuantum((unsigned char *)newstr, src);
-    newstr += 3; src += 4;
-  }
-
-  /* This final decode may actually read slightly past the end of the buffer
-  if the input string is missing pad bytes.  This will almost always be
-  harmless. */
-  decodeQuantum(lastQuantum, src);
-  for(i = 0; i < 3 - equalsTerm; i++)
-    newstr[i] = lastQuantum[i];
-
-  newstr[i] = 0; /* zero terminate */
-  return rawlen;
-}
-
-/*
- * Curl_base64_encode()
- *
- * Returns the length of the newly created base64 string. The third argument
- * is a pointer to an allocated area holding the base64 data. If something
- * went wrong, -1 is returned.
- *
- */
-size_t Curl_base64_encode(struct SessionHandle *data,
-                          const char *inp, size_t insize, char **outptr)
-{
-  unsigned char ibuf[3];
-  unsigned char obuf[4];
-  int i;
-  int inputparts;
-  char *output;
-  char *base64data;
-#ifdef CURL_DOES_CONVERSIONS
-  char *convbuf;
-#endif
-
-  char *indata = (char *)inp;
-
-  *outptr = NULL; /* set to NULL in case of failure before we reach the end */
-
-  if(0 == insize)
-    insize = strlen(indata);
-
-  base64data = output = (char*)malloc(insize*4/3+4);
-  if(NULL == output)
-    return 0;
-
-#ifdef CURL_DOES_CONVERSIONS
-  /*
-   * The base64 data needs to be created using the network encoding
-   * not the host encoding.  And we can't change the actual input
-   * so we copy it to a buffer, translate it, and use that instead.
-   */
-  if(data) {
-    convbuf = (char*)malloc(insize);
-    if(!convbuf) {
-      return 0;
-    }
-    memcpy(convbuf, indata, insize);
-    if(CURLE_OK != Curl_convert_to_network(data, convbuf, insize)) {
-      free(convbuf);
-      return 0;
-    }
-    indata = convbuf; /* switch to the converted buffer */
-  }
-#else
-  (void)data;
-#endif
-
-  while(insize > 0) {
-    for (i = inputparts = 0; i < 3; i++) {
-      if(insize > 0) {
-        inputparts++;
-        ibuf[i] = *indata;
-        indata++;
-        insize--;
-      }
-      else
-        ibuf[i] = 0;
-    }
-
-    obuf[0] = (unsigned char)  ((ibuf[0] & 0xFC) >> 2);
-    obuf[1] = (unsigned char) (((ibuf[0] & 0x03) << 4) | \
-                               ((ibuf[1] & 0xF0) >> 4));
-    obuf[2] = (unsigned char) (((ibuf[1] & 0x0F) << 2) | \
-                               ((ibuf[2] & 0xC0) >> 6));
-    obuf[3] = (unsigned char)   (ibuf[2] & 0x3F);
-
-    switch(inputparts) {
-    case 1: /* only one byte read */
-      snprintf(output, 5, "%c%c==",
-               table64[obuf[0]],
-               table64[obuf[1]]);
-      break;
-    case 2: /* two bytes read */
-      snprintf(output, 5, "%c%c%c=",
-               table64[obuf[0]],
-               table64[obuf[1]],
-               table64[obuf[2]]);
-      break;
-    default:
-      snprintf(output, 5, "%c%c%c%c",
-               table64[obuf[0]],
-               table64[obuf[1]],
-               table64[obuf[2]],
-               table64[obuf[3]] );
-      break;
-    }
-    output += 4;
-  }
-  *output=0;
-  *outptr = base64data; /* make it return the actual data memory */
-
-#ifdef CURL_DOES_CONVERSIONS
-  if(data)
-    free(convbuf);
-#endif
-  return strlen(base64data); /* return the length of the new data */
-}
-/* ---- End of Base64 Encoding ---- */
-
-/************* TEST HARNESS STUFF ****************/
-
-
-#ifdef TEST_ENCODE
-/* encoding test harness. Read in standard input and write out the length
- * returned by Curl_base64_encode, followed by the base64'd data itself
- */
-#include <stdio.h>
-
-#define TEST_NEED_SUCK
-void *suck(int *);
-
-int main(int argc, char **argv, char **envp)
-{
-  char *base64;
-  size_t base64Len;
-  unsigned char *data;
-  int dataLen;
-  struct SessionHandle *handle = NULL;
-
-#ifdef CURL_DOES_CONVERSIONS
-  /* get a Curl handle so Curl_base64_encode can translate properly */
-  handle = curl_easy_init();
-  if(handle == NULL) {
-    fprintf(stderr, "Error: curl_easy_init failed\n");
-    return 0;
-  }
-#endif
-  data = (unsigned char *)suck(&dataLen);
-  base64Len = Curl_base64_encode(handle, data, dataLen, &base64);
-
-  fprintf(stderr, "%d\n", base64Len);
-  fprintf(stdout, "%s\n", base64);
-
-  free(base64); free(data);
-#ifdef CURL_DOES_CONVERSIONS
-  curl_easy_cleanup(handle);
-#endif
-  return 0;
-}
-#endif
-
-#ifdef TEST_DECODE
-/* decoding test harness. Read in a base64 string from stdin and write out the
- * length returned by Curl_base64_decode, followed by the decoded data itself
- *
- * gcc -DTEST_DECODE base64.c -o base64 mprintf.o memdebug.o
- */
-#include <stdio.h>
-
-#define TEST_NEED_SUCK
-void *suck(int *);
-
-int main(int argc, char **argv, char **envp)
-{
-  char *base64;
-  int base64Len;
-  unsigned char *data;
-  int dataLen;
-  int i, j;
-#ifdef CURL_DOES_CONVERSIONS
-  /* get a Curl handle so main can translate properly */
-  struct SessionHandle *handle = curl_easy_init();
-  if(handle == NULL) {
-    fprintf(stderr, "Error: curl_easy_init failed\n");
-    return 0;
-  }
-#endif
-
-  base64 = (char *)suck(&base64Len);
-  dataLen = Curl_base64_decode(base64, &data);
-
-  fprintf(stderr, "%d\n", dataLen);
-
-  for(i=0; i < dataLen; i+=0x10) {
-    printf("0x%02x: ", i);
-    for(j=0; j < 0x10; j++)
-      if((j+i) < dataLen)
-        printf("%02x ", data[i+j]);
-      else
-        printf("   ");
-
-    printf(" | ");
-
-    for(j=0; j < 0x10; j++)
-      if((j+i) < dataLen) {
-#ifdef CURL_DOES_CONVERSIONS
-        if(CURLE_OK !=
-             Curl_convert_from_network(handle, &data[i+j], (size_t)1))
-          data[i+j] = '.';
-#endif /* CURL_DOES_CONVERSIONS */
-        printf("%c", ISGRAPH(data[i+j])?data[i+j]:'.');
-      } else
-        break;
-    puts("");
-  }
-
-#ifdef CURL_DOES_CONVERSIONS
-  curl_easy_cleanup(handle);
-#endif
-  free(base64); free(data);
-  return 0;
-}
-#endif
-
-#ifdef TEST_NEED_SUCK
-/* this function 'sucks' in as much as possible from stdin */
-void *suck(int *lenptr)
-{
-  int cursize = 8192;
-  unsigned char *buf = NULL;
-  int lastread;
-  int len = 0;
-
-  do {
-    cursize *= 2;
-    buf = (unsigned char *)realloc(buf, cursize);
-    memset(buf + len, 0, cursize - len);
-    lastread = fread(buf + len, 1, cursize - len, stdin);
-    len += lastread;
-  } while(!feof(stdin));
-
-  lenptr[0] = len;
-  return (void *)buf;
-}
-#endif
diff --git a/Utilities/cmcurl/ca-bundle.h b/Utilities/cmcurl/ca-bundle.h
deleted file mode 100644
index 12390bc..0000000
--- a/Utilities/cmcurl/ca-bundle.h
+++ /dev/null
@@ -1 +0,0 @@
-/* ca bundle path set in here*/
diff --git a/Utilities/cmcurl/config.h.in b/Utilities/cmcurl/config.h.in
deleted file mode 100644
index 148722b..0000000
--- a/Utilities/cmcurl/config.h.in
+++ /dev/null
@@ -1,720 +0,0 @@
-/* lib/config.h.in.  Generated from configure.ac by autoheader.  */
-
-/* when building libcurl itself */
-#cmakedefine BUILDING_LIBCURL ${BUILDING_LIBCURL}
-
-/* to disable cookies support */
-#cmakedefine CURL_DISABLE_COOKIES ${CURL_DISABLE_COOKIES}
-
-/* to disable cryptographic authentication */
-#cmakedefine CURL_DISABLE_CRYPTO_AUTH ${CURL_DISABLE_CRYPTO_AUTH}
-
-/* to disable DICT */
-#cmakedefine CURL_DISABLE_DICT ${CURL_DISABLE_DICT}
-
-/* to disable FILE */
-#cmakedefine CURL_DISABLE_FILE ${CURL_DISABLE_FILE}
-
-/* to disable FTP */
-#cmakedefine CURL_DISABLE_FTP ${CURL_DISABLE_FTP}
-
-/* to disable HTTP */
-#cmakedefine CURL_DISABLE_HTTP ${CURL_DISABLE_HTTP}
-
-/* to disable LDAP */
-#cmakedefine CURL_DISABLE_LDAP ${CURL_DISABLE_LDAP}
-
-/* to disable TELNET */
-#cmakedefine CURL_DISABLE_TELNET ${CURL_DISABLE_TELNET}
-
-/* to disable TFTP */
-#cmakedefine CURL_DISABLE_TFTP ${CURL_DISABLE_TFTP}
-
-/* to disable verbose strings */
-#cmakedefine CURL_DISABLE_VERBOSE_STRINGS ${CURL_DISABLE_VERBOSE_STRINGS}
-
-/* to make a symbol visible */
-#cmakedefine CURL_EXTERN_SYMBOL ${CURL_EXTERN_SYMBOL}
-
-/* to enable hidden symbols */
-#cmakedefine CURL_HIDDEN_SYMBOLS ${CURL_HIDDEN_SYMBOLS}
-
-/* when not building a shared library */
-#cmakedefine CURL_STATICLIB ${CURL_STATICLIB}
-
-/* Set to explicitly specify we don't want to use thread-safe functions */
-#cmakedefine DISABLED_THREADSAFE ${DISABLED_THREADSAFE}
-
-/* lber dynamic library file */
-#cmakedefine DL_LBER_FILE ${DL_LBER_FILE}
-
-/* ldap dynamic library file */
-#cmakedefine DL_LDAP_FILE ${DL_LDAP_FILE}
-
-/* your Entropy Gathering Daemon socket pathname */
-#cmakedefine EGD_SOCKET ${EGD_SOCKET}
-
-/* Define if you want to enable IPv6 support */
-#cmakedefine ENABLE_IPV6 ${ENABLE_IPV6}
-
-/* Define to the type qualifier of arg 1 for getnameinfo. */
-#cmakedefine GETNAMEINFO_QUAL_ARG1 ${GETNAMEINFO_QUAL_ARG1}
-
-/* Define to the type of arg 1 for getnameinfo. */
-#cmakedefine GETNAMEINFO_TYPE_ARG1 ${GETNAMEINFO_TYPE_ARG1}
-
-/* Define to the type of arg 2 for getnameinfo. */
-#cmakedefine GETNAMEINFO_TYPE_ARG2 ${GETNAMEINFO_TYPE_ARG2}
-
-/* Define to the type of args 4 and 6 for getnameinfo. */
-#cmakedefine GETNAMEINFO_TYPE_ARG46 ${GETNAMEINFO_TYPE_ARG46}
-
-/* Define to the type of arg 7 for getnameinfo. */
-#cmakedefine GETNAMEINFO_TYPE_ARG7 ${GETNAMEINFO_TYPE_ARG7}
-
-/* Define to 1 if you have the <alloca.h> header file. */
-#cmakedefine HAVE_ALLOCA_H ${HAVE_ALLOCA_H}
-
-/* Define to 1 if you have the <arpa/inet.h> header file. */
-#cmakedefine HAVE_ARPA_INET_H ${HAVE_ARPA_INET_H}
-
-/* Define to 1 if you have the <arpa/tftp.h> header file. */
-#cmakedefine HAVE_ARPA_TFTP_H ${HAVE_ARPA_TFTP_H}
-
-/* Define to 1 if you have the <assert.h> header file. */
-#cmakedefine HAVE_ASSERT_H ${HAVE_ASSERT_H}
-
-/* Define to 1 if you have the `basename' function. */
-#cmakedefine HAVE_BASENAME ${HAVE_BASENAME}
-
-/* Define to 1 if you have the `closesocket' function. */
-#cmakedefine HAVE_CLOSESOCKET ${HAVE_CLOSESOCKET}
-
-/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */
-#cmakedefine HAVE_CRYPTO_CLEANUP_ALL_EX_DATA ${HAVE_CRYPTO_CLEANUP_ALL_EX_DATA}
-
-/* Define to 1 if you have the <crypto.h> header file. */
-#cmakedefine HAVE_CRYPTO_H ${HAVE_CRYPTO_H}
-
-/* Define to 1 if you have the <des.h> header file. */
-#cmakedefine HAVE_DES_H ${HAVE_DES_H}
-
-/* disabled non-blocking sockets */
-#cmakedefine HAVE_DISABLED_NONBLOCKING ${HAVE_DISABLED_NONBLOCKING}
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#cmakedefine HAVE_DLFCN_H ${HAVE_DLFCN_H}
-
-/* Define to 1 if you have the `dlopen' function. */
-#cmakedefine HAVE_DLOPEN ${HAVE_DLOPEN}
-
-/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
-#cmakedefine HAVE_ENGINE_LOAD_BUILTIN_ENGINES ${HAVE_ENGINE_LOAD_BUILTIN_ENGINES}
-
-/* Define to 1 if you have the <errno.h> header file. */
-#cmakedefine HAVE_ERRNO_H ${HAVE_ERRNO_H}
-
-/* Define to 1 if you have the <err.h> header file. */
-#cmakedefine HAVE_ERR_H ${HAVE_ERR_H}
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#cmakedefine HAVE_FCNTL_H ${HAVE_FCNTL_H}
-
-/* use FIONBIO for non-blocking sockets */
-#cmakedefine HAVE_FIONBIO ${HAVE_FIONBIO}
-
-/* Define to 1 if you have the `fork' function. */
-#cmakedefine HAVE_FORK ${HAVE_FORK}
-
-/* Define to 1 if you have the `ftruncate' function. */
-#cmakedefine HAVE_FTRUNCATE ${HAVE_FTRUNCATE}
-
-/* Define if getaddrinfo exists and works */
-#cmakedefine HAVE_GETADDRINFO ${HAVE_GETADDRINFO}
-
-/* Define to 1 if you have the `geteuid' function. */
-#cmakedefine HAVE_GETEUID ${HAVE_GETEUID}
-
-/* Define to 1 if you have the `gethostbyaddr' function. */
-#cmakedefine HAVE_GETHOSTBYADDR ${HAVE_GETHOSTBYADDR}
-
-/* If you have gethostbyname */
-#cmakedefine HAVE_GETHOSTBYNAME ${HAVE_GETHOSTBYNAME}
-
-/* Define to 1 if you have the `gethostbyname_r' function. */
-#cmakedefine HAVE_GETHOSTBYNAME_R ${HAVE_GETHOSTBYNAME_R}
-
-/* gethostbyname_r() takes 3 args */
-#cmakedefine HAVE_GETHOSTBYNAME_R_3 ${HAVE_GETHOSTBYNAME_R_3}
-
-/* gethostbyname_r() takes 5 args */
-#cmakedefine HAVE_GETHOSTBYNAME_R_5 ${HAVE_GETHOSTBYNAME_R_5}
-
-/* gethostbyname_r() takes 6 args */
-#cmakedefine HAVE_GETHOSTBYNAME_R_6 ${HAVE_GETHOSTBYNAME_R_6}
-
-/* Define to 1 if you have the getnameinfo function. */
-#cmakedefine HAVE_GETNAMEINFO ${HAVE_GETNAMEINFO}
-
-/* Define to 1 if you have the `getpass_r' function. */
-#cmakedefine HAVE_GETPASS_R ${HAVE_GETPASS_R}
-
-/* Define to 1 if you have the `getprotobyname' function. */
-#cmakedefine HAVE_GETPROTOBYNAME ${HAVE_GETPROTOBYNAME}
-
-/* Define to 1 if you have the `getpwuid' function. */
-#cmakedefine HAVE_GETPWUID ${HAVE_GETPWUID}
-
-/* Define to 1 if you have the `getrlimit' function. */
-#cmakedefine HAVE_GETRLIMIT ${HAVE_GETRLIMIT}
-
-/* Define to 1 if you have the `gettimeofday' function. */
-#cmakedefine HAVE_GETTIMEOFDAY ${HAVE_GETTIMEOFDAY}
-
-/* Define to 1 if you have the `gmtime_r' function. */
-#cmakedefine HAVE_GMTIME_R ${HAVE_GMTIME_R}
-
-/* if you have the gssapi libraries */
-#cmakedefine HAVE_GSSAPI ${HAVE_GSSAPI}
-
-/* if you have the GNU gssapi libraries */
-#cmakedefine HAVE_GSSGNU ${HAVE_GSSGNU}
-
-/* if you have the Heimdal gssapi libraries */
-#cmakedefine HAVE_GSSHEIMDAL ${HAVE_GSSHEIMDAL}
-
-/* if you have the MIT gssapi libraries */
-#cmakedefine HAVE_GSSMIT ${HAVE_GSSMIT}
-
-/* Define to 1 if you have the `idna_strerror' function. */
-#cmakedefine HAVE_IDNA_STRERROR ${HAVE_IDNA_STRERROR}
-
-/* Define to 1 if you have the `idn_free' function. */
-#cmakedefine HAVE_IDN_FREE ${HAVE_IDN_FREE}
-
-/* Define to 1 if you have the <idn-free.h> header file. */
-#cmakedefine HAVE_IDN_FREE_H ${HAVE_IDN_FREE_H}
-
-/* Define to 1 if you have the `inet_addr' function. */
-#cmakedefine HAVE_INET_ADDR ${HAVE_INET_ADDR}
-
-/* Define to 1 if you have the `inet_ntoa' function. */
-#cmakedefine HAVE_INET_NTOA ${HAVE_INET_NTOA}
-
-/* Define to 1 if you have the `inet_ntoa_r' function. */
-#cmakedefine HAVE_INET_NTOA_R ${HAVE_INET_NTOA_R}
-
-/* inet_ntoa_r() is declared */
-#cmakedefine HAVE_INET_NTOA_R_DECL ${HAVE_INET_NTOA_R_DECL}
-
-/* Define to 1 if you have the `inet_pton' function. */
-#cmakedefine HAVE_INET_PTON ${HAVE_INET_PTON}
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#cmakedefine HAVE_INTTYPES_H ${HAVE_INTTYPES_H}
-
-/* use ioctlsocket() for non-blocking sockets */
-#cmakedefine HAVE_IOCTLSOCKET ${HAVE_IOCTLSOCKET}
-
-/* use Ioctlsocket() for non-blocking sockets */
-#cmakedefine HAVE_IOCTLSOCKET_CASE ${HAVE_IOCTLSOCKET_CASE}
-
-/* Define to 1 if you have the <io.h> header file. */
-#cmakedefine HAVE_IO_H ${HAVE_IO_H}
-
-/* if you have the Kerberos4 libraries (including -ldes) */
-#cmakedefine HAVE_KRB4 ${HAVE_KRB4}
-
-/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */
-#cmakedefine HAVE_KRB_GET_OUR_IP_FOR_REALM ${HAVE_KRB_GET_OUR_IP_FOR_REALM}
-
-/* Define to 1 if you have the <krb.h> header file. */
-#cmakedefine HAVE_KRB_H ${HAVE_KRB_H}
-
-/* Define to 1 if you have the `dl' library (-ldl). */
-#cmakedefine HAVE_LIBDL ${HAVE_LIBDL}
-
-/* Define to 1 if you have the <libgen.h> header file. */
-#cmakedefine HAVE_LIBGEN_H ${HAVE_LIBGEN_H}
-
-/* Define to 1 if you have the `idn' library (-lidn). */
-#cmakedefine HAVE_LIBIDN ${HAVE_LIBIDN}
-
-/* Define to 1 if you have the `resolv' library (-lresolv). */
-#cmakedefine HAVE_LIBRESOLV ${HAVE_LIBRESOLV}
-
-/* Define to 1 if you have the `resolve' library (-lresolve). */
-#cmakedefine HAVE_LIBRESOLVE ${HAVE_LIBRESOLVE}
-
-/* Define to 1 if you have the `socket' library (-lsocket). */
-#cmakedefine HAVE_LIBSOCKET ${HAVE_LIBSOCKET}
-
-/* Define to 1 if you have the `ssh2' library (-lssh2). */
-#cmakedefine HAVE_LIBSSH2 ${HAVE_LIBSSH2}
-
-/* Define to 1 if you have the <libssh2.h> header file. */
-#cmakedefine HAVE_LIBSSH2_H ${HAVE_LIBSSH2_H}
-
-/* if zlib is available */
-#cmakedefine HAVE_LIBZ ${HAVE_LIBZ}
-
-/* Define to 1 if you have the <limits.h> header file. */
-#cmakedefine HAVE_LIMITS_H ${HAVE_LIMITS_H}
-
-/* if your compiler supports LL */
-#cmakedefine HAVE_LL ${HAVE_LL}
-
-/* Define to 1 if you have the <locale.h> header file. */
-#cmakedefine HAVE_LOCALE_H ${HAVE_LOCALE_H}
-
-/* Define to 1 if you have the `localtime_r' function. */
-#cmakedefine HAVE_LOCALTIME_R ${HAVE_LOCALTIME_R}
-
-/* if your compiler supports long long */
-#cmakedefine HAVE_LONGLONG ${HAVE_LONGLONG}
-
-/* Define to 1 if you have the malloc.h header file. */
-#cmakedefine HAVE_MALLOC_H ${HAVE_MALLOC_H}
-
-/* Define to 1 if you have the <memory.h> header file. */
-#cmakedefine HAVE_MEMORY_H ${HAVE_MEMORY_H}
-
-/* Define to 1 if you have the MSG_NOSIGNAL flag. */
-#cmakedefine HAVE_MSG_NOSIGNAL ${HAVE_MSG_NOSIGNAL}
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#cmakedefine HAVE_NETDB_H ${HAVE_NETDB_H}
-
-/* Define to 1 if you have the <netinet/in.h> header file. */
-#cmakedefine HAVE_NETINET_IN_H ${HAVE_NETINET_IN_H}
-
-/* Define to 1 if you have the <netinet/tcp.h> header file. */
-#cmakedefine HAVE_NETINET_TCP_H ${HAVE_NETINET_TCP_H}
-
-/* Define to 1 if you have the <net/if.h> header file. */
-#cmakedefine HAVE_NET_IF_H ${HAVE_NET_IF_H}
-
-/* Define to 1 if NI_WITHSCOPEID exists and works. */
-#cmakedefine HAVE_NI_WITHSCOPEID ${HAVE_NI_WITHSCOPEID}
-
-/* Defined if no inet_pton() prototype available */
-#cmakedefine HAVE_NO_INET_PTON_PROTO ${HAVE_NO_INET_PTON_PROTO}
-
-/* we have no strerror_r() proto */
-#cmakedefine HAVE_NO_STRERROR_R_DECL ${HAVE_NO_STRERROR_R_DECL}
-
-/* Define to 1 if you have the <openssl/crypto.h> header file. */
-#cmakedefine HAVE_OPENSSL_CRYPTO_H ${HAVE_OPENSSL_CRYPTO_H}
-
-/* Define to 1 if you have the <openssl/engine.h> header file. */
-#cmakedefine HAVE_OPENSSL_ENGINE_H ${HAVE_OPENSSL_ENGINE_H}
-
-/* Define to 1 if you have the <openssl/err.h> header file. */
-#cmakedefine HAVE_OPENSSL_ERR_H ${HAVE_OPENSSL_ERR_H}
-
-/* Define to 1 if you have the <openssl/pem.h> header file. */
-#cmakedefine HAVE_OPENSSL_PEM_H ${HAVE_OPENSSL_PEM_H}
-
-/* Define to 1 if you have the <openssl/pkcs12.h> header file. */
-#cmakedefine HAVE_OPENSSL_PKCS12_H ${HAVE_OPENSSL_PKCS12_H}
-
-/* Define to 1 if you have the <openssl/rsa.h> header file. */
-#cmakedefine HAVE_OPENSSL_RSA_H ${HAVE_OPENSSL_RSA_H}
-
-/* Define to 1 if you have the <openssl/ssl.h> header file. */
-#cmakedefine HAVE_OPENSSL_SSL_H ${HAVE_OPENSSL_SSL_H}
-
-/* Define to 1 if you have the <openssl/x509.h> header file. */
-#cmakedefine HAVE_OPENSSL_X509_H ${HAVE_OPENSSL_X509_H}
-
-/* use O_NONBLOCK for non-blocking sockets */
-#cmakedefine HAVE_O_NONBLOCK ${HAVE_O_NONBLOCK}
-
-/* Define to 1 if you have the <pem.h> header file. */
-#cmakedefine HAVE_PEM_H ${HAVE_PEM_H}
-
-/* Define to 1 if you have the `perror' function. */
-#cmakedefine HAVE_PERROR ${HAVE_PERROR}
-
-/* Define to 1 if you have the `pipe' function. */
-#cmakedefine HAVE_PIPE ${HAVE_PIPE}
-
-/* Define to 1 if you have the `poll' function. */
-#cmakedefine HAVE_POLL ${HAVE_POLL}
-
-/* Define to 1 if you have the <process.h> header file. */
-#cmakedefine HAVE_PROCESS_H ${HAVE_PROCESS_H}
-
-/* Define to 1 if you have the <pwd.h> header file. */
-#cmakedefine HAVE_PWD_H ${HAVE_PWD_H}
-
-/* Define to 1 if you have the `RAND_egd' function. */
-#cmakedefine HAVE_RAND_EGD ${HAVE_RAND_EGD}
-
-/* Define to 1 if you have the `RAND_screen' function. */
-#cmakedefine HAVE_RAND_SCREEN ${HAVE_RAND_SCREEN}
-
-/* Define to 1 if you have the `RAND_status' function. */
-#cmakedefine HAVE_RAND_STATUS ${HAVE_RAND_STATUS}
-
-/* Define to 1 if you have the recv function. */
-#cmakedefine HAVE_RECV ${HAVE_RECV}
-
-/* Define to 1 if you have the <rsa.h> header file. */
-#cmakedefine HAVE_RSA_H ${HAVE_RSA_H}
-
-/* Define to 1 if you have the select function. */
-#cmakedefine HAVE_SELECT ${HAVE_SELECT}
-
-/* Define to 1 if you have the send function. */
-#cmakedefine HAVE_SEND ${HAVE_SEND}
-
-/* Define to 1 if you have the <setjmp.h> header file. */
-#cmakedefine HAVE_SETJMP_H ${HAVE_SETJMP_H}
-
-/* Define to 1 if you have the `setlocale' function. */
-#cmakedefine HAVE_SETLOCALE ${HAVE_SETLOCALE}
-
-/* Define to 1 if you have the `setrlimit' function. */
-#cmakedefine HAVE_SETRLIMIT ${HAVE_SETRLIMIT}
-
-/* Define to 1 if you have the <sgtty.h> header file. */
-#cmakedefine HAVE_SGTTY_H ${HAVE_SGTTY_H}
-
-/* Define to 1 if you have the `sigaction' function. */
-#cmakedefine HAVE_SIGACTION ${HAVE_SIGACTION}
-
-/* Define to 1 if you have the `siginterrupt' function. */
-#cmakedefine HAVE_SIGINTERRUPT ${HAVE_SIGINTERRUPT}
-
-/* Define to 1 if you have the `signal' function. */
-#cmakedefine HAVE_SIGNAL ${HAVE_SIGNAL}
-
-/* Define to 1 if you have the <signal.h> header file. */
-#cmakedefine HAVE_SIGNAL_H ${HAVE_SIGNAL_H}
-
-/* If you have sigsetjmp */
-#cmakedefine HAVE_SIGSETJMP ${HAVE_SIGSETJMP}
-
-/* Define to 1 if sig_atomic_t is an available typedef. */
-#cmakedefine HAVE_SIG_ATOMIC_T ${HAVE_SIG_ATOMIC_T}
-
-/* Define to 1 if sig_atomic_t is already defined as volatile. */
-#cmakedefine HAVE_SIG_ATOMIC_T_VOLATILE ${HAVE_SIG_ATOMIC_T_VOLATILE}
-
-/* Define to 1 if you have the `socket' function. */
-#cmakedefine HAVE_SOCKET ${HAVE_SOCKET}
-
-/* use SO_NONBLOCK for non-blocking sockets */
-#cmakedefine HAVE_SO_NONBLOCK ${HAVE_SO_NONBLOCK}
-
-/* Define this if you have the SPNEGO library fbopenssl */
-#cmakedefine HAVE_SPNEGO ${HAVE_SPNEGO}
-
-/* Define to 1 if you have the <ssl.h> header file. */
-#cmakedefine HAVE_SSL_H ${HAVE_SSL_H}
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#cmakedefine HAVE_STDINT_H ${HAVE_STDINT_H}
-
-/* Define to 1 if you have the <stdio.h> header file. */
-#cmakedefine HAVE_STDIO_H ${HAVE_STDIO_H}
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#cmakedefine HAVE_STDLIB_H ${HAVE_STDLIB_H}
-
-/* Define to 1 if you have the `strcasecmp' function. */
-#cmakedefine HAVE_STRCASECMP ${HAVE_STRCASECMP}
-
-/* Define to 1 if you have the `strcmpi' function. */
-#cmakedefine HAVE_STRCMPI ${HAVE_STRCMPI}
-
-/* Define to 1 if you have the `strdup' function. */
-#cmakedefine HAVE_STRDUP ${HAVE_STRDUP}
-
-/* Define to 1 if you have the `stricmp' function. */
-#cmakedefine HAVE_STRICMP ${HAVE_STRICMP}
-
-/* Define to 1 if you have the <strings.h> header file. */
-#cmakedefine HAVE_STRINGS_H ${HAVE_STRINGS_H}
-
-/* Define to 1 if you have the <string.h> header file. */
-#cmakedefine HAVE_STRING_H ${HAVE_STRING_H}
-
-/* Define to 1 if you have the `strlcpy' function. */
-#cmakedefine HAVE_STRLCPY ${HAVE_STRLCPY}
-
-/* Define to 1 if you have the `strstr' function. */
-#cmakedefine HAVE_STRSTR ${HAVE_STRSTR}
-
-/* Define to 1 if you have the `strtok_r' function. */
-#cmakedefine HAVE_STRTOK_R ${HAVE_STRTOK_R}
-
-/* Define to 1 if you have the `strtoll' function. */
-#cmakedefine HAVE_STRTOLL ${HAVE_STRTOLL}
-
-/* if struct sockaddr_storage is defined */
-#cmakedefine HAVE_STRUCT_SOCKADDR_STORAGE ${HAVE_STRUCT_SOCKADDR_STORAGE}
-
-/* Define to 1 if you have the timeval struct. */
-#cmakedefine HAVE_STRUCT_TIMEVAL ${HAVE_STRUCT_TIMEVAL}
-
-/* Define to 1 if you have the <sys/filio.h> header file. */
-#cmakedefine HAVE_SYS_FILIO_H ${HAVE_SYS_FILIO_H}
-
-/* Define to 1 if you have the <sys/ioctl.h> header file. */
-#cmakedefine HAVE_SYS_IOCTL_H ${HAVE_SYS_IOCTL_H}
-
-/* Define to 1 if you have the <sys/param.h> header file. */
-#cmakedefine HAVE_SYS_PARAM_H ${HAVE_SYS_PARAM_H}
-
-/* Define to 1 if you have the <sys/poll.h> header file. */
-#cmakedefine HAVE_SYS_POLL_H ${HAVE_SYS_POLL_H}
-
-/* Define to 1 if you have the <sys/resource.h> header file. */
-#cmakedefine HAVE_SYS_RESOURCE_H ${HAVE_SYS_RESOURCE_H}
-
-/* Define to 1 if you have the <sys/select.h> header file. */
-#cmakedefine HAVE_SYS_SELECT_H ${HAVE_SYS_SELECT_H}
-
-/* Define to 1 if you have the <sys/socket.h> header file. */
-#cmakedefine HAVE_SYS_SOCKET_H ${HAVE_SYS_SOCKET_H}
-
-/* Define to 1 if you have the <sys/sockio.h> header file. */
-#cmakedefine HAVE_SYS_SOCKIO_H ${HAVE_SYS_SOCKIO_H}
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#cmakedefine HAVE_SYS_STAT_H ${HAVE_SYS_STAT_H}
-
-/* Define to 1 if you have the <sys/time.h> header file. */
-#cmakedefine HAVE_SYS_TIME_H ${HAVE_SYS_TIME_H}
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#cmakedefine HAVE_SYS_TYPES_H ${HAVE_SYS_TYPES_H}
-
-/* Define to 1 if you have the <sys/utime.h> header file. */
-#cmakedefine HAVE_SYS_UTIME_H ${HAVE_SYS_UTIME_H}
-
-/* Define to 1 if you have the <termios.h> header file. */
-#cmakedefine HAVE_TERMIOS_H ${HAVE_TERMIOS_H}
-
-/* Define to 1 if you have the <termio.h> header file. */
-#cmakedefine HAVE_TERMIO_H ${HAVE_TERMIO_H}
-
-/* Define to 1 if you have the <time.h> header file. */
-#cmakedefine HAVE_TIME_H ${HAVE_TIME_H}
-
-/* Define to 1 if you have the <tld.h> header file. */
-#cmakedefine HAVE_TLD_H ${HAVE_TLD_H}
-
-/* Define to 1 if you have the `tld_strerror' function. */
-#cmakedefine HAVE_TLD_STRERROR ${HAVE_TLD_STRERROR}
-
-/* Define to 1 if you have the `uname' function. */
-#cmakedefine HAVE_UNAME ${HAVE_UNAME}
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#cmakedefine HAVE_UNISTD_H ${HAVE_UNISTD_H}
-
-/* Define to 1 if you have the `utime' function. */
-#cmakedefine HAVE_UTIME ${HAVE_UTIME}
-
-/* Define to 1 if you have the <utime.h> header file. */
-#cmakedefine HAVE_UTIME_H ${HAVE_UTIME_H}
-
-/* Define to 1 if you have the windows.h header file. */
-#cmakedefine HAVE_WINDOWS_H ${HAVE_WINDOWS_H}
-
-/* Define to 1 if you have the winsock2.h header file. */
-#cmakedefine HAVE_WINSOCK2_H ${HAVE_WINSOCK2_H}
-
-/* Define to 1 if you have the winsock.h header file. */
-#cmakedefine HAVE_WINSOCK_H ${HAVE_WINSOCK_H}
-
-/* Define this symbol if your OS supports changing the contents of argv */
-#cmakedefine HAVE_WRITABLE_ARGV ${HAVE_WRITABLE_ARGV}
-
-/* Define to 1 if you have the ws2tcpip.h header file. */
-#cmakedefine HAVE_WS2TCPIP_H ${HAVE_WS2TCPIP_H}
-
-/* Define to 1 if you have the <x509.h> header file. */
-#cmakedefine HAVE_X509_H ${HAVE_X509_H}
-
-/* if you have the zlib.h header file */
-#cmakedefine HAVE_ZLIB_H ${HAVE_ZLIB_H}
-
-/* If you lack a fine basename() prototype */
-#cmakedefine NEED_BASENAME_PROTO ${NEED_BASENAME_PROTO}
-
-/* Define to 1 if you need the malloc.h header file even with stdlib.h */
-#cmakedefine NEED_MALLOC_H ${NEED_MALLOC_H}
-
-/* need REENTRANT defined */
-#cmakedefine NEED_REENTRANT ${NEED_REENTRANT}
-
-/* cpu-machine-OS */
-#define OS "${OPERATING_SYSTEM}"
-
-/* Name of package */
-#cmakedefine PACKAGE "${PACKAGE}"
-
-/* Define to the address where bug reports for this package should be sent. */
-#cmakedefine PACKAGE_BUGREPORT "${PACKAGE_BUGREPORT}"
-
-/* Define to the full name of this package. */
-#cmakedefine PACKAGE_NAME "${PACKAGE_NAME}"
-
-/* Define to the full name and version of this package. */
-#cmakedefine PACKAGE_STRING "${PACKAGE_STRING}"
-
-/* Define to the one symbol short name of this package. */
-#cmakedefine PACKAGE_TARNAME "${PACKAGE_TARNAME}"
-
-/* Define to the version of this package. */
-#cmakedefine PACKAGE_VERSION "${PACKAGE_VERSION}"
-
-/* a suitable file to read random data from */
-#cmakedefine RANDOM_FILE "${RANDOM_FILE}"
-
-/* Define to the type of arg 1 for recv. */
-#cmakedefine RECV_TYPE_ARG1 ${RECV_TYPE_ARG1}
-
-/* Define to the type of arg 2 for recv. */
-#cmakedefine RECV_TYPE_ARG2 ${RECV_TYPE_ARG2}
-
-/* Define to the type of arg 3 for recv. */
-#cmakedefine RECV_TYPE_ARG3 ${RECV_TYPE_ARG3}
-
-/* Define to the type of arg 4 for recv. */
-#cmakedefine RECV_TYPE_ARG4 ${RECV_TYPE_ARG4}
-
-/* Define to the function return type for recv. */
-#cmakedefine RECV_TYPE_RETV ${RECV_TYPE_RETV}
-
-/* Define as the return type of signal handlers (`int' or `void'). */
-#cmakedefine RETSIGTYPE ${RETSIGTYPE}
-
-/* Define to the type of arg 1 for `select'. */
-#cmakedefine SELECT_TYPE_ARG1 ${SELECT_TYPE_ARG1}
-
-/* Define to the type of args 2, 3 and 4 for `select'. */
-#cmakedefine SELECT_TYPE_ARG234 ${SELECT_TYPE_ARG234}
-
-/* Define to the type of arg 5 for `select'. */
-#cmakedefine SELECT_TYPE_ARG5 ${SELECT_TYPE_ARG5}
-
-/* Define to the type qualifier of arg 2 for send. */
-#cmakedefine SEND_QUAL_ARG2 ${SEND_QUAL_ARG2}
-
-/* Define to the type of arg 1 for send. */
-#cmakedefine SEND_TYPE_ARG1 ${SEND_TYPE_ARG1}
-
-/* Define to the type of arg 2 for send. */
-#cmakedefine SEND_TYPE_ARG2 ${SEND_TYPE_ARG2}
-
-/* Define to the type of arg 3 for send. */
-#cmakedefine SEND_TYPE_ARG3 ${SEND_TYPE_ARG3}
-
-/* Define to the type of arg 4 for send. */
-#cmakedefine SEND_TYPE_ARG4 ${SEND_TYPE_ARG4}
-
-/* Define to the function return type for send. */
-#cmakedefine SEND_TYPE_RETV ${SEND_TYPE_RETV}
-
-/* The size of `curl_off_t', as computed by sizeof. */
-@SIZEOF_CURL_OFF_T_CODE@
-
-/* The size of `long', as computed by sizeof. */
-@SIZEOF_LONG_CODE@
-
-/* The size of `long long', as computed by sizeof. */
-@SIZEOF_LONG_LONG_CODE@
-
-/* The size of `__int64', as computed by sizeof. */
-@SIZEOF___INT64_CODE@
-
-/* The size of `size_t', as computed by sizeof. */
-@SIZEOF_SIZE_T_CODE@
-
-/* The size of `ssize_t', as computed by sizeof. */
-@SIZEOF_SSIZE_T_CODE@
-
-/* The size of `time_t', as computed by sizeof. */
-@SIZEOF_TIME_T_CODE@
-
-/* Define to 1 if you have the ANSI C header files. */
-#cmakedefine STDC_HEADERS ${STDC_HEADERS}
-
-/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
-#cmakedefine TIME_WITH_SYS_TIME ${TIME_WITH_SYS_TIME}
-
-/* Define if you want to enable ares support */
-#cmakedefine USE_ARES ${USE_ARES}
-
-/* if GnuTLS is enabled */
-#cmakedefine USE_GNUTLS ${USE_GNUTLS}
-
-/* if libSSH2 is in use */
-#cmakedefine USE_LIBSSH2 ${USE_LIBSSH2}
-
-/* If you want to build curl with the built-in manual */
-#cmakedefine USE_MANUAL ${USE_MANUAL}
-
-/* if OpenSSL is in use */
-#cmakedefine USE_OPENSSL ${USE_OPENSSL}
-
-/* if SSL is enabled */
-#cmakedefine USE_SSLEAY ${USE_SSLEAY}
-
-/* to enable SSPI support */
-#cmakedefine USE_WINDOWS_SSPI ${USE_WINDOWS_SSPI}
-
-/* Version number of package */
-#cmakedefine VERSION "${VERSION}"
-
-/* Define to avoid automatic inclusion of winsock.h */
-#cmakedefine WIN32_LEAN_AND_MEAN ${WIN32_LEAN_AND_MEAN}
-
-/* Define to 1 if on AIX 3.
-   System headers sometimes define this.
-   We just want to avoid a redefinition error message.  */
-#ifndef _ALL_SOURCE
-#cmakedefine _ALL_SOURCE ${_ALL_SOURCE}
-#endif
-
-/* Number of bits in a file offset, on hosts where this is settable. */
-#cmakedefine _FILE_OFFSET_BITS ${_FILE_OFFSET_BITS}
-
-/* Define for large files, on AIX-style hosts. */
-#cmakedefine _LARGE_FILES ${_LARGE_FILES}
-
-/* define this if you need it to compile thread-safe code */
-#cmakedefine _THREAD_SAFE ${_THREAD_SAFE}
-
-/* Define to empty if `const' does not conform to ANSI C. */
-#cmakedefine const ${const}
-
-/* type to use in place of in_addr_t if not defined */
-#cmakedefine in_addr_t ${in_addr_t}
-
-/* Define to `unsigned int' if <sys/types.h> does not define. */
-#cmakedefine size_t ${size_t}
-
-/* type to use in place of socklen_t if not defined */
-#cmakedefine socklen_t ${socklen_t}
-
-/* the signed version of size_t */
-#ifndef SIZEOF_SSIZE_T
-# if SIZEOF_LONG == SIZEOF_SIZE_T
-   typedef long ssize_t;
-# elif SIZEOF_LONG_LONG == SIZEOF_SIZE_T
-   typedef long long ssize_t;
-# elif SIZEOF___INT64 == SIZEOF_SIZE_T
-   typedef __int64 ssize_t;
-# else
-   typedef int ssize_t;
-# endif
-#endif
-
-/* Special handling of zlib library */
-#cmakedefine CURL_SPECIAL_ZLIB_H "${CURL_SPECIAL_ZLIB_H}"
diff --git a/Utilities/cmcurl/connect.c b/Utilities/cmcurl/connect.c
deleted file mode 100644
index 2b38972..0000000
--- a/Utilities/cmcurl/connect.c
+++ /dev/null
@@ -1,905 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#ifndef WIN32
-/* headers for non-win32 */
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h> /* <netinet/tcp.h> may need it */
-#endif
-#ifdef HAVE_NETINET_TCP_H
-#include <netinet/tcp.h> /* for TCP_NODELAY */
-#endif
-#ifdef HAVE_SYS_IOCTL_H
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h> /* required for free() prototype, without it, this crashes
-                       on macos 68K */
-#endif
-#if (defined(HAVE_FIONBIO) && defined(__NOVELL_LIBC__))
-#include <sys/filio.h>
-#endif
-#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
-#undef in_addr_t
-#define in_addr_t unsigned long
-#endif
-#ifdef VMS
-#include <in.h>
-#include <inet.h>
-#endif
-
-#endif
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-
-#ifndef TRUE
-#define TRUE 1
-#define FALSE 0
-#endif
-
-#ifdef USE_WINSOCK
-#define EINPROGRESS WSAEINPROGRESS
-#define EWOULDBLOCK WSAEWOULDBLOCK
-#define EISCONN     WSAEISCONN
-#define ENOTSOCK    WSAENOTSOCK
-#define ECONNREFUSED WSAECONNREFUSED
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "if2ip.h"
-#include "strerror.h"
-#include "connect.h"
-#include "memory.h"
-#include "select.h"
-#include "url.h" /* for Curl_safefree() */
-#include "multiif.h"
-#include "sockaddr.h" /* required for Curl_sockaddr_storage */
-#include "inet_ntop.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-static bool verifyconnect(curl_socket_t sockfd, int *error);
-
-static curl_socket_t
-singleipconnect(struct connectdata *conn,
-                const Curl_addrinfo *ai, /* start connecting to this */
-                long timeout_ms,
-                bool *connected);
-
-/*
- * Curl_sockerrno() returns the *socket-related* errno (or equivalent) on this
- * platform to hide platform specific for the function that calls this.
- */
-int Curl_sockerrno(void)
-{
-#ifdef USE_WINSOCK
-  return (int)WSAGetLastError();
-#else
-  return errno;
-#endif
-}
-
-/*
- * Curl_nonblock() set the given socket to either blocking or non-blocking
- * mode based on the 'nonblock' boolean argument. This function is highly
- * portable.
- */
-int Curl_nonblock(curl_socket_t sockfd,    /* operate on this */
-                  int nonblock   /* TRUE or FALSE */)
-{
-#undef SETBLOCK
-#define SETBLOCK 0
-#ifdef HAVE_O_NONBLOCK
-  /* most recent unix versions */
-  int flags;
-
-  flags = fcntl(sockfd, F_GETFL, 0);
-  if (TRUE == nonblock)
-    return fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
-  else
-    return fcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));
-#undef SETBLOCK
-#define SETBLOCK 1
-#endif
-
-#if defined(HAVE_FIONBIO) && (SETBLOCK == 0)
-  /* older unix versions */
-  int flags;
-
-  flags = nonblock;
-  return ioctl(sockfd, FIONBIO, &flags);
-#undef SETBLOCK
-#define SETBLOCK 2
-#endif
-
-#if defined(HAVE_IOCTLSOCKET) && (SETBLOCK == 0)
-  /* Windows? */
-  unsigned long flags;
-  flags = nonblock;
-
-  return ioctlsocket(sockfd, FIONBIO, &flags);
-#undef SETBLOCK
-#define SETBLOCK 3
-#endif
-
-#if defined(HAVE_IOCTLSOCKET_CASE) && (SETBLOCK == 0)
-  /* presumably for Amiga */
-  return IoctlSocket(sockfd, FIONBIO, (long)nonblock);
-#undef SETBLOCK
-#define SETBLOCK 4
-#endif
-
-#if defined(HAVE_SO_NONBLOCK) && (SETBLOCK == 0)
-  /* BeOS */
-  long b = nonblock ? 1 : 0;
-  return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
-#undef SETBLOCK
-#define SETBLOCK 5
-#endif
-
-#ifdef HAVE_DISABLED_NONBLOCKING
-  return 0; /* returns success */
-#undef SETBLOCK
-#define SETBLOCK 6
-#endif
-
-#if (SETBLOCK == 0)
-#error "no non-blocking method was found/used/set"
-#endif
-}
-
-/*
- * waitconnect() waits for a TCP connect on the given socket for the specified
- * number if milliseconds. It returns:
- * 0    fine connect
- * -1   select() error
- * 1    select() timeout
- * 2    select() returned with an error condition fd_set
- */
-
-#define WAITCONN_CONNECTED     0
-#define WAITCONN_SELECT_ERROR -1
-#define WAITCONN_TIMEOUT       1
-#define WAITCONN_FDSET_ERROR   2
-
-static
-int waitconnect(curl_socket_t sockfd, /* socket */
-                long timeout_msec)
-{
-  int rc;
-#ifdef mpeix
-  /* Call this function once now, and ignore the results. We do this to
-     "clear" the error state on the socket so that we can later read it
-     reliably. This is reported necessary on the MPE/iX operating system. */
-  (void)verifyconnect(sockfd, NULL);
-#endif
-
-  /* now select() until we get connect or timeout */
-  rc = Curl_select(CURL_SOCKET_BAD, sockfd, (int)timeout_msec);
-  if(-1 == rc)
-    /* error, no connect here, try next */
-    return WAITCONN_SELECT_ERROR;
-
-  else if(0 == rc)
-    /* timeout, no connect today */
-    return WAITCONN_TIMEOUT;
-
-  if(rc & CSELECT_ERR)
-    /* error condition caught */
-    return WAITCONN_FDSET_ERROR;
-
-  /* we have a connect! */
-  return WAITCONN_CONNECTED;
-}
-
-static CURLcode bindlocal(struct connectdata *conn,
-                          curl_socket_t sockfd)
-{
-  struct SessionHandle *data = conn->data;
-  struct sockaddr_in me;
-  struct sockaddr *sock = NULL;  /* bind to this address */
-  socklen_t socksize; /* size of the data sock points to */
-  unsigned short port = data->set.localport; /* use this port number, 0 for
-                                                "random" */
-  /* how many port numbers to try to bind to, increasing one at a time */
-  int portnum = data->set.localportrange;
-
-  /*************************************************************
-   * Select device to bind socket to
-   *************************************************************/
-  if (data->set.device && (strlen(data->set.device)<255) ) {
-    struct Curl_dns_entry *h=NULL;
-    char myhost[256] = "";
-    in_addr_t in;
-    int rc;
-    bool was_iface = FALSE;
-
-    /* First check if the given name is an IP address */
-    in=inet_addr(data->set.device);
-
-    if((in == CURL_INADDR_NONE) &&
-       Curl_if2ip(data->set.device, myhost, sizeof(myhost))) {
-      /*
-       * We now have the numerical IPv4-style x.y.z.w in the 'myhost' buffer
-       */
-      rc = Curl_resolv(conn, myhost, 0, &h);
-      if(rc == CURLRESOLV_PENDING)
-        (void)Curl_wait_for_resolv(conn, &h);
-
-      if(h) {
-        was_iface = TRUE;
-        Curl_resolv_unlock(data, h);
-      }
-    }
-
-    if(!was_iface) {
-      /*
-       * This was not an interface, resolve the name as a host name
-       * or IP number
-       */
-      rc = Curl_resolv(conn, data->set.device, 0, &h);
-      if(rc == CURLRESOLV_PENDING)
-        (void)Curl_wait_for_resolv(conn, &h);
-
-      if(h) {
-        if(in == CURL_INADDR_NONE)
-          /* convert the resolved address, sizeof myhost >= INET_ADDRSTRLEN */
-          Curl_inet_ntop(h->addr->ai_addr->sa_family,
-                         &((struct sockaddr_in*)h->addr->ai_addr)->sin_addr,
-                         myhost, sizeof myhost);
-        else
-          /* we know data->set.device is shorter than the myhost array */
-          strcpy(myhost, data->set.device);
-        Curl_resolv_unlock(data, h);
-      }
-    }
-
-    if(! *myhost) {
-      /* need to fix this
-         h=Curl_gethost(data,
-         getmyhost(*myhost,sizeof(myhost)),
-         hostent_buf,
-         sizeof(hostent_buf));
-      */
-      failf(data, "Couldn't bind to '%s'", data->set.device);
-      return CURLE_HTTP_PORT_FAILED;
-    }
-
-    infof(data, "Bind local address to %s\n", myhost);
-
-#ifdef SO_BINDTODEVICE
-    /* I am not sure any other OSs than Linux that provide this feature, and
-     * at the least I cannot test. --Ben
-     *
-     * This feature allows one to tightly bind the local socket to a
-     * particular interface.  This will force even requests to other local
-     * interfaces to go out the external interface.
-     *
-     */
-    if (was_iface) {
-      /* Only bind to the interface when specified as interface, not just as a
-       * hostname or ip address.
-       */
-      if (setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
-                     data->set.device, strlen(data->set.device)+1) != 0) {
-        /* printf("Failed to BINDTODEVICE, socket: %d  device: %s error: %s\n",
-           sockfd, data->set.device, Curl_strerror(Curl_sockerrno())); */
-        infof(data, "SO_BINDTODEVICE %s failed\n",
-              data->set.device);
-        /* This is typically "errno 1, error: Operation not permitted" if
-           you're not running as root or another suitable privileged user */
-      }
-    }
-#endif
-
-    in=inet_addr(myhost);
-    if (CURL_INADDR_NONE == in) {
-      failf(data,"couldn't find my own IP address (%s)", myhost);
-      return CURLE_HTTP_PORT_FAILED;
-    } /* end of inet_addr */
-
-    if ( h ) {
-      Curl_addrinfo *addr = h->addr;
-      sock = addr->ai_addr;
-      socksize = addr->ai_addrlen;
-    }
-    else
-      return CURLE_HTTP_PORT_FAILED;
-
-  }
-  else if(port) {
-    /* if a local port number is requested but no local IP, extract the
-       address from the socket */
-    memset(&me, 0, sizeof(struct sockaddr));
-    me.sin_family = AF_INET;
-    me.sin_addr.s_addr = INADDR_ANY;
-
-    sock = (struct sockaddr *)&me;
-    socksize = sizeof(struct sockaddr);
-
-  }
-  else
-    /* no local kind of binding was requested */
-    return CURLE_OK;
-
-  do {
-
-    /* Set port number to bind to, 0 makes the system pick one */
-    if(sock->sa_family == AF_INET)
-      ((struct sockaddr_in *)sock)->sin_port = htons(port);
-#ifdef ENABLE_IPV6
-    else
-      ((struct sockaddr_in6 *)sock)->sin6_port = htons(port);
-#endif
-
-    if( bind(sockfd, sock, socksize) >= 0) {
-      /* we succeeded to bind */
-      struct Curl_sockaddr_storage add;
-      socklen_t size;
-
-      size = sizeof(add);
-      if(getsockname(sockfd, (struct sockaddr *) &add, &size) < 0) {
-        failf(data, "getsockname() failed");
-        return CURLE_HTTP_PORT_FAILED;
-      }
-      /* We re-use/clobber the port variable here below */
-      if(((struct sockaddr *)&add)->sa_family == AF_INET)
-        port = ntohs(((struct sockaddr_in *)&add)->sin_port);
-#ifdef ENABLE_IPV6
-      else
-        port = ntohs(((struct sockaddr_in6 *)&add)->sin6_port);
-#endif
-      infof(data, "Local port: %d\n", port);
-      return CURLE_OK;
-    }
-    if(--portnum > 0) {
-      infof(data, "Bind to local port %d failed, trying next\n", port);
-      port++; /* try next port */
-    }
-    else
-      break;
-  } while(1);
-
-  data->state.os_errno = Curl_sockerrno();
-  failf(data, "bind failure: %s",
-        Curl_strerror(conn, data->state.os_errno));
-  return CURLE_HTTP_PORT_FAILED;
-
-}
-
-/*
- * verifyconnect() returns TRUE if the connect really has happened.
- */
-static bool verifyconnect(curl_socket_t sockfd, int *error)
-{
-  bool rc = TRUE;
-#ifdef SO_ERROR
-  int err = 0;
-  socklen_t errSize = sizeof(err);
-
-#ifdef WIN32
-  /*
-   * In October 2003 we effectively nullified this function on Windows due to
-   * problems with it using all CPU in multi-threaded cases.
-   *
-   * In May 2004, we bring it back to offer more info back on connect failures.
-   * Gisle Vanem could reproduce the former problems with this function, but
-   * could avoid them by adding this SleepEx() call below:
-   *
-   *    "I don't have Rational Quantify, but the hint from his post was
-   *    ntdll::NtRemoveIoCompletion(). So I'd assume the SleepEx (or maybe
-   *    just Sleep(0) would be enough?) would release whatever
-   *    mutex/critical-section the ntdll call is waiting on.
-   *
-   *    Someone got to verify this on Win-NT 4.0, 2000."
-   */
-
-#ifdef _WIN32_WCE
-  Sleep(0);
-#else
-  SleepEx(0, FALSE);
-#endif
-
-#endif
-
-  if( -1 == getsockopt(sockfd, SOL_SOCKET, SO_ERROR,
-                       (void *)&err, &errSize))
-    err = Curl_sockerrno();
-
-#ifdef _WIN32_WCE
-  /* Always returns this error, bug in CE? */
-  if(WSAENOPROTOOPT==err)
-    err=0;
-#endif
-
-  if ((0 == err) || (EISCONN == err))
-    /* we are connected, awesome! */
-    rc = TRUE;
-  else
-    /* This wasn't a successful connect */
-    rc = FALSE;
-  if (error)
-    *error = err;
-#else
-  (void)sockfd;
-  if (error)
-    *error = Curl_sockerrno();
-#endif
-  return rc;
-}
-
-CURLcode Curl_store_ip_addr(struct connectdata *conn)
-{
-  char addrbuf[256];
-  Curl_printable_address(conn->ip_addr, addrbuf, sizeof(addrbuf));
-
-  /* save the string */
-  Curl_safefree(conn->ip_addr_str);
-  conn->ip_addr_str = strdup(addrbuf);
-  if(!conn->ip_addr_str)
-    return CURLE_OUT_OF_MEMORY; /* FAIL */
-
-#ifdef PF_INET6
-  if(conn->ip_addr->ai_family == PF_INET6)
-    conn->bits.ipv6 = TRUE;
-#endif
-
-  return CURLE_OK;
-}
-
-/* Used within the multi interface. Try next IP address, return TRUE if no
-   more address exists */
-static bool trynextip(struct connectdata *conn,
-                      int sockindex,
-                      bool *connected)
-{
-  curl_socket_t sockfd;
-  Curl_addrinfo *ai;
-
-  /* first close the failed socket */
-  sclose(conn->sock[sockindex]);
-  conn->sock[sockindex] = CURL_SOCKET_BAD;
-  *connected = FALSE;
-
-  if(sockindex != FIRSTSOCKET)
-    return TRUE; /* no next */
-
-  /* try the next address */
-  ai = conn->ip_addr->ai_next;
-
-  while (ai) {
-    sockfd = singleipconnect(conn, ai, 0L, connected);
-    if(sockfd != CURL_SOCKET_BAD) {
-      /* store the new socket descriptor */
-      conn->sock[sockindex] = sockfd;
-      conn->ip_addr = ai;
-
-      Curl_store_ip_addr(conn);
-      return FALSE;
-    }
-    ai = ai->ai_next;
-  }
-  return TRUE;
-}
-
-/*
- * Curl_is_connected() is used from the multi interface to check if the
- * firstsocket has connected.
- */
-
-CURLcode Curl_is_connected(struct connectdata *conn,
-                           int sockindex,
-                           bool *connected)
-{
-  int rc;
-  struct SessionHandle *data = conn->data;
-  CURLcode code = CURLE_OK;
-  curl_socket_t sockfd = conn->sock[sockindex];
-  long allow = DEFAULT_CONNECT_TIMEOUT;
-  long allow_total = 0;
-  long has_passed;
-
-  curlassert(sockindex >= FIRSTSOCKET && sockindex <= SECONDARYSOCKET);
-
-  *connected = FALSE; /* a very negative world view is best */
-
-  /* Evaluate in milliseconds how much time that has passed */
-  has_passed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
-
-  /* subtract the most strict timeout of the ones */
-  if(data->set.timeout && data->set.connecttimeout) {
-    if (data->set.timeout < data->set.connecttimeout)
-      allow_total = allow = data->set.timeout*1000;
-    else
-      allow = data->set.connecttimeout*1000;
-  }
-  else if(data->set.timeout) {
-    allow_total = allow = data->set.timeout*1000;
-  }
-  else if(data->set.connecttimeout) {
-    allow = data->set.connecttimeout*1000;
-  }
-
-  if(has_passed > allow ) {
-    /* time-out, bail out, go home */
-    failf(data, "Connection time-out after %ld ms", has_passed);
-    return CURLE_OPERATION_TIMEOUTED;
-  }
-  if(conn->bits.tcpconnect) {
-    /* we are connected already! */
-    Curl_expire(data, allow_total);
-    *connected = TRUE;
-    return CURLE_OK;
-  }
-
-  Curl_expire(data, allow);
-
-  /* check for connect without timeout as we want to return immediately */
-  rc = waitconnect(sockfd, 0);
-
-  if(WAITCONN_CONNECTED == rc) {
-    int error;
-    if (verifyconnect(sockfd, &error)) {
-      /* we are connected, awesome! */
-      *connected = TRUE;
-      return CURLE_OK;
-    }
-    /* nope, not connected for real */
-    data->state.os_errno = error;
-    infof(data, "Connection failed\n");
-    if(trynextip(conn, sockindex, connected)) {
-      code = CURLE_COULDNT_CONNECT;
-    }
-  }
-  else if(WAITCONN_TIMEOUT != rc) {
-    int error = 0;
-
-    /* nope, not connected  */
-    if (WAITCONN_FDSET_ERROR == rc) {
-      (void)verifyconnect(sockfd, &error);
-      data->state.os_errno = error;
-      infof(data, "%s\n",Curl_strerror(conn,error));
-    }
-    else
-      infof(data, "Connection failed\n");
-
-    if(trynextip(conn, sockindex, connected)) {
-      error = Curl_sockerrno();
-      data->state.os_errno = error;
-      failf(data, "Failed connect to %s:%d; %s",
-            conn->host.name, conn->port, Curl_strerror(conn,error));
-      code = CURLE_COULDNT_CONNECT;
-    }
-  }
-  /*
-   * If the connection failed here, we should attempt to connect to the "next
-   * address" for the given host.
-   */
-
-  return code;
-}
-
-static void tcpnodelay(struct connectdata *conn,
-                       curl_socket_t sockfd)
-{
-#ifdef TCP_NODELAY
-  struct SessionHandle *data= conn->data;
-  socklen_t onoff = (socklen_t) data->set.tcp_nodelay;
-  int proto = IPPROTO_TCP;
-
-#ifdef HAVE_GETPROTOBYNAME
-  struct protoent *pe = getprotobyname("tcp");
-  if (pe)
-    proto = pe->p_proto;
-#endif
-
-  if(setsockopt(sockfd, proto, TCP_NODELAY, (void *)&onoff,
-                sizeof(onoff)) < 0)
-    infof(data, "Could not set TCP_NODELAY: %s\n",
-          Curl_strerror(conn, Curl_sockerrno()));
-  else
-    infof(data,"TCP_NODELAY set\n");
-#else
-  (void)conn;
-  (void)sockfd;
-#endif
-}
-
-#ifdef SO_NOSIGPIPE
-/* The preferred method on Mac OS X (10.2 and later) to prevent SIGPIPEs when
-   sending data to a dead peer (instead of relying on the 4th argument to send
-   being MSG_NOSIGNAL). Possibly also existing and in use on other BSD
-   systems? */
-static void nosigpipe(struct connectdata *conn,
-                      curl_socket_t sockfd)
-{
-  struct SessionHandle *data= conn->data;
-  int onoff = 1;
-  if(setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, (void *)&onoff,
-                sizeof(onoff)) < 0)
-    infof(data, "Could not set SO_NOSIGPIPE: %s\n",
-          Curl_strerror(conn, Curl_sockerrno()));
-}
-#else
-#define nosigpipe(x,y)
-#endif
-
-/* singleipconnect() connects to the given IP only, and it may return without
-   having connected if used from the multi interface. */
-static curl_socket_t
-singleipconnect(struct connectdata *conn,
-                const Curl_addrinfo *ai,
-                long timeout_ms,
-                bool *connected)
-{
-  char addr_buf[128];
-  int rc;
-  int error;
-  bool isconnected;
-  struct SessionHandle *data = conn->data;
-  curl_socket_t sockfd;
-  CURLcode res;
-
-  sockfd = socket(ai->ai_family, conn->socktype, ai->ai_protocol);
-  if (sockfd == CURL_SOCKET_BAD)
-    return CURL_SOCKET_BAD;
-
-  *connected = FALSE; /* default is not connected */
-
-  Curl_printable_address(ai, addr_buf, sizeof(addr_buf));
-  infof(data, "  Trying %s... ", addr_buf);
-
-  if(data->set.tcp_nodelay)
-    tcpnodelay(conn, sockfd);
-
-  nosigpipe(conn, sockfd);
-
-  if(data->set.fsockopt) {
-    /* activate callback for setting socket options */
-    error = data->set.fsockopt(data->set.sockopt_client,
-                               sockfd,
-                               CURLSOCKTYPE_IPCXN);
-    if (error) {
-      sclose(sockfd); /* close the socket and bail out */
-      return CURL_SOCKET_BAD;
-    }
-  }
-
-  /* possibly bind the local end to an IP, interface or port */
-  res = bindlocal(conn, sockfd);
-  if(res) {
-    sclose(sockfd); /* close socket and bail out */
-    return CURL_SOCKET_BAD;
-  }
-
-  /* set socket non-blocking */
-  Curl_nonblock(sockfd, TRUE);
-
-  /* Connect TCP sockets, bind UDP */
-  if(conn->socktype == SOCK_STREAM)
-    rc = connect(sockfd, ai->ai_addr, ai->ai_addrlen);
-  else
-    rc = 0;
-
-  if(-1 == rc) {
-    error = Curl_sockerrno();
-
-    switch (error) {
-    case EINPROGRESS:
-    case EWOULDBLOCK:
-#if defined(EAGAIN) && EAGAIN != EWOULDBLOCK
-      /* On some platforms EAGAIN and EWOULDBLOCK are the
-       * same value, and on others they are different, hence
-       * the odd #if
-       */
-    case EAGAIN:
-#endif
-      rc = waitconnect(sockfd, timeout_ms);
-      break;
-    default:
-      /* unknown error, fallthrough and try another address! */
-      failf(data, "Failed to connect to %s: %s",
-            addr_buf, Curl_strerror(conn,error));
-      data->state.os_errno = error;
-      break;
-    }
-  }
-
-  /* The 'WAITCONN_TIMEOUT == rc' comes from the waitconnect(), and not from
-     connect(). We can be sure of this since connect() cannot return 1. */
-  if((WAITCONN_TIMEOUT == rc) &&
-     (data->state.used_interface == Curl_if_multi)) {
-    /* Timeout when running the multi interface */
-    return sockfd;
-  }
-
-  isconnected = verifyconnect(sockfd, &error);
-
-  if(!rc && isconnected) {
-    /* we are connected, awesome! */
-    *connected = TRUE; /* this is a true connect */
-    infof(data, "connected\n");
-    return sockfd;
-  }
-  else if(WAITCONN_TIMEOUT == rc)
-    infof(data, "Timeout\n");
-  else {
-    data->state.os_errno = error;
-    infof(data, "%s\n", Curl_strerror(conn, error));
-  }
-
-  /* connect failed or timed out */
-  sclose(sockfd);
-
-  return CURL_SOCKET_BAD;
-}
-
-/*
- * TCP connect to the given host with timeout, proxy or remote doesn't matter.
- * There might be more than one IP address to try out. Fill in the passed
- * pointer with the connected socket.
- */
-
-CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
-                          const struct Curl_dns_entry *remotehost, /* use this one */
-                          curl_socket_t *sockconn,   /* the connected socket */
-                          Curl_addrinfo **addr,      /* the one we used */
-                          bool *connected)           /* really connected? */
-{
-  struct SessionHandle *data = conn->data;
-  curl_socket_t sockfd = CURL_SOCKET_BAD;
-  int aliasindex;
-  int num_addr;
-  Curl_addrinfo *ai;
-  Curl_addrinfo *curr_addr;
-
-  struct timeval after;
-  struct timeval before = Curl_tvnow();
-
-  /*************************************************************
-   * Figure out what maximum time we have left
-   *************************************************************/
-  long timeout_ms= DEFAULT_CONNECT_TIMEOUT;
-  long timeout_per_addr;
-
-  *connected = FALSE; /* default to not connected */
-
-  if(data->set.timeout || data->set.connecttimeout) {
-    long has_passed;
-
-    /* Evaluate in milliseconds how much time that has passed */
-    has_passed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
-
-#ifndef min
-#define min(a, b)   ((a) < (b) ? (a) : (b))
-#endif
-
-    /* get the most strict timeout of the ones converted to milliseconds */
-    if(data->set.timeout && data->set.connecttimeout) {
-      if (data->set.timeout < data->set.connecttimeout)
-        timeout_ms = data->set.timeout*1000;
-      else
-        timeout_ms = data->set.connecttimeout*1000;
-    }
-    else if(data->set.timeout)
-      timeout_ms = data->set.timeout*1000;
-    else
-      timeout_ms = data->set.connecttimeout*1000;
-
-    /* subtract the passed time */
-    timeout_ms -= has_passed;
-
-    if(timeout_ms < 0) {
-      /* a precaution, no need to continue if time already is up */
-      failf(data, "Connection time-out");
-      return CURLE_OPERATION_TIMEOUTED;
-    }
-  }
-  Curl_expire(data, timeout_ms);
-
-  /* Max time for each address */
-  num_addr = Curl_num_addresses(remotehost->addr);
-  timeout_per_addr = timeout_ms / num_addr;
-
-  ai = remotehost->addr;
-
-  /* Below is the loop that attempts to connect to all IP-addresses we
-   * know for the given host. One by one until one IP succeeds.
-   */
-
-  if(data->state.used_interface == Curl_if_multi)
-    /* don't hang when doing multi */
-    timeout_per_addr = 0;
-
-  /*
-   * Connecting with a Curl_addrinfo chain
-   */
-  for (curr_addr = ai, aliasindex=0; curr_addr;
-       curr_addr = curr_addr->ai_next, aliasindex++) {
-
-    /* start connecting to the IP curr_addr points to */
-    sockfd = singleipconnect(conn, curr_addr, timeout_per_addr, connected);
-
-    if(sockfd != CURL_SOCKET_BAD)
-      break;
-
-    /* get a new timeout for next attempt */
-    after = Curl_tvnow();
-    timeout_ms -= Curl_tvdiff(after, before);
-    if(timeout_ms < 0) {
-      failf(data, "connect() timed out!");
-      return CURLE_OPERATION_TIMEOUTED;
-    }
-    before = after;
-  }  /* end of connect-to-each-address loop */
-
-  if (sockfd == CURL_SOCKET_BAD) {
-    /* no good connect was made */
-    *sockconn = CURL_SOCKET_BAD;
-    failf(data, "couldn't connect to host");
-    return CURLE_COULDNT_CONNECT;
-  }
-
-  /* leave the socket in non-blocking mode */
-
-  /* store the address we use */
-  if(addr)
-    *addr = curr_addr;
-
-  /* allow NULL-pointers to get passed in */
-  if(sockconn)
-    *sockconn = sockfd;    /* the socket descriptor we've connected */
-
-  data->info.numconnects++; /* to track the number of connections made */
-
-  return CURLE_OK;
-}
diff --git a/Utilities/cmcurl/connect.h b/Utilities/cmcurl/connect.h
deleted file mode 100644
index 599572b..0000000
--- a/Utilities/cmcurl/connect.h
+++ /dev/null
@@ -1,46 +0,0 @@
-#ifndef __CONNECT_H
-#define __CONNECT_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-int Curl_nonblock(curl_socket_t sockfd,    /* operate on this */
-                  int nonblock   /* TRUE or FALSE */);
-
-CURLcode Curl_is_connected(struct connectdata *conn,
-                           int sockindex,
-                           bool *connected);
-
-CURLcode Curl_connecthost(struct connectdata *conn,
-                          const struct Curl_dns_entry *host, /* connect to this */
-                          curl_socket_t *sockconn, /* not set if error */
-                          Curl_addrinfo **addr, /* the one we used */
-                          bool *connected /* truly connected? */
-                          );
-
-int Curl_sockerrno(void);
-
-CURLcode Curl_store_ip_addr(struct connectdata *conn);
-
-#define DEFAULT_CONNECT_TIMEOUT 300000 /* milliseconds == five minutes */
-
-#endif
diff --git a/Utilities/cmcurl/curl/types.h b/Utilities/cmcurl/curl/types.h
deleted file mode 100644
index d37d6ae..0000000
--- a/Utilities/cmcurl/curl/types.h
+++ /dev/null
@@ -1 +0,0 @@
-/* not used */
diff --git a/Utilities/cmcurl/Testing/curltest.c b/Utilities/cmcurl/curltest.c
index 210868e..210868e 100644
--- a/Utilities/cmcurl/Testing/curltest.c
+++ b/Utilities/cmcurl/curltest.c
diff --git a/Utilities/cmcurl/easy.c b/Utilities/cmcurl/easy.c
deleted file mode 100644
index 209d1c3..0000000
--- a/Utilities/cmcurl/easy.c
+++ /dev/null
@@ -1,895 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#include <errno.h>
-
-#include "strequal.h"
-
-#ifdef WIN32
-#include <time.h>
-#include <io.h>
-#else
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#include <netinet/in.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <netdb.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#include <sys/ioctl.h>
-#include <signal.h>
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#endif  /* WIN32 ... */
-
-#include "urldata.h"
-#include <curl/curl.h>
-#include "transfer.h"
-#include "sslgen.h"
-#include "url.h"
-#include "getinfo.h"
-#include "hostip.h"
-#include "share.h"
-#include "strdup.h"
-#include "memory.h"
-#include "progress.h"
-#include "easyif.h"
-#include "sendf.h" /* for failf function prototype */
-#include <ca-bundle.h>
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
-#include <iconv.h>
-/* set default codesets for iconv */
-#ifndef CURL_ICONV_CODESET_OF_NETWORK
-#define CURL_ICONV_CODESET_OF_NETWORK "ISO8859-1"
-#endif
-#ifndef CURL_ICONV_CODESET_FOR_UTF8
-#define CURL_ICONV_CODESET_FOR_UTF8   "UTF-8"
-#endif
-#define ICONV_ERROR  (size_t)-1
-#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#ifdef USE_WINSOCK
-/* win32_cleanup() is for win32 socket cleanup functionality, the opposite
-   of win32_init() */
-static void win32_cleanup(void)
-{
-  WSACleanup();
-}
-
-/* win32_init() performs win32 socket initialization to properly setup the
-   stack to allow networking */
-static CURLcode win32_init(void)
-{
-  WORD wVersionRequested;
-  WSADATA wsaData;
-  int err;
-
-#if defined(ENABLE_IPV6) && (USE_WINSOCK < 2)
-  Error IPV6_requires_winsock2
-#endif
-
-  wVersionRequested = MAKEWORD(USE_WINSOCK, USE_WINSOCK);
-
-  err = WSAStartup(wVersionRequested, &wsaData);
-
-  if (err != 0)
-    /* Tell the user that we couldn't find a useable */
-    /* winsock.dll.     */
-    return CURLE_FAILED_INIT;
-
-  /* Confirm that the Windows Sockets DLL supports what we need.*/
-  /* Note that if the DLL supports versions greater */
-  /* than wVersionRequested, it will still return */
-  /* wVersionRequested in wVersion. wHighVersion contains the */
-  /* highest supported version. */
-
-  if ( LOBYTE( wsaData.wVersion ) != LOBYTE(wVersionRequested) ||
-       HIBYTE( wsaData.wVersion ) != HIBYTE(wVersionRequested) ) {
-    /* Tell the user that we couldn't find a useable */
-
-    /* winsock.dll. */
-    WSACleanup();
-    return CURLE_FAILED_INIT;
-  }
-  /* The Windows Sockets DLL is acceptable. Proceed. */
-  return CURLE_OK;
-}
-
-#else
-/* These functions exist merely to prevent compiler warnings */
-static CURLcode win32_init(void) { return CURLE_OK; }
-static void win32_cleanup(void) { }
-#endif
-
-#ifdef USE_LIBIDN
-/*
- * Initialise use of IDNA library.
- * It falls back to ASCII if $CHARSET isn't defined. This doesn't work for
- * idna_to_ascii_lz().
- */
-static void idna_init (void)
-{
-#ifdef WIN32
-  char buf[60];
-  UINT cp = GetACP();
-
-  if (!getenv("CHARSET") && cp > 0) {
-    snprintf(buf, sizeof(buf), "CHARSET=cp%u", cp);
-    putenv(buf);
-  }
-#else
-  /* to do? */
-#endif
-}
-#endif  /* USE_LIBIDN */
-
-/* true globals -- for curl_global_init() and curl_global_cleanup() */
-static unsigned int  initialized;
-static long          init_flags;
-
-/*
- * strdup (and other memory functions) is redefined in complicated
- * ways, but at this point it must be defined as the system-supplied strdup
- * so the callback pointer is initialized correctly.
- */
-#if defined(_WIN32_WCE)
-#define system_strdup _strdup
-#elif !defined(HAVE_STRDUP)
-#define system_strdup curlx_strdup
-#else
-#define system_strdup strdup
-#endif
-
-/*
- * If a memory-using function (like curl_getenv) is used before
- * curl_global_init() is called, we need to have these pointers set already.
- */
-
-curl_malloc_callback Curl_cmalloc = (curl_malloc_callback)malloc;
-curl_free_callback Curl_cfree = (curl_free_callback)free;
-curl_realloc_callback Curl_crealloc = (curl_realloc_callback)realloc;
-curl_strdup_callback Curl_cstrdup = (curl_strdup_callback)system_strdup;
-curl_calloc_callback Curl_ccalloc = (curl_calloc_callback)calloc;
-
-/**
- * curl_global_init() globally initializes cURL given a bitwise set of the
- * different features of what to initialize.
- */
-CURLcode curl_global_init(long flags)
-{
-  if (initialized++)
-    return CURLE_OK;
-
-  /* Setup the default memory functions here (again) */
-  Curl_cmalloc = (curl_malloc_callback)malloc;
-  Curl_cfree = (curl_free_callback)free;
-  Curl_crealloc = (curl_realloc_callback)realloc;
-  Curl_cstrdup = (curl_strdup_callback)system_strdup;
-  Curl_ccalloc = (curl_calloc_callback)calloc;
-
-  if (flags & CURL_GLOBAL_SSL)
-    if (!Curl_ssl_init())
-      return CURLE_FAILED_INIT;
-
-  if (flags & CURL_GLOBAL_WIN32)
-    if (win32_init() != CURLE_OK)
-      return CURLE_FAILED_INIT;
-
-#ifdef _AMIGASF
-  if(!amiga_init())
-    return CURLE_FAILED_INIT;
-#endif
-
-#ifdef USE_LIBIDN
-  idna_init();
-#endif
-
-  init_flags  = flags;
-
-  return CURLE_OK;
-}
-
-/*
- * curl_global_init_mem() globally initializes cURL and also registers the
- * user provided callback routines.
- */
-CURLcode curl_global_init_mem(long flags, curl_malloc_callback m,
-                              curl_free_callback f, curl_realloc_callback r,
-                              curl_strdup_callback s, curl_calloc_callback c)
-{
-  CURLcode code = CURLE_OK;
-
-  /* Invalid input, return immediately */
-  if (!m || !f || !r || !s || !c)
-    return CURLE_FAILED_INIT;
-
-  /* Already initialized, don't do it again */
-  if ( initialized )
-    return CURLE_OK;
-
-  /* Call the actual init function first */
-  code = curl_global_init(flags);
-  if (code == CURLE_OK) {
-    Curl_cmalloc = m;
-    Curl_cfree = f;
-    Curl_cstrdup = s;
-    Curl_crealloc = r;
-    Curl_ccalloc = c;
-  }
-
-  return code;
-}
-
-/**
- * curl_global_cleanup() globally cleanups cURL, uses the value of
- * "init_flags" to determine what needs to be cleaned up and what doesn't.
- */
-void curl_global_cleanup(void)
-{
-  if (!initialized)
-    return;
-
-  if (--initialized)
-    return;
-
-  Curl_global_host_cache_dtor();
-
-  if (init_flags & CURL_GLOBAL_SSL)
-    Curl_ssl_cleanup();
-
-  if (init_flags & CURL_GLOBAL_WIN32)
-    win32_cleanup();
-
-#ifdef _AMIGASF
-  amiga_cleanup();
-#endif
-
-  init_flags  = 0;
-}
-
-/*
- * curl_easy_init() is the external interface to alloc, setup and init an
- * easy handle that is returned. If anything goes wrong, NULL is returned.
- */
-CURL *curl_easy_init(void)
-{
-  CURLcode res;
-  struct SessionHandle *data;
-
-  /* Make sure we inited the global SSL stuff */
-  if (!initialized) {
-    res = curl_global_init(CURL_GLOBAL_DEFAULT);
-    if(res)
-      /* something in the global init failed, return nothing */
-      return NULL;
-  }
-
-  /* We use curl_open() with undefined URL so far */
-  res = Curl_open(&data);
-  if(res != CURLE_OK)
-    return NULL;
-
-  return data;
-}
-
-/*
- * curl_easy_setopt() is the external interface for setting options on an
- * easy handle.
- */
-
-CURLcode curl_easy_setopt(CURL *curl, CURLoption tag, ...)
-{
-  va_list arg;
-  struct SessionHandle *data = curl;
-  CURLcode ret;
-
-  if(!curl)
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-
-  va_start(arg, tag);
-
-  ret = Curl_setopt(data, tag, arg);
-
-  va_end(arg);
-  return ret;
-}
-
-#ifdef CURL_MULTIEASY
-/***************************************************************************
- * This function is still only for testing purposes. It makes a great way
- * to run the full test suite on the multi interface instead of the easy one.
- ***************************************************************************
- *
- * The *new* curl_easy_perform() is the external interface that performs a
- * transfer previously setup.
- *
- * Wrapper-function that: creates a multi handle, adds the easy handle to it,
- * runs curl_multi_perform() until the transfer is done, then detaches the
- * easy handle, destroys the multi handle and returns the easy handle's return
- * code. This will make everything internally use and assume multi interface.
- */
-CURLcode curl_easy_perform(CURL *easy)
-{
-  CURLM *multi;
-  CURLMcode mcode;
-  CURLcode code = CURLE_OK;
-  int still_running;
-  struct timeval timeout;
-  int rc;
-  CURLMsg *msg;
-  fd_set fdread;
-  fd_set fdwrite;
-  fd_set fdexcep;
-  int maxfd;
-
-  if(!easy)
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-
-  multi = curl_multi_init();
-  if(!multi)
-    return CURLE_OUT_OF_MEMORY;
-
-  mcode = curl_multi_add_handle(multi, easy);
-  if(mcode) {
-    curl_multi_cleanup(multi);
-    return CURLE_FAILED_INIT;
-  }
-
-  /* we start some action by calling perform right away */
-
-  do {
-    while(CURLM_CALL_MULTI_PERFORM ==
-          curl_multi_perform(multi, &still_running));
-
-    if(!still_running)
-      break;
-
-    FD_ZERO(&fdread);
-    FD_ZERO(&fdwrite);
-    FD_ZERO(&fdexcep);
-
-    /* timeout once per second */
-    timeout.tv_sec = 1;
-    timeout.tv_usec = 0;
-
-    /* get file descriptors from the transfers */
-    curl_multi_fdset(multi, &fdread, &fdwrite, &fdexcep, &maxfd);
-
-    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
-
-    if(rc == -1)
-      /* select error */
-      break;
-
-    /* timeout or data to send/receive => loop! */
-  } while(still_running);
-
-  msg = curl_multi_info_read(multi, &rc);
-  if(msg)
-    code = msg->data.result;
-
-  mcode = curl_multi_remove_handle(multi, easy);
-  /* what to do if it fails? */
-
-  mcode = curl_multi_cleanup(multi);
-  /* what to do if it fails? */
-
-  return code;
-}
-#else
-/*
- * curl_easy_perform() is the external interface that performs a transfer
- * previously setup.
- */
-CURLcode curl_easy_perform(CURL *curl)
-{
-  struct SessionHandle *data = (struct SessionHandle *)curl;
-
-  if(!data)
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-
-  if ( ! (data->share && data->share->hostcache) ) {
-
-    if (Curl_global_host_cache_use(data) &&
-        (data->dns.hostcachetype != HCACHE_GLOBAL)) {
-      if (data->dns.hostcachetype == HCACHE_PRIVATE)
-        Curl_hash_destroy(data->dns.hostcache);
-      data->dns.hostcache = Curl_global_host_cache_get();
-      data->dns.hostcachetype = HCACHE_GLOBAL;
-    }
-
-    if (!data->dns.hostcache) {
-      data->dns.hostcachetype = HCACHE_PRIVATE;
-      data->dns.hostcache = Curl_mk_dnscache();
-
-      if(!data->dns.hostcache)
-        /* While we possibly could survive and do good without a host cache,
-           the fact that creating it failed indicates that things are truly
-           screwed up and we should bail out! */
-        return CURLE_OUT_OF_MEMORY;
-    }
-
-  }
-
-  if(!data->state.connc) {
-    /* oops, no connection cache, make one up */
-    data->state.connc = Curl_mk_connc(CONNCACHE_PRIVATE, -1);
-    if(!data->state.connc)
-      return CURLE_OUT_OF_MEMORY;
-  }
-
-  return Curl_perform(data);
-}
-#endif
-
-/*
- * curl_easy_cleanup() is the external interface to cleaning/freeing the given
- * easy handle.
- */
-void curl_easy_cleanup(CURL *curl)
-{
-  struct SessionHandle *data = (struct SessionHandle *)curl;
-
-  if(!data)
-    return;
-
-  Curl_close(data);
-}
-
-/*
- * Store a pointed to the multi handle within the easy handle's data struct.
- */
-void Curl_easy_addmulti(struct SessionHandle *data,
-                        void *multi)
-{
-  data->multi = multi;
-}
-
-void Curl_easy_initHandleData(struct SessionHandle *data)
-{
-    memset(&data->reqdata, 0, sizeof(struct HandleData));
-
-    data->reqdata.maxdownload = -1;
-}
-
-/*
- * curl_easy_getinfo() is an external interface that allows an app to retrieve
- * information from a performed transfer and similar.
- */
-CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...)
-{
-  va_list arg;
-  void *paramp;
-  struct SessionHandle *data = (struct SessionHandle *)curl;
-
-  va_start(arg, info);
-  paramp = va_arg(arg, void *);
-
-  return Curl_getinfo(data, info, paramp);
-}
-
-/*
- * curl_easy_duphandle() is an external interface to allow duplication of a
- * given input easy handle. The returned handle will be a new working handle
- * with all options set exactly as the input source handle.
- */
-CURL *curl_easy_duphandle(CURL *incurl)
-{
-  bool fail = TRUE;
-  struct SessionHandle *data=(struct SessionHandle *)incurl;
-
-  struct SessionHandle *outcurl = (struct SessionHandle *)
-    calloc(sizeof(struct SessionHandle), 1);
-
-  if(NULL == outcurl)
-    return NULL; /* failure */
-
-  do {
-
-    /*
-     * We setup a few buffers we need. We should probably make them
-     * get setup on-demand in the code, as that would probably decrease
-     * the likeliness of us forgetting to init a buffer here in the future.
-     */
-    outcurl->state.headerbuff=(char*)malloc(HEADERSIZE);
-    if(!outcurl->state.headerbuff) {
-      break;
-    }
-    outcurl->state.headersize=HEADERSIZE;
-
-    /* copy all userdefined values */
-    outcurl->set = data->set;
-
-    if(data->state.used_interface == Curl_if_multi)
-      outcurl->state.connc = data->state.connc;
-    else
-      outcurl->state.connc = Curl_mk_connc(CONNCACHE_PRIVATE, -1);
-
-    if(!outcurl->state.connc)
-      break;
-
-    outcurl->state.lastconnect = -1;
-
-    outcurl->progress.flags    = data->progress.flags;
-    outcurl->progress.callback = data->progress.callback;
-
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
-    if(data->cookies) {
-      /* If cookies are enabled in the parent handle, we enable them
-         in the clone as well! */
-      outcurl->cookies = Curl_cookie_init(data,
-                                            data->cookies->filename,
-                                            outcurl->cookies,
-                                            data->set.cookiesession);
-      if(!outcurl->cookies) {
-        break;
-      }
-    }
-#endif   /* CURL_DISABLE_HTTP */
-
-    /* duplicate all values in 'change' */
-
-    if(data->change.url) {
-      outcurl->change.url = strdup(data->change.url);
-      if(!outcurl->change.url)
-        break;
-      outcurl->change.url_alloc = TRUE;
-    }
-
-    if(data->change.referer) {
-      outcurl->change.referer = strdup(data->change.referer);
-      if(!outcurl->change.referer)
-        break;
-      outcurl->change.referer_alloc = TRUE;
-    }
-
-#ifdef USE_ARES
-    /* If we use ares, we setup a new ares channel for the new handle */
-    if(ARES_SUCCESS != ares_init(&outcurl->state.areschannel))
-      break;
-#endif
-
-#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
-    outcurl->inbound_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
-                                     CURL_ICONV_CODESET_OF_NETWORK);
-    outcurl->outbound_cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK,
-                                      CURL_ICONV_CODESET_OF_HOST);
-    outcurl->utf8_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
-                                  CURL_ICONV_CODESET_FOR_UTF8);
-#endif
-
-    Curl_easy_initHandleData(outcurl);
-
-    outcurl->magic = CURLEASY_MAGIC_NUMBER;
-
-    fail = FALSE; /* we reach this point and thus we are OK */
-
-  } while(0);
-
-  if(fail) {
-    if(outcurl) {
-      if(outcurl->state.connc->type == CONNCACHE_PRIVATE)
-        Curl_rm_connc(outcurl->state.connc);
-      if(outcurl->state.headerbuff)
-        free(outcurl->state.headerbuff);
-      if(outcurl->change.url)
-        free(outcurl->change.url);
-      if(outcurl->change.referer)
-        free(outcurl->change.referer);
-      free(outcurl); /* free the memory again */
-      outcurl = NULL;
-    }
-  }
-
-  return outcurl;
-}
-
-/*
- * curl_easy_reset() is an external interface that allows an app to re-
- * initialize a session handle to the default values.
- */
-void curl_easy_reset(CURL *curl)
-{
-  struct SessionHandle *data = (struct SessionHandle *)curl;
-
-  Curl_safefree(data->reqdata.pathbuffer);
-  data->reqdata.pathbuffer=NULL;
-
-  Curl_safefree(data->reqdata.proto.generic);
-  data->reqdata.proto.generic=NULL;
-
-  /* zero out UserDefined data: */
-  memset(&data->set, 0, sizeof(struct UserDefined));
-
-  /* zero out Progress data: */
-  memset(&data->progress, 0, sizeof(struct Progress));
-
-  /* init Handle data */
-  Curl_easy_initHandleData(data);
-
-  /* The remainder of these calls have been taken from Curl_open() */
-
-  data->set.out = stdout; /* default output to stdout */
-  data->set.in  = stdin;  /* default input from stdin */
-  data->set.err  = stderr;  /* default stderr to stderr */
-
-  /* use fwrite as default function to store output */
-  data->set.fwrite = (curl_write_callback)fwrite;
-
-  /* use fread as default function to read input */
-  data->set.fread = (curl_read_callback)fread;
-
-  data->set.infilesize = -1; /* we don't know any size */
-  data->set.postfieldsize = -1;
-
-  data->state.current_speed = -1; /* init to negative == impossible */
-
-  data->set.httpreq = HTTPREQ_GET; /* Default HTTP request */
-  data->set.ftp_use_epsv = TRUE;   /* FTP defaults to EPSV operations */
-  data->set.ftp_use_eprt = TRUE;   /* FTP defaults to EPRT operations */
-
-  data->set.dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
-
-  /* make libcurl quiet by default: */
-  data->set.hide_progress = TRUE;  /* CURLOPT_NOPROGRESS changes these */
-  data->progress.flags |= PGRS_HIDE;
-
-  /* Set the default size of the SSL session ID cache */
-  data->set.ssl.numsessions = 5;
-
-  data->set.proxyport = 1080;
-  data->set.proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */
-  data->set.httpauth = CURLAUTH_BASIC;  /* defaults to basic */
-  data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */
-
-  /*
-   * libcurl 7.10 introduced SSL verification *by default*! This needs to be
-   * switched off unless wanted.
-   */
-  data->set.ssl.verifypeer = TRUE;
-  data->set.ssl.verifyhost = 2;
-#ifdef CURL_CA_BUNDLE
-  /* This is our preferred CA cert bundle since install time */
-  data->set.ssl.CAfile = (char *)CURL_CA_BUNDLE;
-#endif
-
-  data->set.ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
-                                                      type */
-}
-
-#ifdef CURL_DOES_CONVERSIONS
-/*
- * Curl_convert_to_network() is an internal function
- * for performing ASCII conversions on non-ASCII platforms.
- */
-CURLcode Curl_convert_to_network(struct SessionHandle *data,
-                                 char *buffer, size_t length)
-{
-  CURLcode rc;
-
-  if(data->set.convtonetwork) {
-    /* use translation callback */
-    rc = data->set.convtonetwork(buffer, length);
-    if(rc != CURLE_OK) {
-      failf(data,
-            "CURLOPT_CONV_TO_NETWORK_FUNCTION callback returned %i: %s",
-            rc, curl_easy_strerror(rc));
-    }
-    return(rc);
-  } else {
-#ifdef HAVE_ICONV
-    /* do the translation ourselves */
-    char *input_ptr, *output_ptr;
-    size_t in_bytes, out_bytes, rc;
-
-    /* open an iconv conversion descriptor if necessary */
-    if(data->outbound_cd == (iconv_t)-1) {
-      data->outbound_cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK,
-                                     CURL_ICONV_CODESET_OF_HOST);
-      if(data->outbound_cd == (iconv_t)-1) {
-        failf(data,
-              "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s",
-               CURL_ICONV_CODESET_OF_NETWORK,
-               CURL_ICONV_CODESET_OF_HOST,
-               errno, strerror(errno));
-        return CURLE_CONV_FAILED;
-      }
-    }
-    /* call iconv */
-    input_ptr = output_ptr = buffer;
-    in_bytes = out_bytes = length;
-    rc = iconv(data->outbound_cd, (const char**)&input_ptr, &in_bytes,
-               &output_ptr, &out_bytes);
-    if ((rc == ICONV_ERROR) || (in_bytes != 0)) {
-      failf(data,
-        "The Curl_convert_to_network iconv call failed with errno %i: %s",
-             errno, strerror(errno));
-      return CURLE_CONV_FAILED;
-    }
-#else
-    failf(data, "CURLOPT_CONV_TO_NETWORK_FUNCTION callback required");
-    return CURLE_CONV_REQD;
-#endif /* HAVE_ICONV */
-  }
-
-  return CURLE_OK;
-}
-
-/*
- * Curl_convert_from_network() is an internal function
- * for performing ASCII conversions on non-ASCII platforms.
- */
-CURLcode Curl_convert_from_network(struct SessionHandle *data,
-                                      char *buffer, size_t length)
-{
-  CURLcode rc;
-
-  if(data->set.convfromnetwork) {
-    /* use translation callback */
-    rc = data->set.convfromnetwork(buffer, length);
-    if(rc != CURLE_OK) {
-      failf(data,
-            "CURLOPT_CONV_FROM_NETWORK_FUNCTION callback returned %i: %s",
-            rc, curl_easy_strerror(rc));
-    }
-    return(rc);
-  } else {
-#ifdef HAVE_ICONV
-    /* do the translation ourselves */
-    char *input_ptr, *output_ptr;
-    size_t in_bytes, out_bytes, rc;
-
-    /* open an iconv conversion descriptor if necessary */
-    if(data->inbound_cd == (iconv_t)-1) {
-      data->inbound_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
-                                    CURL_ICONV_CODESET_OF_NETWORK);
-      if(data->inbound_cd == (iconv_t)-1) {
-        failf(data,
-              "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s",
-               CURL_ICONV_CODESET_OF_HOST,
-               CURL_ICONV_CODESET_OF_NETWORK,
-               errno, strerror(errno));
-        return CURLE_CONV_FAILED;
-      }
-    }
-    /* call iconv */
-    input_ptr = output_ptr = buffer;
-    in_bytes = out_bytes = length;
-    rc = iconv(data->inbound_cd, (const char **)&input_ptr, &in_bytes,
-               &output_ptr, &out_bytes);
-    if ((rc == ICONV_ERROR) || (in_bytes != 0)) {
-      failf(data,
-        "The Curl_convert_from_network iconv call failed with errno %i: %s",
-             errno, strerror(errno));
-      return CURLE_CONV_FAILED;
-    }
-#else
-    failf(data, "CURLOPT_CONV_FROM_NETWORK_FUNCTION callback required");
-    return CURLE_CONV_REQD;
-#endif /* HAVE_ICONV */
-  }
-
-  return CURLE_OK;
-}
-
-/*
- * Curl_convert_from_utf8() is an internal function
- * for performing UTF-8 conversions on non-ASCII platforms.
- */
-CURLcode Curl_convert_from_utf8(struct SessionHandle *data,
-                                     char *buffer, size_t length)
-{
-  CURLcode rc;
-
-  if(data->set.convfromutf8) {
-    /* use translation callback */
-    rc = data->set.convfromutf8(buffer, length);
-    if(rc != CURLE_OK) {
-      failf(data,
-            "CURLOPT_CONV_FROM_UTF8_FUNCTION callback returned %i: %s",
-            rc, curl_easy_strerror(rc));
-    }
-    return(rc);
-  } else {
-#ifdef HAVE_ICONV
-    /* do the translation ourselves */
-    char *input_ptr, *output_ptr;
-    size_t in_bytes, out_bytes, rc;
-
-    /* open an iconv conversion descriptor if necessary */
-    if(data->utf8_cd == (iconv_t)-1) {
-      data->utf8_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
-                                 CURL_ICONV_CODESET_FOR_UTF8);
-      if(data->utf8_cd == (iconv_t)-1) {
-        failf(data,
-              "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s",
-               CURL_ICONV_CODESET_OF_HOST,
-               CURL_ICONV_CODESET_FOR_UTF8,
-               errno, strerror(errno));
-        return CURLE_CONV_FAILED;
-      }
-    }
-    /* call iconv */
-    input_ptr = output_ptr = buffer;
-    in_bytes = out_bytes = length;
-    rc = iconv(data->utf8_cd, (const char**)&input_ptr, &in_bytes,
-               &output_ptr, &out_bytes);
-    if ((rc == ICONV_ERROR) || (in_bytes != 0)) {
-      failf(data,
-        "The Curl_convert_from_utf8 iconv call failed with errno %i: %s",
-             errno, strerror(errno));
-      return CURLE_CONV_FAILED;
-    }
-    if (output_ptr < input_ptr) {
-      /* null terminate the now shorter output string */
-      *output_ptr = 0x00;
-    }
-#else
-    failf(data, "CURLOPT_CONV_FROM_UTF8_FUNCTION callback required");
-    return CURLE_CONV_REQD;
-#endif /* HAVE_ICONV */
-  }
-
-  return CURLE_OK;
-}
-
-#endif /* CURL_DOES_CONVERSIONS */
diff --git a/Utilities/cmcurl/file.c b/Utilities/cmcurl/file.c
deleted file mode 100644
index b247a77..0000000
--- a/Utilities/cmcurl/file.c
+++ /dev/null
@@ -1,407 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#ifndef CURL_DISABLE_FILE
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#ifdef WIN32
-#include <time.h>
-#include <io.h>
-#include <fcntl.h>
-#else
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#include <sys/ioctl.h>
-#include <signal.h>
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
-#endif
-
-#include "urldata.h"
-#include <curl/curl.h>
-#include "progress.h"
-#include "sendf.h"
-#include "escape.h"
-#include "file.h"
-#include "speedcheck.h"
-#include "getinfo.h"
-#include "transfer.h"
-#include "url.h"
-#include "memory.h"
-#include "parsedate.h" /* for the week day and month names */
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/*
- * Curl_file_connect() gets called from Curl_protocol_connect() to allow us to
- * do protocol-specific actions at connect-time.  We emulate a
- * connect-then-transfer protocol and "connect" to the file here
- */
-CURLcode Curl_file_connect(struct connectdata *conn)
-{
-  char *real_path = curl_easy_unescape(conn->data, conn->data->reqdata.path, 0, NULL);
-  struct FILEPROTO *file;
-  int fd;
-#if defined(WIN32) || defined(MSDOS) || defined(__EMX__)
-  int i;
-  char *actual_path;
-#endif
-
-  if(!real_path)
-    return CURLE_OUT_OF_MEMORY;
-
-  file = (struct FILEPROTO *)calloc(sizeof(struct FILEPROTO), 1);
-  if(!file) {
-    free(real_path);
-    return CURLE_OUT_OF_MEMORY;
-  }
-
-  if (conn->data->reqdata.proto.file) {
-    free(conn->data->reqdata.proto.file);
-  }
-
-  conn->data->reqdata.proto.file = file;
-
-#if defined(WIN32) || defined(MSDOS) || defined(__EMX__)
-  /* If the first character is a slash, and there's
-     something that looks like a drive at the beginning of
-     the path, skip the slash.  If we remove the initial
-     slash in all cases, paths without drive letters end up
-     relative to the current directory which isn't how
-     browsers work.
-
-     Some browsers accept | instead of : as the drive letter
-     separator, so we do too.
-
-     On other platforms, we need the slash to indicate an
-     absolute pathname.  On Windows, absolute paths start
-     with a drive letter.
-  */
-  actual_path = real_path;
-  if ((actual_path[0] == '/') &&
-      actual_path[1] &&
-      (actual_path[2] == ':' || actual_path[2] == '|'))
-  {
-    actual_path[2] = ':';
-    actual_path++;
-  }
-
-  /* change path separators from '/' to '\\' for DOS, Windows and OS/2 */
-  for (i=0; actual_path[i] != '\0'; ++i)
-    if (actual_path[i] == '/')
-      actual_path[i] = '\\';
-
-  fd = open(actual_path, O_RDONLY | O_BINARY);  /* no CR/LF translation! */
-  file->path = actual_path;
-#else
-  fd = open(real_path, O_RDONLY);
-  file->path = real_path;
-#endif
-  file->freepath = real_path; /* free this when done */
-
-  file->fd = fd;
-  if(!conn->data->set.upload && (fd == -1)) {
-    failf(conn->data, "Couldn't open file %s", conn->data->reqdata.path);
-    Curl_file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE);
-    return CURLE_FILE_COULDNT_READ_FILE;
-  }
-
-  return CURLE_OK;
-}
-
-CURLcode Curl_file_done(struct connectdata *conn,
-                        CURLcode status, bool premature)
-{
-  struct FILEPROTO *file = conn->data->reqdata.proto.file;
-  (void)status; /* not used */
-  (void)premature; /* not used */
-  Curl_safefree(file->freepath);
-
-  if(file->fd != -1)
-    close(file->fd);
-
-  return CURLE_OK;
-}
-
-#if defined(WIN32) || defined(MSDOS) || defined(__EMX__)
-#define DIRSEP '\\'
-#else
-#define DIRSEP '/'
-#endif
-
-static CURLcode file_upload(struct connectdata *conn)
-{
-  struct FILEPROTO *file = conn->data->reqdata.proto.file;
-  char *dir = strchr(file->path, DIRSEP);
-  FILE *fp;
-  CURLcode res=CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  char *buf = data->state.buffer;
-  size_t nread;
-  size_t nwrite;
-  curl_off_t bytecount = 0;
-  struct timeval now = Curl_tvnow();
-
-  /*
-   * Since FILE: doesn't do the full init, we need to provide some extra
-   * assignments here.
-   */
-  conn->fread = data->set.fread;
-  conn->fread_in = data->set.in;
-  conn->data->reqdata.upload_fromhere = buf;
-
-  if(!dir)
-    return CURLE_FILE_COULDNT_READ_FILE; /* fix: better error code */
-
-  if(!dir[1])
-     return CURLE_FILE_COULDNT_READ_FILE; /* fix: better error code */
-
-  fp = fopen(file->path, "wb");
-  if(!fp) {
-    failf(data, "Can't open %s for writing", file->path);
-    return CURLE_WRITE_ERROR;
-  }
-
-  if(-1 != data->set.infilesize)
-    /* known size of data to "upload" */
-    Curl_pgrsSetUploadSize(data, data->set.infilesize);
-
-  while (res == CURLE_OK) {
-    int readcount;
-    res = Curl_fillreadbuffer(conn, BUFSIZE, &readcount);
-    if(res)
-      break;
-
-    if (readcount <= 0)  /* fix questionable compare error. curlvms */
-      break;
-
-    nread = (size_t)readcount;
-
-    /* write the data to the target */
-    nwrite = fwrite(buf, 1, nread, fp);
-    if(nwrite != nread) {
-      res = CURLE_SEND_ERROR;
-      break;
-    }
-
-    bytecount += nread;
-
-    Curl_pgrsSetUploadCounter(data, bytecount);
-
-    if(Curl_pgrsUpdate(conn))
-      res = CURLE_ABORTED_BY_CALLBACK;
-    else
-      res = Curl_speedcheck(data, now);
-  }
-  if(!res && Curl_pgrsUpdate(conn))
-    res = CURLE_ABORTED_BY_CALLBACK;
-
-  fclose(fp);
-
-  return res;
-}
-
-/*
- * Curl_file() is the protocol-specific function for the do-phase, separated
- * from the connect-phase above. Other protocols merely setup the transfer in
- * the do-phase, to have it done in the main transfer loop but since some
- * platforms we support don't allow select()ing etc on file handles (as
- * opposed to sockets) we instead perform the whole do-operation in this
- * function.
- */
-CURLcode Curl_file(struct connectdata *conn, bool *done)
-{
-  /* This implementation ignores the host name in conformance with
-     RFC 1738. Only local files (reachable via the standard file system)
-     are supported. This means that files on remotely mounted directories
-     (via NFS, Samba, NT sharing) can be accessed through a file:// URL
-  */
-  CURLcode res = CURLE_OK;
-  struct_stat statbuf; /* struct_stat instead of struct stat just to allow the
-                          Windows version to have a different struct without
-                          having to redefine the simple word 'stat' */
-  curl_off_t expected_size=0;
-  bool fstated=FALSE;
-  ssize_t nread;
-  struct SessionHandle *data = conn->data;
-  char *buf = data->state.buffer;
-  curl_off_t bytecount = 0;
-  int fd;
-  struct timeval now = Curl_tvnow();
-
-  *done = TRUE; /* unconditionally */
-
-  Curl_readwrite_init(conn);
-  Curl_initinfo(data);
-  Curl_pgrsStartNow(data);
-
-  if(data->set.upload)
-    return file_upload(conn);
-
-  /* get the fd from the connection phase */
-  fd = conn->data->reqdata.proto.file->fd;
-
-  /* VMS: This only works reliable for STREAMLF files */
-  if( -1 != fstat(fd, &statbuf)) {
-    /* we could stat it, then read out the size */
-    expected_size = statbuf.st_size;
-    fstated = TRUE;
-  }
-
-  /* If we have selected NOBODY and HEADER, it means that we only want file
-     information. Which for FILE can't be much more than the file size and
-     date. */
-  if(conn->bits.no_body && data->set.include_header && fstated) {
-    CURLcode result;
-    snprintf(buf, sizeof(data->state.buffer),
-             "Content-Length: %" FORMAT_OFF_T "\r\n", expected_size);
-    result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
-    if(result)
-      return result;
-
-    result = Curl_client_write(conn, CLIENTWRITE_BOTH,
-                               (char *)"Accept-ranges: bytes\r\n", 0);
-    if(result)
-      return result;
-
-    if(fstated) {
-      struct tm *tm;
-      time_t clock = (time_t)statbuf.st_mtime;
-#ifdef HAVE_GMTIME_R
-      struct tm buffer;
-      tm = (struct tm *)gmtime_r(&clock, &buffer);
-#else
-      tm = gmtime(&clock);
-#endif
-      /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
-      snprintf(buf, BUFSIZE-1,
-               "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
-               Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
-               tm->tm_mday,
-               Curl_month[tm->tm_mon],
-               tm->tm_year + 1900,
-               tm->tm_hour,
-               tm->tm_min,
-               tm->tm_sec);
-      result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
-    }
-    return result;
-  }
-
-  if (data->reqdata.resume_from <= expected_size)
-    expected_size -= data->reqdata.resume_from;
-  else {
-    failf(data, "failed to resume file:// transfer");
-    return CURLE_BAD_DOWNLOAD_RESUME;
-  }
-
-  if (fstated && (expected_size == 0))
-    return CURLE_OK;
-
-  /* The following is a shortcut implementation of file reading
-     this is both more efficient than the former call to download() and
-     it avoids problems with select() and recv() on file descriptors
-     in Winsock */
-  if(fstated)
-    Curl_pgrsSetDownloadSize(data, expected_size);
-
-  if(data->reqdata.resume_from) {
-    if(data->reqdata.resume_from !=
-       lseek(fd, data->reqdata.resume_from, SEEK_SET))
-      return CURLE_BAD_DOWNLOAD_RESUME;
-  }
-
-  Curl_pgrsTime(data, TIMER_STARTTRANSFER);
-
-  while (res == CURLE_OK) {
-    nread = read(fd, buf, BUFSIZE-1);
-
-    if ( nread > 0)
-      buf[nread] = 0;
-
-    if (nread <= 0)
-      break;
-
-    bytecount += nread;
-
-    res = Curl_client_write(conn, CLIENTWRITE_BODY, buf, nread);
-    if(res)
-      return res;
-
-    Curl_pgrsSetDownloadCounter(data, bytecount);
-
-    if(Curl_pgrsUpdate(conn))
-      res = CURLE_ABORTED_BY_CALLBACK;
-    else
-      res = Curl_speedcheck(data, now);
-  }
-  if(Curl_pgrsUpdate(conn))
-    res = CURLE_ABORTED_BY_CALLBACK;
-
-  return res;
-}
-
-#endif
diff --git a/Utilities/cmcurl/ftp.c b/Utilities/cmcurl/ftp.c
deleted file mode 100644
index 3ccbc43..0000000
--- a/Utilities/cmcurl/ftp.c
+++ /dev/null
@@ -1,3865 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#ifndef CURL_DISABLE_FTP
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <ctype.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef WIN32
-
-#else /* probably some kind of unix */
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#include <sys/types.h>
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_UTSNAME_H
-#include <sys/utsname.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef  VMS
-#include <in.h>
-#include <inet.h>
-#endif
-#endif
-
-#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
-#undef in_addr_t
-#define in_addr_t unsigned long
-#endif
-
-#include <curl/curl.h>
-#include "urldata.h"
-#include "sendf.h"
-#include "easyif.h" /* for Curl_convert_... prototypes */
-
-#include "if2ip.h"
-#include "hostip.h"
-#include "progress.h"
-#include "transfer.h"
-#include "escape.h"
-#include "http.h" /* for HTTP proxy tunnel stuff */
-#include "ftp.h"
-
-#ifdef HAVE_KRB4
-#include "krb4.h"
-#endif
-
-#include "strtoofft.h"
-#include "strequal.h"
-#include "sslgen.h"
-#include "connect.h"
-#include "strerror.h"
-#include "memory.h"
-#include "inet_ntop.h"
-#include "select.h"
-#include "parsedate.h" /* for the week day and month names */
-#include "sockaddr.h" /* required for Curl_sockaddr_storage */
-#include "multiif.h"
-
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
-#ifdef CURLDEBUG
-#include "memdebug.h"
-#endif
-
-#ifdef HAVE_NI_WITHSCOPEID
-#define NIFLAGS NI_NUMERICHOST | NI_NUMERICSERV | NI_WITHSCOPEID
-#else
-#define NIFLAGS NI_NUMERICHOST | NI_NUMERICSERV
-#endif
-
-/* Local API functions */
-static CURLcode ftp_sendquote(struct connectdata *conn,
-                              struct curl_slist *quote);
-static CURLcode ftp_quit(struct connectdata *conn);
-static CURLcode ftp_parse_url_path(struct connectdata *conn);
-static CURLcode ftp_regular_transfer(struct connectdata *conn, bool *done);
-static void ftp_pasv_verbose(struct connectdata *conn,
-                             Curl_addrinfo *ai,
-                             char *newhost, /* ascii version */
-                             int port);
-static CURLcode ftp_state_post_rest(struct connectdata *conn);
-static CURLcode ftp_state_post_cwd(struct connectdata *conn);
-static CURLcode ftp_state_quote(struct connectdata *conn,
-                                bool init, ftpstate instate);
-static CURLcode ftp_nb_type(struct connectdata *conn,
-                            bool ascii, ftpstate state);
-static int ftp_need_type(struct connectdata *conn,
-                         bool ascii);
-
-/* easy-to-use macro: */
-#define FTPSENDF(x,y,z)    if ((result = Curl_ftpsendf(x,y,z)) != CURLE_OK) \
-                              return result
-#define NBFTPSENDF(x,y,z)  if ((result = Curl_nbftpsendf(x,y,z)) != CURLE_OK) \
-                              return result
-
-static void freedirs(struct connectdata *conn)
-{
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-
-  int i;
-  if(ftpc->dirs) {
-    for (i=0; i < ftpc->dirdepth; i++){
-      if(ftpc->dirs[i]) {
-        free(ftpc->dirs[i]);
-        ftpc->dirs[i]=NULL;
-      }
-    }
-    free(ftpc->dirs);
-    ftpc->dirs = NULL;
-  }
-  if(ftp->file) {
-    free(ftp->file);
-    ftp->file = NULL;
-  }
-}
-
-/* Returns non-zero if the given string contains CR (\r) or LF (\n),
-   which are not allowed within RFC 959 <string>.
-   Note: The input string is in the client's encoding which might
-   not be ASCII, so escape sequences \r & \n must be used instead
-   of hex values 0x0d & 0x0a.
-*/
-static bool isBadFtpString(const char *string)
-{
-  return (bool)((NULL != strchr(string, '\r')) || (NULL != strchr(string, '\n')));
-}
-
-/***********************************************************************
- *
- * AllowServerConnect()
- *
- * When we've issue the PORT command, we have told the server to connect
- * to us. This function will sit and wait here until the server has
- * connected.
- *
- */
-static CURLcode AllowServerConnect(struct connectdata *conn)
-{
-  int timeout_ms;
-  struct SessionHandle *data = conn->data;
-  curl_socket_t sock = conn->sock[SECONDARYSOCKET];
-  struct timeval now = Curl_tvnow();
-  long timespent = Curl_tvdiff(Curl_tvnow(), now)/1000;
-  long timeout = data->set.connecttimeout?data->set.connecttimeout:
-    (data->set.timeout?data->set.timeout: 0);
-
-  if(timeout) {
-    timeout -= timespent;
-    if(timeout<=0) {
-      failf(data, "Timed out before server could connect to us");
-      return CURLE_OPERATION_TIMEDOUT;
-    }
-  }
-
-  /* We allow the server 60 seconds to connect to us, or a custom timeout.
-     Note the typecast here. */
-  timeout_ms = (timeout?(int)timeout:60) * 1000;
-
-  switch (Curl_select(sock, CURL_SOCKET_BAD, timeout_ms)) {
-  case -1: /* error */
-    /* let's die here */
-    failf(data, "Error while waiting for server connect");
-    return CURLE_FTP_PORT_FAILED;
-  case 0:  /* timeout */
-    /* let's die here */
-    failf(data, "Timeout while waiting for server connect");
-    return CURLE_FTP_PORT_FAILED;
-  default:
-    /* we have received data here */
-    {
-      curl_socket_t s = CURL_SOCKET_BAD;
-#ifdef ENABLE_IPV6
-      struct Curl_sockaddr_storage add;
-#else
-      struct sockaddr_in add;
-#endif
-      socklen_t size = (socklen_t) sizeof(add);
-
-      if(0 == getsockname(sock, (struct sockaddr *) &add, &size)) {
-        size = sizeof(add);
-
-        s=accept(sock, (struct sockaddr *) &add, &size);
-      }
-      sclose(sock); /* close the first socket */
-
-      if (CURL_SOCKET_BAD == s) {
-        /* DIE! */
-        failf(data, "Error accept()ing server connect");
-        return CURLE_FTP_PORT_FAILED;
-      }
-      infof(data, "Connection accepted from server\n");
-
-      conn->sock[SECONDARYSOCKET] = s;
-      Curl_nonblock(s, TRUE); /* enable non-blocking */
-    }
-    break;
-  }
-
-  return CURLE_OK;
-}
-
-/* initialize stuff to prepare for reading a fresh new response */
-static void ftp_respinit(struct connectdata *conn)
-{
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  ftpc->nread_resp = 0;
-  ftpc->linestart_resp = conn->data->state.buffer;
-}
-
-/* macro to check for the last line in an FTP server response */
-#define lastline(line) (ISDIGIT(line[0]) && ISDIGIT(line[1]) && \
-                        ISDIGIT(line[2]) && (' ' == line[3]))
-
-static CURLcode ftp_readresp(curl_socket_t sockfd,
-                             struct connectdata *conn,
-                             int *ftpcode, /* return the ftp-code if done */
-                             size_t *size) /* size of the response */
-{
-  int perline; /* count bytes per line */
-  bool keepon=TRUE;
-  ssize_t gotbytes;
-  char *ptr;
-  struct SessionHandle *data = conn->data;
-  char *buf = data->state.buffer;
-  CURLcode result = CURLE_OK;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  int code = 0;
-
-  if (ftpcode)
-    *ftpcode = 0; /* 0 for errors or not done */
-
-  ptr=buf + ftpc->nread_resp;
-
-  perline= (int)(ptr-ftpc->linestart_resp); /* number of bytes in the current
-                                              line, so far */
-  keepon=TRUE;
-
-  while((ftpc->nread_resp<BUFSIZE) && (keepon && !result)) {
-
-    if(ftpc->cache) {
-      /* we had data in the "cache", copy that instead of doing an actual
-       * read
-       *
-       * ftp->cache_size is cast to int here.  This should be safe,
-       * because it would have been populated with something of size
-       * int to begin with, even though its datatype may be larger
-       * than an int.
-       */
-      memcpy(ptr, ftpc->cache, (int)ftpc->cache_size);
-      gotbytes = (int)ftpc->cache_size;
-      free(ftpc->cache);    /* free the cache */
-      ftpc->cache = NULL;   /* clear the pointer */
-      ftpc->cache_size = 0; /* zero the size just in case */
-    }
-    else {
-      int res = Curl_read(conn, sockfd, ptr, BUFSIZE-ftpc->nread_resp,
-                          &gotbytes);
-      if(res < 0)
-        /* EWOULDBLOCK */
-        return CURLE_OK; /* return */
-
-#ifdef CURL_DOES_CONVERSIONS
-      if((res == CURLE_OK) && (gotbytes > 0)) {
-        /* convert from the network encoding */
-        result = res = Curl_convert_from_network(data, ptr, gotbytes);
-        /* Curl_convert_from_network calls failf if unsuccessful */
-      }
-#endif /* CURL_DOES_CONVERSIONS */
-
-      if(CURLE_OK != res)
-        keepon = FALSE;
-    }
-
-    if(!keepon)
-      ;
-    else if(gotbytes <= 0) {
-      keepon = FALSE;
-      result = CURLE_RECV_ERROR;
-      failf(data, "FTP response reading failed");
-    }
-    else {
-      /* we got a whole chunk of data, which can be anything from one
-       * byte to a set of lines and possible just a piece of the last
-       * line */
-      int i;
-
-      conn->headerbytecount += gotbytes;
-
-      ftpc->nread_resp += gotbytes;
-      for(i = 0; i < gotbytes; ptr++, i++) {
-        perline++;
-        if(*ptr=='\n') {
-          /* a newline is CRLF in ftp-talk, so the CR is ignored as
-             the line isn't really terminated until the LF comes */
-
-          /* output debug output if that is requested */
-          if(data->set.verbose)
-            Curl_debug(data, CURLINFO_HEADER_IN,
-                       ftpc->linestart_resp, (size_t)perline, conn);
-
-          /*
-           * We pass all response-lines to the callback function registered
-           * for "headers". The response lines can be seen as a kind of
-           * headers.
-           */
-          result = Curl_client_write(conn, CLIENTWRITE_HEADER,
-                                     ftpc->linestart_resp, perline);
-          if(result)
-            return result;
-
-          if(perline>3 && lastline(ftpc->linestart_resp)) {
-            /* This is the end of the last line, copy the last line to the
-               start of the buffer and zero terminate, for old times sake (and
-               krb4)! */
-            char *meow;
-            int n;
-            for(meow=ftpc->linestart_resp, n=0; meow<ptr; meow++, n++)
-              buf[n] = *meow;
-            *meow=0; /* zero terminate */
-            keepon=FALSE;
-            ftpc->linestart_resp = ptr+1; /* advance pointer */
-            i++; /* skip this before getting out */
-
-            *size = ftpc->nread_resp; /* size of the response */
-            ftpc->nread_resp = 0; /* restart */
-            break;
-          }
-          perline=0; /* line starts over here */
-          ftpc->linestart_resp = ptr+1;
-        }
-      }
-      if(!keepon && (i != gotbytes)) {
-        /* We found the end of the response lines, but we didn't parse the
-           full chunk of data we have read from the server. We therefore need
-           to store the rest of the data to be checked on the next invoke as
-           it may actually contain another end of response already! */
-        ftpc->cache_size = gotbytes - i;
-        ftpc->cache = (char *)malloc((int)ftpc->cache_size);
-        if(ftpc->cache)
-          memcpy(ftpc->cache, ftpc->linestart_resp, (int)ftpc->cache_size);
-        else
-          return CURLE_OUT_OF_MEMORY; /**BANG**/
-      }
-    } /* there was data */
-
-  } /* while there's buffer left and loop is requested */
-
-  if(!result)
-    code = atoi(buf);
-
-#ifdef HAVE_KRB4
-  /* handle the security-oriented responses 6xx ***/
-  /* FIXME: some errorchecking perhaps... ***/
-  switch(code) {
-  case 631:
-    Curl_sec_read_msg(conn, buf, prot_safe);
-    break;
-  case 632:
-    Curl_sec_read_msg(conn, buf, prot_private);
-    break;
-  case 633:
-    Curl_sec_read_msg(conn, buf, prot_confidential);
-    break;
-  default:
-    /* normal ftp stuff we pass through! */
-    break;
-  }
-#endif
-
-  *ftpcode=code; /* return the initial number like this */
-
-
-  /* store the latest code for later retrieval */
-  conn->data->info.httpcode=code;
-
-  return result;
-}
-
-/* --- parse FTP server responses --- */
-
-/*
- * Curl_GetFTPResponse() is supposed to be invoked after each command sent to
- * a remote FTP server. This function will wait and read all lines of the
- * response and extract the relevant return code for the invoking function.
- */
-
-CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
-                             struct connectdata *conn,
-                             int *ftpcode) /* return the ftp-code */
-{
-  /*
-   * We cannot read just one byte per read() and then go back to select() as
-   * the OpenSSL read() doesn't grok that properly.
-   *
-   * Alas, read as much as possible, split up into lines, use the ending
-   * line in a response or continue reading.  */
-
-  curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
-  int perline; /* count bytes per line */
-  bool keepon=TRUE;
-  ssize_t gotbytes;
-  char *ptr;
-  long timeout;              /* timeout in seconds */
-  int interval_ms;
-  struct SessionHandle *data = conn->data;
-  char *line_start;
-  int code=0; /* default ftp "error code" to return */
-  char *buf = data->state.buffer;
-  CURLcode result = CURLE_OK;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  struct timeval now = Curl_tvnow();
-
-  if (ftpcode)
-    *ftpcode = 0; /* 0 for errors */
-
-  ptr=buf;
-  line_start = buf;
-
-  *nreadp=0;
-  perline=0;
-  keepon=TRUE;
-
-  while((*nreadp<BUFSIZE) && (keepon && !result)) {
-    /* check and reset timeout value every lap */
-    if(data->set.ftp_response_timeout )
-      /* if CURLOPT_FTP_RESPONSE_TIMEOUT is set, use that to determine
-         remaining time.  Also, use "now" as opposed to "conn->now"
-         because ftp_response_timeout is only supposed to govern
-         the response for any given ftp response, not for the time
-         from connect to the given ftp response. */
-      timeout = data->set.ftp_response_timeout - /* timeout time */
-        Curl_tvdiff(Curl_tvnow(), now)/1000; /* spent time */
-    else if(data->set.timeout)
-      /* if timeout is requested, find out how much remaining time we have */
-      timeout = data->set.timeout - /* timeout time */
-        Curl_tvdiff(Curl_tvnow(), conn->now)/1000; /* spent time */
-    else
-      /* Even without a requested timeout, we only wait response_time
-         seconds for the full response to arrive before we bail out */
-      timeout = ftpc->response_time -
-        Curl_tvdiff(Curl_tvnow(), now)/1000; /* spent time */
-
-    if(timeout <=0 ) {
-      failf(data, "FTP response timeout");
-      return CURLE_OPERATION_TIMEDOUT; /* already too little time */
-    }
-
-    if(!ftpc->cache) {
-      interval_ms = 1 * 1000;  /* use 1 second timeout intervals */
-
-      switch (Curl_select(sockfd, CURL_SOCKET_BAD, interval_ms)) {
-      case -1: /* select() error, stop reading */
-        result = CURLE_RECV_ERROR;
-        failf(data, "FTP response aborted due to select() error: %d",
-              Curl_sockerrno());
-        break;
-      case 0: /* timeout */
-        if(Curl_pgrsUpdate(conn))
-          return CURLE_ABORTED_BY_CALLBACK;
-        continue; /* just continue in our loop for the timeout duration */
-
-      default:
-        break;
-      }
-    }
-    if(CURLE_OK == result) {
-      /*
-       * This code previously didn't use the kerberos sec_read() code
-       * to read, but when we use Curl_read() it may do so. Do confirm
-       * that this is still ok and then remove this comment!
-       */
-      if(ftpc->cache) {
-        /* we had data in the "cache", copy that instead of doing an actual
-         * read
-         *
-         * Dave Meyer, December 2003:
-         * ftp->cache_size is cast to int here.  This should be safe,
-         * because it would have been populated with something of size
-         * int to begin with, even though its datatype may be larger
-         * than an int.
-         */
-        memcpy(ptr, ftpc->cache, (int)ftpc->cache_size);
-        gotbytes = (int)ftpc->cache_size;
-        free(ftpc->cache);    /* free the cache */
-        ftpc->cache = NULL;   /* clear the pointer */
-        ftpc->cache_size = 0; /* zero the size just in case */
-      }
-      else {
-        int res = Curl_read(conn, sockfd, ptr, BUFSIZE-*nreadp, &gotbytes);
-        if(res < 0)
-          /* EWOULDBLOCK */
-          continue; /* go looping again */
-
-#ifdef CURL_DOES_CONVERSIONS
-        if((res == CURLE_OK) && (gotbytes > 0)) {
-          /* convert from the network encoding */
-          result = res = Curl_convert_from_network(data, ptr, gotbytes);
-          /* Curl_convert_from_network calls failf if unsuccessful */
-        }
-#endif /* CURL_DOES_CONVERSIONS */
-
-        if(CURLE_OK != res)
-          keepon = FALSE;
-      }
-
-      if(!keepon)
-        ;
-      else if(gotbytes <= 0) {
-        keepon = FALSE;
-        result = CURLE_RECV_ERROR;
-        failf(data, "FTP response reading failed");
-      }
-      else {
-        /* we got a whole chunk of data, which can be anything from one
-         * byte to a set of lines and possible just a piece of the last
-         * line */
-        int i;
-
-        conn->headerbytecount += gotbytes;
-
-        *nreadp += gotbytes;
-        for(i = 0; i < gotbytes; ptr++, i++) {
-          perline++;
-          if(*ptr=='\n') {
-            /* a newline is CRLF in ftp-talk, so the CR is ignored as
-               the line isn't really terminated until the LF comes */
-
-            /* output debug output if that is requested */
-            if(data->set.verbose)
-              Curl_debug(data, CURLINFO_HEADER_IN,
-                         line_start, (size_t)perline, conn);
-
-            /*
-             * We pass all response-lines to the callback function registered
-             * for "headers". The response lines can be seen as a kind of
-             * headers.
-             */
-            result = Curl_client_write(conn, CLIENTWRITE_HEADER,
-                                       line_start, perline);
-            if(result)
-              return result;
-
-            if(perline>3 && lastline(line_start)) {
-              /* This is the end of the last line, copy the last
-               * line to the start of the buffer and zero terminate,
-               * for old times sake (and krb4)! */
-              char *meow;
-              int n;
-              for(meow=line_start, n=0; meow<ptr; meow++, n++)
-                buf[n] = *meow;
-              *meow=0; /* zero terminate */
-              keepon=FALSE;
-              line_start = ptr+1; /* advance pointer */
-              i++; /* skip this before getting out */
-              break;
-            }
-            perline=0; /* line starts over here */
-            line_start = ptr+1;
-          }
-        }
-        if(!keepon && (i != gotbytes)) {
-          /* We found the end of the response lines, but we didn't parse the
-             full chunk of data we have read from the server. We therefore
-             need to store the rest of the data to be checked on the next
-             invoke as it may actually contain another end of response
-             already!  Cleverly figured out by Eric Lavigne in December
-             2001. */
-          ftpc->cache_size = gotbytes - i;
-          ftpc->cache = (char *)malloc((int)ftpc->cache_size);
-          if(ftpc->cache)
-            memcpy(ftpc->cache, line_start, (int)ftpc->cache_size);
-          else
-            return CURLE_OUT_OF_MEMORY; /**BANG**/
-        }
-      } /* there was data */
-    } /* if(no error) */
-  } /* while there's buffer left and loop is requested */
-
-  if(!result)
-    code = atoi(buf);
-
-#ifdef HAVE_KRB4
-  /* handle the security-oriented responses 6xx ***/
-  /* FIXME: some errorchecking perhaps... ***/
-  switch(code) {
-  case 631:
-    Curl_sec_read_msg(conn, buf, prot_safe);
-    break;
-  case 632:
-    Curl_sec_read_msg(conn, buf, prot_private);
-    break;
-  case 633:
-    Curl_sec_read_msg(conn, buf, prot_confidential);
-    break;
-  default:
-    /* normal ftp stuff we pass through! */
-    break;
-  }
-#endif
-
-  if(ftpcode)
-    *ftpcode=code; /* return the initial number like this */
-
-  /* store the latest code for later retrieval */
-  conn->data->info.httpcode=code;
-
-  return result;
-}
-
-/* This is the ONLY way to change FTP state! */
-static void state(struct connectdata *conn,
-                  ftpstate state)
-{
-#ifdef CURLDEBUG
-  /* for debug purposes */
-  const char *names[]={
-    "STOP",
-    "WAIT220",
-    "AUTH",
-    "USER",
-    "PASS",
-    "ACCT",
-    "PBSZ",
-    "PROT",
-    "CCC",
-    "PWD",
-    "QUOTE",
-    "RETR_PREQUOTE",
-    "STOR_PREQUOTE",
-    "POSTQUOTE",
-    "CWD",
-    "MKD",
-    "MDTM",
-    "TYPE",
-    "LIST_TYPE",
-    "RETR_TYPE",
-    "STOR_TYPE",
-    "SIZE",
-    "RETR_SIZE",
-    "STOR_SIZE",
-    "REST",
-    "RETR_REST",
-    "PORT",
-    "PASV",
-    "LIST",
-    "RETR",
-    "STOR",
-    "QUIT"
-  };
-#endif
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-#ifdef CURLDEBUG
-  if(ftpc->state != state)
-    infof(conn->data, "FTP %p state change from %s to %s\n",
-          ftpc, names[ftpc->state], names[state]);
-#endif
-  ftpc->state = state;
-}
-
-static CURLcode ftp_state_user(struct connectdata *conn)
-{
-  CURLcode result;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-  /* send USER */
-  NBFTPSENDF(conn, "USER %s", ftp->user?ftp->user:"");
-
-  state(conn, FTP_USER);
-  conn->data->state.ftp_trying_alternative = FALSE;
-
-  return CURLE_OK;
-}
-
-static CURLcode ftp_state_pwd(struct connectdata *conn)
-{
-  CURLcode result;
-
-  /* send PWD to discover our entry point */
-  NBFTPSENDF(conn, "PWD", NULL);
-  state(conn, FTP_PWD);
-
-  return CURLE_OK;
-}
-
-/* For the FTP "protocol connect" and "doing" phases only */
-int Curl_ftp_getsock(struct connectdata *conn,
-                     curl_socket_t *socks,
-                     int numsocks)
-{
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-
-  if(!numsocks)
-    return GETSOCK_BLANK;
-
-  socks[0] = conn->sock[FIRSTSOCKET];
-
-  if(ftpc->sendleft) {
-    /* write mode */
-    return GETSOCK_WRITESOCK(0);
-  }
-
-  /* read mode */
-  return GETSOCK_READSOCK(0);
-}
-
-/* This is called after the FTP_QUOTE state is passed.
-
-   ftp_state_cwd() sends the range of PWD commands to the server to change to
-   the correct directory. It may also need to send MKD commands to create
-   missing ones, if that option is enabled.
-*/
-static CURLcode ftp_state_cwd(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-
-  if(ftpc->cwddone)
-    /* already done and fine */
-    result = ftp_state_post_cwd(conn);
-  else {
-    ftpc->count2 = 0;
-    if (conn->bits.reuse && ftpc->entrypath) {
-      /* This is a re-used connection. Since we change directory to where the
-         transfer is taking place, we must first get back to the original dir
-         where we ended up after login: */
-      ftpc->count1 = 0; /* we count this as the first path, then we add one
-                          for all upcoming ones in the ftp->dirs[] array */
-      NBFTPSENDF(conn, "CWD %s", ftpc->entrypath);
-      state(conn, FTP_CWD);
-    }
-    else {
-      if(ftpc->dirdepth) {
-        ftpc->count1 = 1;
-        /* issue the first CWD, the rest is sent when the CWD responses are
-           received... */
-        NBFTPSENDF(conn, "CWD %s", ftpc->dirs[ftpc->count1 -1]);
-        state(conn, FTP_CWD);
-      }
-      else {
-        /* No CWD necessary */
-        result = ftp_state_post_cwd(conn);
-      }
-    }
-  }
-  return result;
-}
-
-typedef enum {
-  EPRT,
-  PORT,
-  DONE
-} ftpport;
-
-static CURLcode ftp_state_use_port(struct connectdata *conn,
-                                   ftpport fcmd) /* start with this */
-
-{
-  CURLcode result = CURLE_OK;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  struct SessionHandle *data=conn->data;
-  curl_socket_t portsock= CURL_SOCKET_BAD;
-  char myhost[256] = "";
-
-#ifdef ENABLE_IPV6
-  /******************************************************************
-   * IPv6-specific section
-   */
-  struct Curl_sockaddr_storage ss;
-  struct addrinfo *res, *ai;
-  socklen_t sslen;
-  char hbuf[NI_MAXHOST];
-  struct sockaddr *sa=(struct sockaddr *)&ss;
-  char tmp[1024];
-  const char *mode[] = { "EPRT", "PORT", NULL };
-  int rc;
-  int error;
-  char *host=NULL;
-  struct Curl_dns_entry *h=NULL;
-  unsigned short port = 0;
-
-  /* Step 1, figure out what address that is requested */
-
-  if(data->set.ftpport && (strlen(data->set.ftpport) > 1)) {
-    /* attempt to get the address of the given interface name */
-    if(!Curl_if2ip(data->set.ftpport, hbuf, sizeof(hbuf)))
-      /* not an interface, use the given string as host name instead */
-      host = data->set.ftpport;
-    else
-      host = hbuf; /* use the hbuf for host name */
-  } /* data->set.ftpport */
-
-  if(!host) {
-    /* not an interface and not a host name, get default by extracting
-       the IP from the control connection */
-
-    sslen = sizeof(ss);
-    if (getsockname(conn->sock[FIRSTSOCKET], (struct sockaddr *)&ss, &sslen)) {
-      failf(data, "getsockname() failed: %s",
-          Curl_strerror(conn, Curl_sockerrno()) );
-      return CURLE_FTP_PORT_FAILED;
-    }
-
-    if (sslen > (socklen_t)sizeof(ss))
-      sslen = sizeof(ss);
-    rc = getnameinfo((struct sockaddr *)&ss, sslen, hbuf, sizeof(hbuf), NULL,
-                     0, NIFLAGS);
-    if(rc) {
-      failf(data, "getnameinfo() returned %d \n", rc);
-      return CURLE_FTP_PORT_FAILED;
-    }
-    host = hbuf; /* use this host name */
-  }
-
-  rc = Curl_resolv(conn, host, 0, &h);
-  if(rc == CURLRESOLV_PENDING)
-    rc = Curl_wait_for_resolv(conn, &h);
-  if(h) {
-    res = h->addr;
-    /* when we return from this function, we can forget about this entry
-       to we can unlock it now already */
-    Curl_resolv_unlock(data, h);
-  } /* (h) */
-  else
-    res = NULL; /* failure! */
-
-
-  /* step 2, create a socket for the requested address */
-
-  portsock = CURL_SOCKET_BAD;
-  error = 0;
-  for (ai = res; ai; ai = ai->ai_next) {
-    /*
-     * Workaround for AIX5 getaddrinfo() problem (it doesn't set ai_socktype):
-     */
-    if (ai->ai_socktype == 0)
-      ai->ai_socktype = conn->socktype;
-
-    portsock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-    if (portsock == CURL_SOCKET_BAD) {
-      error = Curl_sockerrno();
-      continue;
-    }
-    break;
-  }
-  if(!ai) {
-    failf(data, "socket failure: %s", Curl_strerror(conn, error));
-    return CURLE_FTP_PORT_FAILED;
-  }
-
-  /* step 3, bind to a suitable local address */
-
-  /* Try binding the given address. */
-  if (bind(portsock, ai->ai_addr, ai->ai_addrlen)) {
-
-    /* It failed. Bind the address used for the control connection instead */
-    sslen = sizeof(ss);
-    if (getsockname(conn->sock[FIRSTSOCKET],
-                    (struct sockaddr *)sa, &sslen)) {
-      failf(data, "getsockname() failed: %s",
-          Curl_strerror(conn, Curl_sockerrno()) );
-      sclose(portsock);
-      return CURLE_FTP_PORT_FAILED;
-    }
-
-    /* set port number to zero to make bind() pick "any" */
-    if(((struct sockaddr *)sa)->sa_family == AF_INET)
-      ((struct sockaddr_in *)sa)->sin_port=0;
-    else
-      ((struct sockaddr_in6 *)sa)->sin6_port =0;
-
-    if (sslen > (socklen_t)sizeof(ss))
-      sslen = sizeof(ss);
-
-    if(bind(portsock, (struct sockaddr *)sa, sslen)) {
-      failf(data, "bind failed: %s", Curl_strerror(conn, Curl_sockerrno()));
-      sclose(portsock);
-      return CURLE_FTP_PORT_FAILED;
-    }
-  }
-
-  /* get the name again after the bind() so that we can extract the
-     port number it uses now */
-  sslen = sizeof(ss);
-  if(getsockname(portsock, (struct sockaddr *)sa, &sslen)) {
-    failf(data, "getsockname() failed: %s",
-          Curl_strerror(conn, Curl_sockerrno()) );
-    sclose(portsock);
-    return CURLE_FTP_PORT_FAILED;
-  }
-
-  /* step 4, listen on the socket */
-
-  if (listen(portsock, 1)) {
-    failf(data, "socket failure: %s", Curl_strerror(conn, Curl_sockerrno()));
-    sclose(portsock);
-    return CURLE_FTP_PORT_FAILED;
-  }
-
-  /* step 5, send the proper FTP command */
-
-  /* get a plain printable version of the numerical address to work with
-     below */
-  Curl_printable_address(ai, myhost, sizeof(myhost));
-
-#ifdef PF_INET6
-  if(!conn->bits.ftp_use_eprt && conn->bits.ipv6)
-    /* EPRT is disabled but we are connected to a IPv6 host, so we ignore the
-       request and enable EPRT again! */
-    conn->bits.ftp_use_eprt = TRUE;
-#endif
-
-  for (; fcmd != DONE; fcmd++) {
-
-    if(!conn->bits.ftp_use_eprt && (EPRT == fcmd))
-      /* if disabled, goto next */
-      continue;
-
-    switch (sa->sa_family) {
-    case AF_INET:
-      port = ntohs(((struct sockaddr_in *)sa)->sin_port);
-      break;
-    case AF_INET6:
-      port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
-      break;
-    default:
-      break;
-    }
-
-    if (EPRT == fcmd) {
-      /*
-       * Two fine examples from RFC2428;
-       *
-       * EPRT |1|132.235.1.2|6275|
-       *
-       * EPRT |2|1080::8:800:200C:417A|5282|
-       */
-
-      result = Curl_nbftpsendf(conn, "%s |%d|%s|%d|", mode[fcmd],
-                               ai->ai_family == AF_INET?1:2,
-                               myhost, port);
-      if(result)
-        return result;
-      break;
-    }
-    else if (PORT == fcmd) {
-      char *source = myhost;
-      char *dest = tmp;
-
-      if ((PORT == fcmd) && ai->ai_family != AF_INET)
-        continue;
-
-      /* translate x.x.x.x to x,x,x,x */
-      while(source && *source) {
-        if(*source == '.')
-          *dest=',';
-        else
-          *dest = *source;
-        dest++;
-        source++;
-      }
-      *dest = 0;
-      snprintf(dest, 20, ",%d,%d", port>>8, port&0xff);
-
-      result = Curl_nbftpsendf(conn, "%s %s", mode[fcmd], tmp);
-      if(result)
-        return result;
-      break;
-    }
-  }
-
-  /* store which command was sent */
-  ftpc->count1 = fcmd;
-
-  /* we set the secondary socket variable to this for now, it is only so that
-     the cleanup function will close it in case we fail before the true
-     secondary stuff is made */
-  if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
-    sclose(conn->sock[SECONDARYSOCKET]);
-  conn->sock[SECONDARYSOCKET] = portsock;
-
-#else
-  /******************************************************************
-   * IPv4-specific section
-   */
-  struct sockaddr_in sa;
-  unsigned short porttouse;
-  bool sa_filled_in = FALSE;
-  Curl_addrinfo *addr = NULL;
-  unsigned short ip[4];
-  bool freeaddr = TRUE;
-  socklen_t sslen = sizeof(sa);
-
-  (void)fcmd; /* not used in the IPv4 code */
-  if(data->set.ftpport) {
-    in_addr_t in;
-
-    /* First check if the given name is an IP address */
-    in=inet_addr(data->set.ftpport);
-
-    if(in != CURL_INADDR_NONE)
-      /* this is an IPv4 address */
-      addr = Curl_ip2addr(in, data->set.ftpport, 0);
-    else {
-      if(Curl_if2ip(data->set.ftpport, myhost, sizeof(myhost))) {
-        /* The interface to IP conversion provided a dotted address */
-        in=inet_addr(myhost);
-        addr = Curl_ip2addr(in, myhost, 0);
-      }
-      else if(strlen(data->set.ftpport)> 1) {
-        /* might be a host name! */
-        struct Curl_dns_entry *h=NULL;
-        int rc = Curl_resolv(conn, data->set.ftpport, 0, &h);
-        if(rc == CURLRESOLV_PENDING)
-          /* BLOCKING */
-          rc = Curl_wait_for_resolv(conn, &h);
-        if(h) {
-          addr = h->addr;
-          /* when we return from this function, we can forget about this entry
-             so we can unlock it now already */
-          Curl_resolv_unlock(data, h);
-
-          freeaddr = FALSE; /* make sure we don't free 'addr' in this function
-                               since it points to a DNS cache entry! */
-        } /* (h) */
-        else {
-          infof(data, "Failed to resolve host name %s\n", data->set.ftpport);
-        }
-      } /* strlen */
-    } /* CURL_INADDR_NONE */
-  } /* data->set.ftpport */
-
-  if(!addr) {
-    /* pick a suitable default here */
-
-    if (getsockname(conn->sock[FIRSTSOCKET],
-                    (struct sockaddr *)&sa, &sslen)) {
-      failf(data, "getsockname() failed: %s",
-          Curl_strerror(conn, Curl_sockerrno()) );
-      return CURLE_FTP_PORT_FAILED;
-    }
-    if (sslen > (socklen_t)sizeof(sa))
-      sslen = sizeof(sa);
-
-    sa_filled_in = TRUE; /* the sa struct is filled in */
-  }
-
-  if (addr || sa_filled_in) {
-    portsock = socket(AF_INET, SOCK_STREAM, 0);
-    if(CURL_SOCKET_BAD != portsock) {
-
-      /* we set the secondary socket variable to this for now, it
-         is only so that the cleanup function will close it in case
-         we fail before the true secondary stuff is made */
-      if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
-        sclose(conn->sock[SECONDARYSOCKET]);
-      conn->sock[SECONDARYSOCKET] = portsock;
-
-      if(!sa_filled_in) {
-        memcpy(&sa, addr->ai_addr, sslen);
-        sa.sin_addr.s_addr = INADDR_ANY;
-      }
-
-      sa.sin_port = 0;
-      sslen = sizeof(sa);
-
-      if(bind(portsock, (struct sockaddr *)&sa, sslen) == 0) {
-        /* we succeeded to bind */
-        struct sockaddr_in add;
-        socklen_t socksize = sizeof(add);
-
-        if(getsockname(portsock, (struct sockaddr *) &add,
-                       &socksize)) {
-          failf(data, "getsockname() failed: %s",
-            Curl_strerror(conn, Curl_sockerrno()) );
-          return CURLE_FTP_PORT_FAILED;
-        }
-        porttouse = ntohs(add.sin_port);
-
-        if ( listen(portsock, 1) < 0 ) {
-          failf(data, "listen(2) failed on socket");
-          return CURLE_FTP_PORT_FAILED;
-        }
-      }
-      else {
-        failf(data, "bind(2) failed on socket");
-        return CURLE_FTP_PORT_FAILED;
-      }
-    }
-    else {
-      failf(data, "socket(2) failed (%s)");
-      return CURLE_FTP_PORT_FAILED;
-    }
-  }
-  else {
-    failf(data, "couldn't find IP address to use");
-    return CURLE_FTP_PORT_FAILED;
-  }
-
-  if(sa_filled_in)
-    Curl_inet_ntop(AF_INET, &((struct sockaddr_in *)&sa)->sin_addr,
-                   myhost, sizeof(myhost));
-  else
-    Curl_printable_address(addr, myhost, sizeof(myhost));
-
-  if(4 == sscanf(myhost, "%hu.%hu.%hu.%hu",
-                 &ip[0], &ip[1], &ip[2], &ip[3])) {
-
-    infof(data, "Telling server to connect to %d.%d.%d.%d:%d\n",
-          ip[0], ip[1], ip[2], ip[3], porttouse);
-
-    result=Curl_nbftpsendf(conn, "PORT %d,%d,%d,%d,%d,%d",
-                           ip[0], ip[1], ip[2], ip[3],
-                           porttouse >> 8, porttouse & 255);
-    if(result)
-      return result;
-  }
-  else
-    return CURLE_FTP_PORT_FAILED;
-
-  if(freeaddr)
-    Curl_freeaddrinfo(addr);
-
-  ftpc->count1 = PORT;
-
-#endif /* end of ipv4-specific code */
-
-  /* this tcpconnect assignment below is a hackish work-around to make the
-     multi interface with active FTP work - as it will not wait for a
-     (passive) connect in Curl_is_connected().
-
-     The *proper* fix is to make sure that the active connection from the
-     server is done in a non-blocking way. Currently, it is still BLOCKING.
-  */
-  conn->bits.tcpconnect = TRUE;
-
-  state(conn, FTP_PORT);
-  return result;
-}
-
-static CURLcode ftp_state_use_pasv(struct connectdata *conn)
-{
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  CURLcode result = CURLE_OK;
-  /*
-    Here's the excecutive summary on what to do:
-
-    PASV is RFC959, expect:
-    227 Entering Passive Mode (a1,a2,a3,a4,p1,p2)
-
-    LPSV is RFC1639, expect:
-    228 Entering Long Passive Mode (4,4,a1,a2,a3,a4,2,p1,p2)
-
-    EPSV is RFC2428, expect:
-    229 Entering Extended Passive Mode (|||port|)
-
-  */
-
-  const char *mode[] = { "EPSV", "PASV", NULL };
-  int modeoff;
-
-#ifdef PF_INET6
-  if(!conn->bits.ftp_use_epsv && conn->bits.ipv6)
-    /* EPSV is disabled but we are connected to a IPv6 host, so we ignore the
-       request and enable EPSV again! */
-    conn->bits.ftp_use_epsv = TRUE;
-#endif
-
-  modeoff = conn->bits.ftp_use_epsv?0:1;
-
-  result = Curl_nbftpsendf(conn, "%s", mode[modeoff]);
-  if(result)
-    return result;
-
-  ftpc->count1 = modeoff;
-  state(conn, FTP_PASV);
-  infof(conn->data, "Connect data stream passively\n");
-
-  return result;
-}
-
-/* REST is the last command in the chain of commands when a "head"-like
-   request is made. Thus, if an actual transfer is to be made this is where
-   we take off for real. */
-static CURLcode ftp_state_post_rest(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-  struct SessionHandle *data = conn->data;
-
-  if(ftp->no_transfer || conn->bits.no_body) {
-    /* doesn't transfer any data */
-    ftp->no_transfer = TRUE;
-
-    /* still possibly do PRE QUOTE jobs */
-    state(conn, FTP_RETR_PREQUOTE);
-    result = ftp_state_quote(conn, TRUE, FTP_RETR_PREQUOTE);
-  }
-  else if(data->set.ftp_use_port) {
-    /* We have chosen to use the PORT (or similar) command */
-    result = ftp_state_use_port(conn, EPRT);
-  }
-  else {
-    /* We have chosen (this is default) to use the PASV (or similar) command */
-    result = ftp_state_use_pasv(conn);
-  }
-  return result;
-}
-
-static CURLcode ftp_state_post_size(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-
-  if(ftp->no_transfer) {
-    /* if a "head"-like request is being made */
-
-    /* Determine if server can respond to REST command and therefore
-       whether it supports range */
-    NBFTPSENDF(conn, "REST %d", 0);
-
-    state(conn, FTP_REST);
-  }
-  else
-    result = ftp_state_post_rest(conn);
-
-  return result;
-}
-
-static CURLcode ftp_state_post_type(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-
-  if(ftp->no_transfer) {
-    /* if a "head"-like request is being made */
-
-    /* we know ftp->file is a valid pointer to a file name */
-    NBFTPSENDF(conn, "SIZE %s", ftp->file);
-
-    state(conn, FTP_SIZE);
-  }
-  else
-    result = ftp_state_post_size(conn);
-
-  return result;
-}
-
-static CURLcode ftp_state_post_listtype(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-
-  /* If this output is to be machine-parsed, the NLST command might be better
-     to use, since the LIST command output is not specified or standard in any
-     way. It has turned out that the NLST list output is not the same on all
-     servers either... */
-
-  NBFTPSENDF(conn, "%s",
-             data->set.customrequest?data->set.customrequest:
-             (data->set.ftp_list_only?"NLST":"LIST"));
-
-  state(conn, FTP_LIST);
-
-  return result;
-}
-
-static CURLcode ftp_state_post_retrtype(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-
-  /* We've sent the TYPE, now we must send the list of prequote strings */
-
-  result = ftp_state_quote(conn, TRUE, FTP_RETR_PREQUOTE);
-
-  return result;
-}
-
-static CURLcode ftp_state_post_stortype(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-
-  /* We've sent the TYPE, now we must send the list of prequote strings */
-
-  result = ftp_state_quote(conn, TRUE, FTP_STOR_PREQUOTE);
-
-  return result;
-}
-
-static CURLcode ftp_state_post_mdtm(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-  struct SessionHandle *data = conn->data;
-
-  /* If we have selected NOBODY and HEADER, it means that we only want file
-     information. Which in FTP can't be much more than the file size and
-     date. */
-  if(conn->bits.no_body && data->set.include_header && ftp->file &&
-     ftp_need_type(conn, data->set.prefer_ascii)) {
-    /* The SIZE command is _not_ RFC 959 specified, and therefor many servers
-       may not support it! It is however the only way we have to get a file's
-       size! */
-
-    ftp->no_transfer = TRUE; /* this means no actual transfer will be made */
-
-    /* Some servers return different sizes for different modes, and thus we
-       must set the proper type before we check the size */
-    result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_TYPE);
-    if (result)
-      return result;
-  }
-  else
-    result = ftp_state_post_type(conn);
-
-  return result;
-}
-
-/* This is called after the CWD commands have been done in the beginning of
-   the DO phase */
-static CURLcode ftp_state_post_cwd(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-  struct SessionHandle *data = conn->data;
-
-  /* Requested time of file or time-depended transfer? */
-  if((data->set.get_filetime || data->set.timecondition) && ftp->file) {
-
-    /* we have requested to get the modified-time of the file, this is a white
-       spot as the MDTM is not mentioned in RFC959 */
-    NBFTPSENDF(conn, "MDTM %s", ftp->file);
-
-    state(conn, FTP_MDTM);
-  }
-  else
-    result = ftp_state_post_mdtm(conn);
-
-  return result;
-}
-
-
-/* This is called after the TYPE and possible quote commands have been sent */
-static CURLcode ftp_state_ul_setup(struct connectdata *conn,
-                                   bool sizechecked)
-{
-  CURLcode result = CURLE_OK;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-  struct SessionHandle *data = conn->data;
-  curl_off_t passed=0;
-
-  if((data->reqdata.resume_from && !sizechecked) ||
-     ((data->reqdata.resume_from > 0) && sizechecked)) {
-    /* we're about to continue the uploading of a file */
-    /* 1. get already existing file's size. We use the SIZE command for this
-       which may not exist in the server!  The SIZE command is not in
-       RFC959. */
-
-    /* 2. This used to set REST. But since we can do append, we
-       don't another ftp command. We just skip the source file
-       offset and then we APPEND the rest on the file instead */
-
-    /* 3. pass file-size number of bytes in the source file */
-    /* 4. lower the infilesize counter */
-    /* => transfer as usual */
-
-    if(data->reqdata.resume_from < 0 ) {
-      /* Got no given size to start from, figure it out */
-      NBFTPSENDF(conn, "SIZE %s", ftp->file);
-      state(conn, FTP_STOR_SIZE);
-      return result;
-    }
-
-    /* enable append */
-    data->set.ftp_append = TRUE;
-
-    /* Let's read off the proper amount of bytes from the input. If we knew it
-       was a proper file we could've just fseek()ed but we only have a stream
-       here */
-
-    /* TODO: allow the ioctlfunction to provide a fast forward function that
-       can be used here and use this method only as a fallback! */
-    do {
-      curl_off_t readthisamountnow = (data->reqdata.resume_from - passed);
-      curl_off_t actuallyread;
-
-      if(readthisamountnow > BUFSIZE)
-        readthisamountnow = BUFSIZE;
-
-      actuallyread = (curl_off_t)
-        conn->fread(data->state.buffer, 1, (size_t)readthisamountnow,
-                    conn->fread_in);
-
-      passed += actuallyread;
-      if(actuallyread != readthisamountnow) {
-        failf(data, "Could only read %" FORMAT_OFF_T
-              " bytes from the input", passed);
-        return CURLE_FTP_COULDNT_USE_REST;
-      }
-    } while(passed != data->reqdata.resume_from);
-
-    /* now, decrease the size of the read */
-    if(data->set.infilesize>0) {
-      data->set.infilesize -= data->reqdata.resume_from;
-
-      if(data->set.infilesize <= 0) {
-        infof(data, "File already completely uploaded\n");
-
-        /* no data to transfer */
-        result=Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
-
-        /* Set no_transfer so that we won't get any error in
-         * Curl_ftp_done() because we didn't transfer anything! */
-        ftp->no_transfer = TRUE;
-
-        state(conn, FTP_STOP);
-        return CURLE_OK;
-      }
-    }
-    /* we've passed, proceed as normal */
-  } /* resume_from */
-
-  NBFTPSENDF(conn, data->set.ftp_append?"APPE %s":"STOR %s",
-             ftp->file);
-
-  state(conn, FTP_STOR);
-
-  return result;
-}
-
-static CURLcode ftp_state_quote(struct connectdata *conn,
-                                bool init,
-                                ftpstate instate)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  struct FTP *ftp = data->reqdata.proto.ftp;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  bool quote=FALSE;
-  struct curl_slist *item;
-
-  switch(instate) {
-  case FTP_QUOTE:
-  default:
-    item = data->set.quote;
-    break;
-  case FTP_RETR_PREQUOTE:
-  case FTP_STOR_PREQUOTE:
-    item = data->set.prequote;
-    break;
-  case FTP_POSTQUOTE:
-    item = data->set.postquote;
-    break;
-  }
-
-  if(init)
-    ftpc->count1 = 0;
-  else
-    ftpc->count1++;
-
-  if(item) {
-    int i = 0;
-
-    /* Skip count1 items in the linked list */
-    while((i< ftpc->count1) && item) {
-      item = item->next;
-      i++;
-    }
-    if(item) {
-      NBFTPSENDF(conn, "%s", item->data);
-      state(conn, instate);
-      quote = TRUE;
-    }
-  }
-
-  if(!quote) {
-    /* No more quote to send, continue to ... */
-    switch(instate) {
-    case FTP_QUOTE:
-    default:
-      result = ftp_state_cwd(conn);
-      break;
-    case FTP_RETR_PREQUOTE:
-      if (ftp->no_transfer)
-        state(conn, FTP_STOP);
-      else {
-        NBFTPSENDF(conn, "SIZE %s", ftp->file);
-        state(conn, FTP_RETR_SIZE);
-      }
-      break;
-    case FTP_STOR_PREQUOTE:
-      result = ftp_state_ul_setup(conn, FALSE);
-      break;
-    case FTP_POSTQUOTE:
-      break;
-    }
-  }
-
-  return result;
-}
-
-static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
-                                    int ftpcode)
-{
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  CURLcode result;
-  struct SessionHandle *data=conn->data;
-  Curl_addrinfo *conninfo;
-  struct Curl_dns_entry *addr=NULL;
-  int rc;
-  unsigned short connectport; /* the local port connect() should use! */
-  unsigned short newport=0; /* remote port */
-  bool connected;
-
-  /* newhost must be able to hold a full IP-style address in ASCII, which
-     in the IPv6 case means 5*8-1 = 39 letters */
-#define NEWHOST_BUFSIZE 48
-  char newhost[NEWHOST_BUFSIZE];
-  char *str=&data->state.buffer[4];  /* start on the first letter */
-
-  if((ftpc->count1 == 0) &&
-     (ftpcode == 229)) {
-    /* positive EPSV response */
-    char *ptr = strchr(str, '(');
-    if(ptr) {
-      unsigned int num;
-      char separator[4];
-      ptr++;
-      if(5  == sscanf(ptr, "%c%c%c%u%c",
-                      &separator[0],
-                      &separator[1],
-                      &separator[2],
-                      &num,
-                      &separator[3])) {
-        const char sep1 = separator[0];
-        int i;
-
-        /* The four separators should be identical, or else this is an oddly
-           formatted reply and we bail out immediately. */
-        for(i=1; i<4; i++) {
-          if(separator[i] != sep1) {
-            ptr=NULL; /* set to NULL to signal error */
-            break;
-          }
-        }
-        if(ptr) {
-          newport = num;
-
-          if (conn->bits.tunnel_proxy)
-            /* proxy tunnel -> use other host info because ip_addr_str is the
-               proxy address not the ftp host */
-            snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
-          else
-            /* use the same IP we are already connected to */
-            snprintf(newhost, NEWHOST_BUFSIZE, "%s", conn->ip_addr_str);
-        }
-      }
-      else
-        ptr=NULL;
-    }
-    if(!ptr) {
-      failf(data, "Weirdly formatted EPSV reply");
-      return CURLE_FTP_WEIRD_PASV_REPLY;
-    }
-  }
-  else if((ftpc->count1 == 1) &&
-          (ftpcode == 227)) {
-    /* positive PASV response */
-    int ip[4];
-    int port[2];
-
-    /*
-     * Scan for a sequence of six comma-separated numbers and use them as
-     * IP+port indicators.
-     *
-     * Found reply-strings include:
-     * "227 Entering Passive Mode (127,0,0,1,4,51)"
-     * "227 Data transfer will passively listen to 127,0,0,1,4,51"
-     * "227 Entering passive mode. 127,0,0,1,4,51"
-     */
-    while(*str) {
-      if (6 == sscanf(str, "%d,%d,%d,%d,%d,%d",
-                      &ip[0], &ip[1], &ip[2], &ip[3],
-                      &port[0], &port[1]))
-        break;
-      str++;
-    }
-
-    if(!*str) {
-      failf(data, "Couldn't interpret the 227-response");
-      return CURLE_FTP_WEIRD_227_FORMAT;
-    }
-
-    /* we got OK from server */
-    if(data->set.ftp_skip_ip) {
-      /* told to ignore the remotely given IP but instead use the one we used
-         for the control connection */
-      infof(data, "Skips %d.%d.%d.%d for data connection, uses %s instead\n",
-            ip[0], ip[1], ip[2], ip[3],
-            conn->ip_addr_str);
-      if (conn->bits.tunnel_proxy)
-        /* proxy tunnel -> use other host info because ip_addr_str is the
-           proxy address not the ftp host */
-        snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
-      else
-        snprintf(newhost, sizeof(newhost), "%s", conn->ip_addr_str);
-    }
-    else
-      snprintf(newhost, sizeof(newhost),
-               "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
-    newport = (port[0]<<8) + port[1];
-  }
-  else if(ftpc->count1 == 0) {
-    /* EPSV failed, move on to PASV */
-
-    /* disable it for next transfer */
-    conn->bits.ftp_use_epsv = FALSE;
-    infof(data, "disabling EPSV usage\n");
-
-    NBFTPSENDF(conn, "PASV", NULL);
-    ftpc->count1++;
-    /* remain in the FTP_PASV state */
-    return result;
-  }
-  else {
-    failf(data, "Bad PASV/EPSV response: %03d", ftpcode);
-    return CURLE_FTP_WEIRD_PASV_REPLY;
-  }
-
-  if(data->set.proxy && *data->set.proxy) {
-    /*
-     * This is a tunnel through a http proxy and we need to connect to the
-     * proxy again here.
-     *
-     * We don't want to rely on a former host lookup that might've expired
-     * now, instead we remake the lookup here and now!
-     */
-    rc = Curl_resolv(conn, conn->proxy.name, (int)conn->port, &addr);
-    if(rc == CURLRESOLV_PENDING)
-      /* BLOCKING */
-      rc = Curl_wait_for_resolv(conn, &addr);
-
-    connectport =
-      (unsigned short)conn->port; /* we connect to the proxy's port */
-
-  }
-  else {
-    /* normal, direct, ftp connection */
-    rc = Curl_resolv(conn, newhost, newport, &addr);
-    if(rc == CURLRESOLV_PENDING)
-      /* BLOCKING */
-      rc = Curl_wait_for_resolv(conn, &addr);
-
-    if(!addr) {
-      failf(data, "Can't resolve new host %s:%d", newhost, newport);
-      return CURLE_FTP_CANT_GET_HOST;
-    }
-    connectport = newport; /* we connect to the remote port */
-  }
-
-  result = Curl_connecthost(conn,
-                            addr,
-                            &conn->sock[SECONDARYSOCKET],
-                            &conninfo,
-                            &connected);
-
-  Curl_resolv_unlock(data, addr); /* we're done using this address */
-
-  if (result && ftpc->count1 == 0 && ftpcode == 229) {
-    infof(data, "got positive EPSV response, but can't connect. "
-          "Disabling EPSV\n");
-    /* disable it for next transfer */
-    conn->bits.ftp_use_epsv = FALSE;
-    data->state.errorbuf = FALSE; /* allow error message to get rewritten */
-    NBFTPSENDF(conn, "PASV", NULL);
-    ftpc->count1++;
-    /* remain in the FTP_PASV state */
-    return result;
- }
-
-  if(result)
-    return result;
-
-  conn->bits.tcpconnect = connected; /* simply TRUE or FALSE */
-
-  /*
-   * When this is used from the multi interface, this might've returned with
-   * the 'connected' set to FALSE and thus we are now awaiting a non-blocking
-   * connect to connect and we should not be "hanging" here waiting.
-   */
-
-  if(data->set.verbose)
-    /* this just dumps information about this second connection */
-    ftp_pasv_verbose(conn, conninfo, newhost, connectport);
-
-#ifndef CURL_DISABLE_HTTP
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* FIX: this MUST wait for a proper connect first if 'connected' is
-     * FALSE */
-
-    /* BLOCKING */
-    /* We want "seamless" FTP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want FTP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * FTP pointer
-     */
-    struct HTTP http_proxy;
-    struct FTP *ftp_save = data->reqdata.proto.ftp;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->reqdata.proto.http = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport);
-
-    data->reqdata.proto.ftp = ftp_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-#endif   /* CURL_DISABLE_HTTP */
-
-  state(conn, FTP_STOP); /* this phase is completed */
-
-  return result;
-}
-
-static CURLcode ftp_state_port_resp(struct connectdata *conn,
-                                    int ftpcode)
-{
-  struct SessionHandle *data = conn->data;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  ftpport fcmd = (ftpport)ftpc->count1;
-  CURLcode result = CURLE_OK;
-
-  if(ftpcode != 200) {
-    /* the command failed */
-
-    if (EPRT == fcmd) {
-      infof(data, "disabling EPRT usage\n");
-      conn->bits.ftp_use_eprt = FALSE;
-    }
-    fcmd++;
-
-    if(fcmd == DONE) {
-      failf(data, "Failed to do PORT");
-      result = CURLE_FTP_PORT_FAILED;
-    }
-    else
-      /* try next */
-      result = ftp_state_use_port(conn, fcmd);
-  }
-  else {
-    infof(data, "Connect data stream actively\n");
-    state(conn, FTP_STOP); /* end of DO phase */
-  }
-
-  return result;
-}
-
-static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
-                                    int ftpcode)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data=conn->data;
-  struct FTP *ftp = data->reqdata.proto.ftp;
-
-  switch(ftpcode) {
-  case 213:
-    {
-      /* we got a time. Format should be: "YYYYMMDDHHMMSS[.sss]" where the
-         last .sss part is optional and means fractions of a second */
-      int year, month, day, hour, minute, second;
-      char *buf = data->state.buffer;
-      if(6 == sscanf(buf+4, "%04d%02d%02d%02d%02d%02d",
-                     &year, &month, &day, &hour, &minute, &second)) {
-        /* we have a time, reformat it */
-        time_t secs=time(NULL);
-        /* using the good old yacc/bison yuck */
-        snprintf(buf, sizeof(conn->data->state.buffer),
-                 "%04d%02d%02d %02d:%02d:%02d GMT",
-                 year, month, day, hour, minute, second);
-        /* now, convert this into a time() value: */
-        data->info.filetime = (long)curl_getdate(buf, &secs);
-      }
-
-      /* If we asked for a time of the file and we actually got one as well,
-         we "emulate" a HTTP-style header in our output. */
-
-      if(conn->bits.no_body &&
-         data->set.include_header &&
-         ftp->file &&
-         data->set.get_filetime &&
-         (data->info.filetime>=0) ) {
-        struct tm *tm;
-        time_t clock = (time_t)data->info.filetime;
-#ifdef HAVE_GMTIME_R
-        struct tm buffer;
-        tm = (struct tm *)gmtime_r(&clock, &buffer);
-#else
-        tm = gmtime(&clock);
-#endif
-        /* format: "Tue, 15 Nov 1994 12:45:26" */
-        snprintf(buf, BUFSIZE-1,
-                 "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
-                 Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
-                 tm->tm_mday,
-                 Curl_month[tm->tm_mon],
-                 tm->tm_year + 1900,
-                 tm->tm_hour,
-                 tm->tm_min,
-                 tm->tm_sec);
-        result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
-        if(result)
-          return result;
-      } /* end of a ridiculous amount of conditionals */
-    }
-    break;
-  default:
-    infof(data, "unsupported MDTM reply format\n");
-    break;
-  case 550: /* "No such file or directory" */
-    failf(data, "Given file does not exist");
-    result = CURLE_FTP_COULDNT_RETR_FILE;
-    break;
-  }
-
-  if(data->set.timecondition) {
-    if((data->info.filetime > 0) && (data->set.timevalue > 0)) {
-      switch(data->set.timecondition) {
-      case CURL_TIMECOND_IFMODSINCE:
-      default:
-        if(data->info.filetime <= data->set.timevalue) {
-          infof(data, "The requested document is not new enough\n");
-          ftp->no_transfer = TRUE; /* mark this to not transfer data */
-          state(conn, FTP_STOP);
-          return CURLE_OK;
-        }
-        break;
-      case CURL_TIMECOND_IFUNMODSINCE:
-        if(data->info.filetime > data->set.timevalue) {
-          infof(data, "The requested document is not old enough\n");
-          ftp->no_transfer = TRUE; /* mark this to not transfer data */
-          state(conn, FTP_STOP);
-          return CURLE_OK;
-        }
-        break;
-      } /* switch */
-    }
-    else {
-      infof(data, "Skipping time comparison\n");
-    }
-  }
-
-  if(!result)
-    result = ftp_state_post_mdtm(conn);
-
-  return result;
-}
-
-static CURLcode ftp_state_type_resp(struct connectdata *conn,
-                                    int ftpcode,
-                                    ftpstate instate)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data=conn->data;
-
-  if(ftpcode/100 != 2) {
-    /* "sasserftpd" and "(u)r(x)bot ftpd" both responds with 226 after a
-       successful 'TYPE I'. While that is not as RFC959 says, it is still a
-       positive response code and we allow that. */
-    failf(data, "Couldn't set desired mode");
-    return CURLE_FTP_COULDNT_SET_BINARY; /* FIX */
-  }
-  if(ftpcode != 200)
-    infof(data, "Got a %03d response code instead of the assumed 200\n",
-          ftpcode);
-
-  if(instate == FTP_TYPE)
-    result = ftp_state_post_type(conn);
-  else if(instate == FTP_LIST_TYPE)
-    result = ftp_state_post_listtype(conn);
-  else if(instate == FTP_RETR_TYPE)
-    result = ftp_state_post_retrtype(conn);
-  else if(instate == FTP_STOR_TYPE)
-    result = ftp_state_post_stortype(conn);
-
-  return result;
-}
-
-static CURLcode ftp_state_post_retr_size(struct connectdata *conn,
-                                         curl_off_t filesize)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data=conn->data;
-  struct FTP *ftp = data->reqdata.proto.ftp;
-
-  if (data->set.max_filesize && (filesize > data->set.max_filesize)) {
-    failf(data, "Maximum file size exceeded");
-    return CURLE_FILESIZE_EXCEEDED;
-  }
-  ftp->downloadsize = filesize;
-
-  if(data->reqdata.resume_from) {
-    /* We always (attempt to) get the size of downloads, so it is done before
-       this even when not doing resumes. */
-    if(filesize == -1) {
-      infof(data, "ftp server doesn't support SIZE\n");
-      /* We couldn't get the size and therefore we can't know if there really
-         is a part of the file left to get, although the server will just
-         close the connection when we start the connection so it won't cause
-         us any harm, just not make us exit as nicely. */
-    }
-    else {
-      /* We got a file size report, so we check that there actually is a
-         part of the file left to get, or else we go home.  */
-      if(data->reqdata.resume_from< 0) {
-        /* We're supposed to download the last abs(from) bytes */
-        if(filesize < -data->reqdata.resume_from) {
-          failf(data, "Offset (%" FORMAT_OFF_T
-                ") was beyond file size (%" FORMAT_OFF_T ")",
-                data->reqdata.resume_from, filesize);
-          return CURLE_BAD_DOWNLOAD_RESUME;
-        }
-        /* convert to size to download */
-        ftp->downloadsize = -data->reqdata.resume_from;
-        /* download from where? */
-        data->reqdata.resume_from = filesize - ftp->downloadsize;
-      }
-      else {
-        if(filesize < data->reqdata.resume_from) {
-          failf(data, "Offset (%" FORMAT_OFF_T
-                ") was beyond file size (%" FORMAT_OFF_T ")",
-                data->reqdata.resume_from, filesize);
-          return CURLE_BAD_DOWNLOAD_RESUME;
-        }
-        /* Now store the number of bytes we are expected to download */
-        ftp->downloadsize = filesize-data->reqdata.resume_from;
-      }
-    }
-
-    if(ftp->downloadsize == 0) {
-      /* no data to transfer */
-      result = Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
-      infof(data, "File already completely downloaded\n");
-
-      /* Set no_transfer so that we won't get any error in Curl_ftp_done()
-       * because we didn't transfer the any file */
-      ftp->no_transfer = TRUE;
-      state(conn, FTP_STOP);
-      return CURLE_OK;
-    }
-
-    /* Set resume file transfer offset */
-    infof(data, "Instructs server to resume from offset %" FORMAT_OFF_T
-          "\n", data->reqdata.resume_from);
-
-    NBFTPSENDF(conn, "REST %" FORMAT_OFF_T, data->reqdata.resume_from);
-
-    state(conn, FTP_RETR_REST);
-
-  }
-  else {
-    /* no resume */
-    NBFTPSENDF(conn, "RETR %s", ftp->file);
-    state(conn, FTP_RETR);
-  }
-
-  return result;
-}
-
-static CURLcode ftp_state_size_resp(struct connectdata *conn,
-                                    int ftpcode,
-                                    ftpstate instate)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data=conn->data;
-  curl_off_t filesize;
-  char *buf = data->state.buffer;
-
-  /* get the size from the ascii string: */
-  filesize = (ftpcode == 213)?curlx_strtoofft(buf+4, NULL, 0):-1;
-
-  if(instate == FTP_SIZE) {
-    if(-1 != filesize) {
-      snprintf(buf, sizeof(data->state.buffer),
-               "Content-Length: %" FORMAT_OFF_T "\r\n", filesize);
-      result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
-      if(result)
-        return result;
-    }
-    result = ftp_state_post_size(conn);
-  }
-  else if(instate == FTP_RETR_SIZE)
-    result = ftp_state_post_retr_size(conn, filesize);
-  else if(instate == FTP_STOR_SIZE) {
-    data->reqdata.resume_from = filesize;
-    result = ftp_state_ul_setup(conn, TRUE);
-  }
-
-  return result;
-}
-
-static CURLcode ftp_state_rest_resp(struct connectdata *conn,
-                                    int ftpcode,
-                                    ftpstate instate)
-{
-  CURLcode result = CURLE_OK;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-
-  switch(instate) {
-  case FTP_REST:
-  default:
-    if (ftpcode == 350) {
-      result = Curl_client_write(conn, CLIENTWRITE_BOTH,
-                               (char *)"Accept-ranges: bytes\r\n", 0);
-      if(result)
-        return result;
-    }
-
-    result = ftp_state_post_rest(conn);
-    break;
-
-  case FTP_RETR_REST:
-    if (ftpcode != 350) {
-      failf(conn->data, "Couldn't use REST");
-      result = CURLE_FTP_COULDNT_USE_REST;
-    }
-    else {
-      NBFTPSENDF(conn, "RETR %s", ftp->file);
-      state(conn, FTP_RETR);
-    }
-    break;
-  }
-
-  return result;
-}
-
-static CURLcode ftp_state_stor_resp(struct connectdata *conn,
-                                    int ftpcode)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  struct FTP *ftp = data->reqdata.proto.ftp;
-
-  if(ftpcode>=400) {
-    failf(data, "Failed FTP upload: %0d", ftpcode);
-    /* oops, we never close the sockets! */
-    return CURLE_FTP_COULDNT_STOR_FILE;
-  }
-
-  if(data->set.ftp_use_port) {
-    /* BLOCKING */
-    /* PORT means we are now awaiting the server to connect to us. */
-    result = AllowServerConnect(conn);
-    if( result )
-      return result;
-  }
-
-  if(conn->ssl[SECONDARYSOCKET].use) {
-    /* since we only have a plaintext TCP connection here, we must now
-       do the TLS stuff */
-    infof(data, "Doing the SSL/TLS handshake on the data stream\n");
-    /* BLOCKING */
-    result = Curl_ssl_connect(conn, SECONDARYSOCKET);
-    if(result)
-      return result;
-  }
-
-  *(ftp->bytecountp)=0;
-
-  /* When we know we're uploading a specified file, we can get the file
-     size prior to the actual upload. */
-
-  Curl_pgrsSetUploadSize(data, data->set.infilesize);
-
-  result = Curl_setup_transfer(conn, -1, -1, FALSE, NULL, /* no download */
-                               SECONDARYSOCKET, ftp->bytecountp);
-  state(conn, FTP_STOP);
-
-  return result;
-}
-
-/* for LIST and RETR responses */
-static CURLcode ftp_state_get_resp(struct connectdata *conn,
-                                    int ftpcode,
-                                    ftpstate instate)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  struct FTP *ftp = data->reqdata.proto.ftp;
-  char *buf = data->state.buffer;
-
-  if((ftpcode == 150) || (ftpcode == 125)) {
-
-    /*
-      A;
-      150 Opening BINARY mode data connection for /etc/passwd (2241
-      bytes).  (ok, the file is being transfered)
-
-      B:
-      150 Opening ASCII mode data connection for /bin/ls
-
-      C:
-      150 ASCII data connection for /bin/ls (137.167.104.91,37445) (0 bytes).
-
-      D:
-      150 Opening ASCII mode data connection for /linux/fisk/kpanelrc (0.0.0.0,0) (545 bytes).
-
-      E:
-      125 Data connection already open; Transfer starting. */
-
-    curl_off_t size=-1; /* default unknown size */
-
-
-    /*
-     * It appears that there are FTP-servers that return size 0 for files when
-     * SIZE is used on the file while being in BINARY mode. To work around
-     * that (stupid) behavior, we attempt to parse the RETR response even if
-     * the SIZE returned size zero.
-     *
-     * Debugging help from Salvatore Sorrentino on February 26, 2003.
-     */
-
-    if((instate != FTP_LIST) &&
-       !data->set.prefer_ascii &&
-       (ftp->downloadsize < 1)) {
-      /*
-       * It seems directory listings either don't show the size or very
-       * often uses size 0 anyway. ASCII transfers may very well turn out
-       * that the transfered amount of data is not the same as this line
-       * tells, why using this number in those cases only confuses us.
-       *
-       * Example D above makes this parsing a little tricky */
-      char *bytes;
-      bytes=strstr(buf, " bytes");
-      if(bytes--) {
-        long in=(long)(bytes-buf);
-        /* this is a hint there is size information in there! ;-) */
-        while(--in) {
-          /* scan for the left parenthesis and break there */
-          if('(' == *bytes)
-            break;
-          /* skip only digits */
-          if(!ISDIGIT(*bytes)) {
-            bytes=NULL;
-            break;
-          }
-          /* one more estep backwards */
-          bytes--;
-        }
-        /* if we have nothing but digits: */
-        if(bytes++) {
-          /* get the number! */
-          size = curlx_strtoofft(bytes, NULL, 0);
-        }
-      }
-    }
-    else if(ftp->downloadsize > -1)
-      size = ftp->downloadsize;
-
-    if(data->set.ftp_use_port) {
-      /* BLOCKING */
-      result = AllowServerConnect(conn);
-      if( result )
-        return result;
-    }
-
-    if(conn->ssl[SECONDARYSOCKET].use) {
-      /* since we only have a plaintext TCP connection here, we must now
-         do the TLS stuff */
-      infof(data, "Doing the SSL/TLS handshake on the data stream\n");
-      result = Curl_ssl_connect(conn, SECONDARYSOCKET);
-      if(result)
-        return result;
-    }
-
-    if(size > data->reqdata.maxdownload && data->reqdata.maxdownload > 0)
-      size = data->reqdata.size = data->reqdata.maxdownload;
-
-    infof(data, "Maxdownload = %" FORMAT_OFF_T "\n", data->reqdata.maxdownload);
-
-    if(instate != FTP_LIST)
-      infof(data, "Getting file with size: %" FORMAT_OFF_T "\n", size);
-
-    /* FTP download: */
-    result=Curl_setup_transfer(conn, SECONDARYSOCKET, size, FALSE,
-                               ftp->bytecountp,
-                               -1, NULL); /* no upload here */
-    if(result)
-      return result;
-
-    state(conn, FTP_STOP);
-  }
-  else {
-    if((instate == FTP_LIST) && (ftpcode == 450)) {
-      /* simply no matching files in the dir listing */
-      ftp->no_transfer = TRUE; /* don't download anything */
-      state(conn, FTP_STOP); /* this phase is over */
-    }
-    else {
-      failf(data, "RETR response: %03d", ftpcode);
-      return CURLE_FTP_COULDNT_RETR_FILE;
-    }
-  }
-
-  return result;
-}
-
-/* after USER, PASS and ACCT */
-static CURLcode ftp_state_loggedin(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-
-#ifdef HAVE_KRB4
-  if(conn->data->set.krb4) {
-    /* We are logged in, asked to use Kerberos. Set the requested
-     * protection level
-     */
-    if(conn->sec_complete)
-      /* BLOCKING */
-      Curl_sec_set_protection_level(conn);
-
-    /* We may need to issue a KAUTH here to have access to the files
-     * do it if user supplied a password
-     */
-    if(conn->passwd && *conn->passwd) {
-      /* BLOCKING */
-      result = Curl_krb_kauth(conn);
-      if(result)
-        return result;
-    }
-  }
-#endif
-  if(conn->ssl[FIRSTSOCKET].use) {
-    /* PBSZ = PROTECTION BUFFER SIZE.
-
-    The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
-
-    Specifically, the PROT command MUST be preceded by a PBSZ
-    command and a PBSZ command MUST be preceded by a successful
-    security data exchange (the TLS negotiation in this case)
-
-    ... (and on page 8):
-
-    Thus the PBSZ command must still be issued, but must have a
-    parameter of '0' to indicate that no buffering is taking place
-    and the data connection should not be encapsulated.
-    */
-    NBFTPSENDF(conn, "PBSZ %d", 0);
-    state(conn, FTP_PBSZ);
-  }
-  else {
-    result = ftp_state_pwd(conn);
-  }
-  return result;
-}
-
-/* for USER and PASS responses */
-static CURLcode ftp_state_user_resp(struct connectdata *conn,
-                                    int ftpcode,
-                                    ftpstate instate)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  struct FTP *ftp = data->reqdata.proto.ftp;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  (void)instate; /* no use for this yet */
-
-  if((ftpcode == 331) && (ftpc->state == FTP_USER)) {
-    /* 331 Password required for ...
-       (the server requires to send the user's password too) */
-    NBFTPSENDF(conn, "PASS %s", ftp->passwd?ftp->passwd:"");
-    state(conn, FTP_PASS);
-  }
-  else if(ftpcode/100 == 2) {
-    /* 230 User ... logged in.
-       (the user logged in with or without password) */
-    result = ftp_state_loggedin(conn);
-  }
-  else if(ftpcode == 332) {
-    if(data->set.ftp_account) {
-      NBFTPSENDF(conn, "ACCT %s", data->set.ftp_account);
-      state(conn, FTP_ACCT);
-    }
-    else {
-      failf(data, "ACCT requested but none available");
-      result = CURLE_LOGIN_DENIED;
-    }
-  }
-  else {
-    /* All other response codes, like:
-
-    530 User ... access denied
-    (the server denies to log the specified user) */
-
-    if (conn->data->set.ftp_alternative_to_user &&
-        !conn->data->state.ftp_trying_alternative) {
-      /* Ok, USER failed.  Let's try the supplied command. */
-      NBFTPSENDF(conn, "%s", conn->data->set.ftp_alternative_to_user);
-      conn->data->state.ftp_trying_alternative = TRUE;
-      state(conn, FTP_USER);
-      result = CURLE_OK;
-    }
-    else {
-      failf(data, "Access denied: %03d", ftpcode);
-      result = CURLE_LOGIN_DENIED;
-    }
-  }
-  return result;
-}
-
-/* for ACCT response */
-static CURLcode ftp_state_acct_resp(struct connectdata *conn,
-                                    int ftpcode)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  if(ftpcode != 230) {
-    failf(data, "ACCT rejected by server: %03d", ftpcode);
-    result = CURLE_FTP_WEIRD_PASS_REPLY; /* FIX */
-  }
-  else
-    result = ftp_state_loggedin(conn);
-
-  return result;
-}
-
-
-static CURLcode ftp_statemach_act(struct connectdata *conn)
-{
-  CURLcode result;
-  curl_socket_t sock = conn->sock[FIRSTSOCKET];
-  struct SessionHandle *data=conn->data;
-  int ftpcode;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  static const char * const ftpauth[]  = {
-    "SSL", "TLS"
-  };
-  size_t nread = 0;
-
-  if(ftpc->sendleft) {
-    /* we have a piece of a command still left to send */
-    ssize_t written;
-    result = Curl_write(conn, sock, ftpc->sendthis + ftpc->sendsize -
-                        ftpc->sendleft, ftpc->sendleft, &written);
-    if(result)
-      return result;
-
-    if(written != (ssize_t)ftpc->sendleft) {
-      /* only a fraction was sent */
-      ftpc->sendleft -= written;
-    }
-    else {
-      free(ftpc->sendthis);
-      ftpc->sendthis=NULL;
-      ftpc->sendleft = ftpc->sendsize = 0;
-      ftpc->response = Curl_tvnow();
-    }
-    return CURLE_OK;
-  }
-
-  /* we read a piece of response */
-  result = ftp_readresp(sock, conn, &ftpcode, &nread);
-  if(result)
-    return result;
-
-  if(ftpcode) {
-    /* we have now received a full FTP server response */
-    switch(ftpc->state) {
-    case FTP_WAIT220:
-      if(ftpcode != 220) {
-        failf(data, "This doesn't seem like a nice ftp-server response");
-        return CURLE_FTP_WEIRD_SERVER_REPLY;
-      }
-
-      /* We have received a 220 response fine, now we proceed. */
-#ifdef HAVE_KRB4
-      if(data->set.krb4) {
-        /* If not anonymous login, try a secure login. Note that this
-           procedure is still BLOCKING. */
-
-        Curl_sec_request_prot(conn, "private");
-        /* We set private first as default, in case the line below fails to
-           set a valid level */
-        Curl_sec_request_prot(conn, data->set.krb4_level);
-
-        if(Curl_sec_login(conn) != 0)
-          infof(data, "Logging in with password in cleartext!\n");
-        else
-          infof(data, "Authentication successful\n");
-      }
-#endif
-
-      if(data->set.ftp_ssl && !conn->ssl[FIRSTSOCKET].use) {
-        /* We don't have a SSL/TLS connection yet, but FTPS is
-           requested. Try a FTPS connection now */
-
-        ftpc->count3=0;
-        switch(data->set.ftpsslauth) {
-        case CURLFTPAUTH_DEFAULT:
-        case CURLFTPAUTH_SSL:
-          ftpc->count2 = 1; /* add one to get next */
-          ftpc->count1 = 0;
-          break;
-        case CURLFTPAUTH_TLS:
-          ftpc->count2 = -1; /* subtract one to get next */
-          ftpc->count1 = 1;
-          break;
-        default:
-          failf(data, "unsupported parameter to CURLOPT_FTPSSLAUTH: %d\n",
-                data->set.ftpsslauth);
-          return CURLE_FAILED_INIT; /* we don't know what to do */
-        }
-        NBFTPSENDF(conn, "AUTH %s", ftpauth[ftpc->count1]);
-        state(conn, FTP_AUTH);
-      }
-      else {
-        result = ftp_state_user(conn);
-        if(result)
-          return result;
-      }
-
-      break;
-
-    case FTP_AUTH:
-      /* we have gotten the response to a previous AUTH command */
-
-      /* RFC2228 (page 5) says:
-       *
-       * If the server is willing to accept the named security mechanism,
-       * and does not require any security data, it must respond with
-       * reply code 234/334.
-       */
-
-      if((ftpcode == 234) || (ftpcode == 334)) {
-        /* Curl_ssl_connect is BLOCKING */
-        result = Curl_ssl_connect(conn, FIRSTSOCKET);
-        if(CURLE_OK == result) {
-          conn->protocol |= PROT_FTPS;
-          conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
-          result = ftp_state_user(conn);
-        }
-      }
-      else if(ftpc->count3 < 1) {
-        ftpc->count3++;
-        ftpc->count1 += ftpc->count2; /* get next attempt */
-        result = Curl_nbftpsendf(conn, "AUTH %s", ftpauth[ftpc->count1]);
-        /* remain in this same state */
-      }
-      else {
-        if(data->set.ftp_ssl > CURLFTPSSL_TRY)
-          /* we failed and CURLFTPSSL_CONTROL or CURLFTPSSL_ALL is set */
-          result = CURLE_FTP_SSL_FAILED;
-        else
-          /* ignore the failure and continue */
-          result = ftp_state_user(conn);
-      }
-
-      if(result)
-        return result;
-      break;
-
-    case FTP_USER:
-    case FTP_PASS:
-      result = ftp_state_user_resp(conn, ftpcode, ftpc->state);
-      break;
-
-    case FTP_ACCT:
-      result = ftp_state_acct_resp(conn, ftpcode);
-      break;
-
-    case FTP_PBSZ:
-      /* FIX: check response code */
-
-      /* For TLS, the data connection can have one of two security levels.
-
-      1) Clear (requested by 'PROT C')
-
-      2)Private (requested by 'PROT P')
-      */
-      if(!conn->ssl[SECONDARYSOCKET].use) {
-        NBFTPSENDF(conn, "PROT %c",
-                   data->set.ftp_ssl == CURLFTPSSL_CONTROL ? 'C' : 'P');
-        state(conn, FTP_PROT);
-      }
-      else {
-        result = ftp_state_pwd(conn);
-        if(result)
-          return result;
-      }
-
-      break;
-
-    case FTP_PROT:
-      if(ftpcode/100 == 2)
-        /* We have enabled SSL for the data connection! */
-        conn->ssl[SECONDARYSOCKET].use =
-          (bool)(data->set.ftp_ssl != CURLFTPSSL_CONTROL);
-      /* FTP servers typically responds with 500 if they decide to reject
-         our 'P' request */
-      else if(data->set.ftp_ssl> CURLFTPSSL_CONTROL)
-        /* we failed and bails out */
-        return CURLE_FTP_SSL_FAILED;
-
-      if(data->set.ftp_use_ccc) {
-        /* CCC - Clear Command Channel
-         */
-        NBFTPSENDF(conn, "CCC", NULL);
-        state(conn, FTP_CCC);
-      }
-      else {
-        result = ftp_state_pwd(conn);
-        if(result)
-          return result;
-      }
-      break;
-
-    case FTP_CCC:
-      if (ftpcode < 500) {
-    /* First shut down the SSL layer (note: this call will block) */
-        result = Curl_ssl_shutdown(conn, FIRSTSOCKET);
-
-        if(result) {
-          failf(conn->data, "Failed to clear the command channel (CCC)");
-          return result;
-        }
-      }
-
-      /* Then continue as normal */
-      result = ftp_state_pwd(conn);
-      if(result)
-        return result;
-      break;
-
-    case FTP_PWD:
-      if(ftpcode == 257) {
-        char *dir = (char *)malloc(nread+1);
-        char *store=dir;
-        char *ptr=&data->state.buffer[4];  /* start on the first letter */
-
-        if(!dir)
-          return CURLE_OUT_OF_MEMORY;
-
-        /* Reply format is like
-           257<space>"<directory-name>"<space><commentary> and the RFC959
-           says
-
-           The directory name can contain any character; embedded
-           double-quotes should be escaped by double-quotes (the
-           "quote-doubling" convention).
-        */
-        if('\"' == *ptr) {
-          /* it started good */
-          ptr++;
-          while(ptr && *ptr) {
-            if('\"' == *ptr) {
-              if('\"' == ptr[1]) {
-                /* "quote-doubling" */
-                *store = ptr[1];
-                ptr++;
-              }
-              else {
-                /* end of path */
-                *store = '\0'; /* zero terminate */
-                break; /* get out of this loop */
-              }
-            }
-            else
-              *store = *ptr;
-            store++;
-            ptr++;
-          }
-          ftpc->entrypath =dir; /* remember this */
-          infof(data, "Entry path is '%s'\n", ftpc->entrypath);
-          /* also save it where getinfo can access it: */
-          data->state.most_recent_ftp_entrypath = ftpc->entrypath;
-        }
-        else {
-          /* couldn't get the path */
-          free(dir);
-          infof(data, "Failed to figure out path\n");
-        }
-      }
-      state(conn, FTP_STOP); /* we are done with the CONNECT phase! */
-      DEBUGF(infof(data, "protocol connect phase DONE\n"));
-      break;
-
-    case FTP_QUOTE:
-    case FTP_POSTQUOTE:
-    case FTP_RETR_PREQUOTE:
-    case FTP_STOR_PREQUOTE:
-      if(ftpcode >= 400) {
-        failf(conn->data, "QUOT command failed with %03d", ftpcode);
-        return CURLE_FTP_QUOTE_ERROR;
-      }
-      result = ftp_state_quote(conn, FALSE, ftpc->state);
-      if(result)
-        return result;
-
-      break;
-
-    case FTP_CWD:
-      if(ftpcode/100 != 2) {
-        /* failure to CWD there */
-        if(conn->data->set.ftp_create_missing_dirs &&
-           ftpc->count1 && !ftpc->count2) {
-          /* try making it */
-          ftpc->count2++; /* counter to prevent CWD-MKD loops */
-          NBFTPSENDF(conn, "MKD %s", ftpc->dirs[ftpc->count1 - 1]);
-          state(conn, FTP_MKD);
-        }
-        else {
-          /* return failure */
-          failf(data, "Server denied you to change to the given directory");
-          ftpc->cwdfail = TRUE; /* don't remember this path as we failed
-                                   to enter it */
-          return CURLE_FTP_ACCESS_DENIED;
-        }
-      }
-      else {
-        /* success */
-        ftpc->count2=0;
-        if(++ftpc->count1 <= ftpc->dirdepth) {
-          /* send next CWD */
-          NBFTPSENDF(conn, "CWD %s", ftpc->dirs[ftpc->count1 - 1]);
-        }
-        else {
-          result = ftp_state_post_cwd(conn);
-          if(result)
-            return result;
-        }
-      }
-      break;
-
-    case FTP_MKD:
-      if(ftpcode/100 != 2) {
-        /* failure to MKD the dir */
-        failf(data, "Failed to MKD dir: %03d", ftpcode);
-        return CURLE_FTP_ACCESS_DENIED;
-      }
-      state(conn, FTP_CWD);
-      /* send CWD */
-      NBFTPSENDF(conn, "CWD %s", ftpc->dirs[ftpc->count1 - 1]);
-      break;
-
-    case FTP_MDTM:
-      result = ftp_state_mdtm_resp(conn, ftpcode);
-      break;
-
-    case FTP_TYPE:
-    case FTP_LIST_TYPE:
-    case FTP_RETR_TYPE:
-    case FTP_STOR_TYPE:
-      result = ftp_state_type_resp(conn, ftpcode, ftpc->state);
-      break;
-
-    case FTP_SIZE:
-    case FTP_RETR_SIZE:
-    case FTP_STOR_SIZE:
-      result = ftp_state_size_resp(conn, ftpcode, ftpc->state);
-      break;
-
-    case FTP_REST:
-    case FTP_RETR_REST:
-      result = ftp_state_rest_resp(conn, ftpcode, ftpc->state);
-      break;
-
-    case FTP_PASV:
-      result = ftp_state_pasv_resp(conn, ftpcode);
-      break;
-
-    case FTP_PORT:
-      result = ftp_state_port_resp(conn, ftpcode);
-      break;
-
-    case FTP_LIST:
-    case FTP_RETR:
-      result = ftp_state_get_resp(conn, ftpcode, ftpc->state);
-      break;
-
-    case FTP_STOR:
-      result = ftp_state_stor_resp(conn, ftpcode);
-      break;
-
-    case FTP_QUIT:
-      /* fallthrough, just stop! */
-    default:
-      /* internal error */
-      state(conn, FTP_STOP);
-      break;
-    }
-  } /* if(ftpcode) */
-
-  return result;
-}
-
-/* Returns timeout in ms. 0 or negative number means the timeout has already
-   triggered */
-static long ftp_state_timeout(struct connectdata *conn)
-{
-  struct SessionHandle *data=conn->data;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  long timeout_ms=360000; /* in milliseconds */
-
-  if(data->set.ftp_response_timeout )
-    /* if CURLOPT_FTP_RESPONSE_TIMEOUT is set, use that to determine remaining
-       time.  Also, use ftp->response because FTP_RESPONSE_TIMEOUT is supposed
-       to govern the response for any given ftp response, not for the time
-       from connect to the given ftp response. */
-    timeout_ms = data->set.ftp_response_timeout*1000 - /* timeout time */
-      Curl_tvdiff(Curl_tvnow(), ftpc->response); /* spent time */
-  else if(data->set.timeout)
-    /* if timeout is requested, find out how much remaining time we have */
-    timeout_ms = data->set.timeout*1000 - /* timeout time */
-      Curl_tvdiff(Curl_tvnow(), conn->now); /* spent time */
-  else
-    /* Without a requested timeout, we only wait 'response_time' seconds for
-       the full response to arrive before we bail out */
-    timeout_ms = ftpc->response_time*1000 -
-      Curl_tvdiff(Curl_tvnow(), ftpc->response); /* spent time */
-
-  return timeout_ms;
-}
-
-
-/* called repeatedly until done from multi.c */
-CURLcode Curl_ftp_multi_statemach(struct connectdata *conn,
-                                  bool *done)
-{
-  curl_socket_t sock = conn->sock[FIRSTSOCKET];
-  int rc;
-  struct SessionHandle *data=conn->data;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  CURLcode result = CURLE_OK;
-  long timeout_ms = ftp_state_timeout(conn);
-
-  *done = FALSE; /* default to not done yet */
-
-  if(timeout_ms <= 0) {
-    failf(data, "FTP response timeout");
-    return CURLE_OPERATION_TIMEDOUT;
-  }
-
-  rc = Curl_select(ftpc->sendleft?CURL_SOCKET_BAD:sock, /* reading */
-                   ftpc->sendleft?sock:CURL_SOCKET_BAD, /* writing */
-                   0);
-
-  if(rc == -1) {
-    failf(data, "select error");
-    return CURLE_OUT_OF_MEMORY;
-  }
-  else if(rc != 0) {
-    result = ftp_statemach_act(conn);
-    *done = (bool)(ftpc->state == FTP_STOP);
-  }
-  /* if rc == 0, then select() timed out */
-
-  return result;
-}
-
-static CURLcode ftp_easy_statemach(struct connectdata *conn)
-{
-  curl_socket_t sock = conn->sock[FIRSTSOCKET];
-  int rc;
-  struct SessionHandle *data=conn->data;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  CURLcode result = CURLE_OK;
-
-  while(ftpc->state != FTP_STOP) {
-    long timeout_ms = ftp_state_timeout(conn);
-
-    if(timeout_ms <=0 ) {
-      failf(data, "FTP response timeout");
-      return CURLE_OPERATION_TIMEDOUT; /* already too little time */
-    }
-
-    rc = Curl_select(ftpc->sendleft?CURL_SOCKET_BAD:sock, /* reading */
-                     ftpc->sendleft?sock:CURL_SOCKET_BAD, /* writing */
-                     (int)timeout_ms);
-
-    if(rc == -1) {
-      failf(data, "select error");
-      return CURLE_OUT_OF_MEMORY;
-    }
-    else if(rc == 0) {
-      result = CURLE_OPERATION_TIMEDOUT;
-      break;
-    }
-    else {
-      result = ftp_statemach_act(conn);
-      if(result)
-        break;
-    }
-  }
-
-  return result;
-}
-
-/*
- * Allocate and initialize the struct FTP for the current SessionHandle.  If
- * need be.
- */
-static CURLcode ftp_init(struct connectdata *conn)
-{
-  struct SessionHandle *data = conn->data;
-  struct FTP *ftp;
-  if(data->reqdata.proto.ftp)
-    return CURLE_OK;
-
-  ftp = (struct FTP *)calloc(sizeof(struct FTP), 1);
-  if(!ftp)
-    return CURLE_OUT_OF_MEMORY;
-
-  data->reqdata.proto.ftp = ftp;
-
-  /* get some initial data into the ftp struct */
-  ftp->bytecountp = &data->reqdata.keep.bytecount;
-
-  /* no need to duplicate them, this connectdata struct won't change */
-  ftp->user = conn->user;
-  ftp->passwd = conn->passwd;
-  if (isBadFtpString(ftp->user) || isBadFtpString(ftp->passwd))
-    return CURLE_URL_MALFORMAT;
-
-  return CURLE_OK;
-}
-
-/*
- * Curl_ftp_connect() should do everything that is to be considered a part of
- * the connection phase.
- *
- * The variable 'done' points to will be TRUE if the protocol-layer connect
- * phase is done when this function returns, or FALSE is not. When called as
- * a part of the easy interface, it will always be TRUE.
- */
-CURLcode Curl_ftp_connect(struct connectdata *conn,
-                          bool *done) /* see description above */
-{
-  CURLcode result;
-#ifndef CURL_DISABLE_HTTP
-  /* for FTP over HTTP proxy */
-  struct HTTP http_proxy;
-  struct FTP *ftp_save;
-#endif   /* CURL_DISABLE_HTTP */
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  struct SessionHandle *data=conn->data;
-
-  *done = FALSE; /* default to not done yet */
-
-  if (data->reqdata.proto.ftp) {
-    Curl_ftp_disconnect(conn);
-    free(data->reqdata.proto.ftp);
-    data->reqdata.proto.ftp = NULL;
-  }
-
-  result = ftp_init(conn);
-  if(result)
-    return result;
-
-  /* We always support persistant connections on ftp */
-  conn->bits.close = FALSE;
-
-  ftpc->response_time = 3600; /* set default response time-out */
-
-#ifndef CURL_DISABLE_HTTP
-  if (conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* BLOCKING */
-    /* We want "seamless" FTP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want FTP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * FTP pointer
-     */
-    ftp_save = data->reqdata.proto.ftp;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->reqdata.proto.http = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->reqdata.proto.ftp = ftp_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-#endif   /* CURL_DISABLE_HTTP */
-
-  if(conn->protocol & PROT_FTPS) {
-    /* BLOCKING */
-    /* FTPS is simply ftp with SSL for the control channel */
-    /* now, perform the SSL initialization for this socket */
-    result = Curl_ssl_connect(conn, FIRSTSOCKET);
-    if(result)
-      return result;
-  }
-
-  /* When we connect, we start in the state where we await the 220
-     response */
-  ftp_respinit(conn); /* init the response reader stuff */
-  state(conn, FTP_WAIT220);
-  ftpc->response = Curl_tvnow(); /* start response time-out now! */
-
-  if(data->state.used_interface == Curl_if_multi)
-    result = Curl_ftp_multi_statemach(conn, done);
-  else {
-    result = ftp_easy_statemach(conn);
-    if(!result)
-      *done = TRUE;
-  }
-
-  return result;
-}
-
-/***********************************************************************
- *
- * Curl_ftp_done()
- *
- * The DONE function. This does what needs to be done after a single DO has
- * performed.
- *
- * Input argument is already checked for validity.
- */
-CURLcode Curl_ftp_done(struct connectdata *conn, CURLcode status, bool premature)
-{
-  struct SessionHandle *data = conn->data;
-  struct FTP *ftp = data->reqdata.proto.ftp;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  ssize_t nread;
-  int ftpcode;
-  CURLcode result=CURLE_OK;
-  bool was_ctl_valid = ftpc->ctl_valid;
-  size_t flen;
-  size_t dlen;
-  char *path;
-  char *path_to_use = data->reqdata.path;
-  struct Curl_transfer_keeper *k = &data->reqdata.keep;
-
-  if(!ftp)
-    /* When the easy handle is removed from the multi while libcurl is still
-     * trying to resolve the host name, it seems that the ftp struct is not
-     * yet initialized, but the removal action calls Curl_done() which calls
-     * this function. So we simply return success if no ftp pointer is set.
-     */
-    return CURLE_OK;
-
-  switch(status) {
-  case CURLE_BAD_DOWNLOAD_RESUME:
-  case CURLE_FTP_WEIRD_PASV_REPLY:
-  case CURLE_FTP_PORT_FAILED:
-  case CURLE_FTP_COULDNT_SET_BINARY:
-  case CURLE_FTP_COULDNT_RETR_FILE:
-  case CURLE_FTP_COULDNT_STOR_FILE:
-  case CURLE_FTP_ACCESS_DENIED:
-    /* the connection stays alive fine even though this happened */
-    /* fall-through */
-  case CURLE_OK: /* doesn't affect the control connection's status */
-    if (!premature) {
-      ftpc->ctl_valid = was_ctl_valid;
-      break;
-    }
-    /* until we cope better with prematurely ended requests, let them 
-     * fallback as if in complete failure */
-  default:       /* by default, an error means the control connection is
-                    wedged and should not be used anymore */
-    ftpc->ctl_valid = FALSE;
-    ftpc->cwdfail = TRUE; /* set this TRUE to prevent us to remember the
-                             current path, as this connection is going */
-    conn->bits.close = TRUE; /* marked for closure */
-    break;
-  }
-
-  /* now store a copy of the directory we are in */
-  if(ftpc->prevpath)
-    free(ftpc->prevpath);
-
-  /* get the "raw" path */
-  path = curl_easy_unescape(data, path_to_use, 0, NULL);
-  if(!path)
-    return CURLE_OUT_OF_MEMORY;
-
-  flen = ftp->file?strlen(ftp->file):0; /* file is "raw" already */
-  dlen = strlen(path)-flen;
-  if(dlen && !ftpc->cwdfail) {
-    ftpc->prevpath = path;
-    if(flen)
-      /* if 'path' is not the whole string */
-      ftpc->prevpath[dlen]=0; /* terminate */
-    infof(data, "Remembering we are in dir %s\n", ftpc->prevpath);
-  }
-  else {
-    ftpc->prevpath = NULL; /* no path */
-    free(path);
-  }
-  /* free the dir tree and file parts */
-  freedirs(conn);
-
-#ifdef HAVE_KRB4
-  Curl_sec_fflush_fd(conn, conn->sock[SECONDARYSOCKET]);
-#endif
-
-  /* shut down the socket to inform the server we're done */
-
-#ifdef _WIN32_WCE
-  shutdown(conn->sock[SECONDARYSOCKET],2);  /* SD_BOTH */
-#endif
-
-  sclose(conn->sock[SECONDARYSOCKET]);
-
-  conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
-
-  if(!ftp->no_transfer && !status && !premature) {
-    /*
-     * Let's see what the server says about the transfer we just performed,
-     * but lower the timeout as sometimes this connection has died while the
-     * data has been transfered. This happens when doing through NATs etc that
-     * abandon old silent connections.
-     */
-    long old_time = ftpc->response_time;
-
-    ftpc->response_time = 60; /* give it only a minute for now */
-
-    result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
-
-    ftpc->response_time = old_time; /* set this back to previous value */
-
-    if(!nread && (CURLE_OPERATION_TIMEDOUT == result)) {
-      failf(data, "control connection looks dead");
-      ftpc->ctl_valid = FALSE; /* mark control connection as bad */
-      return result;
-    }
-
-    if(result)
-      return result;
-
-    if(!ftpc->dont_check) {
-      /* 226 Transfer complete, 250 Requested file action okay, completed. */
-      if((ftpcode != 226) && (ftpcode != 250)) {
-        failf(data, "server did not report OK, got %d", ftpcode);
-        result = CURLE_PARTIAL_FILE;
-      }
-    }
-  }
-
-  if(result || premature)
-    /* the response code from the transfer showed an error already so no
-       use checking further */
-    ;
-  else if(data->set.upload) {
-    if((-1 != data->set.infilesize) &&
-       (data->set.infilesize != *ftp->bytecountp) &&
-       !data->set.crlf &&
-       !ftp->no_transfer) {
-      failf(data, "Uploaded unaligned file size (%" FORMAT_OFF_T
-            " out of %" FORMAT_OFF_T " bytes)",
-            *ftp->bytecountp, data->set.infilesize);
-      result = CURLE_PARTIAL_FILE;
-    }
-  }
-  else {
-    if((-1 != k->size) && (k->size != *ftp->bytecountp) &&
-#ifdef CURL_DO_LINEEND_CONV
-       /* Most FTP servers don't adjust their file SIZE response for CRLFs, so
-        * we'll check to see if the discrepancy can be explained by the number
-        * of CRLFs we've changed to LFs.
-        */
-       ((k->size + data->state.crlf_conversions) != *ftp->bytecountp) &&
-#endif /* CURL_DO_LINEEND_CONV */
-       (k->maxdownload != *ftp->bytecountp)) {
-      failf(data, "Received only partial file: %" FORMAT_OFF_T " bytes",
-            *ftp->bytecountp);
-      result = CURLE_PARTIAL_FILE;
-    }
-    else if(!ftpc->dont_check &&
-            !*ftp->bytecountp &&
-            (k->size>0)) {
-      failf(data, "No data was received!");
-      result = CURLE_FTP_COULDNT_RETR_FILE;
-    }
-  }
-
-  /* clear these for next connection */
-  ftp->no_transfer = FALSE;
-  ftpc->dont_check = FALSE;
-
-  /* Send any post-transfer QUOTE strings? */
-  if(!status && !result && !premature && data->set.postquote)
-    result = ftp_sendquote(conn, data->set.postquote);
-
-  return result;
-}
-
-/***********************************************************************
- *
- * ftp_sendquote()
- *
- * Where a 'quote' means a list of custom commands to send to the server.
- * The quote list is passed as an argument.
- */
-
-static
-CURLcode ftp_sendquote(struct connectdata *conn, struct curl_slist *quote)
-{
-  struct curl_slist *item;
-  ssize_t nread;
-  int ftpcode;
-  CURLcode result;
-
-  item = quote;
-  while (item) {
-    if (item->data) {
-      FTPSENDF(conn, "%s", item->data);
-
-      result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
-      if (result)
-        return result;
-
-      if (ftpcode >= 400) {
-        failf(conn->data, "QUOT string not accepted: %s", item->data);
-        return CURLE_FTP_QUOTE_ERROR;
-      }
-    }
-
-    item = item->next;
-  }
-
-  return CURLE_OK;
-}
-
-/***********************************************************************
- *
- * ftp_need_type()
- *
- * Returns TRUE if we in the current situation should send TYPE
- */
-static int ftp_need_type(struct connectdata *conn,
-                         bool ascii_wanted)
-{
-  return conn->proto.ftpc.transfertype != (ascii_wanted?'A':'I');
-}
-
-/***********************************************************************
- *
- * ftp_nb_type()
- *
- * Set TYPE. We only deal with ASCII or BINARY so this function
- * sets one of them.
- * If the transfer type is not sent, simulate on OK response in newstate
- */
-static CURLcode ftp_nb_type(struct connectdata *conn,
-                            bool ascii, ftpstate newstate)
-{
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  CURLcode result;
-  int want = ascii?'A':'I';
-
-  if (ftpc->transfertype == want) {
-    state(conn, newstate);
-    return ftp_state_type_resp(conn, 200, newstate);
-  }
-
-  NBFTPSENDF(conn, "TYPE %c", want);
-  state(conn, newstate);
-
-  /* keep track of our current transfer type */
-  ftpc->transfertype = want;
-  return CURLE_OK;
-}
-
-/***************************************************************************
- *
- * ftp_pasv_verbose()
- *
- * This function only outputs some informationals about this second connection
- * when we've issued a PASV command before and thus we have connected to a
- * possibly new IP address.
- *
- */
-static void
-ftp_pasv_verbose(struct connectdata *conn,
-                 Curl_addrinfo *ai,
-                 char *newhost, /* ascii version */
-                 int port)
-{
-  char buf[256];
-  Curl_printable_address(ai, buf, sizeof(buf));
-  infof(conn->data, "Connecting to %s (%s) port %d\n", newhost, buf, port);
-}
-
-/*
-  Check if this is a range download, and if so, set the internal variables
-  properly.
- */
-
-static CURLcode ftp_range(struct connectdata *conn)
-{
-  curl_off_t from, to;
-  curl_off_t totalsize=-1;
-  char *ptr;
-  char *ptr2;
-  struct SessionHandle *data = conn->data;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-
-  if(data->reqdata.use_range && data->reqdata.range) {
-    from=curlx_strtoofft(data->reqdata.range, &ptr, 0);
-    while(ptr && *ptr && (ISSPACE(*ptr) || (*ptr=='-')))
-      ptr++;
-    to=curlx_strtoofft(ptr, &ptr2, 0);
-    if(ptr == ptr2) {
-      /* we didn't get any digit */
-      to=-1;
-    }
-    if((-1 == to) && (from>=0)) {
-      /* X - */
-      data->reqdata.resume_from = from;
-      DEBUGF(infof(conn->data, "FTP RANGE %" FORMAT_OFF_T " to end of file\n",
-                   from));
-    }
-    else if(from < 0) {
-      /* -Y */
-      totalsize = -from;
-      data->reqdata.maxdownload = -from;
-      data->reqdata.resume_from = from;
-      DEBUGF(infof(conn->data, "FTP RANGE the last %" FORMAT_OFF_T " bytes\n",
-                   totalsize));
-    }
-    else {
-      /* X-Y */
-      totalsize = to-from;
-      data->reqdata.maxdownload = totalsize+1; /* include last byte */
-      data->reqdata.resume_from = from;
-      DEBUGF(infof(conn->data, "FTP RANGE from %" FORMAT_OFF_T
-                   " getting %" FORMAT_OFF_T " bytes\n",
-                   from, data->reqdata.maxdownload));
-    }
-    DEBUGF(infof(conn->data, "range-download from %" FORMAT_OFF_T
-                 " to %" FORMAT_OFF_T ", totally %" FORMAT_OFF_T " bytes\n",
-                 from, to, data->reqdata.maxdownload));
-    ftpc->dont_check = TRUE; /* dont check for successful transfer */
-  }
-  return CURLE_OK;
-}
-
-
-/*
- * Curl_ftp_nextconnect()
- *
- * This function shall be called when the second FTP (data) connection is
- * connected.
- */
-
-CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
-{
-  struct SessionHandle *data=conn->data;
-  CURLcode result = CURLE_OK;
-
-  /* the ftp struct is inited in Curl_ftp_connect() */
-  struct FTP *ftp = data->reqdata.proto.ftp;
-
-  DEBUGF(infof(data, "DO-MORE phase starts\n"));
-
-  if(!ftp->no_transfer && !conn->bits.no_body) {
-    /* a transfer is about to take place */
-
-    if(data->set.upload) {
-      result = ftp_nb_type(conn, data->set.prefer_ascii,
-                                      FTP_STOR_TYPE);
-      if (result)
-        return result;
-    }
-    else {
-      /* download */
-      ftp->downloadsize = -1; /* unknown as of yet */
-
-      result = ftp_range(conn);
-      if(result)
-        ;
-      else if((data->set.ftp_list_only) || !ftp->file) {
-        /* The specified path ends with a slash, and therefore we think this
-           is a directory that is requested, use LIST. But before that we
-           need to set ASCII transfer mode. */
-        result = ftp_nb_type(conn, 1, FTP_LIST_TYPE);
-        if (result)
-          return result;
-      }
-      else {
-        result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_RETR_TYPE);
-        if (result)
-          return result;
-      }
-    }
-    result = ftp_easy_statemach(conn);
-  }
-
-  if(ftp->no_transfer)
-    /* no data to transfer. FIX: it feels like a kludge to have this here
-       too! */
-    result=Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
-
-  /* end of transfer */
-  DEBUGF(infof(data, "DO-MORE phase ends with %d\n", result));
-
-  return result;
-}
-
-
-
-/***********************************************************************
- *
- * ftp_perform()
- *
- * This is the actual DO function for FTP. Get a file/directory according to
- * the options previously setup.
- */
-
-static
-CURLcode ftp_perform(struct connectdata *conn,
-                     bool *connected,  /* connect status after PASV / PORT */
-                     bool *dophase_done)
-{
-  /* this is FTP and no proxy */
-  CURLcode result=CURLE_OK;
-
-  DEBUGF(infof(conn->data, "DO phase starts\n"));
-
-  *dophase_done = FALSE; /* not done yet */
-
-  /* start the first command in the DO phase */
-  result = ftp_state_quote(conn, TRUE, FTP_QUOTE);
-  if(result)
-    return result;
-
-  /* run the state-machine */
-  if(conn->data->state.used_interface == Curl_if_multi)
-    result = Curl_ftp_multi_statemach(conn, dophase_done);
-  else {
-    result = ftp_easy_statemach(conn);
-    *dophase_done = TRUE; /* with the easy interface we are done here */
-  }
-  *connected = conn->bits.tcpconnect;
-
-  if(*dophase_done) {
-    DEBUGF(infof(conn->data, "DO phase is complete\n"));
-  }
-  
-  return result;
-}
-
-/***********************************************************************
- *
- * Curl_ftp()
- *
- * This function is registered as 'curl_do' function. It decodes the path
- * parts etc as a wrapper to the actual DO function (ftp_perform).
- *
- * The input argument is already checked for validity.
- */
-CURLcode Curl_ftp(struct connectdata *conn, bool *done)
-{
-  CURLcode retcode = CURLE_OK;
-
-  *done = FALSE; /* default to false */
-
-  /*
-    Since connections can be re-used between SessionHandles, this might be a
-    connection already existing but on a fresh SessionHandle struct so we must
-    make sure we have a good 'struct FTP' to play with. For new connections,
-    the struct FTP is allocated and setup in the Curl_ftp_connect() function.
-  */
-  retcode = ftp_init(conn);
-  if(retcode)
-    return retcode;
-
-  retcode = ftp_parse_url_path(conn);
-  if (retcode)
-    return retcode;
-
-  retcode = ftp_regular_transfer(conn, done);
-
-  return retcode;
-}
-
-/***********************************************************************
- *
- * Curl_(nb)ftpsendf()
- *
- * Sends the formated string as a ftp command to a ftp server
- *
- * NOTE: we build the command in a fixed-length buffer, which sets length
- * restrictions on the command!
- *
- * The "nb" version is made to Never Block.
- */
-CURLcode Curl_nbftpsendf(struct connectdata *conn,
-                       const char *fmt, ...)
-{
-  ssize_t bytes_written;
-  char s[256];
-  size_t write_len;
-  char *sptr=s;
-  CURLcode res = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-
-  va_list ap;
-  va_start(ap, fmt);
-  vsnprintf(s, 250, fmt, ap);
-  va_end(ap);
-
-  strcat(s, "\r\n"); /* append a trailing CRLF */
-
-  bytes_written=0;
-  write_len = strlen(s);
-
-  ftp_respinit(conn);
-
-#ifdef CURL_DOES_CONVERSIONS
-  res = Curl_convert_to_network(data, s, write_len);
-  /* Curl_convert_to_network calls failf if unsuccessful */
-  if(res != CURLE_OK) {
-    return res;
-  }
-#endif /* CURL_DOES_CONVERSIONS */
-
-  res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
-                   &bytes_written);
-
-  if(CURLE_OK != res)
-    return res;
-
-  if(conn->data->set.verbose)
-    Curl_debug(conn->data, CURLINFO_HEADER_OUT,
-               sptr, (size_t)bytes_written, conn);
-
-  if(bytes_written != (ssize_t)write_len) {
-    /* the whole chunk was not sent, store the rest of the data */
-    write_len -= bytes_written;
-    sptr += bytes_written;
-    ftpc->sendthis = malloc(write_len);
-    if(ftpc->sendthis) {
-      memcpy(ftpc->sendthis, sptr, write_len);
-      ftpc->sendsize = ftpc->sendleft = write_len;
-    }
-    else {
-      failf(data, "out of memory");
-      res = CURLE_OUT_OF_MEMORY;
-    }
-  }
-  else
-    ftpc->response = Curl_tvnow();
-
-  return res;
-}
-
-CURLcode Curl_ftpsendf(struct connectdata *conn,
-                       const char *fmt, ...)
-{
-  ssize_t bytes_written;
-  char s[256];
-  size_t write_len;
-  char *sptr=s;
-  CURLcode res = CURLE_OK;
-
-  va_list ap;
-  va_start(ap, fmt);
-  vsnprintf(s, 250, fmt, ap);
-  va_end(ap);
-
-  strcat(s, "\r\n"); /* append a trailing CRLF */
-
-  bytes_written=0;
-  write_len = strlen(s);
-
-#ifdef CURL_DOES_CONVERSIONS
-  res = Curl_convert_to_network(conn->data, s, write_len);
-  /* Curl_convert_to_network calls failf if unsuccessful */
-  if(res != CURLE_OK) {
-    return(res);
-  }
-#endif /* CURL_DOES_CONVERSIONS */
-
-  while(1) {
-    res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
-                     &bytes_written);
-
-    if(CURLE_OK != res)
-      break;
-
-    if(conn->data->set.verbose)
-      Curl_debug(conn->data, CURLINFO_HEADER_OUT,
-                 sptr, (size_t)bytes_written, conn);
-
-    if(bytes_written != (ssize_t)write_len) {
-      write_len -= bytes_written;
-      sptr += bytes_written;
-    }
-    else
-      break;
-  }
-
-  return res;
-}
-
-/***********************************************************************
- *
- * ftp_quit()
- *
- * This should be called before calling sclose() on an ftp control connection
- * (not data connections). We should then wait for the response from the
- * server before returning. The calling code should then try to close the
- * connection.
- *
- */
-static CURLcode ftp_quit(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-
-  if(conn->proto.ftpc.ctl_valid) {
-    NBFTPSENDF(conn, "QUIT", NULL);
-    state(conn, FTP_QUIT);
-
-    result = ftp_easy_statemach(conn);
-  }
-
-  return result;
-}
-
-/***********************************************************************
- *
- * Curl_ftp_disconnect()
- *
- * Disconnect from an FTP server. Cleanup protocol-specific per-connection
- * resources. BLOCKING.
- */
-CURLcode Curl_ftp_disconnect(struct connectdata *conn)
-{
-  struct ftp_conn *ftpc= &conn->proto.ftpc;
-
-  /* We cannot send quit unconditionally. If this connection is stale or
-     bad in any way, sending quit and waiting around here will make the
-     disconnect wait in vain and cause more problems than we need to.
-
-     ftp_quit() will check the state of ftp->ctl_valid. If it's ok it
-     will try to send the QUIT command, otherwise it will just return.
-  */
-
-  /* The FTP session may or may not have been allocated/setup at this point! */
-  if(conn->data->reqdata.proto.ftp) {
-    (void)ftp_quit(conn); /* ignore errors on the QUIT */
-
-    if(ftpc->entrypath) {
-      struct SessionHandle *data = conn->data;
-      data->state.most_recent_ftp_entrypath = NULL;
-      free(ftpc->entrypath);
-      ftpc->entrypath = NULL;
-    }
-    if(ftpc->cache) {
-      free(ftpc->cache);
-      ftpc->cache = NULL;
-    }
-    freedirs(conn);
-    if(ftpc->prevpath) {
-      free(ftpc->prevpath);
-      ftpc->prevpath = NULL;
-    }
-  }
-  return CURLE_OK;
-}
-
-/***********************************************************************
- *
- * ftp_parse_url_path()
- *
- * Parse the URL path into separate path components.
- *
- */
-static
-CURLcode ftp_parse_url_path(struct connectdata *conn)
-{
-  CURLcode retcode = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  /* the ftp struct is already inited in ftp_connect() */
-  struct FTP *ftp = data->reqdata.proto.ftp;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  size_t dlen;
-  char *slash_pos;  /* position of the first '/' char in curpos */
-  char *path_to_use = data->reqdata.path;
-  char *cur_pos;
-
-  cur_pos = path_to_use; /* current position in path. point at the begin
-                            of next path component */
-
-  ftpc->ctl_valid = FALSE;
-  ftpc->cwdfail = FALSE;
-
-  switch(data->set.ftp_filemethod) {
-  case FTPFILE_NOCWD:
-    /* fastest, but less standard-compliant */
-    ftp->file = data->reqdata.path;  /* this is a full file path */
-    break;
-
-  case FTPFILE_SINGLECWD:
-    /* get the last slash */
-    slash_pos=strrchr(cur_pos, '/');
-    if(slash_pos || !cur_pos || !*cur_pos) {
-      ftpc->dirdepth = 1; /* we consider it to be a single dir */
-      ftpc->dirs = (char **)calloc(1, sizeof(ftpc->dirs[0]));
-      if(!ftpc->dirs)
-        return CURLE_OUT_OF_MEMORY;
-
-      ftpc->dirs[0] = curl_easy_unescape(conn->data, slash_pos ? cur_pos : "/",
-                                         slash_pos?(int)(slash_pos-cur_pos):1,
-                                         NULL);
-      if(!ftpc->dirs[0]) {
-        free(ftpc->dirs);
-        return CURLE_OUT_OF_MEMORY;
-      }
-      ftp->file = slash_pos ? slash_pos+1 : cur_pos; /* rest is file name */
-    }
-    else
-      ftp->file = cur_pos;  /* this is a file name only */
-    break;
-
-  default: /* allow pretty much anything */
-  case FTPFILE_MULTICWD:
-    ftpc->dirdepth = 0;
-    ftpc->diralloc = 5; /* default dir depth to allocate */
-    ftpc->dirs = (char **)calloc(ftpc->diralloc, sizeof(ftpc->dirs[0]));
-    if(!ftpc->dirs)
-      return CURLE_OUT_OF_MEMORY;
-
-    /* parse the URL path into separate path components */
-    while ((slash_pos = strchr(cur_pos, '/')) != NULL) {
-      /* 1 or 0 to indicate absolute directory */
-      bool absolute_dir = (bool)((cur_pos - data->reqdata.path > 0) &&
-        (ftpc->dirdepth == 0));
-
-      /* seek out the next path component */
-      if (slash_pos-cur_pos) {
-        /* we skip empty path components, like "x//y" since the FTP command
-           CWD requires a parameter and a non-existent parameter a) doesn't
-           work on many servers and b) has no effect on the others. */
-        int len = (int)(slash_pos - cur_pos + absolute_dir);
-        ftpc->dirs[ftpc->dirdepth] = curl_easy_unescape(conn->data,
-                                                        cur_pos - absolute_dir,
-                                                        len, NULL);
-        if (!ftpc->dirs[ftpc->dirdepth]) { /* run out of memory ... */
-          failf(data, "no memory");
-          freedirs(conn);
-          return CURLE_OUT_OF_MEMORY;
-        }
-        if (isBadFtpString(ftpc->dirs[ftpc->dirdepth])) {
-          freedirs(conn);
-          return CURLE_URL_MALFORMAT;
-        }
-      }
-      else {
-        cur_pos = slash_pos + 1; /* jump to the rest of the string */
-        continue;
-      }
-
-      if(!retcode) {
-        cur_pos = slash_pos + 1; /* jump to the rest of the string */
-        if(++ftpc->dirdepth >= ftpc->diralloc) {
-          /* enlarge array */
-          char *bigger;
-          ftpc->diralloc *= 2; /* double the size each time */
-          bigger = realloc(ftpc->dirs, ftpc->diralloc * sizeof(ftpc->dirs[0]));
-          if(!bigger) {
-            ftpc->dirdepth--;
-            freedirs(conn);
-            return CURLE_OUT_OF_MEMORY;
-          }
-          ftpc->dirs = (char **)bigger;
-        }
-      }
-    }
-
-    ftp->file = cur_pos;  /* the rest is the file name */
-  }
-
-  if(*ftp->file) {
-    ftp->file = curl_easy_unescape(conn->data, ftp->file, 0, NULL);
-    if(NULL == ftp->file) {
-      freedirs(conn);
-      failf(data, "no memory");
-      return CURLE_OUT_OF_MEMORY;
-    }
-    if (isBadFtpString(ftp->file)) {
-      freedirs(conn);
-      return CURLE_URL_MALFORMAT;
-    }
-  }
-  else
-    ftp->file=NULL; /* instead of point to a zero byte, we make it a NULL
-                       pointer */
-
-  if(data->set.upload && !ftp->file &&
-     (!ftp->no_transfer || conn->bits.no_body)) {
-    /* We need a file name when uploading. Return error! */
-    failf(data, "Uploading to a URL without a file name!");
-    return CURLE_URL_MALFORMAT;
-  }
-
-  ftpc->cwddone = FALSE; /* default to not done */
-
-  if(ftpc->prevpath) {
-    /* prevpath is "raw" so we convert the input path before we compare the
-       strings */
-    char *path = curl_easy_unescape(conn->data, data->reqdata.path, 0, NULL);
-    if(!path)
-      return CURLE_OUT_OF_MEMORY;
-
-    dlen = strlen(path) - (ftp->file?strlen(ftp->file):0);
-    if((dlen == strlen(ftpc->prevpath)) &&
-       curl_strnequal(path, ftpc->prevpath, dlen)) {
-      infof(data, "Request has same path as previous transfer\n");
-      ftpc->cwddone = TRUE;
-    }
-    free(path);
-  }
-
-  return retcode;
-}
-
-/* call this when the DO phase has completed */
-static CURLcode ftp_dophase_done(struct connectdata *conn,
-                                 bool connected)
-{
-  CURLcode result = CURLE_OK;
-  struct FTP *ftp = conn->data->reqdata.proto.ftp;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-
-  if(connected)
-    result = Curl_ftp_nextconnect(conn);
-
-  if(result && (conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD)) {
-    /* Failure detected, close the second socket if it was created already */
-    sclose(conn->sock[SECONDARYSOCKET]);
-    conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
-    return result;
-  }
-
-  if(ftp->no_transfer)
-    /* no data to transfer */
-    result=Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
-  else if(!connected)
-    /* since we didn't connect now, we want do_more to get called */
-    conn->bits.do_more = TRUE;
-
-  ftpc->ctl_valid = TRUE; /* seems good */
-
-  return result;
-}
-
-/* called from multi.c while DOing */
-CURLcode Curl_ftp_doing(struct connectdata *conn,
-                        bool *dophase_done)
-{
-  CURLcode result;
-  result = Curl_ftp_multi_statemach(conn, dophase_done);
-
-  if(*dophase_done) {
-    result = ftp_dophase_done(conn, FALSE /* not connected */);
-
-    DEBUGF(infof(conn->data, "DO phase is complete\n"));
-  }
-  return result;
-}
-
-/***********************************************************************
- *
- * ftp_regular_transfer()
- *
- * The input argument is already checked for validity.
- *
- * Performs all commands done before a regular transfer between a local and a
- * remote host.
- *
- * ftp->ctl_valid starts out as FALSE, and gets set to TRUE if we reach the
- * Curl_ftp_done() function without finding any major problem.
- */
-static
-CURLcode ftp_regular_transfer(struct connectdata *conn,
-                              bool *dophase_done)
-{
-  CURLcode result=CURLE_OK;
-  bool connected=0;
-  struct SessionHandle *data = conn->data;
-  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  data->reqdata.size = -1; /* make sure this is unknown at this point */
-
-  Curl_pgrsSetUploadCounter(data, 0);
-  Curl_pgrsSetDownloadCounter(data, 0);
-  Curl_pgrsSetUploadSize(data, 0);
-  Curl_pgrsSetDownloadSize(data, 0);
-
-  ftpc->ctl_valid = TRUE; /* starts good */
-
-  result = ftp_perform(conn,
-                       &connected, /* have we connected after PASV/PORT */
-                       dophase_done); /* all commands in the DO-phase done? */
-
-  if(CURLE_OK == result) {
-
-    if(!*dophase_done)
-      /* the DO phase has not completed yet */
-      return CURLE_OK;
-
-    result = ftp_dophase_done(conn, connected);
-    if(result)
-      return result;
-  }
-  else
-    freedirs(conn);
-
-  return result;
-}
-
-#endif /* CURL_DISABLE_FTP */
diff --git a/Utilities/cmcurl/ftp.h b/Utilities/cmcurl/ftp.h
deleted file mode 100644
index b64e705..0000000
--- a/Utilities/cmcurl/ftp.h
+++ /dev/null
@@ -1,43 +0,0 @@
-#ifndef __FTP_H
-#define __FTP_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#ifndef CURL_DISABLE_FTP
-CURLcode Curl_ftp(struct connectdata *conn, bool *done);
-CURLcode Curl_ftp_done(struct connectdata *conn, CURLcode, bool premature);
-CURLcode Curl_ftp_connect(struct connectdata *conn, bool *done);
-CURLcode Curl_ftp_disconnect(struct connectdata *conn);
-CURLcode Curl_ftpsendf(struct connectdata *, const char *fmt, ...);
-CURLcode Curl_nbftpsendf(struct connectdata *, const char *fmt, ...);
-CURLcode Curl_GetFTPResponse(ssize_t *nread, struct connectdata *conn,
-                             int *ftpcode);
-CURLcode Curl_ftp_nextconnect(struct connectdata *conn);
-CURLcode Curl_ftp_multi_statemach(struct connectdata *conn, bool *done);
-int Curl_ftp_getsock(struct connectdata *conn,
-                     curl_socket_t *socks,
-                     int numsocks);
-CURLcode Curl_ftp_doing(struct connectdata *conn,
-                        bool *dophase_done);
-#endif /* CURL_DISABLE_FTP */
-#endif /* __FTP_H */
diff --git a/Utilities/cmcurl/getinfo.c b/Utilities/cmcurl/getinfo.c
deleted file mode 100644
index 5cf3bca..0000000
--- a/Utilities/cmcurl/getinfo.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <curl/curl.h>
-
-#include "urldata.h"
-#include "getinfo.h"
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include "memory.h"
-#include "sslgen.h"
-
-/* Make this the last #include */
-#include "memdebug.h"
-
-/*
- * This is supposed to be called in the beginning of a perform() session
- * and should reset all session-info variables
- */
-CURLcode Curl_initinfo(struct SessionHandle *data)
-{
-  struct Progress *pro = &data->progress;
-  struct PureInfo *info =&data->info;
-
-  pro->t_nslookup = 0;
-  pro->t_connect = 0;
-  pro->t_pretransfer = 0;
-  pro->t_starttransfer = 0;
-  pro->timespent = 0;
-  pro->t_redirect = 0;
-
-  info->httpcode = 0;
-  info->httpversion=0;
-  info->filetime=-1; /* -1 is an illegal time and thus means unknown */
-
-  if (info->contenttype)
-    free(info->contenttype);
-  info->contenttype = NULL;
-
-  info->header_size = 0;
-  info->request_size = 0;
-  info->numconnects = 0;
-  return CURLE_OK;
-}
-
-CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
-{
-  va_list arg;
-  long *param_longp=NULL;
-  double *param_doublep=NULL;
-  char **param_charp=NULL;
-  struct curl_slist **param_slistp=NULL;
-  char buf;
-
-  if(!data)
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-
-  va_start(arg, info);
-
-  switch(info&CURLINFO_TYPEMASK) {
-  default:
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-  case CURLINFO_STRING:
-    param_charp = va_arg(arg, char **);
-    if(NULL == param_charp)
-      return CURLE_BAD_FUNCTION_ARGUMENT;
-    break;
-  case CURLINFO_LONG:
-    param_longp = va_arg(arg, long *);
-    if(NULL == param_longp)
-      return CURLE_BAD_FUNCTION_ARGUMENT;
-    break;
-  case CURLINFO_DOUBLE:
-    param_doublep = va_arg(arg, double *);
-    if(NULL == param_doublep)
-      return CURLE_BAD_FUNCTION_ARGUMENT;
-    break;
-  case CURLINFO_SLIST:
-    param_slistp = va_arg(arg, struct curl_slist **);
-    if(NULL == param_slistp)
-      return CURLE_BAD_FUNCTION_ARGUMENT;
-    break;
-  }
-
-  switch(info) {
-  case CURLINFO_EFFECTIVE_URL:
-    *param_charp = data->change.url?data->change.url:(char *)"";
-    break;
-  case CURLINFO_RESPONSE_CODE:
-    *param_longp = data->info.httpcode;
-    break;
-  case CURLINFO_HTTP_CONNECTCODE:
-    *param_longp = data->info.httpproxycode;
-    break;
-  case CURLINFO_FILETIME:
-    *param_longp = data->info.filetime;
-    break;
-  case CURLINFO_HEADER_SIZE:
-    *param_longp = data->info.header_size;
-    break;
-  case CURLINFO_REQUEST_SIZE:
-    *param_longp = data->info.request_size;
-    break;
-  case CURLINFO_TOTAL_TIME:
-    *param_doublep = data->progress.timespent;
-    break;
-  case CURLINFO_NAMELOOKUP_TIME:
-    *param_doublep = data->progress.t_nslookup;
-    break;
-  case CURLINFO_CONNECT_TIME:
-    *param_doublep = data->progress.t_connect;
-    break;
-  case CURLINFO_PRETRANSFER_TIME:
-    *param_doublep =  data->progress.t_pretransfer;
-    break;
-  case CURLINFO_STARTTRANSFER_TIME:
-    *param_doublep = data->progress.t_starttransfer;
-    break;
-  case CURLINFO_SIZE_UPLOAD:
-    *param_doublep =  (double)data->progress.uploaded;
-    break;
-  case CURLINFO_SIZE_DOWNLOAD:
-    *param_doublep = (double)data->progress.downloaded;
-    break;
-  case CURLINFO_SPEED_DOWNLOAD:
-    *param_doublep =  (double)data->progress.dlspeed;
-    break;
-  case CURLINFO_SPEED_UPLOAD:
-    *param_doublep = (double)data->progress.ulspeed;
-    break;
-  case CURLINFO_SSL_VERIFYRESULT:
-    *param_longp = data->set.ssl.certverifyresult;
-    break;
-  case CURLINFO_CONTENT_LENGTH_DOWNLOAD:
-    *param_doublep = (double)data->progress.size_dl;
-    break;
-  case CURLINFO_CONTENT_LENGTH_UPLOAD:
-    *param_doublep = (double)data->progress.size_ul;
-    break;
-  case CURLINFO_REDIRECT_TIME:
-    *param_doublep =  data->progress.t_redirect;
-    break;
-  case CURLINFO_REDIRECT_COUNT:
-    *param_longp = data->set.followlocation;
-    break;
-  case CURLINFO_CONTENT_TYPE:
-    *param_charp = data->info.contenttype;
-    break;
-  case CURLINFO_PRIVATE:
-    *param_charp = data->set.private_data;
-    break;
-  case CURLINFO_HTTPAUTH_AVAIL:
-    *param_longp = data->info.httpauthavail;
-    break;
-  case CURLINFO_PROXYAUTH_AVAIL:
-    *param_longp = data->info.proxyauthavail;
-    break;
-  case CURLINFO_OS_ERRNO:
-    *param_longp = data->state.os_errno;
-    break;
-  case CURLINFO_NUM_CONNECTS:
-    *param_longp = data->info.numconnects;
-    break;
-  case CURLINFO_SSL_ENGINES:
-    *param_slistp = Curl_ssl_engines_list(data);
-    break;
-  case CURLINFO_COOKIELIST:
-    *param_slistp = Curl_cookie_list(data);
-    break;
-  case CURLINFO_FTP_ENTRY_PATH:
-    /* Return the entrypath string from the most recent connection.
-       This pointer was copied from the connectdata structure by FTP.
-       The actual string may be free()ed by subsequent libcurl calls so
-       it must be copied to a safer area before the next libcurl call.
-       Callers must never free it themselves. */
-    *param_charp = data->state.most_recent_ftp_entrypath;
-    break;
-  case CURLINFO_LASTSOCKET:
-    if((data->state.lastconnect != -1) &&
-       (data->state.connc->connects[data->state.lastconnect] != NULL)) {
-      struct connectdata *c = data->state.connc->connects
-        [data->state.lastconnect];
-      *param_longp = c->sock[FIRSTSOCKET];
-      /* we have a socket connected, let's determine if the server shut down */
-      /* determine if ssl */
-      if(c->ssl[FIRSTSOCKET].use) {
-        /* use the SSL context */
-        if (!Curl_ssl_check_cxn(c))
-          *param_longp = -1;   /* FIN received */
-      }
-/* Minix 3.1 doesn't support any flags on recv; just assume socket is OK */
-#ifdef MSG_PEEK
-      else {
-        /* use the socket */
-        if(recv((RECV_TYPE_ARG1)c->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
-                (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
-          *param_longp = -1;   /* FIN received */
-        }
-      }
-#endif
-    }
-    else
-      *param_longp = -1;
-    break;
-  default:
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-  }
-  return CURLE_OK;
-}
diff --git a/Utilities/cmcurl/getinfo.h b/Utilities/cmcurl/getinfo.h
deleted file mode 100644
index 2fe1b5c..0000000
--- a/Utilities/cmcurl/getinfo.h
+++ /dev/null
@@ -1,28 +0,0 @@
-#ifndef __GETINFO_H
-#define __GETINFO_H
-/***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...);
-CURLcode Curl_initinfo(struct SessionHandle *data);
-
-#endif
diff --git a/Utilities/cmcurl/gtls.c b/Utilities/cmcurl/gtls.c
deleted file mode 100644
index 250ecad..0000000
--- a/Utilities/cmcurl/gtls.c
+++ /dev/null
@@ -1,640 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-/*
- * Source file for all GnuTLS-specific code for the TLS/SSL layer. No code
- * but sslgen.c should ever call or use these functions.
- *
- * Note: don't use the GnuTLS' *_t variable type names in this source code,
- * since they were not present in 1.0.X.
- */
-
-#include "setup.h"
-#ifdef USE_GNUTLS
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "gtls.h"
-#include "sslgen.h"
-#include "parsedate.h"
-#include "connect.h" /* for the connect timeout */
-#include "select.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-#include "memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/* Enable GnuTLS debugging by defining GTLSDEBUG */
-/*#define GTLSDEBUG */
-
-#ifdef GTLSDEBUG
-static void tls_log_func(int level, const char *str)
-{
-    fprintf(stderr, "|<%d>| %s", level, str);
-}
-#endif
-
-/*
- * Custom push and pull callback functions used by GNU TLS to read and write
- * to the socket.  These functions are simple wrappers to send() and recv()
- * (although here using the sread/swrite macros as defined by setup_once.h).
- * We use custom functions rather than the GNU TLS defaults because it allows
- * us to get specific about the fourth "flags" argument, and to use arbitrary
- * private data with gnutls_transport_set_ptr if we wish.
- */
-static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
-{
-  return swrite(s, buf, len);
-}
-
-static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
-{
-  return sread(s, buf, len);
-}
-
-/* Global GnuTLS init, called from Curl_ssl_init() */
-int Curl_gtls_init(void)
-{
-  gnutls_global_init();
-#ifdef GTLSDEBUG
-  gnutls_global_set_log_function(tls_log_func);
-  gnutls_global_set_log_level(2);
-#endif
-  return 1;
-}
-
-int Curl_gtls_cleanup(void)
-{
-  gnutls_global_deinit();
-  return 1;
-}
-
-static void showtime(struct SessionHandle *data,
-                     const char *text,
-                     time_t stamp)
-{
-  struct tm *tm;
-#ifdef HAVE_GMTIME_R
-  struct tm buffer;
-  tm = (struct tm *)gmtime_r(&stamp, &buffer);
-#else
-  tm = gmtime(&stamp);
-#endif
-  snprintf(data->state.buffer,
-           BUFSIZE,
-           "\t %s: %s, %02d %s %4d %02d:%02d:%02d GMT\n",
-           text,
-           Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
-           tm->tm_mday,
-           Curl_month[tm->tm_mon],
-           tm->tm_year + 1900,
-           tm->tm_hour,
-           tm->tm_min,
-           tm->tm_sec);
-  infof(data, "%s", data->state.buffer);
-}
-
-/* this function does a BLOCKING SSL/TLS (re-)handshake */
-static CURLcode handshake(struct connectdata *conn,
-                          gnutls_session session,
-                          int sockindex,
-                          bool duringconnect)
-{
-  struct SessionHandle *data = conn->data;
-  int rc;
-
-  do {
-    rc = gnutls_handshake(session);
-
-    if((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED)) {
-      long timeout_ms = DEFAULT_CONNECT_TIMEOUT;
-      long has_passed;
-
-      if(duringconnect && data->set.connecttimeout)
-        timeout_ms = data->set.connecttimeout*1000;
-
-      if(data->set.timeout) {
-        /* get the strictest timeout of the ones converted to milliseconds */
-        if((data->set.timeout*1000) < timeout_ms)
-          timeout_ms = data->set.timeout*1000;
-      }
-
-      /* Evaluate in milliseconds how much time that has passed */
-      has_passed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
-
-      /* subtract the passed time */
-      timeout_ms -= has_passed;
-
-      if(timeout_ms < 0) {
-        /* a precaution, no need to continue if time already is up */
-        failf(data, "SSL connection timeout");
-        return CURLE_OPERATION_TIMEOUTED;
-      }
-
-      rc = Curl_select(conn->sock[sockindex],
-                       conn->sock[sockindex], (int)timeout_ms);
-      if(rc > 0)
-        /* reabable or writable, go loop*/
-        continue;
-      else if(0 == rc) {
-        /* timeout */
-        failf(data, "SSL connection timeout");
-        return CURLE_OPERATION_TIMEDOUT;
-      }
-      else {
-        /* anything that gets here is fatally bad */
-        failf(data, "select on SSL socket, errno: %d", Curl_sockerrno());
-        return CURLE_SSL_CONNECT_ERROR;
-      }
-    }
-    else
-      break;
-  } while(1);
-
-  if (rc < 0) {
-    failf(data, "gnutls_handshake() failed: %s", gnutls_strerror(rc));
-    return CURLE_SSL_CONNECT_ERROR;
-  }
-
-  return CURLE_OK;
-}
-
-static gnutls_x509_crt_fmt do_file_type(const char *type)
-{
-  if(!type || !type[0])
-    return GNUTLS_X509_FMT_PEM;
-  if(curl_strequal(type, "PEM"))
-    return GNUTLS_X509_FMT_PEM;
-  if(curl_strequal(type, "DER"))
-    return GNUTLS_X509_FMT_DER;
-  return -1;
-}
-
-
-/*
- * This function is called after the TCP connect has completed. Setup the TLS
- * layer and do all necessary magic.
- */
-CURLcode
-Curl_gtls_connect(struct connectdata *conn,
-                  int sockindex)
-
-{
-  const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
-  struct SessionHandle *data = conn->data;
-  gnutls_session session;
-  int rc;
-  unsigned int cert_list_size;
-  const gnutls_datum *chainp;
-  unsigned int verify_status;
-  gnutls_x509_crt x509_cert;
-  char certbuf[256]; /* big enough? */
-  size_t size;
-  unsigned int algo;
-  unsigned int bits;
-  time_t clock;
-  const char *ptr;
-  void *ssl_sessionid;
-  size_t ssl_idsize;
-
-  /* GnuTLS only supports TLSv1 (and SSLv3?) */
-  if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
-    failf(data, "GnuTLS does not support SSLv2");
-    return CURLE_SSL_CONNECT_ERROR;
-  }
-
-  /* allocate a cred struct */
-  rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
-  if(rc < 0) {
-    failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
-    return CURLE_SSL_CONNECT_ERROR;
-  }
-
-  if(data->set.ssl.CAfile) {
-    /* set the trusted CA cert bundle file */
-    gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred,
-                                        GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
-
-    rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
-                                                data->set.ssl.CAfile,
-                                                GNUTLS_X509_FMT_PEM);
-    if(rc < 0) {
-      infof(data, "error reading ca cert file %s (%s)\n",
-            data->set.ssl.CAfile, gnutls_strerror(rc));
-      if (data->set.ssl.verifypeer)
-        return CURLE_SSL_CACERT_BADFILE;
-    }
-    else
-      infof(data, "found %d certificates in %s\n",
-            rc, data->set.ssl.CAfile);
-  }
-
-  /* Initialize TLS session as a client */
-  rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
-  if(rc) {
-    failf(data, "gnutls_init() failed: %d", rc);
-    return CURLE_SSL_CONNECT_ERROR;
-  }
-
-  /* convenient assign */
-  session = conn->ssl[sockindex].session;
-
-  /* Use default priorities */
-  rc = gnutls_set_default_priority(session);
-  if(rc < 0)
-    return CURLE_SSL_CONNECT_ERROR;
-
-  /* Sets the priority on the certificate types supported by gnutls. Priority
-     is higher for types specified before others. After specifying the types
-     you want, you must append a 0. */
-  rc = gnutls_certificate_type_set_priority(session, cert_type_priority);
-  if(rc < 0)
-    return CURLE_SSL_CONNECT_ERROR;
-
-  if(data->set.cert) {
-    if( gnutls_certificate_set_x509_key_file(
-          conn->ssl[sockindex].cred, data->set.cert,
-          data->set.key != 0 ? data->set.key : data->set.cert,
-          do_file_type(data->set.cert_type) ) ) {
-      failf(data, "error reading X.509 key or certificate file");
-      return CURLE_SSL_CONNECT_ERROR;
-    }
-  }
-
-  /* put the credentials to the current session */
-  rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
-                              conn->ssl[sockindex].cred);
-
-  /* set the connection handle (file descriptor for the socket) */
-  gnutls_transport_set_ptr(session,
-                           (gnutls_transport_ptr)conn->sock[sockindex]);
-
-  /* register callback functions to send and receive data. */
-  gnutls_transport_set_push_function(session, Curl_gtls_push);
-  gnutls_transport_set_pull_function(session, Curl_gtls_pull);
-
-  /* lowat must be set to zero when using custom push and pull functions. */
-  gnutls_transport_set_lowat(session, 0);
-
-  /* This might be a reconnect, so we check for a session ID in the cache
-     to speed up things */
-
-  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize)) {
-    /* we got a session id, use it! */
-    gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
-
-    /* Informational message */
-    infof (data, "SSL re-using session ID\n");
-  }
-
-  rc = handshake(conn, session, sockindex, TRUE);
-  if(rc)
-    /* handshake() sets its own error message with failf() */
-    return rc;
-
-  /* This function will return the peer's raw certificate (chain) as sent by
-     the peer. These certificates are in raw format (DER encoded for
-     X.509). In case of a X.509 then a certificate list may be present. The
-     first certificate in the list is the peer's certificate, following the
-     issuer's certificate, then the issuer's issuer etc. */
-
-  chainp = gnutls_certificate_get_peers(session, &cert_list_size);
-  if(!chainp) {
-    if(data->set.ssl.verifyhost) {
-      failf(data, "failed to get server cert");
-      return CURLE_SSL_PEER_CERTIFICATE;
-    }
-    infof(data, "\t common name: WARNING couldn't obtain\n");
-  }
-
-  /* This function will try to verify the peer's certificate and return its
-     status (trusted, invalid etc.). The value of status should be one or more
-     of the gnutls_certificate_status_t enumerated elements bitwise or'd. To
-     avoid denial of service attacks some default upper limits regarding the
-     certificate key size and chain size are set. To override them use
-     gnutls_certificate_set_verify_limits(). */
-
-  rc = gnutls_certificate_verify_peers2(session, &verify_status);
-  if (rc < 0) {
-    failf(data, "server cert verify failed: %d", rc);
-    return CURLE_SSL_CONNECT_ERROR;
-  }
-
-  /* verify_status is a bitmask of gnutls_certificate_status bits */
-  if(verify_status & GNUTLS_CERT_INVALID) {
-    if (data->set.ssl.verifypeer) {
-      failf(data, "server certificate verification failed. CAfile: %s",
-            data->set.ssl.CAfile?data->set.ssl.CAfile:"none");
-      return CURLE_SSL_CACERT;
-    }
-    else
-      infof(data, "\t server certificate verification FAILED\n");
-  }
-  else
-      infof(data, "\t server certificate verification OK\n");
-
-  /* initialize an X.509 certificate structure. */
-  gnutls_x509_crt_init(&x509_cert);
-
-  /* convert the given DER or PEM encoded Certificate to the native
-     gnutls_x509_crt_t format */
-  gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
-
-  size=sizeof(certbuf);
-  rc = gnutls_x509_crt_get_dn_by_oid(x509_cert, GNUTLS_OID_X520_COMMON_NAME,
-                                     0, /* the first and only one */
-                                     FALSE,
-                                     certbuf,
-                                     &size);
-  if(rc) {
-    infof(data, "error fetching CN from cert:%s\n",
-          gnutls_strerror(rc));
-  }
-
-  /* This function will check if the given certificate's subject matches the
-     given hostname. This is a basic implementation of the matching described
-     in RFC2818 (HTTPS), which takes into account wildcards, and the subject
-     alternative name PKIX extension. Returns non zero on success, and zero on
-     failure. */
-  rc = gnutls_x509_crt_check_hostname(x509_cert, conn->host.name);
-
-  if(!rc) {
-    if (data->set.ssl.verifyhost > 1) {
-      failf(data, "SSL: certificate subject name (%s) does not match "
-            "target host name '%s'", certbuf, conn->host.dispname);
-      gnutls_x509_crt_deinit(x509_cert);
-      return CURLE_SSL_PEER_CERTIFICATE;
-    }
-    else
-      infof(data, "\t common name: %s (does not match '%s')\n",
-            certbuf, conn->host.dispname);
-  }
-  else
-    infof(data, "\t common name: %s (matched)\n", certbuf);
-
-  /* Show:
-
-  - ciphers used
-  - subject
-  - start date
-  - expire date
-  - common name
-  - issuer
-
-  */
-
-  /* public key algorithm's parameters */
-  algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);
-  infof(data, "\t certificate public key: %s\n",
-        gnutls_pk_algorithm_get_name(algo));
-
-  /* version of the X.509 certificate. */
-  infof(data, "\t certificate version: #%d\n",
-        gnutls_x509_crt_get_version(x509_cert));
-
-
-  size = sizeof(certbuf);
-  gnutls_x509_crt_get_dn(x509_cert, certbuf, &size);
-  infof(data, "\t subject: %s\n", certbuf);
-
-  clock = gnutls_x509_crt_get_activation_time(x509_cert);
-  showtime(data, "start date", clock);
-
-  clock = gnutls_x509_crt_get_expiration_time(x509_cert);
-  showtime(data, "expire date", clock);
-
-  size = sizeof(certbuf);
-  gnutls_x509_crt_get_issuer_dn(x509_cert, certbuf, &size);
-  infof(data, "\t issuer: %s\n", certbuf);
-
-  gnutls_x509_crt_deinit(x509_cert);
-
-  /* compression algorithm (if any) */
-  ptr = gnutls_compression_get_name(gnutls_compression_get(session));
-  /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */
-  infof(data, "\t compression: %s\n", ptr);
-
-  /* the name of the cipher used. ie 3DES. */
-  ptr = gnutls_cipher_get_name(gnutls_cipher_get(session));
-  infof(data, "\t cipher: %s\n", ptr);
-
-  /* the MAC algorithms name. ie SHA1 */
-  ptr = gnutls_mac_get_name(gnutls_mac_get(session));
-  infof(data, "\t MAC: %s\n", ptr);
-
-  if(!ssl_sessionid) {
-    /* this session was not previously in the cache, add it now */
-
-    /* get the session ID data size */
-    gnutls_session_get_data(session, NULL, &ssl_idsize);
-    ssl_sessionid = malloc(ssl_idsize); /* get a buffer for it */
-
-    if(ssl_sessionid) {
-      /* extract session ID to the allocated buffer */
-      gnutls_session_get_data(session, ssl_sessionid, &ssl_idsize);
-
-      /* store this session id */
-      return Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_idsize);
-    }
-  }
-
-  return CURLE_OK;
-}
-
-
-/* return number of sent (non-SSL) bytes */
-ssize_t Curl_gtls_send(struct connectdata *conn,
-                   int sockindex,
-                   void *mem,
-                   size_t len)
-{
-  ssize_t rc = gnutls_record_send(conn->ssl[sockindex].session, mem, len);
-
-  if(rc < 0 ) {
-    if(rc == GNUTLS_E_AGAIN)
-      return 0; /* EWOULDBLOCK equivalent */
-    rc = -1; /* generic error code for send failure */
-  }
-
-  return rc;
-}
-
-void Curl_gtls_close_all(struct SessionHandle *data)
-{
-  /* FIX: make the OpenSSL code more generic and use parts of it here */
-  (void)data;
-}
-
-static void close_one(struct connectdata *conn,
-                      int index)
-{
-  if(conn->ssl[index].session) {
-    gnutls_bye(conn->ssl[index].session, GNUTLS_SHUT_RDWR);
-    gnutls_deinit(conn->ssl[index].session);
-  }
-  gnutls_certificate_free_credentials(conn->ssl[index].cred);
-}
-
-void Curl_gtls_close(struct connectdata *conn)
-{
-  if(conn->ssl[0].use)
-    close_one(conn, 0);
-  if(conn->ssl[1].use)
-    close_one(conn, 1);
-}
-
-/*
- * This function is called to shut down the SSL layer but keep the
- * socket open (CCC - Clear Command Channel)
- */
-int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
-{
-  int result;
-  int retval = 0;
-  struct SessionHandle *data = conn->data;
-  int done = 0;
-  ssize_t nread;
-  char buf[120];
-
-  /* This has only been tested on the proftpd server, and the mod_tls code
-     sends a close notify alert without waiting for a close notify alert in
-     response. Thus we wait for a close notify alert from the server, but
-     we do not send one. Let's hope other servers do the same... */
-
-  if(conn->ssl[sockindex].session) {
-    while(!done) {
-      int what = Curl_select(conn->sock[sockindex],
-                             CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
-      if(what > 0) {
-        /* Something to read, let's do it and hope that it is the close
-           notify alert from the server */
-        result = gnutls_record_recv(conn->ssl[sockindex].session,
-                                    buf, sizeof(buf));
-        switch(result) {
-        case 0:
-          /* This is the expected response. There was no data but only
-             the close notify alert */
-          done = 1;
-          break;
-        case GNUTLS_E_AGAIN:
-        case GNUTLS_E_INTERRUPTED:
-          infof(data, "GNUTLS_E_AGAIN || GNUTLS_E_INTERRUPTED\n");
-          break;
-        default:
-          retval = -1;
-          done = 1;
-          break;
-        }
-      }
-      else if(0 == what) {
-        /* timeout */
-        failf(data, "SSL shutdown timeout");
-        done = 1;
-        break;
-      }
-      else {
-        /* anything that gets here is fatally bad */
-        failf(data, "select on SSL socket, errno: %d", Curl_sockerrno());
-        retval = -1;
-        done = 1;
-      }
-    }
-    gnutls_deinit(conn->ssl[sockindex].session);
-  }
-  gnutls_certificate_free_credentials(conn->ssl[sockindex].cred);
-
-  conn->ssl[sockindex].session = NULL;
-  conn->ssl[sockindex].use = FALSE;
-
-  return retval;
-}
-
-/*
- * If the read would block we return -1 and set 'wouldblock' to TRUE.
- * Otherwise we return the amount of data read. Other errors should return -1
- * and set 'wouldblock' to FALSE.
- */
-ssize_t Curl_gtls_recv(struct connectdata *conn, /* connection data */
-                       int num,                  /* socketindex */
-                       char *buf,                /* store read data here */
-                       size_t buffersize,        /* max amount to read */
-                       bool *wouldblock)
-{
-  ssize_t ret;
-
-  ret = gnutls_record_recv(conn->ssl[num].session, buf, buffersize);
-  if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
-    *wouldblock = TRUE;
-    return -1;
-  }
-
-  if(ret == GNUTLS_E_REHANDSHAKE) {
-    /* BLOCKING call, this is bad but a work-around for now. Fixing this "the
-       proper way" takes a whole lot of work. */
-    CURLcode rc = handshake(conn, conn->ssl[num].session, num, FALSE);
-    if(rc)
-      /* handshake() writes error message on its own */
-      return rc;
-    *wouldblock = TRUE; /* then return as if this was a wouldblock */
-    return -1;
-  }
-
-  *wouldblock = FALSE;
-  if (!ret) {
-    failf(conn->data, "Peer closed the TLS connection");
-    return -1;
-  }
-
-  if (ret < 0) {
-    failf(conn->data, "GnuTLS recv error (%d): %s",
-          (int)ret, gnutls_strerror(ret));
-    return -1;
-  }
-
-  return ret;
-}
-
-void Curl_gtls_session_free(void *ptr)
-{
-  free(ptr);
-}
-
-size_t Curl_gtls_version(char *buffer, size_t size)
-{
-  return snprintf(buffer, size, " GnuTLS/%s", gnutls_check_version(NULL));
-}
-
-#endif /* USE_GNUTLS */
diff --git a/Utilities/cmcurl/gtls.h b/Utilities/cmcurl/gtls.h
deleted file mode 100644
index bff3f86..0000000
--- a/Utilities/cmcurl/gtls.h
+++ /dev/null
@@ -1,46 +0,0 @@
-#ifndef __GTLS_H
-#define __GTLS_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-int Curl_gtls_init(void);
-int Curl_gtls_cleanup(void);
-CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex);
-
-/* tell GnuTLS to close down all open information regarding connections (and
-   thus session ID caching etc) */
-void Curl_gtls_close_all(struct SessionHandle *data);
-void Curl_gtls_close(struct connectdata *conn); /* close a SSL connection */
-
-/* return number of sent (non-SSL) bytes */
-ssize_t Curl_gtls_send(struct connectdata *conn, int sockindex,
-                       void *mem, size_t len);
-ssize_t Curl_gtls_recv(struct connectdata *conn, /* connection data */
-                       int num,                  /* socketindex */
-                       char *buf,                /* store read data here */
-                       size_t buffersize,        /* max amount to read */
-                       bool *wouldblock);
-void Curl_gtls_session_free(void *ptr);
-size_t Curl_gtls_version(char *buffer, size_t size);
-int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
-
-#endif
diff --git a/Utilities/cmcurl/hash.c b/Utilities/cmcurl/hash.c
deleted file mode 100644
index e004627..0000000
--- a/Utilities/cmcurl/hash.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "hash.h"
-#include "llist.h"
-#include "memory.h"
-
-/* this must be the last include file */
-#include "memdebug.h"
-
-static unsigned long
-hash_str(const char *key, size_t key_length)
-{
-  char *end = (char *) key + key_length;
-  unsigned long h = 5381;
-
-  while (key < end) {
-    h += h << 5;
-    h ^= (unsigned long) *key++;
-  }
-
-  return h;
-}
-
-static void
-hash_element_dtor(void *user, void *element)
-{
-  struct curl_hash *h = (struct curl_hash *) user;
-  struct curl_hash_element *e = (struct curl_hash_element *) element;
-
-  if (e->key)
-    free(e->key);
-
-  h->dtor(e->ptr);
-
-  free(e);
-}
-
-/* return 1 on error, 0 is fine */
-int
-Curl_hash_init(struct curl_hash *h, int slots, curl_hash_dtor dtor)
-{
-  int i;
-
-  h->dtor = dtor;
-  h->size = 0;
-  h->slots = slots;
-
-  h->table = (struct curl_llist **) malloc(slots * sizeof(struct curl_llist *));
-  if(h->table) {
-    for (i = 0; i < slots; ++i) {
-      h->table[i] = Curl_llist_alloc((curl_llist_dtor) hash_element_dtor);
-      if(!h->table[i]) {
-        while(i--)
-          Curl_llist_destroy(h->table[i], NULL);
-        free(h->table);
-        return 1; /* failure */
-      }
-    }
-    return 0; /* fine */
-  }
-  else
-    return 1; /* failure */
-}
-
-struct curl_hash *
-Curl_hash_alloc(int slots, curl_hash_dtor dtor)
-{
-  struct curl_hash *h;
-
-  h = (struct curl_hash *) malloc(sizeof(struct curl_hash));
-  if (h) {
-    if(Curl_hash_init(h, slots, dtor)) {
-      /* failure */
-      free(h);
-      h = NULL;
-    }
-  }
-
-  return h;
-}
-
-static int
-hash_key_compare(char *key1, size_t key1_len, char *key2, size_t key2_len)
-{
-  if (key1_len == key2_len &&
-      *key1 == *key2 &&
-      memcmp(key1, key2, key1_len) == 0) {
-    return 1;
-  }
-
-  return 0;
-}
-
-static struct curl_hash_element *
-mk_hash_element(char *key, size_t key_len, const void *p)
-{
-  struct curl_hash_element *he =
-    (struct curl_hash_element *) malloc(sizeof(struct curl_hash_element));
-
-  if(he) {
-    char *dup = malloc(key_len);
-    if(dup) {
-      /* copy the key */
-      memcpy(dup, key, key_len);
-
-      he->key = dup;
-      he->key_len = key_len;
-      he->ptr = (void *) p;
-    }
-    else {
-      /* failed to duplicate the key, free memory and fail */
-      free(he);
-      he = NULL;
-    }
-  }
-  return he;
-}
-
-#define find_slot(__h, __k, __k_len) (hash_str(__k, __k_len) % (__h)->slots)
-
-#define FETCH_LIST(x,y,z) x->table[find_slot(x, y, z)]
-
-/* Return the data in the hash. If there already was a match in the hash,
-   that data is returned. */
-void *
-Curl_hash_add(struct curl_hash *h, char *key, size_t key_len, void *p)
-{
-  struct curl_hash_element  *he;
-  struct curl_llist_element *le;
-  struct curl_llist *l = FETCH_LIST(h, key, key_len);
-
-  for (le = l->head; le; le = le->next) {
-    he = (struct curl_hash_element *) le->ptr;
-    if (hash_key_compare(he->key, he->key_len, key, key_len)) {
-      h->dtor(p);     /* remove the NEW entry */
-      return he->ptr; /* return the EXISTING entry */
-    }
-  }
-
-  he = mk_hash_element(key, key_len, p);
-  if (he) {
-    if(Curl_llist_insert_next(l, l->tail, he)) {
-      ++h->size;
-      return p; /* return the new entry */
-    }
-    /*
-     * Couldn't insert it, destroy the 'he' element and the key again. We
-     * don't call hash_element_dtor() since that would also call the
-     * "destructor" for the actual data 'p'. When we fail, we shall not touch
-     * that data.
-     */
-    free(he->key);
-    free(he);
-  }
-
-  return NULL; /* failure */
-}
-
-/* remove the identified hash entry, returns non-zero on failure */
-int Curl_hash_delete(struct curl_hash *h, char *key, size_t key_len)
-{
-  struct curl_llist_element *le;
-  struct curl_hash_element  *he;
-  struct curl_llist *l = FETCH_LIST(h, key, key_len);
-
-  for (le = l->head; le; le = le->next) {
-    he = le->ptr;
-    if (hash_key_compare(he->key, he->key_len, key, key_len)) {
-      Curl_llist_remove(l, le, (void *) h);
-      return 0;
-    }
-  }
-  return 1;
-}
-
-void *
-Curl_hash_pick(struct curl_hash *h, char *key, size_t key_len)
-{
-  struct curl_llist_element *le;
-  struct curl_hash_element  *he;
-  struct curl_llist *l = FETCH_LIST(h, key, key_len);
-
-  for (le = l->head; le; le = le->next) {
-    he = le->ptr;
-    if (hash_key_compare(he->key, he->key_len, key, key_len)) {
-      return he->ptr;
-    }
-  }
-
-  return NULL;
-}
-
-#if defined(CURLDEBUG) && defined(AGGRESIVE_TEST)
-void
-Curl_hash_apply(curl_hash *h, void *user,
-                void (*cb)(void *user, void *ptr))
-{
-  struct curl_llist_element  *le;
-  int                  i;
-
-  for (i = 0; i < h->slots; ++i) {
-    for (le = (h->table[i])->head;
-         le;
-         le = le->next) {
-      curl_hash_element *el = le->ptr;
-      cb(user, el->ptr);
-    }
-  }
-}
-#endif
-
-void
-Curl_hash_clean(struct curl_hash *h)
-{
-  int i;
-
-  for (i = 0; i < h->slots; ++i) {
-    Curl_llist_destroy(h->table[i], (void *) h);
-  }
-
-  free(h->table);
-}
-
-void
-Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
-                               int (*comp)(void *, void *))
-{
-  struct curl_llist_element *le;
-  struct curl_llist_element *lnext;
-  struct curl_llist *list;
-  int i;
-
-  for (i = 0; i < h->slots; ++i) {
-    list = h->table[i];
-    le = list->head; /* get first list entry */
-    while(le) {
-      struct curl_hash_element *he = le->ptr;
-      lnext = le->next;
-      /* ask the callback function if we shall remove this entry or not */
-      if (comp(user, he->ptr)) {
-        Curl_llist_remove(list, le, (void *) h);
-        --h->size; /* one less entry in the hash now */
-      }
-      le = lnext;
-    }
-  }
-}
-
-void
-Curl_hash_destroy(struct curl_hash *h)
-{
-  if (!h)
-    return;
-
-  Curl_hash_clean(h);
-  free(h);
-}
-
-#if 0 /* useful function for debugging hashes and their contents */
-void Curl_hash_print(struct curl_hash *h,
-                     void (*func)(void *))
-{
-  int i;
-  struct curl_llist_element *le;
-  struct curl_llist *list;
-  struct curl_hash_element  *he;
-  if (!h)
-    return;
-
-  fprintf(stderr, "=Hash dump=\n");
-
-  for (i = 0; i < h->slots; i++) {
-    list = h->table[i];
-    le = list->head; /* get first list entry */
-    if(le) {
-      fprintf(stderr, "index %d:", i);
-      while(le) {
-        he = le->ptr;
-        if(func)
-          func(he->ptr);
-        else
-          fprintf(stderr, " [%p]", he->ptr);
-        le = le->next;
-      }
-      fprintf(stderr, "\n");
-    }
-  }
-}
-#endif
diff --git a/Utilities/cmcurl/hash.h b/Utilities/cmcurl/hash.h
deleted file mode 100644
index ceebb52..0000000
--- a/Utilities/cmcurl/hash.h
+++ /dev/null
@@ -1,61 +0,0 @@
-#ifndef __HASH_H
-#define __HASH_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <stddef.h>
-
-#include "llist.h"
-
-typedef void (*curl_hash_dtor)(void *);
-
-struct curl_hash {
-  struct curl_llist **table;
-  curl_hash_dtor   dtor;
-  int slots;
-  size_t size;
-};
-
-struct curl_hash_element {
-  void   *ptr;
-  char   *key;
-  size_t key_len;
-};
-
-
-int Curl_hash_init(struct curl_hash *, int, curl_hash_dtor);
-struct curl_hash *Curl_hash_alloc(int, curl_hash_dtor);
-void *Curl_hash_add(struct curl_hash *, char *, size_t, void *);
-int Curl_hash_delete(struct curl_hash *h, char *key, size_t key_len);
-void *Curl_hash_pick(struct curl_hash *, char *, size_t);
-void Curl_hash_apply(struct curl_hash *h, void *user,
-                     void (*cb)(void *user, void *ptr));
-int Curl_hash_count(struct curl_hash *h);
-void Curl_hash_clean(struct curl_hash *h);
-void Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
-                                    int (*comp)(void *, void *));
-void Curl_hash_destroy(struct curl_hash *h);
-
-#endif
diff --git a/Utilities/cmcurl/hostares.c b/Utilities/cmcurl/hostares.c
deleted file mode 100644
index 1db0f43..0000000
--- a/Utilities/cmcurl/hostares.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <string.h>
-
-#ifdef NEED_MALLOC_H
-#include <malloc.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>     /* for the close() proto */
-#endif
-#ifdef  VMS
-#include <in.h>
-#include <inet.h>
-#include <stdlib.h>
-#endif
-
-#ifdef HAVE_SETJMP_H
-#include <setjmp.h>
-#endif
-
-#ifdef HAVE_PROCESS_H
-#include <process.h>
-#endif
-
-#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
-#undef in_addr_t
-#define in_addr_t unsigned long
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "hostip.h"
-#include "hash.h"
-#include "share.h"
-#include "strerror.h"
-#include "url.h"
-#include "multiif.h"
-#include "connect.h" /* for the Curl_sockerrno() proto */
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-#include "memory.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/***********************************************************************
- * Only for ares-enabled builds
- **********************************************************************/
-
-#ifdef CURLRES_ARES
-
-/*
- * Curl_resolv_fdset() is called when someone from the outside world (using
- * curl_multi_fdset()) wants to get our fd_set setup and we're talking with
- * ares. The caller must make sure that this function is only called when we
- * have a working ares channel.
- *
- * Returns: CURLE_OK always!
- */
-
-int Curl_resolv_getsock(struct connectdata *conn,
-                        curl_socket_t *socks,
-                        int numsocks)
-
-{
-  struct timeval maxtime;
-  struct timeval timeout;
-  int max = ares_getsock(conn->data->state.areschannel,
-                         (int *)socks, numsocks);
-
-
-  maxtime.tv_sec = CURL_TIMEOUT_RESOLVE;
-  maxtime.tv_usec = 0;
-
-  ares_timeout(conn->data->state.areschannel, &maxtime, &timeout);
-
-  Curl_expire(conn->data,
-              (timeout.tv_sec * 1000) + (timeout.tv_usec/1000) );
-
-  return max;
-}
-
-/*
- * Curl_is_resolved() is called repeatedly to check if a previous name resolve
- * request has completed. It should also make sure to time-out if the
- * operation seems to take too long.
- *
- * Returns normal CURLcode errors.
- */
-CURLcode Curl_is_resolved(struct connectdata *conn,
-                          struct Curl_dns_entry **dns)
-{
-  fd_set read_fds, write_fds;
-  struct timeval tv={0,0};
-  struct SessionHandle *data = conn->data;
-  int nfds;
-
-  FD_ZERO(&read_fds);
-  FD_ZERO(&write_fds);
-
-  nfds = ares_fds(data->state.areschannel, &read_fds, &write_fds);
-
-  (void)select(nfds, &read_fds, &write_fds, NULL,
-               (struct timeval *)&tv);
-
-  /* Call ares_process() unconditonally here, even if we simply timed out
-     above, as otherwise the ares name resolve won't timeout! */
-  ares_process(data->state.areschannel, &read_fds, &write_fds);
-
-  *dns = NULL;
-
-  if(conn->async.done) {
-    /* we're done, kill the ares handle */
-    if(!conn->async.dns) {
-      failf(data, "Could not resolve host: %s (%s)", conn->host.dispname,
-            ares_strerror(conn->async.status));
-      return CURLE_COULDNT_RESOLVE_HOST;
-    }
-    *dns = conn->async.dns;
-  }
-
-  return CURLE_OK;
-}
-
-/*
- * Curl_wait_for_resolv() waits for a resolve to finish. This function should
- * be avoided since using this risk getting the multi interface to "hang".
- *
- * If 'entry' is non-NULL, make it point to the resolved dns entry
- *
- * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, and
- * CURLE_OPERATION_TIMEDOUT if a time-out occurred.
- */
-CURLcode Curl_wait_for_resolv(struct connectdata *conn,
-                              struct Curl_dns_entry **entry)
-{
-  CURLcode rc=CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  long timeout = CURL_TIMEOUT_RESOLVE; /* default name resolve timeout */
-
-  /* now, see if there's a connect timeout or a regular timeout to
-     use instead of the default one */
-  if(conn->data->set.connecttimeout)
-    timeout = conn->data->set.connecttimeout;
-  else if(conn->data->set.timeout)
-    timeout = conn->data->set.timeout;
-
-  /* We convert the number of seconds into number of milliseconds here: */
-  if(timeout < 2147483)
-    /* maximum amount of seconds that can be multiplied with 1000 and
-       still fit within 31 bits */
-    timeout *= 1000;
-  else
-    timeout = 0x7fffffff; /* ridiculous amount of time anyway */
-
-  /* Wait for the name resolve query to complete. */
-  while (1) {
-    int nfds=0;
-    fd_set read_fds, write_fds;
-    struct timeval *tvp, tv, store;
-    int count;
-    struct timeval now = Curl_tvnow();
-    long timediff;
-
-    store.tv_sec = (int)timeout/1000;
-    store.tv_usec = (timeout%1000)*1000;
-
-    FD_ZERO(&read_fds);
-    FD_ZERO(&write_fds);
-    nfds = ares_fds(data->state.areschannel, &read_fds, &write_fds);
-    if (nfds == 0)
-      /* no file descriptors means we're done waiting */
-      break;
-    tvp = ares_timeout(data->state.areschannel, &store, &tv);
-    count = select(nfds, &read_fds, &write_fds, NULL, tvp);
-    if (count < 0 && Curl_sockerrno() != EINVAL)
-      break;
-
-    ares_process(data->state.areschannel, &read_fds, &write_fds);
-
-    timediff = Curl_tvdiff(Curl_tvnow(), now); /* spent time */
-    timeout -= timediff?timediff:1; /* always deduct at least 1 */
-    if (timeout < 0) {
-      /* our timeout, so we cancel the ares operation */
-      ares_cancel(data->state.areschannel);
-      break;
-    }
-  }
-
-  /* Operation complete, if the lookup was successful we now have the entry
-     in the cache. */
-
-  if(entry)
-    *entry = conn->async.dns;
-
-  if(!conn->async.dns) {
-    /* a name was not resolved */
-    if((timeout < 0) || (conn->async.status == ARES_ETIMEOUT)) {
-      failf(data, "Resolving host timed out: %s", conn->host.dispname);
-      rc = CURLE_OPERATION_TIMEDOUT;
-    }
-    else if(conn->async.done) {
-      failf(data, "Could not resolve host: %s (%s)", conn->host.dispname,
-            ares_strerror(conn->async.status));
-      rc = CURLE_COULDNT_RESOLVE_HOST;
-    }
-    else
-      rc = CURLE_OPERATION_TIMEDOUT;
-
-    /* close the connection, since we can't return failure here without
-       cleaning up this connection properly */
-    conn->bits.close = TRUE;
-  }
-
-  return rc;
-}
-
-/*
- * Curl_getaddrinfo() - when using ares
- *
- * Returns name information about the given hostname and port number. If
- * successful, the 'hostent' is returned and the forth argument will point to
- * memory we need to free after use. That memory *MUST* be freed with
- * Curl_freeaddrinfo(), nothing else.
- */
-Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
-                                const char *hostname,
-                                int port,
-                                int *waitp)
-{
-  char *bufp;
-  struct SessionHandle *data = conn->data;
-  in_addr_t in = inet_addr(hostname);
-
-  *waitp = FALSE;
-
-  if (in != CURL_INADDR_NONE) {
-    /* This is a dotted IP address 123.123.123.123-style */
-    return Curl_ip2addr(in, hostname, port);
-  }
-
-  bufp = strdup(hostname);
-
-  if(bufp) {
-    Curl_safefree(conn->async.hostname);
-    conn->async.hostname = bufp;
-    conn->async.port = port;
-    conn->async.done = FALSE; /* not done */
-    conn->async.status = 0;   /* clear */
-    conn->async.dns = NULL;   /* clear */
-
-    /* areschannel is already setup in the Curl_open() function */
-    ares_gethostbyname(data->state.areschannel, hostname, PF_INET,
-                       (ares_host_callback)Curl_addrinfo4_callback, conn);
-
-    *waitp = TRUE; /* please wait for the response */
-  }
-  return NULL; /* no struct yet */
-}
-#endif /* CURLRES_ARES */
diff --git a/Utilities/cmcurl/hostip.c b/Utilities/cmcurl/hostip.c
deleted file mode 100644
index 83f1564..0000000
--- a/Utilities/cmcurl/hostip.c
+++ /dev/null
@@ -1,636 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <string.h>
-
-#ifdef NEED_MALLOC_H
-#include <malloc.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>     /* for the close() proto */
-#endif
-#ifdef  VMS
-#include <in.h>
-#include <inet.h>
-#include <stdlib.h>
-#endif
-
-#ifdef HAVE_SETJMP_H
-#include <setjmp.h>
-#endif
-
-#ifdef HAVE_PROCESS_H
-#include <process.h>
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "hostip.h"
-#include "hash.h"
-#include "share.h"
-#include "strerror.h"
-#include "url.h"
-#include "inet_ntop.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-#include "memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/*
- * hostip.c explained
- * ==================
- *
- * The main COMPILE-TIME DEFINES to keep in mind when reading the host*.c
- * source file are these:
- *
- * CURLRES_IPV6 - this host has getaddrinfo() and family, and thus we use
- * that. The host may not be able to resolve IPv6, but we don't really have to
- * take that into account. Hosts that aren't IPv6-enabled have CURLRES_IPV4
- * defined.
- *
- * CURLRES_ARES - is defined if libcurl is built to use c-ares for
- * asynchronous name resolves. This can be Windows or *nix.
- *
- * CURLRES_THREADED - is defined if libcurl is built to run under (native)
- * Windows, and then the name resolve will be done in a new thread, and the
- * supported API will be the same as for ares-builds.
- *
- * If any of the two previous are defined, CURLRES_ASYNCH is defined too. If
- * libcurl is not built to use an asynchronous resolver, CURLRES_SYNCH is
- * defined.
- *
- * The host*.c sources files are split up like this:
- *
- * hostip.c   - method-independent resolver functions and utility functions
- * hostasyn.c - functions for asynchronous name resolves
- * hostsyn.c  - functions for synchronous name resolves
- * hostares.c - functions for ares-using name resolves
- * hostthre.c - functions for threaded name resolves
- * hostip4.c  - ipv4-specific functions
- * hostip6.c  - ipv6-specific functions
- *
- * The hostip.h is the united header file for all this. It defines the
- * CURLRES_* defines based on the config*.h and setup.h defines.
- */
-
-/* These two symbols are for the global DNS cache */
-static struct curl_hash hostname_cache;
-static int host_cache_initialized;
-
-static void freednsentry(void *freethis);
-
-/*
- * Curl_global_host_cache_init() initializes and sets up a global DNS cache.
- * Global DNS cache is general badness. Do not use. This will be removed in
- * a future version. Use the share interface instead!
- */
-void Curl_global_host_cache_init(void)
-{
-  if (!host_cache_initialized) {
-    Curl_hash_init(&hostname_cache, 7, freednsentry);
-    host_cache_initialized = 1;
-  }
-}
-
-/*
- * Return a pointer to the global cache
- */
-struct curl_hash *Curl_global_host_cache_get(void)
-{
-  return &hostname_cache;
-}
-
-/*
- * Destroy and cleanup the global DNS cache
- */
-void Curl_global_host_cache_dtor(void)
-{
-  if (host_cache_initialized) {
-    Curl_hash_clean(&hostname_cache);
-    host_cache_initialized = 0;
-  }
-}
-
-/*
- * Return # of adresses in a Curl_addrinfo struct
- */
-int Curl_num_addresses(const Curl_addrinfo *addr)
-{
-  int i;
-  for (i = 0; addr; addr = addr->ai_next, i++)
-    ;  /* empty loop */
-  return i;
-}
-
-/*
- * Curl_printable_address() returns a printable version of the 1st address
- * given in the 'ip' argument. The result will be stored in the buf that is
- * bufsize bytes big.
- *
- * If the conversion fails, it returns NULL.
- */
-const char *Curl_printable_address(const Curl_addrinfo *ip,
-                                   char *buf, size_t bufsize)
-{
-  const void *ip4 = &((const struct sockaddr_in*)ip->ai_addr)->sin_addr;
-  int af = ip->ai_family;
-#ifdef CURLRES_IPV6
-  const void *ip6 = &((const struct sockaddr_in6*)ip->ai_addr)->sin6_addr;
-#else
-  const void *ip6 = NULL;
-#endif
-
-  return Curl_inet_ntop(af, af == AF_INET ? ip4 : ip6, buf, bufsize);
-}
-
-/*
- * Return a hostcache id string for the providing host + port, to be used by
- * the DNS caching.
- */
-static char *
-create_hostcache_id(const char *server, int port)
-{
-  /* create and return the new allocated entry */
-  return aprintf("%s:%d", server, port);
-}
-
-struct hostcache_prune_data {
-  int cache_timeout;
-  time_t now;
-};
-
-/*
- * This function is set as a callback to be called for every entry in the DNS
- * cache when we want to prune old unused entries.
- *
- * Returning non-zero means remove the entry, return 0 to keep it in the
- * cache.
- */
-static int
-hostcache_timestamp_remove(void *datap, void *hc)
-{
-  struct hostcache_prune_data *data =
-    (struct hostcache_prune_data *) datap;
-  struct Curl_dns_entry *c = (struct Curl_dns_entry *) hc;
-
-  if ((data->now - c->timestamp < data->cache_timeout) ||
-      c->inuse) {
-    /* please don't remove */
-    return 0;
-  }
-
-  /* fine, remove */
-  return 1;
-}
-
-/*
- * Prune the DNS cache. This assumes that a lock has already been taken.
- */
-static void
-hostcache_prune(struct curl_hash *hostcache, int cache_timeout, time_t now)
-{
-  struct hostcache_prune_data user;
-
-  user.cache_timeout = cache_timeout;
-  user.now = now;
-
-  Curl_hash_clean_with_criterium(hostcache,
-                                 (void *) &user,
-                                 hostcache_timestamp_remove);
-}
-
-/*
- * Library-wide function for pruning the DNS cache. This function takes and
- * returns the appropriate locks.
- */
-void Curl_hostcache_prune(struct SessionHandle *data)
-{
-  time_t now;
-
-  if((data->set.dns_cache_timeout == -1) || !data->dns.hostcache)
-    /* cache forever means never prune, and NULL hostcache means
-       we can't do it */
-    return;
-
-  if(data->share)
-    Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
-
-  time(&now);
-
-  /* Remove outdated and unused entries from the hostcache */
-  hostcache_prune(data->dns.hostcache,
-                  data->set.dns_cache_timeout,
-                  now);
-
-  if(data->share)
-    Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
-}
-
-static int
-remove_entry_if_stale(struct SessionHandle *data, struct Curl_dns_entry *dns)
-{
-  struct hostcache_prune_data user;
-
-  if( !dns || (data->set.dns_cache_timeout == -1) || !data->dns.hostcache)
-    /* cache forever means never prune, and NULL hostcache means
-       we can't do it */
-    return 0;
-
-  time(&user.now);
-  user.cache_timeout = data->set.dns_cache_timeout;
-
-  if ( !hostcache_timestamp_remove(&user,dns) )
-    return 0;
-
-  /* ok, we do need to clear the cache. although we need to remove just a
-     single entry we clean the entire hash, as no explicit delete function
-     is provided */
-  if(data->share)
-    Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
-
-  Curl_hash_clean_with_criterium(data->dns.hostcache,
-                                 (void *) &user,
-                                 hostcache_timestamp_remove);
-
-  if(data->share)
-    Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
-
-  return 1;
-}
-
-
-#ifdef HAVE_SIGSETJMP
-/* Beware this is a global and unique instance. This is used to store the
-   return address that we can jump back to from inside a signal handler. This
-   is not thread-safe stuff. */
-sigjmp_buf curl_jmpenv;
-#endif
-
-
-/*
- * Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache.
- *
- * When calling Curl_resolv() has resulted in a response with a returned
- * address, we call this function to store the information in the dns
- * cache etc
- *
- * Returns the Curl_dns_entry entry pointer or NULL if the storage failed.
- */
-struct Curl_dns_entry *
-Curl_cache_addr(struct SessionHandle *data,
-                Curl_addrinfo *addr,
-                const char *hostname,
-                int port)
-{
-  char *entry_id;
-  size_t entry_len;
-  struct Curl_dns_entry *dns;
-  struct Curl_dns_entry *dns2;
-  time_t now;
-
-  /* Create an entry id, based upon the hostname and port */
-  entry_id = create_hostcache_id(hostname, port);
-  /* If we can't create the entry id, fail */
-  if (!entry_id)
-    return NULL;
-  entry_len = strlen(entry_id);
-
-  /* Create a new cache entry */
-  dns = (struct Curl_dns_entry *) calloc(sizeof(struct Curl_dns_entry), 1);
-  if (!dns) {
-    free(entry_id);
-    return NULL;
-  }
-
-  dns->inuse = 0;   /* init to not used */
-  dns->addr = addr; /* this is the address(es) */
-
-  /* Store the resolved data in our DNS cache. This function may return a
-     pointer to an existing struct already present in the hash, and it may
-     return the same argument we pass in. Make no assumptions. */
-  dns2 = Curl_hash_add(data->dns.hostcache, entry_id, entry_len+1,
-                       (void *)dns);
-  if(!dns2) {
-    /* Major badness, run away. */
-    free(dns);
-    free(entry_id);
-    return NULL;
-  }
-  time(&now);
-  dns = dns2;
-
-  dns->timestamp = now; /* used now */
-  dns->inuse++;         /* mark entry as in-use */
-
-  /* free the allocated entry_id again */
-  free(entry_id);
-
-  return dns;
-}
-
-/*
- * Curl_resolv() is the main name resolve function within libcurl. It resolves
- * a name and returns a pointer to the entry in the 'entry' argument (if one
- * is provided). This function might return immediately if we're using asynch
- * resolves. See the return codes.
- *
- * The cache entry we return will get its 'inuse' counter increased when this
- * function is used. You MUST call Curl_resolv_unlock() later (when you're
- * done using this struct) to decrease the counter again.
- *
- * Return codes:
- *
- * CURLRESOLV_ERROR   (-1) = error, no pointer
- * CURLRESOLV_RESOLVED (0) = OK, pointer provided
- * CURLRESOLV_PENDING  (1) = waiting for response, no pointer
- */
-
-int Curl_resolv(struct connectdata *conn,
-                const char *hostname,
-                int port,
-                struct Curl_dns_entry **entry)
-{
-  char *entry_id = NULL;
-  struct Curl_dns_entry *dns = NULL;
-  size_t entry_len;
-  int wait;
-  struct SessionHandle *data = conn->data;
-  CURLcode result;
-  int rc;
-  *entry = NULL;
-
-#ifdef HAVE_SIGSETJMP
-  /* this allows us to time-out from the name resolver, as the timeout
-     will generate a signal and we will siglongjmp() from that here */
-  if(!data->set.no_signal) {
-    if (sigsetjmp(curl_jmpenv, 1)) {
-      /* this is coming from a siglongjmp() */
-      failf(data, "name lookup timed out");
-      return CURLRESOLV_ERROR;
-    }
-  }
-#endif
-
-  /* Create an entry id, based upon the hostname and port */
-  entry_id = create_hostcache_id(hostname, port);
-  /* If we can't create the entry id, fail */
-  if (!entry_id)
-    return CURLRESOLV_ERROR;
-
-  entry_len = strlen(entry_id);
-
-  if(data->share)
-    Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
-
-  /* See if its already in our dns cache */
-  dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len+1);
-
-  if(data->share)
-    Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
-
-  /* free the allocated entry_id again */
-  free(entry_id);
-
-  /* See whether the returned entry is stale. Deliberately done after the
-     locked block */
-  if ( remove_entry_if_stale(data,dns) )
-    dns = NULL; /* the memory deallocation is being handled by the hash */
-
-  rc = CURLRESOLV_ERROR; /* default to failure */
-
-  if (!dns) {
-    /* The entry was not in the cache. Resolve it to IP address */
-
-    Curl_addrinfo *addr;
-
-    /* Check what IP specifics the app has requested and if we can provide it.
-     * If not, bail out. */
-    if(!Curl_ipvalid(data))
-      return CURLRESOLV_ERROR;
-
-    /* If Curl_getaddrinfo() returns NULL, 'wait' might be set to a non-zero
-       value indicating that we need to wait for the response to the resolve
-       call */
-    addr = Curl_getaddrinfo(conn, hostname, port, &wait);
-
-    if (!addr) {
-      if(wait) {
-        /* the response to our resolve call will come asynchronously at
-           a later time, good or bad */
-        /* First, check that we haven't received the info by now */
-        result = Curl_is_resolved(conn, &dns);
-        if(result) /* error detected */
-          return CURLRESOLV_ERROR;
-        if(dns)
-          rc = CURLRESOLV_RESOLVED; /* pointer provided */
-        else
-          rc = CURLRESOLV_PENDING; /* no info yet */
-      }
-    }
-    else {
-      if(data->share)
-        Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
-
-      /* we got a response, store it in the cache */
-      dns = Curl_cache_addr(data, addr, hostname, port);
-
-      if(data->share)
-        Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
-
-      if(!dns)
-        /* returned failure, bail out nicely */
-        Curl_freeaddrinfo(addr);
-      else
-        rc = CURLRESOLV_RESOLVED;
-    }
-  }
-  else {
-    if(data->share)
-      Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
-    dns->inuse++; /* we use it! */
-    if(data->share)
-      Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
-    rc = CURLRESOLV_RESOLVED;
-  }
-
-  *entry = dns;
-
-  return rc;
-}
-
-/*
- * Curl_resolv_unlock() unlocks the given cached DNS entry. When this has been
- * made, the struct may be destroyed due to pruning. It is important that only
- * one unlock is made for each Curl_resolv() call.
- */
-void Curl_resolv_unlock(struct SessionHandle *data, struct Curl_dns_entry *dns)
-{
-  curlassert(dns && (dns->inuse>0));
-
-  if(data->share)
-    Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
-
-  dns->inuse--;
-
-  if(data->share)
-    Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
-}
-
-/*
- * File-internal: free a cache dns entry.
- */
-static void freednsentry(void *freethis)
-{
-  struct Curl_dns_entry *p = (struct Curl_dns_entry *) freethis;
-
-  Curl_freeaddrinfo(p->addr);
-
-  free(p);
-}
-
-/*
- * Curl_mk_dnscache() creates a new DNS cache and returns the handle for it.
- */
-struct curl_hash *Curl_mk_dnscache(void)
-{
-  return Curl_hash_alloc(7, freednsentry);
-}
-
-#ifdef CURLRES_ADDRINFO_COPY
-
-/* align on even 64bit boundaries */
-#define MEMALIGN(x) ((x)+(8-(((unsigned long)(x))&0x7)))
-
-/*
- * Curl_addrinfo_copy() performs a "deep" copy of a hostent into a buffer and
- * returns a pointer to the malloc()ed copy. You need to call free() on the
- * returned buffer when you're done with it.
- */
-Curl_addrinfo *Curl_addrinfo_copy(const void *org, int port)
-{
-  const struct hostent *orig = org;
-
-  return Curl_he2ai(orig, port);
-}
-#endif /* CURLRES_ADDRINFO_COPY */
-
-/***********************************************************************
- * Only for plain-ipv4 and c-ares builds
- **********************************************************************/
-
-#if defined(CURLRES_IPV4) || defined(CURLRES_ARES)
-/*
- * This is a function for freeing name information in a protocol independent
- * way.
- */
-void Curl_freeaddrinfo(Curl_addrinfo *ai)
-{
-  Curl_addrinfo *next;
-
-  /* walk over the list and free all entries */
-  while(ai) {
-    next = ai->ai_next;
-    free(ai);
-    ai = next;
-  }
-}
-
-struct namebuf {
-  struct hostent hostentry;
-  char *h_addr_list[2];
-  struct in_addr addrentry;
-  char h_name[16]; /* 123.123.123.123 = 15 letters is maximum */
-};
-
-/*
- * Curl_ip2addr() takes a 32bit ipv4 internet address as input parameter
- * together with a pointer to the string version of the address, and it
- * returns a Curl_addrinfo chain filled in correctly with information for this
- * address/host.
- *
- * The input parameters ARE NOT checked for validity but they are expected
- * to have been checked already when this is called.
- */
-Curl_addrinfo *Curl_ip2addr(in_addr_t num, const char *hostname, int port)
-{
-  Curl_addrinfo *ai;
-  struct hostent *h;
-  struct in_addr *addrentry;
-  struct namebuf buffer;
-  struct namebuf *buf = &buffer;
-
-  h = &buf->hostentry;
-  h->h_addr_list = &buf->h_addr_list[0];
-  addrentry = &buf->addrentry;
-#ifdef _CRAY
-  /* On UNICOS, s_addr is a bit field and for some reason assigning to it
-   * doesn't work.  There must be a better fix than this ugly hack.
-   */
-  memcpy(addrentry, &num, SIZEOF_in_addr);
-#else
-  addrentry->s_addr = num;
-#endif
-  h->h_addr_list[0] = (char*)addrentry;
-  h->h_addr_list[1] = NULL;
-  h->h_addrtype = AF_INET;
-  h->h_length = sizeof(*addrentry);
-  h->h_name = &buf->h_name[0];
-  h->h_aliases = NULL;
-
-  /* Now store the dotted version of the address */
-  snprintf((char *)h->h_name, 16, "%s", hostname);
-
-  ai = Curl_he2ai(h, port);
-
-  return ai;
-}
-#endif
-
-
diff --git a/Utilities/cmcurl/hostsyn.c b/Utilities/cmcurl/hostsyn.c
deleted file mode 100644
index 2f816b8..0000000
--- a/Utilities/cmcurl/hostsyn.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <string.h>
-
-#ifdef NEED_MALLOC_H
-#include <malloc.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>     /* for the close() proto */
-#endif
-#ifdef  VMS
-#include <in.h>
-#include <inet.h>
-#include <stdlib.h>
-#endif
-
-#ifdef HAVE_SETJMP_H
-#include <setjmp.h>
-#endif
-
-#ifdef HAVE_PROCESS_H
-#include <process.h>
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "hostip.h"
-#include "hash.h"
-#include "share.h"
-#include "strerror.h"
-#include "url.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-#include "memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/***********************************************************************
- * Only for builds using synchronous name resolves
- **********************************************************************/
-#ifdef CURLRES_SYNCH
-
-/*
- * Curl_wait_for_resolv() for synch-builds.  Curl_resolv() can never return
- * wait==TRUE, so this function will never be called. If it still gets called,
- * we return failure at once.
- *
- * We provide this function only to allow multi.c to remain unaware if we are
- * doing asynch resolves or not.
- */
-CURLcode Curl_wait_for_resolv(struct connectdata *conn,
-                              struct Curl_dns_entry **entry)
-{
-  (void)conn;
-  *entry=NULL;
-  return CURLE_COULDNT_RESOLVE_HOST;
-}
-
-/*
- * This function will never be called when synch-built. If it still gets
- * called, we return failure at once.
- *
- * We provide this function only to allow multi.c to remain unaware if we are
- * doing asynch resolves or not.
- */
-CURLcode Curl_is_resolved(struct connectdata *conn,
-                          struct Curl_dns_entry **dns)
-{
-  (void)conn;
-  *dns = NULL;
-
-  return CURLE_COULDNT_RESOLVE_HOST;
-}
-
-/*
- * We just return OK, this function is never actually used for synch builds.
- * It is present here to keep #ifdefs out from multi.c
- */
-
-int Curl_resolv_getsock(struct connectdata *conn,
-                        curl_socket_t *sock,
-                        int numsocks)
-{
-  (void)conn;
-  (void)sock;
-  (void)numsocks;
-
-  return 0; /* no bits since we don't use any socks */
-}
-
-#endif /* truly sync */
diff --git a/Utilities/cmcurl/hostthre.c b/Utilities/cmcurl/hostthre.c
deleted file mode 100644
index 12e31ea..0000000
--- a/Utilities/cmcurl/hostthre.c
+++ /dev/null
@@ -1,840 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <string.h>
-#include <errno.h>
-
-#ifdef NEED_MALLOC_H
-#include <malloc.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>     /* for the close() proto */
-#endif
-#ifdef  VMS
-#include <in.h>
-#include <inet.h>
-#include <stdlib.h>
-#endif
-
-#ifdef HAVE_SETJMP_H
-#include <setjmp.h>
-#endif
-
-#ifdef HAVE_PROCESS_H
-#include <process.h>
-#endif
-
-#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
-#undef in_addr_t
-#define in_addr_t unsigned long
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "hostip.h"
-#include "hash.h"
-#include "share.h"
-#include "strerror.h"
-#include "url.h"
-#include "multiif.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#include "inet_ntop.h"
-
-#include "memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#if defined(_MSC_VER) && defined(CURL_NO__BEGINTHREADEX)
-#pragma message ("No _beginthreadex() available in this RTL")
-#endif
-
-/***********************************************************************
- * Only for Windows threaded name resolves builds
- **********************************************************************/
-#ifdef CURLRES_THREADED
-
-/* This function is used to init a threaded resolve */
-static bool init_resolve_thread(struct connectdata *conn,
-                                const char *hostname, int port,
-                                const Curl_addrinfo *hints);
-
-#ifdef CURLRES_IPV4
-  #define THREAD_FUNC  gethostbyname_thread
-  #define THREAD_NAME "gethostbyname_thread"
-#else
-  #define THREAD_FUNC  getaddrinfo_thread
-  #define THREAD_NAME "getaddrinfo_thread"
-#endif
-
-#if defined(DEBUG_THREADING_GETHOSTBYNAME) || \
-    defined(DEBUG_THREADING_GETADDRINFO)
-/* If this is defined, provide tracing */
-#define TRACE(args)  \
- do { trace_it("%u: ", __LINE__); trace_it args; } while (0)
-
-static void trace_it (const char *fmt, ...)
-{
-  static int do_trace = -1;
-  va_list args;
-
-  if (do_trace == -1) {
-    const char *env = getenv("CURL_TRACE");
-    do_trace = (env && atoi(env) > 0);
-  }
-  if (!do_trace)
-    return;
-  va_start (args, fmt);
-  vfprintf (stderr, fmt, args);
-  fflush (stderr);
-  va_end (args);
-}
-#else
-#define TRACE(x)
-#endif
-
-#ifdef DEBUG_THREADING_GETADDRINFO
-static void dump_addrinfo (struct connectdata *conn, const struct addrinfo *ai)
-{
-  TRACE(("dump_addrinfo:\n"));
-  for ( ; ai; ai = ai->ai_next) {
-    char  buf [INET6_ADDRSTRLEN];
-
-    trace_it("    fam %2d, CNAME %s, ",
-             ai->ai_family, ai->ai_canonname ? ai->ai_canonname : "<none>");
-    if (Curl_printable_address(ai, buf, sizeof(buf)))
-      trace_it("%s\n", buf);
-    else
-      trace_it("failed; %s\n", Curl_strerror(conn,WSAGetLastError()));
-  }
-}
-#endif
-
-struct thread_data {
-  HANDLE thread_hnd;
-  unsigned thread_id;
-  DWORD  thread_status;
-  curl_socket_t dummy_sock;   /* dummy for Curl_resolv_fdset() */
-  HANDLE mutex_waiting;  /* marks that we are still waiting for a resolve */
-  HANDLE event_resolved; /* marks that the thread obtained the information */
-  HANDLE event_thread_started; /* marks that the thread has initialized and
-                                  started */
-  HANDLE mutex_terminate; /* serializes access to flag_terminate */
-  HANDLE event_terminate; /* flag for thread to terminate instead of calling
-                             callbacks */
-#ifdef CURLRES_IPV6
-  struct addrinfo hints;
-#endif
-};
-
-/* Data for synchronization between resolver thread and its parent */
-struct thread_sync_data {
-  HANDLE mutex_waiting;   /* thread_data.mutex_waiting duplicate */
-  HANDLE mutex_terminate; /* thread_data.mutex_terminate duplicate */
-  HANDLE event_terminate; /* thread_data.event_terminate duplicate */
-  char * hostname;        /* hostname to resolve, Curl_async.hostname
-                             duplicate */
-};
-
-/* Destroy resolver thread synchronization data */
-static
-void destroy_thread_sync_data(struct thread_sync_data * tsd)
-{
-  if (tsd->hostname) {
-    free(tsd->hostname);
-    tsd->hostname = NULL;
-  }
-  if (tsd->event_terminate) {
-    CloseHandle(tsd->event_terminate);
-    tsd->event_terminate = NULL;
-  }
-  if (tsd->mutex_terminate) {
-    CloseHandle(tsd->mutex_terminate);
-    tsd->mutex_terminate = NULL;
-  }
-  if (tsd->mutex_waiting) {
-    CloseHandle(tsd->mutex_waiting);
-    tsd->mutex_waiting = NULL;
-  }
-}
-
-/* Initialize resolver thread synchronization data */
-static
-BOOL init_thread_sync_data(struct thread_data * td,
-                           char * hostname,
-                           struct thread_sync_data * tsd)
-{
-  HANDLE curr_proc = GetCurrentProcess();
-
-  memset(tsd, 0, sizeof(*tsd));
-  if (!DuplicateHandle(curr_proc, td->mutex_waiting,
-                       curr_proc, &tsd->mutex_waiting, 0, FALSE,
-                       DUPLICATE_SAME_ACCESS)) {
-    /* failed to duplicate the mutex, no point in continuing */
-    destroy_thread_sync_data(tsd);
-    return FALSE;
-  }
-  if (!DuplicateHandle(curr_proc, td->mutex_terminate,
-                       curr_proc, &tsd->mutex_terminate, 0, FALSE,
-                       DUPLICATE_SAME_ACCESS)) {
-    /* failed to duplicate the mutex, no point in continuing */
-    destroy_thread_sync_data(tsd);
-    return FALSE;
-  }
-  if (!DuplicateHandle(curr_proc, td->event_terminate,
-                       curr_proc, &tsd->event_terminate, 0, FALSE,
-                       DUPLICATE_SAME_ACCESS)) {
-    /* failed to duplicate the event, no point in continuing */
-    destroy_thread_sync_data(tsd);
-    return FALSE;
-  }
-  /* Copying hostname string because original can be destroyed by parent
-   * thread during gethostbyname execution.
-   */
-  tsd->hostname = strdup(hostname);
-  if (!tsd->hostname) {
-    /* Memory allocation failed */
-    destroy_thread_sync_data(tsd);
-    return FALSE;
-  }
-  return TRUE;
-}
-
-/* acquire resolver thread synchronization */
-static
-BOOL acquire_thread_sync(struct thread_sync_data * tsd)
-{
-  /* is the thread initiator still waiting for us ? */
-  if (WaitForSingleObject(tsd->mutex_waiting, 0) == WAIT_TIMEOUT) {
-    /* yes, it is */
-
-    /* Waiting access to event_terminate */
-    if (WaitForSingleObject(tsd->mutex_terminate, INFINITE) != WAIT_OBJECT_0) {
-      /* Something went wrong - now just ignoring */
-    }
-    else {
-      if (WaitForSingleObject(tsd->event_terminate, 0) != WAIT_TIMEOUT) {
-        /* Parent thread signaled us to terminate.
-         * This means that all data in conn->async is now destroyed
-         * and we cannot use it.
-         */
-      }
-      else {
-        return TRUE;
-      }
-    }
-  }
-  return FALSE;
-}
-
-/* release resolver thread synchronization */
-static
-void release_thread_sync(struct thread_sync_data * tsd)
-{
-  ReleaseMutex(tsd->mutex_terminate);
-}
-
-#if defined(CURLRES_IPV4)
-/*
- * gethostbyname_thread() resolves a name, calls the Curl_addrinfo4_callback
- * and then exits.
- *
- * For builds without ARES/ENABLE_IPV6, create a resolver thread and wait on
- * it.
- */
-static unsigned __stdcall gethostbyname_thread (void *arg)
-{
-  struct connectdata *conn = (struct connectdata*) arg;
-  struct thread_data *td = (struct thread_data*) conn->async.os_specific;
-  struct hostent *he;
-  int    rc = 0;
-
-  /* Duplicate the passed mutex and event handles.
-   * This allows us to use it even after the container gets destroyed
-   * due to a resolver timeout.
-   */
-  struct thread_sync_data tsd = { 0,0,0,NULL };
-  if (!init_thread_sync_data(td, conn->async.hostname, &tsd)) {
-    /* thread synchronization data initialization failed */
-    return (unsigned)-1;
-  }
-
-  WSASetLastError (conn->async.status = NO_DATA); /* pending status */
-
-  /* Signaling that we have initialized all copies of data and handles we
-     need */
-  SetEvent(td->event_thread_started);
-
-  he = gethostbyname (tsd.hostname);
-
-  /* is parent thread waiting for us and are we able to access conn members? */
-  if (acquire_thread_sync(&tsd)) {
-    /* Mark that we have obtained the information, and that we are calling
-     * back with it. */
-    SetEvent(td->event_resolved);
-    if (he) {
-      rc = Curl_addrinfo4_callback(conn, CURL_ASYNC_SUCCESS, he);
-    }
-    else {
-      rc = Curl_addrinfo4_callback(conn, (int)WSAGetLastError(), NULL);
-    }
-    TRACE(("Winsock-error %d, addr %s\n", conn->async.status,
-           he ? inet_ntoa(*(struct in_addr*)he->h_addr) : "unknown"));
-    release_thread_sync(&tsd);
-  }
-
-  /* clean up */
-  destroy_thread_sync_data(&tsd);
-
-  return (rc);
-  /* An implicit _endthreadex() here */
-}
-
-#elif defined(CURLRES_IPV6)
-
-/*
- * getaddrinfo_thread() resolves a name, calls Curl_addrinfo6_callback and then
- * exits.
- *
- * For builds without ARES, but with ENABLE_IPV6, create a resolver thread
- * and wait on it.
- */
-static unsigned __stdcall getaddrinfo_thread (void *arg)
-{
-  struct connectdata *conn = (struct connectdata*) arg;
-  struct thread_data *td   = (struct thread_data*) conn->async.os_specific;
-  struct addrinfo    *res;
-  char   service [NI_MAXSERV];
-  int    rc;
-  struct addrinfo hints = td->hints;
-
-  /* Duplicate the passed mutex handle.
-   * This allows us to use it even after the container gets destroyed
-   * due to a resolver timeout.
-   */
-  struct thread_sync_data tsd = { 0,0,0,NULL };
-  if (!init_thread_sync_data(td, conn->async.hostname, &tsd)) {
-    /* thread synchronization data initialization failed */
-    return -1;
-  }
-
-  itoa(conn->async.port, service, 10);
-
-  WSASetLastError(conn->async.status = NO_DATA); /* pending status */
-
-  /* Signaling that we have initialized all copies of data and handles we
-     need */
-  SetEvent(td->event_thread_started);
-
-  rc = getaddrinfo(tsd.hostname, service, &hints, &res);
-
-  /* is parent thread waiting for us and are we able to access conn members? */
-  if (acquire_thread_sync(&tsd)) {
-    /* Mark that we have obtained the information, and that we are calling
-       back with it. */
-    SetEvent(td->event_resolved);
-
-    if (rc == 0) {
-#ifdef DEBUG_THREADING_GETADDRINFO
-      dump_addrinfo (conn, res);
-#endif
-      rc = Curl_addrinfo6_callback(conn, CURL_ASYNC_SUCCESS, res);
-    }
-    else {
-      rc = Curl_addrinfo6_callback(conn, (int)WSAGetLastError(), NULL);
-      TRACE(("Winsock-error %d, no address\n", conn->async.status));
-    }
-    release_thread_sync(&tsd);
-  }
-
-  /* clean up */
-  destroy_thread_sync_data(&tsd);
-
-  return (rc);
-  /* An implicit _endthreadex() here */
-}
-#endif
-
-/*
- * Curl_destroy_thread_data() cleans up async resolver data and thread handle.
- * Complementary of ares_destroy.
- */
-void Curl_destroy_thread_data (struct Curl_async *async)
-{
-  if (async->hostname)
-    free(async->hostname);
-
-  if (async->os_specific) {
-    struct thread_data *td = (struct thread_data*) async->os_specific;
-    curl_socket_t sock = td->dummy_sock;
-
-    if (td->mutex_terminate && td->event_terminate) {
-      /* Signaling resolver thread to terminate */
-      if (WaitForSingleObject(td->mutex_terminate, INFINITE) == WAIT_OBJECT_0) {
-        SetEvent(td->event_terminate);
-        ReleaseMutex(td->mutex_terminate);
-      }
-      else {
-        /* Something went wrong - just ignoring it */
-      }
-    }
-
-    if (td->mutex_terminate)
-      CloseHandle(td->mutex_terminate);
-    if (td->event_terminate)
-      CloseHandle(td->event_terminate);
-    if (td->event_thread_started)
-      CloseHandle(td->event_thread_started);
-
-    if (sock != CURL_SOCKET_BAD)
-      sclose(sock);
-
-    /* destroy the synchronization objects */
-    if (td->mutex_waiting)
-      CloseHandle(td->mutex_waiting);
-    td->mutex_waiting = NULL;
-    if (td->event_resolved)
-      CloseHandle(td->event_resolved);
-
-    if (td->thread_hnd)
-      CloseHandle(td->thread_hnd);
-
-    free(async->os_specific);
-  }
-  async->hostname = NULL;
-  async->os_specific = NULL;
-}
-
-/*
- * init_resolve_thread() starts a new thread that performs the actual
- * resolve. This function returns before the resolve is done.
- *
- * Returns FALSE in case of failure, otherwise TRUE.
- */
-static bool init_resolve_thread (struct connectdata *conn,
-                                 const char *hostname, int port,
-                                 const Curl_addrinfo *hints)
-{
-  struct thread_data *td = calloc(sizeof(*td), 1);
-  HANDLE thread_and_event[2] = {0};
-
-  if (!td) {
-    SetLastError(ENOMEM);
-    return FALSE;
-  }
-
-  Curl_safefree(conn->async.hostname);
-  conn->async.hostname = strdup(hostname);
-  if (!conn->async.hostname) {
-    free(td);
-    SetLastError(ENOMEM);
-    return FALSE;
-  }
-
-  conn->async.port = port;
-  conn->async.done = FALSE;
-  conn->async.status = 0;
-  conn->async.dns = NULL;
-  conn->async.os_specific = (void*) td;
-  td->dummy_sock = CURL_SOCKET_BAD;
-
-  /* Create the mutex used to inform the resolver thread that we're
-   * still waiting, and take initial ownership.
-   */
-  td->mutex_waiting = CreateMutex(NULL, TRUE, NULL);
-  if (td->mutex_waiting == NULL) {
-    Curl_destroy_thread_data(&conn->async);
-    SetLastError(EAGAIN);
-    return FALSE;
-  }
-
-  /* Create the event that the thread uses to inform us that it's
-   * done resolving. Do not signal it.
-   */
-  td->event_resolved = CreateEvent(NULL, TRUE, FALSE, NULL);
-  if (td->event_resolved == NULL) {
-    Curl_destroy_thread_data(&conn->async);
-    SetLastError(EAGAIN);
-    return FALSE;
-  }
-  /* Create the mutex used to serialize access to event_terminated
-   * between us and resolver thread.
-   */
-  td->mutex_terminate = CreateMutex(NULL, FALSE, NULL);
-  if (td->mutex_terminate == NULL) {
-    Curl_destroy_thread_data(&conn->async);
-    SetLastError(EAGAIN);
-    return FALSE;
-  }
-  /* Create the event used to signal thread that it should terminate.
-   */
-  td->event_terminate = CreateEvent(NULL, TRUE, FALSE, NULL);
-  if (td->event_terminate == NULL) {
-    Curl_destroy_thread_data(&conn->async);
-    SetLastError(EAGAIN);
-    return FALSE;
-  }
-  /* Create the event used by thread to inform it has initialized its own data.
-   */
-  td->event_thread_started = CreateEvent(NULL, TRUE, FALSE, NULL);
-  if (td->event_thread_started == NULL) {
-    Curl_destroy_thread_data(&conn->async);
-    SetLastError(EAGAIN);
-    return FALSE;
-  }
-
-#ifdef _WIN32_WCE
-  td->thread_hnd = (HANDLE) CreateThread(NULL, 0,
-                                         (LPTHREAD_START_ROUTINE) THREAD_FUNC,
-                                         conn, 0, &td->thread_id);
-#else
-  td->thread_hnd = (HANDLE) _beginthreadex(NULL, 0, THREAD_FUNC,
-                                           conn, 0, &td->thread_id);
-#endif
-
-#ifdef CURLRES_IPV6
-  curlassert(hints);
-  td->hints = *hints;
-#else
-  (void) hints;
-#endif
-
-  if (!td->thread_hnd) {
-#ifdef _WIN32_WCE
-     TRACE(("CreateThread() failed; %s\n", Curl_strerror(conn,GetLastError())));
-#else
-     SetLastError(errno);
-     TRACE(("_beginthreadex() failed; %s\n", Curl_strerror(conn,errno)));
-#endif
-     Curl_destroy_thread_data(&conn->async);
-     return FALSE;
-  }
-  /* Waiting until the thread will initialize its data or it will exit due errors.
-   */
-  thread_and_event[0] = td->thread_hnd;
-  thread_and_event[1] = td->event_thread_started;
-  if (WaitForMultipleObjects(sizeof(thread_and_event) /
-                             sizeof(thread_and_event[0]),
-                             (const HANDLE*)thread_and_event, FALSE,
-                             INFINITE) == WAIT_FAILED) {
-    /* The resolver thread has been created,
-     * most probably it works now - ignoring this "minor" error
-     */
-  }
-  /* This socket is only to keep Curl_resolv_fdset() and select() happy;
-   * should never become signalled for read/write since it's unbound but
-   * Windows needs atleast 1 socket in select().
-   */
-  td->dummy_sock = socket(AF_INET, SOCK_DGRAM, 0);
-  return TRUE;
-}
-
-
-/*
- * Curl_wait_for_resolv() waits for a resolve to finish. This function should
- * be avoided since using this risk getting the multi interface to "hang".
- *
- * If 'entry' is non-NULL, make it point to the resolved dns entry
- *
- * This is the version for resolves-in-a-thread.
- */
-CURLcode Curl_wait_for_resolv(struct connectdata *conn,
-                              struct Curl_dns_entry **entry)
-{
-  struct thread_data   *td = (struct thread_data*) conn->async.os_specific;
-  struct SessionHandle *data = conn->data;
-  long   timeout;
-  DWORD  status, ticks;
-  CURLcode rc;
-
-  curlassert (conn && td);
-
-  /* now, see if there's a connect timeout or a regular timeout to
-     use instead of the default one */
-  timeout =
-    conn->data->set.connecttimeout ? conn->data->set.connecttimeout :
-    conn->data->set.timeout ? conn->data->set.timeout :
-    CURL_TIMEOUT_RESOLVE; /* default name resolve timeout */
-  ticks = GetTickCount();
-
-  /* wait for the thread to resolve the name */
-  status = WaitForSingleObject(td->event_resolved, 1000UL*timeout);
-
-  /* mark that we are now done waiting */
-  ReleaseMutex(td->mutex_waiting);
-
-  /* close our handle to the mutex, no point in hanging on to it */
-  CloseHandle(td->mutex_waiting);
-  td->mutex_waiting = NULL;
-
-  /* close the event handle, it's useless now */
-  CloseHandle(td->event_resolved);
-  td->event_resolved = NULL;
-
-  /* has the resolver thread succeeded in resolving our query ? */
-  if (status == WAIT_OBJECT_0) {
-    /* wait for the thread to exit, it's in the callback sequence */
-    if (WaitForSingleObject(td->thread_hnd, 5000) == WAIT_TIMEOUT) {
-      TerminateThread(td->thread_hnd, 0);
-      conn->async.done = TRUE;
-      td->thread_status = (DWORD)-1;
-      TRACE(("%s() thread stuck?!, ", THREAD_NAME));
-    }
-    else {
-      /* Thread finished before timeout; propagate Winsock error to this
-       * thread.  'conn->async.done = TRUE' is set in
-       * Curl_addrinfo4/6_callback().
-       */
-      WSASetLastError(conn->async.status);
-      GetExitCodeThread(td->thread_hnd, &td->thread_status);
-      TRACE(("%s() status %lu, thread retval %lu, ",
-             THREAD_NAME, status, td->thread_status));
-    }
-  }
-  else {
-    conn->async.done = TRUE;
-    td->thread_status = (DWORD)-1;
-    TRACE(("%s() timeout, ", THREAD_NAME));
-  }
-
-  TRACE(("elapsed %lu ms\n", GetTickCount()-ticks));
-
-  if(entry)
-    *entry = conn->async.dns;
-
-  rc = CURLE_OK;
-
-  if (!conn->async.dns) {
-    /* a name was not resolved */
-    if (td->thread_status == CURLE_OUT_OF_MEMORY) {
-      rc = CURLE_OUT_OF_MEMORY;
-      failf(data, "Could not resolve host: %s", curl_easy_strerror(rc));
-    }
-    else if(conn->async.done) {
-      if(conn->bits.httpproxy) {
-        failf(data, "Could not resolve proxy: %s; %s",
-              conn->proxy.dispname, Curl_strerror(conn, conn->async.status));
-        rc = CURLE_COULDNT_RESOLVE_PROXY;
-      }
-      else {
-        failf(data, "Could not resolve host: %s; %s",
-              conn->host.name, Curl_strerror(conn, conn->async.status));
-        rc = CURLE_COULDNT_RESOLVE_HOST;
-      }
-    }
-    else if (td->thread_status == (DWORD)-1 || conn->async.status == NO_DATA) {
-      failf(data, "Resolving host timed out: %s", conn->host.name);
-      rc = CURLE_OPERATION_TIMEDOUT;
-    }
-    else
-      rc = CURLE_OPERATION_TIMEDOUT;
-  }
-
-  Curl_destroy_thread_data(&conn->async);
-
-  if(!conn->async.dns)
-    conn->bits.close = TRUE;
-
-  return (rc);
-}
-
-/*
- * Curl_is_resolved() is called repeatedly to check if a previous name resolve
- * request has completed. It should also make sure to time-out if the
- * operation seems to take too long.
- */
-CURLcode Curl_is_resolved(struct connectdata *conn,
-                          struct Curl_dns_entry **entry)
-{
-  *entry = NULL;
-
-  if (conn->async.done) {
-    /* we're done */
-    Curl_destroy_thread_data(&conn->async);
-    if (!conn->async.dns) {
-      TRACE(("Curl_is_resolved(): CURLE_COULDNT_RESOLVE_HOST\n"));
-      return CURLE_COULDNT_RESOLVE_HOST;
-    }
-    *entry = conn->async.dns;
-    TRACE(("resolved okay, dns %p\n", *entry));
-  }
-  return CURLE_OK;
-}
-
-int Curl_resolv_getsock(struct connectdata *conn,
-                        curl_socket_t *socks,
-                        int numsocks)
-{
-  const struct thread_data *td =
-    (const struct thread_data *) conn->async.os_specific;
-
-  if (td && td->dummy_sock != CURL_SOCKET_BAD) {
-    if(numsocks) {
-      /* return one socket waiting for writable, even though this is just
-         a dummy */
-      socks[0] = td->dummy_sock;
-      return GETSOCK_WRITESOCK(0);
-    }
-  }
-  return 0;
-}
-
-#ifdef CURLRES_IPV4
-/*
- * Curl_getaddrinfo() - for Windows threading without ENABLE_IPV6.
- */
-Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
-                                const char *hostname,
-                                int port,
-                                int *waitp)
-{
-  struct hostent *h = NULL;
-  struct SessionHandle *data = conn->data;
-  in_addr_t in;
-
-  *waitp = 0; /* don't wait, we act synchronously */
-
-  in = inet_addr(hostname);
-  if (in != CURL_INADDR_NONE)
-    /* This is a dotted IP address 123.123.123.123-style */
-    return Curl_ip2addr(in, hostname, port);
-
-  /* fire up a new resolver thread! */
-  if (init_resolve_thread(conn, hostname, port, NULL)) {
-    *waitp = TRUE;  /* please wait for the response */
-    return NULL;
-  }
-
-  /* fall-back to blocking version */
-  infof(data, "init_resolve_thread() failed for %s; %s\n",
-        hostname, Curl_strerror(conn,GetLastError()));
-
-  h = gethostbyname(hostname);
-  if (!h) {
-    infof(data, "gethostbyname(2) failed for %s:%d; %s\n",
-          hostname, port, Curl_strerror(conn,WSAGetLastError()));
-    return NULL;
-  }
-  return Curl_he2ai(h, port);
-}
-#endif /* CURLRES_IPV4 */
-
-#ifdef CURLRES_IPV6
-/*
- * Curl_getaddrinfo() - for Windows threading IPv6 enabled
- */
-Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
-                                const char *hostname,
-                                int port,
-                                int *waitp)
-{
-  struct addrinfo hints, *res;
-  int error;
-  char sbuf[NI_MAXSERV];
-  curl_socket_t s;
-  int pf;
-  struct SessionHandle *data = conn->data;
-
-  *waitp = FALSE; /* default to synch response */
-
-  /* see if we have an IPv6 stack */
-  s = socket(PF_INET6, SOCK_DGRAM, 0);
-  if (s == CURL_SOCKET_BAD) {
-    /* Some non-IPv6 stacks have been found to make very slow name resolves
-     * when PF_UNSPEC is used, so thus we switch to a mere PF_INET lookup if
-     * the stack seems to be a non-ipv6 one. */
-
-    pf = PF_INET;
-  }
-  else {
-    /* This seems to be an IPv6-capable stack, use PF_UNSPEC for the widest
-     * possible checks. And close the socket again.
-     */
-    sclose(s);
-
-    /*
-     * Check if a more limited name resolve has been requested.
-     */
-    switch(data->set.ip_version) {
-    case CURL_IPRESOLVE_V4:
-      pf = PF_INET;
-      break;
-    case CURL_IPRESOLVE_V6:
-      pf = PF_INET6;
-      break;
-    default:
-      pf = PF_UNSPEC;
-      break;
-    }
-  }
-
-  memset(&hints, 0, sizeof(hints));
-  hints.ai_family = pf;
-  hints.ai_socktype = conn->socktype;
-#if 0 /* removed nov 8 2005 before 7.15.1 */
-  hints.ai_flags = AI_CANONNAME;
-#endif
-  itoa(port, sbuf, 10);
-
-  /* fire up a new resolver thread! */
-  if (init_resolve_thread(conn, hostname, port, &hints)) {
-    *waitp = TRUE;  /* please wait for the response */
-    return NULL;
-  }
-
-  /* fall-back to blocking version */
-  infof(data, "init_resolve_thread() failed for %s; %s\n",
-        hostname, Curl_strerror(conn,GetLastError()));
-
-  error = getaddrinfo(hostname, sbuf, &hints, &res);
-  if (error) {
-    infof(data, "getaddrinfo() failed for %s:%d; %s\n",
-          hostname, port, Curl_strerror(conn,WSAGetLastError()));
-    return NULL;
-  }
-  return res;
-}
-#endif /* CURLRES_IPV6 */
-#endif /* CURLRES_THREADED */
diff --git a/Utilities/cmcurl/http.c b/Utilities/cmcurl/http.c
deleted file mode 100644
index 5405aac..0000000
--- a/Utilities/cmcurl/http.c
+++ /dev/null
@@ -1,2422 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#ifndef CURL_DISABLE_HTTP
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#ifdef WIN32
-#include <time.h>
-#include <io.h>
-#else
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-
-#ifdef HAVE_TIME_H
-#ifdef TIME_WITH_SYS_TIME
-#include <time.h>
-#endif
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <netdb.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#include <sys/ioctl.h>
-#include <signal.h>
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#endif
-
-#include "urldata.h"
-#include <curl/curl.h>
-#include "transfer.h"
-#include "sendf.h"
-#include "easyif.h" /* for Curl_convert_... prototypes */
-#include "formdata.h"
-#include "progress.h"
-#include "base64.h"
-#include "cookie.h"
-#include "strequal.h"
-#include "sslgen.h"
-#include "http_digest.h"
-#include "http_ntlm.h"
-#include "http_negotiate.h"
-#include "url.h"
-#include "share.h"
-#include "hostip.h"
-#include "http.h"
-#include "memory.h"
-#include "select.h"
-#include "parsedate.h" /* for the week day and month names */
-#include "strtoofft.h"
-#include "multiif.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/*
- * checkheaders() checks the linked list of custom HTTP headers for a
- * particular header (prefix).
- *
- * Returns a pointer to the first matching header or NULL if none matched.
- */
-static char *checkheaders(struct SessionHandle *data, const char *thisheader)
-{
-  struct curl_slist *head;
-  size_t thislen = strlen(thisheader);
-
-  for(head = data->set.headers; head; head=head->next) {
-    if(strnequal(head->data, thisheader, thislen))
-      return head->data;
-  }
-  return NULL;
-}
-
-/*
- * Curl_output_basic() sets up an Authorization: header (or the proxy version)
- * for HTTP Basic authentication.
- *
- * Returns CURLcode.
- */
-static CURLcode Curl_output_basic(struct connectdata *conn, bool proxy)
-{
-  char *authorization;
-  struct SessionHandle *data=conn->data;
-  char **userp;
-  char *user;
-  char *pwd;
-
-  if(proxy) {
-    userp = &conn->allocptr.proxyuserpwd;
-    user = conn->proxyuser;
-    pwd = conn->proxypasswd;
-  }
-  else {
-    userp = &conn->allocptr.userpwd;
-    user = conn->user;
-    pwd = conn->passwd;
-  }
-
-  snprintf(data->state.buffer, sizeof(data->state.buffer), "%s:%s", user, pwd);
-  if(Curl_base64_encode(data, data->state.buffer,
-                        strlen(data->state.buffer),
-                        &authorization) > 0) {
-    if(*userp)
-      free(*userp);
-    *userp = aprintf( "%sAuthorization: Basic %s\r\n",
-                      proxy?"Proxy-":"",
-                      authorization);
-    free(authorization);
-  }
-  else
-    return CURLE_OUT_OF_MEMORY;
-  return CURLE_OK;
-}
-
-/* pickoneauth() selects the most favourable authentication method from the
- * ones available and the ones we want.
- *
- * return TRUE if one was picked
- */
-static bool pickoneauth(struct auth *pick)
-{
-  bool picked;
-  /* only deal with authentication we want */
-  long avail = pick->avail & pick->want;
-  picked = TRUE;
-
-  /* The order of these checks is highly relevant, as this will be the order
-     of preference in case of the existence of multiple accepted types. */
-  if(avail & CURLAUTH_GSSNEGOTIATE)
-    pick->picked = CURLAUTH_GSSNEGOTIATE;
-  else if(avail & CURLAUTH_DIGEST)
-    pick->picked = CURLAUTH_DIGEST;
-  else if(avail & CURLAUTH_NTLM)
-    pick->picked = CURLAUTH_NTLM;
-  else if(avail & CURLAUTH_BASIC)
-    pick->picked = CURLAUTH_BASIC;
-  else {
-    pick->picked = CURLAUTH_PICKNONE; /* we select to use nothing */
-    picked = FALSE;
-  }
-  pick->avail = CURLAUTH_NONE; /* clear it here */
-
-  return picked;
-}
-
-/*
- * perhapsrewind()
- *
- * If we are doing POST or PUT {
- *   If we have more data to send {
- *     If we are doing NTLM {
- *       Keep sending since we must not disconnect
- *     }
- *     else {
- *       If there is more than just a little data left to send, close
- *       the current connection by force.
- *     }
- *   }
- *   If we have sent any data {
- *     If we don't have track of all the data {
- *       call app to tell it to rewind
- *     }
- *     else {
- *       rewind internally so that the operation can restart fine
- *     }
- *   }
- * }
- */
-static CURLcode perhapsrewind(struct connectdata *conn)
-{
-  struct SessionHandle *data = conn->data;
-  struct HTTP *http = data->reqdata.proto.http;
-  struct Curl_transfer_keeper *k = &data->reqdata.keep;
-  curl_off_t bytessent;
-  curl_off_t expectsend = -1; /* default is unknown */
-
-  if(!http)
-    /* If this is still NULL, we have not reach very far and we can
-       safely skip this rewinding stuff */
-    return CURLE_OK;
-
-  bytessent = http->writebytecount;
-
-  if(conn->bits.authneg)
-    /* This is a state where we are known to be negotiating and we don't send
-       any data then. */
-    expectsend = 0;
-  else {
-    /* figure out how much data we are expected to send */
-    switch(data->set.httpreq) {
-    case HTTPREQ_POST:
-      if(data->set.postfieldsize != -1)
-        expectsend = data->set.postfieldsize;
-      break;
-    case HTTPREQ_PUT:
-      if(data->set.infilesize != -1)
-        expectsend = data->set.infilesize;
-      break;
-    case HTTPREQ_POST_FORM:
-      expectsend = http->postsize;
-      break;
-    default:
-      break;
-    }
-  }
-
-  conn->bits.rewindaftersend = FALSE; /* default */
-
-  if((expectsend == -1) || (expectsend > bytessent)) {
-    /* There is still data left to send */
-    if((data->state.authproxy.picked == CURLAUTH_NTLM) ||
-       (data->state.authhost.picked == CURLAUTH_NTLM)) {
-      if(((expectsend - bytessent) < 2000) ||
-         (conn->ntlm.state != NTLMSTATE_NONE)) {
-        /* The NTLM-negotiation has started *OR* there is just a little (<2K)
-           data left to send, keep on sending. */
-
-        /* rewind data when completely done sending! */
-        if(!conn->bits.authneg)
-          conn->bits.rewindaftersend = TRUE;
-
-        return CURLE_OK;
-      }
-      if(conn->bits.close)
-        /* this is already marked to get closed */
-        return CURLE_OK;
-
-      infof(data, "NTLM send, close instead of sending %" FORMAT_OFF_T
-            " bytes\n", (curl_off_t)(expectsend - bytessent));
-    }
-
-    /* This is not NTLM or NTLM with many bytes left to send: close
-     */
-    conn->bits.close = TRUE;
-    k->size = 0; /* don't download any more than 0 bytes */
-  }
-
-  if(bytessent)
-    return Curl_readrewind(conn);
-
-  return CURLE_OK;
-}
-
-/*
- * Curl_http_auth_act() gets called when a all HTTP headers have been received
- * and it checks what authentication methods that are available and decides
- * which one (if any) to use. It will set 'newurl' if an auth metod was
- * picked.
- */
-
-CURLcode Curl_http_auth_act(struct connectdata *conn)
-{
-  struct SessionHandle *data = conn->data;
-  bool pickhost = FALSE;
-  bool pickproxy = FALSE;
-  CURLcode code = CURLE_OK;
-
-  if(100 == data->reqdata.keep.httpcode)
-    /* this is a transient response code, ignore */
-    return CURLE_OK;
-
-  if(data->state.authproblem)
-    return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;
-
-  if(conn->bits.user_passwd &&
-     ((data->reqdata.keep.httpcode == 401) ||
-      (conn->bits.authneg && data->reqdata.keep.httpcode < 300))) {
-    pickhost = pickoneauth(&data->state.authhost);
-    if(!pickhost)
-      data->state.authproblem = TRUE;
-  }
-  if(conn->bits.proxy_user_passwd &&
-     ((data->reqdata.keep.httpcode == 407) ||
-      (conn->bits.authneg && data->reqdata.keep.httpcode < 300))) {
-    pickproxy = pickoneauth(&data->state.authproxy);
-    if(!pickproxy)
-      data->state.authproblem = TRUE;
-  }
-
-  if(pickhost || pickproxy) {
-    data->reqdata.newurl = strdup(data->change.url); /* clone URL */
-
-    if((data->set.httpreq != HTTPREQ_GET) &&
-       (data->set.httpreq != HTTPREQ_HEAD) &&
-       !conn->bits.rewindaftersend) {
-      code = perhapsrewind(conn);
-      if(code)
-        return code;
-    }
-  }
-
-  else if((data->reqdata.keep.httpcode < 300) &&
-          (!data->state.authhost.done) &&
-          conn->bits.authneg) {
-    /* no (known) authentication available,
-       authentication is not "done" yet and
-       no authentication seems to be required and
-       we didn't try HEAD or GET */
-    if((data->set.httpreq != HTTPREQ_GET) &&
-       (data->set.httpreq != HTTPREQ_HEAD)) {
-      data->reqdata.newurl = strdup(data->change.url); /* clone URL */
-      data->state.authhost.done = TRUE;
-    }
-  }
-  if (Curl_http_should_fail(conn)) {
-    failf (data, "The requested URL returned error: %d",
-           data->reqdata.keep.httpcode);
-    code = CURLE_HTTP_RETURNED_ERROR;
-  }
-
-  return code;
-}
-
-/**
- * Curl_http_output_auth() setups the authentication headers for the
- * host/proxy and the correct authentication
- * method. conn->data->state.authdone is set to TRUE when authentication is
- * done.
- *
- * @param conn all information about the current connection
- * @param request pointer to the request keyword
- * @param path pointer to the requested path
- * @param proxytunnel boolean if this is the request setting up a "proxy
- * tunnel"
- *
- * @returns CURLcode
- */
-static CURLcode
-Curl_http_output_auth(struct connectdata *conn,
-                      char *request,
-                      char *path,
-                      bool proxytunnel) /* TRUE if this is the request setting
-                                           up the proxy tunnel */
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  char *auth=NULL;
-  struct auth *authhost;
-  struct auth *authproxy;
-
-  curlassert(data);
-
-  authhost = &data->state.authhost;
-  authproxy = &data->state.authproxy;
-
-  if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
-     conn->bits.user_passwd)
-    /* continue please */ ;
-  else {
-    authhost->done = TRUE;
-    authproxy->done = TRUE;
-    return CURLE_OK; /* no authentication with no user or password */
-  }
-
-  if(authhost->want && !authhost->picked)
-    /* The app has selected one or more methods, but none has been picked
-       so far by a server round-trip. Then we set the picked one to the
-       want one, and if this is one single bit it'll be used instantly. */
-    authhost->picked = authhost->want;
-
-  if(authproxy->want && !authproxy->picked)
-    /* The app has selected one or more methods, but none has been picked so
-       far by a proxy round-trip. Then we set the picked one to the want one,
-       and if this is one single bit it'll be used instantly. */
-    authproxy->picked = authproxy->want;
-
-  /* Send proxy authentication header if needed */
-  if (conn->bits.httpproxy &&
-      (conn->bits.tunnel_proxy == proxytunnel)) {
-#ifdef USE_NTLM
-    if(authproxy->picked == CURLAUTH_NTLM) {
-      auth=(char *)"NTLM";
-      result = Curl_output_ntlm(conn, TRUE);
-      if(result)
-        return result;
-    }
-    else
-#endif
-      if(authproxy->picked == CURLAUTH_BASIC) {
-        /* Basic */
-        if(conn->bits.proxy_user_passwd &&
-           !checkheaders(data, "Proxy-authorization:")) {
-          auth=(char *)"Basic";
-          result = Curl_output_basic(conn, TRUE);
-          if(result)
-            return result;
-        }
-        /* NOTE: Curl_output_basic() should set 'done' TRUE, as the other auth
-           functions work that way */
-        authproxy->done = TRUE;
-      }
-#ifndef CURL_DISABLE_CRYPTO_AUTH
-      else if(authproxy->picked == CURLAUTH_DIGEST) {
-        auth=(char *)"Digest";
-        result = Curl_output_digest(conn,
-                                    TRUE, /* proxy */
-                                    (unsigned char *)request,
-                                    (unsigned char *)path);
-        if(result)
-          return result;
-      }
-#endif
-      if(auth) {
-        infof(data, "Proxy auth using %s with user '%s'\n",
-              auth, conn->proxyuser?conn->proxyuser:"");
-        authproxy->multi = (bool)(!authproxy->done);
-      }
-      else
-        authproxy->multi = FALSE;
-    }
-  else
-    /* we have no proxy so let's pretend we're done authenticating
-       with it */
-    authproxy->done = TRUE;
-
-  /* To prevent the user+password to get sent to other than the original
-     host due to a location-follow, we do some weirdo checks here */
-  if(!data->state.this_is_a_follow ||
-     conn->bits.netrc ||
-     !data->state.first_host ||
-     curl_strequal(data->state.first_host, conn->host.name) ||
-     data->set.http_disable_hostname_check_before_authentication) {
-
-    /* Send web authentication header if needed */
-    {
-      auth = NULL;
-#ifdef HAVE_GSSAPI
-      if((authhost->picked == CURLAUTH_GSSNEGOTIATE) &&
-         data->state.negotiate.context &&
-         !GSS_ERROR(data->state.negotiate.status)) {
-        auth=(char *)"GSS-Negotiate";
-        result = Curl_output_negotiate(conn);
-        if (result)
-          return result;
-        authhost->done = TRUE;
-      }
-      else
-#endif
-#ifdef USE_NTLM
-      if(authhost->picked == CURLAUTH_NTLM) {
-        auth=(char *)"NTLM";
-        result = Curl_output_ntlm(conn, FALSE);
-        if(result)
-          return result;
-      }
-      else
-#endif
-      {
-#ifndef CURL_DISABLE_CRYPTO_AUTH
-        if(authhost->picked == CURLAUTH_DIGEST) {
-          auth=(char *)"Digest";
-          result = Curl_output_digest(conn,
-                                      FALSE, /* not a proxy */
-                                      (unsigned char *)request,
-                                      (unsigned char *)path);
-          if(result)
-            return result;
-        } else
-#endif
-        if(authhost->picked == CURLAUTH_BASIC) {
-          if(conn->bits.user_passwd &&
-             !checkheaders(data, "Authorization:")) {
-            auth=(char *)"Basic";
-            result = Curl_output_basic(conn, FALSE);
-            if(result)
-              return result;
-          }
-          /* basic is always ready */
-          authhost->done = TRUE;
-        }
-      }
-      if(auth) {
-        infof(data, "Server auth using %s with user '%s'\n",
-              auth, conn->user);
-
-        authhost->multi = (bool)(!authhost->done);
-      }
-      else
-        authhost->multi = FALSE;
-    }
-  }
-  else
-    authhost->done = TRUE;
-
-  return result;
-}
-
-
-/*
- * Curl_http_input_auth() deals with Proxy-Authenticate: and WWW-Authenticate:
- * headers. They are dealt with both in the transfer.c main loop and in the
- * proxy CONNECT loop.
- */
-
-CURLcode Curl_http_input_auth(struct connectdata *conn,
-                              int httpcode,
-                              char *header) /* the first non-space */
-{
-  /*
-   * This resource requires authentication
-   */
-  struct SessionHandle *data = conn->data;
-
-  long *availp;
-  char *start;
-  struct auth *authp;
-
-  if (httpcode == 407) {
-    start = header+strlen("Proxy-authenticate:");
-    availp = &data->info.proxyauthavail;
-    authp = &data->state.authproxy;
-  }
-  else {
-    start = header+strlen("WWW-Authenticate:");
-    availp = &data->info.httpauthavail;
-    authp = &data->state.authhost;
-  }
-
-  /* pass all white spaces */
-  while(*start && ISSPACE(*start))
-    start++;
-
-  /*
-   * Here we check if we want the specific single authentication (using ==) and
-   * if we do, we initiate usage of it.
-   *
-   * If the provided authentication is wanted as one out of several accepted
-   * types (using &), we OR this authentication type to the authavail
-   * variable.
-   */
-
-#ifdef HAVE_GSSAPI
-  if (checkprefix("GSS-Negotiate", start) ||
-      checkprefix("Negotiate", start)) {
-    *availp |= CURLAUTH_GSSNEGOTIATE;
-    authp->avail |= CURLAUTH_GSSNEGOTIATE;
-    if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
-      /* if exactly this is wanted, go */
-      int neg = Curl_input_negotiate(conn, start);
-      if (neg == 0) {
-        data->reqdata.newurl = strdup(data->change.url);
-        data->state.authproblem = (data->reqdata.newurl == NULL);
-      }
-      else {
-        infof(data, "Authentication problem. Ignoring this.\n");
-        data->state.authproblem = TRUE;
-      }
-    }
-  }
-  else
-#endif
-#ifdef USE_NTLM
-    /* NTLM support requires the SSL crypto libs */
-    if(checkprefix("NTLM", start)) {
-      *availp |= CURLAUTH_NTLM;
-      authp->avail |= CURLAUTH_NTLM;
-      if(authp->picked == CURLAUTH_NTLM) {
-        /* NTLM authentication is picked and activated */
-        CURLntlm ntlm =
-          Curl_input_ntlm(conn, (bool)(httpcode == 407), start);
-
-        if(CURLNTLM_BAD != ntlm)
-          data->state.authproblem = FALSE;
-        else {
-          infof(data, "Authentication problem. Ignoring this.\n");
-          data->state.authproblem = TRUE;
-        }
-      }
-    }
-    else
-#endif
-#ifndef CURL_DISABLE_CRYPTO_AUTH
-      if(checkprefix("Digest", start)) {
-        if((authp->avail & CURLAUTH_DIGEST) != 0) {
-          infof(data, "Ignoring duplicate digest auth header.\n");
-        }
-        else {
-          CURLdigest dig;
-          *availp |= CURLAUTH_DIGEST;
-          authp->avail |= CURLAUTH_DIGEST;
-
-          /* We call this function on input Digest headers even if Digest
-           * authentication isn't activated yet, as we need to store the
-           * incoming data from this header in case we are gonna use Digest. */
-          dig = Curl_input_digest(conn, (bool)(httpcode == 407), start);
-
-          if(CURLDIGEST_FINE != dig) {
-            infof(data, "Authentication problem. Ignoring this.\n");
-            data->state.authproblem = TRUE;
-          }
-        }
-      }
-      else
-#endif
-      if(checkprefix("Basic", start)) {
-        *availp |= CURLAUTH_BASIC;
-        authp->avail |= CURLAUTH_BASIC;
-        if(authp->picked == CURLAUTH_BASIC) {
-          /* We asked for Basic authentication but got a 40X back
-             anyway, which basicly means our name+password isn't
-             valid. */
-          authp->avail = CURLAUTH_NONE;
-          infof(data, "Authentication problem. Ignoring this.\n");
-          data->state.authproblem = TRUE;
-        }
-      }
-
-  return CURLE_OK;
-}
-
-/**
- * Curl_http_should_fail() determines whether an HTTP response has gotten us
- * into an error state or not.
- *
- * @param conn all information about the current connection
- *
- * @retval 0 communications should continue
- *
- * @retval 1 communications should not continue
- */
-int Curl_http_should_fail(struct connectdata *conn)
-{
-  struct SessionHandle *data;
-  struct Curl_transfer_keeper *k;
-
-  curlassert(conn);
-  data = conn->data;
-  curlassert(data);
-
-  /*
-  ** For readability
-  */
-  k = &data->reqdata.keep;
-
-  /*
-  ** If we haven't been asked to fail on error,
-  ** don't fail.
-  */
-  if (!data->set.http_fail_on_error)
-    return 0;
-
-  /*
-  ** Any code < 400 is never terminal.
-  */
-  if (k->httpcode < 400)
-    return 0;
-
-  if (data->reqdata.resume_from &&
-      (data->set.httpreq==HTTPREQ_GET) &&
-      (k->httpcode == 416)) {
-    /* "Requested Range Not Satisfiable", just proceed and
-       pretend this is no error */
-    return 0;
-  }
-
-  /*
-  ** Any code >= 400 that's not 401 or 407 is always
-  ** a terminal error
-  */
-  if ((k->httpcode != 401) &&
-      (k->httpcode != 407))
-    return 1;
-
-  /*
-  ** All we have left to deal with is 401 and 407
-  */
-  curlassert((k->httpcode == 401) || (k->httpcode == 407));
-
-  /*
-  ** Examine the current authentication state to see if this
-  ** is an error.  The idea is for this function to get
-  ** called after processing all the headers in a response
-  ** message.  So, if we've been to asked to authenticate a
-  ** particular stage, and we've done it, we're OK.  But, if
-  ** we're already completely authenticated, it's not OK to
-  ** get another 401 or 407.
-  **
-  ** It is possible for authentication to go stale such that
-  ** the client needs to reauthenticate.  Once that info is
-  ** available, use it here.
-  */
-#if 0 /* set to 1 when debugging this functionality */
-  infof(data,"%s: authstage = %d\n",__FUNCTION__,data->state.authstage);
-  infof(data,"%s: authwant = 0x%08x\n",__FUNCTION__,data->state.authwant);
-  infof(data,"%s: authavail = 0x%08x\n",__FUNCTION__,data->state.authavail);
-  infof(data,"%s: httpcode = %d\n",__FUNCTION__,k->httpcode);
-  infof(data,"%s: authdone = %d\n",__FUNCTION__,data->state.authdone);
-  infof(data,"%s: newurl = %s\n",__FUNCTION__,data->reqdata.newurl ? data->reqdata.newurl : "(null)");
-  infof(data,"%s: authproblem = %d\n",__FUNCTION__,data->state.authproblem);
-#endif
-
-  /*
-  ** Either we're not authenticating, or we're supposed to
-  ** be authenticating something else.  This is an error.
-  */
-  if((k->httpcode == 401) && !conn->bits.user_passwd)
-    return TRUE;
-  if((k->httpcode == 407) && !conn->bits.proxy_user_passwd)
-    return TRUE;
-
-  return data->state.authproblem;
-}
-
-/*
- * readmoredata() is a "fread() emulation" to provide POST and/or request
- * data. It is used when a huge POST is to be made and the entire chunk wasn't
- * sent in the first send(). This function will then be called from the
- * transfer.c loop when more data is to be sent to the peer.
- *
- * Returns the amount of bytes it filled the buffer with.
- */
-static size_t readmoredata(char *buffer,
-                           size_t size,
-                           size_t nitems,
-                           void *userp)
-{
-  struct connectdata *conn = (struct connectdata *)userp;
-  struct HTTP *http = conn->data->reqdata.proto.http;
-  size_t fullsize = size * nitems;
-
-  if(0 == http->postsize)
-    /* nothing to return */
-    return 0;
-
-  /* make sure that a HTTP request is never sent away chunked! */
-  conn->bits.forbidchunk = (bool)(http->sending == HTTPSEND_REQUEST);
-
-  if(http->postsize <= (curl_off_t)fullsize) {
-    memcpy(buffer, http->postdata, (size_t)http->postsize);
-    fullsize = (size_t)http->postsize;
-
-    if(http->backup.postsize) {
-      /* move backup data into focus and continue on that */
-      http->postdata = http->backup.postdata;
-      http->postsize = http->backup.postsize;
-      conn->fread =    http->backup.fread;
-      conn->fread_in = http->backup.fread_in;
-
-      http->sending++; /* move one step up */
-
-      http->backup.postsize=0;
-    }
-    else
-      http->postsize = 0;
-
-    return fullsize;
-  }
-
-  memcpy(buffer, http->postdata, fullsize);
-  http->postdata += fullsize;
-  http->postsize -= fullsize;
-
-  return fullsize;
-}
-
-/* ------------------------------------------------------------------------- */
-/*
- * The add_buffer series of functions are used to build one large memory chunk
- * from repeated function invokes. Used so that the entire HTTP request can
- * be sent in one go.
- */
-
-struct send_buffer {
-  char *buffer;
-  size_t size_max;
-  size_t size_used;
-};
-typedef struct send_buffer send_buffer;
-
-static CURLcode add_custom_headers(struct connectdata *conn,
-                                   send_buffer *req_buffer);
-static CURLcode
- add_buffer(send_buffer *in, const void *inptr, size_t size);
-
-/*
- * add_buffer_init() sets up and returns a fine buffer struct
- */
-static
-send_buffer *add_buffer_init(void)
-{
-  send_buffer *blonk;
-  blonk=(send_buffer *)malloc(sizeof(send_buffer));
-  if(blonk) {
-    memset(blonk, 0, sizeof(send_buffer));
-    return blonk;
-  }
-  return NULL; /* failed, go home */
-}
-
-/*
- * add_buffer_send() sends a header buffer and frees all associated memory.
- * Body data may be appended to the header data if desired.
- *
- * Returns CURLcode
- */
-static
-CURLcode add_buffer_send(send_buffer *in,
-                         struct connectdata *conn,
-                         long *bytes_written, /* add the number of sent
-                                                 bytes to this counter */
-                         size_t included_body_bytes, /* how much of the buffer
-                                        contains body data (for log tracing) */
-                         int socketindex)
-
-{
-  ssize_t amount;
-  CURLcode res;
-  char *ptr;
-  size_t size;
-  struct HTTP *http = conn->data->reqdata.proto.http;
-  size_t sendsize;
-  curl_socket_t sockfd;
-
-  curlassert(socketindex <= SECONDARYSOCKET);
-
-  sockfd = conn->sock[socketindex];
-
-  /* The looping below is required since we use non-blocking sockets, but due
-     to the circumstances we will just loop and try again and again etc */
-
-  ptr = in->buffer;
-  size = in->size_used;
-
-#ifdef CURL_DOES_CONVERSIONS
-  if(size - included_body_bytes > 0) {
-    res = Curl_convert_to_network(conn->data, ptr, size - included_body_bytes);
-    /* Curl_convert_to_network calls failf if unsuccessful */
-    if(res != CURLE_OK) {
-      /* conversion failed, free memory and return to the caller */
-      if(in->buffer)
-        free(in->buffer);
-      free(in);
-      return res;
-    }
-  }
-#endif /* CURL_DOES_CONVERSIONS */
-
-  if(conn->protocol & PROT_HTTPS) {
-    /* We never send more than CURL_MAX_WRITE_SIZE bytes in one single chunk
-       when we speak HTTPS, as if only a fraction of it is sent now, this data
-       needs to fit into the normal read-callback buffer later on and that
-       buffer is using this size.
-    */
-
-    sendsize= (size > CURL_MAX_WRITE_SIZE)?CURL_MAX_WRITE_SIZE:size;
-
-    /* OpenSSL is very picky and we must send the SAME buffer pointer to the
-       library when we attempt to re-send this buffer. Sending the same data
-       is not enough, we must use the exact same address. For this reason, we
-       must copy the data to the uploadbuffer first, since that is the buffer
-       we will be using if this send is retried later.
-    */
-    memcpy(conn->data->state.uploadbuffer, ptr, sendsize);
-    ptr = conn->data->state.uploadbuffer;
-  }
-  else
-    sendsize = size;
-
-  res = Curl_write(conn, sockfd, ptr, sendsize, &amount);
-
-  if(CURLE_OK == res) {
-
-    if(conn->data->set.verbose) {
-      /* this data _may_ contain binary stuff */
-      Curl_debug(conn->data, CURLINFO_HEADER_OUT, ptr,
-                 (size_t)(amount-included_body_bytes), conn);
-      if (included_body_bytes)
-        Curl_debug(conn->data, CURLINFO_DATA_OUT,
-                   ptr+amount-included_body_bytes,
-                   (size_t)included_body_bytes, conn);
-    }
-
-    *bytes_written += amount;
-
-    if(http) {
-      if((size_t)amount != size) {
-        /* The whole request could not be sent in one system call. We must
-           queue it up and send it later when we get the chance. We must not
-           loop here and wait until it might work again. */
-
-        size -= amount;
-
-        ptr = in->buffer + amount;
-
-        /* backup the currently set pointers */
-        http->backup.fread = conn->fread;
-        http->backup.fread_in = conn->fread_in;
-        http->backup.postdata = http->postdata;
-        http->backup.postsize = http->postsize;
-
-        /* set the new pointers for the request-sending */
-        conn->fread = (curl_read_callback)readmoredata;
-        conn->fread_in = (void *)conn;
-        http->postdata = ptr;
-        http->postsize = (curl_off_t)size;
-
-        http->send_buffer = in;
-        http->sending = HTTPSEND_REQUEST;
-
-        return CURLE_OK;
-      }
-      http->sending = HTTPSEND_BODY;
-      /* the full buffer was sent, clean up and return */
-    }
-    else {
-      if((size_t)amount != size)
-        /* We have no continue-send mechanism now, fail. This can only happen
-           when this function is used from the CONNECT sending function. We
-           currently (stupidly) assume that the whole request is always sent
-           away in the first single chunk.
-
-           This needs FIXing.
-        */
-        return CURLE_SEND_ERROR;
-      else
-        conn->writechannel_inuse = FALSE;
-    }
-  }
-  if(in->buffer)
-    free(in->buffer);
-  free(in);
-
-  return res;
-}
-
-
-/*
- * add_bufferf() add the formatted input to the buffer.
- */
-static
-CURLcode add_bufferf(send_buffer *in, const char *fmt, ...)
-{
-  char *s;
-  va_list ap;
-  va_start(ap, fmt);
-  s = vaprintf(fmt, ap); /* this allocs a new string to append */
-  va_end(ap);
-
-  if(s) {
-    CURLcode result = add_buffer(in, s, strlen(s));
-    free(s);
-    if(CURLE_OK == result)
-      return CURLE_OK;
-  }
-  /* If we failed, we cleanup the whole buffer and return error */
-  if(in->buffer)
-    free(in->buffer);
-  free(in);
-  return CURLE_OUT_OF_MEMORY;
-}
-
-/*
- * add_buffer() appends a memory chunk to the existing buffer
- */
-static
-CURLcode add_buffer(send_buffer *in, const void *inptr, size_t size)
-{
-  char *new_rb;
-  size_t new_size;
-
-  if(!in->buffer ||
-     ((in->size_used + size) > (in->size_max - 1))) {
-    new_size = (in->size_used+size)*2;
-    if(in->buffer)
-      /* we have a buffer, enlarge the existing one */
-      new_rb = (char *)realloc(in->buffer, new_size);
-    else
-      /* create a new buffer */
-      new_rb = (char *)malloc(new_size);
-
-    if(!new_rb)
-      return CURLE_OUT_OF_MEMORY;
-
-    in->buffer = new_rb;
-    in->size_max = new_size;
-  }
-  memcpy(&in->buffer[in->size_used], inptr, size);
-
-  in->size_used += size;
-
-  return CURLE_OK;
-}
-
-/* end of the add_buffer functions */
-/* ------------------------------------------------------------------------- */
-
-/*
- * Curl_compareheader()
- *
- * Returns TRUE if 'headerline' contains the 'header' with given 'content'.
- * Pass headers WITH the colon.
- */
-bool
-Curl_compareheader(char *headerline,    /* line to check */
-                   const char *header,  /* header keyword _with_ colon */
-                   const char *content) /* content string to find */
-{
-  /* RFC2616, section 4.2 says: "Each header field consists of a name followed
-   * by a colon (":") and the field value. Field names are case-insensitive.
-   * The field value MAY be preceded by any amount of LWS, though a single SP
-   * is preferred." */
-
-  size_t hlen = strlen(header);
-  size_t clen;
-  size_t len;
-  char *start;
-  char *end;
-
-  if(!strnequal(headerline, header, hlen))
-    return FALSE; /* doesn't start with header */
-
-  /* pass the header */
-  start = &headerline[hlen];
-
-  /* pass all white spaces */
-  while(*start && ISSPACE(*start))
-    start++;
-
-  /* find the end of the header line */
-  end = strchr(start, '\r'); /* lines end with CRLF */
-  if(!end) {
-    /* in case there's a non-standard compliant line here */
-    end = strchr(start, '\n');
-
-    if(!end)
-      /* hm, there's no line ending here, use the zero byte! */
-      end = strchr(start, '\0');
-  }
-
-  len = end-start; /* length of the content part of the input line */
-  clen = strlen(content); /* length of the word to find */
-
-  /* find the content string in the rest of the line */
-  for(;len>=clen;len--, start++) {
-    if(strnequal(start, content, clen))
-      return TRUE; /* match! */
-  }
-
-  return FALSE; /* no match */
-}
-
-/*
- * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
- * function will issue the necessary commands to get a seamless tunnel through
- * this proxy. After that, the socket can be used just as a normal socket.
- *
- * This badly needs to be rewritten. CONNECT should be sent and dealt with
- * like any ordinary HTTP request, and not specially crafted like this. This
- * function only remains here like this for now since the rewrite is a bit too
- * much work to do at the moment.
- *
- * This function is BLOCKING which is nasty for all multi interface using apps.
- */
-
-CURLcode Curl_proxyCONNECT(struct connectdata *conn,
-                           int sockindex,
-                           char *hostname,
-                           int remote_port)
-{
-  int subversion=0;
-  struct SessionHandle *data=conn->data;
-  struct Curl_transfer_keeper *k = &data->reqdata.keep;
-  CURLcode result;
-  int res;
-  size_t nread;   /* total size read */
-  int perline; /* count bytes per line */
-  int keepon=TRUE;
-  ssize_t gotbytes;
-  char *ptr;
-  long timeout =
-    data->set.timeout?data->set.timeout:3600; /* in seconds */
-  char *line_start;
-  char *host_port;
-  curl_socket_t tunnelsocket = conn->sock[sockindex];
-  send_buffer *req_buffer;
-  curl_off_t cl=0;
-  bool closeConnection = FALSE;
-
-#define SELECT_OK      0
-#define SELECT_ERROR   1
-#define SELECT_TIMEOUT 2
-  int error = SELECT_OK;
-
-  infof(data, "Establish HTTP proxy tunnel to %s:%d\n", hostname, remote_port);
-  conn->bits.proxy_connect_closed = FALSE;
-
-  do {
-    if(data->reqdata.newurl) {
-      /* This only happens if we've looped here due to authentication reasons,
-         and we don't really use the newly cloned URL here then. Just free()
-         it. */
-      free(data->reqdata.newurl);
-      data->reqdata.newurl = NULL;
-    }
-
-    /* initialize a dynamic send-buffer */
-    req_buffer = add_buffer_init();
-
-    if(!req_buffer)
-      return CURLE_OUT_OF_MEMORY;
-
-    host_port = aprintf("%s:%d", hostname, remote_port);
-    if(!host_port)
-      return CURLE_OUT_OF_MEMORY;
-
-    /* Setup the proxy-authorization header, if any */
-    result = Curl_http_output_auth(conn, (char *)"CONNECT", host_port, TRUE);
-
-    if(CURLE_OK == result) {
-      char *host=(char *)"";
-      const char *proxyconn="";
-      const char *useragent="";
-
-      if(!checkheaders(data, "Host:")) {
-        host = aprintf("Host: %s\r\n", host_port);
-        if(!host)
-          result = CURLE_OUT_OF_MEMORY;
-      }
-      if(!checkheaders(data, "Proxy-Connection:"))
-        proxyconn = "Proxy-Connection: Keep-Alive\r\n";
-
-      if(!checkheaders(data, "User-Agent:") && data->set.useragent)
-        useragent = conn->allocptr.uagent;
-
-      if(CURLE_OK == result) {
-        /* Send the connect request to the proxy */
-        /* BLOCKING */
-        result =
-          add_bufferf(req_buffer,
-                      "CONNECT %s:%d HTTP/1.0\r\n"
-                      "%s"  /* Host: */
-                      "%s"  /* Proxy-Authorization */
-                      "%s"  /* User-Agent */
-                      "%s", /* Proxy-Connection */
-                      hostname, remote_port,
-                      host,
-                      conn->allocptr.proxyuserpwd?
-                      conn->allocptr.proxyuserpwd:"",
-                      useragent,
-                      proxyconn);
-
-        if(CURLE_OK == result)
-          result = add_custom_headers(conn, req_buffer);
-
-        if(host && *host)
-          free(host);
-
-        if(CURLE_OK == result)
-          /* CRLF terminate the request */
-          result = add_bufferf(req_buffer, "\r\n");
-
-        if(CURLE_OK == result)
-          /* Now send off the request */
-          result = add_buffer_send(req_buffer, conn,
-                                   &data->info.request_size, 0, sockindex);
-      }
-      if(result)
-        failf(data, "Failed sending CONNECT to proxy");
-    }
-    free(host_port);
-    if(result)
-      return result;
-
-    ptr=data->state.buffer;
-    line_start = ptr;
-
-    nread=0;
-    perline=0;
-    keepon=TRUE;
-
-    while((nread<BUFSIZE) && (keepon && !error)) {
-
-      /* if timeout is requested, find out how much remaining time we have */
-      long check = timeout - /* timeout time */
-        Curl_tvdiff(Curl_tvnow(), conn->now)/1000; /* spent time */
-      if(check <=0 ) {
-        failf(data, "Proxy CONNECT aborted due to timeout");
-        error = SELECT_TIMEOUT; /* already too little time */
-        break;
-      }
-
-      /* timeout each second and check the timeout */
-      switch (Curl_select(tunnelsocket, CURL_SOCKET_BAD, 1000)) {
-      case -1: /* select() error, stop reading */
-        error = SELECT_ERROR;
-        failf(data, "Proxy CONNECT aborted due to select() error");
-        break;
-      case 0: /* timeout */
-        break;
-      default:
-        res = Curl_read(conn, tunnelsocket, ptr, BUFSIZE-nread, &gotbytes);
-        if(res< 0)
-          /* EWOULDBLOCK */
-          continue; /* go loop yourself */
-        else if(res)
-          keepon = FALSE;
-        else if(gotbytes <= 0) {
-          keepon = FALSE;
-          error = SELECT_ERROR;
-          failf(data, "Proxy CONNECT aborted");
-        }
-        else {
-          /*
-           * We got a whole chunk of data, which can be anything from one byte
-           * to a set of lines and possibly just a piece of the last line.
-           */
-          int i;
-
-          nread += gotbytes;
-
-          if(keepon > TRUE) {
-            /* This means we are currently ignoring a response-body, so we
-               simply count down our counter and make sure to break out of the
-               loop when we're done! */
-            cl -= gotbytes;
-            if(cl<=0) {
-              keepon = FALSE;
-              break;
-            }
-          }
-          else
-          for(i = 0; i < gotbytes; ptr++, i++) {
-            perline++; /* amount of bytes in this line so far */
-            if(*ptr=='\n') {
-              char letter;
-              int writetype;
-
-              /* output debug if that is requested */
-              if(data->set.verbose)
-                Curl_debug(data, CURLINFO_HEADER_IN,
-                           line_start, (size_t)perline, conn);
-
-              /* send the header to the callback */
-              writetype = CLIENTWRITE_HEADER;
-              if(data->set.include_header)
-                writetype |= CLIENTWRITE_BODY;
-
-              result = Curl_client_write(conn, writetype, line_start, perline);
-              if(result)
-                return result;
-
-              /* Newlines are CRLF, so the CR is ignored as the line isn't
-                 really terminated until the LF comes. Treat a following CR
-                 as end-of-headers as well.*/
-
-              if(('\r' == line_start[0]) ||
-                 ('\n' == line_start[0])) {
-                /* end of response-headers from the proxy */
-                if(cl && (407 == k->httpcode) && !data->state.authproblem) {
-                  /* If we get a 407 response code with content length when we
-                   * have no auth problem, we must ignore the whole
-                   * response-body */
-                  keepon = 2;
-                  infof(data, "Ignore %" FORMAT_OFF_T
-                        " bytes of response-body\n", cl);
-                  cl -= (gotbytes - i);/* remove the remaining chunk of what
-                                          we already read */
-                  if(cl<=0)
-                    /* if the whole thing was already read, we are done! */
-                    keepon=FALSE;
-                }
-                else
-                  keepon = FALSE;
-                break; /* breaks out of for-loop, not switch() */
-              }
-
-              /* keep a backup of the position we are about to blank */
-              letter = line_start[perline];
-              line_start[perline]=0; /* zero terminate the buffer */
-              if((checkprefix("WWW-Authenticate:", line_start) &&
-                  (401 == k->httpcode)) ||
-                 (checkprefix("Proxy-authenticate:", line_start) &&
-                  (407 == k->httpcode))) {
-                result = Curl_http_input_auth(conn, k->httpcode, line_start);
-                if(result)
-                  return result;
-              }
-              else if(checkprefix("Content-Length:", line_start)) {
-                cl = curlx_strtoofft(line_start + strlen("Content-Length:"),
-                                     NULL, 10);
-              }
-              else if(Curl_compareheader(line_start,
-                                         "Connection:", "close"))
-                closeConnection = TRUE;
-              else if(2 == sscanf(line_start, "HTTP/1.%d %d",
-                                  &subversion,
-                                  &k->httpcode)) {
-                /* store the HTTP code from the proxy */
-                data->info.httpproxycode = k->httpcode;
-              }
-              /* put back the letter we blanked out before */
-              line_start[perline]= letter;
-
-              perline=0; /* line starts over here */
-              line_start = ptr+1; /* this skips the zero byte we wrote */
-            }
-          }
-        }
-        break;
-      } /* switch */
-    } /* while there's buffer left and loop is requested */
-
-    if(error)
-      return CURLE_RECV_ERROR;
-
-    if(data->info.httpproxycode != 200)
-      /* Deal with the possibly already received authenticate
-         headers. 'newurl' is set to a new URL if we must loop. */
-      Curl_http_auth_act(conn);
-
-    if (closeConnection && data->reqdata.newurl) {
-      /* Connection closed by server. Don't use it anymore */
-      sclose(conn->sock[sockindex]);
-      conn->sock[sockindex] = CURL_SOCKET_BAD;
-      break;
-    }
-  } while(data->reqdata.newurl);
-
-  if(200 != k->httpcode) {
-    failf(data, "Received HTTP code %d from proxy after CONNECT",
-          k->httpcode);
-
-    if (closeConnection && data->reqdata.newurl)
-      conn->bits.proxy_connect_closed = TRUE;
-
-    return CURLE_RECV_ERROR;
-  }
-
-  /* If a proxy-authorization header was used for the proxy, then we should
-     make sure that it isn't accidentally used for the document request
-     after we've connected. So let's free and clear it here. */
-  Curl_safefree(conn->allocptr.proxyuserpwd);
-  conn->allocptr.proxyuserpwd = NULL;
-
-  data->state.authproxy.done = TRUE;
-
-  infof (data, "Proxy replied OK to CONNECT request\n");
-  return CURLE_OK;
-}
-
-/*
- * Curl_http_connect() performs HTTP stuff to do at connect-time, called from
- * the generic Curl_connect().
- */
-CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
-{
-  struct SessionHandle *data;
-  CURLcode result;
-
-  data=conn->data;
-
-  /* If we are not using a proxy and we want a secure connection, perform SSL
-   * initialization & connection now.  If using a proxy with https, then we
-   * must tell the proxy to CONNECT to the host we want to talk to.  Only
-   * after the connect has occurred, can we start talking SSL
-   */
-
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-
-    /* either SSL over proxy, or explicitly asked for */
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name,
-                               conn->remote_port);
-    if(CURLE_OK != result)
-      return result;
-  }
-
-  if(!data->state.this_is_a_follow) {
-    /* this is not a followed location, get the original host name */
-    if (data->state.first_host)
-      /* Free to avoid leaking memory on multiple requests*/
-      free(data->state.first_host);
-
-    data->state.first_host = strdup(conn->host.name);
-    if(!data->state.first_host)
-      return CURLE_OUT_OF_MEMORY;
-  }
-
-  if(conn->protocol & PROT_HTTPS) {
-    /* perform SSL initialization */
-    if(data->state.used_interface == Curl_if_multi) {
-      result = Curl_https_connecting(conn, done);
-      if(result)
-        return result;
-    }
-    else {
-      /* BLOCKING */
-      result = Curl_ssl_connect(conn, FIRSTSOCKET);
-      if(result)
-        return result;
-      *done = TRUE;
-    }
-  }
-  else {
-    *done = TRUE;
-  }
-
-  return CURLE_OK;
-}
-
-CURLcode Curl_https_connecting(struct connectdata *conn, bool *done)
-{
-  CURLcode result;
-  curlassert(conn->protocol & PROT_HTTPS);
-
-  /* perform SSL initialization for this socket */
-  result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, done);
-  if(result)
-    return result;
-
-  return CURLE_OK;
-}
-
-#ifdef USE_SSLEAY
-/* This function is OpenSSL-specific. It should be made to query the generic
-   SSL layer instead. */
-int Curl_https_getsock(struct connectdata *conn,
-                       curl_socket_t *socks,
-                       int numsocks)
-{
-  if (conn->protocol & PROT_HTTPS) {
-    struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
-
-    if(!numsocks)
-      return GETSOCK_BLANK;
-
-    if (connssl->connecting_state == ssl_connect_2_writing) {
-      /* write mode */
-      socks[0] = conn->sock[FIRSTSOCKET];
-      return GETSOCK_WRITESOCK(0);
-    }
-    else if (connssl->connecting_state == ssl_connect_2_reading) {
-      /* read mode */
-      socks[0] = conn->sock[FIRSTSOCKET];
-      return GETSOCK_READSOCK(0);
-    }
-  }
-  return CURLE_OK;
-}
-#else
-#ifdef USE_GNUTLS
-int Curl_https_getsock(struct connectdata *conn,
-                       curl_socket_t *socks,
-                       int numsocks)
-{
-  (void)conn;
-  (void)socks;
-  (void)numsocks;
-  return GETSOCK_BLANK;
-}
-#endif
-#endif
-
-/*
- * Curl_http_done() gets called from Curl_done() after a single HTTP request
- * has been performed.
- */
-
-CURLcode Curl_http_done(struct connectdata *conn,
-                        CURLcode status, bool premature)
-{
-  struct SessionHandle *data = conn->data;
-  struct HTTP *http =data->reqdata.proto.http;
-  struct Curl_transfer_keeper *k = &data->reqdata.keep;
-  (void)premature; /* not used */
-
-  /* set the proper values (possibly modified on POST) */
-  conn->fread = data->set.fread; /* restore */
-  conn->fread_in = data->set.in; /* restore */
-
-  if (http == NULL)
-    return CURLE_OK;
-
-  if(http->send_buffer) {
-    send_buffer *buff = http->send_buffer;
-
-    free(buff->buffer);
-    free(buff);
-    http->send_buffer = NULL; /* clear the pointer */
-  }
-
-  if(HTTPREQ_POST_FORM == data->set.httpreq) {
-    k->bytecount = http->readbytecount + http->writebytecount;
-
-    Curl_formclean(&http->sendit); /* Now free that whole lot */
-    if(http->form.fp) {
-      /* a file being uploaded was left opened, close it! */
-      fclose(http->form.fp);
-      http->form.fp = NULL;
-    }
-  }
-  else if(HTTPREQ_PUT == data->set.httpreq)
-    k->bytecount = http->readbytecount + http->writebytecount;
-
-  if (status != CURLE_OK)
-    return (status);
-
-  if(!conn->bits.retry &&
-     ((http->readbytecount +
-       conn->headerbytecount -
-       conn->deductheadercount)) <= 0) {
-    /* If this connection isn't simply closed to be retried, AND nothing was
-       read from the HTTP server (that counts), this can't be right so we
-       return an error here */
-    failf(data, "Empty reply from server");
-    return CURLE_GOT_NOTHING;
-  }
-
-  return CURLE_OK;
-}
-
-/* check and possibly add an Expect: header */
-static CURLcode expect100(struct SessionHandle *data,
-                          send_buffer *req_buffer)
-{
-  CURLcode result = CURLE_OK;
-  data->state.expect100header = FALSE; /* default to false unless it is set
-                                          to TRUE below */
-  if((data->set.httpversion != CURL_HTTP_VERSION_1_0) &&
-     !checkheaders(data, "Expect:")) {
-    /* if not doing HTTP 1.0 or disabled explicitly, we add a Expect:
-       100-continue to the headers which actually speeds up post
-       operations (as there is one packet coming back from the web
-       server) */
-    result = add_bufferf(req_buffer,
-                         "Expect: 100-continue\r\n");
-    if(result == CURLE_OK)
-      data->state.expect100header = TRUE;
-  }
-  return result;
-}
-
-static CURLcode add_custom_headers(struct connectdata *conn,
-                                   send_buffer *req_buffer)
-{
-  CURLcode result = CURLE_OK;
-  char *ptr;
-  struct curl_slist *headers=conn->data->set.headers;
-
-  while(headers) {
-    ptr = strchr(headers->data, ':');
-    if(ptr) {
-      /* we require a colon for this to be a true header */
-
-      ptr++; /* pass the colon */
-      while(*ptr && ISSPACE(*ptr))
-        ptr++;
-
-      if(*ptr) {
-        /* only send this if the contents was non-blank */
-
-        if(conn->allocptr.host &&
-           /* a Host: header was sent already, don't pass on any custom Host:
-              header as that will produce *two* in the same request! */
-           curl_strnequal("Host:", headers->data, 5))
-          ;
-        else if(conn->data->set.httpreq == HTTPREQ_POST_FORM &&
-                /* this header (extended by formdata.c) is sent later */
-                curl_strnequal("Content-Type:", headers->data,
-                               strlen("Content-Type:")))
-          ;
-        else {
-          result = add_bufferf(req_buffer, "%s\r\n", headers->data);
-          if(result)
-            return result;
-        }
-      }
-    }
-    headers = headers->next;
-  }
-  return result;
-}
-
-/*
- * Curl_http() gets called from the generic Curl_do() function when a HTTP
- * request is to be performed. This creates and sends a properly constructed
- * HTTP request.
- */
-CURLcode Curl_http(struct connectdata *conn, bool *done)
-{
-  struct SessionHandle *data=conn->data;
-  char *buf = data->state.buffer; /* this is a short cut to the buffer */
-  CURLcode result=CURLE_OK;
-  struct HTTP *http;
-  char *ppath = data->reqdata.path;
-  char *host = conn->host.name;
-  const char *te = ""; /* transfer-encoding */
-  char *ptr;
-  char *request;
-  Curl_HttpReq httpreq = data->set.httpreq;
-  char *addcookies = NULL;
-  curl_off_t included_body = 0;
-
-  /* Always consider the DO phase done after this function call, even if there
-     may be parts of the request that is not yet sent, since we can deal with
-     the rest of the request in the PERFORM phase. */
-  *done = TRUE;
-
-  if(!data->reqdata.proto.http) {
-    /* Only allocate this struct if we don't already have it! */
-
-    http = (struct HTTP *)malloc(sizeof(struct HTTP));
-    if(!http)
-      return CURLE_OUT_OF_MEMORY;
-    memset(http, 0, sizeof(struct HTTP));
-    data->reqdata.proto.http = http;
-  }
-  else
-    http = data->reqdata.proto.http;
-
-  /* We default to persistent connections */
-  conn->bits.close = FALSE;
-
-  if ( (conn->protocol&(PROT_HTTP|PROT_FTP)) &&
-       data->set.upload) {
-    httpreq = HTTPREQ_PUT;
-  }
-
-  /* Now set the 'request' pointer to the proper request string */
-  if(data->set.customrequest)
-    request = data->set.customrequest;
-  else {
-    if(conn->bits.no_body)
-      request = (char *)"HEAD";
-    else {
-      curlassert((httpreq > HTTPREQ_NONE) && (httpreq < HTTPREQ_LAST));
-      switch(httpreq) {
-      case HTTPREQ_POST:
-      case HTTPREQ_POST_FORM:
-        request = (char *)"POST";
-        break;
-      case HTTPREQ_PUT:
-        request = (char *)"PUT";
-        break;
-      default: /* this should never happen */
-      case HTTPREQ_GET:
-        request = (char *)"GET";
-        break;
-      case HTTPREQ_HEAD:
-        request = (char *)"HEAD";
-        break;
-      }
-    }
-  }
-
-  /* The User-Agent string might have been allocated in url.c already, because
-     it might have been used in the proxy connect, but if we have got a header
-     with the user-agent string specified, we erase the previously made string
-     here. */
-  if(checkheaders(data, "User-Agent:") && conn->allocptr.uagent) {
-    free(conn->allocptr.uagent);
-    conn->allocptr.uagent=NULL;
-  }
-
-  /* setup the authentication headers */
-  result = Curl_http_output_auth(conn, request, ppath, FALSE);
-  if(result)
-    return result;
-
-  if((data->state.authhost.multi || data->state.authproxy.multi) &&
-     (httpreq != HTTPREQ_GET) &&
-     (httpreq != HTTPREQ_HEAD)) {
-    /* Auth is required and we are not authenticated yet. Make a PUT or POST
-       with content-length zero as a "probe". */
-    conn->bits.authneg = TRUE;
-  }
-  else
-    conn->bits.authneg = FALSE;
-
-  Curl_safefree(conn->allocptr.ref);
-  if(data->change.referer && !checkheaders(data, "Referer:"))
-    conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer);
-  else
-    conn->allocptr.ref = NULL;
-
-  if(data->set.cookie && !checkheaders(data, "Cookie:"))
-    addcookies = data->set.cookie;
-
-  if(!checkheaders(data, "Accept-Encoding:") &&
-     data->set.encoding) {
-    Curl_safefree(conn->allocptr.accept_encoding);
-    conn->allocptr.accept_encoding =
-      aprintf("Accept-Encoding: %s\r\n", data->set.encoding);
-    if(!conn->allocptr.accept_encoding)
-      return CURLE_OUT_OF_MEMORY;
-  }
-
-  ptr = checkheaders(data, "Transfer-Encoding:");
-  if(ptr) {
-    /* Some kind of TE is requested, check if 'chunked' is chosen */
-    conn->bits.upload_chunky =
-      Curl_compareheader(ptr, "Transfer-Encoding:", "chunked");
-  }
-  else {
-    if (httpreq == HTTPREQ_GET)
-      conn->bits.upload_chunky = FALSE;
-    if(conn->bits.upload_chunky)
-      te = "Transfer-Encoding: chunked\r\n";
-  }
-
-  Curl_safefree(conn->allocptr.host);
-
-  ptr = checkheaders(data, "Host:");
-  if(ptr && (!data->state.this_is_a_follow ||
-             curl_strequal(data->state.first_host, conn->host.name))) {
-#if !defined(CURL_DISABLE_COOKIES)
-    /* If we have a given custom Host: header, we extract the host name in
-       order to possibly use it for cookie reasons later on. We only allow the
-       custom Host: header if this is NOT a redirect, as setting Host: in the
-       redirected request is being out on thin ice. Except if the host name
-       is the same as the first one! */
-    char *start = ptr+strlen("Host:");
-    while(*start && ISSPACE(*start ))
-      start++;
-    ptr = start; /* start host-scanning here */
-
-    /* scan through the string to find the end (space or colon) */
-    while(*ptr && !ISSPACE(*ptr) && !(':'==*ptr))
-      ptr++;
-
-    if(ptr != start) {
-      size_t len=ptr-start;
-      Curl_safefree(conn->allocptr.cookiehost);
-      conn->allocptr.cookiehost = malloc(len+1);
-      if(!conn->allocptr.cookiehost)
-        return CURLE_OUT_OF_MEMORY;
-      memcpy(conn->allocptr.cookiehost, start, len);
-      conn->allocptr.cookiehost[len]=0;
-    }
-#endif
-
-    conn->allocptr.host = NULL;
-  }
-  else {
-    /* When building Host: headers, we must put the host name within
-       [brackets] if the host name is a plain IPv6-address. RFC2732-style. */
-
-    if(((conn->protocol&PROT_HTTPS) && (conn->remote_port == PORT_HTTPS)) ||
-       (!(conn->protocol&PROT_HTTPS) && (conn->remote_port == PORT_HTTP)) )
-      /* If (HTTPS on port 443) OR (non-HTTPS on port 80) then don't include
-         the port number in the host string */
-      conn->allocptr.host = aprintf("Host: %s%s%s\r\n",
-                                    conn->bits.ipv6_ip?"[":"",
-                                    host,
-                                    conn->bits.ipv6_ip?"]":"");
-    else
-      conn->allocptr.host = aprintf("Host: %s%s%s:%d\r\n",
-                                    conn->bits.ipv6_ip?"[":"",
-                                    host,
-                                    conn->bits.ipv6_ip?"]":"",
-                                    conn->remote_port);
-
-    if(!conn->allocptr.host)
-      /* without Host: we can't make a nice request */
-      return CURLE_OUT_OF_MEMORY;
-  }
-
-  if (conn->bits.httpproxy && !conn->bits.tunnel_proxy)  {
-    /* Using a proxy but does not tunnel through it */
-
-    /* The path sent to the proxy is in fact the entire URL. But if the remote
-       host is a IDN-name, we must make sure that the request we produce only
-       uses the encoded host name! */
-    if(conn->host.dispname != conn->host.name) {
-      char *url = data->change.url;
-      ptr = strstr(url, conn->host.dispname);
-      if(ptr) {
-        /* This is where the display name starts in the URL, now replace this
-           part with the encoded name. TODO: This method of replacing the host
-           name is rather crude as I believe there's a slight risk that the
-           user has entered a user name or password that contain the host name
-           string. */
-        size_t currlen = strlen(conn->host.dispname);
-        size_t newlen = strlen(conn->host.name);
-        size_t urllen = strlen(url);
-
-        char *newurl;
-
-        newurl = malloc(urllen + newlen - currlen + 1);
-        if(newurl) {
-          /* copy the part before the host name */
-          memcpy(newurl, url, ptr - url);
-          /* append the new host name instead of the old */
-          memcpy(newurl + (ptr - url), conn->host.name, newlen);
-          /* append the piece after the host name */
-          memcpy(newurl + newlen + (ptr - url),
-                 ptr + currlen, /* copy the trailing zero byte too */
-                 urllen - (ptr-url) - currlen + 1);
-          if(data->change.url_alloc)
-            free(data->change.url);
-          data->change.url = newurl;
-          data->change.url_alloc = TRUE;
-        }
-        else
-          return CURLE_OUT_OF_MEMORY;
-      }
-    }
-    ppath = data->change.url;
-  }
-  if(HTTPREQ_POST_FORM == httpreq) {
-    /* we must build the whole darned post sequence first, so that we have
-       a size of the whole shebang before we start to send it */
-     result = Curl_getFormData(&http->sendit, data->set.httppost,
-                               checkheaders(data, "Content-Type:"),
-                               &http->postsize);
-     if(CURLE_OK != result) {
-       /* Curl_getFormData() doesn't use failf() */
-       failf(data, "failed creating formpost data");
-       return result;
-     }
-  }
-
-
-  http->p_pragma =
-    (!checkheaders(data, "Pragma:") &&
-     (conn->bits.httpproxy && !conn->bits.tunnel_proxy) )?
-    "Pragma: no-cache\r\n":NULL;
-
-  if(!checkheaders(data, "Accept:"))
-    http->p_accept = "Accept: */*\r\n";
-
-  if(( (HTTPREQ_POST == httpreq) ||
-       (HTTPREQ_POST_FORM == httpreq) ||
-       (HTTPREQ_PUT == httpreq) ) &&
-     data->reqdata.resume_from) {
-    /**********************************************************************
-     * Resuming upload in HTTP means that we PUT or POST and that we have
-     * got a resume_from value set. The resume value has already created
-     * a Range: header that will be passed along. We need to "fast forward"
-     * the file the given number of bytes and decrease the assume upload
-     * file size before we continue this venture in the dark lands of HTTP.
-     *********************************************************************/
-
-    if(data->reqdata.resume_from < 0 ) {
-      /*
-       * This is meant to get the size of the present remote-file by itself.
-       * We don't support this now. Bail out!
-       */
-       data->reqdata.resume_from = 0;
-    }
-
-    if(data->reqdata.resume_from) {
-      /* do we still game? */
-      curl_off_t passed=0;
-
-      /* Now, let's read off the proper amount of bytes from the
-         input. If we knew it was a proper file we could've just
-         fseek()ed but we only have a stream here */
-      do {
-        size_t readthisamountnow = (size_t)(data->reqdata.resume_from - passed);
-        size_t actuallyread;
-
-        if(readthisamountnow > BUFSIZE)
-          readthisamountnow = BUFSIZE;
-
-        actuallyread =
-          data->set.fread(data->state.buffer, 1, (size_t)readthisamountnow,
-                          data->set.in);
-
-        passed += actuallyread;
-        if(actuallyread != readthisamountnow) {
-          failf(data, "Could only read %" FORMAT_OFF_T
-                " bytes from the input",
-                passed);
-          return CURLE_READ_ERROR;
-        }
-      } while(passed != data->reqdata.resume_from); /* loop until done */
-
-      /* now, decrease the size of the read */
-      if(data->set.infilesize>0) {
-        data->set.infilesize -= data->reqdata.resume_from;
-
-        if(data->set.infilesize <= 0) {
-          failf(data, "File already completely uploaded");
-          return CURLE_PARTIAL_FILE;
-        }
-      }
-      /* we've passed, proceed as normal */
-    }
-  }
-  if(data->reqdata.use_range) {
-    /*
-     * A range is selected. We use different headers whether we're downloading
-     * or uploading and we always let customized headers override our internal
-     * ones if any such are specified.
-     */
-    if((httpreq == HTTPREQ_GET) &&
-       !checkheaders(data, "Range:")) {
-      /* if a line like this was already allocated, free the previous one */
-      if(conn->allocptr.rangeline)
-        free(conn->allocptr.rangeline);
-      conn->allocptr.rangeline = aprintf("Range: bytes=%s\r\n", data->reqdata.range);
-    }
-    else if((httpreq != HTTPREQ_GET) &&
-            !checkheaders(data, "Content-Range:")) {
-
-      if(data->reqdata.resume_from) {
-        /* This is because "resume" was selected */
-        curl_off_t total_expected_size=
-          data->reqdata.resume_from + data->set.infilesize;
-        conn->allocptr.rangeline =
-            aprintf("Content-Range: bytes %s%" FORMAT_OFF_T
-                    "/%" FORMAT_OFF_T "\r\n",
-                    data->reqdata.range, total_expected_size-1,
-                    total_expected_size);
-      }
-      else {
-        /* Range was selected and then we just pass the incoming range and
-           append total size */
-        conn->allocptr.rangeline =
-            aprintf("Content-Range: bytes %s/%" FORMAT_OFF_T "\r\n",
-                    data->reqdata.range, data->set.infilesize);
-      }
-    }
-  }
-
-  {
-    /* Use 1.1 unless the use specificly asked for 1.0 */
-    const char *httpstring=
-      data->set.httpversion==CURL_HTTP_VERSION_1_0?"1.0":"1.1";
-
-    send_buffer *req_buffer;
-    curl_off_t postsize; /* off_t type to be able to hold a large file size */
-
-    /* initialize a dynamic send-buffer */
-    req_buffer = add_buffer_init();
-
-    if(!req_buffer)
-      return CURLE_OUT_OF_MEMORY;
-
-    /* add the main request stuff */
-    result =
-      add_bufferf(req_buffer,
-                  "%s " /* GET/HEAD/POST/PUT */
-                  "%s HTTP/%s\r\n" /* path + HTTP version */
-                  "%s" /* proxyuserpwd */
-                  "%s" /* userpwd */
-                  "%s" /* range */
-                  "%s" /* user agent */
-                  "%s" /* host */
-                  "%s" /* pragma */
-                  "%s" /* accept */
-                  "%s" /* accept-encoding */
-                  "%s" /* referer */
-                  "%s" /* Proxy-Connection */
-                  "%s",/* transfer-encoding */
-
-                request,
-                ppath,
-                httpstring,
-                conn->allocptr.proxyuserpwd?
-                conn->allocptr.proxyuserpwd:"",
-                conn->allocptr.userpwd?conn->allocptr.userpwd:"",
-                (data->reqdata.use_range && conn->allocptr.rangeline)?
-                conn->allocptr.rangeline:"",
-                (data->set.useragent && *data->set.useragent && conn->allocptr.uagent)?
-                conn->allocptr.uagent:"",
-                (conn->allocptr.host?conn->allocptr.host:""), /* Host: host */
-                http->p_pragma?http->p_pragma:"",
-                http->p_accept?http->p_accept:"",
-                (data->set.encoding && *data->set.encoding && conn->allocptr.accept_encoding)?
-                conn->allocptr.accept_encoding:"",
-                (data->change.referer && conn->allocptr.ref)?conn->allocptr.ref:"" /* Referer: <data> */,
-                (conn->bits.httpproxy &&
-                 !conn->bits.tunnel_proxy &&
-                 !checkheaders(data, "Proxy-Connection:"))?
-                  "Proxy-Connection: Keep-Alive\r\n":"",
-                te
-                );
-
-    if(result)
-      return result;
-
-#if !defined(CURL_DISABLE_COOKIES)
-    if(data->cookies || addcookies) {
-      struct Cookie *co=NULL; /* no cookies from start */
-      int count=0;
-
-      if(data->cookies) {
-        Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
-        co = Curl_cookie_getlist(data->cookies,
-                                 conn->allocptr.cookiehost?
-                                 conn->allocptr.cookiehost:host, data->reqdata.path,
-                                 (bool)(conn->protocol&PROT_HTTPS?TRUE:FALSE));
-        Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
-      }
-      if(co) {
-        struct Cookie *store=co;
-        /* now loop through all cookies that matched */
-        while(co) {
-          if(co->value) {
-            if(0 == count) {
-              result = add_bufferf(req_buffer, "Cookie: ");
-              if(result)
-                break;
-            }
-            result = add_bufferf(req_buffer,
-                                 "%s%s=%s", count?"; ":"",
-                                 co->name, co->value);
-            if(result)
-              break;
-            count++;
-          }
-          co = co->next; /* next cookie please */
-        }
-        Curl_cookie_freelist(store); /* free the cookie list */
-      }
-      if(addcookies && (CURLE_OK == result)) {
-        if(!count)
-          result = add_bufferf(req_buffer, "Cookie: ");
-        if(CURLE_OK == result) {
-          result = add_bufferf(req_buffer, "%s%s",
-                               count?"; ":"",
-                               addcookies);
-          count++;
-        }
-      }
-      if(count && (CURLE_OK == result))
-        result = add_buffer(req_buffer, "\r\n", 2);
-
-      if(result)
-        return result;
-    }
-#endif
-
-    if(data->set.timecondition) {
-      struct tm *tm;
-
-      /* Phil Karn (Fri, 13 Apr 2001) pointed out that the If-Modified-Since
-       * header family should have their times set in GMT as RFC2616 defines:
-       * "All HTTP date/time stamps MUST be represented in Greenwich Mean Time
-       * (GMT), without exception. For the purposes of HTTP, GMT is exactly
-       * equal to UTC (Coordinated Universal Time)." (see page 20 of RFC2616).
-       */
-
-#ifdef HAVE_GMTIME_R
-      /* thread-safe version */
-      struct tm keeptime;
-      tm = (struct tm *)gmtime_r(&data->set.timevalue, &keeptime);
-#else
-      tm = gmtime(&data->set.timevalue);
-#endif
-
-      /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
-      snprintf(buf, BUFSIZE-1,
-               "%s, %02d %s %4d %02d:%02d:%02d GMT",
-               Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
-               tm->tm_mday,
-               Curl_month[tm->tm_mon],
-               tm->tm_year + 1900,
-               tm->tm_hour,
-               tm->tm_min,
-               tm->tm_sec);
-
-      switch(data->set.timecondition) {
-      case CURL_TIMECOND_IFMODSINCE:
-      default:
-        result = add_bufferf(req_buffer,
-                             "If-Modified-Since: %s\r\n", buf);
-        break;
-      case CURL_TIMECOND_IFUNMODSINCE:
-        result = add_bufferf(req_buffer,
-                             "If-Unmodified-Since: %s\r\n", buf);
-        break;
-      case CURL_TIMECOND_LASTMOD:
-        result = add_bufferf(req_buffer,
-                             "Last-Modified: %s\r\n", buf);
-        break;
-      }
-      if(result)
-        return result;
-    }
-
-    result = add_custom_headers(conn, req_buffer);
-    if(result)
-      return result;
-
-    http->postdata = NULL;  /* nothing to post at this point */
-    Curl_pgrsSetUploadSize(data, 0); /* upload size is 0 atm */
-
-    /* If 'authdone' is FALSE, we must not set the write socket index to the
-       Curl_transfer() call below, as we're not ready to actually upload any
-       data yet. */
-
-    switch(httpreq) {
-
-    case HTTPREQ_POST_FORM:
-      if(!http->sendit || conn->bits.authneg) {
-        /* nothing to post! */
-        result = add_bufferf(req_buffer, "Content-Length: 0\r\n\r\n");
-        if(result)
-          return result;
-
-        result = add_buffer_send(req_buffer, conn,
-                                 &data->info.request_size, 0, FIRSTSOCKET);
-        if(result)
-          failf(data, "Failed sending POST request");
-        else
-          /* setup variables for the upcoming transfer */
-          result = Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
-                                       &http->readbytecount,
-                                       -1, NULL);
-        break;
-      }
-
-      if(Curl_FormInit(&http->form, http->sendit)) {
-        failf(data, "Internal HTTP POST error!");
-        return CURLE_HTTP_POST_ERROR;
-      }
-
-      /* set the read function to read from the generated form data */
-      conn->fread = (curl_read_callback)Curl_FormReader;
-      conn->fread_in = &http->form;
-
-      http->sending = HTTPSEND_BODY;
-
-      if(!conn->bits.upload_chunky) {
-        /* only add Content-Length if not uploading chunked */
-        result = add_bufferf(req_buffer,
-                             "Content-Length: %" FORMAT_OFF_T "\r\n",
-                             http->postsize);
-        if(result)
-          return result;
-      }
-
-      result = expect100(data, req_buffer);
-      if(result)
-        return result;
-
-      {
-
-        /* Get Content-Type: line from Curl_formpostheader.
-        */
-        char *contentType;
-        size_t linelength=0;
-        contentType = Curl_formpostheader((void *)&http->form,
-                                          &linelength);
-        if(!contentType) {
-          failf(data, "Could not get Content-Type header line!");
-          return CURLE_HTTP_POST_ERROR;
-        }
-
-        result = add_buffer(req_buffer, contentType, linelength);
-        if(result)
-          return result;
-      }
-
-      /* make the request end in a true CRLF */
-      result = add_buffer(req_buffer, "\r\n", 2);
-      if(result)
-        return result;
-
-      /* set upload size to the progress meter */
-      Curl_pgrsSetUploadSize(data, http->postsize);
-
-      /* fire away the whole request to the server */
-      result = add_buffer_send(req_buffer, conn,
-                               &data->info.request_size, 0, FIRSTSOCKET);
-      if(result)
-        failf(data, "Failed sending POST request");
-      else
-        /* setup variables for the upcoming transfer */
-        result = Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
-                                     &http->readbytecount,
-                                     FIRSTSOCKET,
-                                     &http->writebytecount);
-
-      if(result) {
-        Curl_formclean(&http->sendit); /* free that whole lot */
-        return result;
-      }
-#ifdef CURL_DOES_CONVERSIONS
-/* time to convert the form data... */
-      result = Curl_formconvert(data, http->sendit);
-      if(result) {
-        Curl_formclean(&http->sendit); /* free that whole lot */
-        return result;
-      }
-#endif /* CURL_DOES_CONVERSIONS */
-      break;
-
-    case HTTPREQ_PUT: /* Let's PUT the data to the server! */
-
-      if(conn->bits.authneg)
-        postsize = 0;
-      else
-        postsize = data->set.infilesize;
-
-      if((postsize != -1) && !conn->bits.upload_chunky) {
-        /* only add Content-Length if not uploading chunked */
-        result = add_bufferf(req_buffer,
-                             "Content-Length: %" FORMAT_OFF_T "\r\n",
-                             postsize );
-        if(result)
-          return result;
-      }
-
-      result = expect100(data, req_buffer);
-      if(result)
-        return result;
-
-      result = add_buffer(req_buffer, "\r\n", 2); /* end of headers */
-      if(result)
-        return result;
-
-      /* set the upload size to the progress meter */
-      Curl_pgrsSetUploadSize(data, postsize);
-
-      /* this sends the buffer and frees all the buffer resources */
-      result = add_buffer_send(req_buffer, conn,
-                               &data->info.request_size, 0, FIRSTSOCKET);
-      if(result)
-        failf(data, "Failed sending PUT request");
-      else
-        /* prepare for transfer */
-        result = Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
-                                     &http->readbytecount,
-                                     postsize?FIRSTSOCKET:-1,
-                                     postsize?&http->writebytecount:NULL);
-      if(result)
-        return result;
-      break;
-
-    case HTTPREQ_POST:
-      /* this is the simple POST, using x-www-form-urlencoded style */
-
-      if(conn->bits.authneg)
-        postsize = 0;
-      else
-        /* figure out the size of the postfields */
-        postsize = (data->set.postfieldsize != -1)?
-          data->set.postfieldsize:
-          (data->set.postfields?(curl_off_t)strlen(data->set.postfields):0);
-
-      if(!conn->bits.upload_chunky) {
-        /* We only set Content-Length and allow a custom Content-Length if
-           we don't upload data chunked, as RFC2616 forbids us to set both
-           kinds of headers (Transfer-Encoding: chunked and Content-Length) */
-
-        if(!checkheaders(data, "Content-Length:")) {
-          /* we allow replacing this header, although it isn't very wise to
-             actually set your own */
-          result = add_bufferf(req_buffer,
-                               "Content-Length: %" FORMAT_OFF_T"\r\n",
-                               postsize);
-          if(result)
-            return result;
-        }
-      }
-
-      if(!checkheaders(data, "Content-Type:")) {
-        result = add_bufferf(req_buffer,
-                             "Content-Type: application/x-www-form-urlencoded\r\n");
-        if(result)
-          return result;
-      }
-
-      if(data->set.postfields) {
-
-        /* for really small posts we don't use Expect: headers at all, and for
-           the somewhat bigger ones we allow the app to disable it */
-        if(postsize > TINY_INITIAL_POST_SIZE) {
-          result = expect100(data, req_buffer);
-          if(result)
-            return result;
-        }
-        else
-          data->state.expect100header = FALSE;
-
-        if(!data->state.expect100header &&
-           (postsize < MAX_INITIAL_POST_SIZE))  {
-          /* if we don't use expect:-100  AND
-             postsize is less than MAX_INITIAL_POST_SIZE
-
-             then append the post data to the HTTP request header. This limit
-             is no magic limit but only set to prevent really huge POSTs to
-             get the data duplicated with malloc() and family. */
-
-          result = add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
-          if(result)
-            return result;
-
-          if(!conn->bits.upload_chunky) {
-            /* We're not sending it 'chunked', append it to the request
-               already now to reduce the number if send() calls */
-            result = add_buffer(req_buffer, data->set.postfields,
-                                (size_t)postsize);
-            included_body = postsize;
-          }
-          else {
-            /* Append the POST data chunky-style */
-            result = add_bufferf(req_buffer, "%x\r\n", (int)postsize);
-            if(CURLE_OK == result)
-              result = add_buffer(req_buffer, data->set.postfields,
-                                  (size_t)postsize);
-            if(CURLE_OK == result)
-              result = add_buffer(req_buffer,
-                                  "\x0d\x0a\x30\x0d\x0a\x0d\x0a", 7);
-                                  /* CR  LF   0  CR  LF  CR  LF */
-            included_body = postsize + 7;
-          }
-          if(result)
-            return result;
-        }
-        else {
-          /* A huge POST coming up, do data separate from the request */
-          http->postsize = postsize;
-          http->postdata = data->set.postfields;
-
-          http->sending = HTTPSEND_BODY;
-
-          conn->fread = (curl_read_callback)readmoredata;
-          conn->fread_in = (void *)conn;
-
-          /* set the upload size to the progress meter */
-          Curl_pgrsSetUploadSize(data, http->postsize);
-
-          add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
-        }
-      }
-      else {
-        add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
-
-        if(data->set.postfieldsize) {
-          /* set the upload size to the progress meter */
-          Curl_pgrsSetUploadSize(data, postsize?postsize:-1);
-
-          /* set the pointer to mark that we will send the post body using
-             the read callback */
-          http->postdata = (char *)&http->postdata;
-        }
-      }
-      /* issue the request */
-      result = add_buffer_send(req_buffer, conn, &data->info.request_size,
-                               (size_t)included_body, FIRSTSOCKET);
-
-      if(result)
-        failf(data, "Failed sending HTTP POST request");
-      else
-        result =
-          Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
-                        &http->readbytecount,
-                        http->postdata?FIRSTSOCKET:-1,
-                        http->postdata?&http->writebytecount:NULL);
-      break;
-
-    default:
-      add_buffer(req_buffer, "\r\n", 2);
-
-      /* issue the request */
-      result = add_buffer_send(req_buffer, conn,
-                               &data->info.request_size, 0, FIRSTSOCKET);
-
-      if(result)
-        failf(data, "Failed sending HTTP request");
-      else
-        /* HTTP GET/HEAD download: */
-        result = Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
-                               &http->readbytecount,
-                               http->postdata?FIRSTSOCKET:-1,
-                               http->postdata?&http->writebytecount:NULL);
-    }
-    if(result)
-      return result;
-  }
-
-  return CURLE_OK;
-}
-#endif
diff --git a/Utilities/cmcurl/http.h b/Utilities/cmcurl/http.h
deleted file mode 100644
index 0f4b58f..0000000
--- a/Utilities/cmcurl/http.h
+++ /dev/null
@@ -1,85 +0,0 @@
-#ifndef __HTTP_H
-#define __HTTP_H
-
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-#ifndef CURL_DISABLE_HTTP
-bool Curl_compareheader(char *headerline,     /* line to check */
-                        const char *header,   /* header keyword _with_ colon */
-                        const char *content); /* content string to find */
-
-/* ftp can use this as well */
-CURLcode Curl_proxyCONNECT(struct connectdata *conn,
-                           int tunnelsocket,
-                           char *hostname, int remote_port);
-
-/* protocol-specific functions set up to be called by the main engine */
-CURLcode Curl_http(struct connectdata *conn, bool *done);
-CURLcode Curl_http_done(struct connectdata *, CURLcode, bool premature);
-CURLcode Curl_http_connect(struct connectdata *conn, bool *done);
-CURLcode Curl_https_connecting(struct connectdata *conn, bool *done);
-int Curl_https_getsock(struct connectdata *conn,
-                       curl_socket_t *socks,
-                       int numsocks);
-
-/* The following functions are defined in http_chunks.c */
-void Curl_httpchunk_init(struct connectdata *conn);
-CHUNKcode Curl_httpchunk_read(struct connectdata *conn, char *datap,
-                              ssize_t length, ssize_t *wrote);
-
-/* These functions are in http.c */
-void Curl_http_auth_stage(struct SessionHandle *data, int stage);
-CURLcode Curl_http_input_auth(struct connectdata *conn,
-                              int httpcode, char *header);
-CURLcode Curl_http_auth_act(struct connectdata *conn);
-
-int Curl_http_should_fail(struct connectdata *conn);
-
-/* If only the PICKNONE bit is set, there has been a round-trip and we
-   selected to use no auth at all. Ie, we actively select no auth, as opposed
-   to not having one selected. The other CURLAUTH_* defines are present in the
-   public curl/curl.h header. */
-#define CURLAUTH_PICKNONE (1<<30) /* don't use auth */
-
-/* MAX_INITIAL_POST_SIZE indicates the number of bytes that will make the POST
-   data get included in the initial data chunk sent to the server. If the
-   data is larger than this, it will automatically get split up in multiple
-   system calls.
-
-   This value used to be fairly big (100K), but we must take into account that
-   if the server rejects the POST due for authentication reasons, this data
-   will always be uncondtionally sent and thus it may not be larger than can
-   always be afforded to send twice.
-
-   It must not be greater than 64K to work on VMS.
-*/
-#ifndef MAX_INITIAL_POST_SIZE
-#define MAX_INITIAL_POST_SIZE (64*1024)
-#endif
-
-#ifndef TINY_INITIAL_POST_SIZE
-#define TINY_INITIAL_POST_SIZE 1024
-#endif
-
-#endif
-#endif
diff --git a/Utilities/cmcurl/http_negotiate.c b/Utilities/cmcurl/http_negotiate.c
deleted file mode 100644
index bdfeefa..0000000
--- a/Utilities/cmcurl/http_negotiate.c
+++ /dev/null
@@ -1,327 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-#include "setup.h"
-
-#ifdef HAVE_GSSAPI
-#ifdef HAVE_GSSMIT
-#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-#endif
-
-#ifndef CURL_DISABLE_HTTP
- /* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-#include "urldata.h"
-#include "sendf.h"
-#include "strequal.h"
-#include "base64.h"
-#include "http_negotiate.h"
-#include "memory.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-static int
-get_gss_name(struct connectdata *conn, gss_name_t *server)
-{
-  struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
-  OM_uint32 major_status, minor_status;
-  gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
-  char name[2048];
-  const char* service;
-
-  /* GSSAPI implementation by Globus (known as GSI) requires the name to be
-     of form "<service>/<fqdn>" instead of <service>@<fqdn> (ie. slash instead
-     of at-sign). Also GSI servers are often identified as 'host' not 'khttp'.
-     Change following lines if you want to use GSI */
-
-  /* IIS uses the <service>@<fqdn> form but uses 'http' as the service name */
-
-  if (neg_ctx->gss)
-    service = "KHTTP";
-  else
-    service = "HTTP";
-
-  token.length = strlen(service) + 1 + strlen(conn->host.name) + 1;
-  if (token.length + 1 > sizeof(name))
-    return EMSGSIZE;
-
-  snprintf(name, sizeof(name), "%s@%s", service, conn->host.name);
-
-  token.value = (void *) name;
-  major_status = gss_import_name(&minor_status,
-                                 &token,
-                                 GSS_C_NT_HOSTBASED_SERVICE,
-                                 server);
-
-  return GSS_ERROR(major_status) ? -1 : 0;
-}
-
-static void
-log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
-{
-  OM_uint32 maj_stat, min_stat;
-  OM_uint32 msg_ctx = 0;
-  gss_buffer_desc status_string;
-  char buf[1024];
-  size_t len;
-
-  snprintf(buf, sizeof(buf), "%s", prefix);
-  len = strlen(buf);
-  do {
-    maj_stat = gss_display_status (&min_stat,
-                                   error_status,
-                                   GSS_C_MECH_CODE,
-                                   GSS_C_NO_OID,
-                                   &msg_ctx,
-                                   &status_string);
-      if (sizeof(buf) > len + status_string.length + 1) {
-        snprintf(buf + len, sizeof(buf) - len,
-                 ": %s", (char*) status_string.value);
-      len += status_string.length;
-    }
-    gss_release_buffer(&min_stat, &status_string);
-  } while (!GSS_ERROR(maj_stat) && msg_ctx != 0);
-
-  infof(conn->data, "%s", buf);
-}
-
-int Curl_input_negotiate(struct connectdata *conn, char *header)
-{
-  struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
-  OM_uint32 major_status, minor_status, minor_status2;
-  gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
-  gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
-  int ret;
-  size_t len;
-  bool gss;
-  const char* protocol;
-
-  while(*header && ISSPACE(*header))
-    header++;
-  if(checkprefix("GSS-Negotiate", header)) {
-    protocol = "GSS-Negotiate";
-    gss = TRUE;
-  }
-  else if (checkprefix("Negotiate", header)) {
-    protocol = "Negotiate";
-    gss = FALSE;
-  }
-  else
-    return -1;
-
-  if (neg_ctx->context) {
-    if (neg_ctx->gss != gss) {
-      return -1;
-    }
-  }
-  else {
-    neg_ctx->protocol = protocol;
-    neg_ctx->gss = gss;
-  }
-
-  if (neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) {
-    /* We finished succesfully our part of authentication, but server
-     * rejected it (since we're again here). Exit with an error since we
-     * can't invent anything better */
-    Curl_cleanup_negotiate(conn->data);
-    return -1;
-  }
-
-  if (neg_ctx->server_name == NULL &&
-      (ret = get_gss_name(conn, &neg_ctx->server_name)))
-    return ret;
-
-  header += strlen(neg_ctx->protocol);
-  while(*header && ISSPACE(*header))
-    header++;
-
-  len = strlen(header);
-  if (len > 0) {
-    int rawlen = Curl_base64_decode(header, (unsigned char **)&input_token.value);
-    if (rawlen < 0)
-      return -1;
-    input_token.length = rawlen;
-
-#ifdef HAVE_SPNEGO /* Handle SPNEGO */
-    if (checkprefix("Negotiate", header)) {
-        ASN1_OBJECT *   object            = NULL;
-        int             rc                = 1;
-        unsigned char * spnegoToken       = NULL;
-        size_t          spnegoTokenLength = 0;
-        unsigned char * mechToken         = NULL;
-        size_t          mechTokenLength   = 0;
-
-        spnegoToken = malloc(input_token.length);
-        if (input_token.value == NULL)
-          return ENOMEM;
-        spnegoTokenLength = input_token.length;
-
-        object = OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
-        if (!parseSpnegoTargetToken(spnegoToken,
-                                    spnegoTokenLength,
-                                    NULL,
-                                    NULL,
-                                    &mechToken,
-                                    &mechTokenLength,
-                                    NULL,
-                                    NULL)) {
-          free(spnegoToken);
-          spnegoToken = NULL;
-          infof(conn->data, "Parse SPNEGO Target Token failed\n");
-        }
-        else {
-          free(input_token.value);
-          input_token.value = NULL;
-          input_token.value = malloc(mechTokenLength);
-          memcpy(input_token.value, mechToken,mechTokenLength);
-          input_token.length = mechTokenLength;
-          free(mechToken);
-          mechToken = NULL;
-          infof(conn->data, "Parse SPNEGO Target Token succeeded\n");
-        }
-    }
-#endif
-  }
-
-  major_status = gss_init_sec_context(&minor_status,
-                                      GSS_C_NO_CREDENTIAL,
-                                      &neg_ctx->context,
-                                      neg_ctx->server_name,
-                                      GSS_C_NO_OID,
-                                      GSS_C_DELEG_FLAG,
-                                      0,
-                                      GSS_C_NO_CHANNEL_BINDINGS,
-                                      &input_token,
-                                      NULL,
-                                      &output_token,
-                                      NULL,
-                                      NULL);
-  if (input_token.length > 0)
-    gss_release_buffer(&minor_status2, &input_token);
-  neg_ctx->status = major_status;
-  if (GSS_ERROR(major_status)) {
-    /* Curl_cleanup_negotiate(conn->data) ??? */
-    log_gss_error(conn, minor_status,
-                  (char *)"gss_init_sec_context() failed: ");
-    return -1;
-  }
-
-  if (output_token.length == 0) {
-    return -1;
-  }
-
-  neg_ctx->output_token = output_token;
-  /* conn->bits.close = FALSE; */
-
-  return 0;
-}
-
-
-CURLcode Curl_output_negotiate(struct connectdata *conn)
-{
-  struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
-  OM_uint32 minor_status;
-  char *encoded = NULL;
-  int len;
-
-#ifdef HAVE_SPNEGO /* Handle SPNEGO */
-  if (checkprefix("Negotiate",neg_ctx->protocol)) {
-    ASN1_OBJECT *   object            = NULL;
-    int             rc                = 1;
-    unsigned char * spnegoToken       = NULL;
-    size_t          spnegoTokenLength = 0;
-    unsigned char * responseToken       = NULL;
-    size_t          responseTokenLength = 0;
-
-    responseToken = malloc(neg_ctx->output_token.length);
-    if ( responseToken == NULL)
-      return CURLE_OUT_OF_MEMORY;
-    memcpy(responseToken, neg_ctx->output_token.value,
-           neg_ctx->output_token.length);
-    responseTokenLength = neg_ctx->output_token.length;
-
-    object=OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
-    if (!makeSpnegoInitialToken (object,
-                                 responseToken,
-                                 responseTokenLength,
-                                 &spnegoToken,
-                                 &spnegoTokenLength)) {
-      free(responseToken);
-      responseToken = NULL;
-      infof(conn->data, "Make SPNEGO Initial Token failed\n");
-    }
-    else {
-      free(neg_ctx->output_token.value);
-      responseToken = NULL;
-      neg_ctx->output_token.value = malloc(spnegoTokenLength);
-      memcpy(neg_ctx->output_token.value, spnegoToken,spnegoTokenLength);
-      neg_ctx->output_token.length = spnegoTokenLength;
-      free(spnegoToken);
-      spnegoToken = NULL;
-      infof(conn->data, "Make SPNEGO Initial Token succeeded\n");
-    }
-  }
-#endif
-  len = Curl_base64_encode(conn->data,
-                           neg_ctx->output_token.value,
-                           neg_ctx->output_token.length,
-                           &encoded);
-
-  if (len < 0)
-    return CURLE_OUT_OF_MEMORY;
-
-  conn->allocptr.userpwd =
-    aprintf("Authorization: %s %s\r\n", neg_ctx->protocol, encoded);
-  free(encoded);
-  gss_release_buffer(&minor_status, &neg_ctx->output_token);
-  return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
-}
-
-void Curl_cleanup_negotiate(struct SessionHandle *data)
-{
-  OM_uint32 minor_status;
-  struct negotiatedata *neg_ctx = &data->state.negotiate;
-
-  if (neg_ctx->context != GSS_C_NO_CONTEXT)
-    gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);
-
-  if (neg_ctx->output_token.length != 0)
-    gss_release_buffer(&minor_status, &neg_ctx->output_token);
-
-  if (neg_ctx->server_name != GSS_C_NO_NAME)
-    gss_release_name(&minor_status, &neg_ctx->server_name);
-
-  memset(neg_ctx, 0, sizeof(*neg_ctx));
-}
-
-
-#endif
-#endif
diff --git a/Utilities/cmcurl/http_negotiate.h b/Utilities/cmcurl/http_negotiate.h
deleted file mode 100644
index ce0d083..0000000
--- a/Utilities/cmcurl/http_negotiate.h
+++ /dev/null
@@ -1,39 +0,0 @@
-#ifndef __HTTP_NEGOTIATE_H
-#define __HTTP_NEGOTIATE_H
-
-/***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#ifdef HAVE_GSSAPI
-
-/* this is for Negotiate header input */
-int Curl_input_negotiate(struct connectdata *conn, char *header);
-
-/* this is for creating Negotiate header output */
-CURLcode Curl_output_negotiate(struct connectdata *conn);
-
-void Curl_cleanup_negotiate(struct SessionHandle *data);
-
-#endif
-
-#endif
diff --git a/Utilities/cmcurl/http_ntlm.c b/Utilities/cmcurl/http_ntlm.c
deleted file mode 100644
index aff1bb1..0000000
--- a/Utilities/cmcurl/http_ntlm.c
+++ /dev/null
@@ -1,1111 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-#include "setup.h"
-
-/* NTLM details:
-
-   http://davenport.sourceforge.net/ntlm.html
-   http://www.innovation.ch/java/ntlm.html
-
-   Another implementation:
-   http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNTLMAuthModule.cpp
-
-*/
-
-#ifndef CURL_DISABLE_HTTP
-#ifdef USE_NTLM
-
-#define DEBUG_ME 0
-
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "urldata.h"
-#include "easyif.h"  /* for Curl_convert_... prototypes */
-#include "sendf.h"
-#include "strequal.h"
-#include "base64.h"
-#include "http_ntlm.h"
-#include "url.h"
-#include "memory.h"
-#include "ssluse.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* "NTLMSSP" signature is always in ASCII regardless of the platform */
-#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
-
-#ifndef USE_WINDOWS_SSPI
-
-#include <openssl/des.h>
-#include <openssl/md4.h>
-#include <openssl/md5.h>
-#include <openssl/ssl.h>
-#include <openssl/rand.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x00907001L
-#define DES_key_schedule des_key_schedule
-#define DES_cblock des_cblock
-#define DES_set_odd_parity des_set_odd_parity
-#define DES_set_key des_set_key
-#define DES_ecb_encrypt des_ecb_encrypt
-
-/* This is how things were done in the old days */
-#define DESKEY(x) x
-#define DESKEYARG(x) x
-#else
-/* Modern version */
-#define DESKEYARG(x) *x
-#define DESKEY(x) &x
-#endif
-
-#else
-
-#include <rpc.h>
-
-/* Handle of security.dll or secur32.dll, depending on Windows version */
-static HMODULE s_hSecDll = NULL;
-/* Pointer to SSPI dispatch table */
-static PSecurityFunctionTable s_pSecFn = NULL;
-
-#endif
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/* Define this to make the type-3 message include the NT response message */
-#define USE_NTRESPONSES 1
-
-/* Define this to make the type-3 message include the NTLM2Session response
-   message, requires USE_NTRESPONSES. */
-#define USE_NTLM2SESSION 1
-
-#ifndef USE_WINDOWS_SSPI
-/* this function converts from the little endian format used in the incoming
-   package to whatever endian format we're using natively */
-static unsigned int readint_le(unsigned char *buf) /* must point to a
-                                                      4 bytes buffer*/
-{
-  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
-    ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
-}
-#endif
-
-#if DEBUG_ME
-# define DEBUG_OUT(x) x
-static void print_flags(FILE *handle, unsigned long flags)
-{
-  if(flags & NTLMFLAG_NEGOTIATE_UNICODE)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_UNICODE ");
-  if(flags & NTLMFLAG_NEGOTIATE_OEM)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_OEM ");
-  if(flags & NTLMFLAG_REQUEST_TARGET)
-    fprintf(handle, "NTLMFLAG_REQUEST_TARGET ");
-  if(flags & (1<<3))
-    fprintf(handle, "NTLMFLAG_UNKNOWN_3 ");
-  if(flags & NTLMFLAG_NEGOTIATE_SIGN)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_SIGN ");
-  if(flags & NTLMFLAG_NEGOTIATE_SEAL)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_SEAL ");
-  if(flags & NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE ");
-  if(flags & NTLMFLAG_NEGOTIATE_LM_KEY)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_LM_KEY ");
-  if(flags & NTLMFLAG_NEGOTIATE_NETWARE)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_NETWARE ");
-  if(flags & NTLMFLAG_NEGOTIATE_NTLM_KEY)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM_KEY ");
-  if(flags & (1<<10))
-    fprintf(handle, "NTLMFLAG_UNKNOWN_10 ");
-  if(flags & (1<<11))
-    fprintf(handle, "NTLMFLAG_UNKNOWN_11 ");
-  if(flags & NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED ");
-  if(flags & NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED ");
-  if(flags & NTLMFLAG_NEGOTIATE_LOCAL_CALL)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_LOCAL_CALL ");
-  if(flags & NTLMFLAG_NEGOTIATE_ALWAYS_SIGN)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_ALWAYS_SIGN ");
-  if(flags & NTLMFLAG_TARGET_TYPE_DOMAIN)
-    fprintf(handle, "NTLMFLAG_TARGET_TYPE_DOMAIN ");
-  if(flags & NTLMFLAG_TARGET_TYPE_SERVER)
-    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SERVER ");
-  if(flags & NTLMFLAG_TARGET_TYPE_SHARE)
-    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SHARE ");
-  if(flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM2_KEY ");
-  if(flags & NTLMFLAG_REQUEST_INIT_RESPONSE)
-    fprintf(handle, "NTLMFLAG_REQUEST_INIT_RESPONSE ");
-  if(flags & NTLMFLAG_REQUEST_ACCEPT_RESPONSE)
-    fprintf(handle, "NTLMFLAG_REQUEST_ACCEPT_RESPONSE ");
-  if(flags & NTLMFLAG_REQUEST_NONNT_SESSION_KEY)
-    fprintf(handle, "NTLMFLAG_REQUEST_NONNT_SESSION_KEY ");
-  if(flags & NTLMFLAG_NEGOTIATE_TARGET_INFO)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_TARGET_INFO ");
-  if(flags & (1<<24))
-    fprintf(handle, "NTLMFLAG_UNKNOWN_24 ");
-  if(flags & (1<<25))
-    fprintf(handle, "NTLMFLAG_UNKNOWN_25 ");
-  if(flags & (1<<26))
-    fprintf(handle, "NTLMFLAG_UNKNOWN_26 ");
-  if(flags & (1<<27))
-    fprintf(handle, "NTLMFLAG_UNKNOWN_27 ");
-  if(flags & (1<<28))
-    fprintf(handle, "NTLMFLAG_UNKNOWN_28 ");
-  if(flags & NTLMFLAG_NEGOTIATE_128)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_128 ");
-  if(flags & NTLMFLAG_NEGOTIATE_KEY_EXCHANGE)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_KEY_EXCHANGE ");
-  if(flags & NTLMFLAG_NEGOTIATE_56)
-    fprintf(handle, "NTLMFLAG_NEGOTIATE_56 ");
-}
-
-static void print_hex(FILE *handle, const char *buf, size_t len)
-{
-  const char *p = buf;
-  fprintf(stderr, "0x");
-  while (len-- > 0)
-    fprintf(stderr, "%02.2x", (unsigned int)*p++);
-}
-#else
-# define DEBUG_OUT(x)
-#endif
-
-/*
-  (*) = A "security buffer" is a triplet consisting of two shorts and one
-  long:
-
-  1. a 'short' containing the length of the buffer in bytes
-  2. a 'short' containing the allocated space for the buffer in bytes
-  3. a 'long' containing the offset to the start of the buffer from the
-     beginning of the NTLM message, in bytes.
-*/
-
-
-CURLntlm Curl_input_ntlm(struct connectdata *conn,
-                         bool proxy,   /* if proxy or not */
-                         char *header) /* rest of the www-authenticate:
-                                          header */
-{
-  /* point to the correct struct with this */
-  struct ntlmdata *ntlm;
-#ifndef USE_WINDOWS_SSPI
-  static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 };
-#endif
-
-  ntlm = proxy?&conn->proxyntlm:&conn->ntlm;
-
-  /* skip initial whitespaces */
-  while(*header && ISSPACE(*header))
-    header++;
-
-  if(checkprefix("NTLM", header)) {
-    header += strlen("NTLM");
-
-    while(*header && ISSPACE(*header))
-      header++;
-
-    if(*header) {
-      /* We got a type-2 message here:
-
-         Index   Description         Content
-         0       NTLMSSP Signature   Null-terminated ASCII "NTLMSSP"
-                                     (0x4e544c4d53535000)
-         8       NTLM Message Type   long (0x02000000)
-         12      Target Name         security buffer(*)
-         20      Flags               long
-         24      Challenge           8 bytes
-         (32)    Context (optional)  8 bytes (two consecutive longs)
-         (40)    Target Information  (optional) security buffer(*)
-         32 (48) start of data block
-      */
-      size_t size;
-      unsigned char *buffer;
-      size = Curl_base64_decode(header, &buffer);
-      if(!buffer)
-        return CURLNTLM_BAD;
-
-      ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
-
-#ifdef USE_WINDOWS_SSPI
-      ntlm->type_2 = malloc(size+1);
-      if (ntlm->type_2 == NULL) {
-        free(buffer);
-        return CURLE_OUT_OF_MEMORY;
-      }
-      ntlm->n_type_2 = size;
-      memcpy(ntlm->type_2, buffer, size);
-#else
-      ntlm->flags = 0;
-
-      if((size < 32) ||
-         (memcmp(buffer, NTLMSSP_SIGNATURE, 8) != 0) ||
-         (memcmp(buffer+8, type2_marker, sizeof(type2_marker)) != 0)) {
-        /* This was not a good enough type-2 message */
-        free(buffer);
-        return CURLNTLM_BAD;
-      }
-
-      ntlm->flags = readint_le(&buffer[20]);
-      memcpy(ntlm->nonce, &buffer[24], 8);
-
-      DEBUG_OUT({
-        fprintf(stderr, "**** TYPE2 header flags=0x%08.8lx ", ntlm->flags);
-        print_flags(stderr, ntlm->flags);
-        fprintf(stderr, "\n                  nonce=");
-        print_hex(stderr, (char *)ntlm->nonce, 8);
-        fprintf(stderr, "\n****\n");
-        fprintf(stderr, "**** Header %s\n ", header);
-      });
-
-      free(buffer);
-#endif
-    }
-    else {
-      if(ntlm->state >= NTLMSTATE_TYPE1)
-        return CURLNTLM_BAD;
-
-      ntlm->state = NTLMSTATE_TYPE1; /* we should sent away a type-1 */
-    }
-  }
-  return CURLNTLM_FINE;
-}
-
-#ifndef USE_WINDOWS_SSPI
-
-/*
- * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
- * key schedule ks is also set.
- */
-static void setup_des_key(unsigned char *key_56,
-                          DES_key_schedule DESKEYARG(ks))
-{
-  DES_cblock key;
-
-  key[0] = key_56[0];
-  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
-  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
-  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
-  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
-  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
-  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
-  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
-
-  DES_set_odd_parity(&key);
-  DES_set_key(&key, ks);
-}
-
- /*
-  * takes a 21 byte array and treats it as 3 56-bit DES keys. The
-  * 8 byte plaintext is encrypted with each key and the resulting 24
-  * bytes are stored in the results array.
-  */
-static void lm_resp(unsigned char *keys,
-                      unsigned char *plaintext,
-                      unsigned char *results)
-{
-  DES_key_schedule ks;
-
-  setup_des_key(keys, DESKEY(ks));
-  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
-                  DESKEY(ks), DES_ENCRYPT);
-
-  setup_des_key(keys+7, DESKEY(ks));
-  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+8),
-                  DESKEY(ks), DES_ENCRYPT);
-
-  setup_des_key(keys+14, DESKEY(ks));
-  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16),
-                  DESKEY(ks), DES_ENCRYPT);
-}
-
-
-/*
- * Set up lanmanager hashed password
- */
-static void mk_lm_hash(struct SessionHandle *data,
-                       char *password, 
-                       unsigned char *lmbuffer /* 21 bytes */)
-{
-  unsigned char pw[14];
-  static const unsigned char magic[] = {
-    0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */
-  };
-  unsigned int i;
-  size_t len = strlen(password);
-
-  if (len > 14)
-    len = 14;
-
-  for (i=0; i<len; i++)
-    pw[i] = (unsigned char)toupper(password[i]);
-
-  for (; i<14; i++)
-    pw[i] = 0;
-
-#ifdef CURL_DOES_CONVERSIONS
-  /*
-   * The LanManager hashed password needs to be created using the
-   * password in the network encoding not the host encoding.
-   */
-  if(data)
-    Curl_convert_to_network(data, (char *)pw, 14);
-#else
-  (void)data;
-#endif
-
-  {
-    /* Create LanManager hashed password. */
-
-    DES_key_schedule ks;
-
-    setup_des_key(pw, DESKEY(ks));
-    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
-                    DESKEY(ks), DES_ENCRYPT);
-
-    setup_des_key(pw+7, DESKEY(ks));
-    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer+8),
-                    DESKEY(ks), DES_ENCRYPT);
-
-    memset(lmbuffer + 16, 0, 21 - 16);
-  }
-  }
-
-#if USE_NTRESPONSES
-static void utf8_to_unicode_le(unsigned char *dest, const char *src,
-                               size_t srclen)
-{
-  size_t i;
-  for (i=0; i<srclen; i++) {
-    dest[2*i]   = (unsigned char)src[i];
-    dest[2*i+1] =   '\0';
-  }
-}
-
-/*
- * Set up nt hashed passwords
- */
-static void mk_nt_hash(struct SessionHandle *data,
-                       char *password,
-                       unsigned char *ntbuffer /* 21 bytes */)
-{
-  size_t len = strlen(password);
-  unsigned char *pw = malloc(len*2);
-
-  utf8_to_unicode_le(pw, password, len);
-
-#ifdef CURL_DOES_CONVERSIONS
-  /*
-   * The NT hashed password needs to be created using the
-   * password in the network encoding not the host encoding.
-   */
-  if(data)
-    Curl_convert_to_network(data, (char *)pw, len*2);
-#else
-  (void)data;
-#endif
-
-  {
-    /* Create NT hashed password. */
-    MD4_CTX MD4;
-
-    MD4_Init(&MD4);
-    MD4_Update(&MD4, pw, 2*len);
-    MD4_Final(ntbuffer, &MD4);
-
-    memset(ntbuffer + 16, 0, 21 - 16);
-  }
-
-  free(pw);
-}
-#endif
-
-
-#endif
-
-#ifdef USE_WINDOWS_SSPI
-
-static void
-ntlm_sspi_cleanup(struct ntlmdata *ntlm)
-{
-  if (ntlm->type_2) {
-    free(ntlm->type_2);
-    ntlm->type_2 = NULL;
-  }
-  if (ntlm->has_handles) {
-    s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
-    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
-    ntlm->has_handles = 0;
-  }
-  if (ntlm->p_identity) {
-    if (ntlm->identity.User) free(ntlm->identity.User);
-    if (ntlm->identity.Password) free(ntlm->identity.Password);
-    if (ntlm->identity.Domain) free(ntlm->identity.Domain);
-    ntlm->p_identity = NULL;
-  }
-}
-
-#endif
-
-#define SHORTPAIR(x) ((x) & 0xff), (((x) >> 8) & 0xff)
-#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8)&0xff), \
-  (((x) >>16)&0xff), (((x)>>24) & 0xff)
-
-#define HOSTNAME_MAX 1024
-
-/* this is for creating ntlm header output */
-CURLcode Curl_output_ntlm(struct connectdata *conn,
-                          bool proxy)
-{
-  const char *domain=""; /* empty */
-  char host [HOSTNAME_MAX+ 1] = ""; /* empty */
-#ifndef USE_WINDOWS_SSPI
-  size_t domlen = strlen(domain);
-  size_t hostlen = strlen(host);
-  size_t hostoff; /* host name offset */
-  size_t domoff;  /* domain name offset */
-#endif
-  size_t size;
-  char *base64=NULL;
-  unsigned char ntlmbuf[1024]; /* enough, unless the user+host+domain is very
-                                  long */
-
-  /* point to the address of the pointer that holds the string to sent to the
-     server, which is for a plain host or for a HTTP proxy */
-  char **allocuserpwd;
-
-  /* point to the name and password for this */
-  char *userp;
-  char *passwdp;
-  /* point to the correct struct with this */
-  struct ntlmdata *ntlm;
-  struct auth *authp;
-
-  curlassert(conn);
-  curlassert(conn->data);
-
-  if(proxy) {
-    allocuserpwd = &conn->allocptr.proxyuserpwd;
-    userp = conn->proxyuser;
-    passwdp = conn->proxypasswd;
-    ntlm = &conn->proxyntlm;
-    authp = &conn->data->state.authproxy;
-  }
-  else {
-    allocuserpwd = &conn->allocptr.userpwd;
-    userp = conn->user;
-    passwdp = conn->passwd;
-    ntlm = &conn->ntlm;
-    authp = &conn->data->state.authhost;
-  }
-  authp->done = FALSE;
-
-  /* not set means empty */
-  if(!userp)
-    userp=(char *)"";
-
-  if(!passwdp)
-    passwdp=(char *)"";
-
-#ifdef USE_WINDOWS_SSPI
-  /* If security interface is not yet initialized try to do this */
-  if (s_hSecDll == NULL) {
-    /* Determine Windows version. Security functions are located in
-     * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
-     * contain both these DLLs (security.dll just forwards calls to
-     * secur32.dll)
-     */
-    OSVERSIONINFO osver;
-    osver.dwOSVersionInfoSize = sizeof(osver);
-    GetVersionEx(&osver);
-    if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT
-      && osver.dwMajorVersion == 4)
-      s_hSecDll = LoadLibrary("security.dll");
-    else
-      s_hSecDll = LoadLibrary("secur32.dll");
-    if (s_hSecDll != NULL) {
-      INIT_SECURITY_INTERFACE pInitSecurityInterface;
-      pInitSecurityInterface =
-        (INIT_SECURITY_INTERFACE)GetProcAddress(s_hSecDll,
-                                                "InitSecurityInterfaceA");
-      if (pInitSecurityInterface != NULL)
-        s_pSecFn = pInitSecurityInterface();
-    }
-  }
-  if (s_pSecFn == NULL)
-    return CURLE_RECV_ERROR;
-#endif
-
-  switch(ntlm->state) {
-  case NTLMSTATE_TYPE1:
-  default: /* for the weird cases we (re)start here */
-#ifdef USE_WINDOWS_SSPI
-  {
-    SecBuffer buf;
-    SecBufferDesc desc;
-    SECURITY_STATUS status;
-    ULONG attrs;
-    const char *user;
-    int domlen;
-    TimeStamp tsDummy; /* For Windows 9x compatibility of SPPI calls */
-
-    ntlm_sspi_cleanup(ntlm);
-
-    user = strchr(userp, '\\');
-    if (!user)
-      user = strchr(userp, '/');
-
-    if (user) {
-      domain = userp;
-      domlen = user - userp;
-      user++;
-    }
-    else {
-      user = userp;
-      domain = "";
-      domlen = 0;
-    }
-
-    if (user && *user) {
-      /* note: initialize all of this before doing the mallocs so that
-       * it can be cleaned up later without leaking memory.
-       */
-      ntlm->p_identity = &ntlm->identity;
-      memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
-      if ((ntlm->identity.User = (unsigned char *)strdup(user)) == NULL)
-        return CURLE_OUT_OF_MEMORY;
-      ntlm->identity.UserLength = strlen(user);
-      if ((ntlm->identity.Password = (unsigned char *)strdup(passwdp)) == NULL)
-        return CURLE_OUT_OF_MEMORY;
-      ntlm->identity.PasswordLength = strlen(passwdp);
-      if ((ntlm->identity.Domain = malloc(domlen+1)) == NULL)
-        return CURLE_OUT_OF_MEMORY;
-      strncpy((char *)ntlm->identity.Domain, domain, domlen);
-      ntlm->identity.Domain[domlen] = '\0';
-      ntlm->identity.DomainLength = domlen;
-      ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
-    }
-    else {
-      ntlm->p_identity = NULL;
-    }
-
-    if (s_pSecFn->AcquireCredentialsHandle(
-          NULL, (char *)"NTLM", SECPKG_CRED_OUTBOUND, NULL, ntlm->p_identity,
-          NULL, NULL, &ntlm->handle, &tsDummy
-          ) != SEC_E_OK) {
-      return CURLE_OUT_OF_MEMORY;
-    }
-
-    desc.ulVersion = SECBUFFER_VERSION;
-    desc.cBuffers  = 1;
-    desc.pBuffers  = &buf;
-    buf.cbBuffer   = sizeof(ntlmbuf);
-    buf.BufferType = SECBUFFER_TOKEN;
-    buf.pvBuffer   = ntlmbuf;
-
-    status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
-                                                 (char *) host,
-                                                 ISC_REQ_CONFIDENTIALITY |
-                                                 ISC_REQ_REPLAY_DETECT |
-                                                 ISC_REQ_CONNECTION,
-                                                 0, SECURITY_NETWORK_DREP,
-                                                 NULL, 0,
-                                                 &ntlm->c_handle, &desc,
-                                                 &attrs, &tsDummy);
-
-    if (status == SEC_I_COMPLETE_AND_CONTINUE ||
-        status == SEC_I_CONTINUE_NEEDED) {
-      s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
-    }
-    else if (status != SEC_E_OK) {
-      s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
-      return CURLE_RECV_ERROR;
-    }
-
-    ntlm->has_handles = 1;
-    size = buf.cbBuffer;
-  }
-#else
-    hostoff = 0;
-    domoff = hostoff + hostlen; /* This is 0: remember that host and domain
-                                   are empty */
-
-    /* Create and send a type-1 message:
-
-    Index Description          Content
-    0     NTLMSSP Signature    Null-terminated ASCII "NTLMSSP"
-                               (0x4e544c4d53535000)
-    8     NTLM Message Type    long (0x01000000)
-    12    Flags                long
-    16    Supplied Domain      security buffer(*)
-    24    Supplied Workstation security buffer(*)
-    32    start of data block
-
-    */
-#if USE_NTLM2SESSION
-#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
-#else
-#define NTLM2FLAG 0
-#endif
-    snprintf((char *)ntlmbuf, sizeof(ntlmbuf), NTLMSSP_SIGNATURE "%c"
-             "\x01%c%c%c" /* 32-bit type = 1 */
-             "%c%c%c%c"   /* 32-bit NTLM flag field */
-             "%c%c"  /* domain length */
-             "%c%c"  /* domain allocated space */
-             "%c%c"  /* domain name offset */
-             "%c%c"  /* 2 zeroes */
-             "%c%c"  /* host length */
-             "%c%c"  /* host allocated space */
-             "%c%c"  /* host name offset */
-             "%c%c"  /* 2 zeroes */
-             "%s"   /* host name */
-             "%s",  /* domain string */
-             0,     /* trailing zero */
-             0,0,0, /* part of type-1 long */
-
-             LONGQUARTET(
-               NTLMFLAG_NEGOTIATE_OEM|
-               NTLMFLAG_REQUEST_TARGET|
-               NTLMFLAG_NEGOTIATE_NTLM_KEY|
-               NTLM2FLAG|
-               NTLMFLAG_NEGOTIATE_ALWAYS_SIGN
-               ),
-             SHORTPAIR(domlen),
-             SHORTPAIR(domlen),
-             SHORTPAIR(domoff),
-             0,0,
-             SHORTPAIR(hostlen),
-             SHORTPAIR(hostlen),
-             SHORTPAIR(hostoff),
-             0,0,
-             host /* this is empty */, domain /* this is empty */);
-
-    /* initial packet length */
-    size = 32 + hostlen + domlen;
-#endif
-
-    DEBUG_OUT({
-      fprintf(stderr, "**** TYPE1 header flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ",
-              LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM|
-                          NTLMFLAG_REQUEST_TARGET|
-                          NTLMFLAG_NEGOTIATE_NTLM_KEY|
-                          NTLM2FLAG|
-                          NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
-              NTLMFLAG_NEGOTIATE_OEM|
-              NTLMFLAG_REQUEST_TARGET|
-              NTLMFLAG_NEGOTIATE_NTLM_KEY|
-              NTLM2FLAG|
-              NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
-      print_flags(stderr,
-                  NTLMFLAG_NEGOTIATE_OEM|
-                  NTLMFLAG_REQUEST_TARGET|
-                  NTLMFLAG_NEGOTIATE_NTLM_KEY|
-                  NTLM2FLAG|
-                  NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
-      fprintf(stderr, "\n****\n");
-    });
-
-    /* now size is the size of the base64 encoded package size */
-    size = Curl_base64_encode(NULL, (char *)ntlmbuf, size, &base64);
-
-    if(size >0 ) {
-      Curl_safefree(*allocuserpwd);
-      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
-                              proxy?"Proxy-":"",
-                              base64);
-      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
-      free(base64);
-    }
-    else
-      return CURLE_OUT_OF_MEMORY; /* FIX TODO */
-
-    break;
-
-  case NTLMSTATE_TYPE2:
-    /* We received the type-2 message already, create a type-3 message:
-
-    Index   Description            Content
-    0       NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
-                                   (0x4e544c4d53535000)
-    8       NTLM Message Type      long (0x03000000)
-    12      LM/LMv2 Response       security buffer(*)
-    20      NTLM/NTLMv2 Response   security buffer(*)
-    28      Domain Name            security buffer(*)
-    36      User Name              security buffer(*)
-    44      Workstation Name       security buffer(*)
-    (52)    Session Key (optional) security buffer(*)
-    (60)    Flags (optional)       long
-    52 (64) start of data block
-
-    */
-
-  {
-#ifdef USE_WINDOWS_SSPI
-    SecBuffer type_2, type_3;
-    SecBufferDesc type_2_desc, type_3_desc;
-    SECURITY_STATUS status;
-    ULONG attrs;
-    TimeStamp tsDummy; /* For Windows 9x compatibility of SPPI calls */
-
-    type_2_desc.ulVersion  = type_3_desc.ulVersion  = SECBUFFER_VERSION;
-    type_2_desc.cBuffers   = type_3_desc.cBuffers   = 1;
-    type_2_desc.pBuffers   = &type_2;
-    type_3_desc.pBuffers   = &type_3;
-
-    type_2.BufferType = SECBUFFER_TOKEN;
-    type_2.pvBuffer   = ntlm->type_2;
-    type_2.cbBuffer   = ntlm->n_type_2;
-    type_3.BufferType = SECBUFFER_TOKEN;
-    type_3.pvBuffer   = ntlmbuf;
-    type_3.cbBuffer   = sizeof(ntlmbuf);
-
-    status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, &ntlm->c_handle,
-                                       (char *) host,
-                                       ISC_REQ_CONFIDENTIALITY |
-                                       ISC_REQ_REPLAY_DETECT |
-                                       ISC_REQ_CONNECTION,
-                                       0, SECURITY_NETWORK_DREP, &type_2_desc,
-                                       0, &ntlm->c_handle, &type_3_desc,
-                                       &attrs, &tsDummy);
-
-    if (status != SEC_E_OK)
-      return CURLE_RECV_ERROR;
-
-    size = type_3.cbBuffer;
-
-    ntlm_sspi_cleanup(ntlm);
-
-#else
-    int lmrespoff;
-    unsigned char lmresp[24]; /* fixed-size */
-#if USE_NTRESPONSES
-    int ntrespoff;
-    unsigned char ntresp[24]; /* fixed-size */
-#endif
-    size_t useroff;
-    const char *user;
-    size_t userlen;
-
-    user = strchr(userp, '\\');
-    if(!user)
-      user = strchr(userp, '/');
-
-    if (user) {
-      domain = userp;
-      domlen = (user - domain);
-      user++;
-    }
-    else
-      user = userp;
-    userlen = strlen(user);
-
-    if (gethostname(host, HOSTNAME_MAX)) {
-      infof(conn->data, "gethostname() failed, continuing without!");
-      hostlen = 0;
-    }
-    else {
-      /* If the workstation if configured with a full DNS name (i.e.
-       * workstation.somewhere.net) gethostname() returns the fully qualified
-       * name, which NTLM doesn't like.
-       */
-      char *dot = strchr(host, '.');
-      if (dot)
-        *dot = '\0';
-      hostlen = strlen(host);
-    }
-
-#if USE_NTLM2SESSION
-    /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
-    if (ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
-      unsigned char ntbuffer[0x18];
-      unsigned char tmp[0x18];
-      unsigned char md5sum[MD5_DIGEST_LENGTH];
-      MD5_CTX MD5;
-      unsigned char random[8];
-
-      /* Need to create 8 bytes random data */
-      Curl_ossl_seed(conn->data); /* Initiate the seed if not already done */
-      RAND_bytes(random,8);
-
-      /* 8 bytes random data as challenge in lmresp */
-      memcpy(lmresp,random,8);
-      /* Pad with zeros */
-      memset(lmresp+8,0,0x10);
-
-      /* Fill tmp with challenge(nonce?) + random */
-      memcpy(tmp,&ntlm->nonce[0],8);
-      memcpy(tmp+8,random,8);
-
-      MD5_Init(&MD5);
-      MD5_Update(&MD5, tmp, 16);
-      MD5_Final(md5sum, &MD5);
-      /* We shall only use the first 8 bytes of md5sum,
-         but the des code in lm_resp only encrypt the first 8 bytes */
-      mk_nt_hash(conn->data, passwdp, ntbuffer);
-      lm_resp(ntbuffer, md5sum, ntresp);
-
-      /* End of NTLM2 Session code */
-    }
-    else {
-#endif
-
-#if USE_NTRESPONSES
-      unsigned char ntbuffer[0x18];
-#endif
-      unsigned char lmbuffer[0x18];
-
-#if USE_NTRESPONSES
-      mk_nt_hash(conn->data, passwdp, ntbuffer);
-      lm_resp(ntbuffer, &ntlm->nonce[0], ntresp);
-#endif
-
-      mk_lm_hash(conn->data, passwdp, lmbuffer);
-      lm_resp(lmbuffer, &ntlm->nonce[0], lmresp);
-      /* A safer but less compatible alternative is:
-       *   lm_resp(ntbuffer, &ntlm->nonce[0], lmresp);
-       * See http://davenport.sourceforge.net/ntlm.html#ntlmVersion2 */
-#if USE_NTLM2SESSION
-    }
-#endif
-
-    lmrespoff = 64; /* size of the message header */
-#if USE_NTRESPONSES
-    ntrespoff = lmrespoff + 0x18;
-    domoff = ntrespoff + 0x18;
-#else
-    domoff = lmrespoff + 0x18;
-#endif
-    useroff = domoff + domlen;
-    hostoff = useroff + userlen;
-
-    /* Create the big type-3 message binary blob */
-    size = snprintf((char *)ntlmbuf, sizeof(ntlmbuf),
-                    NTLMSSP_SIGNATURE "%c"
-                    "\x03%c%c%c" /* type-3, 32 bits */
-
-                    "%c%c" /* LanManager length */
-                    "%c%c" /* LanManager allocated space */
-                    "%c%c" /* LanManager offset */
-                    "%c%c" /* 2 zeroes */
-
-                    "%c%c" /* NT-response length */
-                    "%c%c" /* NT-response allocated space */
-                    "%c%c" /* NT-response offset */
-                    "%c%c" /* 2 zeroes */
-
-                    "%c%c"  /* domain length */
-                    "%c%c"  /* domain allocated space */
-                    "%c%c"  /* domain name offset */
-                    "%c%c"  /* 2 zeroes */
-
-                    "%c%c"  /* user length */
-                    "%c%c"  /* user allocated space */
-                    "%c%c"  /* user offset */
-                    "%c%c"  /* 2 zeroes */
-
-                    "%c%c"  /* host length */
-                    "%c%c"  /* host allocated space */
-                    "%c%c"  /* host offset */
-                    "%c%c"  /* 2 zeroes */
-
-                    "%c%c"  /* session key length (unknown purpose) */
-                    "%c%c"  /* session key allocated space (unknown purpose) */
-                    "%c%c"  /* session key offset (unknown purpose) */
-                    "%c%c"  /* 2 zeroes */
-
-                    "%c%c%c%c" /* flags */
-
-                    /* domain string */
-                    /* user string */
-                    /* host string */
-                    /* LanManager response */
-                    /* NT response */
-                    ,
-                    0, /* zero termination */
-                    0,0,0, /* type-3 long, the 24 upper bits */
-
-                    SHORTPAIR(0x18),  /* LanManager response length, twice */
-                    SHORTPAIR(0x18),
-                    SHORTPAIR(lmrespoff),
-                    0x0, 0x0,
-
-#if USE_NTRESPONSES
-                    SHORTPAIR(0x18),  /* NT-response length, twice */
-                    SHORTPAIR(0x18),
-                    SHORTPAIR(ntrespoff),
-                    0x0, 0x0,
-#else
-                    0x0, 0x0,
-                    0x0, 0x0,
-                    0x0, 0x0,
-                    0x0, 0x0,
-#endif
-                    SHORTPAIR(domlen),
-                    SHORTPAIR(domlen),
-                    SHORTPAIR(domoff),
-                    0x0, 0x0,
-
-                    SHORTPAIR(userlen),
-                    SHORTPAIR(userlen),
-                    SHORTPAIR(useroff),
-                    0x0, 0x0,
-
-                    SHORTPAIR(hostlen),
-                    SHORTPAIR(hostlen),
-                    SHORTPAIR(hostoff),
-                    0x0, 0x0,
-
-                    0x0, 0x0,
-                    0x0, 0x0,
-                    0x0, 0x0,
-                    0x0, 0x0,
-
-                    LONGQUARTET(ntlm->flags));
-    DEBUG_OUT(assert(size==64));
-
-    DEBUG_OUT(assert(size == lmrespoff));
-    /* We append the binary hashes */
-    if(size < (sizeof(ntlmbuf) - 0x18)) {
-      memcpy(&ntlmbuf[size], lmresp, 0x18);
-      size += 0x18;
-    }
-
-    DEBUG_OUT({
-        fprintf(stderr, "**** TYPE3 header lmresp=");
-        print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18);
-    });
-
-#if USE_NTRESPONSES
-    if(size < (sizeof(ntlmbuf) - 0x18)) {
-      DEBUG_OUT(assert(size == ntrespoff));
-      memcpy(&ntlmbuf[size], ntresp, 0x18);
-      size += 0x18;
-    }
-
-    DEBUG_OUT({
-        fprintf(stderr, "\n                  ntresp=");
-        print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18);
-    });
-
-#endif
-
-    DEBUG_OUT({
-        fprintf(stderr, "\n                  flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ",
-                LONGQUARTET(ntlm->flags), ntlm->flags);
-        print_flags(stderr, ntlm->flags);
-        fprintf(stderr, "\n****\n");
-    });
-
-
-    /* Make sure that the domain, user and host strings fit in the target
-       buffer before we copy them there. */
-    if(size + userlen + domlen + hostlen >= sizeof(ntlmbuf)) {
-      failf(conn->data, "user + domain + host name too big");
-      return CURLE_OUT_OF_MEMORY;
-    }
-
-    curlassert(size == domoff);
-    memcpy(&ntlmbuf[size], domain, domlen);
-    size += domlen;
-
-    curlassert(size == useroff);
-    memcpy(&ntlmbuf[size], user, userlen);
-    size += userlen;
-
-    curlassert(size == hostoff);
-    memcpy(&ntlmbuf[size], host, hostlen);
-    size += hostlen;
-
-#ifdef CURL_DOES_CONVERSIONS
-    /* convert domain, user, and host to ASCII but leave the rest as-is */
-    if(CURLE_OK != Curl_convert_to_network(conn->data, 
-                                           (char *)&ntlmbuf[domoff],
-                                           size-domoff)) {
-      return CURLE_CONV_FAILED;
-    }
-#endif /* CURL_DOES_CONVERSIONS */
-
-#endif
-
-    /* convert the binary blob into base64 */
-    size = Curl_base64_encode(NULL, (char *)ntlmbuf, size, &base64);
-
-    if(size >0 ) {
-      Curl_safefree(*allocuserpwd);
-      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
-                              proxy?"Proxy-":"",
-                              base64);
-      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
-      free(base64);
-    }
-    else
-      return CURLE_OUT_OF_MEMORY; /* FIX TODO */
-
-    ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
-    authp->done = TRUE;
-  }
-  break;
-
-  case NTLMSTATE_TYPE3:
-    /* connection is already authenticated,
-     * don't send a header in future requests */
-    if(*allocuserpwd) {
-      free(*allocuserpwd);
-      *allocuserpwd=NULL;
-    }
-    authp->done = TRUE;
-    break;
-  }
-
-  return CURLE_OK;
-}
-
-
-void
-Curl_ntlm_cleanup(struct connectdata *conn)
-{
-#ifdef USE_WINDOWS_SSPI
-  ntlm_sspi_cleanup(&conn->ntlm);
-  ntlm_sspi_cleanup(&conn->proxyntlm);
-  if (s_hSecDll != NULL) {
-    FreeLibrary(s_hSecDll);
-    s_hSecDll = NULL;
-    s_pSecFn = NULL;
-  }
-#else
-  (void)conn;
-#endif
-}
-
-#endif /* USE_NTLM */
-#endif /* !CURL_DISABLE_HTTP */
diff --git a/Utilities/cmcurl/if2ip.c b/Utilities/cmcurl/if2ip.c
deleted file mode 100644
index b4a98c6..0000000
--- a/Utilities/cmcurl/if2ip.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "if2ip.h"
-
-/*
- * This test can probably be simplified to #if defined(SIOCGIFADDR) and
- * moved after the following includes.
- */
-#if !defined(WIN32) && !defined(__BEOS__) && !defined(__CYGWIN__) && \
-    !defined(__riscos__) && !defined(__INTERIX) && !defined(NETWARE) && \
-    !defined(_AMIGASF) && !defined(__minix)
-
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-
-#ifdef HAVE_SYS_TIME_H
-/* This must be before net/if.h for AIX 3.2 to enjoy life */
-#include <sys/time.h>
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#ifdef HAVE_SYS_IOCTL_H
-#include <sys/ioctl.h>
-#endif
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKIO_H
-#include <sys/sockio.h>
-#endif
-
-#ifdef VMS
-#include <inet.h>
-#endif
-
-#include "inet_ntop.h"
-#include "memory.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#define SYS_ERROR -1
-
-char *Curl_if2ip(const char *interface, char *buf, int buf_size)
-{
-  int dummy;
-  char *ip=NULL;
-
-  if(!interface)
-    return NULL;
-
-  dummy = socket(AF_INET, SOCK_STREAM, 0);
-  if (SYS_ERROR == dummy) {
-    return NULL;
-  }
-  else {
-    struct ifreq req;
-    size_t len = strlen(interface);
-    memset(&req, 0, sizeof(req));
-    if(len >= sizeof(req.ifr_name))
-      return NULL; /* this can't be a fine interface name */
-    memcpy(req.ifr_name, interface, len+1);
-    req.ifr_addr.sa_family = AF_INET;
-#ifdef IOCTL_3_ARGS
-    if (SYS_ERROR == ioctl(dummy, SIOCGIFADDR, &req)) {
-#else
-    if (SYS_ERROR == ioctl(dummy, SIOCGIFADDR, &req, sizeof(req))) {
-#endif
-      sclose(dummy);
-      return NULL;
-    }
-    else {
-      struct in_addr in;
-
-      struct sockaddr_in *s = (struct sockaddr_in *)&req.ifr_dstaddr;
-      memcpy(&in, &s->sin_addr, sizeof(in));
-      ip = (char *) Curl_inet_ntop(s->sin_family, &in, buf, buf_size);
-    }
-    sclose(dummy);
-  }
-  return ip;
-}
-
-/* -- end of if2ip() -- */
-#else
-char *Curl_if2ip(const char *interf, char *buf, int buf_size)
-{
-    (void) interf;
-    (void) buf;
-    (void) buf_size;
-    return NULL;
-}
-#endif
diff --git a/Utilities/cmcurl/curl/curl.h b/Utilities/cmcurl/include/curl/curl.h
index e586c4a..40d0b81 100644
--- a/Utilities/cmcurl/curl/curl.h
+++ b/Utilities/cmcurl/include/curl/curl.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,161 +20,99 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-/* If you have problems, all libcurl docs and details are found here:
-   http://curl.haxx.se/libcurl/
-*/
-
-#include "curlver.h" /* the libcurl version defines */
-
-#include <stdio.h>
-#include <limits.h>
-
-/* The include stuff here below is mainly for time_t! */
-#ifdef vms
-# include <types.h>
-# include <time.h>
-#else
-# include <sys/types.h>
-# include <time.h>
-#endif /* defined (vms) */
-
-typedef void CURL;
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 /*
- * Decorate exportable functions for Win32 DLL linking.
- * This avoids using a .def file for building libcurl.dll.
+ * If you have libcurl problems, all docs and details are found here:
+ *   http://curl.haxx.se/libcurl/
+ *
+ * curl-library mailing list subscription and unsubscription web interface:
+ *   http://cool.haxx.se/mailman/listinfo/curl-library/
  */
-#if (defined(WIN32) || defined(_WIN32)) && !defined(CURL_STATICLIB)
-#if defined(BUILDING_LIBCURL)
-#define CURL_EXTERN  __declspec(dllexport)
-#else
-#define CURL_EXTERN  __declspec(dllimport)
-#endif
-#else
 
-#ifdef CURL_HIDDEN_SYMBOLS
-/*
- * This definition is used to make external definitions visibile in the
- * shared library when symbols are hidden by default.  It makes no
- * difference when compiling applications whether this is set or not,
- * only when compiling the library.
- */
-#define CURL_EXTERN CURL_EXTERN_SYMBOL
-#else
-#define CURL_EXTERN
-#endif
-#endif
+#include "curlver.h"         /* libcurl version defines   */
+#include "cmcurl/include/curl/curlbuild.h" /* libcurl build definitions */
+#include "curlrules.h"       /* libcurl rules enforcement */
 
 /*
- * We want the typedef curl_off_t setup for large file support on all
- * platforms. We also provide a CURL_FORMAT_OFF_T define to use in *printf
- * format strings when outputting a variable of type curl_off_t.
- *
- * Note: "pocc -Ze" is MSVC compatibily mode and this sets _MSC_VER!
+ * Define WIN32 when build target is Win32 API
  */
 
-#if (defined(_MSC_VER) && !defined(__POCC__)) || (defined(__LCC__) && defined(WIN32))
-/* MSVC */
-#ifdef _WIN32_WCE
-  typedef long curl_off_t;
-#define CURL_FORMAT_OFF_T "%ld"
-#else
-  typedef signed __int64 curl_off_t;
-#define CURL_FORMAT_OFF_T "%I64d"
-#endif
-#else /* (_MSC_VER && !__POCC__) || (__LCC__ && WIN32) */
-#if (defined(__GNUC__) && defined(WIN32)) || defined(__WATCOMC__)
-/* gcc on windows or Watcom */
-  typedef long long curl_off_t;
-#define CURL_FORMAT_OFF_T "%I64d"
-#else /* GCC or Watcom on Windows  */
-
-/* "normal" POSIX approach, do note that this does not necessarily mean that
-   the type is >32 bits, see the SIZEOF_CURL_OFF_T define for that! */
-  typedef off_t curl_off_t;
-
-/* Check a range of defines to detect large file support. On Linux it seems
-   none of these are set by default, so if you don't explicitly switches on
-   large file support, this define will be made for "small file" support. */
-#ifndef _FILE_OFFSET_BITS
-#define _FILE_OFFSET_BITS 0 /* to prevent warnings in the check below */
-#define UNDEF_FILE_OFFSET_BITS
-#endif
-#ifndef FILESIZEBITS
-#define FILESIZEBITS 0 /* to prevent warnings in the check below */
-#define UNDEF_FILESIZEBITS
-#endif
-
-#if defined(_LARGE_FILES) || (_FILE_OFFSET_BITS > 32) || (FILESIZEBITS > 32) \
-   || defined(_LARGEFILE_SOURCE) || defined(_LARGEFILE64_SOURCE)
-  /* For now, we assume at least one of these to be set for large files to
-     work! */
-#define CURL_FORMAT_OFF_T "%lld"
-#else /* LARGE_FILE support */
-#define CURL_FORMAT_OFF_T "%ld"
+#if (defined(_WIN32) || defined(__WIN32__)) && \
+     !defined(WIN32) && !defined(__SYMBIAN32__)
+#define WIN32
 #endif
-#endif /* GCC or Watcom on Windows */
-#endif /* (_MSC_VER && !__POCC__) || (__LCC__ && WIN32) */
 
-#ifdef UNDEF_FILE_OFFSET_BITS
-/* this was defined above for our checks, undefine it again */
-#undef _FILE_OFFSET_BITS
-#endif
-
-#ifdef UNDEF_FILESIZEBITS
-/* this was defined above for our checks, undefine it again */
-#undef FILESIZEBITS
-#endif
+#include <stdio.h>
+#include <limits.h>
 
-#if defined(_WIN32) && !defined(WIN32)
-/* Chris Lewis mentioned that he doesn't get WIN32 defined, only _WIN32 so we
-   make this adjustment to catch this. */
-#define WIN32 1
+#if defined(__FreeBSD__) && (__FreeBSD__ >= 2)
+/* Needed for __FreeBSD_version symbol definition */
+#include <osreldate.h>
 #endif
 
-#ifdef __cplusplus
-}
-#endif
+/* The include stuff here below is mainly for time_t! */
+#include <sys/types.h>
+#include <time.h>
 
-#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__GNUC__) && \
-  !defined(__CYGWIN__) || defined(__MINGW32__)
-#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H))
+#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__)
+#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || defined(__LWIP_OPT_H__))
 /* The check above prevents the winsock2 inclusion if winsock.h already was
    included, since they can't co-exist without problems */
 #include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
 #endif
-#else
 
 /* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
-   libc5-based Linux systems. Only include it on system that are known to
+   libc5-based Linux systems. Only include it on systems that are known to
    require it! */
-#if defined(_AIX) || defined(NETWARE) || defined(__NetBSD__) || defined(__minix)
+#if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \
+    defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \
+    defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \
+   (defined(__FreeBSD_version) && (__FreeBSD_version < 800000))
 #include <sys/select.h>
 #endif
 
-#ifndef _WIN32_WCE
+#if !defined(WIN32) && !defined(_WIN32_WCE)
 #include <sys/socket.h>
 #endif
-#ifndef __WATCOMC__
+
+#if !defined(WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__)
 #include <sys/time.h>
 #endif
-#include <sys/types.h>
+
+#if defined __BEOS__ || defined __HAIKU__
+#include <support/SupportDefs.h>
 #endif
 
-#ifdef __cplusplus
+#ifdef  __cplusplus
 extern "C" {
 #endif
 
+typedef void CURL;
+
+/*
+ * libcurl external API function linkage decorations.
+ */
+
+#ifdef CURL_STATICLIB
+#  define CURL_EXTERN
+#elif defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__)
+#  if defined(BUILDING_LIBCURL)
+#    define CURL_EXTERN  __declspec(dllexport)
+#  else
+#    define CURL_EXTERN  __declspec(dllimport)
+#  endif
+#elif defined(BUILDING_LIBCURL) && defined(CURL_HIDDEN_SYMBOLS)
+#  define CURL_EXTERN CURL_EXTERN_SYMBOL
+#else
+#  define CURL_EXTERN
+#endif
+
 #ifndef curl_socket_typedef
 /* socket typedef */
-#ifdef WIN32
+#if defined(WIN32) && !defined(__LWIP_OPT_H__)
 typedef SOCKET curl_socket_t;
 #define CURL_SOCKET_BAD INVALID_SOCKET
 #else
@@ -206,51 +144,206 @@ struct curl_httppost {
                                        do not free in formfree */
 #define HTTPPOST_BUFFER (1<<4)      /* upload file from buffer */
 #define HTTPPOST_PTRBUFFER (1<<5)   /* upload file from pointer contents */
+#define HTTPPOST_CALLBACK (1<<6)    /* upload file contents by using the
+                                       regular read callback to get the data
+                                       and pass the given pointer as custom
+                                       pointer */
 
   char *showfilename;               /* The file name to show. If not set, the
                                        actual file name will be used (if this
                                        is a file part) */
+  void *userp;                      /* custom pointer used for
+                                       HTTPPOST_CALLBACK posts */
 };
 
+/* This is the CURLOPT_PROGRESSFUNCTION callback proto. It is now considered
+   deprecated but was the only choice up until 7.31.0 */
 typedef int (*curl_progress_callback)(void *clientp,
                                       double dltotal,
                                       double dlnow,
                                       double ultotal,
                                       double ulnow);
 
+/* This is the CURLOPT_XFERINFOFUNCTION callback proto. It was introduced in
+   7.32.0, it avoids floating point and provides more detailed information. */
+typedef int (*curl_xferinfo_callback)(void *clientp,
+                                      curl_off_t dltotal,
+                                      curl_off_t dlnow,
+                                      curl_off_t ultotal,
+                                      curl_off_t ulnow);
+
+#ifndef CURL_MAX_WRITE_SIZE
   /* Tests have proven that 20K is a very bad buffer size for uploads on
-     Windows, while 16K for some odd reason performed a lot better. */
+     Windows, while 16K for some odd reason performed a lot better.
+     We do the ifndef check to allow this value to easier be changed at build
+     time for those who feel adventurous. The practical minimum is about
+     400 bytes since libcurl uses a buffer of this size as a scratch area
+     (unrelated to network send operations). */
 #define CURL_MAX_WRITE_SIZE 16384
+#endif
+
+#ifndef CURL_MAX_HTTP_HEADER
+/* The only reason to have a max limit for this is to avoid the risk of a bad
+   server feeding libcurl with a never-ending header that will cause reallocs
+   infinitely */
+#define CURL_MAX_HTTP_HEADER (100*1024)
+#endif
+
+/* This is a magic return code for the write callback that, when returned,
+   will signal libcurl to pause receiving on the current transfer. */
+#define CURL_WRITEFUNC_PAUSE 0x10000001
 
 typedef size_t (*curl_write_callback)(char *buffer,
                                       size_t size,
                                       size_t nitems,
                                       void *outstream);
 
+
+
+/* enumeration of file types */
+typedef enum {
+  CURLFILETYPE_FILE = 0,
+  CURLFILETYPE_DIRECTORY,
+  CURLFILETYPE_SYMLINK,
+  CURLFILETYPE_DEVICE_BLOCK,
+  CURLFILETYPE_DEVICE_CHAR,
+  CURLFILETYPE_NAMEDPIPE,
+  CURLFILETYPE_SOCKET,
+  CURLFILETYPE_DOOR, /* is possible only on Sun Solaris now */
+
+  CURLFILETYPE_UNKNOWN /* should never occur */
+} curlfiletype;
+
+#define CURLFINFOFLAG_KNOWN_FILENAME    (1<<0)
+#define CURLFINFOFLAG_KNOWN_FILETYPE    (1<<1)
+#define CURLFINFOFLAG_KNOWN_TIME        (1<<2)
+#define CURLFINFOFLAG_KNOWN_PERM        (1<<3)
+#define CURLFINFOFLAG_KNOWN_UID         (1<<4)
+#define CURLFINFOFLAG_KNOWN_GID         (1<<5)
+#define CURLFINFOFLAG_KNOWN_SIZE        (1<<6)
+#define CURLFINFOFLAG_KNOWN_HLINKCOUNT  (1<<7)
+
+/* Content of this structure depends on information which is known and is
+   achievable (e.g. by FTP LIST parsing). Please see the url_easy_setopt(3) man
+   page for callbacks returning this structure -- some fields are mandatory,
+   some others are optional. The FLAG field has special meaning. */
+struct curl_fileinfo {
+  char *filename;
+  curlfiletype filetype;
+  time_t time;
+  unsigned int perm;
+  int uid;
+  int gid;
+  curl_off_t size;
+  long int hardlinks;
+
+  struct {
+    /* If some of these fields is not NULL, it is a pointer to b_data. */
+    char *time;
+    char *perm;
+    char *user;
+    char *group;
+    char *target; /* pointer to the target filename of a symlink */
+  } strings;
+
+  unsigned int flags;
+
+  /* used internally */
+  char * b_data;
+  size_t b_size;
+  size_t b_used;
+};
+
+/* return codes for CURLOPT_CHUNK_BGN_FUNCTION */
+#define CURL_CHUNK_BGN_FUNC_OK      0
+#define CURL_CHUNK_BGN_FUNC_FAIL    1 /* tell the lib to end the task */
+#define CURL_CHUNK_BGN_FUNC_SKIP    2 /* skip this chunk over */
+
+/* if splitting of data transfer is enabled, this callback is called before
+   download of an individual chunk started. Note that parameter "remains" works
+   only for FTP wildcard downloading (for now), otherwise is not used */
+typedef long (*curl_chunk_bgn_callback)(const void *transfer_info,
+                                        void *ptr,
+                                        int remains);
+
+/* return codes for CURLOPT_CHUNK_END_FUNCTION */
+#define CURL_CHUNK_END_FUNC_OK      0
+#define CURL_CHUNK_END_FUNC_FAIL    1 /* tell the lib to end the task */
+
+/* If splitting of data transfer is enabled this callback is called after
+   download of an individual chunk finished.
+   Note! After this callback was set then it have to be called FOR ALL chunks.
+   Even if downloading of this chunk was skipped in CHUNK_BGN_FUNC.
+   This is the reason why we don't need "transfer_info" parameter in this
+   callback and we are not interested in "remains" parameter too. */
+typedef long (*curl_chunk_end_callback)(void *ptr);
+
+/* return codes for FNMATCHFUNCTION */
+#define CURL_FNMATCHFUNC_MATCH    0 /* string corresponds to the pattern */
+#define CURL_FNMATCHFUNC_NOMATCH  1 /* pattern doesn't match the string */
+#define CURL_FNMATCHFUNC_FAIL     2 /* an error occurred */
+
+/* callback type for wildcard downloading pattern matching. If the
+   string matches the pattern, return CURL_FNMATCHFUNC_MATCH value, etc. */
+typedef int (*curl_fnmatch_callback)(void *ptr,
+                                     const char *pattern,
+                                     const char *string);
+
+/* These are the return codes for the seek callbacks */
+#define CURL_SEEKFUNC_OK       0
+#define CURL_SEEKFUNC_FAIL     1 /* fail the entire transfer */
+#define CURL_SEEKFUNC_CANTSEEK 2 /* tell libcurl seeking can't be done, so
+                                    libcurl might try other means instead */
+typedef int (*curl_seek_callback)(void *instream,
+                                  curl_off_t offset,
+                                  int origin); /* 'whence' */
+
 /* This is a return code for the read callback that, when returned, will
    signal libcurl to immediately abort the current transfer. */
 #define CURL_READFUNC_ABORT 0x10000000
+/* This is a return code for the read callback that, when returned, will
+   signal libcurl to pause sending data on the current transfer. */
+#define CURL_READFUNC_PAUSE 0x10000001
+
 typedef size_t (*curl_read_callback)(char *buffer,
                                       size_t size,
                                       size_t nitems,
                                       void *instream);
 
 typedef enum  {
-  CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */
-  CURLSOCKTYPE_LAST   /* never use */
+  CURLSOCKTYPE_IPCXN,  /* socket created for a specific IP connection */
+  CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */
+  CURLSOCKTYPE_LAST    /* never use */
 } curlsocktype;
 
+/* The return code from the sockopt_callback can signal information back
+   to libcurl: */
+#define CURL_SOCKOPT_OK 0
+#define CURL_SOCKOPT_ERROR 1 /* causes libcurl to abort and return
+                                CURLE_ABORTED_BY_CALLBACK */
+#define CURL_SOCKOPT_ALREADY_CONNECTED 2
+
 typedef int (*curl_sockopt_callback)(void *clientp,
                                      curl_socket_t curlfd,
                                      curlsocktype purpose);
 
-#ifndef CURL_NO_OLDIES
-  /* not used since 7.10.8, will be removed in a future release */
-typedef int (*curl_passwd_callback)(void *clientp,
-                                    const char *prompt,
-                                    char *buffer,
-                                    int buflen);
-#endif
+struct curl_sockaddr {
+  int family;
+  int socktype;
+  int protocol;
+  unsigned int addrlen; /* addrlen was a socklen_t type before 7.18.0 but it
+                           turned really ugly and painful on the systems that
+                           lack this type */
+  struct sockaddr addr;
+};
+
+typedef curl_socket_t
+(*curl_opensocket_callback)(void *clientp,
+                            curlsocktype purpose,
+                            struct curl_sockaddr *address);
+
+typedef int
+(*curl_closesocket_callback)(void *clientp, curl_socket_t item);
 
 typedef enum {
   CURLIOE_OK,            /* I/O operation successful */
@@ -312,74 +405,81 @@ typedef enum {
   CURLE_UNSUPPORTED_PROTOCOL,    /* 1 */
   CURLE_FAILED_INIT,             /* 2 */
   CURLE_URL_MALFORMAT,           /* 3 */
-  CURLE_NOT_BUILT_IN,            /* 4 */
+  CURLE_NOT_BUILT_IN,            /* 4 - [was obsoleted in August 2007 for
+                                    7.17.0, reused in April 2011 for 7.21.5] */
   CURLE_COULDNT_RESOLVE_PROXY,   /* 5 */
   CURLE_COULDNT_RESOLVE_HOST,    /* 6 */
   CURLE_COULDNT_CONNECT,         /* 7 */
   CURLE_FTP_WEIRD_SERVER_REPLY,  /* 8 */
-  CURLE_FTP_ACCESS_DENIED,       /* 9 a service was denied by the FTP server
+  CURLE_REMOTE_ACCESS_DENIED,    /* 9 a service was denied by the server
                                     due to lack of access - when login fails
                                     this is not returned. */
-  CURLE_FTP_USER_PASSWORD_INCORRECT, /* 10 - NOT USED */
+  CURLE_FTP_ACCEPT_FAILED,       /* 10 - [was obsoleted in April 2006 for
+                                    7.15.4, reused in Dec 2011 for 7.24.0]*/
   CURLE_FTP_WEIRD_PASS_REPLY,    /* 11 */
-  CURLE_FTP_WEIRD_USER_REPLY,    /* 12 */
+  CURLE_FTP_ACCEPT_TIMEOUT,      /* 12 - timeout occurred accepting server
+                                    [was obsoleted in August 2007 for 7.17.0,
+                                    reused in Dec 2011 for 7.24.0]*/
   CURLE_FTP_WEIRD_PASV_REPLY,    /* 13 */
   CURLE_FTP_WEIRD_227_FORMAT,    /* 14 */
   CURLE_FTP_CANT_GET_HOST,       /* 15 */
-  CURLE_FTP_CANT_RECONNECT,      /* 16 */
-  CURLE_FTP_COULDNT_SET_BINARY,  /* 17 */
+  CURLE_HTTP2,                   /* 16 - A problem in the http2 framing layer.
+                                    [was obsoleted in August 2007 for 7.17.0,
+                                    reused in July 2014 for 7.38.0] */
+  CURLE_FTP_COULDNT_SET_TYPE,    /* 17 */
   CURLE_PARTIAL_FILE,            /* 18 */
   CURLE_FTP_COULDNT_RETR_FILE,   /* 19 */
-  CURLE_FTP_WRITE_ERROR,         /* 20 */
-  CURLE_FTP_QUOTE_ERROR,         /* 21 */
+  CURLE_OBSOLETE20,              /* 20 - NOT USED */
+  CURLE_QUOTE_ERROR,             /* 21 - quote command failure */
   CURLE_HTTP_RETURNED_ERROR,     /* 22 */
   CURLE_WRITE_ERROR,             /* 23 */
-  CURLE_MALFORMAT_USER,          /* 24 - NOT USED */
-  CURLE_FTP_COULDNT_STOR_FILE,   /* 25 - failed FTP upload */
-  CURLE_READ_ERROR,              /* 26 - could open/read from file */
+  CURLE_OBSOLETE24,              /* 24 - NOT USED */
+  CURLE_UPLOAD_FAILED,           /* 25 - failed upload "command" */
+  CURLE_READ_ERROR,              /* 26 - couldn't open/read from file */
   CURLE_OUT_OF_MEMORY,           /* 27 */
   /* Note: CURLE_OUT_OF_MEMORY may sometimes indicate a conversion error
            instead of a memory allocation error if CURL_DOES_CONVERSIONS
            is defined
   */
-  CURLE_OPERATION_TIMEOUTED,     /* 28 - the timeout time was reached */
-  CURLE_FTP_COULDNT_SET_ASCII,   /* 29 - TYPE A failed */
+  CURLE_OPERATION_TIMEDOUT,      /* 28 - the timeout time was reached */
+  CURLE_OBSOLETE29,              /* 29 - NOT USED */
   CURLE_FTP_PORT_FAILED,         /* 30 - FTP PORT operation failed */
   CURLE_FTP_COULDNT_USE_REST,    /* 31 - the REST command failed */
-  CURLE_FTP_COULDNT_GET_SIZE,    /* 32 - the SIZE command failed */
-  CURLE_HTTP_RANGE_ERROR,        /* 33 - RANGE "command" didn't work */
+  CURLE_OBSOLETE32,              /* 32 - NOT USED */
+  CURLE_RANGE_ERROR,             /* 33 - RANGE "command" didn't work */
   CURLE_HTTP_POST_ERROR,         /* 34 */
   CURLE_SSL_CONNECT_ERROR,       /* 35 - wrong when connecting with SSL */
   CURLE_BAD_DOWNLOAD_RESUME,     /* 36 - couldn't resume download */
   CURLE_FILE_COULDNT_READ_FILE,  /* 37 */
   CURLE_LDAP_CANNOT_BIND,        /* 38 */
   CURLE_LDAP_SEARCH_FAILED,      /* 39 */
-  CURLE_LIBRARY_NOT_FOUND,       /* 40 */
+  CURLE_OBSOLETE40,              /* 40 - NOT USED */
   CURLE_FUNCTION_NOT_FOUND,      /* 41 */
   CURLE_ABORTED_BY_CALLBACK,     /* 42 */
   CURLE_BAD_FUNCTION_ARGUMENT,   /* 43 */
-  CURLE_BAD_CALLING_ORDER,       /* 44 - NOT USED */
+  CURLE_OBSOLETE44,              /* 44 - NOT USED */
   CURLE_INTERFACE_FAILED,        /* 45 - CURLOPT_INTERFACE failed */
-  CURLE_BAD_PASSWORD_ENTERED,    /* 46 - NOT USED */
+  CURLE_OBSOLETE46,              /* 46 - NOT USED */
   CURLE_TOO_MANY_REDIRECTS ,     /* 47 - catch endless re-direct loops */
-  CURLE_UNKNOWN_TELNET_OPTION,   /* 48 - User specified an unknown option */
+  CURLE_UNKNOWN_OPTION,          /* 48 - User specified an unknown option */
   CURLE_TELNET_OPTION_SYNTAX ,   /* 49 - Malformed telnet option */
-  CURLE_OBSOLETE,                /* 50 - NOT USED */
-  CURLE_SSL_PEER_CERTIFICATE,    /* 51 - peer's certificate wasn't ok */
+  CURLE_OBSOLETE50,              /* 50 - NOT USED */
+  CURLE_PEER_FAILED_VERIFICATION, /* 51 - peer's certificate or fingerprint
+                                     wasn't verified fine */
   CURLE_GOT_NOTHING,             /* 52 - when this is a specific error */
   CURLE_SSL_ENGINE_NOTFOUND,     /* 53 - SSL crypto engine not found */
   CURLE_SSL_ENGINE_SETFAILED,    /* 54 - can not set SSL crypto engine as
                                     default */
   CURLE_SEND_ERROR,              /* 55 - failed sending network data */
   CURLE_RECV_ERROR,              /* 56 - failure in receiving network data */
-  CURLE_SHARE_IN_USE,            /* 57 - share is in use */
+  CURLE_OBSOLETE57,              /* 57 - NOT IN USE */
   CURLE_SSL_CERTPROBLEM,         /* 58 - problem with the local certificate */
   CURLE_SSL_CIPHER,              /* 59 - couldn't use specified cipher */
   CURLE_SSL_CACERT,              /* 60 - problem with the CA cert (path?) */
-  CURLE_BAD_CONTENT_ENCODING,    /* 61 - Unrecognized transfer encoding */
+  CURLE_BAD_CONTENT_ENCODING,    /* 61 - Unrecognized/bad encoding */
   CURLE_LDAP_INVALID_URL,        /* 62 - Invalid LDAP URL */
   CURLE_FILESIZE_EXCEEDED,       /* 63 - Maximum file size exceeded */
-  CURLE_FTP_SSL_FAILED,          /* 64 - Requested FTP SSL level failed */
+  CURLE_USE_SSL_FAILED,          /* 64 - Requested FTP SSL level failed */
   CURLE_SEND_FAIL_REWIND,        /* 65 - Sending the data requires a rewind
                                     that failed */
   CURLE_SSL_ENGINE_INITFAILED,   /* 66 - failed to initialise ENGINE */
@@ -387,10 +487,10 @@ typedef enum {
                                     accepted and we failed to login */
   CURLE_TFTP_NOTFOUND,           /* 68 - file not found on server */
   CURLE_TFTP_PERM,               /* 69 - permission problem on server */
-  CURLE_TFTP_DISKFULL,           /* 70 - out of disk space on server */
+  CURLE_REMOTE_DISK_FULL,        /* 70 - out of disk space on server */
   CURLE_TFTP_ILLEGAL,            /* 71 - Illegal TFTP operation */
   CURLE_TFTP_UNKNOWNID,          /* 72 - Unknown transfer ID */
-  CURLE_TFTP_EXISTS,             /* 73 - File already exists */
+  CURLE_REMOTE_FILE_EXISTS,      /* 73 - File already exists */
   CURLE_TFTP_NOSUCHUSER,         /* 74 - No such user */
   CURLE_CONV_FAILED,             /* 75 - conversion failed */
   CURLE_CONV_REQD,               /* 76 - caller must register conversion
@@ -407,9 +507,95 @@ typedef enum {
 
   CURLE_SSL_SHUTDOWN_FAILED,     /* 80 - Failed to shut down the SSL
                                     connection */
+  CURLE_AGAIN,                   /* 81 - socket is not ready for send/recv,
+                                    wait till it's ready and try again (Added
+                                    in 7.18.2) */
+  CURLE_SSL_CRL_BADFILE,         /* 82 - could not load CRL file, missing or
+                                    wrong format (Added in 7.19.0) */
+  CURLE_SSL_ISSUER_ERROR,        /* 83 - Issuer check failed.  (Added in
+                                    7.19.0) */
+  CURLE_FTP_PRET_FAILED,         /* 84 - a PRET command failed */
+  CURLE_RTSP_CSEQ_ERROR,         /* 85 - mismatch of RTSP CSeq numbers */
+  CURLE_RTSP_SESSION_ERROR,      /* 86 - mismatch of RTSP Session Ids */
+  CURLE_FTP_BAD_FILE_LIST,       /* 87 - unable to parse FTP file list */
+  CURLE_CHUNK_FAILED,            /* 88 - chunk callback reported error */
+  CURLE_NO_CONNECTION_AVAILABLE, /* 89 - No connection available, the
+                                    session will be queued */
   CURL_LAST /* never use! */
 } CURLcode;
 
+#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
+                          the obsolete stuff removed! */
+
+/* Previously obsolete error code re-used in 7.38.0 */
+#define CURLE_OBSOLETE16 CURLE_HTTP2
+
+/* Previously obsolete error codes re-used in 7.24.0 */
+#define CURLE_OBSOLETE10 CURLE_FTP_ACCEPT_FAILED
+#define CURLE_OBSOLETE12 CURLE_FTP_ACCEPT_TIMEOUT
+
+/*  compatibility with older names */
+#define CURLOPT_ENCODING CURLOPT_ACCEPT_ENCODING
+
+/* The following were added in 7.21.5, April 2011 */
+#define CURLE_UNKNOWN_TELNET_OPTION CURLE_UNKNOWN_OPTION
+
+/* The following were added in 7.17.1 */
+/* These are scheduled to disappear by 2009 */
+#define CURLE_SSL_PEER_CERTIFICATE CURLE_PEER_FAILED_VERIFICATION
+
+/* The following were added in 7.17.0 */
+/* These are scheduled to disappear by 2009 */
+#define CURLE_OBSOLETE CURLE_OBSOLETE50 /* no one should be using this! */
+#define CURLE_BAD_PASSWORD_ENTERED CURLE_OBSOLETE46
+#define CURLE_BAD_CALLING_ORDER CURLE_OBSOLETE44
+#define CURLE_FTP_USER_PASSWORD_INCORRECT CURLE_OBSOLETE10
+#define CURLE_FTP_CANT_RECONNECT CURLE_OBSOLETE16
+#define CURLE_FTP_COULDNT_GET_SIZE CURLE_OBSOLETE32
+#define CURLE_FTP_COULDNT_SET_ASCII CURLE_OBSOLETE29
+#define CURLE_FTP_WEIRD_USER_REPLY CURLE_OBSOLETE12
+#define CURLE_FTP_WRITE_ERROR CURLE_OBSOLETE20
+#define CURLE_LIBRARY_NOT_FOUND CURLE_OBSOLETE40
+#define CURLE_MALFORMAT_USER CURLE_OBSOLETE24
+#define CURLE_SHARE_IN_USE CURLE_OBSOLETE57
+#define CURLE_URL_MALFORMAT_USER CURLE_NOT_BUILT_IN
+
+#define CURLE_FTP_ACCESS_DENIED CURLE_REMOTE_ACCESS_DENIED
+#define CURLE_FTP_COULDNT_SET_BINARY CURLE_FTP_COULDNT_SET_TYPE
+#define CURLE_FTP_QUOTE_ERROR CURLE_QUOTE_ERROR
+#define CURLE_TFTP_DISKFULL CURLE_REMOTE_DISK_FULL
+#define CURLE_TFTP_EXISTS CURLE_REMOTE_FILE_EXISTS
+#define CURLE_HTTP_RANGE_ERROR CURLE_RANGE_ERROR
+#define CURLE_FTP_SSL_FAILED CURLE_USE_SSL_FAILED
+
+/* The following were added earlier */
+
+#define CURLE_OPERATION_TIMEOUTED CURLE_OPERATION_TIMEDOUT
+
+#define CURLE_HTTP_NOT_FOUND CURLE_HTTP_RETURNED_ERROR
+#define CURLE_HTTP_PORT_FAILED CURLE_INTERFACE_FAILED
+#define CURLE_FTP_COULDNT_STOR_FILE CURLE_UPLOAD_FAILED
+
+#define CURLE_FTP_PARTIAL_FILE CURLE_PARTIAL_FILE
+#define CURLE_FTP_BAD_DOWNLOAD_RESUME CURLE_BAD_DOWNLOAD_RESUME
+
+/* This was the error code 50 in 7.7.3 and a few earlier versions, this
+   is no longer used by libcurl but is instead #defined here only to not
+   make programs break */
+#define CURLE_ALREADY_COMPLETE 99999
+
+/* Provide defines for really old option names */
+#define CURLOPT_FILE CURLOPT_WRITEDATA /* name changed in 7.9.7 */
+#define CURLOPT_INFILE CURLOPT_READDATA /* name changed in 7.9.7 */
+#define CURLOPT_WRITEHEADER CURLOPT_HEADERDATA
+
+/* Since long deprecated options with no code in the lib that does anything
+   with them. */
+#define CURLOPT_WRITEINFO CURLOPT_OBSOLETE40
+#define CURLOPT_CLOSEPOLICY CURLOPT_OBSOLETE72
+
+#endif /*!CURL_NO_OLDIES*/
+
 /* This prototype applies to all conversion callbacks */
 typedef CURLcode (*curl_conv_callback)(char *buffer, size_t length);
 
@@ -418,29 +604,49 @@ typedef CURLcode (*curl_ssl_ctx_callback)(CURL *curl,    /* easy handle */
                                                             OpenSSL SSL_CTX */
                                           void *userptr);
 
-/* Make a spelling correction for the operation timed-out define */
-#define CURLE_OPERATION_TIMEDOUT CURLE_OPERATION_TIMEOUTED
+typedef enum {
+  CURLPROXY_HTTP = 0,   /* added in 7.10, new in 7.19.4 default is to use
+                           CONNECT HTTP/1.1 */
+  CURLPROXY_HTTP_1_0 = 1,   /* added in 7.19.4, force to use CONNECT
+                               HTTP/1.0  */
+  CURLPROXY_SOCKS4 = 4, /* support added in 7.15.2, enum existed already
+                           in 7.10 */
+  CURLPROXY_SOCKS5 = 5, /* added in 7.10 */
+  CURLPROXY_SOCKS4A = 6, /* added in 7.18.0 */
+  CURLPROXY_SOCKS5_HOSTNAME = 7 /* Use the SOCKS5 protocol but pass along the
+                                   host name rather than the IP address. added
+                                   in 7.18.0 */
+} curl_proxytype;  /* this enum was added in 7.10 */
 
-#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
-                          the obsolete stuff removed! */
-/* backwards compatibility with older names */
-#define CURLE_HTTP_NOT_FOUND CURLE_HTTP_RETURNED_ERROR
-#define CURLE_HTTP_PORT_FAILED CURLE_INTERFACE_FAILED
-#endif
+/*
+ * Bitmasks for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH options:
+ *
+ * CURLAUTH_NONE         - No HTTP authentication
+ * CURLAUTH_BASIC        - HTTP Basic authentication (default)
+ * CURLAUTH_DIGEST       - HTTP Digest authentication
+ * CURLAUTH_NEGOTIATE    - HTTP Negotiate (SPNEGO) authentication
+ * CURLAUTH_GSSNEGOTIATE - Alias for CURLAUTH_NEGOTIATE (deprecated)
+ * CURLAUTH_NTLM         - HTTP NTLM authentication
+ * CURLAUTH_DIGEST_IE    - HTTP Digest authentication with IE flavour
+ * CURLAUTH_NTLM_WB      - HTTP NTLM authentication delegated to winbind helper
+ * CURLAUTH_ONLY         - Use together with a single other type to force no
+ *                         authentication or just that single type
+ * CURLAUTH_ANY          - All fine types set
+ * CURLAUTH_ANYSAFE      - All fine types except Basic
+ */
 
-typedef enum {
-  CURLPROXY_HTTP = 0,
-  CURLPROXY_SOCKS4 = 4,
-  CURLPROXY_SOCKS5 = 5
-} curl_proxytype;
-
-#define CURLAUTH_NONE         0       /* nothing */
-#define CURLAUTH_BASIC        (1<<0)  /* Basic (default) */
-#define CURLAUTH_DIGEST       (1<<1)  /* Digest */
-#define CURLAUTH_GSSNEGOTIATE (1<<2)  /* GSS-Negotiate */
-#define CURLAUTH_NTLM         (1<<3)  /* NTLM */
-#define CURLAUTH_ANY ~0               /* all types set */
-#define CURLAUTH_ANYSAFE (~CURLAUTH_BASIC)
+#define CURLAUTH_NONE         ((unsigned long)0)
+#define CURLAUTH_BASIC        (((unsigned long)1)<<0)
+#define CURLAUTH_DIGEST       (((unsigned long)1)<<1)
+#define CURLAUTH_NEGOTIATE    (((unsigned long)1)<<2)
+/* Deprecated since the advent of CURLAUTH_NEGOTIATE */
+#define CURLAUTH_GSSNEGOTIATE CURLAUTH_NEGOTIATE
+#define CURLAUTH_NTLM         (((unsigned long)1)<<3)
+#define CURLAUTH_DIGEST_IE    (((unsigned long)1)<<4)
+#define CURLAUTH_NTLM_WB      (((unsigned long)1)<<5)
+#define CURLAUTH_ONLY         (((unsigned long)1)<<31)
+#define CURLAUTH_ANY          (~CURLAUTH_DIGEST_IE)
+#define CURLAUTH_ANYSAFE      (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE))
 
 #define CURLSSH_AUTH_ANY       ~0     /* all types supported by the server */
 #define CURLSSH_AUTH_NONE      0      /* none allowed, silly but complete */
@@ -448,30 +654,95 @@ typedef enum {
 #define CURLSSH_AUTH_PASSWORD  (1<<1) /* password */
 #define CURLSSH_AUTH_HOST      (1<<2) /* host key files */
 #define CURLSSH_AUTH_KEYBOARD  (1<<3) /* keyboard interactive */
+#define CURLSSH_AUTH_AGENT     (1<<4) /* agent (ssh-agent, pageant...) */
 #define CURLSSH_AUTH_DEFAULT CURLSSH_AUTH_ANY
 
+#define CURLGSSAPI_DELEGATION_NONE        0      /* no delegation (default) */
+#define CURLGSSAPI_DELEGATION_POLICY_FLAG (1<<0) /* if permitted by policy */
+#define CURLGSSAPI_DELEGATION_FLAG        (1<<1) /* delegate always */
+
+#define CURL_ERROR_SIZE 256
+
+enum curl_khtype {
+  CURLKHTYPE_UNKNOWN,
+  CURLKHTYPE_RSA1,
+  CURLKHTYPE_RSA,
+  CURLKHTYPE_DSS
+};
+
+struct curl_khkey {
+  const char *key; /* points to a zero-terminated string encoded with base64
+                      if len is zero, otherwise to the "raw" data */
+  size_t len;
+  enum curl_khtype keytype;
+};
+
+/* this is the set of return values expected from the curl_sshkeycallback
+   callback */
+enum curl_khstat {
+  CURLKHSTAT_FINE_ADD_TO_FILE,
+  CURLKHSTAT_FINE,
+  CURLKHSTAT_REJECT, /* reject the connection, return an error */
+  CURLKHSTAT_DEFER,  /* do not accept it, but we can't answer right now so
+                        this causes a CURLE_DEFER error but otherwise the
+                        connection will be left intact etc */
+  CURLKHSTAT_LAST    /* not for use, only a marker for last-in-list */
+};
+
+/* this is the set of status codes pass in to the callback */
+enum curl_khmatch {
+  CURLKHMATCH_OK,       /* match */
+  CURLKHMATCH_MISMATCH, /* host found, key mismatch! */
+  CURLKHMATCH_MISSING,  /* no matching host/key found */
+  CURLKHMATCH_LAST      /* not for use, only a marker for last-in-list */
+};
+
+typedef int
+  (*curl_sshkeycallback) (CURL *easy,     /* easy handle */
+                          const struct curl_khkey *knownkey, /* known */
+                          const struct curl_khkey *foundkey, /* found */
+                          enum curl_khmatch, /* libcurl's view on the keys */
+                          void *clientp); /* custom pointer passed from app */
+
+/* parameter for the CURLOPT_USE_SSL option */
+typedef enum {
+  CURLUSESSL_NONE,    /* do not attempt to use SSL */
+  CURLUSESSL_TRY,     /* try using SSL, proceed anyway otherwise */
+  CURLUSESSL_CONTROL, /* SSL for the control connection or fail */
+  CURLUSESSL_ALL,     /* SSL for all communication or fail */
+  CURLUSESSL_LAST     /* not an option, never use */
+} curl_usessl;
+
+/* Definition of bits for the CURLOPT_SSL_OPTIONS argument: */
+
+/* - ALLOW_BEAST tells libcurl to allow the BEAST SSL vulnerability in the
+   name of improving interoperability with older servers. Some SSL libraries
+   have introduced work-arounds for this flaw but those work-arounds sometimes
+   make the SSL communication fail. To regain functionality with those broken
+   servers, a user can this way allow the vulnerability back. */
+#define CURLSSLOPT_ALLOW_BEAST (1<<0)
+
 #ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
                           the obsolete stuff removed! */
-/* this was the error code 50 in 7.7.3 and a few earlier versions, this
-   is no longer used by libcurl but is instead #defined here only to not
-   make programs break */
-#define CURLE_ALREADY_COMPLETE 99999
 
-/* These are just to make older programs not break: */
-#define CURLE_FTP_PARTIAL_FILE CURLE_PARTIAL_FILE
-#define CURLE_FTP_BAD_DOWNLOAD_RESUME CURLE_BAD_DOWNLOAD_RESUME
-#endif
+/* Backwards compatibility with older names */
+/* These are scheduled to disappear by 2009 */
 
-#define CURL_ERROR_SIZE 256
+#define CURLFTPSSL_NONE CURLUSESSL_NONE
+#define CURLFTPSSL_TRY CURLUSESSL_TRY
+#define CURLFTPSSL_CONTROL CURLUSESSL_CONTROL
+#define CURLFTPSSL_ALL CURLUSESSL_ALL
+#define CURLFTPSSL_LAST CURLUSESSL_LAST
+#define curl_ftpssl curl_usessl
+#endif /*!CURL_NO_OLDIES*/
 
-/* parameter for the CURLOPT_FTP_SSL option */
+/* parameter for the CURLOPT_FTP_SSL_CCC option */
 typedef enum {
-  CURLFTPSSL_NONE,    /* do not attempt to use SSL */
-  CURLFTPSSL_TRY,     /* try using SSL, proceed anyway otherwise */
-  CURLFTPSSL_CONTROL, /* SSL for the control connection or fail */
-  CURLFTPSSL_ALL,     /* SSL for all communication or fail */
-  CURLFTPSSL_LAST     /* not an option, never use */
-} curl_ftpssl;
+  CURLFTPSSL_CCC_NONE,    /* do not send CCC */
+  CURLFTPSSL_CCC_PASSIVE, /* Let the server initiate the shutdown */
+  CURLFTPSSL_CCC_ACTIVE,  /* Initiate the shutdown */
+  CURLFTPSSL_CCC_LAST     /* not an option, never use */
+} curl_ftpccc;
 
 /* parameter for the CURLOPT_FTPSSLAUTH option */
 typedef enum {
@@ -481,6 +752,17 @@ typedef enum {
   CURLFTPAUTH_LAST /* not an option, never use */
 } curl_ftpauth;
 
+/* parameter for the CURLOPT_FTP_CREATE_MISSING_DIRS option */
+typedef enum {
+  CURLFTP_CREATE_DIR_NONE,  /* do NOT create missing dirs! */
+  CURLFTP_CREATE_DIR,       /* (FTP/SFTP) if CWD fails, try MKD and then CWD
+                               again if MKD succeeded, for SFTP this does
+                               similar magic */
+  CURLFTP_CREATE_DIR_RETRY, /* (FTP only) if CWD fails, try MKD and then CWD
+                               again even if MKD failed! */
+  CURLFTP_CREATE_DIR_LAST   /* not an option, never use */
+} curl_ftpcreatedir;
+
 /* parameter for the CURLOPT_FTP_FILEMETHOD option */
 typedef enum {
   CURLFTPMETHOD_DEFAULT,   /* let libcurl pick */
@@ -490,6 +772,39 @@ typedef enum {
   CURLFTPMETHOD_LAST       /* not an option, never use */
 } curl_ftpmethod;
 
+/* bitmask defines for CURLOPT_HEADEROPT */
+#define CURLHEADER_UNIFIED  0
+#define CURLHEADER_SEPARATE (1<<0)
+
+/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */
+#define CURLPROTO_HTTP   (1<<0)
+#define CURLPROTO_HTTPS  (1<<1)
+#define CURLPROTO_FTP    (1<<2)
+#define CURLPROTO_FTPS   (1<<3)
+#define CURLPROTO_SCP    (1<<4)
+#define CURLPROTO_SFTP   (1<<5)
+#define CURLPROTO_TELNET (1<<6)
+#define CURLPROTO_LDAP   (1<<7)
+#define CURLPROTO_LDAPS  (1<<8)
+#define CURLPROTO_DICT   (1<<9)
+#define CURLPROTO_FILE   (1<<10)
+#define CURLPROTO_TFTP   (1<<11)
+#define CURLPROTO_IMAP   (1<<12)
+#define CURLPROTO_IMAPS  (1<<13)
+#define CURLPROTO_POP3   (1<<14)
+#define CURLPROTO_POP3S  (1<<15)
+#define CURLPROTO_SMTP   (1<<16)
+#define CURLPROTO_SMTPS  (1<<17)
+#define CURLPROTO_RTSP   (1<<18)
+#define CURLPROTO_RTMP   (1<<19)
+#define CURLPROTO_RTMPT  (1<<20)
+#define CURLPROTO_RTMPE  (1<<21)
+#define CURLPROTO_RTMPTE (1<<22)
+#define CURLPROTO_RTMPS  (1<<23)
+#define CURLPROTO_RTMPTS (1<<24)
+#define CURLPROTO_GOPHER (1<<25)
+#define CURLPROTO_ALL    (~0) /* enable everything */
+
 /* long may be 32 or 64 bits, but we should never depend on anything else
    but 32 */
 #define CURLOPTTYPE_LONG          0
@@ -503,25 +818,9 @@ typedef enum {
 #ifdef CINIT
 #undef CINIT
 #endif
-/*
- * Figure out if we can use the ## operator, which is supported by ISO/ANSI C
- * and C++. Some compilers support it without setting __STDC__ or __cplusplus
- * so we need to carefully check for them too. We don't use configure-checks
- * for these since we want these headers to remain generic and working for all
- * platforms.
- */
-#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) || \
-  defined(__HP_aCC) || defined(__BORLANDC__) || defined(__LCC__) || \
-  defined(__POCC__) || defined(__SALFORDC__) || defined(__HIGHC__)
-  /* This compiler is believed to have an ISO compatible preprocessor */
-#define CURL_ISOCPP
-#else
-  /* This compiler is believed NOT to have an ISO compatible preprocessor */
-#undef CURL_ISOCPP
-#endif
 
 #ifdef CURL_ISOCPP
-#define CINIT(name,type,number) CURLOPT_ ## name = CURLOPTTYPE_ ## type + number
+#define CINIT(na,t,nu) CURLOPT_ ## na = CURLOPTTYPE_ ## t + nu
 #else
 /* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */
 #define LONG          CURLOPTTYPE_LONG
@@ -539,7 +838,7 @@ typedef enum {
 
 typedef enum {
   /* This is the FILE * or void * the regular output should be written to. */
-  CINIT(FILE, OBJECTPOINT, 1),
+  CINIT(WRITEDATA, OBJECTPOINT, 1),
 
   /* The full URL to get/put */
   CINIT(URL,  OBJECTPOINT, 2),
@@ -550,10 +849,10 @@ typedef enum {
   /* Name of proxy to use. */
   CINIT(PROXY, OBJECTPOINT, 4),
 
-  /* "name:password" to use when fetching. */
+  /* "user:password;options" to use when fetching. */
   CINIT(USERPWD, OBJECTPOINT, 5),
 
-  /* "name:password" to use with proxy. */
+  /* "user:password" to use with proxy. */
   CINIT(PROXYUSERPWD, OBJECTPOINT, 6),
 
   /* Range to get, specified as an ASCII string. */
@@ -562,7 +861,7 @@ typedef enum {
   /* not used */
 
   /* Specified file stream to upload from (use as input): */
-  CINIT(INFILE, OBJECTPOINT, 9),
+  CINIT(READDATA, OBJECTPOINT, 9),
 
   /* Buffer to receive error messages in, must be at least CURL_ERROR_SIZE
    * bytes big. If this is not used, error messages go to stderr instead: */
@@ -581,7 +880,7 @@ typedef enum {
 
   /* If the CURLOPT_INFILE is used, this can be used to inform libcurl about
    * how large the file being sent really is. That allows better error
-   * checking and better verifies that the upload was succcessful. -1 means
+   * checking and better verifies that the upload was successful. -1 means
    * unknown size.
    *
    * For large file support, there is also a _LARGE version of the key
@@ -590,10 +889,10 @@ typedef enum {
    */
   CINIT(INFILESIZE, LONG, 14),
 
-  /* POST input fields. */
+  /* POST static input fields. */
   CINIT(POSTFIELDS, OBJECTPOINT, 15),
 
-  /* Set the referer page (needed by some CGIs) */
+  /* Set the referrer page (needed by some CGIs) */
   CINIT(REFERER, OBJECTPOINT, 16),
 
   /* Set the FTP PORT string (interface name, named or numerical IP address)
@@ -610,7 +909,7 @@ typedef enum {
    */
 
   /* Set the "low speed limit" */
-  CINIT(LOW_SPEED_LIMIT, LONG , 19),
+  CINIT(LOW_SPEED_LIMIT, LONG, 19),
 
   /* Set the "low speed time" */
   CINIT(LOW_SPEED_TIME, LONG, 20),
@@ -626,19 +925,18 @@ typedef enum {
   /* Set cookie in request: */
   CINIT(COOKIE, OBJECTPOINT, 22),
 
-  /* This points to a linked list of headers, struct curl_slist kind */
+  /* This points to a linked list of headers, struct curl_slist kind. This
+     list is also used for RTSP (in spite of its name) */
   CINIT(HTTPHEADER, OBJECTPOINT, 23),
 
-  /* This points to a linked list of post entries, struct HttpPost */
+  /* This points to a linked list of post entries, struct curl_httppost */
   CINIT(HTTPPOST, OBJECTPOINT, 24),
 
   /* name of the file keeping your private SSL-certificate */
   CINIT(SSLCERT, OBJECTPOINT, 25),
 
-  /* password for the SSL-private key, keep this for compatibility */
-  CINIT(SSLCERTPASSWD, OBJECTPOINT, 26),
-  /* password for the SSL private key */
-  CINIT(SSLKEYPASSWD, OBJECTPOINT, 26),
+  /* password for the SSL or SSH private key */
+  CINIT(KEYPASSWD, OBJECTPOINT, 26),
 
   /* send TYPE parameter? */
   CINIT(CRLF, LONG, 27),
@@ -648,13 +946,13 @@ typedef enum {
 
   /* send FILE * or void * to store headers to, if you use a callback it
      is simply passed to the callback unmodified */
-  CINIT(WRITEHEADER, OBJECTPOINT, 29),
+  CINIT(HEADERDATA, OBJECTPOINT, 29),
 
   /* point to a file to read the initial cookies from, also enables
      "cookie awareness" */
   CINIT(COOKIEFILE, OBJECTPOINT, 31),
 
-  /* What version to specifly try to use.
+  /* What version to specifically try to use.
      See CURL_SSLVERSION defines below. */
   CINIT(SSLVERSION, LONG, 32),
 
@@ -681,9 +979,7 @@ typedef enum {
   /* send linked-list of post-transfer QUOTE commands */
   CINIT(POSTQUOTE, OBJECTPOINT, 39),
 
-  /* Pass a pointer to string of the output using full variable-replacement
-     as described elsewhere. */
-  CINIT(WRITEINFO, OBJECTPOINT, 40),
+  CINIT(OBSOLETE40, OBJECTPOINT, 40), /* OBSOLETE, do not use! */
 
   CINIT(VERBOSE, LONG, 41),      /* talk a lot */
   CINIT(HEADER, LONG, 42),       /* throw the header out too */
@@ -692,9 +988,9 @@ typedef enum {
   CINIT(FAILONERROR, LONG, 45),  /* no output on http error codes >= 300 */
   CINIT(UPLOAD, LONG, 46),       /* this is an upload */
   CINIT(POST, LONG, 47),         /* HTTP POST method */
-  CINIT(FTPLISTONLY, LONG, 48),  /* Use NLST when listing ftp dir */
+  CINIT(DIRLISTONLY, LONG, 48),  /* bare names when listing directories */
 
-  CINIT(FTPAPPEND, LONG, 50),    /* Append instead of overwrite on upload! */
+  CINIT(APPEND, LONG, 50),       /* Append instead of overwrite on upload! */
 
   /* Specify whether to read the user+password from the .netrc or the URL.
    * This must be one of the CURL_NETRC_* enums below. */
@@ -707,15 +1003,18 @@ typedef enum {
 
   /* 55 = OBSOLETE */
 
-  /* Function that will be called instead of the internal progress display
+  /* DEPRECATED
+   * Function that will be called instead of the internal progress display
    * function. This function should be defined as the curl_progress_callback
    * prototype defines. */
   CINIT(PROGRESSFUNCTION, FUNCTIONPOINT, 56),
 
-  /* Data passed to the progress callback */
+  /* Data passed to the CURLOPT_PROGRESSFUNCTION and CURLOPT_XFERINFOFUNCTION
+     callbacks */
   CINIT(PROGRESSDATA, OBJECTPOINT, 57),
+#define CURLOPT_XFERINFODATA CURLOPT_PROGRESSDATA
 
-  /* We want the referer field set automatically when following locations */
+  /* We want the referrer field set automatically when following locations */
   CINIT(AUTOREFERER, LONG, 58),
 
   /* Port of the proxy, can be set in the proxy string as well with:
@@ -731,10 +1030,10 @@ typedef enum {
   /* Set the interface string to use as outgoing network interface */
   CINIT(INTERFACE, OBJECTPOINT, 62),
 
-  /* Set the krb4 security level, this also enables krb4 awareness.  This is a
-   * string, 'clear', 'safe', 'confidential' or 'private'.  If the string is
-   * set but doesn't match one of these, 'private' will be used.  */
-  CINIT(KRB4LEVEL, OBJECTPOINT, 63),
+  /* Set the krb4/5 security level, this also enables krb4/5 awareness.  This
+   * is a string, 'clear', 'safe', 'confidential' or 'private'.  If the string
+   * is set but doesn't match one of these, 'private' will be used.  */
+  CINIT(KRBLEVEL, OBJECTPOINT, 63),
 
   /* Set if we should verify the peer in ssl handshake, set 1 to verify. */
   CINIT(SSL_VERIFYPEER, LONG, 64),
@@ -759,9 +1058,7 @@ typedef enum {
   /* Max amount of cached alive connections */
   CINIT(MAXCONNECTS, LONG, 71),
 
-  /* What policy to use when closing connections when the cache is filled
-     up */
-  CINIT(CLOSEPOLICY, LONG, 72),
+  CINIT(OBSOLETE72, LONG, 72), /* OBSOLETE, do not use! */
 
   /* 73 = OBSOLETE */
 
@@ -782,9 +1079,8 @@ typedef enum {
   /* Set to the Entropy Gathering Daemon socket pathname */
   CINIT(EGDSOCKET, OBJECTPOINT, 77),
 
-  /* Time-out connect operations after this amount of seconds, if connects
-     are OK within this time, then fine... This only aborts the connect
-     phase. [Only works on unix-style/SIGALRM operating systems] */
+  /* Time-out connect operations after this amount of seconds, if connects are
+     OK within this time, then fine... This only aborts the connect phase. */
   CINIT(CONNECTTIMEOUT, LONG, 78),
 
   /* Function that will be called to store headers (instead of fwrite). The
@@ -812,7 +1108,7 @@ typedef enum {
      CURL_HTTP_VERSION* enums set below. */
   CINIT(HTTP_VERSION, LONG, 84),
 
-  /* Specificly switch on or off the FTP engine's use of the EPSV command. By
+  /* Specifically switch on or off the FTP engine's use of the EPSV command. By
      default, that one will always be attempted before the more traditional
      PASV command. */
   CINIT(FTP_USE_EPSV, LONG, 85),
@@ -835,12 +1131,12 @@ typedef enum {
   CINIT(SSLENGINE_DEFAULT, LONG, 90),
 
   /* Non-zero value means to use the global dns cache */
-  CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* To becomeO BSOLETE soon */
+  CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* DEPRECATED, do not use! */
 
   /* DNS cache timeout */
   CINIT(DNS_CACHE_TIMEOUT, LONG, 92),
 
-  /* send linked-list of pre-transfer QUOTE commands (Wesley Laxton)*/
+  /* send linked-list of pre-transfer QUOTE commands */
   CINIT(PREQUOTE, OBJECTPOINT, 93),
 
   /* set the debug function */
@@ -868,12 +1164,13 @@ typedef enum {
   CINIT(SHARE, OBJECTPOINT, 100),
 
   /* indicates type of proxy. accepted values are CURLPROXY_HTTP (default),
-     CURLPROXY_SOCKS4 and CURLPROXY_SOCKS5. */
+     CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5. */
   CINIT(PROXYTYPE, LONG, 101),
 
   /* Set the Accept-Encoding string. Use this to tell a server you would like
-     the response to be compressed. */
-  CINIT(ENCODING, OBJECTPOINT, 102),
+     the response to be compressed. Before 7.21.6, this was known as
+     CURLOPT_ENCODING */
+  CINIT(ACCEPT_ENCODING, OBJECTPOINT, 102),
 
   /* Set pointer to private data */
   CINIT(PRIVATE, OBJECTPOINT, 103),
@@ -882,12 +1179,12 @@ typedef enum {
   CINIT(HTTP200ALIASES, OBJECTPOINT, 104),
 
   /* Continue to send authentication (user+password) when following locations,
-     even when hostname changed. This can potentionally send off the name
+     even when hostname changed. This can potentially send off the name
      and password to whatever host the server decides. */
   CINIT(UNRESTRICTED_AUTH, LONG, 105),
 
-  /* Specificly switch on or off the FTP engine's use of the EPRT command ( it
-     also disables the LPRT attempt). By default, those ones will always be
+  /* Specifically switch on or off the FTP engine's use of the EPRT command (
+     it also disables the LPRT attempt). By default, those ones will always be
      attempted before the good old traditional PORT command. */
   CINIT(FTP_USE_EPRT, LONG, 106),
 
@@ -905,7 +1202,10 @@ typedef enum {
      argument */
   CINIT(SSL_CTX_DATA, OBJECTPOINT, 109),
 
-  /* FTP Option that causes missing dirs to be created on the remote server */
+  /* FTP Option that causes missing dirs to be created on the remote server.
+     In 7.19.4 we introduced the convenience enums for this option using the
+     CURLFTP_CREATE_DIR prefix.
+  */
   CINIT(FTP_CREATE_MISSING_DIRS, LONG, 110),
 
   /* Set this to a bitmask value to enable the particular authentications
@@ -917,7 +1217,8 @@ typedef enum {
      getting a response.  This is different from transfer timeout time and
      essentially places a demand on the FTP server to acknowledge commands
      in a timely manner. */
-  CINIT(FTP_RESPONSE_TIMEOUT, LONG , 112),
+  CINIT(FTP_RESPONSE_TIMEOUT, LONG, 112),
+#define CURLOPT_SERVER_RESPONSE_TIMEOUT CURLOPT_FTP_RESPONSE_TIMEOUT
 
   /* Set this option to one of the CURL_IPRESOLVE_* defines (see below) to
      tell libcurl to resolve names to those IP versions only. This only has
@@ -953,11 +1254,11 @@ typedef enum {
   CINIT(NETRC_FILE, OBJECTPOINT, 118),
 
   /* Enable SSL/TLS for FTP, pick one of:
-     CURLFTPSSL_TRY     - try using SSL, proceed anyway otherwise
-     CURLFTPSSL_CONTROL - SSL for the control connection or fail
-     CURLFTPSSL_ALL     - SSL for all communication or fail
+     CURLUSESSL_TRY     - try using SSL, proceed anyway otherwise
+     CURLUSESSL_CONTROL - SSL for the control connection or fail
+     CURLUSESSL_ALL     - SSL for all communication or fail
   */
-  CINIT(FTP_SSL, LONG, 119),
+  CINIT(USE_SSL, LONG, 119),
 
   /* The _LARGE version of the standard POSTFIELDSIZE option */
   CINIT(POSTFIELDSIZE_LARGE, OFF_T, 120),
@@ -973,7 +1274,7 @@ typedef enum {
   /* 127 OBSOLETE. Gone in 7.16.0 */
   /* 128 OBSOLETE. Gone in 7.16.0 */
 
-  /* When FTP over SSL/TLS is selected (with CURLOPT_FTP_SSL), this option
+  /* When FTP over SSL/TLS is selected (with CURLOPT_USE_SSL), this option
      can be used to change libcurl's default action which is to first try
      "AUTH SSL" and then "AUTH TLS" in this order, and proceed when a OK
      response has been received.
@@ -1062,9 +1363,285 @@ typedef enum {
   /* Send CCC (Clear Command Channel) after authentication */
   CINIT(FTP_SSL_CCC, LONG, 154),
 
+  /* Same as TIMEOUT and CONNECTTIMEOUT, but with ms resolution */
+  CINIT(TIMEOUT_MS, LONG, 155),
+  CINIT(CONNECTTIMEOUT_MS, LONG, 156),
+
+  /* set to zero to disable the libcurl's decoding and thus pass the raw body
+     data to the application even when it is encoded/compressed */
+  CINIT(HTTP_TRANSFER_DECODING, LONG, 157),
+  CINIT(HTTP_CONTENT_DECODING, LONG, 158),
+
+  /* Permission used when creating new files and directories on the remote
+     server for protocols that support it, SFTP/SCP/FILE */
+  CINIT(NEW_FILE_PERMS, LONG, 159),
+  CINIT(NEW_DIRECTORY_PERMS, LONG, 160),
+
+  /* Set the behaviour of POST when redirecting. Values must be set to one
+     of CURL_REDIR* defines below. This used to be called CURLOPT_POST301 */
+  CINIT(POSTREDIR, LONG, 161),
+
+  /* used by scp/sftp to verify the host's public key */
+  CINIT(SSH_HOST_PUBLIC_KEY_MD5, OBJECTPOINT, 162),
+
+  /* Callback function for opening socket (instead of socket(2)). Optionally,
+     callback is able change the address or refuse to connect returning
+     CURL_SOCKET_BAD.  The callback should have type
+     curl_opensocket_callback */
+  CINIT(OPENSOCKETFUNCTION, FUNCTIONPOINT, 163),
+  CINIT(OPENSOCKETDATA, OBJECTPOINT, 164),
+
+  /* POST volatile input fields. */
+  CINIT(COPYPOSTFIELDS, OBJECTPOINT, 165),
+
+  /* set transfer mode (;type=<a|i>) when doing FTP via an HTTP proxy */
+  CINIT(PROXY_TRANSFER_MODE, LONG, 166),
+
+  /* Callback function for seeking in the input stream */
+  CINIT(SEEKFUNCTION, FUNCTIONPOINT, 167),
+  CINIT(SEEKDATA, OBJECTPOINT, 168),
+
+  /* CRL file */
+  CINIT(CRLFILE, OBJECTPOINT, 169),
+
+  /* Issuer certificate */
+  CINIT(ISSUERCERT, OBJECTPOINT, 170),
+
+  /* (IPv6) Address scope */
+  CINIT(ADDRESS_SCOPE, LONG, 171),
+
+  /* Collect certificate chain info and allow it to get retrievable with
+     CURLINFO_CERTINFO after the transfer is complete. */
+  CINIT(CERTINFO, LONG, 172),
+
+  /* "name" and "pwd" to use when fetching. */
+  CINIT(USERNAME, OBJECTPOINT, 173),
+  CINIT(PASSWORD, OBJECTPOINT, 174),
+
+    /* "name" and "pwd" to use with Proxy when fetching. */
+  CINIT(PROXYUSERNAME, OBJECTPOINT, 175),
+  CINIT(PROXYPASSWORD, OBJECTPOINT, 176),
+
+  /* Comma separated list of hostnames defining no-proxy zones. These should
+     match both hostnames directly, and hostnames within a domain. For
+     example, local.com will match local.com and www.local.com, but NOT
+     notlocal.com or www.notlocal.com. For compatibility with other
+     implementations of this, .local.com will be considered to be the same as
+     local.com. A single * is the only valid wildcard, and effectively
+     disables the use of proxy. */
+  CINIT(NOPROXY, OBJECTPOINT, 177),
+
+  /* block size for TFTP transfers */
+  CINIT(TFTP_BLKSIZE, LONG, 178),
+
+  /* Socks Service */
+  CINIT(SOCKS5_GSSAPI_SERVICE, OBJECTPOINT, 179),
+
+  /* Socks Service */
+  CINIT(SOCKS5_GSSAPI_NEC, LONG, 180),
+
+  /* set the bitmask for the protocols that are allowed to be used for the
+     transfer, which thus helps the app which takes URLs from users or other
+     external inputs and want to restrict what protocol(s) to deal
+     with. Defaults to CURLPROTO_ALL. */
+  CINIT(PROTOCOLS, LONG, 181),
+
+  /* set the bitmask for the protocols that libcurl is allowed to follow to,
+     as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
+     to be set in both bitmasks to be allowed to get redirected to. Defaults
+     to all protocols except FILE and SCP. */
+  CINIT(REDIR_PROTOCOLS, LONG, 182),
+
+  /* set the SSH knownhost file name to use */
+  CINIT(SSH_KNOWNHOSTS, OBJECTPOINT, 183),
+
+  /* set the SSH host key callback, must point to a curl_sshkeycallback
+     function */
+  CINIT(SSH_KEYFUNCTION, FUNCTIONPOINT, 184),
+
+  /* set the SSH host key callback custom pointer */
+  CINIT(SSH_KEYDATA, OBJECTPOINT, 185),
+
+  /* set the SMTP mail originator */
+  CINIT(MAIL_FROM, OBJECTPOINT, 186),
+
+  /* set the SMTP mail receiver(s) */
+  CINIT(MAIL_RCPT, OBJECTPOINT, 187),
+
+  /* FTP: send PRET before PASV */
+  CINIT(FTP_USE_PRET, LONG, 188),
+
+  /* RTSP request method (OPTIONS, SETUP, PLAY, etc...) */
+  CINIT(RTSP_REQUEST, LONG, 189),
+
+  /* The RTSP session identifier */
+  CINIT(RTSP_SESSION_ID, OBJECTPOINT, 190),
+
+  /* The RTSP stream URI */
+  CINIT(RTSP_STREAM_URI, OBJECTPOINT, 191),
+
+  /* The Transport: header to use in RTSP requests */
+  CINIT(RTSP_TRANSPORT, OBJECTPOINT, 192),
+
+  /* Manually initialize the client RTSP CSeq for this handle */
+  CINIT(RTSP_CLIENT_CSEQ, LONG, 193),
+
+  /* Manually initialize the server RTSP CSeq for this handle */
+  CINIT(RTSP_SERVER_CSEQ, LONG, 194),
+
+  /* The stream to pass to INTERLEAVEFUNCTION. */
+  CINIT(INTERLEAVEDATA, OBJECTPOINT, 195),
+
+  /* Let the application define a custom write method for RTP data */
+  CINIT(INTERLEAVEFUNCTION, FUNCTIONPOINT, 196),
+
+  /* Turn on wildcard matching */
+  CINIT(WILDCARDMATCH, LONG, 197),
+
+  /* Directory matching callback called before downloading of an
+     individual file (chunk) started */
+  CINIT(CHUNK_BGN_FUNCTION, FUNCTIONPOINT, 198),
+
+  /* Directory matching callback called after the file (chunk)
+     was downloaded, or skipped */
+  CINIT(CHUNK_END_FUNCTION, FUNCTIONPOINT, 199),
+
+  /* Change match (fnmatch-like) callback for wildcard matching */
+  CINIT(FNMATCH_FUNCTION, FUNCTIONPOINT, 200),
+
+  /* Let the application define custom chunk data pointer */
+  CINIT(CHUNK_DATA, OBJECTPOINT, 201),
+
+  /* FNMATCH_FUNCTION user pointer */
+  CINIT(FNMATCH_DATA, OBJECTPOINT, 202),
+
+  /* send linked-list of name:port:address sets */
+  CINIT(RESOLVE, OBJECTPOINT, 203),
+
+  /* Set a username for authenticated TLS */
+  CINIT(TLSAUTH_USERNAME, OBJECTPOINT, 204),
+
+  /* Set a password for authenticated TLS */
+  CINIT(TLSAUTH_PASSWORD, OBJECTPOINT, 205),
+
+  /* Set authentication type for authenticated TLS */
+  CINIT(TLSAUTH_TYPE, OBJECTPOINT, 206),
+
+  /* Set to 1 to enable the "TE:" header in HTTP requests to ask for
+     compressed transfer-encoded responses. Set to 0 to disable the use of TE:
+     in outgoing requests. The current default is 0, but it might change in a
+     future libcurl release.
+
+     libcurl will ask for the compressed methods it knows of, and if that
+     isn't any, it will not ask for transfer-encoding at all even if this
+     option is set to 1.
+
+  */
+  CINIT(TRANSFER_ENCODING, LONG, 207),
+
+  /* Callback function for closing socket (instead of close(2)). The callback
+     should have type curl_closesocket_callback */
+  CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208),
+  CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209),
+
+  /* allow GSSAPI credential delegation */
+  CINIT(GSSAPI_DELEGATION, LONG, 210),
+
+  /* Set the name servers to use for DNS resolution */
+  CINIT(DNS_SERVERS, OBJECTPOINT, 211),
+
+  /* Time-out accept operations (currently for FTP only) after this amount
+     of miliseconds. */
+  CINIT(ACCEPTTIMEOUT_MS, LONG, 212),
+
+  /* Set TCP keepalive */
+  CINIT(TCP_KEEPALIVE, LONG, 213),
+
+  /* non-universal keepalive knobs (Linux, AIX, HP-UX, more) */
+  CINIT(TCP_KEEPIDLE, LONG, 214),
+  CINIT(TCP_KEEPINTVL, LONG, 215),
+
+  /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */
+  CINIT(SSL_OPTIONS, LONG, 216),
+
+  /* Set the SMTP auth originator */
+  CINIT(MAIL_AUTH, OBJECTPOINT, 217),
+
+  /* Enable/disable SASL initial response */
+  CINIT(SASL_IR, LONG, 218),
+
+  /* Function that will be called instead of the internal progress display
+   * function. This function should be defined as the curl_xferinfo_callback
+   * prototype defines. (Deprecates CURLOPT_PROGRESSFUNCTION) */
+  CINIT(XFERINFOFUNCTION, FUNCTIONPOINT, 219),
+
+  /* The XOAUTH2 bearer token */
+  CINIT(XOAUTH2_BEARER, OBJECTPOINT, 220),
+
+  /* Set the interface string to use as outgoing network
+   * interface for DNS requests.
+   * Only supported by the c-ares DNS backend */
+  CINIT(DNS_INTERFACE, OBJECTPOINT, 221),
+
+  /* Set the local IPv4 address to use for outgoing DNS requests.
+   * Only supported by the c-ares DNS backend */
+  CINIT(DNS_LOCAL_IP4, OBJECTPOINT, 222),
+
+  /* Set the local IPv4 address to use for outgoing DNS requests.
+   * Only supported by the c-ares DNS backend */
+  CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223),
+
+  /* Set authentication options directly */
+  CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224),
+
+  /* Enable/disable TLS NPN extension (http2 over ssl might fail without) */
+  CINIT(SSL_ENABLE_NPN, LONG, 225),
+
+  /* Enable/disable TLS ALPN extension (http2 over ssl might fail without) */
+  CINIT(SSL_ENABLE_ALPN, LONG, 226),
+
+  /* Time to wait for a response to a HTTP request containing an
+   * Expect: 100-continue header before sending the data anyway. */
+  CINIT(EXPECT_100_TIMEOUT_MS, LONG, 227),
+
+  /* This points to a linked list of headers used for proxy requests only,
+     struct curl_slist kind */
+  CINIT(PROXYHEADER, OBJECTPOINT, 228),
+
+  /* Pass in a bitmask of "header options" */
+  CINIT(HEADEROPT, LONG, 229),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 
+#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
+                          the obsolete stuff removed! */
+
+/* Backwards compatibility with older names */
+/* These are scheduled to disappear by 2011 */
+
+/* This was added in version 7.19.1 */
+#define CURLOPT_POST301 CURLOPT_POSTREDIR
+
+/* These are scheduled to disappear by 2009 */
+
+/* The following were added in 7.17.0 */
+#define CURLOPT_SSLKEYPASSWD CURLOPT_KEYPASSWD
+#define CURLOPT_FTPAPPEND CURLOPT_APPEND
+#define CURLOPT_FTPLISTONLY CURLOPT_DIRLISTONLY
+#define CURLOPT_FTP_SSL CURLOPT_USE_SSL
+
+/* The following were added earlier */
+
+#define CURLOPT_SSLCERTPASSWD CURLOPT_KEYPASSWD
+#define CURLOPT_KRB4LEVEL CURLOPT_KRBLEVEL
+
+#else
+/* This is set if CURL_NO_OLDIES is defined at compile-time */
+#undef CURLOPT_DNS_USE_GLOBAL_CACHE /* soon obsolete */
+#endif
+
+
   /* Below here follows defines for the CURLOPT_IPRESOLVE option. If a host
      name resolves addresses using more than one IP protocol version, this
      option might be handy to force libcurl to use a specific IP version. */
@@ -1074,17 +1651,7 @@ typedef enum {
 #define CURL_IPRESOLVE_V6       2 /* resolve to ipv6 addresses */
 
   /* three convenient "aliases" that follow the name scheme better */
-#define CURLOPT_WRITEDATA CURLOPT_FILE
-#define CURLOPT_READDATA  CURLOPT_INFILE
-#define CURLOPT_HEADERDATA CURLOPT_WRITEHEADER
-
-#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
-                          the obsolete stuff removed! */
-#else
-/* This is set if CURL_NO_OLDIES is defined at compile-time */
-#undef CURLOPT_DNS_USE_GLOBAL_CACHE /* soon obsolete */
-#endif
-
+#define CURLOPT_RTSPHEADER CURLOPT_HTTPHEADER
 
   /* These enums are for use with the CURLOPT_HTTP_VERSION option. */
 enum {
@@ -1093,10 +1660,30 @@ enum {
                              for us! */
   CURL_HTTP_VERSION_1_0,  /* please use HTTP 1.0 in the request */
   CURL_HTTP_VERSION_1_1,  /* please use HTTP 1.1 in the request */
+  CURL_HTTP_VERSION_2_0,  /* please use HTTP 2.0 in the request */
 
   CURL_HTTP_VERSION_LAST /* *ILLEGAL* http version */
 };
 
+/*
+ * Public API enums for RTSP requests
+ */
+enum {
+    CURL_RTSPREQ_NONE, /* first in list */
+    CURL_RTSPREQ_OPTIONS,
+    CURL_RTSPREQ_DESCRIBE,
+    CURL_RTSPREQ_ANNOUNCE,
+    CURL_RTSPREQ_SETUP,
+    CURL_RTSPREQ_PLAY,
+    CURL_RTSPREQ_PAUSE,
+    CURL_RTSPREQ_TEARDOWN,
+    CURL_RTSPREQ_GET_PARAMETER,
+    CURL_RTSPREQ_SET_PARAMETER,
+    CURL_RTSPREQ_RECORD,
+    CURL_RTSPREQ_RECEIVE,
+    CURL_RTSPREQ_LAST /* last in list */
+};
+
   /* These enums are for use with the CURLOPT_NETRC option. */
 enum CURL_NETRC_OPTION {
   CURL_NETRC_IGNORED,     /* The .netrc will never be read.
@@ -1111,13 +1698,33 @@ enum CURL_NETRC_OPTION {
 
 enum {
   CURL_SSLVERSION_DEFAULT,
-  CURL_SSLVERSION_TLSv1,
+  CURL_SSLVERSION_TLSv1, /* TLS 1.x */
   CURL_SSLVERSION_SSLv2,
   CURL_SSLVERSION_SSLv3,
+  CURL_SSLVERSION_TLSv1_0,
+  CURL_SSLVERSION_TLSv1_1,
+  CURL_SSLVERSION_TLSv1_2,
 
   CURL_SSLVERSION_LAST /* never use, keep last */
 };
 
+enum CURL_TLSAUTH {
+  CURL_TLSAUTH_NONE,
+  CURL_TLSAUTH_SRP,
+  CURL_TLSAUTH_LAST /* never use, keep last */
+};
+
+/* symbols to use with CURLOPT_POSTREDIR.
+   CURL_REDIR_POST_301, CURL_REDIR_POST_302 and CURL_REDIR_POST_303
+   can be bitwise ORed so that CURL_REDIR_POST_301 | CURL_REDIR_POST_302
+   | CURL_REDIR_POST_303 == CURL_REDIR_POST_ALL */
+
+#define CURL_REDIR_GET_ALL  0
+#define CURL_REDIR_POST_301 1
+#define CURL_REDIR_POST_302 2
+#define CURL_REDIR_POST_303 4
+#define CURL_REDIR_POST_ALL \
+    (CURL_REDIR_POST_301|CURL_REDIR_POST_302|CURL_REDIR_POST_303)
 
 typedef enum {
   CURL_TIMECOND_NONE,
@@ -1129,17 +1736,6 @@ typedef enum {
   CURL_TIMECOND_LAST
 } curl_TimeCond;
 
-#ifdef __cplusplus
-}
-#endif
-
-#if defined __BEOS__ || defined __HAIKU__
-#include <support/SupportDefs.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
 
 /* curl_strequal() and curl_strnequal() are subject for removal in a future
    libcurl, see lib/README.curlx for details */
@@ -1183,7 +1779,9 @@ typedef enum {
   CFINIT(END),
   CFINIT(OBSOLETE2),
 
-  CURLFORM_LASTENTRY /* the last unusued */
+  CFINIT(STREAM),
+
+  CURLFORM_LASTENTRY /* the last unused */
 } CURLformoption;
 
 #undef CFINIT /* done */
@@ -1205,7 +1803,7 @@ struct curl_forms {
  * CURL_FORMADD_MEMORY         if the allocation of a FormInfo struct failed
  * CURL_FORMADD_UNKNOWN_OPTION if an unknown option was used
  * CURL_FORMADD_INCOMPLETE     if the some FormInfo is not complete (or error)
- * CURL_FORMADD_MEMORY         if a HttpPost struct cannot be allocated
+ * CURL_FORMADD_MEMORY         if a curl_httppost struct cannot be allocated
  * CURL_FORMADD_MEMORY         if some allocation for string copying failed.
  * CURL_FORMADD_ILLEGAL_ARRAY  if an illegal option is used in an array
  *
@@ -1229,7 +1827,7 @@ typedef enum {
  *
  * DESCRIPTION
  *
- * Pretty advanved function for building multi-part formposts. Each invoke
+ * Pretty advanced function for building multi-part formposts. Each invoke
  * adds one part that together construct a full post. Then use
  * CURLOPT_HTTPPOST to send it off to libcurl.
  */
@@ -1239,11 +1837,14 @@ CURL_EXTERN CURLFORMcode curl_formadd(struct curl_httppost **httppost,
 
 /*
  * callback function for curl_formget()
- * The void *arg pointer will be the one passed as second argument to curl_formget().
+ * The void *arg pointer will be the one passed as second argument to
+ *   curl_formget().
  * The character buffer passed to it must not be freed.
- * Should return the buffer length passed to it as the argument "len" on success.
+ * Should return the buffer length passed to it as the argument "len" on
+ *   success.
  */
-typedef size_t (*curl_formget_callback)(void *arg, const char *buf, size_t len);
+typedef size_t (*curl_formget_callback)(void *arg, const char *buf,
+                                        size_t len);
 
 /*
  * NAME curl_formget()
@@ -1339,7 +1940,9 @@ CURL_EXTERN void curl_free(void *p);
  * DESCRIPTION
  *
  * curl_global_init() should be invoked exactly once for each application that
- * uses libcurl
+ * uses libcurl and before any call of other libcurl functions.
+ *
+ * This function is not thread-safe!
  */
 CURL_EXTERN CURLcode curl_global_init(long flags);
 
@@ -1410,6 +2013,38 @@ CURL_EXTERN void curl_slist_free_all(struct curl_slist *);
  */
 CURL_EXTERN time_t curl_getdate(const char *p, const time_t *unused);
 
+/* info about the certificate chain, only for OpenSSL builds. Asked
+   for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */
+struct curl_certinfo {
+  int num_of_certs;             /* number of certificates with information */
+  struct curl_slist **certinfo; /* for each index in this array, there's a
+                                   linked list with textual information in the
+                                   format "name: value" */
+};
+
+/* enum for the different supported SSL backends */
+typedef enum {
+  CURLSSLBACKEND_NONE = 0,
+  CURLSSLBACKEND_OPENSSL = 1,
+  CURLSSLBACKEND_GNUTLS = 2,
+  CURLSSLBACKEND_NSS = 3,
+  CURLSSLBACKEND_QSOSSL = 4,
+  CURLSSLBACKEND_GSKIT = 5,
+  CURLSSLBACKEND_POLARSSL = 6,
+  CURLSSLBACKEND_CYASSL = 7,
+  CURLSSLBACKEND_SCHANNEL = 8,
+  CURLSSLBACKEND_DARWINSSL = 9,
+  CURLSSLBACKEND_AXTLS = 10
+} curl_sslbackend;
+
+/* Information about the SSL library used and the respective internal SSL
+   handle, which can be used to obtain further information regarding the
+   connection. Asked for with CURLINFO_TLS_SESSION. */
+struct curl_tlssessioninfo {
+  curl_sslbackend backend;
+  void *internals;
+};
+
 #define CURLINFO_STRING   0x100000
 #define CURLINFO_LONG     0x200000
 #define CURLINFO_DOUBLE   0x300000
@@ -1449,9 +2084,22 @@ typedef enum {
   CURLINFO_COOKIELIST       = CURLINFO_SLIST  + 28,
   CURLINFO_LASTSOCKET       = CURLINFO_LONG   + 29,
   CURLINFO_FTP_ENTRY_PATH   = CURLINFO_STRING + 30,
+  CURLINFO_REDIRECT_URL     = CURLINFO_STRING + 31,
+  CURLINFO_PRIMARY_IP       = CURLINFO_STRING + 32,
+  CURLINFO_APPCONNECT_TIME  = CURLINFO_DOUBLE + 33,
+  CURLINFO_CERTINFO         = CURLINFO_SLIST  + 34,
+  CURLINFO_CONDITION_UNMET  = CURLINFO_LONG   + 35,
+  CURLINFO_RTSP_SESSION_ID  = CURLINFO_STRING + 36,
+  CURLINFO_RTSP_CLIENT_CSEQ = CURLINFO_LONG   + 37,
+  CURLINFO_RTSP_SERVER_CSEQ = CURLINFO_LONG   + 38,
+  CURLINFO_RTSP_CSEQ_RECV   = CURLINFO_LONG   + 39,
+  CURLINFO_PRIMARY_PORT     = CURLINFO_LONG   + 40,
+  CURLINFO_LOCAL_IP         = CURLINFO_STRING + 41,
+  CURLINFO_LOCAL_PORT       = CURLINFO_LONG   + 42,
+  CURLINFO_TLS_SESSION      = CURLINFO_SLIST  + 43,
   /* Fill in new entries below here! */
 
-  CURLINFO_LASTONE          = 30
+  CURLINFO_LASTONE          = 43
 } CURLINFO;
 
 /* CURLINFO_RESPONSE_CODE is the new name for the option previously known as
@@ -1475,6 +2123,7 @@ typedef enum {
 #define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32)
 #define CURL_GLOBAL_NOTHING 0
 #define CURL_GLOBAL_DEFAULT CURL_GLOBAL_ALL
+#define CURL_GLOBAL_ACK_EINTR (1<<2)
 
 
 /*****************************************************************************
@@ -1484,7 +2133,7 @@ typedef enum {
 /* Different data locks for a single share */
 typedef enum {
   CURL_LOCK_DATA_NONE = 0,
-  /*  CURL_LOCK_DATA_SHARE is used internaly to say that
+  /*  CURL_LOCK_DATA_SHARE is used internally to say that
    *  the locking is just made to change the internal state of the share
    *  itself.
    */
@@ -1519,14 +2168,15 @@ typedef enum {
   CURLSHE_BAD_OPTION, /* 1 */
   CURLSHE_IN_USE,     /* 2 */
   CURLSHE_INVALID,    /* 3 */
-  CURLSHE_NOMEM,      /* out of memory */
-  CURLSHE_LAST /* never use */
+  CURLSHE_NOMEM,      /* 4 out of memory */
+  CURLSHE_NOT_BUILT_IN, /* 5 feature not present in lib */
+  CURLSHE_LAST        /* never use */
 } CURLSHcode;
 
 typedef enum {
   CURLSHOPT_NONE,  /* don't use */
   CURLSHOPT_SHARE,   /* specify a data type to share */
-  CURLSHOPT_UNSHARE, /* specify shich data type to stop sharing */
+  CURLSHOPT_UNSHARE, /* specify which data type to stop sharing */
   CURLSHOPT_LOCKFUNC,   /* pass in a 'curl_lock_function' pointer */
   CURLSHOPT_UNLOCKFUNC, /* pass in a 'curl_unlock_function' pointer */
   CURLSHOPT_USERDATA,   /* pass in a user data pointer used in the lock/unlock
@@ -1551,7 +2201,7 @@ typedef enum {
 } CURLversion;
 
 /* The 'CURLVERSION_NOW' is the symbolic name meant to be used by
-   basicly all programs ever, that want to get version information. It is
+   basically all programs ever that want to get version information. It is
    meant to be a built-in version number for what kind of struct the caller
    expects. If the struct ever changes, we redefine the NOW to another enum
    from above. */
@@ -1590,17 +2240,22 @@ typedef struct {
 #define CURL_VERSION_SSL       (1<<2)  /* SSL options are present */
 #define CURL_VERSION_LIBZ      (1<<3)  /* libz features are present */
 #define CURL_VERSION_NTLM      (1<<4)  /* NTLM auth is supported */
-#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support */
+#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support
+                                            (deprecated) */
 #define CURL_VERSION_DEBUG     (1<<6)  /* built with debug capabilities */
 #define CURL_VERSION_ASYNCHDNS (1<<7)  /* asynchronous dns resolves */
-#define CURL_VERSION_SPNEGO    (1<<8)  /* SPNEGO auth */
+#define CURL_VERSION_SPNEGO    (1<<8)  /* SPNEGO auth is supported */
 #define CURL_VERSION_LARGEFILE (1<<9)  /* supports files bigger than 2GB */
 #define CURL_VERSION_IDN       (1<<10) /* International Domain Names support */
 #define CURL_VERSION_SSPI      (1<<11) /* SSPI is supported */
-#define CURL_VERSION_CONV      (1<<12) /* character conversions are
-                                          supported */
-
-/*
+#define CURL_VERSION_CONV      (1<<12) /* character conversions supported */
+#define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */
+#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
+#define CURL_VERSION_NTLM_WB   (1<<15) /* NTLM delegating to winbind helper */
+#define CURL_VERSION_HTTP2     (1<<16) /* HTTP2 support built-in */
+#define CURL_VERSION_GSSAPI    (1<<17) /* GSS-API is supported */
+
+ /*
  * NAME curl_version_info()
  *
  * DESCRIPTION
@@ -1632,6 +2287,26 @@ CURL_EXTERN const char *curl_easy_strerror(CURLcode);
  */
 CURL_EXTERN const char *curl_share_strerror(CURLSHcode);
 
+/*
+ * NAME curl_easy_pause()
+ *
+ * DESCRIPTION
+ *
+ * The curl_easy_pause function pauses or unpauses transfers. Select the new
+ * state by setting the bitmask, use the convenience defines below.
+ *
+ */
+CURL_EXTERN CURLcode curl_easy_pause(CURL *handle, int bitmask);
+
+#define CURLPAUSE_RECV      (1<<0)
+#define CURLPAUSE_RECV_CONT (0)
+
+#define CURLPAUSE_SEND      (1<<2)
+#define CURLPAUSE_SEND_CONT (0)
+
+#define CURLPAUSE_ALL       (CURLPAUSE_RECV|CURLPAUSE_SEND)
+#define CURLPAUSE_CONT      (CURLPAUSE_RECV_CONT|CURLPAUSE_SEND_CONT)
+
 #ifdef  __cplusplus
 }
 #endif
@@ -1641,4 +2316,23 @@ CURL_EXTERN const char *curl_share_strerror(CURLSHcode);
 #include "easy.h" /* nothing in curl is fun without the easy stuff */
 #include "multi.h"
 
+/* the typechecker doesn't work in C++ (yet) */
+#if defined(__GNUC__) && defined(__GNUC_MINOR__) && \
+    ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)) && \
+    !defined(__cplusplus) && !defined(CURL_DISABLE_TYPECHECK)
+#include "typecheck-gcc.h"
+#else
+#if defined(__STDC__) && (__STDC__ >= 1)
+#if 0 /* Triggers clang -Wdisabled-macro-expansion, skip for CMake.  */
+/* This preprocessor magic that replaces a call with the exact same call is
+   only done to make sure application authors pass exactly three arguments
+   to these functions. */
+#define curl_easy_setopt(handle,opt,param) curl_easy_setopt(handle,opt,param)
+#define curl_easy_getinfo(handle,info,arg) curl_easy_getinfo(handle,info,arg)
+#define curl_share_setopt(share,opt,param) curl_share_setopt(share,opt,param)
+#define curl_multi_setopt(handle,opt,param) curl_multi_setopt(handle,opt,param)
+#endif
+#endif /* __STDC__ >= 1 */
+#endif /* gcc >= 4.3 && !__cplusplus */
+
 #endif /* __CURL_CURL_H */
diff --git a/Utilities/cmcurl/include/curl/curlbuild.h.cmake b/Utilities/cmcurl/include/curl/curlbuild.h.cmake
new file mode 100644
index 0000000..6608694
--- /dev/null
+++ b/Utilities/cmcurl/include/curl/curlbuild.h.cmake
@@ -0,0 +1,218 @@
+#ifndef __CURL_CURLBUILD_H
+#define __CURL_CURLBUILD_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* ================================================================ */
+/*               NOTES FOR CONFIGURE CAPABLE SYSTEMS                */
+/* ================================================================ */
+
+/*
+ * NOTE 1:
+ * -------
+ *
+ * Nothing in this file is intended to be modified or adjusted by the
+ * curl library user nor by the curl library builder.
+ *
+ * If you think that something actually needs to be changed, adjusted
+ * or fixed in this file, then, report it on the libcurl development
+ * mailing list: http://cool.haxx.se/mailman/listinfo/curl-library/
+ *
+ * This header file shall only export symbols which are 'curl' or 'CURL'
+ * prefixed, otherwise public name space would be polluted.
+ *
+ * NOTE 2:
+ * -------
+ *
+ * Right now you might be staring at file include/curl/curlbuild.h.in or
+ * at file include/curl/curlbuild.h, this is due to the following reason:
+ *
+ * On systems capable of running the configure script, the configure process
+ * will overwrite the distributed include/curl/curlbuild.h file with one that
+ * is suitable and specific to the library being configured and built, which
+ * is generated from the include/curl/curlbuild.h.in template file.
+ *
+ */
+
+/* ================================================================ */
+/*  DEFINITION OF THESE SYMBOLS SHALL NOT TAKE PLACE ANYWHERE ELSE  */
+/* ================================================================ */
+
+#ifdef CURL_SIZEOF_LONG
+#error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined
+#endif
+
+#ifdef CURL_TYPEOF_CURL_SOCKLEN_T
+#error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined
+#endif
+
+#ifdef CURL_SIZEOF_CURL_SOCKLEN_T
+#error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined
+#endif
+
+#ifdef CURL_TYPEOF_CURL_OFF_T
+#error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined
+#endif
+
+#ifdef CURL_FORMAT_CURL_OFF_T
+#error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined
+#endif
+
+#ifdef CURL_FORMAT_CURL_OFF_TU
+#error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined
+#endif
+
+#ifdef CURL_FORMAT_OFF_T
+#error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined
+#endif
+
+#ifdef CURL_SIZEOF_CURL_OFF_T
+#error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined
+#endif
+
+#ifdef CURL_SUFFIX_CURL_OFF_T
+#error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined
+#endif
+
+#ifdef CURL_SUFFIX_CURL_OFF_TU
+#error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
+   Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined
+#endif
+
+/* ================================================================ */
+/*  EXTERNAL INTERFACE SETTINGS FOR CONFIGURE CAPABLE SYSTEMS ONLY  */
+/* ================================================================ */
+
+/* Configure process defines this to 1 when it finds out that system  */
+/* header file ws2tcpip.h must be included by the external interface. */
+#cmakedefine CURL_PULL_WS2TCPIP_H
+#ifdef CURL_PULL_WS2TCPIP_H
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  include <winsock2.h>
+#  include <ws2tcpip.h>
+#endif
+
+/* Configure process defines this to 1 when it finds out that system   */
+/* header file sys/types.h must be included by the external interface. */
+#cmakedefine CURL_PULL_SYS_TYPES_H
+#ifdef CURL_PULL_SYS_TYPES_H
+#  include <sys/types.h>
+#endif
+
+/* Configure process defines this to 1 when it finds out that system */
+/* header file stdint.h must be included by the external interface.  */
+#cmakedefine CURL_PULL_STDINT_H
+#ifdef CURL_PULL_STDINT_H
+#  include <stdint.h>
+#endif
+
+/* Configure process defines this to 1 when it finds out that system  */
+/* header file inttypes.h must be included by the external interface. */
+#cmakedefine CURL_PULL_INTTYPES_H
+#ifdef CURL_PULL_INTTYPES_H
+#  include <inttypes.h>
+#endif
+
+/* Configure process defines this to 1 when it finds out that system    */
+/* header file sys/socket.h must be included by the external interface. */
+#cmakedefine CURL_PULL_SYS_SOCKET_H
+#ifdef CURL_PULL_SYS_SOCKET_H
+#  include <sys/socket.h>
+#endif
+
+/* Configure process defines this to 1 when it finds out that system  */
+/* header file sys/poll.h must be included by the external interface. */
+#cmakedefine CURL_PULL_SYS_POLL_H
+#ifdef CURL_PULL_SYS_POLL_H
+#  include <sys/poll.h>
+#endif
+
+/* The size of `int', as computed by sizeof. */
+@CURL_SIZEOF_INT_CODE@
+
+/* The size of `long', as computed by sizeof. */
+@CURL_SIZEOF_LONG_CODE@
+
+/* The size of `long long', as computed by sizeof. */
+@CURL_SIZEOF_LONG_LONG_CODE@
+
+/* The size of `ssize_t', as computed by sizeof. */
+@CURL_SIZEOF_SSIZE_T_CODE@
+
+#define CURL_HAVE_SOCKLEN_T @CURL_HAVE_SOCKLEN_T@
+#if CURL_HAVE_SOCKLEN_T
+/* Integral data type used for curl_socklen_t. */
+#define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
+
+/* The size of `curl_socklen_t', as computed by sizeof. */
+@CURL_SIZEOF_CURL_SOCKLEN_T_CODE@
+#else
+# define CURL_TYPEOF_CURL_SOCKLEN_T int
+# define CURL_SIZEOF_CURL_SOCKLEN_T CURL_SIZEOF_INT
+#endif
+
+/* Data type definition of curl_socklen_t. */
+typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t;
+
+#if CURL_SIZEOF_LONG == 8
+# define CURL_TYPEOF_CURL_OFF_T long
+# define CURL_SIZEOF_CURL_OFF_T 8
+# define CURL_FORMAT_CURL_OFF_T "ld"
+# define CURL_FORMAT_CURL_OFF_TU "lu"
+# define CURL_FORMAT_OFF_T "%ld"
+# define CURL_SUFFIX_CURL_OFF_T L
+# define CURL_SUFFIX_CURL_OFF_TU UL
+#elif CURL_SIZEOF_LONG_LONG == 8
+# define CURL_TYPEOF_CURL_OFF_T long long
+# define CURL_SIZEOF_CURL_OFF_T 8
+# define CURL_FORMAT_CURL_OFF_T "lld"
+# define CURL_FORMAT_CURL_OFF_TU "llu"
+# define CURL_FORMAT_OFF_T "%lld"
+# define CURL_SUFFIX_CURL_OFF_T LL
+# define CURL_SUFFIX_CURL_OFF_TU ULL
+#else
+# define CURL_TYPEOF_CURL_OFF_T ssize_t
+# define CURL_SIZEOF_CURL_OFF_T CURL_SIZEOF_SSIZE_T
+/* TODO: need adjustment here. */
+# define CURL_FORMAT_CURL_OFF_T "ld"
+# define CURL_FORMAT_CURL_OFF_TU "lu"
+# define CURL_FORMAT_OFF_T "%ld"
+# define CURL_SUFFIX_CURL_OFF_T L
+# define CURL_SUFFIX_CURL_OFF_TU UL
+#endif
+
+/* Data type definition of curl_off_t. */
+typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;
+
+#endif /* __CURL_CURLBUILD_H */
diff --git a/Utilities/cmcurl/include/curl/curlrules.h b/Utilities/cmcurl/include/curl/curlrules.h
new file mode 100644
index 0000000..7c2ede3
--- /dev/null
+++ b/Utilities/cmcurl/include/curl/curlrules.h
@@ -0,0 +1,262 @@
+#ifndef __CURL_CURLRULES_H
+#define __CURL_CURLRULES_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* ================================================================ */
+/*                    COMPILE TIME SANITY CHECKS                    */
+/* ================================================================ */
+
+/*
+ * NOTE 1:
+ * -------
+ *
+ * All checks done in this file are intentionally placed in a public
+ * header file which is pulled by curl/curl.h when an application is
+ * being built using an already built libcurl library. Additionally
+ * this file is also included and used when building the library.
+ *
+ * If compilation fails on this file it is certainly sure that the
+ * problem is elsewhere. It could be a problem in the curlbuild.h
+ * header file, or simply that you are using different compilation
+ * settings than those used to build the library.
+ *
+ * Nothing in this file is intended to be modified or adjusted by the
+ * curl library user nor by the curl library builder.
+ *
+ * Do not deactivate any check, these are done to make sure that the
+ * library is properly built and used.
+ *
+ * You can find further help on the libcurl development mailing list:
+ * http://cool.haxx.se/mailman/listinfo/curl-library/
+ *
+ * NOTE 2
+ * ------
+ *
+ * Some of the following compile time checks are based on the fact
+ * that the dimension of a constant array can not be a negative one.
+ * In this way if the compile time verification fails, the compilation
+ * will fail issuing an error. The error description wording is compiler
+ * dependent but it will be quite similar to one of the following:
+ *
+ *   "negative subscript or subscript is too large"
+ *   "array must have at least one element"
+ *   "-1 is an illegal array size"
+ *   "size of array is negative"
+ *
+ * If you are building an application which tries to use an already
+ * built libcurl library and you are getting this kind of errors on
+ * this file, it is a clear indication that there is a mismatch between
+ * how the library was built and how you are trying to use it for your
+ * application. Your already compiled or binary library provider is the
+ * only one who can give you the details you need to properly use it.
+ */
+
+/*
+ * Verify that some macros are actually defined.
+ */
+
+#ifndef CURL_SIZEOF_LONG
+#  error "CURL_SIZEOF_LONG definition is missing!"
+   Error Compilation_aborted_CURL_SIZEOF_LONG_is_missing
+#endif
+
+#ifndef CURL_TYPEOF_CURL_SOCKLEN_T
+#  error "CURL_TYPEOF_CURL_SOCKLEN_T definition is missing!"
+   Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_is_missing
+#endif
+
+#ifndef CURL_SIZEOF_CURL_SOCKLEN_T
+#  error "CURL_SIZEOF_CURL_SOCKLEN_T definition is missing!"
+   Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_is_missing
+#endif
+
+#ifndef CURL_TYPEOF_CURL_OFF_T
+#  error "CURL_TYPEOF_CURL_OFF_T definition is missing!"
+   Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_is_missing
+#endif
+
+#ifndef CURL_FORMAT_CURL_OFF_T
+#  error "CURL_FORMAT_CURL_OFF_T definition is missing!"
+   Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_is_missing
+#endif
+
+#ifndef CURL_FORMAT_CURL_OFF_TU
+#  error "CURL_FORMAT_CURL_OFF_TU definition is missing!"
+   Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_is_missing
+#endif
+
+#ifndef CURL_FORMAT_OFF_T
+#  error "CURL_FORMAT_OFF_T definition is missing!"
+   Error Compilation_aborted_CURL_FORMAT_OFF_T_is_missing
+#endif
+
+#ifndef CURL_SIZEOF_CURL_OFF_T
+#  error "CURL_SIZEOF_CURL_OFF_T definition is missing!"
+   Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_is_missing
+#endif
+
+#ifndef CURL_SUFFIX_CURL_OFF_T
+#  error "CURL_SUFFIX_CURL_OFF_T definition is missing!"
+   Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_is_missing
+#endif
+
+#ifndef CURL_SUFFIX_CURL_OFF_TU
+#  error "CURL_SUFFIX_CURL_OFF_TU definition is missing!"
+   Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_is_missing
+#endif
+
+/*
+ * Macros private to this header file.
+ */
+
+#define CurlchkszEQ(t, s) sizeof(t) == s ? 1 : -1
+
+#define CurlchkszGE(t1, t2) sizeof(t1) >= sizeof(t2) ? 1 : -1
+
+/*
+ * Verify that the size previously defined and expected for long
+ * is the same as the one reported by sizeof() at compile time.
+ */
+
+typedef char
+  __curl_rule_01__
+    [CurlchkszEQ(long, CURL_SIZEOF_LONG)];
+
+/*
+ * Verify that the size previously defined and expected for
+ * curl_off_t is actually the the same as the one reported
+ * by sizeof() at compile time.
+ */
+
+typedef char
+  __curl_rule_02__
+    [CurlchkszEQ(curl_off_t, CURL_SIZEOF_CURL_OFF_T)];
+
+/*
+ * Verify at compile time that the size of curl_off_t as reported
+ * by sizeof() is greater or equal than the one reported for long
+ * for the current compilation.
+ */
+
+typedef char
+  __curl_rule_03__
+    [CurlchkszGE(curl_off_t, long)];
+
+/*
+ * Verify that the size previously defined and expected for
+ * curl_socklen_t is actually the the same as the one reported
+ * by sizeof() at compile time.
+ */
+
+typedef char
+  __curl_rule_04__
+    [CurlchkszEQ(curl_socklen_t, CURL_SIZEOF_CURL_SOCKLEN_T)];
+
+/*
+ * Verify at compile time that the size of curl_socklen_t as reported
+ * by sizeof() is greater or equal than the one reported for int for
+ * the current compilation.
+ */
+
+typedef char
+  __curl_rule_05__
+    [CurlchkszGE(curl_socklen_t, int)];
+
+/* ================================================================ */
+/*          EXTERNALLY AND INTERNALLY VISIBLE DEFINITIONS           */
+/* ================================================================ */
+
+/*
+ * CURL_ISOCPP and CURL_OFF_T_C definitions are done here in order to allow
+ * these to be visible and exported by the external libcurl interface API,
+ * while also making them visible to the library internals, simply including
+ * curl_setup.h, without actually needing to include curl.h internally.
+ * If some day this section would grow big enough, all this should be moved
+ * to its own header file.
+ */
+
+/*
+ * Figure out if we can use the ## preprocessor operator, which is supported
+ * by ISO/ANSI C and C++. Some compilers support it without setting __STDC__
+ * or  __cplusplus so we need to carefully check for them too.
+ */
+
+#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) || \
+  defined(__HP_aCC) || defined(__BORLANDC__) || defined(__LCC__) || \
+  defined(__POCC__) || defined(__SALFORDC__) || defined(__HIGHC__) || \
+  defined(__ILEC400__)
+  /* This compiler is believed to have an ISO compatible preprocessor */
+#define CURL_ISOCPP
+#else
+  /* This compiler is believed NOT to have an ISO compatible preprocessor */
+#undef CURL_ISOCPP
+#endif
+
+/*
+ * Macros for minimum-width signed and unsigned curl_off_t integer constants.
+ */
+
+#if defined(__BORLANDC__) && (__BORLANDC__ == 0x0551)
+#  define __CURL_OFF_T_C_HLPR2(x) x
+#  define __CURL_OFF_T_C_HLPR1(x) __CURL_OFF_T_C_HLPR2(x)
+#  define CURL_OFF_T_C(Val)  __CURL_OFF_T_C_HLPR1(Val) ## \
+                             __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_T)
+#  define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \
+                             __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_TU)
+#else
+#  ifdef CURL_ISOCPP
+#    define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val ## Suffix
+#  else
+#    define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val/**/Suffix
+#  endif
+#  define __CURL_OFF_T_C_HLPR1(Val,Suffix) __CURL_OFF_T_C_HLPR2(Val,Suffix)
+#  define CURL_OFF_T_C(Val)  __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_T)
+#  define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_TU)
+#endif
+
+/*
+ * Get rid of macros private to this header file.
+ */
+
+#undef CurlchkszEQ
+#undef CurlchkszGE
+
+/*
+ * Get rid of macros not intended to exist beyond this point.
+ */
+
+#undef CURL_PULL_WS2TCPIP_H
+#undef CURL_PULL_SYS_TYPES_H
+#undef CURL_PULL_SYS_SOCKET_H
+#undef CURL_PULL_SYS_POLL_H
+#undef CURL_PULL_STDINT_H
+#undef CURL_PULL_INTTYPES_H
+
+#undef CURL_TYPEOF_CURL_SOCKLEN_T
+#undef CURL_TYPEOF_CURL_OFF_T
+
+#ifdef CURL_NO_OLDIES
+#undef CURL_FORMAT_OFF_T /* not required since 7.19.0 - obsoleted in 7.20.0 */
+#endif
+
+#endif /* __CURL_CURLRULES_H */
diff --git a/Utilities/cmcurl/curl/curlver.h b/Utilities/cmcurl/include/curl/curlver.h
index 9380022..c0cb509 100644
--- a/Utilities/cmcurl/curl/curlver.h
+++ b/Utilities/cmcurl/include/curl/curlver.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,21 +20,23 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 /* This header file contains nothing but libcurl version info, generated by
    a script at release-time. This was made its own header file in 7.11.2 */
 
+/* This is the global package copyright */
+#define LIBCURL_COPYRIGHT "1996 - 2014 Daniel Stenberg, <daniel@haxx.se>."
+
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.16.1"
+#define LIBCURL_VERSION "7.38.0"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 16
-#define LIBCURL_VERSION_PATCH 1
+#define LIBCURL_VERSION_MINOR 38
+#define LIBCURL_VERSION_PATCH 0
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -51,6 +53,17 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071001
+#define LIBCURL_VERSION_NUM 0x072600
+
+/*
+ * This is the date and time when the full source package was created. The
+ * timestamp is not stored in git, as the timestamp is properly set in the
+ * tarballs by the maketgz script.
+ *
+ * The format of the date should follow this template:
+ *
+ * "Mon Feb 12 11:35:33 UTC 2007"
+ */
+#define LIBCURL_TIMESTAMP "DEV"
 
 #endif /* __CURL_CURLVER_H */
diff --git a/Utilities/cmcurl/curl/easy.h b/Utilities/cmcurl/include/curl/easy.h
index 17de210..c1e3e76 100644
--- a/Utilities/cmcurl/curl/easy.h
+++ b/Utilities/cmcurl/include/curl/easy.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 #ifdef  __cplusplus
 extern "C" {
@@ -54,8 +53,8 @@ CURL_EXTERN CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...);
  *
  * Creates a new curl session handle with the same options set for the handle
  * passed in. Duplicating a handle could only be a matter of cloning data and
- * options, internal state info and things like persistant connections cannot
- * be transfered. It is useful in multithreaded applications when you can run
+ * options, internal state info and things like persistent connections cannot
+ * be transferred. It is useful in multithreaded applications when you can run
  * curl_easy_duphandle() for each new thread to avoid a series of identical
  * curl_easy_setopt() invokes in every thread.
  */
@@ -74,6 +73,28 @@ CURL_EXTERN CURL* curl_easy_duphandle(CURL *curl);
  */
 CURL_EXTERN void curl_easy_reset(CURL *curl);
 
+/*
+ * NAME curl_easy_recv()
+ *
+ * DESCRIPTION
+ *
+ * Receives data from the connected socket. Use after successful
+ * curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
+ */
+CURL_EXTERN CURLcode curl_easy_recv(CURL *curl, void *buffer, size_t buflen,
+                                    size_t *n);
+
+/*
+ * NAME curl_easy_send()
+ *
+ * DESCRIPTION
+ *
+ * Sends data over the connected socket. Use after successful
+ * curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
+ */
+CURL_EXTERN CURLcode curl_easy_send(CURL *curl, const void *buffer,
+                                    size_t buflen, size_t *n);
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/Utilities/cmcurl/curl/mprintf.h b/Utilities/cmcurl/include/curl/mprintf.h
index 5c52688..cc9e7f5 100644
--- a/Utilities/cmcurl/curl/mprintf.h
+++ b/Utilities/cmcurl/include/curl/mprintf.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 #include <stdarg.h>
@@ -35,11 +34,13 @@ extern "C" {
 CURL_EXTERN int curl_mprintf(const char *format, ...);
 CURL_EXTERN int curl_mfprintf(FILE *fd, const char *format, ...);
 CURL_EXTERN int curl_msprintf(char *buffer, const char *format, ...);
-CURL_EXTERN int curl_msnprintf(char *buffer, size_t maxlength, const char *format, ...);
+CURL_EXTERN int curl_msnprintf(char *buffer, size_t maxlength,
+                               const char *format, ...);
 CURL_EXTERN int curl_mvprintf(const char *format, va_list args);
 CURL_EXTERN int curl_mvfprintf(FILE *fd, const char *format, va_list args);
 CURL_EXTERN int curl_mvsprintf(char *buffer, const char *format, va_list args);
-CURL_EXTERN int curl_mvsnprintf(char *buffer, size_t maxlength, const char *format, va_list args);
+CURL_EXTERN int curl_mvsnprintf(char *buffer, size_t maxlength,
+                                const char *format, va_list args);
 CURL_EXTERN char *curl_maprintf(const char *format, ...);
 CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);
 
@@ -57,7 +58,7 @@ CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);
 # define printf curl_mprintf
 # define fprintf curl_mfprintf
 #ifdef CURLDEBUG
-/* When built with CURLDEBUG we define away the sprintf() functions since we
+/* When built with CURLDEBUG we define away the sprintf functions since we
    don't want internal code to be using them */
 # define sprintf sprintf_was_used
 # define vsprintf vsprintf_was_used
diff --git a/Utilities/cmcurl/curl/multi.h b/Utilities/cmcurl/include/curl/multi.h
index 1b66747..10d6006 100644
--- a/Utilities/cmcurl/curl/multi.h
+++ b/Utilities/cmcurl/include/curl/multi.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 /*
   This is an "external" header file. Don't give away any internals here!
@@ -65,6 +64,8 @@ typedef enum {
   CURLM_INTERNAL_ERROR,  /* this is a libcurl bug */
   CURLM_BAD_SOCKET,      /* the passed in socket argument did not match */
   CURLM_UNKNOWN_OPTION,  /* curl_multi_setopt() with unsupported option */
+  CURLM_ADDED_ALREADY,   /* an easy handle already added to a multi handle was
+                            attempted to get added - again */
   CURLM_LAST
 } CURLMcode;
 
@@ -90,6 +91,19 @@ struct CURLMsg {
 };
 typedef struct CURLMsg CURLMsg;
 
+/* Based on poll(2) structure and values.
+ * We don't use pollfd and POLL* constants explicitly
+ * to cover platforms without poll(). */
+#define CURL_WAIT_POLLIN    0x0001
+#define CURL_WAIT_POLLPRI   0x0002
+#define CURL_WAIT_POLLOUT   0x0004
+
+struct curl_waitfd {
+  curl_socket_t fd;
+  short events;
+  short revents; /* not supported yet */
+};
+
 /*
  * Name:    curl_multi_init()
  *
@@ -134,6 +148,20 @@ CURL_EXTERN CURLMcode curl_multi_fdset(CURLM *multi_handle,
                                        fd_set *exc_fd_set,
                                        int *max_fd);
 
+/*
+ * Name:     curl_multi_wait()
+ *
+ * Desc:     Poll on all fds within a CURLM set as well as any
+ *           additional fds passed to the function.
+ *
+ * Returns:  CURLMcode type, general multi error code.
+ */
+CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle,
+                                      struct curl_waitfd extra_fds[],
+                                      unsigned int extra_nfds,
+                                      int timeout_ms,
+                                      int *ret);
+
  /*
   * Name:    curl_multi_perform()
   *
@@ -224,6 +252,10 @@ CURL_EXTERN const char *curl_multi_strerror(CURLMcode);
 
 #define CURL_SOCKET_TIMEOUT CURL_SOCKET_BAD
 
+#define CURL_CSELECT_IN   0x01
+#define CURL_CSELECT_OUT  0x02
+#define CURL_CSELECT_ERR  0x04
+
 typedef int (*curl_socket_callback)(CURL *easy,      /* easy handle */
                                     curl_socket_t s, /* socket */
                                     int what,        /* see above */
@@ -249,9 +281,21 @@ typedef int (*curl_multi_timer_callback)(CURLM *multi,    /* multi handle */
 CURL_EXTERN CURLMcode curl_multi_socket(CURLM *multi_handle, curl_socket_t s,
                                         int *running_handles);
 
+CURL_EXTERN CURLMcode curl_multi_socket_action(CURLM *multi_handle,
+                                               curl_socket_t s,
+                                               int ev_bitmask,
+                                               int *running_handles);
+
 CURL_EXTERN CURLMcode curl_multi_socket_all(CURLM *multi_handle,
                                             int *running_handles);
 
+#ifndef CURL_ALLOW_OLD_MULTI_SOCKET
+/* This macro below was added in 7.16.3 to push users who recompile to use
+   the new curl_multi_socket_action() instead of the old curl_multi_socket()
+*/
+#define curl_multi_socket(x,y,z) curl_multi_socket_action(x,y,0,z)
+#endif
+
 /*
  * Name:    curl_multi_timeout()
  *
@@ -267,7 +311,7 @@ CURL_EXTERN CURLMcode curl_multi_timeout(CURLM *multi_handle,
 #undef CINIT /* re-using the same name as in curl.h */
 
 #ifdef CURL_ISOCPP
-#define CINIT(name,type,number) CURLMOPT_ ## name = CURLOPTTYPE_ ## type + number
+#define CINIT(name,type,num) CURLMOPT_ ## name = CURLOPTTYPE_ ## type + num
 #else
 /* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */
 #define LONG          CURLOPTTYPE_LONG
@@ -293,6 +337,34 @@ typedef enum {
   /* This is the argument passed to the timer callback */
   CINIT(TIMERDATA, OBJECTPOINT, 5),
 
+  /* maximum number of entries in the connection cache */
+  CINIT(MAXCONNECTS, LONG, 6),
+
+  /* maximum number of (pipelining) connections to one host */
+  CINIT(MAX_HOST_CONNECTIONS, LONG, 7),
+
+  /* maximum number of requests in a pipeline */
+  CINIT(MAX_PIPELINE_LENGTH, LONG, 8),
+
+  /* a connection with a content-length longer than this
+     will not be considered for pipelining */
+  CINIT(CONTENT_LENGTH_PENALTY_SIZE, OFF_T, 9),
+
+  /* a connection with a chunk length longer than this
+     will not be considered for pipelining */
+  CINIT(CHUNK_LENGTH_PENALTY_SIZE, OFF_T, 10),
+
+  /* a list of site names(+port) that are blacklisted from
+     pipelining */
+  CINIT(PIPELINING_SITE_BL, OBJECTPOINT, 11),
+
+  /* a list of server types that are blacklisted from
+     pipelining */
+  CINIT(PIPELINING_SERVER_BL, OBJECTPOINT, 12),
+
+  /* maximum number of open connections in total */
+  CINIT(MAX_TOTAL_CONNECTIONS, LONG, 13),
+
   CURLMOPT_LASTENTRY /* the last unused */
 } CURLMoption;
 
diff --git a/Utilities/cmcurl/curl/stdcheaders.h b/Utilities/cmcurl/include/curl/stdcheaders.h
index 11c1e2f..ad82ef6 100644
--- a/Utilities/cmcurl/curl/stdcheaders.h
+++ b/Utilities/cmcurl/include/curl/stdcheaders.h
@@ -1,18 +1,18 @@
 #ifndef __STDC_HEADERS_H
 #define __STDC_HEADERS_H
 /***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
+ *
  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  * copies of the Software, and permit persons to whom the Software is
  * furnished to do so, under the terms of the COPYING file.
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 #include <sys/types.h>
@@ -31,4 +30,4 @@ size_t fwrite (const void *, size_t, size_t, FILE *);
 int strcasecmp(const char *, const char *);
 int strncasecmp(const char *, const char *, size_t);
 
-#endif
+#endif /* __STDC_HEADERS_H */
diff --git a/Utilities/cmcurl/include/curl/typecheck-gcc.h b/Utilities/cmcurl/include/curl/typecheck-gcc.h
new file mode 100644
index 0000000..69d41a2
--- /dev/null
+++ b/Utilities/cmcurl/include/curl/typecheck-gcc.h
@@ -0,0 +1,610 @@
+#ifndef __CURL_TYPECHECK_GCC_H
+#define __CURL_TYPECHECK_GCC_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* wraps curl_easy_setopt() with typechecking */
+
+/* To add a new kind of warning, add an
+ *   if(_curl_is_sometype_option(_curl_opt))
+ *     if(!_curl_is_sometype(value))
+ *       _curl_easy_setopt_err_sometype();
+ * block and define _curl_is_sometype_option, _curl_is_sometype and
+ * _curl_easy_setopt_err_sometype below
+ *
+ * NOTE: We use two nested 'if' statements here instead of the && operator, in
+ *       order to work around gcc bug #32061.  It affects only gcc 4.3.x/4.4.x
+ *       when compiling with -Wlogical-op.
+ *
+ * To add an option that uses the same type as an existing option, you'll just
+ * need to extend the appropriate _curl_*_option macro
+ */
+#define curl_easy_setopt(handle, option, value)                               \
+__extension__ ({                                                              \
+  __typeof__ (option) _curl_opt = option;                                     \
+  if(__builtin_constant_p(_curl_opt)) {                                       \
+    if(_curl_is_long_option(_curl_opt))                                       \
+      if(!_curl_is_long(value))                                               \
+        _curl_easy_setopt_err_long();                                         \
+    if(_curl_is_off_t_option(_curl_opt))                                      \
+      if(!_curl_is_off_t(value))                                              \
+        _curl_easy_setopt_err_curl_off_t();                                   \
+    if(_curl_is_string_option(_curl_opt))                                     \
+      if(!_curl_is_string(value))                                             \
+        _curl_easy_setopt_err_string();                                       \
+    if(_curl_is_write_cb_option(_curl_opt))                                   \
+      if(!_curl_is_write_cb(value))                                           \
+        _curl_easy_setopt_err_write_callback();                               \
+    if((_curl_opt) == CURLOPT_READFUNCTION)                                   \
+      if(!_curl_is_read_cb(value))                                            \
+        _curl_easy_setopt_err_read_cb();                                      \
+    if((_curl_opt) == CURLOPT_IOCTLFUNCTION)                                  \
+      if(!_curl_is_ioctl_cb(value))                                           \
+        _curl_easy_setopt_err_ioctl_cb();                                     \
+    if((_curl_opt) == CURLOPT_SOCKOPTFUNCTION)                                \
+      if(!_curl_is_sockopt_cb(value))                                         \
+        _curl_easy_setopt_err_sockopt_cb();                                   \
+    if((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION)                             \
+      if(!_curl_is_opensocket_cb(value))                                      \
+        _curl_easy_setopt_err_opensocket_cb();                                \
+    if((_curl_opt) == CURLOPT_PROGRESSFUNCTION)                               \
+      if(!_curl_is_progress_cb(value))                                        \
+        _curl_easy_setopt_err_progress_cb();                                  \
+    if((_curl_opt) == CURLOPT_DEBUGFUNCTION)                                  \
+      if(!_curl_is_debug_cb(value))                                           \
+        _curl_easy_setopt_err_debug_cb();                                     \
+    if((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION)                               \
+      if(!_curl_is_ssl_ctx_cb(value))                                         \
+        _curl_easy_setopt_err_ssl_ctx_cb();                                   \
+    if(_curl_is_conv_cb_option(_curl_opt))                                    \
+      if(!_curl_is_conv_cb(value))                                            \
+        _curl_easy_setopt_err_conv_cb();                                      \
+    if((_curl_opt) == CURLOPT_SEEKFUNCTION)                                   \
+      if(!_curl_is_seek_cb(value))                                            \
+        _curl_easy_setopt_err_seek_cb();                                      \
+    if(_curl_is_cb_data_option(_curl_opt))                                    \
+      if(!_curl_is_cb_data(value))                                            \
+        _curl_easy_setopt_err_cb_data();                                      \
+    if((_curl_opt) == CURLOPT_ERRORBUFFER)                                    \
+      if(!_curl_is_error_buffer(value))                                       \
+        _curl_easy_setopt_err_error_buffer();                                 \
+    if((_curl_opt) == CURLOPT_STDERR)                                         \
+      if(!_curl_is_FILE(value))                                               \
+        _curl_easy_setopt_err_FILE();                                         \
+    if(_curl_is_postfields_option(_curl_opt))                                 \
+      if(!_curl_is_postfields(value))                                         \
+        _curl_easy_setopt_err_postfields();                                   \
+    if((_curl_opt) == CURLOPT_HTTPPOST)                                       \
+      if(!_curl_is_arr((value), struct curl_httppost))                        \
+        _curl_easy_setopt_err_curl_httpost();                                 \
+    if(_curl_is_slist_option(_curl_opt))                                      \
+      if(!_curl_is_arr((value), struct curl_slist))                           \
+        _curl_easy_setopt_err_curl_slist();                                   \
+    if((_curl_opt) == CURLOPT_SHARE)                                          \
+      if(!_curl_is_ptr((value), CURLSH))                                      \
+        _curl_easy_setopt_err_CURLSH();                                       \
+  }                                                                           \
+  curl_easy_setopt(handle, _curl_opt, value);                                 \
+})
+
+/* wraps curl_easy_getinfo() with typechecking */
+/* FIXME: don't allow const pointers */
+#define curl_easy_getinfo(handle, info, arg)                                  \
+__extension__ ({                                                              \
+  __typeof__ (info) _curl_info = info;                                        \
+  if(__builtin_constant_p(_curl_info)) {                                      \
+    if(_curl_is_string_info(_curl_info))                                      \
+      if(!_curl_is_arr((arg), char *))                                        \
+        _curl_easy_getinfo_err_string();                                      \
+    if(_curl_is_long_info(_curl_info))                                        \
+      if(!_curl_is_arr((arg), long))                                          \
+        _curl_easy_getinfo_err_long();                                        \
+    if(_curl_is_double_info(_curl_info))                                      \
+      if(!_curl_is_arr((arg), double))                                        \
+        _curl_easy_getinfo_err_double();                                      \
+    if(_curl_is_slist_info(_curl_info))                                       \
+      if(!_curl_is_arr((arg), struct curl_slist *))                           \
+        _curl_easy_getinfo_err_curl_slist();                                  \
+  }                                                                           \
+  curl_easy_getinfo(handle, _curl_info, arg);                                 \
+})
+
+/* TODO: typechecking for curl_share_setopt() and curl_multi_setopt(),
+ * for now just make sure that the functions are called with three
+ * arguments
+ */
+#define curl_share_setopt(share,opt,param) curl_share_setopt(share,opt,param)
+#define curl_multi_setopt(handle,opt,param) curl_multi_setopt(handle,opt,param)
+
+
+/* the actual warnings, triggered by calling the _curl_easy_setopt_err*
+ * functions */
+
+/* To define a new warning, use _CURL_WARNING(identifier, "message") */
+#define _CURL_WARNING(id, message)                                            \
+  static void __attribute__((__warning__(message)))                           \
+  __attribute__((__unused__)) __attribute__((__noinline__))                   \
+  id(void) { __asm__(""); }
+
+_CURL_WARNING(_curl_easy_setopt_err_long,
+  "curl_easy_setopt expects a long argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_curl_off_t,
+  "curl_easy_setopt expects a curl_off_t argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_string,
+              "curl_easy_setopt expects a "
+              "string (char* or char[]) argument for this option"
+  )
+_CURL_WARNING(_curl_easy_setopt_err_write_callback,
+  "curl_easy_setopt expects a curl_write_callback argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_read_cb,
+  "curl_easy_setopt expects a curl_read_callback argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_ioctl_cb,
+  "curl_easy_setopt expects a curl_ioctl_callback argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_sockopt_cb,
+  "curl_easy_setopt expects a curl_sockopt_callback argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_opensocket_cb,
+              "curl_easy_setopt expects a "
+              "curl_opensocket_callback argument for this option"
+  )
+_CURL_WARNING(_curl_easy_setopt_err_progress_cb,
+  "curl_easy_setopt expects a curl_progress_callback argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_debug_cb,
+  "curl_easy_setopt expects a curl_debug_callback argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_ssl_ctx_cb,
+  "curl_easy_setopt expects a curl_ssl_ctx_callback argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_conv_cb,
+  "curl_easy_setopt expects a curl_conv_callback argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_seek_cb,
+  "curl_easy_setopt expects a curl_seek_callback argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_cb_data,
+              "curl_easy_setopt expects a "
+              "private data pointer as argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_error_buffer,
+              "curl_easy_setopt expects a "
+              "char buffer of CURL_ERROR_SIZE as argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_FILE,
+  "curl_easy_setopt expects a FILE* argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_postfields,
+  "curl_easy_setopt expects a void* or char* argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_curl_httpost,
+  "curl_easy_setopt expects a struct curl_httppost* argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_curl_slist,
+  "curl_easy_setopt expects a struct curl_slist* argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_CURLSH,
+  "curl_easy_setopt expects a CURLSH* argument for this option")
+
+_CURL_WARNING(_curl_easy_getinfo_err_string,
+  "curl_easy_getinfo expects a pointer to char * for this info")
+_CURL_WARNING(_curl_easy_getinfo_err_long,
+  "curl_easy_getinfo expects a pointer to long for this info")
+_CURL_WARNING(_curl_easy_getinfo_err_double,
+  "curl_easy_getinfo expects a pointer to double for this info")
+_CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
+  "curl_easy_getinfo expects a pointer to struct curl_slist * for this info")
+
+/* groups of curl_easy_setops options that take the same type of argument */
+
+/* To add a new option to one of the groups, just add
+ *   (option) == CURLOPT_SOMETHING
+ * to the or-expression. If the option takes a long or curl_off_t, you don't
+ * have to do anything
+ */
+
+/* evaluates to true if option takes a long argument */
+#define _curl_is_long_option(option)                                          \
+  (0 < (option) && (option) < CURLOPTTYPE_OBJECTPOINT)
+
+#define _curl_is_off_t_option(option)                                         \
+  ((option) > CURLOPTTYPE_OFF_T)
+
+/* evaluates to true if option takes a char* argument */
+#define _curl_is_string_option(option)                                        \
+  ((option) == CURLOPT_URL ||                                                 \
+   (option) == CURLOPT_PROXY ||                                               \
+   (option) == CURLOPT_INTERFACE ||                                           \
+   (option) == CURLOPT_NETRC_FILE ||                                          \
+   (option) == CURLOPT_USERPWD ||                                             \
+   (option) == CURLOPT_USERNAME ||                                            \
+   (option) == CURLOPT_PASSWORD ||                                            \
+   (option) == CURLOPT_PROXYUSERPWD ||                                        \
+   (option) == CURLOPT_PROXYUSERNAME ||                                       \
+   (option) == CURLOPT_PROXYPASSWORD ||                                       \
+   (option) == CURLOPT_NOPROXY ||                                             \
+   (option) == CURLOPT_ACCEPT_ENCODING ||                                     \
+   (option) == CURLOPT_REFERER ||                                             \
+   (option) == CURLOPT_USERAGENT ||                                           \
+   (option) == CURLOPT_COOKIE ||                                              \
+   (option) == CURLOPT_COOKIEFILE ||                                          \
+   (option) == CURLOPT_COOKIEJAR ||                                           \
+   (option) == CURLOPT_COOKIELIST ||                                          \
+   (option) == CURLOPT_FTPPORT ||                                             \
+   (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER ||                             \
+   (option) == CURLOPT_FTP_ACCOUNT ||                                         \
+   (option) == CURLOPT_RANGE ||                                               \
+   (option) == CURLOPT_CUSTOMREQUEST ||                                       \
+   (option) == CURLOPT_SSLCERT ||                                             \
+   (option) == CURLOPT_SSLCERTTYPE ||                                         \
+   (option) == CURLOPT_SSLKEY ||                                              \
+   (option) == CURLOPT_SSLKEYTYPE ||                                          \
+   (option) == CURLOPT_KEYPASSWD ||                                           \
+   (option) == CURLOPT_SSLENGINE ||                                           \
+   (option) == CURLOPT_CAINFO ||                                              \
+   (option) == CURLOPT_CAPATH ||                                              \
+   (option) == CURLOPT_RANDOM_FILE ||                                         \
+   (option) == CURLOPT_EGDSOCKET ||                                           \
+   (option) == CURLOPT_SSL_CIPHER_LIST ||                                     \
+   (option) == CURLOPT_KRBLEVEL ||                                            \
+   (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 ||                             \
+   (option) == CURLOPT_SSH_PUBLIC_KEYFILE ||                                  \
+   (option) == CURLOPT_SSH_PRIVATE_KEYFILE ||                                 \
+   (option) == CURLOPT_CRLFILE ||                                             \
+   (option) == CURLOPT_ISSUERCERT ||                                          \
+   (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE ||                               \
+   (option) == CURLOPT_SSH_KNOWNHOSTS ||                                      \
+   (option) == CURLOPT_MAIL_FROM ||                                           \
+   (option) == CURLOPT_RTSP_SESSION_ID ||                                     \
+   (option) == CURLOPT_RTSP_STREAM_URI ||                                     \
+   (option) == CURLOPT_RTSP_TRANSPORT ||                                      \
+   (option) == CURLOPT_XOAUTH2_BEARER ||                                      \
+   (option) == CURLOPT_DNS_SERVERS ||                                         \
+   (option) == CURLOPT_DNS_INTERFACE ||                                       \
+   (option) == CURLOPT_DNS_LOCAL_IP4 ||                                       \
+   (option) == CURLOPT_DNS_LOCAL_IP6 ||                                       \
+   (option) == CURLOPT_LOGIN_OPTIONS ||                                       \
+   0)
+
+/* evaluates to true if option takes a curl_write_callback argument */
+#define _curl_is_write_cb_option(option)                                      \
+  ((option) == CURLOPT_HEADERFUNCTION ||                                      \
+   (option) == CURLOPT_WRITEFUNCTION)
+
+/* evaluates to true if option takes a curl_conv_callback argument */
+#define _curl_is_conv_cb_option(option)                                       \
+  ((option) == CURLOPT_CONV_TO_NETWORK_FUNCTION ||                            \
+   (option) == CURLOPT_CONV_FROM_NETWORK_FUNCTION ||                          \
+   (option) == CURLOPT_CONV_FROM_UTF8_FUNCTION)
+
+/* evaluates to true if option takes a data argument to pass to a callback */
+#define _curl_is_cb_data_option(option)                                       \
+  ((option) == CURLOPT_WRITEDATA ||                                           \
+   (option) == CURLOPT_READDATA ||                                            \
+   (option) == CURLOPT_IOCTLDATA ||                                           \
+   (option) == CURLOPT_SOCKOPTDATA ||                                         \
+   (option) == CURLOPT_OPENSOCKETDATA ||                                      \
+   (option) == CURLOPT_PROGRESSDATA ||                                        \
+   (option) == CURLOPT_HEADERDATA ||                                         \
+   (option) == CURLOPT_DEBUGDATA ||                                           \
+   (option) == CURLOPT_SSL_CTX_DATA ||                                        \
+   (option) == CURLOPT_SEEKDATA ||                                            \
+   (option) == CURLOPT_PRIVATE ||                                             \
+   (option) == CURLOPT_SSH_KEYDATA ||                                         \
+   (option) == CURLOPT_INTERLEAVEDATA ||                                      \
+   (option) == CURLOPT_CHUNK_DATA ||                                          \
+   (option) == CURLOPT_FNMATCH_DATA ||                                        \
+   0)
+
+/* evaluates to true if option takes a POST data argument (void* or char*) */
+#define _curl_is_postfields_option(option)                                    \
+  ((option) == CURLOPT_POSTFIELDS ||                                          \
+   (option) == CURLOPT_COPYPOSTFIELDS ||                                      \
+   0)
+
+/* evaluates to true if option takes a struct curl_slist * argument */
+#define _curl_is_slist_option(option)                                         \
+  ((option) == CURLOPT_HTTPHEADER ||                                          \
+   (option) == CURLOPT_HTTP200ALIASES ||                                      \
+   (option) == CURLOPT_QUOTE ||                                               \
+   (option) == CURLOPT_POSTQUOTE ||                                           \
+   (option) == CURLOPT_PREQUOTE ||                                            \
+   (option) == CURLOPT_TELNETOPTIONS ||                                       \
+   (option) == CURLOPT_MAIL_RCPT ||                                           \
+   0)
+
+/* groups of curl_easy_getinfo infos that take the same type of argument */
+
+/* evaluates to true if info expects a pointer to char * argument */
+#define _curl_is_string_info(info)                                            \
+  (CURLINFO_STRING < (info) && (info) < CURLINFO_LONG)
+
+/* evaluates to true if info expects a pointer to long argument */
+#define _curl_is_long_info(info)                                              \
+  (CURLINFO_LONG < (info) && (info) < CURLINFO_DOUBLE)
+
+/* evaluates to true if info expects a pointer to double argument */
+#define _curl_is_double_info(info)                                            \
+  (CURLINFO_DOUBLE < (info) && (info) < CURLINFO_SLIST)
+
+/* true if info expects a pointer to struct curl_slist * argument */
+#define _curl_is_slist_info(info)                                             \
+  (CURLINFO_SLIST < (info))
+
+
+/* typecheck helpers -- check whether given expression has requested type*/
+
+/* For pointers, you can use the _curl_is_ptr/_curl_is_arr macros,
+ * otherwise define a new macro. Search for __builtin_types_compatible_p
+ * in the GCC manual.
+ * NOTE: these macros MUST NOT EVALUATE their arguments! The argument is
+ * the actual expression passed to the curl_easy_setopt macro. This
+ * means that you can only apply the sizeof and __typeof__ operators, no
+ * == or whatsoever.
+ */
+
+/* XXX: should evaluate to true iff expr is a pointer */
+#define _curl_is_any_ptr(expr)                                                \
+  (sizeof(expr) == sizeof(void*))
+
+/* evaluates to true if expr is NULL */
+/* XXX: must not evaluate expr, so this check is not accurate */
+#define _curl_is_NULL(expr)                                                   \
+  (__builtin_types_compatible_p(__typeof__(expr), __typeof__(NULL)))
+
+/* evaluates to true if expr is type*, const type* or NULL */
+#define _curl_is_ptr(expr, type)                                              \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), type *) ||                  \
+   __builtin_types_compatible_p(__typeof__(expr), const type *))
+
+/* evaluates to true if expr is one of type[], type*, NULL or const type* */
+#define _curl_is_arr(expr, type)                                              \
+  (_curl_is_ptr((expr), type) ||                                              \
+   __builtin_types_compatible_p(__typeof__(expr), type []))
+
+/* evaluates to true if expr is a string */
+#define _curl_is_string(expr)                                                 \
+  (_curl_is_arr((expr), char) ||                                              \
+   _curl_is_arr((expr), signed char) ||                                       \
+   _curl_is_arr((expr), unsigned char))
+
+/* evaluates to true if expr is a long (no matter the signedness)
+ * XXX: for now, int is also accepted (and therefore short and char, which
+ * are promoted to int when passed to a variadic function) */
+#define _curl_is_long(expr)                                                   \
+  (__builtin_types_compatible_p(__typeof__(expr), long) ||                    \
+   __builtin_types_compatible_p(__typeof__(expr), signed long) ||             \
+   __builtin_types_compatible_p(__typeof__(expr), unsigned long) ||           \
+   __builtin_types_compatible_p(__typeof__(expr), int) ||                     \
+   __builtin_types_compatible_p(__typeof__(expr), signed int) ||              \
+   __builtin_types_compatible_p(__typeof__(expr), unsigned int) ||            \
+   __builtin_types_compatible_p(__typeof__(expr), short) ||                   \
+   __builtin_types_compatible_p(__typeof__(expr), signed short) ||            \
+   __builtin_types_compatible_p(__typeof__(expr), unsigned short) ||          \
+   __builtin_types_compatible_p(__typeof__(expr), char) ||                    \
+   __builtin_types_compatible_p(__typeof__(expr), signed char) ||             \
+   __builtin_types_compatible_p(__typeof__(expr), unsigned char))
+
+/* evaluates to true if expr is of type curl_off_t */
+#define _curl_is_off_t(expr)                                                  \
+  (__builtin_types_compatible_p(__typeof__(expr), curl_off_t))
+
+/* evaluates to true if expr is abuffer suitable for CURLOPT_ERRORBUFFER */
+/* XXX: also check size of an char[] array? */
+#define _curl_is_error_buffer(expr)                                           \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), char *) ||                  \
+   __builtin_types_compatible_p(__typeof__(expr), char[]))
+
+/* evaluates to true if expr is of type (const) void* or (const) FILE* */
+#if 0
+#define _curl_is_cb_data(expr)                                                \
+  (_curl_is_ptr((expr), void) ||                                              \
+   _curl_is_ptr((expr), FILE))
+#else /* be less strict */
+#define _curl_is_cb_data(expr)                                                \
+  _curl_is_any_ptr(expr)
+#endif
+
+/* evaluates to true if expr is of type FILE* */
+#define _curl_is_FILE(expr)                                                   \
+  (__builtin_types_compatible_p(__typeof__(expr), FILE *))
+
+/* evaluates to true if expr can be passed as POST data (void* or char*) */
+#define _curl_is_postfields(expr)                                             \
+  (_curl_is_ptr((expr), void) ||                                              \
+   _curl_is_arr((expr), char))
+
+/* FIXME: the whole callback checking is messy...
+ * The idea is to tolerate char vs. void and const vs. not const
+ * pointers in arguments at least
+ */
+/* helper: __builtin_types_compatible_p distinguishes between functions and
+ * function pointers, hide it */
+#define _curl_callback_compatible(func, type)                                 \
+  (__builtin_types_compatible_p(__typeof__(func), type) ||                    \
+   __builtin_types_compatible_p(__typeof__(func), type*))
+
+/* evaluates to true if expr is of type curl_read_callback or "similar" */
+#define _curl_is_read_cb(expr)                                          \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), __typeof__(fread)) ||       \
+   __builtin_types_compatible_p(__typeof__(expr), curl_read_callback) ||      \
+   _curl_callback_compatible((expr), _curl_read_callback1) ||                 \
+   _curl_callback_compatible((expr), _curl_read_callback2) ||                 \
+   _curl_callback_compatible((expr), _curl_read_callback3) ||                 \
+   _curl_callback_compatible((expr), _curl_read_callback4) ||                 \
+   _curl_callback_compatible((expr), _curl_read_callback5) ||                 \
+   _curl_callback_compatible((expr), _curl_read_callback6))
+typedef size_t (_curl_read_callback1)(char *, size_t, size_t, void*);
+typedef size_t (_curl_read_callback2)(char *, size_t, size_t, const void*);
+typedef size_t (_curl_read_callback3)(char *, size_t, size_t, FILE*);
+typedef size_t (_curl_read_callback4)(void *, size_t, size_t, void*);
+typedef size_t (_curl_read_callback5)(void *, size_t, size_t, const void*);
+typedef size_t (_curl_read_callback6)(void *, size_t, size_t, FILE*);
+
+/* evaluates to true if expr is of type curl_write_callback or "similar" */
+#define _curl_is_write_cb(expr)                                               \
+  (_curl_is_read_cb(expr) ||                                            \
+   __builtin_types_compatible_p(__typeof__(expr), __typeof__(fwrite)) ||      \
+   __builtin_types_compatible_p(__typeof__(expr), curl_write_callback) ||     \
+   _curl_callback_compatible((expr), _curl_write_callback1) ||                \
+   _curl_callback_compatible((expr), _curl_write_callback2) ||                \
+   _curl_callback_compatible((expr), _curl_write_callback3) ||                \
+   _curl_callback_compatible((expr), _curl_write_callback4) ||                \
+   _curl_callback_compatible((expr), _curl_write_callback5) ||                \
+   _curl_callback_compatible((expr), _curl_write_callback6))
+typedef size_t (_curl_write_callback1)(const char *, size_t, size_t, void*);
+typedef size_t (_curl_write_callback2)(const char *, size_t, size_t,
+                                       const void*);
+typedef size_t (_curl_write_callback3)(const char *, size_t, size_t, FILE*);
+typedef size_t (_curl_write_callback4)(const void *, size_t, size_t, void*);
+typedef size_t (_curl_write_callback5)(const void *, size_t, size_t,
+                                       const void*);
+typedef size_t (_curl_write_callback6)(const void *, size_t, size_t, FILE*);
+
+/* evaluates to true if expr is of type curl_ioctl_callback or "similar" */
+#define _curl_is_ioctl_cb(expr)                                         \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), curl_ioctl_callback) ||     \
+   _curl_callback_compatible((expr), _curl_ioctl_callback1) ||                \
+   _curl_callback_compatible((expr), _curl_ioctl_callback2) ||                \
+   _curl_callback_compatible((expr), _curl_ioctl_callback3) ||                \
+   _curl_callback_compatible((expr), _curl_ioctl_callback4))
+typedef curlioerr (_curl_ioctl_callback1)(CURL *, int, void*);
+typedef curlioerr (_curl_ioctl_callback2)(CURL *, int, const void*);
+typedef curlioerr (_curl_ioctl_callback3)(CURL *, curliocmd, void*);
+typedef curlioerr (_curl_ioctl_callback4)(CURL *, curliocmd, const void*);
+
+/* evaluates to true if expr is of type curl_sockopt_callback or "similar" */
+#define _curl_is_sockopt_cb(expr)                                       \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), curl_sockopt_callback) ||   \
+   _curl_callback_compatible((expr), _curl_sockopt_callback1) ||              \
+   _curl_callback_compatible((expr), _curl_sockopt_callback2))
+typedef int (_curl_sockopt_callback1)(void *, curl_socket_t, curlsocktype);
+typedef int (_curl_sockopt_callback2)(const void *, curl_socket_t,
+                                      curlsocktype);
+
+/* evaluates to true if expr is of type curl_opensocket_callback or
+   "similar" */
+#define _curl_is_opensocket_cb(expr)                                    \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), curl_opensocket_callback) ||\
+   _curl_callback_compatible((expr), _curl_opensocket_callback1) ||           \
+   _curl_callback_compatible((expr), _curl_opensocket_callback2) ||           \
+   _curl_callback_compatible((expr), _curl_opensocket_callback3) ||           \
+   _curl_callback_compatible((expr), _curl_opensocket_callback4))
+typedef curl_socket_t (_curl_opensocket_callback1)
+  (void *, curlsocktype, struct curl_sockaddr *);
+typedef curl_socket_t (_curl_opensocket_callback2)
+  (void *, curlsocktype, const struct curl_sockaddr *);
+typedef curl_socket_t (_curl_opensocket_callback3)
+  (const void *, curlsocktype, struct curl_sockaddr *);
+typedef curl_socket_t (_curl_opensocket_callback4)
+  (const void *, curlsocktype, const struct curl_sockaddr *);
+
+/* evaluates to true if expr is of type curl_progress_callback or "similar" */
+#define _curl_is_progress_cb(expr)                                      \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), curl_progress_callback) ||  \
+   _curl_callback_compatible((expr), _curl_progress_callback1) ||             \
+   _curl_callback_compatible((expr), _curl_progress_callback2))
+typedef int (_curl_progress_callback1)(void *,
+    double, double, double, double);
+typedef int (_curl_progress_callback2)(const void *,
+    double, double, double, double);
+
+/* evaluates to true if expr is of type curl_debug_callback or "similar" */
+#define _curl_is_debug_cb(expr)                                         \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), curl_debug_callback) ||     \
+   _curl_callback_compatible((expr), _curl_debug_callback1) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback2) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback3) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback4) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback5) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback6) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback7) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback8))
+typedef int (_curl_debug_callback1) (CURL *,
+    curl_infotype, char *, size_t, void *);
+typedef int (_curl_debug_callback2) (CURL *,
+    curl_infotype, char *, size_t, const void *);
+typedef int (_curl_debug_callback3) (CURL *,
+    curl_infotype, const char *, size_t, void *);
+typedef int (_curl_debug_callback4) (CURL *,
+    curl_infotype, const char *, size_t, const void *);
+typedef int (_curl_debug_callback5) (CURL *,
+    curl_infotype, unsigned char *, size_t, void *);
+typedef int (_curl_debug_callback6) (CURL *,
+    curl_infotype, unsigned char *, size_t, const void *);
+typedef int (_curl_debug_callback7) (CURL *,
+    curl_infotype, const unsigned char *, size_t, void *);
+typedef int (_curl_debug_callback8) (CURL *,
+    curl_infotype, const unsigned char *, size_t, const void *);
+
+/* evaluates to true if expr is of type curl_ssl_ctx_callback or "similar" */
+/* this is getting even messier... */
+#define _curl_is_ssl_ctx_cb(expr)                                       \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), curl_ssl_ctx_callback) ||   \
+   _curl_callback_compatible((expr), _curl_ssl_ctx_callback1) ||              \
+   _curl_callback_compatible((expr), _curl_ssl_ctx_callback2) ||              \
+   _curl_callback_compatible((expr), _curl_ssl_ctx_callback3) ||              \
+   _curl_callback_compatible((expr), _curl_ssl_ctx_callback4) ||              \
+   _curl_callback_compatible((expr), _curl_ssl_ctx_callback5) ||              \
+   _curl_callback_compatible((expr), _curl_ssl_ctx_callback6) ||              \
+   _curl_callback_compatible((expr), _curl_ssl_ctx_callback7) ||              \
+   _curl_callback_compatible((expr), _curl_ssl_ctx_callback8))
+typedef CURLcode (_curl_ssl_ctx_callback1)(CURL *, void *, void *);
+typedef CURLcode (_curl_ssl_ctx_callback2)(CURL *, void *, const void *);
+typedef CURLcode (_curl_ssl_ctx_callback3)(CURL *, const void *, void *);
+typedef CURLcode (_curl_ssl_ctx_callback4)(CURL *, const void *, const void *);
+#ifdef HEADER_SSL_H
+/* hack: if we included OpenSSL's ssl.h, we know about SSL_CTX
+ * this will of course break if we're included before OpenSSL headers...
+ */
+typedef CURLcode (_curl_ssl_ctx_callback5)(CURL *, SSL_CTX, void *);
+typedef CURLcode (_curl_ssl_ctx_callback6)(CURL *, SSL_CTX, const void *);
+typedef CURLcode (_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX, void *);
+typedef CURLcode (_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX,
+                                           const void *);
+#else
+typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback5;
+typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback6;
+typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback7;
+typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback8;
+#endif
+
+/* evaluates to true if expr is of type curl_conv_callback or "similar" */
+#define _curl_is_conv_cb(expr)                                          \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), curl_conv_callback) ||      \
+   _curl_callback_compatible((expr), _curl_conv_callback1) ||                 \
+   _curl_callback_compatible((expr), _curl_conv_callback2) ||                 \
+   _curl_callback_compatible((expr), _curl_conv_callback3) ||                 \
+   _curl_callback_compatible((expr), _curl_conv_callback4))
+typedef CURLcode (*_curl_conv_callback1)(char *, size_t length);
+typedef CURLcode (*_curl_conv_callback2)(const char *, size_t length);
+typedef CURLcode (*_curl_conv_callback3)(void *, size_t length);
+typedef CURLcode (*_curl_conv_callback4)(const void *, size_t length);
+
+/* evaluates to true if expr is of type curl_seek_callback or "similar" */
+#define _curl_is_seek_cb(expr)                                          \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), curl_seek_callback) ||      \
+   _curl_callback_compatible((expr), _curl_seek_callback1) ||                 \
+   _curl_callback_compatible((expr), _curl_seek_callback2))
+typedef CURLcode (*_curl_seek_callback1)(void *, curl_off_t, int);
+typedef CURLcode (*_curl_seek_callback2)(const void *, curl_off_t, int);
+
+
+#endif /* __CURL_TYPECHECK_GCC_H */
diff --git a/Utilities/cmcurl/krb4.c b/Utilities/cmcurl/krb4.c
deleted file mode 100644
index f2b91df..0000000
--- a/Utilities/cmcurl/krb4.c
+++ /dev/null
@@ -1,425 +0,0 @@
-/* This source code was modified by Martin Hedenfalk <mhe@stacken.kth.se> for
- * use in Curl. Martin's latest changes were done 2000-09-18.
- *
- * It has since been patched away like a madman by Daniel Stenberg to make it
- * better applied to curl conditions, and to make it not use globals, pollute
- * name space and more.
- *
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * Copyright (c) 2004 - 2007 Daniel Stenberg
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Id$
- */
-
-#include "setup.h"
-
-#ifndef CURL_DISABLE_FTP
-#ifdef HAVE_KRB4
-
-#include <stdlib.h>
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#include <string.h>
-#include <krb.h>
-#include <des.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h> /* for getpid() */
-#endif
-
-#include "urldata.h"
-#include "base64.h"
-#include "ftp.h"
-#include "sendf.h"
-#include "krb4.h"
-#include "memory.h"
-
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#define LOCAL_ADDR (&conn->local_addr)
-#define REMOTE_ADDR conn->ip_addr->ai_addr
-#define myctladdr LOCAL_ADDR
-#define hisctladdr REMOTE_ADDR
-
-struct krb4_data {
-  des_cblock key;
-  des_key_schedule schedule;
-  char name[ANAME_SZ];
-  char instance[INST_SZ];
-  char realm[REALM_SZ];
-};
-
-#ifndef HAVE_STRLCPY
-/* if it ever goes non-static, make it Curl_ prefixed! */
-static size_t
-strlcpy (char *dst, const char *src, size_t dst_sz)
-{
-  size_t n;
-  char *p;
-
-  for (p = dst, n = 0;
-       n + 1 < dst_sz && *src != '\0';
-       ++p, ++src, ++n)
-    *p = *src;
-  *p = '\0';
-  if (*src == '\0')
-    return n;
-  else
-    return n + strlen (src);
-}
-#else
-size_t strlcpy (char *dst, const char *src, size_t dst_sz);
-#endif
-
-static int
-krb4_check_prot(void *app_data, int level)
-{
-  app_data = NULL; /* prevent compiler warning */
-  if(level == prot_confidential)
-    return -1;
-  return 0;
-}
-
-static int
-krb4_decode(void *app_data, void *buf, int len, int level,
-            struct connectdata *conn)
-{
-  MSG_DAT m;
-  int e;
-  struct krb4_data *d = app_data;
-
-  if(level == prot_safe)
-    e = krb_rd_safe(buf, len, &d->key,
-                    (struct sockaddr_in *)REMOTE_ADDR,
-                    (struct sockaddr_in *)LOCAL_ADDR, &m);
-  else
-    e = krb_rd_priv(buf, len, d->schedule, &d->key,
-                    (struct sockaddr_in *)REMOTE_ADDR,
-                    (struct sockaddr_in *)LOCAL_ADDR, &m);
-  if(e) {
-    struct SessionHandle *data = conn->data;
-    infof(data, "krb4_decode: %s\n", krb_get_err_text(e));
-    return -1;
-  }
-  memmove(buf, m.app_data, m.app_length);
-  return m.app_length;
-}
-
-static int
-krb4_overhead(void *app_data, int level, int len)
-{
-  /* no arguments are used, just init them to prevent compiler warnings */
-  app_data = NULL;
-  level = 0;
-  len = 0;
-  return 31;
-}
-
-static int
-krb4_encode(void *app_data, void *from, int length, int level, void **to,
-            struct connectdata *conn)
-{
-  struct krb4_data *d = app_data;
-  *to = malloc(length + 31);
-  if(level == prot_safe)
-    return krb_mk_safe(from, *to, length, &d->key,
-                       (struct sockaddr_in *)LOCAL_ADDR,
-                       (struct sockaddr_in *)REMOTE_ADDR);
-  else if(level == prot_private)
-    return krb_mk_priv(from, *to, length, d->schedule, &d->key,
-                       (struct sockaddr_in *)LOCAL_ADDR,
-                       (struct sockaddr_in *)REMOTE_ADDR);
-  else
-    return -1;
-}
-
-static int
-mk_auth(struct krb4_data *d, KTEXT adat,
-        const char *service, char *host, int checksum)
-{
-  int ret;
-  CREDENTIALS cred;
-  char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
-
-  strlcpy(sname, service, sizeof(sname));
-  strlcpy(inst, krb_get_phost(host), sizeof(inst));
-  strlcpy(realm, krb_realmofhost(host), sizeof(realm));
-  ret = krb_mk_req(adat, sname, inst, realm, checksum);
-  if(ret)
-    return ret;
-  strlcpy(sname, service, sizeof(sname));
-  strlcpy(inst, krb_get_phost(host), sizeof(inst));
-  strlcpy(realm, krb_realmofhost(host), sizeof(realm));
-  ret = krb_get_cred(sname, inst, realm, &cred);
-  memmove(&d->key, &cred.session, sizeof(des_cblock));
-  des_key_sched(&d->key, d->schedule);
-  memset(&cred, 0, sizeof(cred));
-  return ret;
-}
-
-#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
-int krb_get_our_ip_for_realm(char *, struct in_addr *);
-#endif
-
-static int
-krb4_auth(void *app_data, struct connectdata *conn)
-{
-  int ret;
-  char *p;
-  unsigned char *ptr;
-  size_t len;
-  KTEXT_ST adat;
-  MSG_DAT msg_data;
-  int checksum;
-  u_int32_t cs;
-  struct krb4_data *d = app_data;
-  char *host = conn->host.name;
-  ssize_t nread;
-  int l = sizeof(conn->local_addr);
-  struct SessionHandle *data = conn->data;
-  CURLcode result;
-
-  if(getsockname(conn->sock[FIRSTSOCKET],
-                 (struct sockaddr *)LOCAL_ADDR, &l) < 0)
-    perror("getsockname()");
-
-  checksum = getpid();
-  ret = mk_auth(d, &adat, "ftp", host, checksum);
-  if(ret == KDC_PR_UNKNOWN)
-    ret = mk_auth(d, &adat, "rcmd", host, checksum);
-  if(ret) {
-    infof(data, "%s\n", krb_get_err_text(ret));
-    return AUTH_CONTINUE;
-  }
-
-#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
-  if (krb_get_config_bool("nat_in_use")) {
-    struct sockaddr_in *localaddr  = (struct sockaddr_in *)LOCAL_ADDR;
-    struct in_addr natAddr;
-
-    if (krb_get_our_ip_for_realm(krb_realmofhost(host),
-                                 &natAddr) != KSUCCESS
-        && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
-      infof(data, "Can't get address for realm %s\n",
-                 krb_realmofhost(host));
-    else {
-      if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
-#ifdef HAVE_INET_NTOA_R
-        char ntoa_buf[64];
-        char *ip = (char *)inet_ntoa_r(natAddr, ntoa_buf, sizeof(ntoa_buf));
-#else
-        char *ip = (char *)inet_ntoa(natAddr);
-#endif
-        infof(data, "Using NAT IP address (%s) for kerberos 4\n", ip);
-        localaddr->sin_addr = natAddr;
-      }
-    }
-  }
-#endif
-
-  if(Curl_base64_encode(conn->data, (char *)adat.dat, adat.length, &p) < 1) {
-    Curl_failf(data, "Out of memory base64-encoding");
-    return AUTH_CONTINUE;
-  }
-
-  result = Curl_ftpsendf(conn, "ADAT %s", p);
-
-  free(p);
-
-  if(result)
-    return -2;
-
-  if(Curl_GetFTPResponse(&nread, conn, NULL))
-    return -1;
-
-  if(data->state.buffer[0] != '2'){
-    Curl_failf(data, "Server didn't accept auth data");
-    return AUTH_ERROR;
-  }
-
-  p = strstr(data->state.buffer, "ADAT=");
-  if(!p) {
-    Curl_failf(data, "Remote host didn't send adat reply");
-    return AUTH_ERROR;
-  }
-  p += 5;
-  len = Curl_base64_decode(p, &ptr);
-  if(len > sizeof(adat.dat)-1) {
-    free(ptr);
-    len=0;
-  }
-  if(!len || !ptr) {
-    Curl_failf(data, "Failed to decode base64 from server");
-    return AUTH_ERROR;
-  }
-  memcpy((char *)adat.dat, ptr, len);
-  free(ptr);
-  adat.length = len;
-  ret = krb_rd_safe(adat.dat, adat.length, &d->key,
-                    (struct sockaddr_in *)hisctladdr,
-                    (struct sockaddr_in *)myctladdr, &msg_data);
-  if(ret) {
-    Curl_failf(data, "Error reading reply from server: %s",
-               krb_get_err_text(ret));
-    return AUTH_ERROR;
-  }
-  krb_get_int(msg_data.app_data, &cs, 4, 0);
-  if(cs - checksum != 1) {
-    Curl_failf(data, "Bad checksum returned from server");
-    return AUTH_ERROR;
-  }
-  return AUTH_OK;
-}
-
-struct Curl_sec_client_mech Curl_krb4_client_mech = {
-    "KERBEROS_V4",
-    sizeof(struct krb4_data),
-    NULL, /* init */
-    krb4_auth,
-    NULL, /* end */
-    krb4_check_prot,
-    krb4_overhead,
-    krb4_encode,
-    krb4_decode
-};
-
-CURLcode Curl_krb_kauth(struct connectdata *conn)
-{
-  des_cblock key;
-  des_key_schedule schedule;
-  KTEXT_ST tkt, tktcopy;
-  char *name;
-  char *p;
-  char passwd[100];
-  size_t tmp;
-  ssize_t nread;
-  int save;
-  CURLcode result;
-  unsigned char *ptr;
-
-  save = Curl_set_command_prot(conn, prot_private);
-
-  result = Curl_ftpsendf(conn, "SITE KAUTH %s", conn->user);
-
-  if(result)
-    return result;
-
-  result = Curl_GetFTPResponse(&nread, conn, NULL);
-  if(result)
-    return result;
-
-  if(conn->data->state.buffer[0] != '3'){
-    Curl_set_command_prot(conn, save);
-    return CURLE_FTP_WEIRD_SERVER_REPLY;
-  }
-
-  p = strstr(conn->data->state.buffer, "T=");
-  if(!p) {
-    Curl_failf(conn->data, "Bad reply from server");
-    Curl_set_command_prot(conn, save);
-    return CURLE_FTP_WEIRD_SERVER_REPLY;
-  }
-
-  p += 2;
-  tmp = Curl_base64_decode(p, &ptr);
-  if(tmp >= sizeof(tkt.dat)) {
-    free(ptr);
-    tmp=0;
-  }
-  if(!tmp || !ptr) {
-    Curl_failf(conn->data, "Failed to decode base64 in reply.\n");
-    Curl_set_command_prot(conn, save);
-    return CURLE_FTP_WEIRD_SERVER_REPLY;
-  }
-  memcpy((char *)tkt.dat, ptr, tmp);
-  free(ptr);
-  tkt.length = tmp;
-  tktcopy.length = tkt.length;
-
-  p = strstr(conn->data->state.buffer, "P=");
-  if(!p) {
-    Curl_failf(conn->data, "Bad reply from server");
-    Curl_set_command_prot(conn, save);
-    return CURLE_FTP_WEIRD_SERVER_REPLY;
-  }
-  name = p + 2;
-  for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
-  *p = 0;
-
-  des_string_to_key (conn->passwd, &key);
-  des_key_sched(&key, schedule);
-
-  des_pcbc_encrypt((void *)tkt.dat, (void *)tktcopy.dat,
-                   tkt.length,
-                   schedule, &key, DES_DECRYPT);
-  if (strcmp ((char*)tktcopy.dat + 8,
-              KRB_TICKET_GRANTING_TICKET) != 0) {
-    afs_string_to_key(passwd,
-                      krb_realmofhost(conn->host.name),
-                      &key);
-    des_key_sched(&key, schedule);
-    des_pcbc_encrypt((void *)tkt.dat, (void *)tktcopy.dat,
-                     tkt.length,
-                     schedule, &key, DES_DECRYPT);
-  }
-  memset(key, 0, sizeof(key));
-  memset(schedule, 0, sizeof(schedule));
-  memset(passwd, 0, sizeof(passwd));
-  if(Curl_base64_encode(conn->data, (char *)tktcopy.dat, tktcopy.length, &p)
-     < 1) {
-    failf(conn->data, "Out of memory base64-encoding.");
-    Curl_set_command_prot(conn, save);
-    return CURLE_OUT_OF_MEMORY;
-  }
-  memset (tktcopy.dat, 0, tktcopy.length);
-
-  result = Curl_ftpsendf(conn, "SITE KAUTH %s %s", name, p);
-  free(p);
-  if(result)
-    return result;
-
-  result = Curl_GetFTPResponse(&nread, conn, NULL);
-  if(result)
-    return result;
-  Curl_set_command_prot(conn, save);
-
-  return CURLE_OK;
-}
-
-#endif /* HAVE_KRB4 */
-#endif /* CURL_DISABLE_FTP */
diff --git a/Utilities/cmcurl/ldap.c b/Utilities/cmcurl/ldap.c
deleted file mode 100644
index 3e1144d..0000000
--- a/Utilities/cmcurl/ldap.c
+++ /dev/null
@@ -1,702 +0,0 @@
-/***************************************************************************
- *                      _   _ ____  _
- *  Project         ___| | | |  _ \| |
- *                 / __| | | | |_) | |
- *                | (__| |_| |  _ <| |___
- *                 \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#ifndef CURL_DISABLE_LDAP
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef NEED_MALLOC_H
-#include <malloc.h>
-#endif
-#include <errno.h>
-
-#if defined(WIN32)
-# include <winldap.h>
-#endif
-
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-
-#ifdef HAVE_DLFCN_H
-# include <dlfcn.h>
-#endif
-
-#include "urldata.h"
-#include <curl/curl.h>
-#include "sendf.h"
-#include "escape.h"
-#include "transfer.h"
-#include "strequal.h"
-#include "strtok.h"
-#include "ldap.h"
-#include "memory.h"
-#include "base64.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#include "memdebug.h"
-
-/* WLdap32.dll functions are *not* stdcall. Must call these via __cdecl
- * pointers in case libcurl was compiled as fastcall (cl -Gr). Watcom
- * uses fastcall by default.
- */
-#if !defined(WIN32) && !defined(__cdecl)
-#define __cdecl
-#endif
-
-#ifndef LDAP_SIZELIMIT_EXCEEDED
-#define LDAP_SIZELIMIT_EXCEEDED 4
-#endif
-#ifndef LDAP_VERSION2
-#define LDAP_VERSION2 2
-#endif
-#ifndef LDAP_VERSION3
-#define LDAP_VERSION3 3
-#endif
-#ifndef LDAP_OPT_PROTOCOL_VERSION
-#define LDAP_OPT_PROTOCOL_VERSION 0x0011
-#endif
-
-#define DLOPEN_MODE   RTLD_LAZY  /*! assume all dlopen() implementations have
-                                   this */
-
-#if defined(RTLD_LAZY_GLOBAL)    /* It turns out some systems use this: */
-# undef  DLOPEN_MODE
-# define DLOPEN_MODE  RTLD_LAZY_GLOBAL
-#elif defined(RTLD_GLOBAL)
-# undef  DLOPEN_MODE
-# define DLOPEN_MODE  (RTLD_LAZY | RTLD_GLOBAL)
-#endif
-
-#define DYNA_GET_FUNCTION(type, fnc) do { \
-          (fnc) = (type)DynaGetFunction(#fnc); \
-          if ((fnc) == NULL) \
-             return CURLE_FUNCTION_NOT_FOUND; \
-        } while (0)
-
-/*! CygWin etc. configure could set these, but we don't want it.
- * Must use WLdap32.dll code.
- */
-#if defined(WIN32)
-#undef HAVE_DLOPEN
-#undef HAVE_LIBDL
-#endif
-
-/* 
- * We use this ZERO_NULL to avoid picky compiler warnings,
- * when assigning a NULL pointer to a function pointer var.
- */
-
-#define ZERO_NULL 0
-
-typedef void * (*dynafunc)(void *input);
-
-/***********************************************************************
- */
-#if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL) || defined(WIN32)
-static void *libldap = NULL;
-#if defined(DL_LBER_FILE)
-static void *liblber = NULL;
-#endif
-#endif
-
-struct bv {
-  unsigned long bv_len;
-  char  *bv_val;
-};
-
-static int DynaOpen(const char **mod_name)
-{
-#if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
-  if (libldap == NULL) {
-    /*
-     * libldap.so can normally resolve its dependency on liblber.so
-     * automatically, but in broken installation it does not so
-     * handle it here by opening liblber.so as global.
-     */
-#ifdef DL_LBER_FILE
-    *mod_name = DL_LBER_FILE;
-    liblber = dlopen(*mod_name, DLOPEN_MODE);
-    if (!liblber)
-      return 0;
-#endif
-
-    /* Assume loading libldap.so will fail if loading of liblber.so failed
-     */
-    *mod_name = DL_LDAP_FILE;
-    libldap = dlopen(*mod_name, RTLD_LAZY);
-  }
-  return (libldap != NULL);
-
-#elif defined(WIN32)
-  *mod_name = DL_LDAP_FILE;
-  if (!libldap)
-    libldap = (void*)LoadLibrary(*mod_name);
-  return (libldap != NULL);
-
-#else
-  *mod_name = "";
-  return (0);
-#endif
-}
-
-static void DynaClose(void)
-{
-#if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
-  if (libldap) {
-    dlclose(libldap);
-    libldap=NULL;
-  }
-#ifdef DL_LBER_FILE
-  if (liblber) {
-    dlclose(liblber);
-    liblber=NULL;
-  }
-#endif
-#elif defined(WIN32)
-  if (libldap) {
-    FreeLibrary ((HMODULE)libldap);
-    libldap = NULL;
-  }
-#endif
-}
-
-static dynafunc DynaGetFunction(const char *name)
-{
-  dynafunc func = (dynafunc)ZERO_NULL;
-
-#if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
-  if (libldap) {
-    /* This typecast magic below was brought by Joe Halpin. In ISO C, you
-     * cannot typecast a data pointer to a function pointer, but that's
-     * exactly what we need to do here to avoid compiler warnings on picky
-     * compilers! */
-    *(void**) (&func) = dlsym(libldap, name);
-  }
-#elif defined(WIN32)
-  if (libldap) {
-    func = (dynafunc)GetProcAddress((HINSTANCE)libldap, name);
-  }
-#else
-  (void) name;
-#endif
-  return func;
-}
-
-/***********************************************************************
- */
-typedef struct ldap_url_desc {
-    struct ldap_url_desc *lud_next;
-    char   *lud_scheme;
-    char   *lud_host;
-    int     lud_port;
-    char   *lud_dn;
-    char  **lud_attrs;
-    int     lud_scope;
-    char   *lud_filter;
-    char  **lud_exts;
-    int     lud_crit_exts;
-} LDAPURLDesc;
-
-#ifdef WIN32
-static int  _ldap_url_parse (const struct connectdata *conn,
-                             LDAPURLDesc **ludp);
-static void _ldap_free_urldesc (LDAPURLDesc *ludp);
-
-static void (*ldap_free_urldesc)(LDAPURLDesc *) = _ldap_free_urldesc;
-#endif
-
-#ifdef DEBUG_LDAP
-  #define LDAP_TRACE(x)   do { \
-                            _ldap_trace ("%u: ", __LINE__); \
-                            _ldap_trace x; \
-                          } while (0)
-
-  static void _ldap_trace (const char *fmt, ...);
-#else
-  #define LDAP_TRACE(x)   ((void)0)
-#endif
-
-
-CURLcode Curl_ldap(struct connectdata *conn, bool *done)
-{
-  CURLcode status = CURLE_OK;
-  int rc = 0;
-#ifndef WIN32
-  int    (*ldap_url_parse)(char *, LDAPURLDesc **);
-  void   (*ldap_free_urldesc)(void *);
-#endif
-  void  *(__cdecl *ldap_init)(char *, int);
-  int    (__cdecl *ldap_simple_bind_s)(void *, char *, char *);
-  int    (__cdecl *ldap_unbind_s)(void *);
-  int    (__cdecl *ldap_search_s)(void *, char *, int, char *, char **,
-                                  int, void **);
-  void  *(__cdecl *ldap_first_entry)(void *, void *);
-  void  *(__cdecl *ldap_next_entry)(void *, void *);
-  char  *(__cdecl *ldap_err2string)(int);
-  char  *(__cdecl *ldap_get_dn)(void *, void *);
-  char  *(__cdecl *ldap_first_attribute)(void *, void *, void **);
-  char  *(__cdecl *ldap_next_attribute)(void *, void *, void *);
-  void **(__cdecl *ldap_get_values_len)(void *, void *, const char *);
-  void   (__cdecl *ldap_value_free_len)(void **);
-  void   (__cdecl *ldap_memfree)(void *);
-  void   (__cdecl *ber_free)(void *, int);
-  int    (__cdecl *ldap_set_option)(void *, int, void *);
-
-  void *server;
-  LDAPURLDesc *ludp = NULL;
-  const char *mod_name;
-  void *result;
-  void *entryIterator;     /*! type should be 'LDAPMessage *' */
-  int num = 0;
-  struct SessionHandle *data=conn->data;
-  int ldap_proto;
-  char *val_b64;
-  size_t val_b64_sz;
-
-  *done = TRUE; /* unconditionally */
-  infof(data, "LDAP local: %s\n", data->change.url);
-
-  if (!DynaOpen(&mod_name)) {
-    failf(data, "The %s LDAP library/libraries couldn't be opened", mod_name);
-    return CURLE_LIBRARY_NOT_FOUND;
-  }
-
-  /* The types are needed because ANSI C distinguishes between
-   * pointer-to-object (data) and pointer-to-function.
-   */
-  DYNA_GET_FUNCTION(void *(__cdecl *)(char *, int), ldap_init);
-  DYNA_GET_FUNCTION(int (__cdecl *)(void *, char *, char *),
-                    ldap_simple_bind_s);
-  DYNA_GET_FUNCTION(int (__cdecl *)(void *), ldap_unbind_s);
-#ifndef WIN32
-  DYNA_GET_FUNCTION(int (*)(char *, LDAPURLDesc **), ldap_url_parse);
-  DYNA_GET_FUNCTION(void (*)(void *), ldap_free_urldesc);
-#endif
-  DYNA_GET_FUNCTION(int (__cdecl *)(void *, char *, int, char *, char **, int,
-                                    void **), ldap_search_s);
-  DYNA_GET_FUNCTION(void *(__cdecl *)(void *, void *), ldap_first_entry);
-  DYNA_GET_FUNCTION(void *(__cdecl *)(void *, void *), ldap_next_entry);
-  DYNA_GET_FUNCTION(char *(__cdecl *)(int), ldap_err2string);
-  DYNA_GET_FUNCTION(char *(__cdecl *)(void *, void *), ldap_get_dn);
-  DYNA_GET_FUNCTION(char *(__cdecl *)(void *, void *, void **),
-                    ldap_first_attribute);
-  DYNA_GET_FUNCTION(char *(__cdecl *)(void *, void *, void *),
-                    ldap_next_attribute);
-  DYNA_GET_FUNCTION(void **(__cdecl *)(void *, void *, const char *),
-                    ldap_get_values_len);
-  DYNA_GET_FUNCTION(void (__cdecl *)(void **), ldap_value_free_len);
-  DYNA_GET_FUNCTION(void (__cdecl *)(void *), ldap_memfree);
-  DYNA_GET_FUNCTION(void (__cdecl *)(void *, int), ber_free);
-  DYNA_GET_FUNCTION(int (__cdecl *)(void *, int, void *), ldap_set_option);
-
-  server = (*ldap_init)(conn->host.name, (int)conn->port);
-  if (server == NULL) {
-    failf(data, "LDAP local: Cannot connect to %s:%d",
-          conn->host.name, conn->port);
-    status = CURLE_COULDNT_CONNECT;
-    goto quit;
-  }
-
-  ldap_proto = LDAP_VERSION3;
-  (*ldap_set_option)(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
-  rc = (*ldap_simple_bind_s)(server,
-                             conn->bits.user_passwd ? conn->user : NULL,
-                             conn->bits.user_passwd ? conn->passwd : NULL);
-  if (rc != 0) {
-    ldap_proto = LDAP_VERSION2;
-    (*ldap_set_option)(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
-    rc = (*ldap_simple_bind_s)(server,
-                               conn->bits.user_passwd ? conn->user : NULL,
-                               conn->bits.user_passwd ? conn->passwd : NULL);
-  }
-  if (rc != 0) {
-     failf(data, "LDAP local: %s", (*ldap_err2string)(rc));
-     status = CURLE_LDAP_CANNOT_BIND;
-     goto quit;
-  }
-
-#ifdef WIN32
-  rc = _ldap_url_parse(conn, &ludp);
-#else
-  rc = (*ldap_url_parse)(data->change.url, &ludp);
-#endif
-
-  if (rc != 0) {
-     failf(data, "LDAP local: %s", (*ldap_err2string)(rc));
-     status = CURLE_LDAP_INVALID_URL;
-     goto quit;
-  }
-
-  rc = (*ldap_search_s)(server, ludp->lud_dn, ludp->lud_scope,
-                        ludp->lud_filter, ludp->lud_attrs, 0, &result);
-
-  if (rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) {
-    failf(data, "LDAP remote: %s", (*ldap_err2string)(rc));
-    status = CURLE_LDAP_SEARCH_FAILED;
-    goto quit;
-  }
-
-  for(num = 0, entryIterator = (*ldap_first_entry)(server, result);
-      entryIterator;
-      entryIterator = (*ldap_next_entry)(server, entryIterator), num++)
-  {
-    void  *ber = NULL;      /*! is really 'BerElement **' */
-    void  *attribute;       /*! suspicious that this isn't 'const' */
-    char  *dn = (*ldap_get_dn)(server, entryIterator);
-    int i;
-
-    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
-    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)dn, 0);
-    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
-
-    for (attribute = (*ldap_first_attribute)(server, entryIterator, &ber);
-         attribute;
-         attribute = (*ldap_next_attribute)(server, entryIterator, ber))
-    {
-      struct bv **vals = (struct bv **)
-        (*ldap_get_values_len)(server, entryIterator, attribute);
-
-      if (vals != NULL)
-      {
-        for (i = 0; (vals[i] != NULL); i++)
-        {
-          Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
-          Curl_client_write(conn, CLIENTWRITE_BODY, (char *) attribute, 0);
-          Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
-          if ((strlen(attribute) > 7) &&
-              (strcmp(";binary",
-                      (char *)attribute +
-                      (strlen((char *)attribute) - 7)) == 0)) {
-            /* Binary attribute, encode to base64. */
-            val_b64_sz = Curl_base64_encode(conn->data,
-                                            vals[i]->bv_val,
-                                            vals[i]->bv_len,
-                                            &val_b64);
-            if (val_b64_sz > 0) {
-              Curl_client_write(conn, CLIENTWRITE_BODY, val_b64, val_b64_sz);
-              free(val_b64);
-            }
-          } else
-            Curl_client_write(conn, CLIENTWRITE_BODY, vals[i]->bv_val,
-                              vals[i]->bv_len);
-          Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
-        }
-
-        /* Free memory used to store values */
-        (*ldap_value_free_len)((void **)vals);
-      }
-      Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
-
-      (*ldap_memfree)(attribute);
-    }
-    (*ldap_memfree)(dn);
-    if (ber)
-       (*ber_free)(ber, 0);
-  }
-
-quit:
-  LDAP_TRACE (("Received %d entries\n", num));
-  if (rc == LDAP_SIZELIMIT_EXCEEDED)
-     infof(data, "There are more than %d entries\n", num);
-  if (ludp)
-     (*ldap_free_urldesc)(ludp);
-  if (server)
-     (*ldap_unbind_s)(server);
-
-  DynaClose();
-
-  /* no data to transfer */
-  Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
-  conn->bits.close = TRUE;
-
-  return status;
-}
-
-#ifdef DEBUG_LDAP
-static void _ldap_trace (const char *fmt, ...)
-{
-  static int do_trace = -1;
-  va_list args;
-
-  if (do_trace == -1) {
-    const char *env = getenv("CURL_TRACE");
-    do_trace = (env && atoi(env) > 0);
-  }
-  if (!do_trace)
-    return;
-
-  va_start (args, fmt);
-  vfprintf (stderr, fmt, args);
-  va_end (args);
-}
-#endif
-
-#ifdef WIN32
-/*
- * Return scope-value for a scope-string.
- */
-static int str2scope (const char *p)
-{
-  if (!stricmp(p, "one"))
-     return LDAP_SCOPE_ONELEVEL;
-  if (!stricmp(p, "onetree"))
-     return LDAP_SCOPE_ONELEVEL;
-  if (!stricmp(p, "base"))
-     return LDAP_SCOPE_BASE;
-  if (!stricmp(p, "sub"))
-     return LDAP_SCOPE_SUBTREE;
-  if (!stricmp( p, "subtree"))
-     return LDAP_SCOPE_SUBTREE;
-  return (-1);
-}
-
-/*
- * Split 'str' into strings separated by commas.
- * Note: res[] points into 'str'.
- */
-static char **split_str (char *str)
-{
-  char **res, *lasts, *s;
-  int  i;
-
-  for (i = 2, s = strchr(str,','); s; i++)
-     s = strchr(++s,',');
-
-  res = calloc(i, sizeof(char*));
-  if (!res)
-    return NULL;
-
-  for (i = 0, s = strtok_r(str, ",", &lasts); s;
-       s = strtok_r(NULL, ",", &lasts), i++)
-    res[i] = s;
-  return res;
-}
-
-/*
- * Unescape the LDAP-URL components
- */
-static bool unescape_elements (void *data, LDAPURLDesc *ludp)
-{
-  int i;
-
-  if (ludp->lud_filter) {
-    ludp->lud_filter = curl_easy_unescape(data, ludp->lud_filter, 0, NULL);
-    if (!ludp->lud_filter)
-       return (FALSE);
-  }
-
-  for (i = 0; ludp->lud_attrs && ludp->lud_attrs[i]; i++) {
-    ludp->lud_attrs[i] = curl_easy_unescape(data, ludp->lud_attrs[i], 0, NULL);
-    if (!ludp->lud_attrs[i])
-       return (FALSE);
-  }
-
-  for (i = 0; ludp->lud_exts && ludp->lud_exts[i]; i++) {
-    ludp->lud_exts[i] = curl_easy_unescape(data, ludp->lud_exts[i], 0, NULL);
-    if (!ludp->lud_exts[i])
-       return (FALSE);
-  }
-
-  if (ludp->lud_dn) {
-    char *dn = ludp->lud_dn;
-    char *new_dn = curl_easy_unescape(data, dn, 0, NULL);
-
-    free(dn);
-    ludp->lud_dn = new_dn;
-    if (!new_dn)
-       return (FALSE);
-  }
-  return (TRUE);
-}
-
-/*
- * Break apart the pieces of an LDAP URL.
- * Syntax:
- *   ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
- *
- * <hostname> already known from 'conn->host.name'.
- * <port>     already known from 'conn->remote_port'.
- * extract the rest from 'conn->data->reqdata.path+1'. All fields are optional.
- * e.g.
- *   ldap://<hostname>:<port>/?<attributes>?<scope>?<filter>
- * yields ludp->lud_dn = "".
- *
- * Ref. http://developer.netscape.com/docs/manuals/dirsdk/csdk30/url.htm#2831915
- */
-static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
-{
-  char *p, *q;
-  int i;
-
-  if (!conn->data ||
-      !conn->data->reqdata.path ||
-       conn->data->reqdata.path[0] != '/' ||
-      !checkprefix(conn->protostr, conn->data->change.url))
-     return LDAP_INVALID_SYNTAX;
-
-  ludp->lud_scope = LDAP_SCOPE_BASE;
-  ludp->lud_port  = conn->remote_port;
-  ludp->lud_host  = conn->host.name;
-
-  /* parse DN (Distinguished Name).
-   */
-  ludp->lud_dn = strdup(conn->data->reqdata.path+1);
-  if (!ludp->lud_dn)
-     return LDAP_NO_MEMORY;
-
-  p = strchr(ludp->lud_dn, '?');
-  LDAP_TRACE (("DN '%.*s'\n", p ? (size_t)(p-ludp->lud_dn) :
-               strlen(ludp->lud_dn), ludp->lud_dn));
-
-  if (!p)
-     goto success;
-
-  *p++ = '\0';
-
-  /* parse attributes. skip "??".
-   */
-  q = strchr(p, '?');
-  if (q)
-     *q++ = '\0';
-
-  if (*p && *p != '?') {
-    ludp->lud_attrs = split_str(p);
-    if (!ludp->lud_attrs)
-       return LDAP_NO_MEMORY;
-
-    for (i = 0; ludp->lud_attrs[i]; i++)
-        LDAP_TRACE (("attr[%d] '%s'\n", i, ludp->lud_attrs[i]));
-  }
-
-  p = q;
-  if (!p)
-     goto success;
-
-  /* parse scope. skip "??"
-   */
-  q = strchr(p, '?');
-  if (q)
-     *q++ = '\0';
-
-  if (*p && *p != '?') {
-    ludp->lud_scope = str2scope(p);
-    if (ludp->lud_scope == -1)
-       return LDAP_INVALID_SYNTAX;
-    LDAP_TRACE (("scope %d\n", ludp->lud_scope));
-  }
-
-  p = q;
-  if (!p)
-     goto success;
-
-  /* parse filter
-   */
-  q = strchr(p, '?');
-  if (q)
-     *q++ = '\0';
-  if (!*p)
-     return LDAP_INVALID_SYNTAX;
-
-  ludp->lud_filter = p;
-  LDAP_TRACE (("filter '%s'\n", ludp->lud_filter));
-
-  p = q;
-  if (!p)
-     goto success;
-
-  /* parse extensions
-   */
-  ludp->lud_exts = split_str(p);
-  if (!ludp->lud_exts)
-     return LDAP_NO_MEMORY;
-
-  for (i = 0; ludp->lud_exts[i]; i++)
-      LDAP_TRACE (("exts[%d] '%s'\n", i, ludp->lud_exts[i]));
-
-success:
-  if (!unescape_elements(conn->data, ludp))
-     return LDAP_NO_MEMORY;
-  return LDAP_SUCCESS;
-}
-
-static int _ldap_url_parse (const struct connectdata *conn,
-                            LDAPURLDesc **ludpp)
-{
-  LDAPURLDesc *ludp = calloc(sizeof(*ludp), 1);
-  int rc;
-
-  *ludpp = NULL;
-  if (!ludp)
-     return LDAP_NO_MEMORY;
-
-  rc = _ldap_url_parse2 (conn, ludp);
-  if (rc != LDAP_SUCCESS) {
-    _ldap_free_urldesc(ludp);
-    ludp = NULL;
-  }
-  *ludpp = ludp;
-  return (rc);
-}
-
-static void _ldap_free_urldesc (LDAPURLDesc *ludp)
-{
-  int i;
-
-  if (!ludp)
-     return;
-
-  if (ludp->lud_dn)
-     free(ludp->lud_dn);
-
-  if (ludp->lud_filter)
-     free(ludp->lud_filter);
-
-  if (ludp->lud_attrs) {
-    for (i = 0; ludp->lud_attrs[i]; i++)
-       free(ludp->lud_attrs[i]);
-    free(ludp->lud_attrs);
-  }
-
-  if (ludp->lud_exts) {
-    for (i = 0; ludp->lud_exts[i]; i++)
-       free(ludp->lud_exts[i]);
-    free(ludp->lud_exts);
-  }
-  free (ludp);
-}
-#endif  /* WIN32 */
-#endif  /* CURL_DISABLE_LDAP */
diff --git a/Utilities/cmcurl/lib/CMakeLists.txt b/Utilities/cmcurl/lib/CMakeLists.txt
new file mode 100644
index 0000000..a4621c1
--- /dev/null
+++ b/Utilities/cmcurl/lib/CMakeLists.txt
@@ -0,0 +1,147 @@
+set(LIB_NAME cmcurl)
+
+configure_file(${CURL_SOURCE_DIR}/include/curl/curlbuild.h.cmake
+  ${CURL_BINARY_DIR}/include/curl/curlbuild.h)
+configure_file(curl_config.h.cmake
+  ${CMAKE_CURRENT_BINARY_DIR}/curl_config.h)
+
+transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake")
+include(${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake)
+
+list(APPEND HHEADERS
+  ${CMAKE_CURRENT_BINARY_DIR}/curl_config.h
+  ${CURL_BINARY_DIR}/include/curl/curlbuild.h
+  )
+
+if(MSVC AND NOT CURL_STATICLIB)
+  list(APPEND CSOURCES libcurl.rc)
+endif()
+
+# SET(CSOURCES
+# #  memdebug.c -not used
+# # nwlib.c - Not used
+# # strtok.c - specify later
+# # strtoofft.c - specify later
+# )
+
+# # if we have Kerberos 4, right now this is never on
+# #OPTION(CURL_KRB4 "Use Kerberos 4" OFF)
+# IF(CURL_KRB4)
+# SET(CSOURCES ${CSOURCES}
+# krb4.c
+# security.c
+# )
+# ENDIF(CURL_KRB4)
+
+# #OPTION(CURL_MALLOC_DEBUG "Debug mallocs in Curl" OFF)
+# MARK_AS_ADVANCED(CURL_MALLOC_DEBUG)
+# IF(CURL_MALLOC_DEBUG)
+# SET(CSOURCES ${CSOURCES}
+# memdebug.c
+# )
+# ENDIF(CURL_MALLOC_DEBUG)
+
+# # only build compat strtoofft if we need to
+# IF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
+# SET(CSOURCES ${CSOURCES}
+# strtoofft.c
+# )
+# ENDIF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
+
+if(HAVE_FEATURES_H)
+  set_source_files_properties(
+    cookie.c
+    easy.c
+    formdata.c
+    getenv.c
+    nonblock.c
+    hash.c
+    http.c
+    if2ip.c
+    mprintf.c
+    multi.c
+    sendf.c
+    telnet.c
+    transfer.c
+    url.c
+    COMPILE_FLAGS -D_BSD_SOURCE)
+endif(HAVE_FEATURES_H)
+
+
+# The rest of the build
+
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/../include)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR}/..)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../include)
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/..)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+include_directories(${CMAKE_CURRENT_BINARY_DIR})
+if(CURL_USE_ARES)
+  include_directories(${CARES_INCLUDE_DIR})
+endif()
+
+if(CURL_STATICLIB)
+  # Static lib
+  set(CURL_USER_DEFINED_DYNAMIC_OR_STATIC STATIC)
+else()
+  # DLL / so dynamic lib
+  set(CURL_USER_DEFINED_DYNAMIC_OR_STATIC SHARED)
+endif()
+
+# For windows we want to install OPENSSL_LIBRARIES dlls
+# and also copy them into the build tree so that testing
+# can find them.
+if(CMAKE_USE_OPENSSL AND OPENSSL_FOUND AND WIN32)
+  find_file(CMAKE_EAY_DLL NAME libeay32.dll HINTS ${OPENSSL_INCLUDE_DIR}/..)
+  find_file(CMAKE_SSL_DLL NAME ssleay32.dll HINTS ${OPENSSL_INCLUDE_DIR}/..)
+  mark_as_advanced(CMAKE_EAY_DLL CMAKE_SSL_DLL)
+  if(CMAKE_SSL_DLL AND CMAKE_EAY_DLL)
+    set(CMAKE_CURL_SSL_DLLS ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/libeay32.dll
+      ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/ssleay32.dll)
+    add_custom_command(OUTPUT
+      ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/libeay32.dll
+      DEPENDS ${CMAKE_EAY_DLL}
+      COMMAND ${CMAKE_COMMAND} -E copy  ${CMAKE_EAY_DLL}
+      ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/libeay32.dll)
+    add_custom_command(OUTPUT
+      ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/ssleay32.dll
+      DEPENDS ${CMAKE_SSL_DLL}
+      COMMAND ${CMAKE_COMMAND} -E copy  ${CMAKE_SSL_DLL}
+      ${CMake_BIN_DIR}/${CMAKE_CFG_INTDIR}/ssleay32.dll)
+    install(PROGRAMS ${CMAKE_EAY_DLL} ${CMAKE_SSL_DLL} DESTINATION bin)
+  endif()
+endif()
+
+add_library(
+  ${LIB_NAME}
+  ${CURL_USER_DEFINED_DYNAMIC_OR_STATIC}
+  ${HHEADERS} ${CSOURCES}
+  ${CMAKE_CURL_SSL_DLLS}
+  )
+
+target_link_libraries(${LIB_NAME} ${CURL_LIBS})
+
+if(0) # This code not needed for building within CMake.
+if(WIN32)
+  add_definitions( -D_USRDLL )
+endif()
+endif()
+
+set_target_properties(${LIB_NAME} PROPERTIES COMPILE_DEFINITIONS BUILDING_LIBCURL)
+
+setup_curl_dependencies(${LIB_NAME})
+
+if(0) # This code not needed for building within CMake.
+# Remove the "lib" prefix since the library is already named "libcurl".
+set_target_properties(${LIB_NAME} PROPERTIES PREFIX "")
+set_target_properties(${LIB_NAME} PROPERTIES IMPORT_PREFIX "")
+
+if(WIN32)
+  if(NOT CURL_STATICLIB)
+    # Add "_imp" as a suffix before the extension to avoid conflicting with the statically linked "libcurl.lib"
+    set_target_properties(${LIB_NAME} PROPERTIES IMPORT_SUFFIX "_imp.lib")
+  endif()
+endif()
+
+install(TARGETS ${LIB_NAME} DESTINATION lib)
+endif()
diff --git a/Utilities/cmcurl/lib/Makefile.inc b/Utilities/cmcurl/lib/Makefile.inc
new file mode 100644
index 0000000..462d72a
--- /dev/null
+++ b/Utilities/cmcurl/lib/Makefile.inc
@@ -0,0 +1,71 @@
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+
+LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c	\
+  vtls/qssl.c vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c	\
+  vtls/cyassl.c vtls/curl_schannel.c vtls/curl_darwinssl.c vtls/gskit.c
+
+LIB_VTLS_HFILES = vtls/qssl.h vtls/openssl.h vtls/vtls.h vtls/gtls.h	\
+  vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h	\
+  vtls/cyassl.h vtls/curl_schannel.h vtls/curl_darwinssl.h vtls/gskit.h
+
+LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
+  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c	\
+  ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c		\
+  getinfo.c transfer.c strequal.c easy.c security.c curl_fnmatch.c	\
+  fileinfo.c ftplistparser.c wildcard.c krb5.c memdebug.c http_chunks.c	\
+  strtok.c connect.c llist.c hash.c multi.c content_encoding.c share.c	\
+  http_digest.c md4.c md5.c http_negotiate.c inet_pton.c strtoofft.c	\
+  strerror.c amigaos.c hostasyn.c hostip4.c hostip6.c hostsyn.c		\
+  inet_ntop.c parsedate.c select.c tftp.c splay.c strdup.c socks.c	\
+  ssh.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
+  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c	\
+  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c	\
+  openldap.c curl_gethostname.c gopher.c idn_win32.c			\
+  http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c		\
+  asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c		\
+  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c	\
+  hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c	\
+  http2.c curl_sasl_sspi.c
+
+LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h	\
+  formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h		\
+  speedcheck.h urldata.h curl_ldap.h escape.h telnet.h getinfo.h	\
+  strequal.h curl_sec.h memdebug.h http_chunks.h curl_fnmatch.h		\
+  wildcard.h fileinfo.h ftplistparser.h strtok.h connect.h llist.h	\
+  hash.h content_encoding.h share.h curl_md4.h curl_md5.h http_digest.h	\
+  http_negotiate.h inet_pton.h amigaos.h strtoofft.h strerror.h		\
+  inet_ntop.h curlx.h curl_memory.h curl_setup.h transfer.h select.h	\
+  easyif.h multiif.h parsedate.h tftp.h sockaddr.h splay.h strdup.h	\
+  socks.h ssh.h curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h	\
+  slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h	\
+  rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h		\
+  curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h		\
+  curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h		\
+  curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h	\
+  conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h	\
+  dotdot.h x509asn1.h http2.h sigpipe.h
+
+LIB_RCFILES = libcurl.rc
+
+CSOURCES = $(LIB_CFILES) $(LIB_VTLS_CFILES)
+HHEADERS = $(LIB_HFILES) $(LIB_VTLS_HFILES)
diff --git a/Utilities/cmcurl/amigaos.c b/Utilities/cmcurl/lib/amigaos.c
index 7106f8d..34f95e9 100644
--- a/Utilities/cmcurl/amigaos.c
+++ b/Utilities/cmcurl/lib/amigaos.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,12 +18,16 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "amigaos.h"
+#include "curl_setup.h"
+
+#if defined(__AMIGA__) && !defined(__ixemul__)
+
 #include <amitcp/socketbasetags.h>
 
+#include "amigaos.h"
+
 struct Library *SocketBase = NULL;
 extern int errno, h_errno;
 
@@ -31,10 +35,10 @@ extern int errno, h_errno;
 #include <stabs.h>
 void __request(const char *msg);
 #else
-# define __request( msg )  Printf( msg "\n\a")
+# define __request( msg )       Printf( msg "\n\a")
 #endif
 
-void amiga_cleanup()
+void Curl_amiga_cleanup()
 {
   if(SocketBase) {
     CloseLibrary(SocketBase);
@@ -42,33 +46,32 @@ void amiga_cleanup()
   }
 }
 
-BOOL amiga_init()
+bool Curl_amiga_init()
 {
   if(!SocketBase)
     SocketBase = OpenLibrary("bsdsocket.library", 4);
-  
+
   if(!SocketBase) {
     __request("No TCP/IP Stack running!");
     return FALSE;
   }
-  
-  if(SocketBaseTags(
-    SBTM_SETVAL(SBTC_ERRNOPTR(sizeof(errno))), (ULONG) &errno,
-//    SBTM_SETVAL(SBTC_HERRNOLONGPTR),     (ULONG) &h_errno,
-    SBTM_SETVAL(SBTC_LOGTAGPTR),       (ULONG) "cURL",
-  TAG_DONE)) {
-    
+
+  if(SocketBaseTags(SBTM_SETVAL(SBTC_ERRNOPTR(sizeof(errno))), (ULONG) &errno,
+                    SBTM_SETVAL(SBTC_LOGTAGPTR), (ULONG) "cURL",
+                    TAG_DONE)) {
     __request("SocketBaseTags ERROR");
     return FALSE;
   }
-  
+
 #ifndef __libnix__
-  atexit(amiga_cleanup);
+  atexit(Curl_amiga_cleanup);
 #endif
-  
+
   return TRUE;
 }
 
 #ifdef __libnix__
-ADD2EXIT(amiga_cleanup,-50);
+ADD2EXIT(Curl_amiga_cleanup,-50);
 #endif
+
+#endif /* __AMIGA__ && ! __ixemul__ */
diff --git a/Utilities/cmcurl/sockaddr.h b/Utilities/cmcurl/lib/amigaos.h
index 78dad4d..76578be 100644
--- a/Utilities/cmcurl/sockaddr.h
+++ b/Utilities/cmcurl/lib/amigaos.h
@@ -1,5 +1,5 @@
-#ifndef __SOCKADDR_H
-#define __SOCKADDR_H
+#ifndef HEADER_CURL_AMIGAOS_H
+#define HEADER_CURL_AMIGAOS_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,19 +20,20 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
+#include "curl_setup.h"
 
-#include "setup.h"
+#if defined(__AMIGA__) && !defined(__ixemul__)
+
+bool Curl_amiga_init();
+void Curl_amiga_cleanup();
 
-#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
-struct Curl_sockaddr_storage {
-  struct sockaddr_storage buffer;
-};
 #else
-struct Curl_sockaddr_storage {
-  char buffer[256];   /* this should be big enough to fit a lot */
-};
+
+#define Curl_amiga_init() 1
+#define Curl_amiga_cleanup() Curl_nop_stmt
+
 #endif
 
-#endif /* __SOCKADDR_H */
+#endif /* HEADER_CURL_AMIGAOS_H */
+
diff --git a/Utilities/cmcurl/arpa_telnet.h b/Utilities/cmcurl/lib/arpa_telnet.h
index e6a04dc..098d9a9 100644
--- a/Utilities/cmcurl/arpa_telnet.h
+++ b/Utilities/cmcurl/lib/arpa_telnet.h
@@ -1,18 +1,18 @@
-#ifndef __ARPA_TELNET_H
-#define __ARPA_TELNET_H
+#ifndef HEADER_CURL_ARPA_TELNET_H
+#define HEADER_CURL_ARPA_TELNET_H
 /***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
+ *
  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  * copies of the Software, and permit persons to whom the Software is
  * furnished to do so, under the terms of the COPYING file.
@@ -20,16 +20,17 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 #ifndef CURL_DISABLE_TELNET
 /*
  * Telnet option defines. Add more here if in need.
  */
 #define CURL_TELOPT_BINARY   0  /* binary 8bit data */
-#define CURL_TELOPT_SGA      3  /* Supress Go Ahead */
+#define CURL_TELOPT_ECHO     1  /* just echo! */
+#define CURL_TELOPT_SGA      3  /* Suppress Go Ahead */
 #define CURL_TELOPT_EXOPL  255  /* EXtended OPtions List */
 #define CURL_TELOPT_TTYPE   24  /* Terminal TYPE */
+#define CURL_TELOPT_NAWS    31  /* Negotiate About Window Size */
 #define CURL_TELOPT_XDISPLOC 35 /* X DISPlay LOCation */
 
 #define CURL_TELOPT_NEW_ENVIRON 39  /* NEW ENVIRONment variables */
@@ -58,12 +59,12 @@ static const char * const telnetoptions[]=
 #define CURL_TELOPT_OK(x) ((x) <= CURL_TELOPT_MAXIMUM)
 #define CURL_TELOPT(x)    telnetoptions[x]
 
-#define CURL_NTELOPTS 40 
+#define CURL_NTELOPTS 40
 
 /*
  * First some defines
  */
-#define CURL_xEOF 236 /* End Of File */ 
+#define CURL_xEOF 236 /* End Of File */
 #define CURL_SE   240 /* Sub negotiation End */
 #define CURL_NOP  241 /* No OPeration */
 #define CURL_DM   242 /* Data Mark */
@@ -97,5 +98,7 @@ static const char * const telnetcmds[]=
 #define CURL_TELCMD_OK(x) ( ((unsigned int)(x) >= CURL_TELCMD_MINIMUM) && \
                        ((unsigned int)(x) <= CURL_TELCMD_MAXIMUM) )
 #define CURL_TELCMD(x)    telnetcmds[(x)-CURL_TELCMD_MINIMUM]
-#endif
-#endif
+
+#endif /* CURL_DISABLE_TELNET */
+
+#endif /* HEADER_CURL_ARPA_TELNET_H */
diff --git a/Utilities/cmcurl/lib/asyn-ares.c b/Utilities/cmcurl/lib/asyn-ares.c
new file mode 100644
index 0000000..01a9c9b
--- /dev/null
+++ b/Utilities/cmcurl/lib/asyn-ares.c
@@ -0,0 +1,694 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#ifdef HAVE_PROCESS_H
+#include <process.h>
+#endif
+
+#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
+#undef in_addr_t
+#define in_addr_t unsigned long
+#endif
+
+/***********************************************************************
+ * Only for ares-enabled builds
+ * And only for functions that fulfill the asynch resolver backend API
+ * as defined in asyn.h, nothing else belongs in this file!
+ **********************************************************************/
+
+#ifdef CURLRES_ARES
+
+#include "urldata.h"
+#include "sendf.h"
+#include "hostip.h"
+#include "hash.h"
+#include "share.h"
+#include "strerror.h"
+#include "url.h"
+#include "multiif.h"
+#include "inet_pton.h"
+#include "connect.h"
+#include "select.h"
+#include "progress.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#  if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
+     (defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__))
+#    define CARES_STATICLIB
+#  endif
+#  include <ares.h>
+#  include <ares_version.h> /* really old c-ares didn't include this by
+                               itself */
+
+#if ARES_VERSION >= 0x010500
+/* c-ares 1.5.0 or later, the callback proto is modified */
+#define HAVE_CARES_CALLBACK_TIMEOUTS 1
+#endif
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+struct ResolverResults {
+  int num_pending; /* number of ares_gethostbyname() requests */
+  Curl_addrinfo *temp_ai; /* intermediary result while fetching c-ares parts */
+  int last_status;
+};
+
+/*
+ * Curl_resolver_global_init() - the generic low-level asynchronous name
+ * resolve API.  Called from curl_global_init() to initialize global resolver
+ * environment.  Initializes ares library.
+ */
+int Curl_resolver_global_init(void)
+{
+#ifdef CARES_HAVE_ARES_LIBRARY_INIT
+  if(ares_library_init(ARES_LIB_INIT_ALL)) {
+    return CURLE_FAILED_INIT;
+  }
+#endif
+  return CURLE_OK;
+}
+
+/*
+ * Curl_resolver_global_cleanup()
+ *
+ * Called from curl_global_cleanup() to destroy global resolver environment.
+ * Deinitializes ares library.
+ */
+void Curl_resolver_global_cleanup(void)
+{
+#ifdef CARES_HAVE_ARES_LIBRARY_CLEANUP
+  ares_library_cleanup();
+#endif
+}
+
+/*
+ * Curl_resolver_init()
+ *
+ * Called from curl_easy_init() -> Curl_open() to initialize resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Fills the passed pointer by the initialized ares_channel.
+ */
+CURLcode Curl_resolver_init(void **resolver)
+{
+  int status = ares_init((ares_channel*)resolver);
+  if(status != ARES_SUCCESS) {
+    if(status == ARES_ENOMEM)
+      return CURLE_OUT_OF_MEMORY;
+    else
+      return CURLE_FAILED_INIT;
+  }
+  return CURLE_OK;
+  /* make sure that all other returns from this function should destroy the
+     ares channel before returning error! */
+}
+
+/*
+ * Curl_resolver_cleanup()
+ *
+ * Called from curl_easy_cleanup() -> Curl_close() to cleanup resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Destroys the ares channel.
+ */
+void Curl_resolver_cleanup(void *resolver)
+{
+  ares_destroy((ares_channel)resolver);
+}
+
+/*
+ * Curl_resolver_duphandle()
+ *
+ * Called from curl_easy_duphandle() to duplicate resolver URL-state specific
+ * environment ('resolver' member of the UrlState structure).  Duplicates the
+ * 'from' ares channel and passes the resulting channel to the 'to' pointer.
+ */
+int Curl_resolver_duphandle(void **to, void *from)
+{
+  /* Clone the ares channel for the new handle */
+  if(ARES_SUCCESS != ares_dup((ares_channel*)to,(ares_channel)from))
+    return CURLE_FAILED_INIT;
+  return CURLE_OK;
+}
+
+static void destroy_async_data (struct Curl_async *async);
+
+/*
+ * Cancel all possibly still on-going resolves for this connection.
+ */
+void Curl_resolver_cancel(struct connectdata *conn)
+{
+  if(conn && conn->data && conn->data->state.resolver)
+    ares_cancel((ares_channel)conn->data->state.resolver);
+  destroy_async_data(&conn->async);
+}
+
+/*
+ * destroy_async_data() cleans up async resolver data.
+ */
+static void destroy_async_data (struct Curl_async *async)
+{
+  if(async->hostname)
+    free(async->hostname);
+
+  if(async->os_specific) {
+    struct ResolverResults *res = (struct ResolverResults *)async->os_specific;
+    if(res) {
+      if(res->temp_ai) {
+        Curl_freeaddrinfo(res->temp_ai);
+        res->temp_ai = NULL;
+      }
+      free(res);
+    }
+    async->os_specific = NULL;
+  }
+
+  async->hostname = NULL;
+}
+
+/*
+ * Curl_resolver_getsock() is called when someone from the outside world
+ * (using curl_multi_fdset()) wants to get our fd_set setup and we're talking
+ * with ares. The caller must make sure that this function is only called when
+ * we have a working ares channel.
+ *
+ * Returns: sockets-in-use-bitmap
+ */
+
+int Curl_resolver_getsock(struct connectdata *conn,
+                          curl_socket_t *socks,
+                          int numsocks)
+
+{
+  struct timeval maxtime;
+  struct timeval timebuf;
+  struct timeval *timeout;
+  long milli;
+  int max = ares_getsock((ares_channel)conn->data->state.resolver,
+                         (ares_socket_t *)socks, numsocks);
+
+  maxtime.tv_sec = CURL_TIMEOUT_RESOLVE;
+  maxtime.tv_usec = 0;
+
+  timeout = ares_timeout((ares_channel)conn->data->state.resolver, &maxtime,
+                         &timebuf);
+  milli = (timeout->tv_sec * 1000) + (timeout->tv_usec/1000);
+  if(milli == 0)
+    milli += 10;
+  Curl_expire_latest(conn->data, milli);
+
+  return max;
+}
+
+/*
+ * waitperform()
+ *
+ * 1) Ask ares what sockets it currently plays with, then
+ * 2) wait for the timeout period to check for action on ares' sockets.
+ * 3) tell ares to act on all the sockets marked as "with action"
+ *
+ * return number of sockets it worked on
+ */
+
+static int waitperform(struct connectdata *conn, int timeout_ms)
+{
+  struct SessionHandle *data = conn->data;
+  int nfds;
+  int bitmask;
+  ares_socket_t socks[ARES_GETSOCK_MAXNUM];
+  struct pollfd pfd[ARES_GETSOCK_MAXNUM];
+  int i;
+  int num = 0;
+
+  bitmask = ares_getsock((ares_channel)data->state.resolver, socks,
+                         ARES_GETSOCK_MAXNUM);
+
+  for(i=0; i < ARES_GETSOCK_MAXNUM; i++) {
+    pfd[i].events = 0;
+    pfd[i].revents = 0;
+    if(ARES_GETSOCK_READABLE(bitmask, i)) {
+      pfd[i].fd = socks[i];
+      pfd[i].events |= POLLRDNORM|POLLIN;
+    }
+    if(ARES_GETSOCK_WRITABLE(bitmask, i)) {
+      pfd[i].fd = socks[i];
+      pfd[i].events |= POLLWRNORM|POLLOUT;
+    }
+    if(pfd[i].events != 0)
+      num++;
+    else
+      break;
+  }
+
+  if(num)
+    nfds = Curl_poll(pfd, num, timeout_ms);
+  else
+    nfds = 0;
+
+  if(!nfds)
+    /* Call ares_process() unconditonally here, even if we simply timed out
+       above, as otherwise the ares name resolve won't timeout! */
+    ares_process_fd((ares_channel)data->state.resolver, ARES_SOCKET_BAD,
+                    ARES_SOCKET_BAD);
+  else {
+    /* move through the descriptors and ask for processing on them */
+    for(i=0; i < num; i++)
+      ares_process_fd((ares_channel)data->state.resolver,
+                      pfd[i].revents & (POLLRDNORM|POLLIN)?
+                      pfd[i].fd:ARES_SOCKET_BAD,
+                      pfd[i].revents & (POLLWRNORM|POLLOUT)?
+                      pfd[i].fd:ARES_SOCKET_BAD);
+  }
+  return nfds;
+}
+
+/*
+ * Curl_resolver_is_resolved() is called repeatedly to check if a previous
+ * name resolve request has completed. It should also make sure to time-out if
+ * the operation seems to take too long.
+ *
+ * Returns normal CURLcode errors.
+ */
+CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
+                                   struct Curl_dns_entry **dns)
+{
+  struct SessionHandle *data = conn->data;
+  struct ResolverResults *res = (struct ResolverResults *)
+    conn->async.os_specific;
+  CURLcode rc = CURLE_OK;
+
+  *dns = NULL;
+
+  waitperform(conn, 0);
+
+  if(res && !res->num_pending) {
+    (void)Curl_addrinfo_callback(conn, res->last_status, res->temp_ai);
+    /* temp_ai ownership is moved to the connection, so we need not free-up
+       them */
+    res->temp_ai = NULL;
+    if(!conn->async.dns) {
+      failf(data, "Could not resolve: %s (%s)",
+            conn->async.hostname, ares_strerror(conn->async.status));
+      rc = conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
+        CURLE_COULDNT_RESOLVE_HOST;
+    }
+    else
+      *dns = conn->async.dns;
+
+    destroy_async_data(&conn->async);
+  }
+
+  return rc;
+}
+
+/*
+ * Curl_resolver_wait_resolv()
+ *
+ * waits for a resolve to finish. This function should be avoided since using
+ * this risk getting the multi interface to "hang".
+ *
+ * If 'entry' is non-NULL, make it point to the resolved dns entry
+ *
+ * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, and
+ * CURLE_OPERATION_TIMEDOUT if a time-out occurred.
+ */
+CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
+                                   struct Curl_dns_entry **entry)
+{
+  CURLcode rc=CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  long timeout;
+  struct timeval now = Curl_tvnow();
+  struct Curl_dns_entry *temp_entry;
+
+  timeout = Curl_timeleft(data, &now, TRUE);
+  if(!timeout)
+    timeout = CURL_TIMEOUT_RESOLVE * 1000; /* default name resolve timeout */
+
+  /* Wait for the name resolve query to complete. */
+  for(;;) {
+    struct timeval *tvp, tv, store;
+    long timediff;
+    int itimeout;
+    int timeout_ms;
+
+    itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeout;
+
+    store.tv_sec = itimeout/1000;
+    store.tv_usec = (itimeout%1000)*1000;
+
+    tvp = ares_timeout((ares_channel)data->state.resolver, &store, &tv);
+
+    /* use the timeout period ares returned to us above if less than one
+       second is left, otherwise just use 1000ms to make sure the progress
+       callback gets called frequent enough */
+    if(!tvp->tv_sec)
+      timeout_ms = (int)(tvp->tv_usec/1000);
+    else
+      timeout_ms = 1000;
+
+    waitperform(conn, timeout_ms);
+    Curl_resolver_is_resolved(conn,&temp_entry);
+
+    if(conn->async.done)
+      break;
+
+    if(Curl_pgrsUpdate(conn)) {
+      rc = CURLE_ABORTED_BY_CALLBACK;
+      timeout = -1; /* trigger the cancel below */
+    }
+    else {
+      struct timeval now2 = Curl_tvnow();
+      timediff = Curl_tvdiff(now2, now); /* spent time */
+      timeout -= timediff?timediff:1; /* always deduct at least 1 */
+      now = now2; /* for next loop */
+    }
+    if(timeout < 0) {
+      /* our timeout, so we cancel the ares operation */
+      ares_cancel((ares_channel)data->state.resolver);
+      break;
+    }
+  }
+
+  /* Operation complete, if the lookup was successful we now have the entry
+     in the cache. */
+
+  if(entry)
+    *entry = conn->async.dns;
+
+  if(rc)
+    /* close the connection, since we can't return failure here without
+       cleaning up this connection properly.
+       TODO: remove this action from here, it is not a name resolver decision.
+    */
+    connclose(conn, "c-ares resolve failed");
+
+  return rc;
+}
+
+/* Connects results to the list */
+static void compound_results(struct ResolverResults *res,
+                             Curl_addrinfo *ai)
+{
+  Curl_addrinfo *ai_tail;
+  if(!ai)
+    return;
+  ai_tail = ai;
+
+  while(ai_tail->ai_next)
+    ai_tail = ai_tail->ai_next;
+
+  /* Add the new results to the list of old results. */
+  ai_tail->ai_next = res->temp_ai;
+  res->temp_ai = ai;
+}
+
+/*
+ * ares_query_completed_cb() is the callback that ares will call when
+ * the host query initiated by ares_gethostbyname() from Curl_getaddrinfo(),
+ * when using ares, is completed either successfully or with failure.
+ */
+static void query_completed_cb(void *arg,  /* (struct connectdata *) */
+                               int status,
+#ifdef HAVE_CARES_CALLBACK_TIMEOUTS
+                               int timeouts,
+#endif
+                               struct hostent *hostent)
+{
+  struct connectdata *conn = (struct connectdata *)arg;
+  struct ResolverResults *res;
+
+#ifdef HAVE_CARES_CALLBACK_TIMEOUTS
+  (void)timeouts; /* ignored */
+#endif
+
+  if(ARES_EDESTRUCTION == status)
+    /* when this ares handle is getting destroyed, the 'arg' pointer may not
+       be valid so only defer it when we know the 'status' says its fine! */
+    return;
+
+  res = (struct ResolverResults *)conn->async.os_specific;
+  res->num_pending--;
+
+  if(CURL_ASYNC_SUCCESS == status) {
+    Curl_addrinfo *ai = Curl_he2ai(hostent, conn->async.port);
+    if(ai) {
+      compound_results(res, ai);
+    }
+  }
+  /* A successful result overwrites any previous error */
+  if(res->last_status != ARES_SUCCESS)
+    res->last_status = status;
+}
+
+/*
+ * Curl_resolver_getaddrinfo() - when using ares
+ *
+ * Returns name information about the given hostname and port number. If
+ * successful, the 'hostent' is returned and the forth argument will point to
+ * memory we need to free after use. That memory *MUST* be freed with
+ * Curl_freeaddrinfo(), nothing else.
+ */
+Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
+                                         const char *hostname,
+                                         int port,
+                                         int *waitp)
+{
+  char *bufp;
+  struct SessionHandle *data = conn->data;
+  struct in_addr in;
+  int family = PF_INET;
+#ifdef ENABLE_IPV6 /* CURLRES_IPV6 */
+  struct in6_addr in6;
+#endif /* CURLRES_IPV6 */
+
+  *waitp = 0; /* default to synchronous response */
+
+  /* First check if this is an IPv4 address string */
+  if(Curl_inet_pton(AF_INET, hostname, &in) > 0) {
+    /* This is a dotted IP address 123.123.123.123-style */
+    return Curl_ip2addr(AF_INET, &in, hostname, port);
+  }
+
+#ifdef ENABLE_IPV6 /* CURLRES_IPV6 */
+  /* Otherwise, check if this is an IPv6 address string */
+  if(Curl_inet_pton (AF_INET6, hostname, &in6) > 0)
+    /* This must be an IPv6 address literal.  */
+    return Curl_ip2addr(AF_INET6, &in6, hostname, port);
+
+  switch(conn->ip_version) {
+  default:
+#if ARES_VERSION >= 0x010601
+    family = PF_UNSPEC; /* supported by c-ares since 1.6.1, so for older
+                           c-ares versions this just falls through and defaults
+                           to PF_INET */
+    break;
+#endif
+  case CURL_IPRESOLVE_V4:
+    family = PF_INET;
+    break;
+  case CURL_IPRESOLVE_V6:
+    family = PF_INET6;
+    break;
+  }
+#endif /* CURLRES_IPV6 */
+
+  bufp = strdup(hostname);
+  if(bufp) {
+    struct ResolverResults *res = NULL;
+    Curl_safefree(conn->async.hostname);
+    conn->async.hostname = bufp;
+    conn->async.port = port;
+    conn->async.done = FALSE;   /* not done */
+    conn->async.status = 0;     /* clear */
+    conn->async.dns = NULL;     /* clear */
+    res = calloc(sizeof(struct ResolverResults),1);
+    if(!res) {
+      Curl_safefree(conn->async.hostname);
+      conn->async.hostname = NULL;
+      return NULL;
+    }
+    conn->async.os_specific = res;
+
+    /* initial status - failed */
+    res->last_status = ARES_ENOTFOUND;
+#ifdef ENABLE_IPV6 /* CURLRES_IPV6 */
+    if(family == PF_UNSPEC) {
+      if(Curl_ipv6works()) {
+        res->num_pending = 2;
+
+        /* areschannel is already setup in the Curl_open() function */
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET, query_completed_cb, conn);
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET6, query_completed_cb, conn);
+      }
+      else {
+        res->num_pending = 1;
+
+        /* areschannel is already setup in the Curl_open() function */
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET, query_completed_cb, conn);
+      }
+    }
+    else
+#endif /* CURLRES_IPV6 */
+    {
+      res->num_pending = 1;
+
+      /* areschannel is already setup in the Curl_open() function */
+      ares_gethostbyname((ares_channel)data->state.resolver, hostname, family,
+                         query_completed_cb, conn);
+    }
+
+    *waitp = 1; /* expect asynchronous response */
+  }
+  return NULL; /* no struct yet */
+}
+
+CURLcode Curl_set_dns_servers(struct SessionHandle *data,
+                              char *servers)
+{
+  CURLcode result = CURLE_NOT_BUILT_IN;
+  int ares_result;
+
+  /* If server is NULL or empty, this would purge all DNS servers
+   * from ares library, which will cause any and all queries to fail.
+   * So, just return OK if none are configured and don't actually make
+   * any changes to c-ares.  This lets c-ares use it's defaults, which
+   * it gets from the OS (for instance from /etc/resolv.conf on Linux).
+   */
+  if(!(servers && servers[0]))
+    return CURLE_OK;
+
+#if (ARES_VERSION >= 0x010704)
+  ares_result = ares_set_servers_csv(data->state.resolver, servers);
+  switch(ares_result) {
+  case ARES_SUCCESS:
+    result = CURLE_OK;
+    break;
+  case ARES_ENOMEM:
+    result = CURLE_OUT_OF_MEMORY;
+    break;
+  case ARES_ENOTINITIALIZED:
+  case ARES_ENODATA:
+  case ARES_EBADSTR:
+  default:
+    result = CURLE_BAD_FUNCTION_ARGUMENT;
+    break;
+  }
+#else /* too old c-ares version! */
+  (void)data;
+  (void)(ares_result);
+#endif
+  return result;
+}
+
+CURLcode Curl_set_dns_interface(struct SessionHandle *data,
+                                const char *interf)
+{
+#if (ARES_VERSION >= 0x010704)
+  if(!interf)
+    interf = "";
+
+  ares_set_local_dev((ares_channel)data->state.resolver, interf);
+
+  return CURLE_OK;
+#else /* c-ares version too old! */
+  (void)data;
+  (void)interf;
+  return CURLE_NOT_BUILT_IN;
+#endif
+}
+
+CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
+                                const char *local_ip4)
+{
+#if (ARES_VERSION >= 0x010704)
+  struct in_addr a4;
+
+  if((!local_ip4) || (local_ip4[0] == 0)) {
+    a4.s_addr = 0; /* disabled: do not bind to a specific address */
+  }
+  else {
+    if(Curl_inet_pton(AF_INET, local_ip4, &a4) != 1) {
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    }
+  }
+
+  ares_set_local_ip4((ares_channel)data->state.resolver, ntohl(a4.s_addr));
+
+  return CURLE_OK;
+#else /* c-ares version too old! */
+  (void)data;
+  (void)local_ip4;
+  return CURLE_NOT_BUILT_IN;
+#endif
+}
+
+CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
+                                const char *local_ip6)
+{
+#if (ARES_VERSION >= 0x010704) && defined(ENABLE_IPV6)
+  unsigned char a6[INET6_ADDRSTRLEN];
+
+  if((!local_ip6) || (local_ip6[0] == 0)) {
+    /* disabled: do not bind to a specific address */
+    memset(a6, 0, sizeof(a6));
+  }
+  else {
+    if(Curl_inet_pton(AF_INET6, local_ip6, a6) != 1) {
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    }
+  }
+
+  ares_set_local_ip6((ares_channel)data->state.resolver, a6);
+
+  return CURLE_OK;
+#else /* c-ares version too old! */
+  (void)data;
+  (void)local_ip6;
+  return CURLE_NOT_BUILT_IN;
+#endif
+}
+#endif /* CURLRES_ARES */
diff --git a/Utilities/cmcurl/lib/asyn-thread.c b/Utilities/cmcurl/lib/asyn-thread.c
new file mode 100644
index 0000000..e4ad32b
--- /dev/null
+++ b/Utilities/cmcurl/lib/asyn-thread.c
@@ -0,0 +1,701 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#if defined(USE_THREADS_POSIX)
+#  ifdef HAVE_PTHREAD_H
+#    include <pthread.h>
+#  endif
+#elif defined(USE_THREADS_WIN32)
+#  ifdef HAVE_PROCESS_H
+#    include <process.h>
+#  endif
+#endif
+
+#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
+#undef in_addr_t
+#define in_addr_t unsigned long
+#endif
+
+#ifdef HAVE_GETADDRINFO
+#  define RESOLVER_ENOMEM  EAI_MEMORY
+#else
+#  define RESOLVER_ENOMEM  ENOMEM
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "hostip.h"
+#include "hash.h"
+#include "share.h"
+#include "strerror.h"
+#include "url.h"
+#include "multiif.h"
+#include "inet_pton.h"
+#include "inet_ntop.h"
+#include "curl_threads.h"
+#include "connect.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/***********************************************************************
+ * Only for threaded name resolves builds
+ **********************************************************************/
+#ifdef CURLRES_THREADED
+
+/*
+ * Curl_resolver_global_init()
+ * Called from curl_global_init() to initialize global resolver environment.
+ * Does nothing here.
+ */
+int Curl_resolver_global_init(void)
+{
+  return CURLE_OK;
+}
+
+/*
+ * Curl_resolver_global_cleanup()
+ * Called from curl_global_cleanup() to destroy global resolver environment.
+ * Does nothing here.
+ */
+void Curl_resolver_global_cleanup(void)
+{
+}
+
+/*
+ * Curl_resolver_init()
+ * Called from curl_easy_init() -> Curl_open() to initialize resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Does nothing here.
+ */
+CURLcode Curl_resolver_init(void **resolver)
+{
+  (void)resolver;
+  return CURLE_OK;
+}
+
+/*
+ * Curl_resolver_cleanup()
+ * Called from curl_easy_cleanup() -> Curl_close() to cleanup resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Does nothing here.
+ */
+void Curl_resolver_cleanup(void *resolver)
+{
+  (void)resolver;
+}
+
+/*
+ * Curl_resolver_duphandle()
+ * Called from curl_easy_duphandle() to duplicate resolver URL state-specific
+ * environment ('resolver' member of the UrlState structure).  Does nothing
+ * here.
+ */
+int Curl_resolver_duphandle(void **to, void *from)
+{
+  (void)to;
+  (void)from;
+  return CURLE_OK;
+}
+
+static void destroy_async_data(struct Curl_async *);
+
+/*
+ * Cancel all possibly still on-going resolves for this connection.
+ */
+void Curl_resolver_cancel(struct connectdata *conn)
+{
+  destroy_async_data(&conn->async);
+}
+
+/* This function is used to init a threaded resolve */
+static bool init_resolve_thread(struct connectdata *conn,
+                                const char *hostname, int port,
+                                const struct addrinfo *hints);
+
+
+/* Data for synchronization between resolver thread and its parent */
+struct thread_sync_data {
+  curl_mutex_t * mtx;
+  int done;
+
+  char * hostname;        /* hostname to resolve, Curl_async.hostname
+                             duplicate */
+  int port;
+  int sock_error;
+  Curl_addrinfo *res;
+#ifdef HAVE_GETADDRINFO
+  struct addrinfo hints;
+#endif
+  struct thread_data *td; /* for thread-self cleanup */
+};
+
+struct thread_data {
+  curl_thread_t thread_hnd;
+  unsigned int poll_interval;
+  long interval_end;
+  struct thread_sync_data tsd;
+};
+
+static struct thread_sync_data *conn_thread_sync_data(struct connectdata *conn)
+{
+  return &(((struct thread_data *)conn->async.os_specific)->tsd);
+}
+
+#define CONN_THREAD_SYNC_DATA(conn) &(((conn)->async.os_specific)->tsd);
+
+/* Destroy resolver thread synchronization data */
+static
+void destroy_thread_sync_data(struct thread_sync_data * tsd)
+{
+  if(tsd->mtx) {
+    Curl_mutex_destroy(tsd->mtx);
+    free(tsd->mtx);
+  }
+
+  if(tsd->hostname)
+    free(tsd->hostname);
+
+  if(tsd->res)
+    Curl_freeaddrinfo(tsd->res);
+
+  memset(tsd,0,sizeof(*tsd));
+}
+
+/* Initialize resolver thread synchronization data */
+static
+int init_thread_sync_data(struct thread_data * td,
+                           const char * hostname,
+                           int port,
+                           const struct addrinfo *hints)
+{
+  struct thread_sync_data *tsd = &td->tsd;
+
+  memset(tsd, 0, sizeof(*tsd));
+
+  tsd->td = td;
+  tsd->port = port;
+#ifdef HAVE_GETADDRINFO
+  DEBUGASSERT(hints);
+  tsd->hints = *hints;
+#else
+  (void) hints;
+#endif
+
+  tsd->mtx = malloc(sizeof(curl_mutex_t));
+  if(tsd->mtx == NULL)
+    goto err_exit;
+
+  Curl_mutex_init(tsd->mtx);
+
+  tsd->sock_error = CURL_ASYNC_SUCCESS;
+
+  /* Copying hostname string because original can be destroyed by parent
+   * thread during gethostbyname execution.
+   */
+  tsd->hostname = strdup(hostname);
+  if(!tsd->hostname)
+    goto err_exit;
+
+  return 1;
+
+ err_exit:
+  /* Memory allocation failed */
+  destroy_thread_sync_data(tsd);
+  return 0;
+}
+
+static int getaddrinfo_complete(struct connectdata *conn)
+{
+  struct thread_sync_data *tsd = conn_thread_sync_data(conn);
+  int rc;
+
+  rc = Curl_addrinfo_callback(conn, tsd->sock_error, tsd->res);
+  /* The tsd->res structure has been copied to async.dns and perhaps the DNS
+     cache.  Set our copy to NULL so destroy_thread_sync_data doesn't free it.
+  */
+  tsd->res = NULL;
+
+  return rc;
+}
+
+
+#ifdef HAVE_GETADDRINFO
+
+/*
+ * getaddrinfo_thread() resolves a name and then exits.
+ *
+ * For builds without ARES, but with ENABLE_IPV6, create a resolver thread
+ * and wait on it.
+ */
+static unsigned int CURL_STDCALL getaddrinfo_thread (void *arg)
+{
+  struct thread_sync_data *tsd = (struct thread_sync_data*)arg;
+  struct thread_data *td = tsd->td;
+  char service[12];
+  int rc;
+
+  snprintf(service, sizeof(service), "%d", tsd->port);
+
+  rc = Curl_getaddrinfo_ex(tsd->hostname, service, &tsd->hints, &tsd->res);
+
+  if(rc != 0) {
+    tsd->sock_error = SOCKERRNO?SOCKERRNO:rc;
+    if(tsd->sock_error == 0)
+      tsd->sock_error = RESOLVER_ENOMEM;
+  }
+
+  Curl_mutex_acquire(tsd->mtx);
+  if(tsd->done) {
+    /* too late, gotta clean up the mess */
+    Curl_mutex_release(tsd->mtx);
+    destroy_thread_sync_data(tsd);
+    free(td);
+  }
+  else {
+    tsd->done = 1;
+    Curl_mutex_release(tsd->mtx);
+  }
+
+  return 0;
+}
+
+#else /* HAVE_GETADDRINFO */
+
+/*
+ * gethostbyname_thread() resolves a name and then exits.
+ */
+static unsigned int CURL_STDCALL gethostbyname_thread (void *arg)
+{
+  struct thread_sync_data *tsd = (struct thread_sync_data *)arg;
+  struct thread_data *td = tsd->td;
+
+  tsd->res = Curl_ipv4_resolve_r(tsd->hostname, tsd->port);
+
+  if(!tsd->res) {
+    tsd->sock_error = SOCKERRNO;
+    if(tsd->sock_error == 0)
+      tsd->sock_error = RESOLVER_ENOMEM;
+  }
+
+  Curl_mutex_acquire(tsd->mtx);
+  if(tsd->done) {
+    /* too late, gotta clean up the mess */
+    Curl_mutex_release(tsd->mtx);
+    destroy_thread_sync_data(tsd);
+    free(td);
+  }
+  else {
+    tsd->done = 1;
+    Curl_mutex_release(tsd->mtx);
+  }
+
+  return 0;
+}
+
+#endif /* HAVE_GETADDRINFO */
+
+/*
+ * destroy_async_data() cleans up async resolver data and thread handle.
+ */
+static void destroy_async_data (struct Curl_async *async)
+{
+  if(async->os_specific) {
+    struct thread_data *td = (struct thread_data*) async->os_specific;
+    int done;
+
+    /*
+     * if the thread is still blocking in the resolve syscall, detach it and
+     * let the thread do the cleanup...
+     */
+    Curl_mutex_acquire(td->tsd.mtx);
+    done = td->tsd.done;
+    td->tsd.done = 1;
+    Curl_mutex_release(td->tsd.mtx);
+
+    if(!done) {
+      Curl_thread_destroy(td->thread_hnd);
+    }
+    else {
+      if(td->thread_hnd != curl_thread_t_null)
+        Curl_thread_join(&td->thread_hnd);
+
+      destroy_thread_sync_data(&td->tsd);
+
+      free(async->os_specific);
+    }
+  }
+  async->os_specific = NULL;
+
+  if(async->hostname)
+    free(async->hostname);
+
+  async->hostname = NULL;
+}
+
+/*
+ * init_resolve_thread() starts a new thread that performs the actual
+ * resolve. This function returns before the resolve is done.
+ *
+ * Returns FALSE in case of failure, otherwise TRUE.
+ */
+static bool init_resolve_thread (struct connectdata *conn,
+                                 const char *hostname, int port,
+                                 const struct addrinfo *hints)
+{
+  struct thread_data *td = calloc(1, sizeof(struct thread_data));
+  int err = RESOLVER_ENOMEM;
+
+  conn->async.os_specific = (void*) td;
+  if(!td)
+    goto err_exit;
+
+  conn->async.port = port;
+  conn->async.done = FALSE;
+  conn->async.status = 0;
+  conn->async.dns = NULL;
+  td->thread_hnd = curl_thread_t_null;
+
+  if(!init_thread_sync_data(td, hostname, port, hints))
+    goto err_exit;
+
+  Curl_safefree(conn->async.hostname);
+  conn->async.hostname = strdup(hostname);
+  if(!conn->async.hostname)
+    goto err_exit;
+
+#ifdef HAVE_GETADDRINFO
+  td->thread_hnd = Curl_thread_create(getaddrinfo_thread, &td->tsd);
+#else
+  td->thread_hnd = Curl_thread_create(gethostbyname_thread, &td->tsd);
+#endif
+
+  if(!td->thread_hnd) {
+#ifndef _WIN32_WCE
+    err = errno;
+#endif
+    goto err_exit;
+  }
+
+  return TRUE;
+
+ err_exit:
+  destroy_async_data(&conn->async);
+
+  SET_ERRNO(err);
+
+  return FALSE;
+}
+
+/*
+ * resolver_error() calls failf() with the appropriate message after a resolve
+ * error
+ */
+
+static CURLcode resolver_error(struct connectdata *conn)
+{
+  const char *host_or_proxy;
+  CURLcode rc;
+  if(conn->bits.httpproxy) {
+    host_or_proxy = "proxy";
+    rc = CURLE_COULDNT_RESOLVE_PROXY;
+  }
+  else {
+    host_or_proxy = "host";
+    rc = CURLE_COULDNT_RESOLVE_HOST;
+  }
+
+  failf(conn->data, "Could not resolve %s: %s", host_or_proxy,
+        conn->async.hostname);
+  return rc;
+}
+
+/*
+ * Curl_resolver_wait_resolv()
+ *
+ * waits for a resolve to finish. This function should be avoided since using
+ * this risk getting the multi interface to "hang".
+ *
+ * If 'entry' is non-NULL, make it point to the resolved dns entry
+ *
+ * This is the version for resolves-in-a-thread.
+ */
+CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
+                                   struct Curl_dns_entry **entry)
+{
+  struct thread_data   *td = (struct thread_data*) conn->async.os_specific;
+  CURLcode rc = CURLE_OK;
+
+  DEBUGASSERT(conn && td);
+
+  /* wait for the thread to resolve the name */
+  if(Curl_thread_join(&td->thread_hnd))
+    rc = getaddrinfo_complete(conn);
+  else
+    DEBUGASSERT(0);
+
+  conn->async.done = TRUE;
+
+  if(entry)
+    *entry = conn->async.dns;
+
+  if(!conn->async.dns)
+    /* a name was not resolved, report error */
+    rc = resolver_error(conn);
+
+  destroy_async_data(&conn->async);
+
+  if(!conn->async.dns)
+    connclose(conn, "asynch resolve failed");
+
+  return (rc);
+}
+
+/*
+ * Curl_resolver_is_resolved() is called repeatedly to check if a previous
+ * name resolve request has completed. It should also make sure to time-out if
+ * the operation seems to take too long.
+ */
+CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
+                                   struct Curl_dns_entry **entry)
+{
+  struct SessionHandle *data = conn->data;
+  struct thread_data   *td = (struct thread_data*) conn->async.os_specific;
+  int done = 0;
+
+  *entry = NULL;
+
+  if(!td) {
+    DEBUGASSERT(td);
+    return CURLE_COULDNT_RESOLVE_HOST;
+  }
+
+  Curl_mutex_acquire(td->tsd.mtx);
+  done = td->tsd.done;
+  Curl_mutex_release(td->tsd.mtx);
+
+  if(done) {
+    getaddrinfo_complete(conn);
+
+    if(!conn->async.dns) {
+      CURLcode rc = resolver_error(conn);
+      destroy_async_data(&conn->async);
+      return rc;
+    }
+    destroy_async_data(&conn->async);
+    *entry = conn->async.dns;
+  }
+  else {
+    /* poll for name lookup done with exponential backoff up to 250ms */
+    long elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
+    if(elapsed < 0)
+      elapsed = 0;
+
+    if(td->poll_interval == 0)
+      /* Start at 1ms poll interval */
+      td->poll_interval = 1;
+    else if(elapsed >= td->interval_end)
+      /* Back-off exponentially if last interval expired  */
+      td->poll_interval *= 2;
+
+    if(td->poll_interval > 250)
+      td->poll_interval = 250;
+
+    td->interval_end = elapsed + td->poll_interval;
+    Curl_expire_latest(conn->data, td->poll_interval);
+  }
+
+  return CURLE_OK;
+}
+
+int Curl_resolver_getsock(struct connectdata *conn,
+                          curl_socket_t *socks,
+                          int numsocks)
+{
+  (void)conn;
+  (void)socks;
+  (void)numsocks;
+  return 0;
+}
+
+#ifndef HAVE_GETADDRINFO
+/*
+ * Curl_getaddrinfo() - for platforms without getaddrinfo
+ */
+Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
+                                         const char *hostname,
+                                         int port,
+                                         int *waitp)
+{
+  struct in_addr in;
+
+  *waitp = 0; /* default to synchronous response */
+
+  if(Curl_inet_pton(AF_INET, hostname, &in) > 0)
+    /* This is a dotted IP address 123.123.123.123-style */
+    return Curl_ip2addr(AF_INET, &in, hostname, port);
+
+  /* fire up a new resolver thread! */
+  if(init_resolve_thread(conn, hostname, port, NULL)) {
+    *waitp = 1; /* expect asynchronous response */
+    return NULL;
+  }
+
+  /* fall-back to blocking version */
+  return Curl_ipv4_resolve_r(hostname, port);
+}
+
+#else /* !HAVE_GETADDRINFO */
+
+/*
+ * Curl_resolver_getaddrinfo() - for getaddrinfo
+ */
+Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
+                                         const char *hostname,
+                                         int port,
+                                         int *waitp)
+{
+  struct addrinfo hints;
+  struct in_addr in;
+  Curl_addrinfo *res;
+  int error;
+  char sbuf[12];
+  int pf = PF_INET;
+#ifdef CURLRES_IPV6
+  struct in6_addr in6;
+#endif /* CURLRES_IPV6 */
+
+  *waitp = 0; /* default to synchronous response */
+
+  /* First check if this is an IPv4 address string */
+  if(Curl_inet_pton(AF_INET, hostname, &in) > 0)
+    /* This is a dotted IP address 123.123.123.123-style */
+    return Curl_ip2addr(AF_INET, &in, hostname, port);
+
+#ifdef CURLRES_IPV6
+  /* check if this is an IPv6 address string */
+  if(Curl_inet_pton (AF_INET6, hostname, &in6) > 0)
+    /* This is an IPv6 address literal */
+    return Curl_ip2addr(AF_INET6, &in6, hostname, port);
+
+  /*
+   * Check if a limited name resolve has been requested.
+   */
+  switch(conn->ip_version) {
+  case CURL_IPRESOLVE_V4:
+    pf = PF_INET;
+    break;
+  case CURL_IPRESOLVE_V6:
+    pf = PF_INET6;
+    break;
+  default:
+    pf = PF_UNSPEC;
+    break;
+  }
+
+  if((pf != PF_INET) && !Curl_ipv6works())
+    /* the stack seems to be a non-ipv6 one */
+    pf = PF_INET;
+
+#endif /* CURLRES_IPV6 */
+
+  memset(&hints, 0, sizeof(hints));
+  hints.ai_family = pf;
+  hints.ai_socktype = conn->socktype;
+
+  snprintf(sbuf, sizeof(sbuf), "%d", port);
+
+  /* fire up a new resolver thread! */
+  if(init_resolve_thread(conn, hostname, port, &hints)) {
+    *waitp = 1; /* expect asynchronous response */
+    return NULL;
+  }
+
+  /* fall-back to blocking version */
+  infof(conn->data, "init_resolve_thread() failed for %s; %s\n",
+        hostname, Curl_strerror(conn, ERRNO));
+
+  error = Curl_getaddrinfo_ex(hostname, sbuf, &hints, &res);
+  if(error) {
+    infof(conn->data, "getaddrinfo() failed for %s:%d; %s\n",
+          hostname, port, Curl_strerror(conn, SOCKERRNO));
+    return NULL;
+  }
+  return res;
+}
+
+#endif /* !HAVE_GETADDRINFO */
+
+CURLcode Curl_set_dns_servers(struct SessionHandle *data,
+                              char *servers)
+{
+  (void)data;
+  (void)servers;
+  return CURLE_NOT_BUILT_IN;
+
+}
+
+CURLcode Curl_set_dns_interface(struct SessionHandle *data,
+                                const char *interf)
+{
+  (void)data;
+  (void)interf;
+  return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
+                                const char *local_ip4)
+{
+  (void)data;
+  (void)local_ip4;
+  return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
+                                const char *local_ip6)
+{
+  (void)data;
+  (void)local_ip6;
+  return CURLE_NOT_BUILT_IN;
+}
+
+#endif /* CURLRES_THREADED */
diff --git a/Utilities/cmcurl/lib/asyn.h b/Utilities/cmcurl/lib/asyn.h
new file mode 100644
index 0000000..1b681ea
--- /dev/null
+++ b/Utilities/cmcurl/lib/asyn.h
@@ -0,0 +1,168 @@
+#ifndef HEADER_CURL_ASYN_H
+#define HEADER_CURL_ASYN_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+#include "curl_addrinfo.h"
+
+struct addrinfo;
+struct hostent;
+struct SessionHandle;
+struct connectdata;
+struct Curl_dns_entry;
+
+/*
+ * This header defines all functions in the internal asynch resolver interface.
+ * All asynch resolvers need to provide these functions.
+ * asyn-ares.c and asyn-thread.c are the current implementations of asynch
+ * resolver backends.
+ */
+
+/*
+ * Curl_resolver_global_init()
+ *
+ * Called from curl_global_init() to initialize global resolver environment.
+ * Returning anything else than CURLE_OK fails curl_global_init().
+ */
+int Curl_resolver_global_init(void);
+
+/*
+ * Curl_resolver_global_cleanup()
+ * Called from curl_global_cleanup() to destroy global resolver environment.
+ */
+void Curl_resolver_global_cleanup(void);
+
+/*
+ * Curl_resolver_init()
+ * Called from curl_easy_init() -> Curl_open() to initialize resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Should fill the passed pointer by the initialized handler.
+ * Returning anything else than CURLE_OK fails curl_easy_init() with the
+ * correspondent code.
+ */
+CURLcode Curl_resolver_init(void **resolver);
+
+/*
+ * Curl_resolver_cleanup()
+ * Called from curl_easy_cleanup() -> Curl_close() to cleanup resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Should destroy the handler and free all resources connected to
+ * it.
+ */
+void Curl_resolver_cleanup(void *resolver);
+
+/*
+ * Curl_resolver_duphandle()
+ * Called from curl_easy_duphandle() to duplicate resolver URL-state specific
+ * environment ('resolver' member of the UrlState structure).  Should
+ * duplicate the 'from' handle and pass the resulting handle to the 'to'
+ * pointer.  Returning anything else than CURLE_OK causes failed
+ * curl_easy_duphandle() call.
+ */
+int Curl_resolver_duphandle(void **to, void *from);
+
+/*
+ * Curl_resolver_cancel().
+ *
+ * It is called from inside other functions to cancel currently performing
+ * resolver request. Should also free any temporary resources allocated to
+ * perform a request.
+ */
+void Curl_resolver_cancel(struct connectdata *conn);
+
+/* Curl_resolver_getsock()
+ *
+ * This function is called from the multi_getsock() function.  'sock' is a
+ * pointer to an array to hold the file descriptors, with 'numsock' being the
+ * size of that array (in number of entries). This function is supposed to
+ * return bitmask indicating what file descriptors (referring to array indexes
+ * in the 'sock' array) to wait for, read/write.
+ */
+int Curl_resolver_getsock(struct connectdata *conn, curl_socket_t *sock,
+                          int numsocks);
+
+/*
+ * Curl_resolver_is_resolved()
+ *
+ * Called repeatedly to check if a previous name resolve request has
+ * completed. It should also make sure to time-out if the operation seems to
+ * take too long.
+ *
+ * Returns normal CURLcode errors.
+ */
+CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
+                                   struct Curl_dns_entry **dns);
+
+/*
+ * Curl_resolver_wait_resolv()
+ *
+ * waits for a resolve to finish. This function should be avoided since using
+ * this risk getting the multi interface to "hang".
+ *
+ * If 'entry' is non-NULL, make it point to the resolved dns entry
+ *
+ * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, and
+ * CURLE_OPERATION_TIMEDOUT if a time-out occurred.
+
+ */
+CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
+                                   struct Curl_dns_entry **dnsentry);
+
+/*
+ * Curl_resolver_getaddrinfo() - when using this resolver
+ *
+ * Returns name information about the given hostname and port number. If
+ * successful, the 'hostent' is returned and the forth argument will point to
+ * memory we need to free after use. That memory *MUST* be freed with
+ * Curl_freeaddrinfo(), nothing else.
+ *
+ * Each resolver backend must of course make sure to return data in the
+ * correct format to comply with this.
+ */
+Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
+                                         const char *hostname,
+                                         int port,
+                                         int *waitp);
+
+#ifndef CURLRES_ASYNCH
+/* convert these functions if an asynch resolver isn't used */
+#define Curl_resolver_cancel(x) Curl_nop_stmt
+#define Curl_resolver_is_resolved(x,y) CURLE_COULDNT_RESOLVE_HOST
+#define Curl_resolver_wait_resolv(x,y) CURLE_COULDNT_RESOLVE_HOST
+#define Curl_resolver_getsock(x,y,z) 0
+#define Curl_resolver_duphandle(x,y) CURLE_OK
+#define Curl_resolver_init(x) CURLE_OK
+#define Curl_resolver_global_init() CURLE_OK
+#define Curl_resolver_global_cleanup() Curl_nop_stmt
+#define Curl_resolver_cleanup(x) Curl_nop_stmt
+#endif
+
+#ifdef CURLRES_ASYNCH
+#define Curl_resolver_asynch() 1
+#else
+#define Curl_resolver_asynch() 0
+#endif
+
+
+/********** end of generic resolver interface functions *****************/
+#endif /* HEADER_CURL_ASYN_H */
diff --git a/Utilities/cmcurl/lib/base64.c b/Utilities/cmcurl/lib/base64.c
new file mode 100644
index 0000000..bd9ba35
--- /dev/null
+++ b/Utilities/cmcurl/lib/base64.c
@@ -0,0 +1,314 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* Base64 encoding/decoding */
+
+#include "curl_setup.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "urldata.h" /* for the SessionHandle definition */
+#include "warnless.h"
+#include "curl_base64.h"
+#include "curl_memory.h"
+#include "non-ascii.h"
+
+/* include memdebug.h last */
+#include "memdebug.h"
+
+/* ---- Base64 Encoding/Decoding Table --- */
+static const char base64[]=
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/* The Base 64 encoding with an URL and filename safe alphabet, RFC 4648
+   section 5 */
+static const char base64url[]=
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+
+static size_t decodeQuantum(unsigned char *dest, const char *src)
+{
+  size_t padding = 0;
+  const char *s, *p;
+  unsigned long i, v, x = 0;
+
+  for(i = 0, s = src; i < 4; i++, s++) {
+    v = 0;
+
+    if(*s == '=') {
+      x = (x << 6);
+      padding++;
+    }
+    else {
+      p = base64;
+
+      while(*p && (*p != *s)) {
+        v++;
+        p++;
+      }
+
+      if(*p == *s)
+        x = (x << 6) + v;
+      else
+        return 0;
+    }
+  }
+
+  if(padding < 1)
+    dest[2] = curlx_ultouc(x & 0xFFUL);
+
+  x >>= 8;
+  if(padding < 2)
+    dest[1] = curlx_ultouc(x & 0xFFUL);
+
+  x >>= 8;
+  dest[0] = curlx_ultouc(x & 0xFFUL);
+
+  return 3 - padding;
+}
+
+/*
+ * Curl_base64_decode()
+ *
+ * Given a base64 NUL-terminated string at src, decode it and return a
+ * pointer in *outptr to a newly allocated memory area holding decoded
+ * data. Size of decoded data is returned in variable pointed by outlen.
+ *
+ * Returns CURLE_OK on success, otherwise specific error code. Function
+ * output shall not be considered valid unless CURLE_OK is returned.
+ *
+ * When decoded data length is 0, returns NULL in *outptr.
+ *
+ * @unittest: 1302
+ */
+CURLcode Curl_base64_decode(const char *src,
+                            unsigned char **outptr, size_t *outlen)
+{
+  size_t srclen = 0;
+  size_t length = 0;
+  size_t padding = 0;
+  size_t i;
+  size_t result;
+  size_t numQuantums;
+  size_t rawlen = 0;
+  unsigned char *pos;
+  unsigned char *newstr;
+
+  *outptr = NULL;
+  *outlen = 0;
+  srclen = strlen(src);
+
+  /* Check the length of the input string is valid */
+  if(!srclen || srclen % 4)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* Find the position of any = padding characters */
+  while((src[length] != '=') && src[length])
+    length++;
+
+  /* A maximum of two = padding characters is allowed */
+  if(src[length] == '=') {
+    padding++;
+    if(src[length + 1] == '=')
+      padding++;
+  }
+
+  /* Check the = padding characters weren't part way through the input */
+  if(length + padding != srclen)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* Calculate the number of quantums */
+  numQuantums = srclen / 4;
+
+  /* Calculate the size of the decoded string */
+  rawlen = (numQuantums * 3) - padding;
+
+  /* Allocate our buffer including room for a zero terminator */
+  newstr = malloc(rawlen + 1);
+  if(!newstr)
+    return CURLE_OUT_OF_MEMORY;
+
+  pos = newstr;
+
+  /* Decode the quantums */
+  for(i = 0; i < numQuantums; i++) {
+    result = decodeQuantum(pos, src);
+    if(!result) {
+      Curl_safefree(newstr);
+
+      return CURLE_BAD_CONTENT_ENCODING;
+    }
+
+    pos += result;
+    src += 4;
+  }
+
+  /* Zero terminate */
+  *pos = '\0';
+
+  /* Return the decoded data */
+  *outptr = newstr;
+  *outlen = rawlen;
+
+  return CURLE_OK;
+}
+
+static CURLcode base64_encode(const char *table64,
+                              struct SessionHandle *data,
+                              const char *inputbuff, size_t insize,
+                              char **outptr, size_t *outlen)
+{
+  CURLcode error;
+  unsigned char ibuf[3];
+  unsigned char obuf[4];
+  int i;
+  int inputparts;
+  char *output;
+  char *base64data;
+  char *convbuf = NULL;
+
+  const char *indata = inputbuff;
+
+  *outptr = NULL;
+  *outlen = 0;
+
+  if(0 == insize)
+    insize = strlen(indata);
+
+  base64data = output = malloc(insize*4/3+4);
+  if(NULL == output)
+    return CURLE_OUT_OF_MEMORY;
+
+  /*
+   * The base64 data needs to be created using the network encoding
+   * not the host encoding.  And we can't change the actual input
+   * so we copy it to a buffer, translate it, and use that instead.
+   */
+  error = Curl_convert_clone(data, indata, insize, &convbuf);
+  if(error) {
+    free(output);
+    return error;
+  }
+
+  if(convbuf)
+    indata = (char *)convbuf;
+
+  while(insize > 0) {
+    for(i = inputparts = 0; i < 3; i++) {
+      if(insize > 0) {
+        inputparts++;
+        ibuf[i] = (unsigned char) *indata;
+        indata++;
+        insize--;
+      }
+      else
+        ibuf[i] = 0;
+    }
+
+    obuf[0] = (unsigned char)  ((ibuf[0] & 0xFC) >> 2);
+    obuf[1] = (unsigned char) (((ibuf[0] & 0x03) << 4) | \
+                               ((ibuf[1] & 0xF0) >> 4));
+    obuf[2] = (unsigned char) (((ibuf[1] & 0x0F) << 2) | \
+                               ((ibuf[2] & 0xC0) >> 6));
+    obuf[3] = (unsigned char)   (ibuf[2] & 0x3F);
+
+    switch(inputparts) {
+    case 1: /* only one byte read */
+      snprintf(output, 5, "%c%c==",
+               table64[obuf[0]],
+               table64[obuf[1]]);
+      break;
+    case 2: /* two bytes read */
+      snprintf(output, 5, "%c%c%c=",
+               table64[obuf[0]],
+               table64[obuf[1]],
+               table64[obuf[2]]);
+      break;
+    default:
+      snprintf(output, 5, "%c%c%c%c",
+               table64[obuf[0]],
+               table64[obuf[1]],
+               table64[obuf[2]],
+               table64[obuf[3]] );
+      break;
+    }
+    output += 4;
+  }
+  *output = '\0';
+  *outptr = base64data; /* return pointer to new data, allocated memory */
+
+  if(convbuf)
+    free(convbuf);
+
+  *outlen = strlen(base64data); /* return the length of the new data */
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_base64_encode()
+ *
+ * Given a pointer to an input buffer and an input size, encode it and
+ * return a pointer in *outptr to a newly allocated memory area holding
+ * encoded data. Size of encoded data is returned in variable pointed by
+ * outlen.
+ *
+ * Input length of 0 indicates input buffer holds a NUL-terminated string.
+ *
+ * Returns CURLE_OK on success, otherwise specific error code. Function
+ * output shall not be considered valid unless CURLE_OK is returned.
+ *
+ * When encoded data length is 0, returns NULL in *outptr.
+ *
+ * @unittest: 1302
+ */
+CURLcode Curl_base64_encode(struct SessionHandle *data,
+                            const char *inputbuff, size_t insize,
+                            char **outptr, size_t *outlen)
+{
+  return base64_encode(base64, data, inputbuff, insize, outptr, outlen);
+}
+
+/*
+ * Curl_base64url_encode()
+ *
+ * Given a pointer to an input buffer and an input size, encode it and
+ * return a pointer in *outptr to a newly allocated memory area holding
+ * encoded data. Size of encoded data is returned in variable pointed by
+ * outlen.
+ *
+ * Input length of 0 indicates input buffer holds a NUL-terminated string.
+ *
+ * Returns CURLE_OK on success, otherwise specific error code. Function
+ * output shall not be considered valid unless CURLE_OK is returned.
+ *
+ * When encoded data length is 0, returns NULL in *outptr.
+ *
+ * @unittest: 1302
+ */
+CURLcode Curl_base64url_encode(struct SessionHandle *data,
+                               const char *inputbuff, size_t insize,
+                               char **outptr, size_t *outlen)
+{
+  return base64_encode(base64url, data, inputbuff, insize, outptr, outlen);
+}
+/* ---- End of Base64 Encoding ---- */
diff --git a/Utilities/cmcurl/lib/bundles.c b/Utilities/cmcurl/lib/bundles.c
new file mode 100644
index 0000000..aadf026
--- /dev/null
+++ b/Utilities/cmcurl/lib/bundles.c
@@ -0,0 +1,110 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+
+#include "urldata.h"
+#include "url.h"
+#include "progress.h"
+#include "multiif.h"
+#include "bundles.h"
+#include "sendf.h"
+#include "rawstr.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+static void conn_llist_dtor(void *user, void *element)
+{
+  struct connectdata *data = element;
+  (void)user;
+
+  data->bundle = NULL;
+}
+
+CURLcode Curl_bundle_create(struct SessionHandle *data,
+                            struct connectbundle **cb_ptr)
+{
+  (void)data;
+  DEBUGASSERT(*cb_ptr == NULL);
+  *cb_ptr = malloc(sizeof(struct connectbundle));
+  if(!*cb_ptr)
+    return CURLE_OUT_OF_MEMORY;
+
+  (*cb_ptr)->num_connections = 0;
+  (*cb_ptr)->server_supports_pipelining = FALSE;
+
+  (*cb_ptr)->conn_list = Curl_llist_alloc((curl_llist_dtor) conn_llist_dtor);
+  if(!(*cb_ptr)->conn_list) {
+    Curl_safefree(*cb_ptr);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  return CURLE_OK;
+}
+
+void Curl_bundle_destroy(struct connectbundle *cb_ptr)
+{
+  if(!cb_ptr)
+    return;
+
+  if(cb_ptr->conn_list) {
+    Curl_llist_destroy(cb_ptr->conn_list, NULL);
+    cb_ptr->conn_list = NULL;
+  }
+  Curl_safefree(cb_ptr);
+}
+
+/* Add a connection to a bundle */
+CURLcode Curl_bundle_add_conn(struct connectbundle *cb_ptr,
+                              struct connectdata *conn)
+{
+  if(!Curl_llist_insert_next(cb_ptr->conn_list, cb_ptr->conn_list->tail, conn))
+    return CURLE_OUT_OF_MEMORY;
+
+  conn->bundle = cb_ptr;
+
+  cb_ptr->num_connections++;
+  return CURLE_OK;
+}
+
+/* Remove a connection from a bundle */
+int Curl_bundle_remove_conn(struct connectbundle *cb_ptr,
+                            struct connectdata *conn)
+{
+  struct curl_llist_element *curr;
+
+  curr = cb_ptr->conn_list->head;
+  while(curr) {
+    if(curr->ptr == conn) {
+      Curl_llist_remove(cb_ptr->conn_list, curr, NULL);
+      cb_ptr->num_connections--;
+      conn->bundle = NULL;
+      return 1; /* we removed a handle */
+    }
+    curr = curr->next;
+  }
+  return 0;
+}
diff --git a/Utilities/cmcurl/select.h b/Utilities/cmcurl/lib/bundles.h
index 7573b1f..3816c40 100644
--- a/Utilities/cmcurl/select.h
+++ b/Utilities/cmcurl/lib/bundles.h
@@ -1,5 +1,5 @@
-#ifndef __SELECT_H
-#define __SELECT_H
+#ifndef HEADER_CURL_BUNDLES_H
+#define HEADER_CURL_BUNDLES_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,41 +20,26 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#ifdef HAVE_SYS_POLL_H
-#include <sys/poll.h>
-#else
-#ifndef POLLIN
-#define POLLIN      0x01
-#define POLLPRI     0x02
-#define POLLOUT     0x04
-#define POLLERR     0x08
-#define POLLHUP     0x10
-#define POLLNVAL    0x20
-
-struct pollfd
-{
-    curl_socket_t fd;
-    short   events;
-    short   revents;
+struct connectbundle {
+  bool server_supports_pipelining; /* TRUE if server supports pipelining,
+                                      set after first response */
+  size_t num_connections;       /* Number of connections in the bundle */
+  struct curl_llist *conn_list; /* The connectdata members of the bundle */
 };
-#endif
 
-#endif
+CURLcode Curl_bundle_create(struct SessionHandle *data,
+                            struct connectbundle **cb_ptr);
 
-#define CSELECT_IN   0x01
-#define CSELECT_OUT  0x02
-#define CSELECT_ERR  0x04
+void Curl_bundle_destroy(struct connectbundle *cb_ptr);
 
-int Curl_select(curl_socket_t readfd, curl_socket_t writefd, int timeout_ms);
+CURLcode Curl_bundle_add_conn(struct connectbundle *cb_ptr,
+                              struct connectdata *conn);
 
-int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms);
+int Curl_bundle_remove_conn(struct connectbundle *cb_ptr,
+                            struct connectdata *conn);
 
-#ifdef TPF
-int tpf_select_libcurl(int maxfds, fd_set* reads, fd_set* writes,
-                       fd_set* excepts, struct timeval* tv);
-#endif
 
-#endif
+#endif /* HEADER_CURL_BUNDLES_H */
+
diff --git a/Utilities/cmcurl/lib/conncache.c b/Utilities/cmcurl/lib/conncache.c
new file mode 100644
index 0000000..5bbcf3c
--- /dev/null
+++ b/Utilities/cmcurl/lib/conncache.c
@@ -0,0 +1,283 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+
+#include "urldata.h"
+#include "url.h"
+#include "progress.h"
+#include "multiif.h"
+#include "sendf.h"
+#include "rawstr.h"
+#include "bundles.h"
+#include "conncache.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+static void free_bundle_hash_entry(void *freethis)
+{
+  struct connectbundle *b = (struct connectbundle *) freethis;
+
+  Curl_bundle_destroy(b);
+}
+
+struct conncache *Curl_conncache_init(int size)
+{
+  struct conncache *connc;
+
+  connc = calloc(1, sizeof(struct conncache));
+  if(!connc)
+    return NULL;
+
+  connc->hash = Curl_hash_alloc(size, Curl_hash_str,
+                                Curl_str_key_compare, free_bundle_hash_entry);
+
+  if(!connc->hash) {
+    free(connc);
+    return NULL;
+  }
+
+  return connc;
+}
+
+void Curl_conncache_destroy(struct conncache *connc)
+{
+  if(connc) {
+    Curl_hash_destroy(connc->hash);
+    connc->hash = NULL;
+    free(connc);
+  }
+}
+
+struct connectbundle *Curl_conncache_find_bundle(struct conncache *connc,
+                                                 char *hostname)
+{
+  struct connectbundle *bundle = NULL;
+
+  if(connc)
+    bundle = Curl_hash_pick(connc->hash, hostname, strlen(hostname)+1);
+
+  return bundle;
+}
+
+static bool conncache_add_bundle(struct conncache *connc,
+                                 char *hostname,
+                                 struct connectbundle *bundle)
+{
+  void *p;
+
+  p = Curl_hash_add(connc->hash, hostname, strlen(hostname)+1, bundle);
+
+  return p?TRUE:FALSE;
+}
+
+static void conncache_remove_bundle(struct conncache *connc,
+                                    struct connectbundle *bundle)
+{
+  struct curl_hash_iterator iter;
+  struct curl_hash_element *he;
+
+  if(!connc)
+    return;
+
+  Curl_hash_start_iterate(connc->hash, &iter);
+
+  he = Curl_hash_next_element(&iter);
+  while(he) {
+    if(he->ptr == bundle) {
+      /* The bundle is destroyed by the hash destructor function,
+         free_bundle_hash_entry() */
+      Curl_hash_delete(connc->hash, he->key, he->key_len);
+      return;
+    }
+
+    he = Curl_hash_next_element(&iter);
+  }
+}
+
+CURLcode Curl_conncache_add_conn(struct conncache *connc,
+                                 struct connectdata *conn)
+{
+  CURLcode result;
+  struct connectbundle *bundle;
+  struct connectbundle *new_bundle = NULL;
+  struct SessionHandle *data = conn->data;
+
+  bundle = Curl_conncache_find_bundle(data->state.conn_cache,
+                                      conn->host.name);
+  if(!bundle) {
+    result = Curl_bundle_create(data, &new_bundle);
+    if(result != CURLE_OK)
+      return result;
+
+    if(!conncache_add_bundle(data->state.conn_cache,
+                             conn->host.name, new_bundle)) {
+      Curl_bundle_destroy(new_bundle);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    bundle = new_bundle;
+  }
+
+  result = Curl_bundle_add_conn(bundle, conn);
+  if(result != CURLE_OK) {
+    if(new_bundle)
+      conncache_remove_bundle(data->state.conn_cache, new_bundle);
+    return result;
+  }
+
+  conn->connection_id = connc->next_connection_id++;
+  connc->num_connections++;
+
+  return CURLE_OK;
+}
+
+void Curl_conncache_remove_conn(struct conncache *connc,
+                                struct connectdata *conn)
+{
+  struct connectbundle *bundle = conn->bundle;
+
+  /* The bundle pointer can be NULL, since this function can be called
+     due to a failed connection attempt, before being added to a bundle */
+  if(bundle) {
+    Curl_bundle_remove_conn(bundle, conn);
+    if(bundle->num_connections == 0) {
+      conncache_remove_bundle(connc, bundle);
+    }
+
+    if(connc) {
+      connc->num_connections--;
+
+      DEBUGF(infof(conn->data, "The cache now contains %d members\n",
+                   connc->num_connections));
+    }
+  }
+}
+
+/* This function iterates the entire connection cache and calls the
+   function func() with the connection pointer as the first argument
+   and the supplied 'param' argument as the other,
+
+   Return 0 from func() to continue the loop, return 1 to abort it.
+ */
+void Curl_conncache_foreach(struct conncache *connc,
+                            void *param,
+                            int (*func)(struct connectdata *conn, void *param))
+{
+  struct curl_hash_iterator iter;
+  struct curl_llist_element *curr;
+  struct curl_hash_element *he;
+
+  if(!connc)
+    return;
+
+  Curl_hash_start_iterate(connc->hash, &iter);
+
+  he = Curl_hash_next_element(&iter);
+  while(he) {
+    struct connectbundle *bundle;
+    struct connectdata *conn;
+
+    bundle = he->ptr;
+    he = Curl_hash_next_element(&iter);
+
+    curr = bundle->conn_list->head;
+    while(curr) {
+      /* Yes, we need to update curr before calling func(), because func()
+         might decide to remove the connection */
+      conn = curr->ptr;
+      curr = curr->next;
+
+      if(1 == func(conn, param))
+        return;
+    }
+  }
+}
+
+/* Return the first connection found in the cache. Used when closing all
+   connections */
+struct connectdata *
+Curl_conncache_find_first_connection(struct conncache *connc)
+{
+  struct curl_hash_iterator iter;
+  struct curl_llist_element *curr;
+  struct curl_hash_element *he;
+  struct connectbundle *bundle;
+
+  Curl_hash_start_iterate(connc->hash, &iter);
+
+  he = Curl_hash_next_element(&iter);
+  while(he) {
+    bundle = he->ptr;
+
+    curr = bundle->conn_list->head;
+    if(curr) {
+      return curr->ptr;
+    }
+
+    he = Curl_hash_next_element(&iter);
+  }
+
+  return NULL;
+}
+
+
+#if 0
+/* Useful for debugging the connection cache */
+void Curl_conncache_print(struct conncache *connc)
+{
+  struct curl_hash_iterator iter;
+  struct curl_llist_element *curr;
+  struct curl_hash_element *he;
+
+  if(!connc)
+    return;
+
+  fprintf(stderr, "=Bundle cache=\n");
+
+  Curl_hash_start_iterate(connc->hash, &iter);
+
+  he = Curl_hash_next_element(&iter);
+  while(he) {
+    struct connectbundle *bundle;
+    struct connectdata *conn;
+
+    bundle = he->ptr;
+
+    fprintf(stderr, "%s -", he->key);
+    curr = bundle->conn_list->head;
+    while(curr) {
+      conn = curr->ptr;
+
+      fprintf(stderr, " [%p %d]", (void *)conn, conn->inuse);
+      curr = curr->next;
+    }
+    fprintf(stderr, "\n");
+
+    he = Curl_hash_next_element(&iter);
+  }
+}
+#endif
diff --git a/Utilities/cmcurl/lib/conncache.h b/Utilities/cmcurl/lib/conncache.h
new file mode 100644
index 0000000..d793f24
--- /dev/null
+++ b/Utilities/cmcurl/lib/conncache.h
@@ -0,0 +1,55 @@
+#ifndef HEADER_CURL_CONNCACHE_H
+#define HEADER_CURL_CONNCACHE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+struct conncache {
+  struct curl_hash *hash;
+  size_t num_connections;
+  long next_connection_id;
+  struct timeval last_cleanup;
+};
+
+struct conncache *Curl_conncache_init(int size);
+
+void Curl_conncache_destroy(struct conncache *connc);
+
+struct connectbundle *Curl_conncache_find_bundle(struct conncache *connc,
+                                                 char *hostname);
+
+CURLcode Curl_conncache_add_conn(struct conncache *connc,
+                                 struct connectdata *conn);
+
+void Curl_conncache_remove_conn(struct conncache *connc,
+                                struct connectdata *conn);
+
+void Curl_conncache_foreach(struct conncache *connc,
+                            void *param,
+                            int (*func)(struct connectdata *conn,
+                                        void *param));
+
+struct connectdata *
+Curl_conncache_find_first_connection(struct conncache *connc);
+
+void Curl_conncache_print(struct conncache *connc);
+
+#endif /* HEADER_CURL_CONNCACHE_H */
diff --git a/Utilities/cmcurl/lib/connect.c b/Utilities/cmcurl/lib/connect.c
new file mode 100644
index 0000000..fb315fc
--- /dev/null
+++ b/Utilities/cmcurl/lib/connect.c
@@ -0,0 +1,1340 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h> /* <netinet/tcp.h> may need it */
+#endif
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h> /* for sockaddr_un */
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h> /* for TCP_NODELAY */
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#if (defined(HAVE_IOCTL_FIONBIO) && defined(NETWARE))
+#include <sys/filio.h>
+#endif
+#ifdef NETWARE
+#undef in_addr_t
+#define in_addr_t unsigned long
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "urldata.h"
+#include "sendf.h"
+#include "if2ip.h"
+#include "strerror.h"
+#include "connect.h"
+#include "curl_memory.h"
+#include "select.h"
+#include "url.h" /* for Curl_safefree() */
+#include "multiif.h"
+#include "sockaddr.h" /* required for Curl_sockaddr_storage */
+#include "inet_ntop.h"
+#include "inet_pton.h"
+#include "vtls/vtls.h" /* for Curl_ssl_check_cxn() */
+#include "progress.h"
+#include "warnless.h"
+#include "conncache.h"
+#include "multihandle.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifdef __SYMBIAN32__
+/* This isn't actually supported under Symbian OS */
+#undef SO_NOSIGPIPE
+#endif
+
+static bool verifyconnect(curl_socket_t sockfd, int *error);
+
+#if defined(__DragonFly__) || defined(HAVE_WINSOCK_H)
+/* DragonFlyBSD and Windows use millisecond units */
+#define KEEPALIVE_FACTOR(x) (x *= 1000)
+#else
+#define KEEPALIVE_FACTOR(x)
+#endif
+
+#if defined(HAVE_WINSOCK2_H) && !defined(SIO_KEEPALIVE_VALS)
+#define SIO_KEEPALIVE_VALS    _WSAIOW(IOC_VENDOR,4)
+
+struct tcp_keepalive {
+  u_long onoff;
+  u_long keepalivetime;
+  u_long keepaliveinterval;
+};
+#endif
+
+static void
+tcpkeepalive(struct SessionHandle *data,
+             curl_socket_t sockfd)
+{
+  int optval = data->set.tcp_keepalive?1:0;
+
+  /* only set IDLE and INTVL if setting KEEPALIVE is successful */
+  if(setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE,
+        (void *)&optval, sizeof(optval)) < 0) {
+    infof(data, "Failed to set SO_KEEPALIVE on fd %d\n", sockfd);
+  }
+  else {
+#if defined(SIO_KEEPALIVE_VALS)
+    struct tcp_keepalive vals;
+    DWORD dummy;
+    vals.onoff = 1;
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
+    vals.keepalivetime = optval;
+    optval = curlx_sltosi(data->set.tcp_keepintvl);
+    KEEPALIVE_FACTOR(optval);
+    vals.keepaliveinterval = optval;
+    if(WSAIoctl(sockfd, SIO_KEEPALIVE_VALS, (LPVOID) &vals, sizeof(vals),
+                NULL, 0, &dummy, NULL, NULL) != 0) {
+      infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd %d: %d\n",
+            (int)sockfd, WSAGetLastError());
+    }
+#else
+#ifdef TCP_KEEPIDLE
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPIDLE on fd %d\n", sockfd);
+    }
+#endif
+#ifdef TCP_KEEPINTVL
+    optval = curlx_sltosi(data->set.tcp_keepintvl);
+    KEEPALIVE_FACTOR(optval);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPINTVL on fd %d\n", sockfd);
+    }
+#endif
+#ifdef TCP_KEEPALIVE
+    /* Mac OS X style */
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPALIVE on fd %d\n", sockfd);
+    }
+#endif
+#endif
+  }
+}
+
+static CURLcode
+singleipconnect(struct connectdata *conn,
+                const Curl_addrinfo *ai, /* start connecting to this */
+                curl_socket_t *sock);
+
+/*
+ * Curl_timeleft() returns the amount of milliseconds left allowed for the
+ * transfer/connection. If the value is negative, the timeout time has already
+ * elapsed.
+ *
+ * The start time is stored in progress.t_startsingle - as set with
+ * Curl_pgrsTime(..., TIMER_STARTSINGLE);
+ *
+ * If 'nowp' is non-NULL, it points to the current time.
+ * 'duringconnect' is FALSE if not during a connect, as then of course the
+ * connect timeout is not taken into account!
+ *
+ * @unittest: 1303
+ */
+long Curl_timeleft(struct SessionHandle *data,
+                   struct timeval *nowp,
+                   bool duringconnect)
+{
+  int timeout_set = 0;
+  long timeout_ms = duringconnect?DEFAULT_CONNECT_TIMEOUT:0;
+  struct timeval now;
+
+  /* if a timeout is set, use the most restrictive one */
+
+  if(data->set.timeout > 0)
+    timeout_set |= 1;
+  if(duringconnect && (data->set.connecttimeout > 0))
+    timeout_set |= 2;
+
+  switch (timeout_set) {
+  case 1:
+    timeout_ms = data->set.timeout;
+    break;
+  case 2:
+    timeout_ms = data->set.connecttimeout;
+    break;
+  case 3:
+    if(data->set.timeout < data->set.connecttimeout)
+      timeout_ms = data->set.timeout;
+    else
+      timeout_ms = data->set.connecttimeout;
+    break;
+  default:
+    /* use the default */
+    if(!duringconnect)
+      /* if we're not during connect, there's no default timeout so if we're
+         at zero we better just return zero and not make it a negative number
+         by the math below */
+      return 0;
+    break;
+  }
+
+  if(!nowp) {
+    now = Curl_tvnow();
+    nowp = &now;
+  }
+
+  /* subtract elapsed time */
+  if(duringconnect)
+    /* since this most recent connect started */
+    timeout_ms -= Curl_tvdiff(*nowp, data->progress.t_startsingle);
+  else
+    /* since the entire operation started */
+    timeout_ms -= Curl_tvdiff(*nowp, data->progress.t_startop);
+  if(!timeout_ms)
+    /* avoid returning 0 as that means no timeout! */
+    return -1;
+
+  return timeout_ms;
+}
+
+static CURLcode bindlocal(struct connectdata *conn,
+                          curl_socket_t sockfd, int af)
+{
+  struct SessionHandle *data = conn->data;
+
+  struct Curl_sockaddr_storage sa;
+  struct sockaddr *sock = (struct sockaddr *)&sa;  /* bind to this address */
+  curl_socklen_t sizeof_sa = 0; /* size of the data sock points to */
+  struct sockaddr_in *si4 = (struct sockaddr_in *)&sa;
+#ifdef ENABLE_IPV6
+  struct sockaddr_in6 *si6 = (struct sockaddr_in6 *)&sa;
+#endif
+
+  struct Curl_dns_entry *h=NULL;
+  unsigned short port = data->set.localport; /* use this port number, 0 for
+                                                "random" */
+  /* how many port numbers to try to bind to, increasing one at a time */
+  int portnum = data->set.localportrange;
+  const char *dev = data->set.str[STRING_DEVICE];
+  int error;
+  char myhost[256] = "";
+  int done = 0; /* -1 for error, 1 for address found */
+  bool is_interface = FALSE;
+  bool is_host = FALSE;
+  static const char *if_prefix = "if!";
+  static const char *host_prefix = "host!";
+
+  /*************************************************************
+   * Select device to bind socket to
+   *************************************************************/
+  if(!dev && !port)
+    /* no local kind of binding was requested */
+    return CURLE_OK;
+
+  memset(&sa, 0, sizeof(struct Curl_sockaddr_storage));
+
+  if(dev && (strlen(dev)<255) ) {
+    if(strncmp(if_prefix, dev, strlen(if_prefix)) == 0) {
+      dev += strlen(if_prefix);
+      is_interface = TRUE;
+    }
+    else if(strncmp(host_prefix, dev, strlen(host_prefix)) == 0) {
+      dev += strlen(host_prefix);
+      is_host = TRUE;
+    }
+
+    /* interface */
+    if(!is_host) {
+      switch(Curl_if2ip(af, conn->scope, dev, myhost, sizeof(myhost))) {
+        case IF2IP_NOT_FOUND:
+          if(is_interface) {
+            /* Do not fall back to treating it as a host name */
+            failf(data, "Couldn't bind to interface '%s'", dev);
+            return CURLE_INTERFACE_FAILED;
+          }
+          break;
+        case IF2IP_AF_NOT_SUPPORTED:
+          /* Signal the caller to try another address family if available */
+          return CURLE_UNSUPPORTED_PROTOCOL;
+        case IF2IP_FOUND:
+          is_interface = TRUE;
+          /*
+           * We now have the numerical IP address in the 'myhost' buffer
+           */
+          infof(data, "Local Interface %s is ip %s using address family %i\n",
+                dev, myhost, af);
+          done = 1;
+
+#ifdef SO_BINDTODEVICE
+          /* I am not sure any other OSs than Linux that provide this feature,
+           * and at the least I cannot test. --Ben
+           *
+           * This feature allows one to tightly bind the local socket to a
+           * particular interface.  This will force even requests to other
+           * local interfaces to go out the external interface.
+           *
+           *
+           * Only bind to the interface when specified as interface, not just
+           * as a hostname or ip address.
+           */
+          if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
+                        dev, (curl_socklen_t)strlen(dev)+1) != 0) {
+            error = SOCKERRNO;
+            infof(data, "SO_BINDTODEVICE %s failed with errno %d: %s;"
+                  " will do regular bind\n",
+                  dev, error, Curl_strerror(conn, error));
+            /* This is typically "errno 1, error: Operation not permitted" if
+               you're not running as root or another suitable privileged
+               user */
+          }
+#endif
+          break;
+      }
+    }
+    if(!is_interface) {
+      /*
+       * This was not an interface, resolve the name as a host name
+       * or IP number
+       *
+       * Temporarily force name resolution to use only the address type
+       * of the connection. The resolve functions should really be changed
+       * to take a type parameter instead.
+       */
+      long ipver = conn->ip_version;
+      int rc;
+
+      if(af == AF_INET)
+        conn->ip_version = CURL_IPRESOLVE_V4;
+#ifdef ENABLE_IPV6
+      else if(af == AF_INET6)
+        conn->ip_version = CURL_IPRESOLVE_V6;
+#endif
+
+      rc = Curl_resolv(conn, dev, 0, &h);
+      if(rc == CURLRESOLV_PENDING)
+        (void)Curl_resolver_wait_resolv(conn, &h);
+      conn->ip_version = ipver;
+
+      if(h) {
+        /* convert the resolved address, sizeof myhost >= INET_ADDRSTRLEN */
+        Curl_printable_address(h->addr, myhost, sizeof(myhost));
+        infof(data, "Name '%s' family %i resolved to '%s' family %i\n",
+              dev, af, myhost, h->addr->ai_family);
+        Curl_resolv_unlock(data, h);
+        done = 1;
+      }
+      else {
+        /*
+         * provided dev was no interface (or interfaces are not supported
+         * e.g. solaris) no ip address and no domain we fail here
+         */
+        done = -1;
+      }
+    }
+
+    if(done > 0) {
+#ifdef ENABLE_IPV6
+      /* ipv6 address */
+      if(af == AF_INET6) {
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+        char *scope_ptr = strchr(myhost, '%');
+        if(scope_ptr)
+          *(scope_ptr++) = 0;
+#endif
+        if(Curl_inet_pton(AF_INET6, myhost, &si6->sin6_addr) > 0) {
+          si6->sin6_family = AF_INET6;
+          si6->sin6_port = htons(port);
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+          if(scope_ptr)
+            /* The "myhost" string either comes from Curl_if2ip or from
+               Curl_printable_address. The latter returns only numeric scope
+               IDs and the former returns none at all.  So the scope ID, if
+               present, is known to be numeric */
+            si6->sin6_scope_id = atoi(scope_ptr);
+#endif
+        }
+        sizeof_sa = sizeof(struct sockaddr_in6);
+      }
+      else
+#endif
+      /* ipv4 address */
+      if((af == AF_INET) &&
+         (Curl_inet_pton(AF_INET, myhost, &si4->sin_addr) > 0)) {
+        si4->sin_family = AF_INET;
+        si4->sin_port = htons(port);
+        sizeof_sa = sizeof(struct sockaddr_in);
+      }
+    }
+
+    if(done < 1) {
+      failf(data, "Couldn't bind to '%s'", dev);
+      return CURLE_INTERFACE_FAILED;
+    }
+  }
+  else {
+    /* no device was given, prepare sa to match af's needs */
+#ifdef ENABLE_IPV6
+    if(af == AF_INET6) {
+      si6->sin6_family = AF_INET6;
+      si6->sin6_port = htons(port);
+      sizeof_sa = sizeof(struct sockaddr_in6);
+    }
+    else
+#endif
+    if(af == AF_INET) {
+      si4->sin_family = AF_INET;
+      si4->sin_port = htons(port);
+      sizeof_sa = sizeof(struct sockaddr_in);
+    }
+  }
+
+  for(;;) {
+    if(bind(sockfd, sock, sizeof_sa) >= 0) {
+      /* we succeeded to bind */
+      struct Curl_sockaddr_storage add;
+      curl_socklen_t size = sizeof(add);
+      memset(&add, 0, sizeof(struct Curl_sockaddr_storage));
+      if(getsockname(sockfd, (struct sockaddr *) &add, &size) < 0) {
+        data->state.os_errno = error = SOCKERRNO;
+        failf(data, "getsockname() failed with errno %d: %s",
+              error, Curl_strerror(conn, error));
+        return CURLE_INTERFACE_FAILED;
+      }
+      infof(data, "Local port: %hu\n", port);
+      conn->bits.bound = TRUE;
+      return CURLE_OK;
+    }
+
+    if(--portnum > 0) {
+      infof(data, "Bind to local port %hu failed, trying next\n", port);
+      port++; /* try next port */
+      /* We re-use/clobber the port variable here below */
+      if(sock->sa_family == AF_INET)
+        si4->sin_port = ntohs(port);
+#ifdef ENABLE_IPV6
+      else
+        si6->sin6_port = ntohs(port);
+#endif
+    }
+    else
+      break;
+  }
+
+  data->state.os_errno = error = SOCKERRNO;
+  failf(data, "bind failed with errno %d: %s",
+        error, Curl_strerror(conn, error));
+
+  return CURLE_INTERFACE_FAILED;
+}
+
+/*
+ * verifyconnect() returns TRUE if the connect really has happened.
+ */
+static bool verifyconnect(curl_socket_t sockfd, int *error)
+{
+  bool rc = TRUE;
+#ifdef SO_ERROR
+  int err = 0;
+  curl_socklen_t errSize = sizeof(err);
+
+#ifdef WIN32
+  /*
+   * In October 2003 we effectively nullified this function on Windows due to
+   * problems with it using all CPU in multi-threaded cases.
+   *
+   * In May 2004, we bring it back to offer more info back on connect failures.
+   * Gisle Vanem could reproduce the former problems with this function, but
+   * could avoid them by adding this SleepEx() call below:
+   *
+   *    "I don't have Rational Quantify, but the hint from his post was
+   *    ntdll::NtRemoveIoCompletion(). So I'd assume the SleepEx (or maybe
+   *    just Sleep(0) would be enough?) would release whatever
+   *    mutex/critical-section the ntdll call is waiting on.
+   *
+   *    Someone got to verify this on Win-NT 4.0, 2000."
+   */
+
+#ifdef _WIN32_WCE
+  Sleep(0);
+#else
+  SleepEx(0, FALSE);
+#endif
+
+#endif
+
+  if(0 != getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void *)&err, &errSize))
+    err = SOCKERRNO;
+#ifdef _WIN32_WCE
+  /* Old WinCE versions don't support SO_ERROR */
+  if(WSAENOPROTOOPT == err) {
+    SET_SOCKERRNO(0);
+    err = 0;
+  }
+#endif
+#ifdef __minix
+  /* Minix 3.1.x doesn't support getsockopt on UDP sockets */
+  if(EBADIOCTL == err) {
+    SET_SOCKERRNO(0);
+    err = 0;
+  }
+#endif
+  if((0 == err) || (EISCONN == err))
+    /* we are connected, awesome! */
+    rc = TRUE;
+  else
+    /* This wasn't a successful connect */
+    rc = FALSE;
+  if(error)
+    *error = err;
+#else
+  (void)sockfd;
+  if(error)
+    *error = SOCKERRNO;
+#endif
+  return rc;
+}
+
+/* Used within the multi interface. Try next IP address, return TRUE if no
+   more address exists or error */
+static CURLcode trynextip(struct connectdata *conn,
+                          int sockindex,
+                          int tempindex)
+{
+  CURLcode rc = CURLE_COULDNT_CONNECT;
+
+  /* First clean up after the failed socket.
+     Don't close it yet to ensure that the next IP's socket gets a different
+     file descriptor, which can prevent bugs when the curl_multi_socket_action
+     interface is used with certain select() replacements such as kqueue. */
+  curl_socket_t fd_to_close = conn->tempsock[tempindex];
+  conn->tempsock[tempindex] = CURL_SOCKET_BAD;
+
+  if(sockindex == FIRSTSOCKET) {
+    Curl_addrinfo *ai = NULL;
+    int family = AF_UNSPEC;
+
+    if(conn->tempaddr[tempindex]) {
+      /* find next address in the same protocol family */
+      family = conn->tempaddr[tempindex]->ai_family;
+      ai = conn->tempaddr[tempindex]->ai_next;
+    }
+    else if(conn->tempaddr[0]) {
+      /* happy eyeballs - try the other protocol family */
+      int firstfamily = conn->tempaddr[0]->ai_family;
+#ifdef ENABLE_IPV6
+      family = (firstfamily == AF_INET) ? AF_INET6 : AF_INET;
+#else
+      family = firstfamily;
+#endif
+      ai = conn->tempaddr[0]->ai_next;
+    }
+
+    while(ai) {
+      while(ai && ai->ai_family != family)
+        ai = ai->ai_next;
+
+      if(ai) {
+        rc = singleipconnect(conn, ai, &conn->tempsock[tempindex]);
+        if(rc == CURLE_COULDNT_CONNECT) {
+          ai = ai->ai_next;
+          continue;
+        }
+        conn->tempaddr[tempindex] = ai;
+      }
+      break;
+    }
+  }
+
+  if(fd_to_close != CURL_SOCKET_BAD)
+    Curl_closesocket(conn, fd_to_close);
+
+  return rc;
+}
+
+/* Copies connection info into the session handle to make it available
+   when the session handle is no longer associated with a connection. */
+void Curl_persistconninfo(struct connectdata *conn)
+{
+  memcpy(conn->data->info.conn_primary_ip, conn->primary_ip, MAX_IPADR_LEN);
+  memcpy(conn->data->info.conn_local_ip, conn->local_ip, MAX_IPADR_LEN);
+  conn->data->info.conn_primary_port = conn->primary_port;
+  conn->data->info.conn_local_port = conn->local_port;
+}
+
+/* retrieves ip address and port from a sockaddr structure */
+static bool getaddressinfo(struct sockaddr* sa, char* addr,
+                           long* port)
+{
+  unsigned short us_port;
+  struct sockaddr_in* si = NULL;
+#ifdef ENABLE_IPV6
+  struct sockaddr_in6* si6 = NULL;
+#endif
+#if defined(HAVE_SYS_UN_H) && defined(AF_UNIX)
+  struct sockaddr_un* su = NULL;
+#endif
+
+  switch (sa->sa_family) {
+    case AF_INET:
+      si = (struct sockaddr_in*) sa;
+      if(Curl_inet_ntop(sa->sa_family, &si->sin_addr,
+                        addr, MAX_IPADR_LEN)) {
+        us_port = ntohs(si->sin_port);
+        *port = us_port;
+        return TRUE;
+      }
+      break;
+#ifdef ENABLE_IPV6
+    case AF_INET6:
+      si6 = (struct sockaddr_in6*)sa;
+      if(Curl_inet_ntop(sa->sa_family, &si6->sin6_addr,
+                        addr, MAX_IPADR_LEN)) {
+        us_port = ntohs(si6->sin6_port);
+        *port = us_port;
+        return TRUE;
+      }
+      break;
+#endif
+#if defined(HAVE_SYS_UN_H) && defined(AF_UNIX)
+    case AF_UNIX:
+      su = (struct sockaddr_un*)sa;
+      snprintf(addr, MAX_IPADR_LEN, "%s", su->sun_path);
+      *port = 0;
+      return TRUE;
+#endif
+    default:
+      break;
+  }
+
+  addr[0] = '\0';
+  *port = 0;
+
+  return FALSE;
+}
+
+/* retrieves the start/end point information of a socket of an established
+   connection */
+void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
+{
+  int error;
+  curl_socklen_t len;
+  struct Curl_sockaddr_storage ssrem;
+  struct Curl_sockaddr_storage ssloc;
+  struct SessionHandle *data = conn->data;
+
+  if(conn->socktype == SOCK_DGRAM)
+    /* there's no connection! */
+    return;
+
+  if(!conn->bits.reuse) {
+
+    len = sizeof(struct Curl_sockaddr_storage);
+    if(getpeername(sockfd, (struct sockaddr*) &ssrem, &len)) {
+      error = SOCKERRNO;
+      failf(data, "getpeername() failed with errno %d: %s",
+            error, Curl_strerror(conn, error));
+      return;
+    }
+
+    len = sizeof(struct Curl_sockaddr_storage);
+    if(getsockname(sockfd, (struct sockaddr*) &ssloc, &len)) {
+      error = SOCKERRNO;
+      failf(data, "getsockname() failed with errno %d: %s",
+            error, Curl_strerror(conn, error));
+      return;
+    }
+
+    if(!getaddressinfo((struct sockaddr*)&ssrem,
+                        conn->primary_ip, &conn->primary_port)) {
+      error = ERRNO;
+      failf(data, "ssrem inet_ntop() failed with errno %d: %s",
+            error, Curl_strerror(conn, error));
+      return;
+    }
+    memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);
+
+    if(!getaddressinfo((struct sockaddr*)&ssloc,
+                       conn->local_ip, &conn->local_port)) {
+      error = ERRNO;
+      failf(data, "ssloc inet_ntop() failed with errno %d: %s",
+            error, Curl_strerror(conn, error));
+      return;
+    }
+
+  }
+
+  /* persist connection info in session handle */
+  Curl_persistconninfo(conn);
+}
+
+/*
+ * Curl_is_connected() checks if the socket has connected.
+ */
+
+CURLcode Curl_is_connected(struct connectdata *conn,
+                           int sockindex,
+                           bool *connected)
+{
+  struct SessionHandle *data = conn->data;
+  CURLcode code = CURLE_OK;
+  long allow;
+  int error = 0;
+  struct timeval now;
+  int result;
+  int i;
+
+  DEBUGASSERT(sockindex >= FIRSTSOCKET && sockindex <= SECONDARYSOCKET);
+
+  *connected = FALSE; /* a very negative world view is best */
+
+  if(conn->bits.tcpconnect[sockindex]) {
+    /* we are connected already! */
+    *connected = TRUE;
+    return CURLE_OK;
+  }
+
+  now = Curl_tvnow();
+
+  /* figure out how long time we have left to connect */
+  allow = Curl_timeleft(data, &now, TRUE);
+
+  if(allow < 0) {
+    /* time-out, bail out, go home */
+    failf(data, "Connection time-out");
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  for(i=0; i<2; i++) {
+    if(conn->tempsock[i] == CURL_SOCKET_BAD)
+      continue;
+
+#ifdef mpeix
+    /* Call this function once now, and ignore the results. We do this to
+       "clear" the error state on the socket so that we can later read it
+       reliably. This is reported necessary on the MPE/iX operating system. */
+    (void)verifyconnect(conn->tempsock[i], NULL);
+#endif
+
+    /* check socket for connect */
+    result = Curl_socket_ready(CURL_SOCKET_BAD, conn->tempsock[i], 0);
+
+    if(result == 0) { /* no connection yet */
+      if(curlx_tvdiff(now, conn->connecttime) >= conn->timeoutms_per_addr) {
+        infof(data, "After %ldms connect time, move on!\n",
+              conn->timeoutms_per_addr);
+        error = ETIMEDOUT;
+      }
+
+      /* should we try another protocol family? */
+      if(i == 0 && conn->tempaddr[1] == NULL &&
+         curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) {
+        trynextip(conn, sockindex, 1);
+      }
+    }
+    else if(result == CURL_CSELECT_OUT) {
+      if(verifyconnect(conn->tempsock[i], &error)) {
+        /* we are connected with TCP, awesome! */
+        int other = i ^ 1;
+
+        /* use this socket from now on */
+        conn->sock[sockindex] = conn->tempsock[i];
+        conn->ip_addr = conn->tempaddr[i];
+        conn->tempsock[i] = CURL_SOCKET_BAD;
+
+        /* close the other socket, if open */
+        if(conn->tempsock[other] != CURL_SOCKET_BAD) {
+          Curl_closesocket(conn, conn->tempsock[other]);
+          conn->tempsock[other] = CURL_SOCKET_BAD;
+        }
+
+        /* see if we need to do any proxy magic first once we connected */
+        code = Curl_connected_proxy(conn, sockindex);
+        if(code)
+          return code;
+
+        conn->bits.tcpconnect[sockindex] = TRUE;
+
+        *connected = TRUE;
+        if(sockindex == FIRSTSOCKET)
+          Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
+        Curl_updateconninfo(conn, conn->sock[sockindex]);
+        Curl_verboseconnect(conn);
+
+        return CURLE_OK;
+      }
+      else
+        infof(data, "Connection failed\n");
+    }
+    else if(result & CURL_CSELECT_ERR)
+      (void)verifyconnect(conn->tempsock[i], &error);
+
+    /*
+     * The connection failed here, we should attempt to connect to the "next
+     * address" for the given host. But first remember the latest error.
+     */
+    if(error) {
+      char ipaddress[MAX_IPADR_LEN];
+      data->state.os_errno = error;
+      SET_SOCKERRNO(error);
+      if(conn->tempaddr[i]) {
+        Curl_printable_address(conn->tempaddr[i], ipaddress, MAX_IPADR_LEN);
+        infof(data, "connect to %s port %ld failed: %s\n",
+              ipaddress, conn->port, Curl_strerror(conn, error));
+
+        conn->timeoutms_per_addr = conn->tempaddr[i]->ai_next == NULL ?
+                                   allow : allow / 2;
+
+        code = trynextip(conn, sockindex, i);
+      }
+    }
+  }
+
+  if(code) {
+    /* no more addresses to try */
+
+    /* if the first address family runs out of addresses to try before
+       the happy eyeball timeout, go ahead and try the next family now */
+    if(conn->tempaddr[1] == NULL) {
+      int rc;
+      rc = trynextip(conn, sockindex, 1);
+      if(rc == CURLE_OK)
+        return CURLE_OK;
+    }
+
+    failf(data, "Failed to connect to %s port %ld: %s",
+          conn->bits.proxy?conn->proxy.name:conn->host.name,
+          conn->port, Curl_strerror(conn, error));
+  }
+
+  return code;
+}
+
+static void tcpnodelay(struct connectdata *conn,
+                       curl_socket_t sockfd)
+{
+#ifdef TCP_NODELAY
+  struct SessionHandle *data= conn->data;
+  curl_socklen_t onoff = (curl_socklen_t) data->set.tcp_nodelay;
+  int level = IPPROTO_TCP;
+
+#if 0
+  /* The use of getprotobyname() is disabled since it isn't thread-safe on
+     numerous systems. On these getprotobyname_r() should be used instead, but
+     that exists in at least one 4 arg version and one 5 arg version, and
+     since the proto number rarely changes anyway we now just use the hard
+     coded number. The "proper" fix would need a configure check for the
+     correct function much in the same style the gethostbyname_r versions are
+     detected. */
+  struct protoent *pe = getprotobyname("tcp");
+  if(pe)
+    level = pe->p_proto;
+#endif
+
+  if(setsockopt(sockfd, level, TCP_NODELAY, (void *)&onoff,
+                sizeof(onoff)) < 0)
+    infof(data, "Could not set TCP_NODELAY: %s\n",
+          Curl_strerror(conn, SOCKERRNO));
+  else
+    infof(data,"TCP_NODELAY set\n");
+#else
+  (void)conn;
+  (void)sockfd;
+#endif
+}
+
+#ifdef SO_NOSIGPIPE
+/* The preferred method on Mac OS X (10.2 and later) to prevent SIGPIPEs when
+   sending data to a dead peer (instead of relying on the 4th argument to send
+   being MSG_NOSIGNAL). Possibly also existing and in use on other BSD
+   systems? */
+static void nosigpipe(struct connectdata *conn,
+                      curl_socket_t sockfd)
+{
+  struct SessionHandle *data= conn->data;
+  int onoff = 1;
+  if(setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, (void *)&onoff,
+                sizeof(onoff)) < 0)
+    infof(data, "Could not set SO_NOSIGPIPE: %s\n",
+          Curl_strerror(conn, SOCKERRNO));
+}
+#else
+#define nosigpipe(x,y) Curl_nop_stmt
+#endif
+
+#ifdef USE_WINSOCK
+/* When you run a program that uses the Windows Sockets API, you may
+   experience slow performance when you copy data to a TCP server.
+
+   http://support.microsoft.com/kb/823764
+
+   Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
+   Buffer Size
+
+   The problem described in this knowledge-base is applied only to pre-Vista
+   Windows.  Following function trying to detect OS version and skips
+   SO_SNDBUF adjustment for Windows Vista and above.
+*/
+#define DETECT_OS_NONE 0
+#define DETECT_OS_PREVISTA 1
+#define DETECT_OS_VISTA_OR_LATER 2
+
+void Curl_sndbufset(curl_socket_t sockfd)
+{
+  int val = CURL_MAX_WRITE_SIZE + 32;
+  int curval = 0;
+  int curlen = sizeof(curval);
+  DWORD majorVersion = 6;
+
+  static int detectOsState = DETECT_OS_NONE;
+
+  if(detectOsState == DETECT_OS_NONE) {
+#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
+    (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
+    OSVERSIONINFO osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+
+    detectOsState = DETECT_OS_PREVISTA;
+    if(GetVersionEx(&osver)) {
+      if(osver.dwMajorVersion >= majorVersion)
+        detectOsState = DETECT_OS_VISTA_OR_LATER;
+    }
+#else
+    ULONGLONG majorVersionMask;
+    OSVERSIONINFOEX osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+    osver.dwMajorVersion = majorVersion;
+    majorVersionMask = VerSetConditionMask(0, VER_MAJORVERSION,
+                                           VER_GREATER_EQUAL);
+
+    if(VerifyVersionInfo(&osver, VER_MAJORVERSION, majorVersionMask))
+      detectOsState = DETECT_OS_VISTA_OR_LATER;
+    else
+      detectOsState = DETECT_OS_PREVISTA;
+#endif
+  }
+
+  if(detectOsState == DETECT_OS_VISTA_OR_LATER)
+    return;
+
+  if(getsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (char *)&curval, &curlen) == 0)
+    if(curval > val)
+      return;
+
+  setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const char *)&val, sizeof(val));
+}
+#endif
+
+/*
+ * singleipconnect()
+ *
+ * Note that even on connect fail it returns CURLE_OK, but with 'sock' set to
+ * CURL_SOCKET_BAD. Other errors will however return proper errors.
+ *
+ * singleipconnect() connects to the given IP only, and it may return without
+ * having connected.
+ */
+static CURLcode
+singleipconnect(struct connectdata *conn,
+                const Curl_addrinfo *ai,
+                curl_socket_t *sockp)
+{
+  struct Curl_sockaddr_ex addr;
+  int rc;
+  int error = 0;
+  bool isconnected = FALSE;
+  struct SessionHandle *data = conn->data;
+  curl_socket_t sockfd;
+  CURLcode res = CURLE_OK;
+  char ipaddress[MAX_IPADR_LEN];
+  long port;
+
+  *sockp = CURL_SOCKET_BAD;
+
+  res = Curl_socket(conn, ai, &addr, &sockfd);
+  if(res)
+    /* Failed to create the socket, but still return OK since we signal the
+       lack of socket as well. This allows the parent function to keep looping
+       over alternative addresses/socket families etc. */
+    return CURLE_OK;
+
+  /* store remote address and port used in this connection attempt */
+  if(!getaddressinfo((struct sockaddr*)&addr.sa_addr,
+                     ipaddress, &port)) {
+    /* malformed address or bug in inet_ntop, try next address */
+    error = ERRNO;
+    failf(data, "sa_addr inet_ntop() failed with errno %d: %s",
+          error, Curl_strerror(conn, error));
+    Curl_closesocket(conn, sockfd);
+    return CURLE_OK;
+  }
+  infof(data, "  Trying %s...\n", ipaddress);
+
+  if(data->set.tcp_nodelay)
+    tcpnodelay(conn, sockfd);
+
+  nosigpipe(conn, sockfd);
+
+  Curl_sndbufset(sockfd);
+
+  if(data->set.tcp_keepalive)
+    tcpkeepalive(data, sockfd);
+
+  if(data->set.fsockopt) {
+    /* activate callback for setting socket options */
+    error = data->set.fsockopt(data->set.sockopt_client,
+                               sockfd,
+                               CURLSOCKTYPE_IPCXN);
+
+    if(error == CURL_SOCKOPT_ALREADY_CONNECTED)
+      isconnected = TRUE;
+    else if(error) {
+      Curl_closesocket(conn, sockfd); /* close the socket and bail out */
+      return CURLE_ABORTED_BY_CALLBACK;
+    }
+  }
+
+  /* possibly bind the local end to an IP, interface or port */
+  res = bindlocal(conn, sockfd, addr.family);
+  if(res) {
+    Curl_closesocket(conn, sockfd); /* close socket and bail out */
+    if(res == CURLE_UNSUPPORTED_PROTOCOL) {
+      /* The address family is not supported on this interface.
+         We can continue trying addresses */
+      return CURLE_OK;
+    }
+    return res;
+  }
+
+  /* set socket non-blocking */
+  curlx_nonblock(sockfd, TRUE);
+
+  conn->connecttime = Curl_tvnow();
+  if(conn->num_addr > 1)
+    Curl_expire_latest(data, conn->timeoutms_per_addr);
+
+  /* Connect TCP sockets, bind UDP */
+  if(!isconnected && (conn->socktype == SOCK_STREAM)) {
+    rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+    if(-1 == rc)
+      error = SOCKERRNO;
+  }
+  else {
+    *sockp = sockfd;
+    return CURLE_OK;
+  }
+
+#ifdef ENABLE_IPV6
+  conn->bits.ipv6 = (addr.family == AF_INET6)?TRUE:FALSE;
+#endif
+
+  if(-1 == rc) {
+    switch(error) {
+    case EINPROGRESS:
+    case EWOULDBLOCK:
+#if defined(EAGAIN)
+#if (EAGAIN) != (EWOULDBLOCK)
+      /* On some platforms EAGAIN and EWOULDBLOCK are the
+       * same value, and on others they are different, hence
+       * the odd #if
+       */
+    case EAGAIN:
+#endif
+#endif
+      res = CURLE_OK;
+      break;
+
+    default:
+      /* unknown error, fallthrough and try another address! */
+      infof(data, "Immediate connect fail for %s: %s\n",
+            ipaddress, Curl_strerror(conn,error));
+      data->state.os_errno = error;
+
+      /* connect failed */
+      Curl_closesocket(conn, sockfd);
+      res = CURLE_COULDNT_CONNECT;
+    }
+  }
+
+  if(!res)
+    *sockp = sockfd;
+
+  return res;
+}
+
+/*
+ * TCP connect to the given host with timeout, proxy or remote doesn't matter.
+ * There might be more than one IP address to try out. Fill in the passed
+ * pointer with the connected socket.
+ */
+
+CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
+                          const struct Curl_dns_entry *remotehost)
+{
+  struct SessionHandle *data = conn->data;
+  struct timeval before = Curl_tvnow();
+  CURLcode res = CURLE_COULDNT_CONNECT;
+
+  long timeout_ms = Curl_timeleft(data, &before, TRUE);
+
+  if(timeout_ms < 0) {
+    /* a precaution, no need to continue if time already is up */
+    failf(data, "Connection time-out");
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  conn->num_addr = Curl_num_addresses(remotehost->addr);
+  conn->tempaddr[0] = remotehost->addr;
+  conn->tempaddr[1] = NULL;
+  conn->tempsock[0] = CURL_SOCKET_BAD;
+  conn->tempsock[1] = CURL_SOCKET_BAD;
+  Curl_expire(conn->data, HAPPY_EYEBALLS_TIMEOUT);
+
+  /* Max time for the next connection attempt */
+  conn->timeoutms_per_addr =
+    conn->tempaddr[0]->ai_next == NULL ? timeout_ms : timeout_ms / 2;
+
+  /* start connecting to first IP */
+  while(conn->tempaddr[0]) {
+    res = singleipconnect(conn, conn->tempaddr[0], &(conn->tempsock[0]));
+    if(res == CURLE_OK)
+        break;
+    conn->tempaddr[0] = conn->tempaddr[0]->ai_next;
+  }
+
+  if(conn->tempsock[0] == CURL_SOCKET_BAD)
+    return res;
+
+  data->info.numconnects++; /* to track the number of connections made */
+
+  return CURLE_OK;
+}
+
+struct connfind {
+  struct connectdata *tofind;
+  bool found;
+};
+
+static int conn_is_conn(struct connectdata *conn, void *param)
+{
+  struct connfind *f = (struct connfind *)param;
+  if(conn == f->tofind) {
+    f->found = TRUE;
+    return 1;
+  }
+  return 0;
+}
+
+/*
+ * Used to extract socket and connectdata struct for the most recent
+ * transfer on the given SessionHandle.
+ *
+ * The returned socket will be CURL_SOCKET_BAD in case of failure!
+ */
+curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
+                                  struct connectdata **connp)
+{
+  curl_socket_t sockfd;
+
+  DEBUGASSERT(data);
+
+  /* this only works for an easy handle that has been used for
+     curl_easy_perform()! */
+  if(data->state.lastconnect && data->multi_easy) {
+    struct connectdata *c = data->state.lastconnect;
+    struct connfind find;
+    find.tofind = data->state.lastconnect;
+    find.found = FALSE;
+
+    Curl_conncache_foreach(data->multi_easy->conn_cache, &find, conn_is_conn);
+
+    if(!find.found) {
+      data->state.lastconnect = NULL;
+      return CURL_SOCKET_BAD;
+    }
+
+    if(connp)
+      /* only store this if the caller cares for it */
+      *connp = c;
+    sockfd = c->sock[FIRSTSOCKET];
+    /* we have a socket connected, let's determine if the server shut down */
+    /* determine if ssl */
+    if(c->ssl[FIRSTSOCKET].use) {
+      /* use the SSL context */
+      if(!Curl_ssl_check_cxn(c))
+        return CURL_SOCKET_BAD;   /* FIN received */
+    }
+/* Minix 3.1 doesn't support any flags on recv; just assume socket is OK */
+#ifdef MSG_PEEK
+    else {
+      /* use the socket */
+      char buf;
+      if(recv((RECV_TYPE_ARG1)c->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
+              (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
+        return CURL_SOCKET_BAD;   /* FIN received */
+      }
+    }
+#endif
+  }
+  else
+    return CURL_SOCKET_BAD;
+
+  return sockfd;
+}
+
+/*
+ * Close a socket.
+ *
+ * 'conn' can be NULL, beware!
+ */
+int Curl_closesocket(struct connectdata *conn,
+                      curl_socket_t sock)
+{
+  if(conn && conn->fclosesocket) {
+    if((sock == conn->sock[SECONDARYSOCKET]) &&
+       conn->sock_accepted[SECONDARYSOCKET])
+      /* if this socket matches the second socket, and that was created with
+         accept, then we MUST NOT call the callback but clear the accepted
+         status */
+      conn->sock_accepted[SECONDARYSOCKET] = FALSE;
+    else
+      return conn->fclosesocket(conn->closesocket_client, sock);
+  }
+  sclose(sock);
+
+  if(conn)
+    /* tell the multi-socket code about this */
+    Curl_multi_closed(conn, sock);
+
+  return 0;
+}
+
+/*
+ * Create a socket based on info from 'conn' and 'ai'.
+ *
+ * 'addr' should be a pointer to the correct struct to get data back, or NULL.
+ * 'sockfd' must be a pointer to a socket descriptor.
+ *
+ * If the open socket callback is set, used that!
+ *
+ */
+CURLcode Curl_socket(struct connectdata *conn,
+                     const Curl_addrinfo *ai,
+                     struct Curl_sockaddr_ex *addr,
+                     curl_socket_t *sockfd)
+{
+  struct SessionHandle *data = conn->data;
+  struct Curl_sockaddr_ex dummy;
+
+  if(!addr)
+    /* if the caller doesn't want info back, use a local temp copy */
+    addr = &dummy;
+
+  /*
+   * The Curl_sockaddr_ex structure is basically libcurl's external API
+   * curl_sockaddr structure with enough space available to directly hold
+   * any protocol-specific address structures. The variable declared here
+   * will be used to pass / receive data to/from the fopensocket callback
+   * if this has been set, before that, it is initialized from parameters.
+   */
+
+  addr->family = ai->ai_family;
+  addr->socktype = conn->socktype;
+  addr->protocol = conn->socktype==SOCK_DGRAM?IPPROTO_UDP:ai->ai_protocol;
+  addr->addrlen = ai->ai_addrlen;
+
+  if(addr->addrlen > sizeof(struct Curl_sockaddr_storage))
+     addr->addrlen = sizeof(struct Curl_sockaddr_storage);
+  memcpy(&addr->sa_addr, ai->ai_addr, addr->addrlen);
+
+  if(data->set.fopensocket)
+   /*
+    * If the opensocket callback is set, all the destination address
+    * information is passed to the callback. Depending on this information the
+    * callback may opt to abort the connection, this is indicated returning
+    * CURL_SOCKET_BAD; otherwise it will return a not-connected socket. When
+    * the callback returns a valid socket the destination address information
+    * might have been changed and this 'new' address will actually be used
+    * here to connect.
+    */
+    *sockfd = data->set.fopensocket(data->set.opensocket_client,
+                                    CURLSOCKTYPE_IPCXN,
+                                    (struct curl_sockaddr *)addr);
+  else
+    /* opensocket callback not set, so simply create the socket now */
+    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+
+  if(*sockfd == CURL_SOCKET_BAD)
+    /* no socket, no connection */
+    return CURLE_COULDNT_CONNECT;
+
+#if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
+  if(conn->scope && (addr->family == AF_INET6)) {
+    struct sockaddr_in6 * const sa6 = (void *)&addr->sa_addr;
+    sa6->sin6_scope_id = conn->scope;
+  }
+#endif
+
+  return CURLE_OK;
+
+}
+
+#ifdef CURLDEBUG
+/*
+ * Curl_conncontrol() is used to set the conn->bits.close bit on or off. It
+ * MUST be called with the connclose() or connclose() macros with a stated
+ * reason. The reason is only shown in debug builds but helps to figure out
+ * decision paths when connections are or aren't re-used as expected.
+ */
+void Curl_conncontrol(struct connectdata *conn, bool closeit,
+                      const char *reason)
+{
+  infof(conn->data, "Marked for [%s]: %s\n", closeit?"closure":"keep alive",
+        reason);
+  conn->bits.close = closeit; /* the only place in the source code that should
+                                 assign this bit */
+}
+#endif
diff --git a/Utilities/cmcurl/lib/connect.h b/Utilities/cmcurl/lib/connect.h
new file mode 100644
index 0000000..7bc391b
--- /dev/null
+++ b/Utilities/cmcurl/lib/connect.h
@@ -0,0 +1,122 @@
+#ifndef HEADER_CURL_CONNECT_H
+#define HEADER_CURL_CONNECT_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#include "nonblock.h" /* for curlx_nonblock(), formerly Curl_nonblock() */
+#include "sockaddr.h"
+
+CURLcode Curl_is_connected(struct connectdata *conn,
+                           int sockindex,
+                           bool *connected);
+
+CURLcode Curl_connecthost(struct connectdata *conn,
+                          const struct Curl_dns_entry *host);
+
+/* generic function that returns how much time there's left to run, according
+   to the timeouts set */
+long Curl_timeleft(struct SessionHandle *data,
+                   struct timeval *nowp,
+                   bool duringconnect);
+
+#define DEFAULT_CONNECT_TIMEOUT 300000 /* milliseconds == five minutes */
+#define HAPPY_EYEBALLS_TIMEOUT     200 /* milliseconds to wait between
+                                          ipv4/ipv6 connection attempts */
+
+/*
+ * Used to extract socket and connectdata struct for the most recent
+ * transfer on the given SessionHandle.
+ *
+ * The returned socket will be CURL_SOCKET_BAD in case of failure!
+ */
+curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
+                                  struct connectdata **connp);
+
+#ifdef USE_WINSOCK
+/* When you run a program that uses the Windows Sockets API, you may
+   experience slow performance when you copy data to a TCP server.
+
+   http://support.microsoft.com/kb/823764
+
+   Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
+   Buffer Size
+
+*/
+void Curl_sndbufset(curl_socket_t sockfd);
+#else
+#define Curl_sndbufset(y) Curl_nop_stmt
+#endif
+
+void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd);
+void Curl_persistconninfo(struct connectdata *conn);
+int Curl_closesocket(struct connectdata *conn, curl_socket_t sock);
+
+/*
+ * The Curl_sockaddr_ex structure is basically libcurl's external API
+ * curl_sockaddr structure with enough space available to directly hold any
+ * protocol-specific address structures. The variable declared here will be
+ * used to pass / receive data to/from the fopensocket callback if this has
+ * been set, before that, it is initialized from parameters.
+ */
+struct Curl_sockaddr_ex {
+  int family;
+  int socktype;
+  int protocol;
+  unsigned int addrlen;
+  union {
+    struct sockaddr addr;
+    struct Curl_sockaddr_storage buff;
+  } _sa_ex_u;
+};
+#define sa_addr _sa_ex_u.addr
+
+/*
+ * Create a socket based on info from 'conn' and 'ai'.
+ *
+ * Fill in 'addr' and 'sockfd' accordingly if OK is returned. If the open
+ * socket callback is set, used that!
+ *
+ */
+CURLcode Curl_socket(struct connectdata *conn,
+                     const Curl_addrinfo *ai,
+                     struct Curl_sockaddr_ex *addr,
+                     curl_socket_t *sockfd);
+
+#ifdef CURLDEBUG
+/*
+ * Curl_connclose() sets the bit.close bit to TRUE with an explanation.
+ * Nothing else.
+ */
+void Curl_conncontrol(struct connectdata *conn,
+                      bool closeit,
+                      const char *reason);
+#define connclose(x,y) Curl_conncontrol(x,TRUE, y)
+#define connkeep(x,y) Curl_conncontrol(x, FALSE, y)
+#else /* if !CURLDEBUG */
+
+#define connclose(x,y) (x)->bits.close = TRUE
+#define connkeep(x,y) (x)->bits.close = FALSE
+
+#endif
+
+#endif /* HEADER_CURL_CONNECT_H */
diff --git a/Utilities/cmcurl/content_encoding.c b/Utilities/cmcurl/lib/content_encoding.c
index 97f8341..c68e6e5 100644
--- a/Utilities/cmcurl/content_encoding.c
+++ b/Utilities/cmcurl/lib/content_encoding.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,21 +18,17 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
 #ifdef HAVE_LIBZ
 
-#include <stdlib.h>
-#include <string.h>
-
 #include "urldata.h"
 #include <curl/curl.h>
 #include "sendf.h"
 #include "content_encoding.h"
-#include "memory.h"
+#include "curl_memory.h"
 
 #include "memdebug.h"
 
@@ -40,7 +36,7 @@
    (doing so will reduce code size slightly). */
 #define OLD_ZLIB_SUPPORT 1
 
-#define DSIZ 0x10000             /* buffer size for decompressed data */
+#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
 
 #define GZIP_MAGIC_0 0x1f
 #define GZIP_MAGIC_1 0x8b
@@ -53,19 +49,26 @@
 #define COMMENT      0x10 /* bit 4 set: file comment present */
 #define RESERVED     0xE0 /* bits 5..7: reserved */
 
-enum zlibState {
-  ZLIB_UNINIT,          /* uninitialized */
-  ZLIB_INIT,            /* initialized */
-  ZLIB_GZIP_HEADER,     /* reading gzip header */
-  ZLIB_GZIP_INFLATING,  /* inflating gzip stream */
-  ZLIB_INIT_GZIP        /* initialized in transparent gzip mode */
-};
+static voidpf
+zalloc_cb(voidpf opaque, unsigned int items, unsigned int size)
+{
+  (void) opaque;
+  /* not a typo, keep it calloc() */
+  return (voidpf) calloc(items, size);
+}
+
+static void
+zfree_cb(voidpf opaque, voidpf ptr)
+{
+  (void) opaque;
+  free(ptr);
+}
 
 static CURLcode
 process_zlib_error(struct connectdata *conn, z_stream *z)
 {
   struct SessionHandle *data = conn->data;
-  if (z->msg)
+  if(z->msg)
     failf (data, "Error while processing content unencoding: %s",
            z->msg);
   else
@@ -76,7 +79,7 @@ process_zlib_error(struct connectdata *conn, z_stream *z)
 }
 
 static CURLcode
-exit_zlib(z_stream *z, bool *zlib_init, CURLcode result)
+exit_zlib(z_stream *z, zlibInitState *zlib_init, CURLcode result)
 {
   inflateEnd(z);
   *zlib_init = ZLIB_UNINIT;
@@ -85,7 +88,7 @@ exit_zlib(z_stream *z, bool *zlib_init, CURLcode result)
 
 static CURLcode
 inflate_stream(struct connectdata *conn,
-               struct Curl_transfer_keeper *k)
+               struct SingleRequest *k)
 {
   int allow_restart = 1;
   z_stream *z = &k->z;          /* zlib state structure */
@@ -97,53 +100,56 @@ inflate_stream(struct connectdata *conn,
 
   /* Dynamically allocate a buffer for decompression because it's uncommonly
      large to hold on the stack */
-  decomp = (char*)malloc(DSIZ);
-  if (decomp == NULL) {
+  decomp = malloc(DSIZ);
+  if(decomp == NULL) {
     return exit_zlib(z, &k->zlib_init, CURLE_OUT_OF_MEMORY);
   }
 
   /* because the buffer size is fixed, iteratively decompress and transfer to
      the client via client_write. */
-  for (;;) {
+  for(;;) {
     /* (re)set buffer for decompressed output for every iteration */
     z->next_out = (Bytef *)decomp;
     z->avail_out = DSIZ;
 
     status = inflate(z, Z_SYNC_FLUSH);
-    if (status == Z_OK || status == Z_STREAM_END) {
+    if(status == Z_OK || status == Z_STREAM_END) {
       allow_restart = 0;
-      if(DSIZ - z->avail_out) {
+      if((DSIZ - z->avail_out) && (!k->ignorebody)) {
         result = Curl_client_write(conn, CLIENTWRITE_BODY, decomp,
                                    DSIZ - z->avail_out);
         /* if !CURLE_OK, clean up, return */
-        if (result) {
+        if(result) {
           free(decomp);
           return exit_zlib(z, &k->zlib_init, result);
         }
       }
 
       /* Done? clean up, return */
-      if (status == Z_STREAM_END) {
+      if(status == Z_STREAM_END) {
         free(decomp);
-        if (inflateEnd(z) == Z_OK)
+        if(inflateEnd(z) == Z_OK)
           return exit_zlib(z, &k->zlib_init, result);
         else
           return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z));
       }
 
       /* Done with these bytes, exit */
-      if (status == Z_OK && z->avail_in == 0) {
+
+      /* status is always Z_OK at this point! */
+      if(z->avail_in == 0) {
         free(decomp);
         return result;
       }
     }
-    else if (allow_restart && status == Z_DATA_ERROR) {
+    else if(allow_restart && status == Z_DATA_ERROR) {
       /* some servers seem to not generate zlib headers, so this is an attempt
          to fix and continue anyway */
 
-      inflateReset(z);
-      if (inflateInit2(z, -MAX_WBITS) != Z_OK) {
-        return process_zlib_error(conn, z);
+      (void) inflateEnd(z);     /* don't care about the return code */
+      if(inflateInit2(z, -MAX_WBITS) != Z_OK) {
+        free(decomp);
+        return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z));
       }
       z->next_in = orig_in;
       z->avail_in = nread;
@@ -160,19 +166,18 @@ inflate_stream(struct connectdata *conn,
 
 CURLcode
 Curl_unencode_deflate_write(struct connectdata *conn,
-                            struct Curl_transfer_keeper *k,
+                            struct SingleRequest *k,
                             ssize_t nread)
 {
   z_stream *z = &k->z;          /* zlib state structure */
 
   /* Initialize zlib? */
-  if (k->zlib_init == ZLIB_UNINIT) {
-    z->zalloc = (alloc_func)Z_NULL;
-    z->zfree = (free_func)Z_NULL;
-    z->opaque = 0;
-    z->next_in = NULL;
-    z->avail_in = 0;
-    if (inflateInit(z) != Z_OK)
+  if(k->zlib_init == ZLIB_UNINIT) {
+    memset(z, 0, sizeof(z_stream));
+    z->zalloc = (alloc_func)zalloc_cb;
+    z->zfree = (free_func)zfree_cb;
+
+    if(inflateInit(z) != Z_OK)
       return process_zlib_error(conn, z);
     k->zlib_init = ZLIB_INIT;
   }
@@ -197,16 +202,16 @@ static enum {
   const ssize_t totallen = len;
 
   /* The shortest header is 10 bytes */
-  if (len < 10)
+  if(len < 10)
     return GZIP_UNDERFLOW;
 
-  if ((data[0] != GZIP_MAGIC_0) || (data[1] != GZIP_MAGIC_1))
+  if((data[0] != GZIP_MAGIC_0) || (data[1] != GZIP_MAGIC_1))
     return GZIP_BAD;
 
   method = data[2];
   flags = data[3];
 
-  if (method != Z_DEFLATED || (flags & RESERVED) != 0) {
+  if(method != Z_DEFLATED || (flags & RESERVED) != 0) {
     /* Can't handle this compression method or unknown flag */
     return GZIP_BAD;
   }
@@ -215,28 +220,28 @@ static enum {
   len -= 10;
   data += 10;
 
-  if (flags & EXTRA_FIELD) {
+  if(flags & EXTRA_FIELD) {
     ssize_t extra_len;
 
-    if (len < 2)
+    if(len < 2)
       return GZIP_UNDERFLOW;
 
     extra_len = (data[1] << 8) | data[0];
 
-    if (len < (extra_len+2))
+    if(len < (extra_len+2))
       return GZIP_UNDERFLOW;
 
     len -= (extra_len + 2);
     data += (extra_len + 2);
   }
 
-  if (flags & ORIG_NAME) {
+  if(flags & ORIG_NAME) {
     /* Skip over NUL-terminated file name */
-    while (len && *data) {
+    while(len && *data) {
       --len;
       ++data;
     }
-    if (!len || *data)
+    if(!len || *data)
       return GZIP_UNDERFLOW;
 
     /* Skip over the NUL */
@@ -244,26 +249,24 @@ static enum {
     ++data;
   }
 
-  if (flags & COMMENT) {
+  if(flags & COMMENT) {
     /* Skip over NUL-terminated comment */
-    while (len && *data) {
+    while(len && *data) {
       --len;
       ++data;
     }
-    if (!len || *data)
+    if(!len || *data)
       return GZIP_UNDERFLOW;
 
     /* Skip over the NUL */
     --len;
-    ++data;
   }
 
-  if (flags & HEAD_CRC) {
-    if (len < 2)
+  if(flags & HEAD_CRC) {
+    if(len < 2)
       return GZIP_UNDERFLOW;
 
     len -= 2;
-    data += 2;
   }
 
   *headerlen = totallen - len;
@@ -273,41 +276,39 @@ static enum {
 
 CURLcode
 Curl_unencode_gzip_write(struct connectdata *conn,
-                         struct Curl_transfer_keeper *k,
+                         struct SingleRequest *k,
                          ssize_t nread)
 {
   z_stream *z = &k->z;          /* zlib state structure */
 
   /* Initialize zlib? */
-  if (k->zlib_init == ZLIB_UNINIT) {
-    z->zalloc = (alloc_func)Z_NULL;
-    z->zfree = (free_func)Z_NULL;
-    z->opaque = 0;
-    z->next_in = NULL;
-    z->avail_in = 0;
-
-    if (strcmp(zlibVersion(), "1.2.0.4") >= 0) {
-        /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */
-        if (inflateInit2(z, MAX_WBITS+32) != Z_OK) {
-          return process_zlib_error(conn, z);
-        }
-        k->zlib_init = ZLIB_INIT_GZIP; /* Transparent gzip decompress state */
-
-    } else {
-        /* we must parse the gzip header ourselves */
-        if (inflateInit2(z, -MAX_WBITS) != Z_OK) {
-          return process_zlib_error(conn, z);
-        }
-        k->zlib_init = ZLIB_INIT;   /* Initial call state */
+  if(k->zlib_init == ZLIB_UNINIT) {
+    memset(z, 0, sizeof(z_stream));
+    z->zalloc = (alloc_func)zalloc_cb;
+    z->zfree = (free_func)zfree_cb;
+
+    if(strcmp(zlibVersion(), "1.2.0.4") >= 0) {
+      /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */
+      if(inflateInit2(z, MAX_WBITS+32) != Z_OK) {
+        return process_zlib_error(conn, z);
+      }
+      k->zlib_init = ZLIB_INIT_GZIP; /* Transparent gzip decompress state */
+    }
+    else {
+      /* we must parse the gzip header ourselves */
+      if(inflateInit2(z, -MAX_WBITS) != Z_OK) {
+        return process_zlib_error(conn, z);
+      }
+      k->zlib_init = ZLIB_INIT;   /* Initial call state */
     }
   }
 
-  if (k->zlib_init == ZLIB_INIT_GZIP) {
-     /* Let zlib handle the gzip decompression entirely */
-     z->next_in = (Bytef *)k->str;
-     z->avail_in = (uInt)nread;
-     /* Now uncompress the data */
-     return inflate_stream(conn, k);
+  if(k->zlib_init == ZLIB_INIT_GZIP) {
+    /* Let zlib handle the gzip decompression entirely */
+    z->next_in = (Bytef *)k->str;
+    z->avail_in = (uInt)nread;
+    /* Now uncompress the data */
+    return inflate_stream(conn, k);
   }
 
 #ifndef OLD_ZLIB_SUPPORT
@@ -350,7 +351,7 @@ Curl_unencode_gzip_write(struct connectdata *conn,
        */
       z->avail_in = (uInt)nread;
       z->next_in = malloc(z->avail_in);
-      if (z->next_in == NULL) {
+      if(z->next_in == NULL) {
         return exit_zlib(z, &k->zlib_init, CURLE_OUT_OF_MEMORY);
       }
       memcpy(z->next_in, k->str, z->avail_in);
@@ -372,9 +373,9 @@ Curl_unencode_gzip_write(struct connectdata *conn,
     ssize_t hlen;
     unsigned char *oldblock = z->next_in;
 
-    z->avail_in += nread;
+    z->avail_in += (uInt)nread;
     z->next_in = realloc(z->next_in, z->avail_in);
-    if (z->next_in == NULL) {
+    if(z->next_in == NULL) {
       free(oldblock);
       return exit_zlib(z, &k->zlib_init, CURLE_OUT_OF_MEMORY);
     }
@@ -412,7 +413,7 @@ Curl_unencode_gzip_write(struct connectdata *conn,
     break;
   }
 
-  if (z->avail_in == 0) {
+  if(z->avail_in == 0) {
     /* We don't have any data to inflate; wait until next time */
     return CURLE_OK;
   }
@@ -421,4 +422,14 @@ Curl_unencode_gzip_write(struct connectdata *conn,
   return inflate_stream(conn, k);
 #endif
 }
+
+void Curl_unencode_cleanup(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  struct SingleRequest *k = &data->req;
+  z_stream *z = &k->z;
+  if(k->zlib_init != ZLIB_UNINIT)
+    (void) exit_zlib(z, &k->zlib_init, CURLE_OK);
+}
+
 #endif /* HAVE_LIBZ */
diff --git a/Utilities/cmcurl/content_encoding.h b/Utilities/cmcurl/lib/content_encoding.h
index b31669b..501f6c8 100644
--- a/Utilities/cmcurl/content_encoding.h
+++ b/Utilities/cmcurl/lib/content_encoding.h
@@ -1,3 +1,5 @@
+#ifndef HEADER_CURL_CONTENT_ENCODING_H
+#define HEADER_CURL_CONTENT_ENCODING_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -5,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,24 +20,29 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-#include "setup.h"
+#include "curl_setup.h"
 
 /*
  * Comma-separated list all supported Content-Encodings ('identity' is implied)
  */
 #ifdef HAVE_LIBZ
 #define ALL_CONTENT_ENCODINGS "deflate, gzip"
+/* force a cleanup */
+void Curl_unencode_cleanup(struct connectdata *conn);
 #else
 #define ALL_CONTENT_ENCODINGS "identity"
+#define Curl_unencode_cleanup(x) Curl_nop_stmt
 #endif
 
 CURLcode Curl_unencode_deflate_write(struct connectdata *conn,
-                                     struct Curl_transfer_keeper *k,
+                                     struct SingleRequest *req,
                                      ssize_t nread);
 
 CURLcode
 Curl_unencode_gzip_write(struct connectdata *conn,
-                         struct Curl_transfer_keeper *k,
+                         struct SingleRequest *k,
                          ssize_t nread);
+
+
+#endif /* HEADER_CURL_CONTENT_ENCODING_H */
diff --git a/Utilities/cmcurl/cookie.c b/Utilities/cmcurl/lib/cookie.c
index d8ea241..375485f 100644
--- a/Utilities/cmcurl/cookie.c
+++ b/Utilities/cmcurl/lib/cookie.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,7 +18,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 /***
@@ -78,14 +77,11 @@ Example set of cookies:
 ****/
 
 
-#include "setup.h"
+#include "curl_setup.h"
 
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
 
-#include <stdlib.h>
-#include <string.h>
-
-#define _MPRINTF_REPLACE /* without this on windows OS we get undefined reference to snprintf */
+#define _MPRINTF_REPLACE
 #include <curl/mprintf.h>
 
 #include "urldata.h"
@@ -93,16 +89,16 @@ Example set of cookies:
 #include "strequal.h"
 #include "strtok.h"
 #include "sendf.h"
-#include "memory.h"
+#include "slist.h"
+#include "curl_memory.h"
 #include "share.h"
 #include "strtoofft.h"
+#include "rawstr.h"
+#include "curl_memrchr.h"
+#include "inet_pton.h"
 
 /* The last #include file should be: */
-#ifdef CURLDEBUG
 #include "memdebug.h"
-#endif
-
-#define my_isspace(x) ((x == ' ') || (x == '\t'))
 
 static void freecookie(struct Cookie *co)
 {
@@ -112,6 +108,8 @@ static void freecookie(struct Cookie *co)
     free(co->domain);
   if(co->path)
     free(co->path);
+  if(co->spath)
+    free(co->spath);
   if(co->name)
     free(co->name);
   if(co->value)
@@ -124,15 +122,139 @@ static void freecookie(struct Cookie *co)
   free(co);
 }
 
-static bool tailmatch(const char *little, const char *bigone)
+static bool tailmatch(const char *cooke_domain, const char *hostname)
 {
-  size_t littlelen = strlen(little);
-  size_t biglen = strlen(bigone);
+  size_t cookie_domain_len = strlen(cooke_domain);
+  size_t hostname_len = strlen(hostname);
 
-  if(littlelen > biglen)
+  if(hostname_len < cookie_domain_len)
     return FALSE;
 
-  return (bool)strequal(little, bigone+biglen-littlelen);
+  if(!Curl_raw_equal(cooke_domain, hostname+hostname_len-cookie_domain_len))
+    return FALSE;
+
+  /* A lead char of cookie_domain is not '.'.
+     RFC6265 4.1.2.3. The Domain Attribute says:
+       For example, if the value of the Domain attribute is
+       "example.com", the user agent will include the cookie in the Cookie
+       header when making HTTP requests to example.com, www.example.com, and
+       www.corp.example.com.
+   */
+  if(hostname_len == cookie_domain_len)
+    return TRUE;
+  if('.' == *(hostname + hostname_len - cookie_domain_len - 1))
+    return TRUE;
+  return FALSE;
+}
+
+/*
+ * matching cookie path and url path
+ * RFC6265 5.1.4 Paths and Path-Match
+ */
+static bool pathmatch(const char* cookie_path, const char* request_uri)
+{
+  size_t cookie_path_len;
+  size_t uri_path_len;
+  char* uri_path = NULL;
+  char* pos;
+  bool ret = FALSE;
+
+  /* cookie_path must not have last '/' separator. ex: /sample */
+  cookie_path_len = strlen(cookie_path);
+  if(1 == cookie_path_len) {
+    /* cookie_path must be '/' */
+    return TRUE;
+  }
+
+  uri_path = strdup(request_uri);
+  if(!uri_path)
+    return FALSE;
+  pos = strchr(uri_path, '?');
+  if(pos)
+    *pos = 0x0;
+
+  /* #-fragments are already cut off! */
+  if(0 == strlen(uri_path) || uri_path[0] != '/') {
+    free(uri_path);
+    uri_path = strdup("/");
+    if(!uri_path)
+      return FALSE;
+  }
+
+  /* here, RFC6265 5.1.4 says
+     4. Output the characters of the uri-path from the first character up
+        to, but not including, the right-most %x2F ("/").
+     but URL path /hoge?fuga=xxx means /hoge/index.cgi?fuga=xxx in some site
+     without redirect.
+     Ignore this algorithm because /hoge is uri path for this case
+     (uri path is not /).
+   */
+
+  uri_path_len = strlen(uri_path);
+
+  if(uri_path_len < cookie_path_len) {
+    ret = FALSE;
+    goto pathmatched;
+  }
+
+  /* not using checkprefix() because matching should be case-sensitive */
+  if(strncmp(cookie_path, uri_path, cookie_path_len)) {
+    ret = FALSE;
+    goto pathmatched;
+  }
+
+  /* The cookie-path and the uri-path are identical. */
+  if(cookie_path_len == uri_path_len) {
+    ret = TRUE;
+    goto pathmatched;
+  }
+
+  /* here, cookie_path_len < url_path_len */
+  if(uri_path[cookie_path_len] == '/') {
+    ret = TRUE;
+    goto pathmatched;
+  }
+
+  ret = FALSE;
+
+pathmatched:
+  free(uri_path);
+  return ret;
+}
+
+/*
+ * cookie path sanitize
+ */
+static char *sanitize_cookie_path(const char *cookie_path)
+{
+  size_t len;
+  char *new_path = strdup(cookie_path);
+  if(!new_path)
+    return NULL;
+
+  /* some stupid site sends path attribute with '"'. */
+  if(new_path[0] == '\"') {
+    memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path));
+  }
+  if(new_path[strlen(new_path) - 1] == '\"') {
+    new_path[strlen(new_path) - 1] = 0x0;
+  }
+
+  /* RFC6265 5.2.4 The Path Attribute */
+  if(new_path[0] != '/') {
+    /* Let cookie-path be the default-path. */
+    free(new_path);
+    new_path = strdup("/");
+    return new_path;
+  }
+
+  /* convert /hoge/ to /hoge */
+  len = strlen(new_path);
+  if(1 < len && new_path[len - 1] == '/') {
+    new_path[len - 1] = 0x0;
+  }
+
+  return new_path;
 }
 
 /*
@@ -150,18 +272,85 @@ void Curl_cookie_loadfiles(struct SessionHandle *data)
                                        data->set.cookiesession);
       list = list->next;
     }
-    Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
     curl_slist_free_all(data->change.cookielist); /* clean up list */
     data->change.cookielist = NULL; /* don't do this again! */
+    Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
   }
 }
 
+/*
+ * strstore() makes a strdup() on the 'newstr' and if '*str' is non-NULL
+ * that will be freed before the allocated string is stored there.
+ *
+ * It is meant to easily replace strdup()
+ */
+static void strstore(char **str, const char *newstr)
+{
+  if(*str)
+    free(*str);
+  *str = strdup(newstr);
+}
+
+/*
+ * remove_expired() removes expired cookies.
+ */
+static void remove_expired(struct CookieInfo *cookies)
+{
+  struct Cookie *co, *nx, *pv;
+  curl_off_t now = (curl_off_t)time(NULL);
+
+  co = cookies->cookies;
+  pv = NULL;
+  while(co) {
+    nx = co->next;
+    if((co->expirestr || co->maxage) && co->expires < now) {
+      if(co == cookies->cookies) {
+        cookies->cookies = co->next;
+      }
+      else {
+        pv->next = co->next;
+      }
+      cookies->numcookies--;
+      freecookie(co);
+    }
+    else {
+      pv = co;
+    }
+    co = nx;
+  }
+}
+
+/*
+ * Return true if the given string is an IP(v4|v6) address.
+ */
+static bool isip(const char *domain)
+{
+  struct in_addr addr;
+#ifdef ENABLE_IPV6
+  struct in6_addr addr6;
+#endif
+
+  if(Curl_inet_pton(AF_INET, domain, &addr)
+#ifdef ENABLE_IPV6
+     || Curl_inet_pton(AF_INET6, domain, &addr6)
+#endif
+    ) {
+    /* domain name given as IP address */
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
 /****************************************************************************
  *
  * Curl_cookie_add()
  *
  * Add a single cookie line to the cookie keeping object.
  *
+ * Be aware that sometimes we get an IP-only host name, and that might also be
+ * a numerical IPv6 address.
+ *
  ***************************************************************************/
 
 struct Cookie *
@@ -173,30 +362,33 @@ Curl_cookie_add(struct SessionHandle *data,
                 struct CookieInfo *c,
                 bool httpheader, /* TRUE if HTTP header-style line */
                 char *lineptr,   /* first character of the line */
-                char *domain,    /* default domain */
-                char *path)      /* full path used when this cookie is set,
-                                    used to get default path for the cookie
-                                    unless set */
+                const char *domain, /* default domain */
+                const char *path)   /* full path used when this cookie is set,
+                                       used to get default path for the cookie
+                                       unless set */
 {
   struct Cookie *clist;
-  char *what;
   char name[MAX_NAME];
-  char *ptr;
-  char *semiptr;
   struct Cookie *co;
   struct Cookie *lastc=NULL;
   time_t now = time(NULL);
   bool replace_old = FALSE;
   bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */
 
+#ifdef CURL_DISABLE_VERBOSE_STRINGS
+  (void)data;
+#endif
+
   /* First, alloc and init a new struct for it */
-  co = (struct Cookie *)calloc(sizeof(struct Cookie), 1);
+  co = calloc(1, sizeof(struct Cookie));
   if(!co)
     return NULL; /* bail out if we're this low on memory */
 
   if(httpheader) {
     /* This line was read off a HTTP-header */
-    char *sep;
+    const char *ptr;
+    const char *semiptr;
+    char *what;
 
     what = malloc(MAX_COOKIE_LINE);
     if(!what) {
@@ -206,171 +398,153 @@ Curl_cookie_add(struct SessionHandle *data,
 
     semiptr=strchr(lineptr, ';'); /* first, find a semicolon */
 
-    while(*lineptr && my_isspace(*lineptr))
+    while(*lineptr && ISBLANK(*lineptr))
       lineptr++;
 
     ptr = lineptr;
     do {
-      /* we have a <what>=<this> pair or a 'secure' word here */
-      sep = strchr(ptr, '=');
-      if(sep && (!semiptr || (semiptr>sep)) ) {
-        /*
-         * There is a = sign and if there was a semicolon too, which make sure
-         * that the semicolon comes _after_ the equal sign.
-         */
-
-        name[0]=what[0]=0; /* init the buffers */
-        if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;=]=%"
-                       MAX_COOKIE_LINE_TXT "[^;\r\n]",
-                       name, what)) {
-          /* this is a <name>=<what> pair */
-
-          char *whatptr;
-
-          /* Strip off trailing whitespace from the 'what' */
-          size_t len=strlen(what);
-          while(len && my_isspace(what[len-1])) {
-            what[len-1]=0;
-            len--;
-          }
+      /* we have a <what>=<this> pair or a stand-alone word here */
+      name[0]=what[0]=0; /* init the buffers */
+      if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%"
+                     MAX_COOKIE_LINE_TXT "[^;\r\n]",
+                     name, what)) {
+        /* Use strstore() below to properly deal with received cookie
+           headers that have the same string property set more than once,
+           and then we use the last one. */
+        const char *whatptr;
+        bool done = FALSE;
+        bool sep;
+        size_t len=strlen(what);
+        const char *endofn = &ptr[ strlen(name) ];
+
+        /* skip trailing spaces in name */
+        while(*endofn && ISBLANK(*endofn))
+          endofn++;
+
+        /* name ends with a '=' ? */
+        sep = (*endofn == '=')?TRUE:FALSE;
+
+        /* Strip off trailing whitespace from the 'what' */
+        while(len && ISBLANK(what[len-1])) {
+          what[len-1]=0;
+          len--;
+        }
 
-          /* Skip leading whitespace from the 'what' */
-          whatptr=what;
-          while(my_isspace(*whatptr)) {
-            whatptr++;
-          }
+        /* Skip leading whitespace from the 'what' */
+        whatptr=what;
+        while(*whatptr && ISBLANK(*whatptr))
+          whatptr++;
 
-          if(strequal("path", name)) {
-            co->path=strdup(whatptr);
-            if(!co->path) {
-              badcookie = TRUE; /* out of memory bad */
-              break;
-            }
+        if(!len) {
+          /* this was a "<name>=" with no content, and we must allow
+             'secure' and 'httponly' specified this weirdly */
+          done = TRUE;
+          if(Curl_raw_equal("secure", name))
+            co->secure = TRUE;
+          else if(Curl_raw_equal("httponly", name))
+            co->httponly = TRUE;
+          else if(sep)
+            /* there was a '=' so we're not done parsing this field */
+            done = FALSE;
+        }
+        if(done)
+          ;
+        else if(Curl_raw_equal("path", name)) {
+          strstore(&co->path, whatptr);
+          if(!co->path) {
+            badcookie = TRUE; /* out of memory bad */
+            break;
           }
-          else if(strequal("domain", name)) {
-            /* note that this name may or may not have a preceeding dot, but
-               we don't care about that, we treat the names the same anyway */
-
-            const char *domptr=whatptr;
-            int dotcount=1;
-
-            /* Count the dots, we need to make sure that there are enough
-               of them. */
-
-            if('.' == whatptr[0])
-              /* don't count the initial dot, assume it */
-              domptr++;
-
-            do {
-              domptr = strchr(domptr, '.');
-              if(domptr) {
-                domptr++;
-                dotcount++;
-              }
-            } while(domptr);
-
-            /* The original Netscape cookie spec defined that this domain name
-               MUST have three dots (or two if one of the seven holy TLDs),
-               but it seems that these kinds of cookies are in use "out there"
-               so we cannot be that strict. I've therefore lowered the check
-               to not allow less than two dots. */
-
-            if(dotcount < 2) {
-              /* Received and skipped a cookie with a domain using too few
-                 dots. */
-              badcookie=TRUE; /* mark this as a bad cookie */
-              infof(data, "skipped cookie with illegal dotcount domain: %s\n",
-                    whatptr);
-            }
-            else {
-              /* Now, we make sure that our host is within the given domain,
-                 or the given domain is not valid and thus cannot be set. */
-
-              if('.' == whatptr[0])
-                whatptr++; /* ignore preceeding dot */
-
-              if(!domain || tailmatch(whatptr, domain)) {
-                const char *tailptr=whatptr;
-                if(tailptr[0] == '.')
-                  tailptr++;
-                co->domain=strdup(tailptr); /* don't prefix w/dots
-                                               internally */
-                if(!co->domain) {
-                  badcookie = TRUE;
-                  break;
-                }
-                co->tailmatch=TRUE; /* we always do that if the domain name was
-                                       given */
-              }
-              else {
-                /* we did not get a tailmatch and then the attempted set domain
-                   is not a domain to which the current host belongs. Mark as
-                   bad. */
-                badcookie=TRUE;
-                infof(data, "skipped cookie with bad tailmatch domain: %s\n",
-                      whatptr);
-              }
-            }
+          co->spath = sanitize_cookie_path(co->path);
+          if(!co->spath) {
+            badcookie = TRUE; /* out of memory bad */
+            break;
           }
-          else if(strequal("version", name)) {
-            co->version=strdup(whatptr);
-            if(!co->version) {
+        }
+        else if(Curl_raw_equal("domain", name)) {
+          bool is_ip;
+          const char *dotp;
+
+          /* Now, we make sure that our host is within the given domain,
+             or the given domain is not valid and thus cannot be set. */
+
+          if('.' == whatptr[0])
+            whatptr++; /* ignore preceding dot */
+
+          is_ip = isip(domain ? domain : whatptr);
+
+          /* check for more dots */
+          dotp = strchr(whatptr, '.');
+          if(!dotp)
+            domain=":";
+
+          if(!domain
+             || (is_ip && !strcmp(whatptr, domain))
+             || (!is_ip && tailmatch(whatptr, domain))) {
+            strstore(&co->domain, whatptr);
+            if(!co->domain) {
               badcookie = TRUE;
               break;
             }
+            if(!is_ip)
+              co->tailmatch=TRUE; /* we always do that if the domain name was
+                                     given */
           }
-          else if(strequal("max-age", name)) {
-            /* Defined in RFC2109:
-
-               Optional.  The Max-Age attribute defines the lifetime of the
-               cookie, in seconds.  The delta-seconds value is a decimal non-
-               negative integer.  After delta-seconds seconds elapse, the
-               client should discard the cookie.  A value of zero means the
-               cookie should be discarded immediately.
-
-             */
-            co->maxage = strdup(whatptr);
-            if(!co->maxage) {
-              badcookie = TRUE;
-              break;
-            }
-            co->expires =
-              atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + (long)now;
+          else {
+            /* we did not get a tailmatch and then the attempted set domain
+               is not a domain to which the current host belongs. Mark as
+               bad. */
+            badcookie=TRUE;
+            infof(data, "skipped cookie with bad tailmatch domain: %s\n",
+                  whatptr);
           }
-          else if(strequal("expires", name)) {
-            co->expirestr=strdup(whatptr);
-            if(!co->expirestr) {
-              badcookie = TRUE;
-              break;
-            }
-            co->expires = curl_getdate(what, &now);
+        }
+        else if(Curl_raw_equal("version", name)) {
+          strstore(&co->version, whatptr);
+          if(!co->version) {
+            badcookie = TRUE;
+            break;
           }
-          else if(!co->name) {
-            co->name = strdup(name);
-            co->value = strdup(whatptr);
-            if(!co->name || !co->value) {
-              badcookie = TRUE;
-              break;
-            }
+        }
+        else if(Curl_raw_equal("max-age", name)) {
+          /* Defined in RFC2109:
+
+             Optional.  The Max-Age attribute defines the lifetime of the
+             cookie, in seconds.  The delta-seconds value is a decimal non-
+             negative integer.  After delta-seconds seconds elapse, the
+             client should discard the cookie.  A value of zero means the
+             cookie should be discarded immediately.
+
+          */
+          strstore(&co->maxage, whatptr);
+          if(!co->maxage) {
+            badcookie = TRUE;
+            break;
           }
-          /*
-            else this is the second (or more) name we don't know
-            about! */
         }
-        else {
-          /* this is an "illegal" <what>=<this> pair */
+        else if(Curl_raw_equal("expires", name)) {
+          strstore(&co->expirestr, whatptr);
+          if(!co->expirestr) {
+            badcookie = TRUE;
+            break;
+          }
         }
+        else if(!co->name) {
+          co->name = strdup(name);
+          co->value = strdup(whatptr);
+          if(!co->name || !co->value) {
+            badcookie = TRUE;
+            break;
+          }
+        }
+        /*
+          else this is the second (or more) name we don't know
+          about! */
       }
       else {
-        if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^;\r\n]",
-                  what)) {
-          if(strequal("secure", what))
-            co->secure = TRUE;
-          /* else,
-             unsupported keyword without assign! */
-
-        }
+        /* this is an "illegal" <what>=<this> pair */
       }
+
       if(!semiptr || !*semiptr) {
         /* we already know there are no more cookies */
         semiptr = NULL;
@@ -378,7 +552,7 @@ Curl_cookie_add(struct SessionHandle *data,
       }
 
       ptr=semiptr+1;
-      while(ptr && *ptr && my_isspace(*ptr))
+      while(*ptr && ISBLANK(*ptr))
         ptr++;
       semiptr=strchr(ptr, ';'); /* now, find the next semicolon */
 
@@ -388,6 +562,30 @@ Curl_cookie_add(struct SessionHandle *data,
         semiptr=strchr(ptr, '\0');
     } while(semiptr);
 
+    if(co->maxage) {
+      co->expires =
+        curlx_strtoofft((*co->maxage=='\"')?
+                        &co->maxage[1]:&co->maxage[0], NULL, 10);
+      if(CURL_OFF_T_MAX - now < co->expires)
+        /* avoid overflow */
+        co->expires = CURL_OFF_T_MAX;
+      else
+        co->expires += now;
+    }
+    else if(co->expirestr) {
+      /* Note that if the date couldn't get parsed for whatever reason,
+         the cookie will be treated as a session cookie */
+      co->expires = curl_getdate(co->expirestr, NULL);
+
+      /* Session cookies have expires set to 0 so if we get that back
+         from the date parser let's add a second to make it a
+         non-session cookie */
+      if(co->expires == 0)
+        co->expires = 1;
+      else if(co->expires < 0)
+        co->expires = 0;
+    }
+
     if(!badcookie && !co->domain) {
       if(domain) {
         /* no domain was given in the header line, set the default */
@@ -398,14 +596,27 @@ Curl_cookie_add(struct SessionHandle *data,
     }
 
     if(!badcookie && !co->path && path) {
-      /* no path was given in the header line, set the default  */
-      char *endslash = strrchr(path, '/');
+      /* No path was given in the header line, set the default.
+         Note that the passed-in path to this function MAY have a '?' and
+         following part that MUST not be stored as part of the path. */
+      char *queryp = strchr(path, '?');
+
+      /* queryp is where the interesting part of the path ends, so now we
+         want to the find the last */
+      char *endslash;
+      if(!queryp)
+        endslash = strrchr(path, '/');
+      else
+        endslash = memrchr(path, '/', (size_t)(queryp - path));
       if(endslash) {
-        size_t pathlen = endslash-path+1; /* include the ending slash */
+        size_t pathlen = (size_t)(endslash-path+1); /* include ending slash */
         co->path=malloc(pathlen+1); /* one extra for the zero byte */
         if(co->path) {
           memcpy(co->path, path, pathlen);
           co->path[pathlen]=0; /* zero terminate */
+          co->spath = sanitize_cookie_path(co->path);
+          if(!co->spath)
+            badcookie = TRUE; /* out of memory bad */
         }
         else
           badcookie = TRUE;
@@ -425,10 +636,23 @@ Curl_cookie_add(struct SessionHandle *data,
   else {
     /* This line is NOT a HTTP header style line, we do offer support for
        reading the odd netscape cookies-file format here */
+    char *ptr;
     char *firstptr;
-    char *tok_buf;
+    char *tok_buf=NULL;
     int fields;
 
+    /* IE introduced HTTP-only cookies to prevent XSS attacks. Cookies
+       marked with httpOnly after the domain name are not accessible
+       from javascripts, but since curl does not operate at javascript
+       level, we include them anyway. In Firefox's cookie files, these
+       lines are preceded with #HttpOnly_ and then everything is
+       as usual, so we skip 10 characters of the line..
+    */
+    if(strncmp(lineptr, "#HttpOnly_", 10) == 0) {
+      lineptr += 10;
+      co->httponly = TRUE;
+    }
+
     if(lineptr[0]=='#') {
       /* don't even try the comments */
       free(co);
@@ -444,19 +668,13 @@ Curl_cookie_add(struct SessionHandle *data,
 
     firstptr=strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */
 
-    /* Here's a quick check to eliminate normal HTTP-headers from this */
-    if(!firstptr || strchr(firstptr, ':')) {
-      free(co);
-      return NULL;
-    }
-
     /* Now loop through the fields and init the struct we already have
        allocated */
     for(ptr=firstptr, fields=0; ptr && !badcookie;
         ptr=strtok_r(NULL, "\t", &tok_buf), fields++) {
       switch(fields) {
       case 0:
-        if(ptr[0]=='.') /* skip preceeding dots */
+        if(ptr[0]=='.') /* skip preceding dots */
           ptr++;
         co->domain = strdup(ptr);
         if(!co->domain)
@@ -473,27 +691,36 @@ Curl_cookie_add(struct SessionHandle *data,
            As far as I can see, it is set to true when the cookie says
            .domain.com and to false when the domain is complete www.domain.com
         */
-        co->tailmatch=(bool)strequal(ptr, "TRUE"); /* store information */
+        co->tailmatch = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
         break;
       case 2:
         /* It turns out, that sometimes the file format allows the path
            field to remain not filled in, we try to detect this and work
            around it! Andrés García made us aware of this... */
-        if (strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) {
+        if(strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) {
           /* only if the path doesn't look like a boolean option! */
           co->path = strdup(ptr);
           if(!co->path)
             badcookie = TRUE;
+          else {
+            co->spath = sanitize_cookie_path(co->path);
+            if(!co->spath) {
+              badcookie = TRUE; /* out of memory bad */
+            }
+          }
           break;
         }
         /* this doesn't look like a path, make one up! */
         co->path = strdup("/");
         if(!co->path)
           badcookie = TRUE;
+        co->spath = strdup("/");
+        if(!co->spath)
+          badcookie = TRUE;
         fields++; /* add a field and fall down to secure */
         /* FALLTHROUGH */
       case 3:
-        co->secure = (bool)strequal(ptr, "TRUE");
+        co->secure = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
         break;
       case 4:
         co->expires = curlx_strtoofft(ptr, NULL, 10);
@@ -543,14 +770,17 @@ Curl_cookie_add(struct SessionHandle *data,
      superceeds an already existing cookie, which it may if the previous have
      the same domain and path as this */
 
+  /* at first, remove expired cookies */
+  remove_expired(c);
+
   clist = c->cookies;
   replace_old = FALSE;
   while(clist) {
-    if(strequal(clist->name, co->name)) {
+    if(Curl_raw_equal(clist->name, co->name)) {
       /* the names are identical */
 
       if(clist->domain && co->domain) {
-        if(strequal(clist->domain, co->domain))
+        if(Curl_raw_equal(clist->domain, co->domain))
           /* The domains are identical */
           replace_old=TRUE;
       }
@@ -560,14 +790,14 @@ Curl_cookie_add(struct SessionHandle *data,
       if(replace_old) {
         /* the domains were identical */
 
-        if(clist->path && co->path) {
-          if(strequal(clist->path, co->path)) {
+        if(clist->spath && co->spath) {
+          if(Curl_raw_equal(clist->spath, co->spath)) {
             replace_old = TRUE;
           }
           else
             replace_old = FALSE;
         }
-        else if(!clist->path && !co->path)
+        else if(!clist->spath && !co->spath)
           replace_old = TRUE;
         else
           replace_old = FALSE;
@@ -589,14 +819,15 @@ Curl_cookie_add(struct SessionHandle *data,
         co->next = clist->next; /* get the next-pointer first */
 
         /* then free all the old pointers */
-        if(clist->name)
-          free(clist->name);
+        free(clist->name);
         if(clist->value)
           free(clist->value);
         if(clist->domain)
           free(clist->domain);
         if(clist->path)
           free(clist->path);
+        if(clist->spath)
+          free(clist->spath);
         if(clist->expirestr)
           free(clist->expirestr);
 
@@ -625,7 +856,8 @@ Curl_cookie_add(struct SessionHandle *data,
 
   if(c->running)
     /* Only show this when NOT reading the cookies from a file */
-    infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, expire %d\n",
+    infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, "
+          "expire %" CURL_FORMAT_CURL_OFF_T "\n",
           replace_old?"Replaced":"Added", co->name, co->value,
           co->domain, co->path, co->expires);
 
@@ -635,9 +867,9 @@ Curl_cookie_add(struct SessionHandle *data,
       lastc->next = co;
     else
       c->cookies = co;
+    c->numcookies++; /* one more cookie in the jar */
   }
 
-  c->numcookies++; /* one more cookie in the jar */
   return co;
 }
 
@@ -652,7 +884,7 @@ Curl_cookie_add(struct SessionHandle *data,
  *
  ****************************************************************************/
 struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
-                                    char *file,
+                                    const char *file,
                                     struct CookieInfo *inc,
                                     bool newsession)
 {
@@ -662,7 +894,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
 
   if(NULL == inc) {
     /* we didn't get a struct, create one */
-    c = (struct CookieInfo *)calloc(1, sizeof(struct CookieInfo));
+    c = calloc(1, sizeof(struct CookieInfo));
     if(!c)
       return NULL; /* failed to get memory */
     c->filename = strdup(file?file:"none"); /* copy the name just in case */
@@ -690,7 +922,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
     char *lineptr;
     bool headerline;
 
-    char *line = (char *)malloc(MAX_COOKIE_LINE);
+    char *line = malloc(MAX_COOKIE_LINE);
     if(line) {
       while(fgets(line, MAX_COOKIE_LINE, fp)) {
         if(checkprefix("Set-Cookie:", line)) {
@@ -702,7 +934,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
           lineptr=line;
           headerline=FALSE;
         }
-        while(*lineptr && my_isspace(*lineptr))
+        while(*lineptr && ISBLANK(*lineptr))
           lineptr++;
 
         Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL);
@@ -718,6 +950,35 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
   return c;
 }
 
+/* sort this so that the longest path gets before the shorter path */
+static int cookie_sort(const void *p1, const void *p2)
+{
+  struct Cookie *c1 = *(struct Cookie **)p1;
+  struct Cookie *c2 = *(struct Cookie **)p2;
+  size_t l1, l2;
+
+  /* 1 - compare cookie path lengths */
+  l1 = c1->path ? strlen(c1->path) : 0;
+  l2 = c2->path ? strlen(c2->path) : 0;
+
+  if(l1 != l2)
+    return (l2 > l1) ? 1 : -1 ; /* avoid size_t <=> int conversions */
+
+  /* 2 - compare cookie domain lengths */
+  l1 = c1->domain ? strlen(c1->domain) : 0;
+  l2 = c2->domain ? strlen(c2->domain) : 0;
+
+  if(l1 != l2)
+    return (l2 > l1) ? 1 : -1 ;  /* avoid size_t <=> int conversions */
+
+  /* 3 - compare cookie names */
+  if(c1->name && c2->name)
+    return strcmp(c1->name, c2->name);
+
+  /* sorry, can't be more deterministic */
+  return 0;
+}
+
 /*****************************************************************************
  *
  * Curl_cookie_getlist()
@@ -731,43 +992,49 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
  ****************************************************************************/
 
 struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
-                                   char *host, char *path, bool secure)
+                                   const char *host, const char *path,
+                                   bool secure)
 {
   struct Cookie *newco;
   struct Cookie *co;
   time_t now = time(NULL);
   struct Cookie *mainco=NULL;
+  size_t matches = 0;
+  bool is_ip;
 
   if(!c || !c->cookies)
     return NULL; /* no cookie struct or no cookies in the struct */
 
+  /* at first, remove expired cookies */
+  remove_expired(c);
+
+  /* check if host is an IP(v4|v6) address */
+  is_ip = isip(host);
+
   co = c->cookies;
 
   while(co) {
     /* only process this cookie if it is not expired or had no expire
        date AND that if the cookie requires we're secure we must only
        continue if we are! */
-    if( (co->expires<=0 || (co->expires> now)) &&
-        (co->secure?secure:TRUE) ) {
+    if((!co->expires || (co->expires > now)) &&
+       (co->secure?secure:TRUE)) {
 
       /* now check if the domain is correct */
       if(!co->domain ||
-         (co->tailmatch && tailmatch(co->domain, host)) ||
-         (!co->tailmatch && strequal(host, co->domain)) ) {
+         (co->tailmatch && !is_ip && tailmatch(co->domain, host)) ||
+         ((!co->tailmatch || is_ip) && Curl_raw_equal(host, co->domain)) ) {
         /* the right part of the host matches the domain stuff in the
            cookie data */
 
         /* now check the left part of the path with the cookies path
            requirement */
-        if(!co->path ||
-           /* not using checkprefix() because matching should be
-              case-sensitive */
-           !strncmp(co->path, path, strlen(co->path)) ) {
+        if(!co->spath || pathmatch(co->spath, path) ) {
 
           /* and now, we know this is a match and we should create an
              entry for the return-linked-list */
 
-          newco = (struct Cookie *)malloc(sizeof(struct Cookie));
+          newco = malloc(sizeof(struct Cookie));
           if(newco) {
             /* first, copy the whole source cookie: */
             memcpy(newco, co, sizeof(struct Cookie));
@@ -777,8 +1044,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
 
             /* point the main to us */
             mainco = newco;
+
+            matches++;
           }
           else {
+            fail:
             /* failure, clear up the allocated chain and return NULL */
             while(mainco) {
               co = mainco->next;
@@ -794,6 +1064,36 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
     co = co->next;
   }
 
+  if(matches) {
+    /* Now we need to make sure that if there is a name appearing more than
+       once, the longest specified path version comes first. To make this
+       the swiftest way, we just sort them all based on path length. */
+    struct Cookie **array;
+    size_t i;
+
+    /* alloc an array and store all cookie pointers */
+    array = malloc(sizeof(struct Cookie *) * matches);
+    if(!array)
+      goto fail;
+
+    co = mainco;
+
+    for(i=0; co; co = co->next)
+      array[i++] = co;
+
+    /* now sort the cookie pointers in path length order */
+    qsort(array, matches, sizeof(struct Cookie *), cookie_sort);
+
+    /* remake the linked list order according to the new order */
+
+    mainco = array[0]; /* start here */
+    for(i=0; i<matches-1; i++)
+      array[i]->next = array[i+1];
+    array[matches-1]->next = NULL; /* terminate the list */
+
+    free(array); /* remove the temporary data again */
+  }
+
   return mainco; /* return the new list */
 }
 
@@ -807,7 +1107,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
 void Curl_cookie_clearall(struct CookieInfo *cookies)
 {
   if(cookies) {
-    Curl_cookie_freelist(cookies->cookies);
+    Curl_cookie_freelist(cookies->cookies, TRUE);
     cookies->cookies = NULL;
     cookies->numcookies = 0;
   }
@@ -819,16 +1119,22 @@ void Curl_cookie_clearall(struct CookieInfo *cookies)
  *
  * Free a list of cookies previously returned by Curl_cookie_getlist();
  *
+ * The 'cookiestoo' argument tells this function whether to just free the
+ * list or actually also free all cookies within the list as well.
+ *
  ****************************************************************************/
 
-void Curl_cookie_freelist(struct Cookie *co)
+void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo)
 {
   struct Cookie *next;
   if(co) {
     while(co) {
       next = co->next;
-      free(co); /* we only free the struct since the "members" are all
-                      just copied! */
+      if(cookiestoo)
+        freecookie(co);
+      else
+        free(co); /* we only free the struct since the "members" are all just
+                     pointed out in the main cookie list! */
       co = next;
     }
   }
@@ -846,7 +1152,7 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
 {
   struct Cookie *first, *curr, *next, *prev = NULL;
 
-  if(!cookies->cookies)
+  if(!cookies || !cookies->cookies)
     return;
 
   first = curr = prev = cookies->cookies;
@@ -862,7 +1168,7 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
       else
         prev->next = next;
 
-      free(curr);
+      freecookie(curr);
       cookies->numcookies--;
     }
     else
@@ -907,13 +1213,15 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
 static char *get_netscape_format(const struct Cookie *co)
 {
   return aprintf(
+    "%s"     /* httponly preamble */
     "%s%s\t" /* domain */
     "%s\t"   /* tailmatch */
     "%s\t"   /* path */
     "%s\t"   /* secure */
-    "%" FORMAT_OFF_T "\t"   /* expires */
+    "%" CURL_FORMAT_CURL_OFF_T "\t"   /* expires */
     "%s\t"   /* name */
     "%s",    /* value */
+    co->httponly?"#HttpOnly_":"",
     /* Make sure all domains are prefixed with a dot if they allow
        tailmatching. This is Mozilla-style. */
     (co->tailmatch && co->domain && co->domain[0] != '.')? ".":"",
@@ -927,14 +1235,14 @@ static char *get_netscape_format(const struct Cookie *co)
 }
 
 /*
- * Curl_cookie_output()
+ * cookie_output()
  *
  * Writes all internally known cookies to the specified file. Specify
  * "-" as file name to write to stdout.
  *
  * The function returns non-zero on write failure.
  */
-int Curl_cookie_output(struct CookieInfo *c, char *dumphere)
+static int cookie_output(struct CookieInfo *c, const char *dumphere)
 {
   struct Cookie *co;
   FILE *out;
@@ -945,6 +1253,9 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere)
        destination file */
     return 0;
 
+  /* at first, remove expired cookies */
+  remove_expired(c);
+
   if(strequal("-", dumphere)) {
     /* use stdout */
     out = stdout;
@@ -960,14 +1271,14 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere)
     char *format_ptr;
 
     fputs("# Netscape HTTP Cookie File\n"
-          "# http://curlm.haxx.se/rfc/cookie_spec.html\n"
+          "# http://curl.haxx.se/docs/http-cookies.html\n"
           "# This file was generated by libcurl! Edit at your own risk.\n\n",
           out);
     co = c->cookies;
 
     while(co) {
       format_ptr = get_netscape_format(co);
-      if (format_ptr == NULL) {
+      if(format_ptr == NULL) {
         fprintf(out, "#\n# Fatal libcurl error\n");
         if(!use_stdout)
           fclose(out);
@@ -992,28 +1303,63 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
   struct Cookie *c;
   char *line;
 
-  if ((data->cookies == NULL) ||
+  if((data->cookies == NULL) ||
       (data->cookies->numcookies == 0))
     return NULL;
 
   c = data->cookies->cookies;
 
-  beg = list;
-  while (c) {
+  while(c) {
     /* fill the list with _all_ the cookies we know */
     line = get_netscape_format(c);
-    if (line == NULL) {
-      /* get_netscape_format returns null only if we run out of memory */
-
-      curl_slist_free_all(beg); /* free some memory */
+    if(!line) {
+      curl_slist_free_all(list);
       return NULL;
     }
-    list = curl_slist_append(list, line);
-    free(line);
+    beg = Curl_slist_append_nodup(list, line);
+    if(!beg) {
+      free(line);
+      curl_slist_free_all(list);
+      return NULL;
+    }
+    list = beg;
     c = c->next;
   }
 
   return list;
 }
 
+void Curl_flush_cookies(struct SessionHandle *data, int cleanup)
+{
+  if(data->set.str[STRING_COOKIEJAR]) {
+    if(data->change.cookielist) {
+      /* If there is a list of cookie files to read, do it first so that
+         we have all the told files read before we write the new jar.
+         Curl_cookie_loadfiles() LOCKS and UNLOCKS the share itself! */
+      Curl_cookie_loadfiles(data);
+    }
+
+    Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+
+    /* if we have a destination file for all the cookies to get dumped to */
+    if(cookie_output(data->cookies, data->set.str[STRING_COOKIEJAR]))
+      infof(data, "WARNING: failed to save cookies in %s\n",
+            data->set.str[STRING_COOKIEJAR]);
+  }
+  else {
+    if(cleanup && data->change.cookielist) {
+      /* since nothing is written, we can just free the list of cookie file
+         names */
+      curl_slist_free_all(data->change.cookielist); /* clean up list */
+      data->change.cookielist = NULL;
+    }
+    Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+  }
+
+  if(cleanup && (!data->share || (data->cookies != data->share->cookies))) {
+    Curl_cookie_cleanup(data->cookies);
+  }
+  Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+}
+
 #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_COOKIES */
diff --git a/Utilities/cmcurl/cookie.h b/Utilities/cmcurl/lib/cookie.h
index 57c3acb..bd89082 100644
--- a/Utilities/cmcurl/cookie.h
+++ b/Utilities/cmcurl/lib/cookie.h
@@ -1,5 +1,5 @@
-#ifndef __COOKIE_H
-#define __COOKIE_H
+#ifndef HEADER_CURL_COOKIE_H
+#define HEADER_CURL_COOKIE_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,17 +20,8 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-
-#include <stdio.h>
-#if defined(WIN32)
-#include <time.h>
-#else
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#endif
+#include "curl_setup.h"
 
 #include <curl/curl.h>
 
@@ -38,7 +29,8 @@ struct Cookie {
   struct Cookie *next; /* next in the chain */
   char *name;        /* <this> = value */
   char *value;       /* name = <this> */
-  char *path;         /* path = <this> */
+  char *path;         /* path = <this> which is in Set-Cookie: */
+  char *spath;        /* sanitized cookie path */
   char *domain;      /* domain = <this> */
   curl_off_t expires;  /* expires = <this> */
   char *expirestr;   /* the plain text version */
@@ -50,6 +42,7 @@ struct Cookie {
 
   bool secure;       /* whether the 'secure' keyword was used */
   bool livecookie;   /* updated from a server, not a stored file */
+  bool httponly;     /* true if the httponly directive is present */
 };
 
 struct CookieInfo {
@@ -84,24 +77,28 @@ struct SessionHandle;
  */
 
 struct Cookie *Curl_cookie_add(struct SessionHandle *data,
-                               struct CookieInfo *, bool header, char *line,
-                               char *domain, char *path);
+                               struct CookieInfo *, bool header, char *lineptr,
+                               const char *domain, const char *path);
 
-struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
-                                    char *, struct CookieInfo *, bool);
-struct Cookie *Curl_cookie_getlist(struct CookieInfo *, char *, char *, bool);
-void Curl_cookie_freelist(struct Cookie *);
+struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
+                                   const char *, bool);
+void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo);
 void Curl_cookie_clearall(struct CookieInfo *cookies);
 void Curl_cookie_clearsess(struct CookieInfo *cookies);
-void Curl_cookie_cleanup(struct CookieInfo *);
-int Curl_cookie_output(struct CookieInfo *, char *);
 
 #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
 #define Curl_cookie_list(x) NULL
-#define Curl_cookie_loadfiles(x) do { } while (0)
+#define Curl_cookie_loadfiles(x) Curl_nop_stmt
+#define Curl_cookie_init(x,y,z,w) NULL
+#define Curl_cookie_cleanup(x) Curl_nop_stmt
+#define Curl_flush_cookies(x,y) Curl_nop_stmt
 #else
+void Curl_flush_cookies(struct SessionHandle *data, int cleanup);
+void Curl_cookie_cleanup(struct CookieInfo *);
+struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
+                                    const char *, struct CookieInfo *, bool);
 struct curl_slist *Curl_cookie_list(struct SessionHandle *data);
 void Curl_cookie_loadfiles(struct SessionHandle *data);
 #endif
 
-#endif
+#endif /* HEADER_CURL_COOKIE_H */
diff --git a/Utilities/cmcurl/lib/curl_addrinfo.c b/Utilities/cmcurl/lib/curl_addrinfo.c
new file mode 100644
index 0000000..10652c6
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_addrinfo.c
@@ -0,0 +1,527 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#ifdef __VMS
+#  include <in.h>
+#  include <inet.h>
+#endif
+
+#if defined(NETWARE) && defined(__NOVELL_LIBC__)
+#  undef  in_addr_t
+#  define in_addr_t unsigned long
+#endif
+
+#include "curl_addrinfo.h"
+#include "inet_pton.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+
+/*
+ * Curl_freeaddrinfo()
+ *
+ * This is used to free a linked list of Curl_addrinfo structs along
+ * with all its associated allocated storage. This function should be
+ * called once for each successful call to Curl_getaddrinfo_ex() or to
+ * any function call which actually allocates a Curl_addrinfo struct.
+ */
+
+#if defined(__INTEL_COMPILER) && (__INTEL_COMPILER == 910) && \
+    defined(__OPTIMIZE__) && defined(__unix__) &&  defined(__i386__)
+  /* workaround icc 9.1 optimizer issue */
+# define vqualifier volatile
+#else
+# define vqualifier
+#endif
+
+void
+Curl_freeaddrinfo(Curl_addrinfo *cahead)
+{
+  Curl_addrinfo *vqualifier canext;
+  Curl_addrinfo *ca;
+
+  for(ca = cahead; ca != NULL; ca = canext) {
+
+    if(ca->ai_addr)
+      free(ca->ai_addr);
+
+    if(ca->ai_canonname)
+      free(ca->ai_canonname);
+
+    canext = ca->ai_next;
+
+    free(ca);
+  }
+}
+
+
+#ifdef HAVE_GETADDRINFO
+/*
+ * Curl_getaddrinfo_ex()
+ *
+ * This is a wrapper function around system's getaddrinfo(), with
+ * the only difference that instead of returning a linked list of
+ * addrinfo structs this one returns a linked list of Curl_addrinfo
+ * ones. The memory allocated by this function *MUST* be free'd with
+ * Curl_freeaddrinfo().  For each successful call to this function
+ * there must be an associated call later to Curl_freeaddrinfo().
+ *
+ * There should be no single call to system's getaddrinfo() in the
+ * whole library, any such call should be 'routed' through this one.
+ */
+
+int
+Curl_getaddrinfo_ex(const char *nodename,
+                    const char *servname,
+                    const struct addrinfo *hints,
+                    Curl_addrinfo **result)
+{
+  const struct addrinfo *ai;
+  struct addrinfo *aihead;
+  Curl_addrinfo *cafirst = NULL;
+  Curl_addrinfo *calast = NULL;
+  Curl_addrinfo *ca;
+  size_t ss_size;
+  int error;
+
+  *result = NULL; /* assume failure */
+
+  error = getaddrinfo(nodename, servname, hints, &aihead);
+  if(error)
+    return error;
+
+  /* traverse the addrinfo list */
+
+  for(ai = aihead; ai != NULL; ai = ai->ai_next) {
+
+    /* ignore elements with unsupported address family, */
+    /* settle family-specific sockaddr structure size.  */
+    if(ai->ai_family == AF_INET)
+      ss_size = sizeof(struct sockaddr_in);
+#ifdef ENABLE_IPV6
+    else if(ai->ai_family == AF_INET6)
+      ss_size = sizeof(struct sockaddr_in6);
+#endif
+    else
+      continue;
+
+    /* ignore elements without required address info */
+    if((ai->ai_addr == NULL) || !(ai->ai_addrlen > 0))
+      continue;
+
+    /* ignore elements with bogus address size */
+    if((size_t)ai->ai_addrlen < ss_size)
+      continue;
+
+    if((ca = malloc(sizeof(Curl_addrinfo))) == NULL) {
+      error = EAI_MEMORY;
+      break;
+    }
+
+    /* copy each structure member individually, member ordering, */
+    /* size, or padding might be different for each platform.    */
+
+    ca->ai_flags     = ai->ai_flags;
+    ca->ai_family    = ai->ai_family;
+    ca->ai_socktype  = ai->ai_socktype;
+    ca->ai_protocol  = ai->ai_protocol;
+    ca->ai_addrlen   = (curl_socklen_t)ss_size;
+    ca->ai_addr      = NULL;
+    ca->ai_canonname = NULL;
+    ca->ai_next      = NULL;
+
+    if((ca->ai_addr = malloc(ss_size)) == NULL) {
+      error = EAI_MEMORY;
+      free(ca);
+      break;
+    }
+    memcpy(ca->ai_addr, ai->ai_addr, ss_size);
+
+    if(ai->ai_canonname != NULL) {
+      if((ca->ai_canonname = strdup(ai->ai_canonname)) == NULL) {
+        error = EAI_MEMORY;
+        free(ca->ai_addr);
+        free(ca);
+        break;
+      }
+    }
+
+    /* if the return list is empty, this becomes the first element */
+    if(!cafirst)
+      cafirst = ca;
+
+    /* add this element last in the return list */
+    if(calast)
+      calast->ai_next = ca;
+    calast = ca;
+
+  }
+
+  /* destroy the addrinfo list */
+  if(aihead)
+    freeaddrinfo(aihead);
+
+  /* if we failed, also destroy the Curl_addrinfo list */
+  if(error) {
+    Curl_freeaddrinfo(cafirst);
+    cafirst = NULL;
+  }
+  else if(!cafirst) {
+#ifdef EAI_NONAME
+    /* rfc3493 conformant */
+    error = EAI_NONAME;
+#else
+    /* rfc3493 obsoleted */
+    error = EAI_NODATA;
+#endif
+#ifdef USE_WINSOCK
+    SET_SOCKERRNO(error);
+#endif
+  }
+
+  *result = cafirst;
+
+  /* This is not a CURLcode */
+  return error;
+}
+#endif /* HAVE_GETADDRINFO */
+
+
+/*
+ * Curl_he2ai()
+ *
+ * This function returns a pointer to the first element of a newly allocated
+ * Curl_addrinfo struct linked list filled with the data of a given hostent.
+ * Curl_addrinfo is meant to work like the addrinfo struct does for a IPv6
+ * stack, but usable also for IPv4, all hosts and environments.
+ *
+ * The memory allocated by this function *MUST* be free'd later on calling
+ * Curl_freeaddrinfo().  For each successful call to this function there
+ * must be an associated call later to Curl_freeaddrinfo().
+ *
+ *   Curl_addrinfo defined in "lib/curl_addrinfo.h"
+ *
+ *     struct Curl_addrinfo {
+ *       int                   ai_flags;
+ *       int                   ai_family;
+ *       int                   ai_socktype;
+ *       int                   ai_protocol;
+ *       curl_socklen_t        ai_addrlen;   * Follow rfc3493 struct addrinfo *
+ *       char                 *ai_canonname;
+ *       struct sockaddr      *ai_addr;
+ *       struct Curl_addrinfo *ai_next;
+ *     };
+ *     typedef struct Curl_addrinfo Curl_addrinfo;
+ *
+ *   hostent defined in <netdb.h>
+ *
+ *     struct hostent {
+ *       char    *h_name;
+ *       char    **h_aliases;
+ *       int     h_addrtype;
+ *       int     h_length;
+ *       char    **h_addr_list;
+ *     };
+ *
+ *   for backward compatibility:
+ *
+ *     #define h_addr  h_addr_list[0]
+ */
+
+Curl_addrinfo *
+Curl_he2ai(const struct hostent *he, int port)
+{
+  Curl_addrinfo *ai;
+  Curl_addrinfo *prevai = NULL;
+  Curl_addrinfo *firstai = NULL;
+  struct sockaddr_in *addr;
+#ifdef ENABLE_IPV6
+  struct sockaddr_in6 *addr6;
+#endif
+  CURLcode result = CURLE_OK;
+  int i;
+  char *curr;
+
+  if(!he)
+    /* no input == no output! */
+    return NULL;
+
+  DEBUGASSERT((he->h_name != NULL) && (he->h_addr_list != NULL));
+
+  for(i=0; (curr = he->h_addr_list[i]) != NULL; i++) {
+
+    size_t ss_size;
+#ifdef ENABLE_IPV6
+    if(he->h_addrtype == AF_INET6)
+      ss_size = sizeof (struct sockaddr_in6);
+    else
+#endif
+      ss_size = sizeof (struct sockaddr_in);
+
+    if((ai = calloc(1, sizeof(Curl_addrinfo))) == NULL) {
+      result = CURLE_OUT_OF_MEMORY;
+      break;
+    }
+    if((ai->ai_canonname = strdup(he->h_name)) == NULL) {
+      result = CURLE_OUT_OF_MEMORY;
+      free(ai);
+      break;
+    }
+    if((ai->ai_addr = calloc(1, ss_size)) == NULL) {
+      result = CURLE_OUT_OF_MEMORY;
+      free(ai->ai_canonname);
+      free(ai);
+      break;
+    }
+
+    if(!firstai)
+      /* store the pointer we want to return from this function */
+      firstai = ai;
+
+    if(prevai)
+      /* make the previous entry point to this */
+      prevai->ai_next = ai;
+
+    ai->ai_family = he->h_addrtype;
+
+    /* we return all names as STREAM, so when using this address for TFTP
+       the type must be ignored and conn->socktype be used instead! */
+    ai->ai_socktype = SOCK_STREAM;
+
+    ai->ai_addrlen = (curl_socklen_t)ss_size;
+
+    /* leave the rest of the struct filled with zero */
+
+    switch (ai->ai_family) {
+    case AF_INET:
+      addr = (void *)ai->ai_addr; /* storage area for this info */
+
+      memcpy(&addr->sin_addr, curr, sizeof(struct in_addr));
+      addr->sin_family = (unsigned short)(he->h_addrtype);
+      addr->sin_port = htons((unsigned short)port);
+      break;
+
+#ifdef ENABLE_IPV6
+    case AF_INET6:
+      addr6 = (void *)ai->ai_addr; /* storage area for this info */
+
+      memcpy(&addr6->sin6_addr, curr, sizeof(struct in6_addr));
+      addr6->sin6_family = (unsigned short)(he->h_addrtype);
+      addr6->sin6_port = htons((unsigned short)port);
+      break;
+#endif
+    }
+
+    prevai = ai;
+  }
+
+  if(result != CURLE_OK) {
+    Curl_freeaddrinfo(firstai);
+    firstai = NULL;
+  }
+
+  return firstai;
+}
+
+
+struct namebuff {
+  struct hostent hostentry;
+  union {
+    struct in_addr  ina4;
+#ifdef ENABLE_IPV6
+    struct in6_addr ina6;
+#endif
+  } addrentry;
+  char *h_addr_list[2];
+};
+
+
+/*
+ * Curl_ip2addr()
+ *
+ * This function takes an internet address, in binary form, as input parameter
+ * along with its address family and the string version of the address, and it
+ * returns a Curl_addrinfo chain filled in correctly with information for the
+ * given address/host
+ */
+
+Curl_addrinfo *
+Curl_ip2addr(int af, const void *inaddr, const char *hostname, int port)
+{
+  Curl_addrinfo *ai;
+
+#if defined(__VMS) && \
+    defined(__INITIAL_POINTER_SIZE) && (__INITIAL_POINTER_SIZE == 64)
+#pragma pointer_size save
+#pragma pointer_size short
+#pragma message disable PTRMISMATCH
+#endif
+
+  struct hostent  *h;
+  struct namebuff *buf;
+  char  *addrentry;
+  char  *hoststr;
+  size_t addrsize;
+
+  DEBUGASSERT(inaddr && hostname);
+
+  buf = malloc(sizeof(struct namebuff));
+  if(!buf)
+    return NULL;
+
+  hoststr = strdup(hostname);
+  if(!hoststr) {
+    free(buf);
+    return NULL;
+  }
+
+  switch(af) {
+  case AF_INET:
+    addrsize = sizeof(struct in_addr);
+    addrentry = (void *)&buf->addrentry.ina4;
+    memcpy(addrentry, inaddr, sizeof(struct in_addr));
+    break;
+#ifdef ENABLE_IPV6
+  case AF_INET6:
+    addrsize = sizeof(struct in6_addr);
+    addrentry = (void *)&buf->addrentry.ina6;
+    memcpy(addrentry, inaddr, sizeof(struct in6_addr));
+    break;
+#endif
+  default:
+    free(hoststr);
+    free(buf);
+    return NULL;
+  }
+
+  h = &buf->hostentry;
+  h->h_name = hoststr;
+  h->h_aliases = NULL;
+  h->h_addrtype = (short)af;
+  h->h_length = (short)addrsize;
+  h->h_addr_list = &buf->h_addr_list[0];
+  h->h_addr_list[0] = addrentry;
+  h->h_addr_list[1] = NULL; /* terminate list of entries */
+
+#if defined(__VMS) && \
+    defined(__INITIAL_POINTER_SIZE) && (__INITIAL_POINTER_SIZE == 64)
+#pragma pointer_size restore
+#pragma message enable PTRMISMATCH
+#endif
+
+  ai = Curl_he2ai(h, port);
+
+  free(hoststr);
+  free(buf);
+
+  return ai;
+}
+
+/*
+ * Given an IPv4 or IPv6 dotted string address, this converts it to a proper
+ * allocated Curl_addrinfo struct and returns it.
+ */
+Curl_addrinfo *Curl_str2addr(char *address, int port)
+{
+  struct in_addr in;
+  if(Curl_inet_pton(AF_INET, address, &in) > 0)
+    /* This is a dotted IP address 123.123.123.123-style */
+    return Curl_ip2addr(AF_INET, &in, address, port);
+#ifdef ENABLE_IPV6
+  else {
+    struct in6_addr in6;
+    if(Curl_inet_pton(AF_INET6, address, &in6) > 0)
+      /* This is a dotted IPv6 address ::1-style */
+      return Curl_ip2addr(AF_INET6, &in6, address, port);
+  }
+#endif
+  return NULL; /* bad input format */
+}
+
+#if defined(CURLDEBUG) && defined(HAVE_FREEADDRINFO)
+/*
+ * curl_dofreeaddrinfo()
+ *
+ * This is strictly for memory tracing and are using the same style as the
+ * family otherwise present in memdebug.c. I put these ones here since they
+ * require a bunch of structs I didn't want to include in memdebug.c
+ */
+
+void
+curl_dofreeaddrinfo(struct addrinfo *freethis,
+                    int line, const char *source)
+{
+  (freeaddrinfo)(freethis);
+  curl_memlog("ADDR %s:%d freeaddrinfo(%p)\n",
+              source, line, (void *)freethis);
+}
+#endif /* defined(CURLDEBUG) && defined(HAVE_FREEADDRINFO) */
+
+
+#if defined(CURLDEBUG) && defined(HAVE_GETADDRINFO)
+/*
+ * curl_dogetaddrinfo()
+ *
+ * This is strictly for memory tracing and are using the same style as the
+ * family otherwise present in memdebug.c. I put these ones here since they
+ * require a bunch of structs I didn't want to include in memdebug.c
+ */
+
+int
+curl_dogetaddrinfo(const char *hostname,
+                   const char *service,
+                   const struct addrinfo *hints,
+                   struct addrinfo **result,
+                   int line, const char *source)
+{
+  int res=(getaddrinfo)(hostname, service, hints, result);
+  if(0 == res)
+    /* success */
+    curl_memlog("ADDR %s:%d getaddrinfo() = %p\n",
+                source, line, (void *)*result);
+  else
+    curl_memlog("ADDR %s:%d getaddrinfo() failed\n",
+                source, line);
+  return res;
+}
+#endif /* defined(CURLDEBUG) && defined(HAVE_GETADDRINFO) */
+
diff --git a/Utilities/cmcurl/lib/curl_addrinfo.h b/Utilities/cmcurl/lib/curl_addrinfo.h
new file mode 100644
index 0000000..6d2b753
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_addrinfo.h
@@ -0,0 +1,97 @@
+#ifndef HEADER_CURL_ADDRINFO_H
+#define HEADER_CURL_ADDRINFO_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#ifdef __VMS
+#  include <in.h>
+#  include <inet.h>
+#  include <stdlib.h>
+#endif
+
+
+/*
+ * Curl_addrinfo is our internal struct definition that we use to allow
+ * consistent internal handling of this data. We use this even when the
+ * system provides an addrinfo structure definition. And we use this for
+ * all sorts of IPv4 and IPV6 builds.
+ */
+
+struct Curl_addrinfo {
+  int                   ai_flags;
+  int                   ai_family;
+  int                   ai_socktype;
+  int                   ai_protocol;
+  curl_socklen_t        ai_addrlen;   /* Follow rfc3493 struct addrinfo */
+  char                 *ai_canonname;
+  struct sockaddr      *ai_addr;
+  struct Curl_addrinfo *ai_next;
+};
+typedef struct Curl_addrinfo Curl_addrinfo;
+
+void
+Curl_freeaddrinfo(Curl_addrinfo *cahead);
+
+#ifdef HAVE_GETADDRINFO
+int
+Curl_getaddrinfo_ex(const char *nodename,
+                    const char *servname,
+                    const struct addrinfo *hints,
+                    Curl_addrinfo **result);
+#endif
+
+Curl_addrinfo *
+Curl_he2ai(const struct hostent *he, int port);
+
+Curl_addrinfo *
+Curl_ip2addr(int af, const void *inaddr, const char *hostname, int port);
+
+Curl_addrinfo *Curl_str2addr(char *dotted, int port);
+
+#if defined(CURLDEBUG) && defined(HAVE_FREEADDRINFO)
+void
+curl_dofreeaddrinfo(struct addrinfo *freethis,
+                    int line, const char *source);
+#endif
+
+#if defined(CURLDEBUG) && defined(HAVE_GETADDRINFO)
+int
+curl_dogetaddrinfo(const char *hostname,
+                   const char *service,
+                   const struct addrinfo *hints,
+                   struct addrinfo **result,
+                   int line, const char *source);
+#endif
+
+#endif /* HEADER_CURL_ADDRINFO_H */
diff --git a/Utilities/cmcurl/lib/curl_base64.h b/Utilities/cmcurl/lib/curl_base64.h
new file mode 100644
index 0000000..92896fe
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_base64.h
@@ -0,0 +1,35 @@
+#ifndef HEADER_CURL_BASE64_H
+#define HEADER_CURL_BASE64_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+CURLcode Curl_base64_encode(struct SessionHandle *data,
+                            const char *inputbuff, size_t insize,
+                            char **outptr, size_t *outlen);
+CURLcode Curl_base64url_encode(struct SessionHandle *data,
+                               const char *inputbuff, size_t insize,
+                               char **outptr, size_t *outlen);
+
+CURLcode Curl_base64_decode(const char *src,
+                            unsigned char **outptr, size_t *outlen);
+
+#endif /* HEADER_CURL_BASE64_H */
diff --git a/Utilities/cmcurl/lib/curl_config.h.cmake b/Utilities/cmcurl/lib/curl_config.h.cmake
new file mode 100644
index 0000000..b5db3b6
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_config.h.cmake
@@ -0,0 +1,961 @@
+/* lib/curl_config.h.in.  Generated somehow by cmake.  */
+
+/* when building libcurl itself */
+#cmakedefine BUILDING_LIBCURL 1
+
+/* Location of default ca bundle */
+#cmakedefine CURL_CA_BUNDLE ${CURL_CA_BUNDLE}
+
+/* Location of default ca path */
+#cmakedefine CURL_CA_PATH ${CURL_CA_PATH}
+
+/* to disable cookies support */
+#cmakedefine CURL_DISABLE_COOKIES 1
+
+/* to disable cryptographic authentication */
+#cmakedefine CURL_DISABLE_CRYPTO_AUTH 1
+
+/* to disable DICT */
+#cmakedefine CURL_DISABLE_DICT 1
+
+/* to disable FILE */
+#cmakedefine CURL_DISABLE_FILE 1
+
+/* to disable FTP */
+#cmakedefine CURL_DISABLE_FTP 1
+
+/* to disable HTTP */
+#cmakedefine CURL_DISABLE_HTTP 1
+
+/* to disable LDAP */
+#cmakedefine CURL_DISABLE_LDAP 1
+
+/* to disable LDAPS */
+#cmakedefine CURL_DISABLE_LDAPS 1
+
+/* to disable proxies */
+#cmakedefine CURL_DISABLE_PROXY 1
+
+/* to disable TELNET */
+#cmakedefine CURL_DISABLE_TELNET 1
+
+/* to disable TFTP */
+#cmakedefine CURL_DISABLE_TFTP 1
+
+/* to disable verbose strings */
+#cmakedefine CURL_DISABLE_VERBOSE_STRINGS 1
+
+/* to make a symbol visible */
+#cmakedefine CURL_EXTERN_SYMBOL 1
+/* Ensure using CURL_EXTERN_SYMBOL is possible */
+#ifndef CURL_EXTERN_SYMBOL
+#define CURL_EXTERN_SYMBOL
+#endif
+
+/* Use Windows LDAP implementation */
+#cmakedefine CURL_LDAP_WIN 1
+
+/* when not building a shared library */
+#cmakedefine CURL_STATICLIB 1
+
+/* Set to explicitly specify we don't want to use thread-safe functions */
+#cmakedefine DISABLED_THREADSAFE 1
+
+/* your Entropy Gathering Daemon socket pathname */
+#cmakedefine EGD_SOCKET ${EGD_SOCKET}
+
+/* Define if you want to enable IPv6 support */
+#cmakedefine ENABLE_IPV6 1
+
+/* Define to the type qualifier of arg 1 for getnameinfo. */
+#cmakedefine GETNAMEINFO_QUAL_ARG1 ${GETNAMEINFO_QUAL_ARG1}
+
+/* Define to the type of arg 1 for getnameinfo. */
+#cmakedefine GETNAMEINFO_TYPE_ARG1 ${GETNAMEINFO_TYPE_ARG1}
+
+/* Define to the type of arg 2 for getnameinfo. */
+#cmakedefine GETNAMEINFO_TYPE_ARG2 ${GETNAMEINFO_TYPE_ARG2}
+
+/* Define to the type of args 4 and 6 for getnameinfo. */
+#cmakedefine GETNAMEINFO_TYPE_ARG46 ${GETNAMEINFO_TYPE_ARG46}
+
+/* Define to the type of arg 7 for getnameinfo. */
+#cmakedefine GETNAMEINFO_TYPE_ARG7 ${GETNAMEINFO_TYPE_ARG7}
+
+/* Specifies the number of arguments to getservbyport_r */
+#cmakedefine GETSERVBYPORT_R_ARGS ${GETSERVBYPORT_R_ARGS}
+
+/* Specifies the size of the buffer to pass to getservbyport_r */
+#cmakedefine GETSERVBYPORT_R_BUFSIZE ${GETSERVBYPORT_R_BUFSIZE}
+
+/* Define to 1 if you have the alarm function. */
+#cmakedefine HAVE_ALARM 1
+
+/* Define to 1 if you have the <alloca.h> header file. */
+#cmakedefine HAVE_ALLOCA_H 1
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#cmakedefine HAVE_ARPA_INET_H 1
+
+/* Define to 1 if you have the <arpa/tftp.h> header file. */
+#cmakedefine HAVE_ARPA_TFTP_H 1
+
+/* Define to 1 if you have the <assert.h> header file. */
+#cmakedefine HAVE_ASSERT_H 1
+
+/* Define to 1 if you have the `basename' function. */
+#cmakedefine HAVE_BASENAME 1
+
+/* Define to 1 if bool is an available type. */
+#cmakedefine HAVE_BOOL_T 1
+
+/* Define to 1 if you have the clock_gettime function and monotonic timer. */
+#cmakedefine HAVE_CLOCK_GETTIME_MONOTONIC 1
+
+/* Define to 1 if you have the `closesocket' function. */
+#cmakedefine HAVE_CLOSESOCKET 1
+
+/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */
+#cmakedefine HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1
+
+/* Define to 1 if you have the <crypto.h> header file. */
+#cmakedefine HAVE_CRYPTO_H 1
+
+/* Define to 1 if you have the <des.h> header file. */
+#cmakedefine HAVE_DES_H 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#cmakedefine HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
+#cmakedefine HAVE_ENGINE_LOAD_BUILTIN_ENGINES 1
+
+/* Define to 1 if you have the <errno.h> header file. */
+#cmakedefine HAVE_ERRNO_H 1
+
+/* Define to 1 if you have the <err.h> header file. */
+#cmakedefine HAVE_ERR_H 1
+
+/* Define to 1 if you have the fcntl function. */
+#cmakedefine HAVE_FCNTL 1
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#cmakedefine HAVE_FCNTL_H 1
+
+/* Define to 1 if you have a working fcntl O_NONBLOCK function. */
+#cmakedefine HAVE_FCNTL_O_NONBLOCK 1
+
+/* Define to 1 if you have the fdopen function. */
+#cmakedefine HAVE_FDOPEN 1
+
+/* Define to 1 if you have the `fork' function. */
+#cmakedefine HAVE_FORK 1
+
+/* Define to 1 if you have the freeaddrinfo function. */
+#cmakedefine HAVE_FREEADDRINFO 1
+
+/* Define to 1 if you have the freeifaddrs function. */
+#cmakedefine HAVE_FREEIFADDRS 1
+
+/* Define to 1 if you have the ftruncate function. */
+#cmakedefine HAVE_FTRUNCATE 1
+
+/* Define to 1 if you have a working getaddrinfo function. */
+#cmakedefine HAVE_GETADDRINFO 1
+
+/* Define to 1 if you have the `geteuid' function. */
+#cmakedefine HAVE_GETEUID 1
+
+/* Define to 1 if you have the gethostbyaddr function. */
+#cmakedefine HAVE_GETHOSTBYADDR 1
+
+/* Define to 1 if you have the gethostbyaddr_r function. */
+#cmakedefine HAVE_GETHOSTBYADDR_R 1
+
+/* gethostbyaddr_r() takes 5 args */
+#cmakedefine HAVE_GETHOSTBYADDR_R_5 1
+
+/* gethostbyaddr_r() takes 7 args */
+#cmakedefine HAVE_GETHOSTBYADDR_R_7 1
+
+/* gethostbyaddr_r() takes 8 args */
+#cmakedefine HAVE_GETHOSTBYADDR_R_8 1
+
+/* Define to 1 if you have the gethostbyname function. */
+#cmakedefine HAVE_GETHOSTBYNAME 1
+
+/* Define to 1 if you have the gethostbyname_r function. */
+#cmakedefine HAVE_GETHOSTBYNAME_R 1
+
+/* gethostbyname_r() takes 3 args */
+#cmakedefine HAVE_GETHOSTBYNAME_R_3 1
+
+/* gethostbyname_r() takes 5 args */
+#cmakedefine HAVE_GETHOSTBYNAME_R_5 1
+
+/* gethostbyname_r() takes 6 args */
+#cmakedefine HAVE_GETHOSTBYNAME_R_6 1
+
+/* Define to 1 if you have the gethostname function. */
+#cmakedefine HAVE_GETHOSTNAME 1
+
+/* Define to 1 if you have a working getifaddrs function. */
+#cmakedefine HAVE_GETIFADDRS 1
+
+/* Define to 1 if you have the getnameinfo function. */
+#cmakedefine HAVE_GETNAMEINFO 1
+
+/* Define to 1 if you have the `getpass_r' function. */
+#cmakedefine HAVE_GETPASS_R 1
+
+/* Define to 1 if you have the `getppid' function. */
+#cmakedefine HAVE_GETPPID 1
+
+/* Define to 1 if you have the `getprotobyname' function. */
+#cmakedefine HAVE_GETPROTOBYNAME 1
+
+/* Define to 1 if you have the `getpwuid' function. */
+#cmakedefine HAVE_GETPWUID 1
+
+/* Define to 1 if you have the `getrlimit' function. */
+#cmakedefine HAVE_GETRLIMIT 1
+
+/* Define to 1 if you have the getservbyport_r function. */
+#cmakedefine HAVE_GETSERVBYPORT_R 1
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#cmakedefine HAVE_GETTIMEOFDAY 1
+
+/* Define to 1 if you have a working glibc-style strerror_r function. */
+#cmakedefine HAVE_GLIBC_STRERROR_R 1
+
+/* Define to 1 if you have a working gmtime_r function. */
+#cmakedefine HAVE_GMTIME_R 1
+
+/* if you have the gssapi libraries */
+#cmakedefine HAVE_GSSAPI 1
+
+/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
+#cmakedefine HAVE_GSSAPI_GSSAPI_GENERIC_H 1
+
+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
+#cmakedefine HAVE_GSSAPI_GSSAPI_H 1
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+#cmakedefine HAVE_GSSAPI_GSSAPI_KRB5_H 1
+
+/* if you have the GNU gssapi libraries */
+#cmakedefine HAVE_GSSGNU 1
+
+/* if you have the Heimdal gssapi libraries */
+#cmakedefine HAVE_GSSHEIMDAL 1
+
+/* if you have the MIT gssapi libraries */
+#cmakedefine HAVE_GSSMIT 1
+
+/* Define to 1 if you have the `idna_strerror' function. */
+#cmakedefine HAVE_IDNA_STRERROR 1
+
+/* Define to 1 if you have the `idn_free' function. */
+#cmakedefine HAVE_IDN_FREE 1
+
+/* Define to 1 if you have the <idn-free.h> header file. */
+#cmakedefine HAVE_IDN_FREE_H 1
+
+/* Define to 1 if you have the <ifaddrs.h> header file. */
+#cmakedefine HAVE_IFADDRS_H 1
+
+/* Define to 1 if you have the `inet_addr' function. */
+#cmakedefine HAVE_INET_ADDR 1
+
+/* Define to 1 if you have the inet_ntoa_r function. */
+#cmakedefine HAVE_INET_NTOA_R 1
+
+/* inet_ntoa_r() takes 2 args */
+#cmakedefine HAVE_INET_NTOA_R_2 1
+
+/* inet_ntoa_r() takes 3 args */
+#cmakedefine HAVE_INET_NTOA_R_3 1
+
+/* Define to 1 if you have a IPv6 capable working inet_ntop function. */
+#cmakedefine HAVE_INET_NTOP 1
+
+/* Define to 1 if you have a IPv6 capable working inet_pton function. */
+#cmakedefine HAVE_INET_PTON 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#cmakedefine HAVE_INTTYPES_H 1
+
+/* Define to 1 if you have the ioctl function. */
+#cmakedefine HAVE_IOCTL 1
+
+/* Define to 1 if you have the ioctlsocket function. */
+#cmakedefine HAVE_IOCTLSOCKET 1
+
+/* Define to 1 if you have the IoctlSocket camel case function. */
+#cmakedefine HAVE_IOCTLSOCKET_CAMEL 1
+
+/* Define to 1 if you have a working IoctlSocket camel case FIONBIO function.
+   */
+#cmakedefine HAVE_IOCTLSOCKET_CAMEL_FIONBIO 1
+
+/* Define to 1 if you have a working ioctlsocket FIONBIO function. */
+#cmakedefine HAVE_IOCTLSOCKET_FIONBIO 1
+
+/* Define to 1 if you have a working ioctl FIONBIO function. */
+#cmakedefine HAVE_IOCTL_FIONBIO 1
+
+/* Define to 1 if you have a working ioctl SIOCGIFADDR function. */
+#cmakedefine HAVE_IOCTL_SIOCGIFADDR 1
+
+/* Define to 1 if you have the <io.h> header file. */
+#cmakedefine HAVE_IO_H 1
+
+/* if you have the Kerberos4 libraries (including -ldes) */
+#cmakedefine HAVE_KRB4 1
+
+/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */
+#cmakedefine HAVE_KRB_GET_OUR_IP_FOR_REALM 1
+
+/* Define to 1 if you have the <krb.h> header file. */
+#cmakedefine HAVE_KRB_H 1
+
+/* Define to 1 if you have the lber.h header file. */
+#cmakedefine HAVE_LBER_H 1
+
+/* Define to 1 if you have the ldapssl.h header file. */
+#cmakedefine HAVE_LDAPSSL_H 1
+
+/* Define to 1 if you have the ldap.h header file. */
+#cmakedefine HAVE_LDAP_H 1
+
+/* Use LDAPS implementation */
+#cmakedefine HAVE_LDAP_SSL 1
+
+/* Define to 1 if you have the ldap_ssl.h header file. */
+#cmakedefine HAVE_LDAP_SSL_H 1
+
+/* Define to 1 if you have the `ldap_url_parse' function. */
+#cmakedefine HAVE_LDAP_URL_PARSE 1
+
+/* Define to 1 if you have the <libgen.h> header file. */
+#cmakedefine HAVE_LIBGEN_H 1
+
+/* Define to 1 if you have the `idn' library (-lidn). */
+#cmakedefine HAVE_LIBIDN 1
+
+/* Define to 1 if you have the `resolv' library (-lresolv). */
+#cmakedefine HAVE_LIBRESOLV 1
+
+/* Define to 1 if you have the `resolve' library (-lresolve). */
+#cmakedefine HAVE_LIBRESOLVE 1
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#cmakedefine HAVE_LIBSOCKET 1
+
+/* Define to 1 if you have the `ssh2' library (-lssh2). */
+#cmakedefine HAVE_LIBSSH2 1
+
+/* Define to 1 if libssh2 provides `libssh2_version'. */
+#cmakedefine HAVE_LIBSSH2_VERSION 1
+
+/* Define to 1 if libssh2 provides `libssh2_init'. */
+#cmakedefine HAVE_LIBSSH2_INIT 1
+
+/* Define to 1 if libssh2 provides `libssh2_exit'. */
+#cmakedefine HAVE_LIBSSH2_EXIT 1
+
+/* Define to 1 if libssh2 provides `libssh2_scp_send64'. */
+#cmakedefine HAVE_LIBSSH2_SCP_SEND64 1
+
+/* Define to 1 if libssh2 provides `libssh2_session_handshake'. */
+#cmakedefine HAVE_LIBSSH2_SESSION_HANDSHAKE 1
+
+/* Define to 1 if you have the <libssh2.h> header file. */
+#cmakedefine HAVE_LIBSSH2_H 1
+
+/* Define to 1 if you have the `ssl' library (-lssl). */
+#cmakedefine HAVE_LIBSSL 1
+
+/* if zlib is available */
+#cmakedefine HAVE_LIBZ 1
+
+/* Define to 1 if you have the <limits.h> header file. */
+#cmakedefine HAVE_LIMITS_H 1
+
+/* if your compiler supports LL */
+#cmakedefine HAVE_LL 1
+
+/* Define to 1 if you have the <locale.h> header file. */
+#cmakedefine HAVE_LOCALE_H 1
+
+/* Define to 1 if you have a working localtime_r function. */
+#cmakedefine HAVE_LOCALTIME_R 1
+
+/* Define to 1 if the compiler supports the 'long long' data type. */
+#cmakedefine HAVE_LONGLONG 1
+
+/* Define to 1 if you have the malloc.h header file. */
+#cmakedefine HAVE_MALLOC_H 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#cmakedefine HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the MSG_NOSIGNAL flag. */
+#cmakedefine HAVE_MSG_NOSIGNAL 1
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#cmakedefine HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#cmakedefine HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#cmakedefine HAVE_NETINET_TCP_H 1
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#cmakedefine HAVE_NET_IF_H 1
+
+/* Define to 1 if NI_WITHSCOPEID exists and works. */
+#cmakedefine HAVE_NI_WITHSCOPEID 1
+
+/* if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE */
+#cmakedefine HAVE_OLD_GSSMIT 1
+
+/* Define to 1 if you have the <openssl/crypto.h> header file. */
+#cmakedefine HAVE_OPENSSL_CRYPTO_H 1
+
+/* Define to 1 if you have the <openssl/engine.h> header file. */
+#cmakedefine HAVE_OPENSSL_ENGINE_H 1
+
+/* Define to 1 if you have the <openssl/err.h> header file. */
+#cmakedefine HAVE_OPENSSL_ERR_H 1
+
+/* Define to 1 if you have the <openssl/pem.h> header file. */
+#cmakedefine HAVE_OPENSSL_PEM_H 1
+
+/* Define to 1 if you have the <openssl/pkcs12.h> header file. */
+#cmakedefine HAVE_OPENSSL_PKCS12_H 1
+
+/* Define to 1 if you have the <openssl/rsa.h> header file. */
+#cmakedefine HAVE_OPENSSL_RSA_H 1
+
+/* Define to 1 if you have the <openssl/ssl.h> header file. */
+#cmakedefine HAVE_OPENSSL_SSL_H 1
+
+/* Define to 1 if you have the <openssl/x509.h> header file. */
+#cmakedefine HAVE_OPENSSL_X509_H 1
+
+/* Define to 1 if you have the <pem.h> header file. */
+#cmakedefine HAVE_PEM_H 1
+
+/* Define to 1 if you have the `perror' function. */
+#cmakedefine HAVE_PERROR 1
+
+/* Define to 1 if you have the `pipe' function. */
+#cmakedefine HAVE_PIPE 1
+
+/* Define to 1 if you have a working poll function. */
+#cmakedefine HAVE_POLL 1
+
+/* If you have a fine poll */
+#cmakedefine HAVE_POLL_FINE 1
+
+/* Define to 1 if you have the <poll.h> header file. */
+#cmakedefine HAVE_POLL_H 1
+
+/* Define to 1 if you have a working POSIX-style strerror_r function. */
+#cmakedefine HAVE_POSIX_STRERROR_R 1
+
+/* Define to 1 if you have the <pwd.h> header file. */
+#cmakedefine HAVE_PWD_H 1
+
+/* Define to 1 if you have the `RAND_egd' function. */
+#cmakedefine HAVE_RAND_EGD 1
+
+/* Define to 1 if you have the `RAND_screen' function. */
+#cmakedefine HAVE_RAND_SCREEN 1
+
+/* Define to 1 if you have the `RAND_status' function. */
+#cmakedefine HAVE_RAND_STATUS 1
+
+/* Define to 1 if you have the recv function. */
+#cmakedefine HAVE_RECV 1
+
+/* Define to 1 if you have the recvfrom function. */
+#cmakedefine HAVE_RECVFROM 1
+
+/* Define to 1 if you have the <rsa.h> header file. */
+#cmakedefine HAVE_RSA_H 1
+
+/* Define to 1 if you have the select function. */
+#cmakedefine HAVE_SELECT 1
+
+/* Define to 1 if you have the send function. */
+#cmakedefine HAVE_SEND 1
+
+/* Define to 1 if you have the <setjmp.h> header file. */
+#cmakedefine HAVE_SETJMP_H 1
+
+/* Define to 1 if you have the `setlocale' function. */
+#cmakedefine HAVE_SETLOCALE 1
+
+/* Define to 1 if you have the `setmode' function. */
+#cmakedefine HAVE_SETMODE 1
+
+/* Define to 1 if you have the `setrlimit' function. */
+#cmakedefine HAVE_SETRLIMIT 1
+
+/* Define to 1 if you have the setsockopt function. */
+#cmakedefine HAVE_SETSOCKOPT 1
+
+/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */
+#cmakedefine HAVE_SETSOCKOPT_SO_NONBLOCK 1
+
+/* Define to 1 if you have the <sgtty.h> header file. */
+#cmakedefine HAVE_SGTTY_H 1
+
+/* Define to 1 if you have the sigaction function. */
+#cmakedefine HAVE_SIGACTION 1
+
+/* Define to 1 if you have the siginterrupt function. */
+#cmakedefine HAVE_SIGINTERRUPT 1
+
+/* Define to 1 if you have the signal function. */
+#cmakedefine HAVE_SIGNAL 1
+
+/* Define to 1 if you have the <signal.h> header file. */
+#cmakedefine HAVE_SIGNAL_H 1
+
+/* Define to 1 if you have the sigsetjmp function or macro. */
+#cmakedefine HAVE_SIGSETJMP 1
+
+/* Define to 1 if sig_atomic_t is an available typedef. */
+#cmakedefine HAVE_SIG_ATOMIC_T 1
+
+/* Define to 1 if sig_atomic_t is already defined as volatile. */
+#cmakedefine HAVE_SIG_ATOMIC_T_VOLATILE 1
+
+/* Define to 1 if struct sockaddr_in6 has the sin6_scope_id member */
+#cmakedefine HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+
+/* Define to 1 if you have the `socket' function. */
+#cmakedefine HAVE_SOCKET 1
+
+/* Define to 1 if you have the `SSL_get_shutdown' function. */
+#cmakedefine HAVE_SSL_GET_SHUTDOWN 1
+
+/* Define to 1 if you have the <ssl.h> header file. */
+#cmakedefine HAVE_SSL_H 1
+
+/* Define to 1 if you have the <stdbool.h> header file. */
+#cmakedefine HAVE_STDBOOL_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#cmakedefine HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#cmakedefine HAVE_STDIO_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#cmakedefine HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the strcasecmp function. */
+#cmakedefine HAVE_STRCASECMP 1
+
+/* Define to 1 if you have the strcasestr function. */
+#cmakedefine HAVE_STRCASESTR 1
+
+/* Define to 1 if you have the strcmpi function. */
+#cmakedefine HAVE_STRCMPI 1
+
+/* Define to 1 if you have the strdup function. */
+#cmakedefine HAVE_STRDUP 1
+
+/* Define to 1 if you have the strerror_r function. */
+#cmakedefine HAVE_STRERROR_R 1
+
+/* Define to 1 if you have the stricmp function. */
+#cmakedefine HAVE_STRICMP 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#cmakedefine HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#cmakedefine HAVE_STRING_H 1
+
+/* Define to 1 if you have the strlcat function. */
+#cmakedefine HAVE_STRLCAT 1
+
+/* Define to 1 if you have the `strlcpy' function. */
+#cmakedefine HAVE_STRLCPY 1
+
+/* Define to 1 if you have the strncasecmp function. */
+#cmakedefine HAVE_STRNCASECMP 1
+
+/* Define to 1 if you have the strncmpi function. */
+#cmakedefine HAVE_STRNCMPI 1
+
+/* Define to 1 if you have the strnicmp function. */
+#cmakedefine HAVE_STRNICMP 1
+
+/* Define to 1 if you have the <stropts.h> header file. */
+#cmakedefine HAVE_STROPTS_H 1
+
+/* Define to 1 if you have the strstr function. */
+#cmakedefine HAVE_STRSTR 1
+
+/* Define to 1 if you have the strtok_r function. */
+#cmakedefine HAVE_STRTOK_R 1
+
+/* Define to 1 if you have the strtoll function. */
+#cmakedefine HAVE_STRTOLL 1
+
+/* if struct sockaddr_storage is defined */
+#cmakedefine HAVE_STRUCT_SOCKADDR_STORAGE 1
+
+/* Define to 1 if you have the timeval struct. */
+#cmakedefine HAVE_STRUCT_TIMEVAL 1
+
+/* Define to 1 if you have the <sys/filio.h> header file. */
+#cmakedefine HAVE_SYS_FILIO_H 1
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#cmakedefine HAVE_SYS_IOCTL_H 1
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#cmakedefine HAVE_SYS_PARAM_H 1
+
+/* Define to 1 if you have the <sys/poll.h> header file. */
+#cmakedefine HAVE_SYS_POLL_H 1
+
+/* Define to 1 if you have the <sys/resource.h> header file. */
+#cmakedefine HAVE_SYS_RESOURCE_H 1
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#cmakedefine HAVE_SYS_SELECT_H 1
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#cmakedefine HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+#cmakedefine HAVE_SYS_SOCKIO_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#cmakedefine HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#cmakedefine HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#cmakedefine HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#cmakedefine HAVE_SYS_UIO_H 1
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#cmakedefine HAVE_SYS_UN_H 1
+
+/* Define to 1 if you have the <sys/utime.h> header file. */
+#cmakedefine HAVE_SYS_UTIME_H 1
+
+/* Define to 1 if you have the <termios.h> header file. */
+#cmakedefine HAVE_TERMIOS_H 1
+
+/* Define to 1 if you have the <termio.h> header file. */
+#cmakedefine HAVE_TERMIO_H 1
+
+/* Define to 1 if you have the <time.h> header file. */
+#cmakedefine HAVE_TIME_H 1
+
+/* Define to 1 if you have the <tld.h> header file. */
+#cmakedefine HAVE_TLD_H 1
+
+/* Define to 1 if you have the `tld_strerror' function. */
+#cmakedefine HAVE_TLD_STRERROR 1
+
+/* Define to 1 if you have the `uname' function. */
+#cmakedefine HAVE_UNAME 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#cmakedefine HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `utime' function. */
+#cmakedefine HAVE_UTIME 1
+
+/* Define to 1 if you have the <utime.h> header file. */
+#cmakedefine HAVE_UTIME_H 1
+
+/* Define to 1 if compiler supports C99 variadic macro style. */
+#cmakedefine HAVE_VARIADIC_MACROS_C99 1
+
+/* Define to 1 if compiler supports old gcc variadic macro style. */
+#cmakedefine HAVE_VARIADIC_MACROS_GCC 1
+
+/* Define to 1 if you have the winber.h header file. */
+#cmakedefine HAVE_WINBER_H 1
+
+/* Define to 1 if you have the windows.h header file. */
+#cmakedefine HAVE_WINDOWS_H 1
+
+/* Define to 1 if you have the winldap.h header file. */
+#cmakedefine HAVE_WINLDAP_H 1
+
+/* Define to 1 if you have the winsock2.h header file. */
+#cmakedefine HAVE_WINSOCK2_H 1
+
+/* Define to 1 if you have the winsock.h header file. */
+#cmakedefine HAVE_WINSOCK_H 1
+
+/* Define this symbol if your OS supports changing the contents of argv */
+#cmakedefine HAVE_WRITABLE_ARGV 1
+
+/* Define to 1 if you have the writev function. */
+#cmakedefine HAVE_WRITEV 1
+
+/* Define to 1 if you have the ws2tcpip.h header file. */
+#cmakedefine HAVE_WS2TCPIP_H 1
+
+/* Define to 1 if you have the <x509.h> header file. */
+#cmakedefine HAVE_X509_H 1
+
+/* Define if you have the <process.h> header file. */
+#cmakedefine HAVE_PROCESS_H 1
+
+/* if you have the zlib.h header file */
+#cmakedefine HAVE_ZLIB_H 1
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+   */
+#cmakedefine LT_OBJDIR ${LT_OBJDIR}
+
+/* If you lack a fine basename() prototype */
+#cmakedefine NEED_BASENAME_PROTO 1
+
+/* Define to 1 if you need the lber.h header file even with ldap.h */
+#cmakedefine NEED_LBER_H 1
+
+/* Define to 1 if you need the malloc.h header file even with stdlib.h */
+#cmakedefine NEED_MALLOC_H 1
+
+/* Define to 1 if _REENTRANT preprocessor symbol must be defined. */
+#cmakedefine NEED_REENTRANT 1
+
+/* cpu-machine-OS */
+#cmakedefine OS ${OS}
+
+/* Name of package */
+#cmakedefine PACKAGE ${PACKAGE}
+
+/* Define to the address where bug reports for this package should be sent. */
+#cmakedefine PACKAGE_BUGREPORT ${PACKAGE_BUGREPORT}
+
+/* Define to the full name of this package. */
+#cmakedefine PACKAGE_NAME ${PACKAGE_NAME}
+
+/* Define to the full name and version of this package. */
+#cmakedefine PACKAGE_STRING ${PACKAGE_STRING}
+
+/* Define to the one symbol short name of this package. */
+#cmakedefine PACKAGE_TARNAME ${PACKAGE_TARNAME}
+
+/* Define to the version of this package. */
+#cmakedefine PACKAGE_VERSION ${PACKAGE_VERSION}
+
+/* a suitable file to read random data from */
+#cmakedefine RANDOM_FILE "${RANDOM_FILE}"
+
+/* Define to the type of arg 1 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG1 ${RECVFROM_TYPE_ARG1}
+
+/* Define to the type pointed by arg 2 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG2 ${RECVFROM_TYPE_ARG2}
+
+/* Define to 1 if the type pointed by arg 2 for recvfrom is void. */
+#cmakedefine RECVFROM_TYPE_ARG2_IS_VOID 1
+
+/* Define to the type of arg 3 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG3 ${RECVFROM_TYPE_ARG3}
+
+/* Define to the type of arg 4 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG4 ${RECVFROM_TYPE_ARG4}
+
+/* Define to the type pointed by arg 5 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG5 ${RECVFROM_TYPE_ARG5}
+
+/* Define to 1 if the type pointed by arg 5 for recvfrom is void. */
+#cmakedefine RECVFROM_TYPE_ARG5_IS_VOID 1
+
+/* Define to the type pointed by arg 6 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG6 ${RECVFROM_TYPE_ARG6}
+
+/* Define to 1 if the type pointed by arg 6 for recvfrom is void. */
+#cmakedefine RECVFROM_TYPE_ARG6_IS_VOID 1
+
+/* Define to the function return type for recvfrom. */
+#cmakedefine RECVFROM_TYPE_RETV ${RECVFROM_TYPE_RETV}
+
+/* Define to the type of arg 1 for recv. */
+#cmakedefine RECV_TYPE_ARG1 ${RECV_TYPE_ARG1}
+
+/* Define to the type of arg 2 for recv. */
+#cmakedefine RECV_TYPE_ARG2 ${RECV_TYPE_ARG2}
+
+/* Define to the type of arg 3 for recv. */
+#cmakedefine RECV_TYPE_ARG3 ${RECV_TYPE_ARG3}
+
+/* Define to the type of arg 4 for recv. */
+#cmakedefine RECV_TYPE_ARG4 ${RECV_TYPE_ARG4}
+
+/* Define to the function return type for recv. */
+#cmakedefine RECV_TYPE_RETV ${RECV_TYPE_RETV}
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#cmakedefine RETSIGTYPE ${RETSIGTYPE}
+
+/* Define to the type qualifier of arg 5 for select. */
+#cmakedefine SELECT_QUAL_ARG5 ${SELECT_QUAL_ARG5}
+
+/* Define to the type of arg 1 for select. */
+#cmakedefine SELECT_TYPE_ARG1 ${SELECT_TYPE_ARG1}
+
+/* Define to the type of args 2, 3 and 4 for select. */
+#cmakedefine SELECT_TYPE_ARG234 ${SELECT_TYPE_ARG234}
+
+/* Define to the type of arg 5 for select. */
+#cmakedefine SELECT_TYPE_ARG5 ${SELECT_TYPE_ARG5}
+
+/* Define to the function return type for select. */
+#cmakedefine SELECT_TYPE_RETV ${SELECT_TYPE_RETV}
+
+/* Define to the type qualifier of arg 2 for send. */
+#cmakedefine SEND_QUAL_ARG2 ${SEND_QUAL_ARG2}
+
+/* Define to the type of arg 1 for send. */
+#cmakedefine SEND_TYPE_ARG1 ${SEND_TYPE_ARG1}
+
+/* Define to the type of arg 2 for send. */
+#cmakedefine SEND_TYPE_ARG2 ${SEND_TYPE_ARG2}
+
+/* Define to the type of arg 3 for send. */
+#cmakedefine SEND_TYPE_ARG3 ${SEND_TYPE_ARG3}
+
+/* Define to the type of arg 4 for send. */
+#cmakedefine SEND_TYPE_ARG4 ${SEND_TYPE_ARG4}
+
+/* Define to the function return type for send. */
+#cmakedefine SEND_TYPE_RETV ${SEND_TYPE_RETV}
+
+/* The size of `int', as computed by sizeof. */
+@SIZEOF_INT_CODE@
+
+/* The size of `short', as computed by sizeof. */
+@SIZEOF_SHORT_CODE@
+
+/* The size of `long', as computed by sizeof. */
+@SIZEOF_LONG_CODE@
+
+/* The size of `off_t', as computed by sizeof. */
+@SIZEOF_OFF_T_CODE@
+
+/* The size of `size_t', as computed by sizeof. */
+@SIZEOF_SIZE_T_CODE@
+
+/* The size of `ssize_t', as computed by sizeof. */
+@SIZEOF_SSIZE_T_CODE@
+
+/* The size of `time_t', as computed by sizeof. */
+@SIZEOF_TIME_T_CODE@
+
+/* Define to 1 if you have the ANSI C header files. */
+#cmakedefine STDC_HEADERS 1
+
+/* Define to the type of arg 3 for strerror_r. */
+#cmakedefine STRERROR_R_TYPE_ARG3 ${STRERROR_R_TYPE_ARG3}
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#cmakedefine TIME_WITH_SYS_TIME 1
+
+/* Define if you want to enable c-ares support */
+#cmakedefine USE_ARES 1
+
+/* Define to disable non-blocking sockets. */
+#cmakedefine USE_BLOCKING_SOCKETS 1
+
+/* if GnuTLS is enabled */
+#cmakedefine USE_GNUTLS 1
+
+/* if PolarSSL is enabled */
+#cmakedefine USE_POLARSSL 1
+
+/* if libSSH2 is in use */
+#cmakedefine USE_LIBSSH2 1
+
+/* If you want to build curl with the built-in manual */
+#cmakedefine USE_MANUAL 1
+
+/* if NSS is enabled */
+#cmakedefine USE_NSS 1
+
+/* if you want to use OpenLDAP code instead of legacy ldap implementation */
+#cmakedefine USE_OPENLDAP 1
+
+/* if OpenSSL is in use */
+#cmakedefine USE_OPENSSL 1
+
+/* if SSL is enabled */
+#cmakedefine USE_SSLEAY 1
+
+/* to enable SSPI support */
+#cmakedefine USE_WINDOWS_SSPI 1
+
+/* Define to 1 if using yaSSL in OpenSSL compatibility mode. */
+#cmakedefine USE_YASSLEMUL 1
+
+/* Version number of package */
+#cmakedefine VERSION ${VERSION}
+
+/* Define to avoid automatic inclusion of winsock.h */
+#cmakedefine WIN32_LEAN_AND_MEAN 1
+
+/* Define to 1 if OS is AIX. */
+#ifndef _ALL_SOURCE
+#  undef _ALL_SOURCE
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+#cmakedefine _FILE_OFFSET_BITS ${_FILE_OFFSET_BITS}
+
+/* Define for large files, on AIX-style hosts. */
+#cmakedefine _LARGE_FILES ${_LARGE_FILES}
+
+/* define this if you need it to compile thread-safe code */
+#cmakedefine _THREAD_SAFE ${_THREAD_SAFE}
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#cmakedefine const ${const}
+
+/* Type to use in place of in_addr_t when system does not provide it. */
+#cmakedefine in_addr_t ${in_addr_t}
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#cmakedefine size_t ${size_t}
+
+/* the signed version of size_t */
+#ifndef SIZEOF_SSIZE_T
+# if SIZEOF_LONG == SIZEOF_SIZE_T
+   typedef long ssize_t;
+# elif SIZEOF_LONG_LONG == SIZEOF_SIZE_T
+   typedef long long ssize_t;
+# elif SIZEOF___INT64 == SIZEOF_SIZE_T
+   typedef __int64 ssize_t;
+# else
+   typedef int ssize_t;
+# endif
+#endif
diff --git a/Utilities/cmcurl/lib/curl_fnmatch.c b/Utilities/cmcurl/lib/curl_fnmatch.c
new file mode 100644
index 0000000..63f67b9
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_fnmatch.c
@@ -0,0 +1,427 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "curl_fnmatch.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#define CURLFNM_CHARSET_LEN (sizeof(char) * 256)
+#define CURLFNM_CHSET_SIZE (CURLFNM_CHARSET_LEN + 15)
+
+#define CURLFNM_NEGATE  CURLFNM_CHARSET_LEN
+
+#define CURLFNM_ALNUM   (CURLFNM_CHARSET_LEN + 1)
+#define CURLFNM_DIGIT   (CURLFNM_CHARSET_LEN + 2)
+#define CURLFNM_XDIGIT  (CURLFNM_CHARSET_LEN + 3)
+#define CURLFNM_ALPHA   (CURLFNM_CHARSET_LEN + 4)
+#define CURLFNM_PRINT   (CURLFNM_CHARSET_LEN + 5)
+#define CURLFNM_BLANK   (CURLFNM_CHARSET_LEN + 6)
+#define CURLFNM_LOWER   (CURLFNM_CHARSET_LEN + 7)
+#define CURLFNM_GRAPH   (CURLFNM_CHARSET_LEN + 8)
+#define CURLFNM_SPACE   (CURLFNM_CHARSET_LEN + 9)
+#define CURLFNM_UPPER   (CURLFNM_CHARSET_LEN + 10)
+
+typedef enum {
+  CURLFNM_LOOP_DEFAULT = 0,
+  CURLFNM_LOOP_BACKSLASH
+} loop_state;
+
+typedef enum {
+  CURLFNM_SCHS_DEFAULT = 0,
+  CURLFNM_SCHS_MAYRANGE,
+  CURLFNM_SCHS_MAYRANGE2,
+  CURLFNM_SCHS_RIGHTBR,
+  CURLFNM_SCHS_RIGHTBRLEFTBR
+} setcharset_state;
+
+typedef enum {
+  CURLFNM_PKW_INIT = 0,
+  CURLFNM_PKW_DDOT
+} parsekey_state;
+
+#define SETCHARSET_OK     1
+#define SETCHARSET_FAIL   0
+
+static int parsekeyword(unsigned char **pattern, unsigned char *charset)
+{
+  parsekey_state state = CURLFNM_PKW_INIT;
+#define KEYLEN 10
+  char keyword[KEYLEN] = { 0 };
+  int found = FALSE;
+  int i;
+  unsigned char *p = *pattern;
+  for(i = 0; !found; i++) {
+    char c = *p++;
+    if(i >= KEYLEN)
+      return SETCHARSET_FAIL;
+    switch(state) {
+    case CURLFNM_PKW_INIT:
+      if(ISALPHA(c) && ISLOWER(c))
+        keyword[i] = c;
+      else if(c == ':')
+        state = CURLFNM_PKW_DDOT;
+      else
+        return 0;
+      break;
+    case CURLFNM_PKW_DDOT:
+      if(c == ']')
+        found = TRUE;
+      else
+        return SETCHARSET_FAIL;
+    }
+  }
+#undef KEYLEN
+
+  *pattern = p; /* move caller's pattern pointer */
+  if(strcmp(keyword, "digit") == 0)
+    charset[CURLFNM_DIGIT] = 1;
+  else if(strcmp(keyword, "alnum") == 0)
+    charset[CURLFNM_ALNUM] = 1;
+  else if(strcmp(keyword, "alpha") == 0)
+    charset[CURLFNM_ALPHA] = 1;
+  else if(strcmp(keyword, "xdigit") == 0)
+    charset[CURLFNM_XDIGIT] = 1;
+  else if(strcmp(keyword, "print") == 0)
+    charset[CURLFNM_PRINT] = 1;
+  else if(strcmp(keyword, "graph") == 0)
+    charset[CURLFNM_GRAPH] = 1;
+  else if(strcmp(keyword, "space") == 0)
+    charset[CURLFNM_SPACE] = 1;
+  else if(strcmp(keyword, "blank") == 0)
+    charset[CURLFNM_BLANK] = 1;
+  else if(strcmp(keyword, "upper") == 0)
+    charset[CURLFNM_UPPER] = 1;
+  else if(strcmp(keyword, "lower") == 0)
+    charset[CURLFNM_LOWER] = 1;
+  else
+    return SETCHARSET_FAIL;
+  return SETCHARSET_OK;
+}
+
+/* returns 1 (true) if pattern is OK, 0 if is bad ("p" is pattern pointer) */
+static int setcharset(unsigned char **p, unsigned char *charset)
+{
+  setcharset_state state = CURLFNM_SCHS_DEFAULT;
+  unsigned char rangestart = 0;
+  unsigned char lastchar   = 0;
+  bool something_found = FALSE;
+  unsigned char c;
+  for(;;) {
+    c = **p;
+    switch(state) {
+    case CURLFNM_SCHS_DEFAULT:
+      if(ISALNUM(c)) { /* ASCII value */
+        rangestart = c;
+        charset[c] = 1;
+        (*p)++;
+        state = CURLFNM_SCHS_MAYRANGE;
+        something_found = TRUE;
+      }
+      else if(c == ']') {
+        if(something_found)
+          return SETCHARSET_OK;
+        else
+          something_found = TRUE;
+        state = CURLFNM_SCHS_RIGHTBR;
+        charset[c] = 1;
+        (*p)++;
+      }
+      else if(c == '[') {
+        char c2 = *((*p)+1);
+        if(c2 == ':') { /* there has to be a keyword */
+          (*p) += 2;
+          if(parsekeyword(p, charset)) {
+            state = CURLFNM_SCHS_DEFAULT;
+          }
+          else
+            return SETCHARSET_FAIL;
+        }
+        else {
+          charset[c] = 1;
+          (*p)++;
+        }
+        something_found = TRUE;
+      }
+      else if(c == '?' || c == '*') {
+        something_found = TRUE;
+        charset[c] = 1;
+        (*p)++;
+      }
+      else if(c == '^' || c == '!') {
+        if(!something_found) {
+          if(charset[CURLFNM_NEGATE]) {
+            charset[c] = 1;
+            something_found = TRUE;
+          }
+          else
+            charset[CURLFNM_NEGATE] = 1; /* negate charset */
+        }
+        else
+          charset[c] = 1;
+        (*p)++;
+      }
+      else if(c == '\\') {
+        c = *(++(*p));
+        if(ISPRINT((c))) {
+          something_found = TRUE;
+          state = CURLFNM_SCHS_MAYRANGE;
+          charset[c] = 1;
+          rangestart = c;
+          (*p)++;
+        }
+        else
+          return SETCHARSET_FAIL;
+      }
+      else if(c == '\0') {
+        return SETCHARSET_FAIL;
+      }
+      else {
+        charset[c] = 1;
+        (*p)++;
+        something_found = TRUE;
+      }
+      break;
+    case CURLFNM_SCHS_MAYRANGE:
+      if(c == '-') {
+        charset[c] = 1;
+        (*p)++;
+        lastchar = '-';
+        state = CURLFNM_SCHS_MAYRANGE2;
+      }
+      else if(c == '[') {
+        state = CURLFNM_SCHS_DEFAULT;
+      }
+      else if(ISALNUM(c)) {
+        charset[c] = 1;
+        (*p)++;
+      }
+      else if(c == '\\') {
+        c = *(++(*p));
+        if(ISPRINT(c)) {
+          charset[c] = 1;
+          (*p)++;
+        }
+        else
+          return SETCHARSET_FAIL;
+      }
+      else if(c == ']') {
+        return SETCHARSET_OK;
+      }
+      else
+        return SETCHARSET_FAIL;
+      break;
+    case CURLFNM_SCHS_MAYRANGE2:
+      if(c == '\\') {
+        c = *(++(*p));
+        if(!ISPRINT(c))
+          return SETCHARSET_FAIL;
+      }
+      if(c == ']') {
+        return SETCHARSET_OK;
+      }
+      else if(c == '\\') {
+        c = *(++(*p));
+        if(ISPRINT(c)) {
+          charset[c] = 1;
+          state = CURLFNM_SCHS_DEFAULT;
+          (*p)++;
+        }
+        else
+          return SETCHARSET_FAIL;
+      }
+      if(c >= rangestart) {
+        if((ISLOWER(c) && ISLOWER(rangestart)) ||
+           (ISDIGIT(c) && ISDIGIT(rangestart)) ||
+           (ISUPPER(c) && ISUPPER(rangestart))) {
+          charset[lastchar] = 0;
+          rangestart++;
+          while(rangestart++ <= c)
+            charset[rangestart-1] = 1;
+          (*p)++;
+          state = CURLFNM_SCHS_DEFAULT;
+        }
+        else
+          return SETCHARSET_FAIL;
+      }
+      break;
+    case CURLFNM_SCHS_RIGHTBR:
+      if(c == '[') {
+        state = CURLFNM_SCHS_RIGHTBRLEFTBR;
+        charset[c] = 1;
+        (*p)++;
+      }
+      else if(c == ']') {
+        return SETCHARSET_OK;
+      }
+      else if(c == '\0') {
+        return SETCHARSET_FAIL;
+      }
+      else if(ISPRINT(c)) {
+        charset[c] = 1;
+        (*p)++;
+        state = CURLFNM_SCHS_DEFAULT;
+      }
+      else
+        /* used 'goto fail' instead of 'return SETCHARSET_FAIL' to avoid a
+         * nonsense warning 'statement not reached' at end of the fnc when
+         * compiling on Solaris */
+        goto fail;
+      break;
+    case CURLFNM_SCHS_RIGHTBRLEFTBR:
+      if(c == ']') {
+        return SETCHARSET_OK;
+      }
+      else {
+        state  = CURLFNM_SCHS_DEFAULT;
+        charset[c] = 1;
+        (*p)++;
+      }
+      break;
+    }
+  }
+fail:
+  return SETCHARSET_FAIL;
+}
+
+static int loop(const unsigned char *pattern, const unsigned char *string)
+{
+  loop_state state = CURLFNM_LOOP_DEFAULT;
+  unsigned char *p = (unsigned char *)pattern;
+  unsigned char *s = (unsigned char *)string;
+  unsigned char charset[CURLFNM_CHSET_SIZE] = { 0 };
+  int rc = 0;
+
+  for(;;) {
+    switch(state) {
+    case CURLFNM_LOOP_DEFAULT:
+      if(*p == '*') {
+        while(*(p+1) == '*') /* eliminate multiple stars */
+          p++;
+        if(*s == '\0' && *(p+1) == '\0')
+          return CURL_FNMATCH_MATCH;
+        rc = loop(p + 1, s); /* *.txt matches .txt <=> .txt matches .txt */
+        if(rc == CURL_FNMATCH_MATCH)
+          return CURL_FNMATCH_MATCH;
+        if(*s) /* let the star eat up one character */
+          s++;
+        else
+          return CURL_FNMATCH_NOMATCH;
+      }
+      else if(*p == '?') {
+        if(ISPRINT(*s)) {
+          s++;
+          p++;
+        }
+        else if(*s == '\0')
+          return CURL_FNMATCH_NOMATCH;
+        else
+          return CURL_FNMATCH_FAIL; /* cannot deal with other character */
+      }
+      else if(*p == '\0') {
+        if(*s == '\0')
+          return CURL_FNMATCH_MATCH;
+        else
+          return CURL_FNMATCH_NOMATCH;
+      }
+      else if(*p == '\\') {
+        state = CURLFNM_LOOP_BACKSLASH;
+        p++;
+      }
+      else if(*p == '[') {
+        unsigned char *pp = p+1; /* cannot handle with pointer to register */
+        if(setcharset(&pp, charset)) {
+          int found = FALSE;
+          if(charset[(unsigned int)*s])
+            found = TRUE;
+          else if(charset[CURLFNM_ALNUM])
+            found = ISALNUM(*s);
+          else if(charset[CURLFNM_ALPHA])
+            found = ISALPHA(*s);
+          else if(charset[CURLFNM_DIGIT])
+            found = ISDIGIT(*s);
+          else if(charset[CURLFNM_XDIGIT])
+            found = ISXDIGIT(*s);
+          else if(charset[CURLFNM_PRINT])
+            found = ISPRINT(*s);
+          else if(charset[CURLFNM_SPACE])
+            found = ISSPACE(*s);
+          else if(charset[CURLFNM_UPPER])
+            found = ISUPPER(*s);
+          else if(charset[CURLFNM_LOWER])
+            found = ISLOWER(*s);
+          else if(charset[CURLFNM_BLANK])
+            found = ISBLANK(*s);
+          else if(charset[CURLFNM_GRAPH])
+            found = ISGRAPH(*s);
+
+          if(charset[CURLFNM_NEGATE])
+            found = !found;
+
+          if(found) {
+            p = pp+1;
+            s++;
+            memset(charset, 0, CURLFNM_CHSET_SIZE);
+          }
+          else
+            return CURL_FNMATCH_NOMATCH;
+        }
+        else
+          return CURL_FNMATCH_FAIL;
+      }
+      else {
+        if(*p++ != *s++)
+          return CURL_FNMATCH_NOMATCH;
+      }
+      break;
+    case CURLFNM_LOOP_BACKSLASH:
+      if(ISPRINT(*p)) {
+        if(*p++ == *s++)
+          state = CURLFNM_LOOP_DEFAULT;
+        else
+          return CURL_FNMATCH_NOMATCH;
+      }
+      else
+        return CURL_FNMATCH_FAIL;
+      break;
+    }
+  }
+}
+
+/*
+ * @unittest: 1307
+ */
+int Curl_fnmatch(void *ptr, const char *pattern, const char *string)
+{
+  (void)ptr; /* the argument is specified by the curl_fnmatch_callback
+                prototype, but not used by Curl_fnmatch() */
+  if(!pattern || !string) {
+    return CURL_FNMATCH_FAIL;
+  }
+  return loop((unsigned char *)pattern, (unsigned char *)string);
+}
diff --git a/Utilities/cmcurl/easyif.h b/Utilities/cmcurl/lib/curl_fnmatch.h
index 4c0f7e7..6335d03 100644
--- a/Utilities/cmcurl/easyif.h
+++ b/Utilities/cmcurl/lib/curl_fnmatch.h
@@ -1,5 +1,5 @@
-#ifndef __EASYIF_H
-#define __EASYIF_H
+#ifndef HEADER_CURL_FNMATCH_H
+#define HEADER_CURL_FNMATCH_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,21 +20,25 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-/*
- * Prototypes for library-wide functions provided by easy.c
- */
-void Curl_easy_addmulti(struct SessionHandle *data, void *multi);
-
-void Curl_easy_initHandleData(struct SessionHandle *data);
+#define CURL_FNMATCH_MATCH    0
+#define CURL_FNMATCH_NOMATCH  1
+#define CURL_FNMATCH_FAIL     2
 
-CURLcode Curl_convert_to_network(struct SessionHandle *data,
-                                 char *buffer, size_t length);
-CURLcode Curl_convert_from_network(struct SessionHandle *data,
-                                 char *buffer, size_t length);
-CURLcode Curl_convert_from_utf8(struct SessionHandle *data,
-                                 char *buffer, size_t length);
+/* default pattern matching function
+ * =================================
+ * Implemented with recursive backtracking, if you want to use Curl_fnmatch,
+ * please note that there is not implemented UTF/UNICODE support.
+ *
+ * Implemented features:
+ * '?' notation, does not match UTF characters
+ * '*' can also work with UTF string
+ * [a-zA-Z0-9] enumeration support
+ *
+ * keywords: alnum, digit, xdigit, alpha, print, blank, lower, graph, space
+ *           and upper (use as "[[:alnum:]]")
+ */
+int Curl_fnmatch(void *ptr, const char *pattern, const char *string);
 
-#endif /* __EASYIF_H */
+#endif /* HEADER_CURL_FNMATCH_H */
diff --git a/Utilities/cmcurl/lib/curl_gethostname.c b/Utilities/cmcurl/lib/curl_gethostname.c
new file mode 100644
index 0000000..ded1e6f
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_gethostname.c
@@ -0,0 +1,100 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "curl_gethostname.h"
+
+/*
+ * Curl_gethostname() is a wrapper around gethostname() which allows
+ * overriding the host name that the function would normally return.
+ * This capability is used by the test suite to verify exact matching
+ * of NTLM authentication, which exercises libcurl's MD4 and DES code
+ * as well as by the SMTP module when a hostname is not provided.
+ *
+ * For libcurl debug enabled builds host name overriding takes place
+ * when environment variable CURL_GETHOSTNAME is set, using the value
+ * held by the variable to override returned host name.
+ *
+ * Note: The function always returns the un-qualified hostname rather
+ * than being provider dependent.
+ *
+ * For libcurl shared library release builds the test suite preloads
+ * another shared library named libhostname using the LD_PRELOAD
+ * mechanism which intercepts, and might override, the gethostname()
+ * function call. In this case a given platform must support the
+ * LD_PRELOAD mechanism and additionally have environment variable
+ * CURL_GETHOSTNAME set in order to override the returned host name.
+ *
+ * For libcurl static library release builds no overriding takes place.
+ */
+
+int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen) {
+
+#ifndef HAVE_GETHOSTNAME
+
+  /* Allow compilation and return failure when unavailable */
+  (void) name;
+  (void) namelen;
+  return -1;
+
+#else
+  int err;
+  char* dot;
+
+#ifdef DEBUGBUILD
+
+  /* Override host name when environment variable CURL_GETHOSTNAME is set */
+  const char *force_hostname = getenv("CURL_GETHOSTNAME");
+  if(force_hostname) {
+    strncpy(name, force_hostname, namelen);
+    err = 0;
+  }
+  else {
+    name[0] = '\0';
+    err = gethostname(name, namelen);
+  }
+
+#else /* DEBUGBUILD */
+
+  /* The call to system's gethostname() might get intercepted by the
+     libhostname library when libcurl is built as a non-debug shared
+     library when running the test suite. */
+  name[0] = '\0';
+  err = gethostname(name, namelen);
+
+#endif
+
+  name[namelen - 1] = '\0';
+
+  if(err)
+    return err;
+
+  /* Truncate domain, leave only machine name */
+  dot = strchr(name, '.');
+  if(dot)
+    *dot = '\0';
+
+  return 0;
+#endif
+
+}
diff --git a/Utilities/cmcurl/lib/curl_gethostname.h b/Utilities/cmcurl/lib/curl_gethostname.h
new file mode 100644
index 0000000..48740f6
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_gethostname.h
@@ -0,0 +1,31 @@
+#ifndef HEADER_CURL_GETHOSTNAME_H
+#define HEADER_CURL_GETHOSTNAME_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* Hostname buffer size */
+#define HOSTNAME_MAX 1024
+
+/* This returns the local machine's un-qualified hostname */
+int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen);
+
+#endif /* HEADER_CURL_GETHOSTNAME_H */
diff --git a/Utilities/cmcurl/lib/curl_gssapi.c b/Utilities/cmcurl/lib/curl_gssapi.c
new file mode 100644
index 0000000..232b3ef
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_gssapi.c
@@ -0,0 +1,75 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2011 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_GSSAPI
+
+#include "curl_gssapi.h"
+#include "sendf.h"
+
+static const char spnego_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02";
+gss_OID_desc Curl_spnego_mech_oid = { 6, &spnego_oid_bytes };
+static const char krb5_oid_bytes[] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
+gss_OID_desc Curl_krb5_mech_oid = { 9, &krb5_oid_bytes };
+
+OM_uint32 Curl_gss_init_sec_context(
+    struct SessionHandle *data,
+    OM_uint32 *minor_status,
+    gss_ctx_id_t *context,
+    gss_name_t target_name,
+    gss_OID mech_type,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags)
+{
+  OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+
+  if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
+#ifdef GSS_C_DELEG_POLICY_FLAG
+    req_flags |= GSS_C_DELEG_POLICY_FLAG;
+#else
+    infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
+        "compiled in\n");
+#endif
+  }
+
+  if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
+    req_flags |= GSS_C_DELEG_FLAG;
+
+  return gss_init_sec_context(minor_status,
+                              GSS_C_NO_CREDENTIAL, /* cred_handle */
+                              context,
+                              target_name,
+                              mech_type,
+                              req_flags,
+                              0, /* time_req */
+                              input_chan_bindings,
+                              input_token,
+                              NULL, /* actual_mech_type */
+                              output_token,
+                              ret_flags,
+                              NULL /* time_rec */);
+}
+
+#endif /* HAVE_GSSAPI */
diff --git a/Utilities/cmcurl/tftp.h b/Utilities/cmcurl/lib/curl_gssapi.h
index c712541..b91bd7e 100644
--- a/Utilities/cmcurl/tftp.h
+++ b/Utilities/cmcurl/lib/curl_gssapi.h
@@ -1,6 +1,5 @@
-#ifndef __TFTP_H
-#define __TFTP_H
-
+#ifndef HEADER_CURL_GSSAPI_H
+#define HEADER_CURL_GSSAPI_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -8,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,11 +20,41 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-#ifndef CURL_DISABLE_TFTP
-CURLcode Curl_tftp_connect(struct connectdata *conn, bool *done);
-CURLcode Curl_tftp(struct connectdata *conn, bool *done);
-CURLcode Curl_tftp_done(struct connectdata *conn, CURLcode, bool premature);
-#endif
+
+#include "curl_setup.h"
+#include "urldata.h"
+
+#ifdef HAVE_GSSAPI
+
+#ifdef HAVE_GSSGNU
+#  include <gss.h>
+#elif defined HAVE_GSSMIT
+   /* MIT style */
+#  include <gssapi/gssapi.h>
+#  include <gssapi/gssapi_generic.h>
+#  include <gssapi/gssapi_krb5.h>
+#else
+   /* Heimdal-style */
+#  include <gssapi.h>
 #endif
+
+extern gss_OID_desc Curl_spnego_mech_oid;
+extern gss_OID_desc Curl_krb5_mech_oid;
+
+/* Common method for using GSS-API */
+
+OM_uint32 Curl_gss_init_sec_context(
+    struct SessionHandle *data,
+    OM_uint32 *minor_status,
+    gss_ctx_id_t *context,
+    gss_name_t target_name,
+    gss_OID mech_type,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags);
+
+#endif /* HAVE_GSSAPI */
+
+#endif /* HEADER_CURL_GSSAPI_H */
diff --git a/Utilities/cmcurl/lib/curl_hmac.h b/Utilities/cmcurl/lib/curl_hmac.h
new file mode 100644
index 0000000..9b65c8c
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_hmac.h
@@ -0,0 +1,67 @@
+#ifndef HEADER_CURL_HMAC_H
+#define HEADER_CURL_HMAC_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+
+typedef void    (* HMAC_hinit_func)(void * context);
+typedef void    (* HMAC_hupdate_func)(void * context,
+                                      const unsigned char * data,
+                                      unsigned int len);
+typedef void    (* HMAC_hfinal_func)(unsigned char * result, void * context);
+
+
+/* Per-hash function HMAC parameters. */
+
+typedef struct {
+  HMAC_hinit_func       hmac_hinit;     /* Initialize context procedure. */
+  HMAC_hupdate_func     hmac_hupdate;   /* Update context with data. */
+  HMAC_hfinal_func      hmac_hfinal;    /* Get final result procedure. */
+  unsigned int          hmac_ctxtsize;  /* Context structure size. */
+  unsigned int          hmac_maxkeylen; /* Maximum key length (bytes). */
+  unsigned int          hmac_resultlen; /* Result length (bytes). */
+} HMAC_params;
+
+
+/* HMAC computation context. */
+
+typedef struct {
+  const HMAC_params *   hmac_hash;      /* Hash function definition. */
+  void *                hmac_hashctxt1; /* Hash function context 1. */
+  void *                hmac_hashctxt2; /* Hash function context 2. */
+} HMAC_context;
+
+
+/* Prototypes. */
+
+HMAC_context * Curl_HMAC_init(const HMAC_params * hashparams,
+                              const unsigned char * key,
+                              unsigned int keylen);
+int Curl_HMAC_update(HMAC_context * context,
+                     const unsigned char * data,
+                     unsigned int len);
+int Curl_HMAC_final(HMAC_context * context, unsigned char * result);
+
+#endif
+
+#endif /* HEADER_CURL_HMAC_H */
diff --git a/Utilities/cmcurl/lib/curl_ldap.h b/Utilities/cmcurl/lib/curl_ldap.h
new file mode 100644
index 0000000..93fb4b0
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_ldap.h
@@ -0,0 +1,35 @@
+#ifndef HEADER_CURL_LDAP_H
+#define HEADER_CURL_LDAP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#ifndef CURL_DISABLE_LDAP
+extern const struct Curl_handler Curl_handler_ldap;
+
+#if !defined(CURL_DISABLE_LDAPS) && \
+    ((defined(USE_OPENLDAP) && defined(USE_SSL)) || \
+     (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL)))
+extern const struct Curl_handler Curl_handler_ldaps;
+#endif
+
+#endif
+#endif /* HEADER_CURL_LDAP_H */
+
diff --git a/Utilities/cmcurl/lib/curl_md4.h b/Utilities/cmcurl/lib/curl_md4.h
new file mode 100644
index 0000000..b0be9cf
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_md4.h
@@ -0,0 +1,33 @@
+#ifndef HEADER_CURL_MD4_H
+#define HEADER_CURL_MD4_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+/* NSS crypto library does not provide the MD4 hash algorithm, so that we have
+ * a local implementation of it */
+#ifdef USE_NSS
+void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len);
+#endif /* USE_NSS */
+
+#endif /* HEADER_CURL_MD4_H */
diff --git a/Utilities/cmcurl/lib/curl_md5.h b/Utilities/cmcurl/lib/curl_md5.h
new file mode 100644
index 0000000..9c0e0b5
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_md5.h
@@ -0,0 +1,63 @@
+#ifndef HEADER_CURL_MD5_H
+#define HEADER_CURL_MD5_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+#include "curl_hmac.h"
+
+#define MD5_DIGEST_LEN  16
+
+typedef void (* Curl_MD5_init_func)(void *context);
+typedef void (* Curl_MD5_update_func)(void *context,
+                                      const unsigned char *data,
+                                      unsigned int len);
+typedef void (* Curl_MD5_final_func)(unsigned char *result, void *context);
+
+typedef struct {
+  Curl_MD5_init_func     md5_init_func;   /* Initialize context procedure */
+  Curl_MD5_update_func   md5_update_func; /* Update context with data */
+  Curl_MD5_final_func    md5_final_func;  /* Get final result procedure */
+  unsigned int           md5_ctxtsize;  /* Context structure size */
+  unsigned int           md5_resultlen; /* Result length (bytes) */
+} MD5_params;
+
+typedef struct {
+  const MD5_params      *md5_hash;      /* Hash function definition */
+  void                  *md5_hashctx;   /* Hash function context */
+} MD5_context;
+
+extern const MD5_params Curl_DIGEST_MD5[1];
+extern const HMAC_params Curl_HMAC_MD5[1];
+
+void Curl_md5it(unsigned char *output,
+                const unsigned char *input);
+
+MD5_context * Curl_MD5_init(const MD5_params *md5params);
+int Curl_MD5_update(MD5_context *context,
+                    const unsigned char *data,
+                    unsigned int len);
+int Curl_MD5_final(MD5_context *context, unsigned char *result);
+
+#endif
+
+#endif /* HEADER_CURL_MD5_H */
diff --git a/Utilities/cmcurl/lib/curl_memory.h b/Utilities/cmcurl/lib/curl_memory.h
new file mode 100644
index 0000000..e3cdc72
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_memory.h
@@ -0,0 +1,140 @@
+#ifndef HEADER_CURL_MEMORY_H
+#define HEADER_CURL_MEMORY_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Nasty internal details ahead...
+ *
+ * File curl_memory.h must be included by _all_ *.c source files
+ * that use memory related functions strdup, malloc, calloc, realloc
+ * or free, and given source file is used to build libcurl library.
+ *
+ * There is nearly no exception to above rule. All libcurl source
+ * files in 'lib' subdirectory as well as those living deep inside
+ * 'packages' subdirectories and linked together in order to build
+ * libcurl library shall follow it.
+ *
+ * File lib/strdup.c is an exception, given that it provides a strdup
+ * clone implementation while using malloc. Extra care needed inside
+ * this one. TODO: revisit this paragraph and related code.
+ *
+ * The need for curl_memory.h inclusion is due to libcurl's feature
+ * of allowing library user to provide memory replacement functions,
+ * memory callbacks, at runtime with curl_global_init_mem()
+ *
+ * Any *.c source file used to build libcurl library that does not
+ * include curl_memory.h and uses any memory function of the five
+ * mentioned above will compile without any indication, but it will
+ * trigger weird memory related issues at runtime.
+ *
+ * OTOH some source files from 'lib' subdirectory may additionally be
+ * used directly as source code when using some curlx_ functions by
+ * third party programs that don't even use libcurl at all. When using
+ * these source files in this way it is necessary these are compiled
+ * with CURLX_NO_MEMORY_CALLBACKS defined, in order to ensure that no
+ * attempt of calling libcurl's memory callbacks is done from code
+ * which can not use this machinery.
+ *
+ * Notice that libcurl's 'memory tracking' system works chaining into
+ * the memory callback machinery. This implies that when compiling
+ * 'lib' source files with CURLX_NO_MEMORY_CALLBACKS defined this file
+ * disengages usage of libcurl's 'memory tracking' system, defining
+ * MEMDEBUG_NODEFINES and overriding CURLDEBUG purpose.
+ *
+ * CURLX_NO_MEMORY_CALLBACKS takes precedence over CURLDEBUG. This is
+ * done in order to allow building a 'memory tracking' enabled libcurl
+ * and at the same time allow building programs which do not use it.
+ *
+ * Programs and libraries in 'tests' subdirectories have specific
+ * purposes and needs, and as such each one will use whatever fits
+ * best, depending additionally wether it links with libcurl or not.
+ *
+ * Caveat emptor. Proper curlx_* separation is a work in progress
+ * the same as CURLX_NO_MEMORY_CALLBACKS usage, some adjustments may
+ * still be required. IOW don't use them yet, there are sharp edges.
+ */
+
+#ifdef HEADER_CURL_MEMDEBUG_H
+#error "Header memdebug.h shall not be included before curl_memory.h"
+#endif
+
+#ifndef CURLX_NO_MEMORY_CALLBACKS
+
+#include <curl/curl.h> /* for the callback typedefs */
+
+extern curl_malloc_callback Curl_cmalloc;
+extern curl_free_callback Curl_cfree;
+extern curl_realloc_callback Curl_crealloc;
+extern curl_strdup_callback Curl_cstrdup;
+extern curl_calloc_callback Curl_ccalloc;
+#if defined(WIN32) && defined(UNICODE)
+extern curl_wcsdup_callback Curl_cwcsdup;
+#endif
+
+#ifndef CURLDEBUG
+
+/*
+ * libcurl's 'memory tracking' system defines strdup, malloc, calloc,
+ * realloc and free, along with others, in memdebug.h in a different
+ * way although still using memory callbacks forward declared above.
+ * When using the 'memory tracking' system (CURLDEBUG defined) we do
+ * not define here the five memory functions given that definitions
+ * from memdebug.h are the ones that shall be used.
+ */
+
+#undef strdup
+#define strdup(ptr) Curl_cstrdup(ptr)
+#undef malloc
+#define malloc(size) Curl_cmalloc(size)
+#undef calloc
+#define calloc(nbelem,size) Curl_ccalloc(nbelem, size)
+#undef realloc
+#define realloc(ptr,size) Curl_crealloc(ptr, size)
+#undef free
+#define free(ptr) Curl_cfree(ptr)
+
+#ifdef WIN32
+#  ifdef UNICODE
+#    undef wcsdup
+#    define wcsdup(ptr) Curl_cwcsdup(ptr)
+#    undef _wcsdup
+#    define _wcsdup(ptr) Curl_cwcsdup(ptr)
+#    undef _tcsdup
+#    define _tcsdup(ptr) Curl_cwcsdup(ptr)
+#  else
+#    undef _tcsdup
+#    define _tcsdup(ptr) Curl_cstrdup(ptr)
+#  endif
+#endif
+
+#endif /* CURLDEBUG */
+
+#else /* CURLX_NO_MEMORY_CALLBACKS */
+
+#ifndef MEMDEBUG_NODEFINES
+#define MEMDEBUG_NODEFINES
+#endif
+
+#endif /* CURLX_NO_MEMORY_CALLBACKS */
+
+#endif /* HEADER_CURL_MEMORY_H */
diff --git a/Utilities/cmcurl/lib/curl_memrchr.c b/Utilities/cmcurl/lib/curl_memrchr.c
new file mode 100644
index 0000000..a71c2bb
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_memrchr.c
@@ -0,0 +1,62 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "curl_memrchr.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifndef HAVE_MEMRCHR
+
+/*
+ * Curl_memrchr()
+ *
+ * Our memrchr() function clone for systems which lack this function. The
+ * memrchr() function is like the memchr() function, except that it searches
+ * backwards from the end of the n bytes pointed to by s instead of forward
+ * from the beginning.
+ */
+
+void *
+Curl_memrchr(const void *s, int c, size_t n)
+{
+  const unsigned char *p = s;
+  const unsigned char *q = s;
+
+  p += n - 1;
+
+  while(p >= q) {
+    if(*p == (unsigned char)c)
+      return (void *)p;
+    p--;
+  }
+
+  return NULL;
+}
+
+#endif /* HAVE_MEMRCHR */
diff --git a/Utilities/cmcurl/lib/curl_memrchr.h b/Utilities/cmcurl/lib/curl_memrchr.h
new file mode 100644
index 0000000..324c73a
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_memrchr.h
@@ -0,0 +1,44 @@
+#ifndef HEADER_CURL_MEMRCHR_H
+#define HEADER_CURL_MEMRCHR_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_MEMRCHR
+
+#ifdef HAVE_STRING_H
+#  include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#else /* HAVE_MEMRCHR */
+
+void *Curl_memrchr(const void *s, int c, size_t n);
+
+#define memrchr(x,y,z) Curl_memrchr((x),(y),(z))
+
+#endif /* HAVE_MEMRCHR */
+
+#endif /* HEADER_CURL_MEMRCHR_H */
diff --git a/Utilities/cmcurl/lib/curl_multibyte.c b/Utilities/cmcurl/lib/curl_multibyte.c
new file mode 100644
index 0000000..6c02239
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_multibyte.c
@@ -0,0 +1,82 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+
+ /*
+  * MultiByte conversions using Windows kernel32 library.
+  */
+
+#include "curl_multibyte.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8)
+{
+  wchar_t *str_w = NULL;
+
+  if(str_utf8) {
+    int str_w_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS,
+                                        str_utf8, -1, NULL, 0);
+    if(str_w_len > 0) {
+      str_w = malloc(str_w_len * sizeof(wchar_t));
+      if(str_w) {
+        if(MultiByteToWideChar(CP_UTF8, 0, str_utf8, -1, str_w,
+                               str_w_len) == 0) {
+          Curl_safefree(str_w);
+        }
+      }
+    }
+  }
+
+  return str_w;
+}
+
+char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w)
+{
+  char *str_utf8 = NULL;
+
+  if(str_w) {
+    int str_utf8_len = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, NULL,
+                                           0, NULL, NULL);
+    if(str_utf8_len > 0) {
+      str_utf8 = malloc(str_utf8_len * sizeof(wchar_t));
+      if(str_utf8) {
+        if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, str_utf8_len,
+                               NULL, FALSE) == 0) {
+          Curl_safefree(str_utf8);
+        }
+      }
+    }
+  }
+
+  return str_utf8;
+}
+
+#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
diff --git a/Utilities/cmcurl/lib/curl_multibyte.h b/Utilities/cmcurl/lib/curl_multibyte.h
new file mode 100644
index 0000000..7ee5eae
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_multibyte.h
@@ -0,0 +1,90 @@
+#ifndef HEADER_CURL_MULTIBYTE_H
+#define HEADER_CURL_MULTIBYTE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+
+ /*
+  * MultiByte conversions using Windows kernel32 library.
+  */
+
+wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8);
+char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w);
+
+#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
+
+
+#if defined(USE_WIN32_IDN) || defined(USE_WINDOWS_SSPI)
+
+/*
+ * Macros Curl_convert_UTF8_to_tchar(), Curl_convert_tchar_to_UTF8()
+ * and Curl_unicodefree() main purpose is to minimize the number of
+ * preprocessor conditional directives needed by code using these
+ * to differentiate UNICODE from non-UNICODE builds.
+ *
+ * When building with UNICODE defined, this two macros
+ * Curl_convert_UTF8_to_tchar() and Curl_convert_tchar_to_UTF8()
+ * return a pointer to a newly allocated memory area holding result.
+ * When the result is no longer needed, allocated memory is intended
+ * to be free'ed with Curl_unicodefree().
+ *
+ * When building without UNICODE defined, this macros
+ * Curl_convert_UTF8_to_tchar() and Curl_convert_tchar_to_UTF8()
+ * return the pointer received as argument. Curl_unicodefree() does
+ * no actual free'ing of this pointer it is simply set to NULL.
+ */
+
+#ifdef UNICODE
+
+#define Curl_convert_UTF8_to_tchar(ptr) Curl_convert_UTF8_to_wchar((ptr))
+#define Curl_convert_tchar_to_UTF8(ptr) Curl_convert_wchar_to_UTF8((ptr))
+#define Curl_unicodefree(ptr) \
+  do {if((ptr)) {free((ptr)); (ptr) = NULL;}} WHILE_FALSE
+
+typedef union {
+  unsigned short       *tchar_ptr;
+  const unsigned short *const_tchar_ptr;
+  unsigned short       *tbyte_ptr;
+  const unsigned short *const_tbyte_ptr;
+} xcharp_u;
+
+#else
+
+#define Curl_convert_UTF8_to_tchar(ptr) (ptr)
+#define Curl_convert_tchar_to_UTF8(ptr) (ptr)
+#define Curl_unicodefree(ptr) \
+  do {(ptr) = NULL;} WHILE_FALSE
+
+typedef union {
+  char                *tchar_ptr;
+  const char          *const_tchar_ptr;
+  unsigned char       *tbyte_ptr;
+  const unsigned char *const_tbyte_ptr;
+} xcharp_u;
+
+#endif /* UNICODE */
+
+#endif /* USE_WIN32_IDN || USE_WINDOWS_SSPI */
+
+#endif /* HEADER_CURL_MULTIBYTE_H */
diff --git a/Utilities/cmcurl/lib/curl_ntlm.c b/Utilities/cmcurl/lib/curl_ntlm.c
new file mode 100644
index 0000000..8c02aba
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_ntlm.c
@@ -0,0 +1,248 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_NTLM
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#define DEBUG_ME 0
+
+#include "urldata.h"
+#include "sendf.h"
+#include "rawstr.h"
+#include "curl_ntlm.h"
+#include "curl_ntlm_msgs.h"
+#include "curl_ntlm_wb.h"
+#include "url.h"
+#include "curl_memory.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#if defined(USE_NSS)
+#include "vtls/nssg.h"
+#elif defined(USE_WINDOWS_SSPI)
+#include "curl_sspi.h"
+#endif
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if DEBUG_ME
+# define DEBUG_OUT(x) x
+#else
+# define DEBUG_OUT(x) Curl_nop_stmt
+#endif
+
+CURLcode Curl_input_ntlm(struct connectdata *conn,
+                         bool proxy,         /* if proxy or not */
+                         const char *header) /* rest of the www-authenticate:
+                                                header */
+{
+  /* point to the correct struct with this */
+  struct ntlmdata *ntlm;
+  CURLcode result = CURLE_OK;
+
+#ifdef USE_NSS
+  result = Curl_nss_force_init(conn->data);
+  if(result)
+    return result;
+#endif
+
+  ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
+
+  if(checkprefix("NTLM", header)) {
+    header += strlen("NTLM");
+
+    while(*header && ISSPACE(*header))
+      header++;
+
+    if(*header) {
+      result = Curl_ntlm_decode_type2_message(conn->data, header, ntlm);
+      if(CURLE_OK != result)
+        return result;
+
+      ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
+    }
+    else {
+      if(ntlm->state == NTLMSTATE_TYPE3) {
+        infof(conn->data, "NTLM handshake rejected\n");
+        Curl_http_ntlm_cleanup(conn);
+        ntlm->state = NTLMSTATE_NONE;
+        return CURLE_REMOTE_ACCESS_DENIED;
+      }
+      else if(ntlm->state >= NTLMSTATE_TYPE1) {
+        infof(conn->data, "NTLM handshake failure (internal error)\n");
+        return CURLE_REMOTE_ACCESS_DENIED;
+      }
+
+      ntlm->state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
+    }
+  }
+
+  return result;
+}
+
+/*
+ * This is for creating ntlm header output
+ */
+CURLcode Curl_output_ntlm(struct connectdata *conn,
+                          bool proxy)
+{
+  char *base64 = NULL;
+  size_t len = 0;
+  CURLcode error;
+
+  /* point to the address of the pointer that holds the string to send to the
+     server, which is for a plain host or for a HTTP proxy */
+  char **allocuserpwd;
+
+  /* point to the name and password for this */
+  const char *userp;
+  const char *passwdp;
+
+  /* point to the correct struct with this */
+  struct ntlmdata *ntlm;
+  struct auth *authp;
+
+  DEBUGASSERT(conn);
+  DEBUGASSERT(conn->data);
+
+#ifdef USE_NSS
+  if(CURLE_OK != Curl_nss_force_init(conn->data))
+    return CURLE_OUT_OF_MEMORY;
+#endif
+
+  if(proxy) {
+    allocuserpwd = &conn->allocptr.proxyuserpwd;
+    userp = conn->proxyuser;
+    passwdp = conn->proxypasswd;
+    ntlm = &conn->proxyntlm;
+    authp = &conn->data->state.authproxy;
+  }
+  else {
+    allocuserpwd = &conn->allocptr.userpwd;
+    userp = conn->user;
+    passwdp = conn->passwd;
+    ntlm = &conn->ntlm;
+    authp = &conn->data->state.authhost;
+  }
+  authp->done = FALSE;
+
+  /* not set means empty */
+  if(!userp)
+    userp = "";
+
+  if(!passwdp)
+    passwdp = "";
+
+#ifdef USE_WINDOWS_SSPI
+  if(s_hSecDll == NULL) {
+    /* not thread safe and leaks - use curl_global_init() to avoid */
+    CURLcode err = Curl_sspi_global_init();
+    if(s_hSecDll == NULL)
+      return err;
+  }
+#endif
+
+  switch(ntlm->state) {
+  case NTLMSTATE_TYPE1:
+  default: /* for the weird cases we (re)start here */
+    /* Create a type-1 message */
+    error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64,
+                                           &len);
+    if(error)
+      return error;
+
+    if(base64) {
+      Curl_safefree(*allocuserpwd);
+      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
+                              proxy ? "Proxy-" : "",
+                              base64);
+      free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
+    }
+    break;
+
+  case NTLMSTATE_TYPE2:
+    /* We already received the type-2 message, create a type-3 message */
+    error = Curl_ntlm_create_type3_message(conn->data, userp, passwdp,
+                                           ntlm, &base64, &len);
+    if(error)
+      return error;
+
+    if(base64) {
+      Curl_safefree(*allocuserpwd);
+      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
+                              proxy ? "Proxy-" : "",
+                              base64);
+      free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
+
+      ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
+      authp->done = TRUE;
+    }
+    break;
+
+  case NTLMSTATE_TYPE3:
+    /* connection is already authenticated,
+     * don't send a header in future requests */
+    Curl_safefree(*allocuserpwd);
+    authp->done = TRUE;
+    break;
+  }
+
+  return CURLE_OK;
+}
+
+void Curl_http_ntlm_cleanup(struct connectdata *conn)
+{
+#ifdef USE_WINDOWS_SSPI
+  Curl_ntlm_sspi_cleanup(&conn->ntlm);
+  Curl_ntlm_sspi_cleanup(&conn->proxyntlm);
+#elif defined(NTLM_WB_ENABLED)
+  Curl_ntlm_wb_cleanup(conn);
+#else
+  (void)conn;
+#endif
+
+#ifndef USE_WINDOWS_SSPI
+  Curl_safefree(conn->ntlm.target_info);
+  conn->ntlm.target_info_len = 0;
+
+  Curl_safefree(conn->proxyntlm.target_info);
+  conn->proxyntlm.target_info_len = 0;
+#endif
+}
+
+#endif /* USE_NTLM */
diff --git a/Utilities/cmcurl/inet_ntoa_r.h b/Utilities/cmcurl/lib/curl_ntlm.h
index c6c9bd8..21a9e9e 100644
--- a/Utilities/cmcurl/inet_ntoa_r.h
+++ b/Utilities/cmcurl/lib/curl_ntlm.h
@@ -1,5 +1,5 @@
-#ifndef __INET_NTOA_R_H
-#define __INET_NTOA_R_H
+#ifndef HEADER_CURL_NTLM_H
+#define HEADER_CURL_NTLM_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,25 +20,25 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
-#ifdef HAVE_INET_NTOA_R_2_ARGS
-/*
- * uClibc 0.9.26 (at least) doesn't define this prototype. The buffer
- * must be at least 16 characters long.
- */
-char *inet_ntoa_r(const struct in_addr in, char buffer[]);
+#ifdef USE_NTLM
+
+/* this is for ntlm header input */
+CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy,
+                         const char *header);
+
+/* this is for creating ntlm header output */
+CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
+
+void Curl_http_ntlm_cleanup(struct connectdata *conn);
 
 #else
-/*
- * My solaris 5.6 system running gcc 2.8.1 does *not* have this prototype
- * in any system include file! Isn't that weird?
- */
-char *inet_ntoa_r(const struct in_addr in, char *buffer, int buflen);
 
-#endif
+#define Curl_http_ntlm_cleanup(a) Curl_nop_stmt
 
 #endif
+
+#endif /* HEADER_CURL_NTLM_H */
diff --git a/Utilities/cmcurl/lib/curl_ntlm_core.c b/Utilities/cmcurl/lib/curl_ntlm_core.c
new file mode 100644
index 0000000..b011626
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_ntlm_core.c
@@ -0,0 +1,651 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#ifdef USE_SSLEAY
+
+#  ifdef USE_OPENSSL
+#    include <openssl/des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <openssl/md4.h>
+#    endif
+#    include <openssl/md5.h>
+#    include <openssl/ssl.h>
+#    include <openssl/rand.h>
+#  else
+#    include <des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <md4.h>
+#    endif
+#    include <md5.h>
+#    include <ssl.h>
+#    include <rand.h>
+#  endif
+#  if (OPENSSL_VERSION_NUMBER < 0x00907001L)
+#    define DES_key_schedule des_key_schedule
+#    define DES_cblock des_cblock
+#    define DES_set_odd_parity des_set_odd_parity
+#    define DES_set_key des_set_key
+#    define DES_ecb_encrypt des_ecb_encrypt
+#    define DESKEY(x) x
+#    define DESKEYARG(x) x
+#  else
+#    define DESKEYARG(x) *x
+#    define DESKEY(x) &x
+#  endif
+
+#elif defined(USE_GNUTLS_NETTLE)
+
+#  include <nettle/des.h>
+#  include <nettle/md4.h>
+
+#elif defined(USE_GNUTLS)
+
+#  include <gcrypt.h>
+#  define MD5_DIGEST_LENGTH 16
+#  define MD4_DIGEST_LENGTH 16
+
+#elif defined(USE_NSS)
+
+#  include <nss.h>
+#  include <pk11pub.h>
+#  include <hasht.h>
+#  include "curl_md4.h"
+#  define MD5_DIGEST_LENGTH MD5_LENGTH
+
+#elif defined(USE_DARWINSSL)
+
+#  include <CommonCrypto/CommonCryptor.h>
+#  include <CommonCrypto/CommonDigest.h>
+
+#else
+#  error "Can't compile NTLM support without a crypto library."
+#endif
+
+#include "urldata.h"
+#include "non-ascii.h"
+#include "rawstr.h"
+#include "curl_memory.h"
+#include "curl_ntlm_core.h"
+#include "curl_md5.h"
+#include "curl_hmac.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#define NTLM_HMAC_MD5_LEN     (16)
+#define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00"
+#define NTLMv2_BLOB_LEN       (44 -16 + ntlm->target_info_len + 4)
+
+#ifdef USE_SSLEAY
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
+ * key schedule ks is also set.
+ */
+static void setup_des_key(const unsigned char *key_56,
+                          DES_key_schedule DESKEYARG(ks))
+{
+  DES_cblock key;
+
+  key[0] = key_56[0];
+  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
+  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
+  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
+  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
+  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
+  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
+  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
+
+  DES_set_odd_parity(&key);
+  DES_set_key(&key, ks);
+}
+
+#else /* defined(USE_SSLEAY) */
+
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key.  Used by GnuTLS and NSS.
+ */
+static void extend_key_56_to_64(const unsigned char *key_56, char *key)
+{
+  key[0] = key_56[0];
+  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
+  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
+  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
+  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
+  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
+  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
+  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
+}
+
+#if defined(USE_GNUTLS_NETTLE)
+
+static void setup_des_key(const unsigned char *key_56,
+                          struct des_ctx *des)
+{
+  char key[8];
+  extend_key_56_to_64(key_56, key);
+  des_set_key(des, (const uint8_t*)key);
+}
+
+#elif defined(USE_GNUTLS)
+
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.
+ */
+static void setup_des_key(const unsigned char *key_56,
+                          gcry_cipher_hd_t *des)
+{
+  char key[8];
+  extend_key_56_to_64(key_56, key);
+  gcry_cipher_setkey(*des, key, 8);
+}
+
+#elif defined(USE_NSS)
+
+/*
+ * Expands a 56 bit key KEY_56 to 64 bit and encrypts 64 bit of data, using
+ * the expanded key.  The caller is responsible for giving 64 bit of valid
+ * data is IN and (at least) 64 bit large buffer as OUT.
+ */
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+                        const unsigned char *key_56)
+{
+  const CK_MECHANISM_TYPE mech = CKM_DES_ECB; /* DES cipher in ECB mode */
+  PK11SlotInfo *slot = NULL;
+  char key[8];                                /* expanded 64 bit key */
+  SECItem key_item;
+  PK11SymKey *symkey = NULL;
+  SECItem *param = NULL;
+  PK11Context *ctx = NULL;
+  int out_len;                                /* not used, required by NSS */
+  bool rv = FALSE;
+
+  /* use internal slot for DES encryption (requires NSS to be initialized) */
+  slot = PK11_GetInternalKeySlot();
+  if(!slot)
+    return FALSE;
+
+  /* expand the 56 bit key to 64 bit and wrap by NSS */
+  extend_key_56_to_64(key_56, key);
+  key_item.data = (unsigned char *)key;
+  key_item.len = /* hard-wired */ 8;
+  symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT,
+                             &key_item, NULL);
+  if(!symkey)
+    goto fail;
+
+  /* create DES encryption context */
+  param = PK11_ParamFromIV(mech, /* no IV in ECB mode */ NULL);
+  if(!param)
+    goto fail;
+  ctx = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symkey, param);
+  if(!ctx)
+    goto fail;
+
+  /* perform the encryption */
+  if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, /* outbuflen */ 8,
+                                 (unsigned char *)in, /* inbuflen */ 8)
+      && SECSuccess == PK11_Finalize(ctx))
+    rv = /* all OK */ TRUE;
+
+fail:
+  /* cleanup */
+  if(ctx)
+    PK11_DestroyContext(ctx, PR_TRUE);
+  if(symkey)
+    PK11_FreeSymKey(symkey);
+  if(param)
+    SECITEM_FreeItem(param, PR_TRUE);
+  PK11_FreeSlot(slot);
+  return rv;
+}
+
+#elif defined(USE_DARWINSSL)
+
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+                        const unsigned char *key_56)
+{
+  char key[8];
+  size_t out_len;
+  CCCryptorStatus err;
+
+  extend_key_56_to_64(key_56, key);
+  err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key,
+                kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out,
+                8 /* outbuflen */, &out_len);
+  return err == kCCSuccess;
+}
+
+#endif /* defined(USE_DARWINSSL) */
+
+#endif /* defined(USE_SSLEAY) */
+
+ /*
+  * takes a 21 byte array and treats it as 3 56-bit DES keys. The
+  * 8 byte plaintext is encrypted with each key and the resulting 24
+  * bytes are stored in the results array.
+  */
+void Curl_ntlm_core_lm_resp(const unsigned char *keys,
+                            const unsigned char *plaintext,
+                            unsigned char *results)
+{
+#ifdef USE_SSLEAY
+  DES_key_schedule ks;
+
+  setup_des_key(keys, DESKEY(ks));
+  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
+                  DESKEY(ks), DES_ENCRYPT);
+
+  setup_des_key(keys + 7, DESKEY(ks));
+  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 8),
+                  DESKEY(ks), DES_ENCRYPT);
+
+  setup_des_key(keys + 14, DESKEY(ks));
+  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16),
+                  DESKEY(ks), DES_ENCRYPT);
+#elif defined(USE_GNUTLS_NETTLE)
+  struct des_ctx des;
+  setup_des_key(keys, &des);
+  des_encrypt(&des, 8, results, plaintext);
+  setup_des_key(keys + 7, &des);
+  des_encrypt(&des, 8, results + 8, plaintext);
+  setup_des_key(keys + 14, &des);
+  des_encrypt(&des, 8, results + 16, plaintext);
+#elif defined(USE_GNUTLS)
+  gcry_cipher_hd_t des;
+
+  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+  setup_des_key(keys, &des);
+  gcry_cipher_encrypt(des, results, 8, plaintext, 8);
+  gcry_cipher_close(des);
+
+  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+  setup_des_key(keys + 7, &des);
+  gcry_cipher_encrypt(des, results + 8, 8, plaintext, 8);
+  gcry_cipher_close(des);
+
+  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+  setup_des_key(keys + 14, &des);
+  gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
+  gcry_cipher_close(des);
+#elif defined(USE_NSS) || defined(USE_DARWINSSL)
+  encrypt_des(plaintext, results, keys);
+  encrypt_des(plaintext, results + 8, keys + 7);
+  encrypt_des(plaintext, results + 16, keys + 14);
+#endif
+}
+
+/*
+ * Set up lanmanager hashed password
+ */
+void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
+                               const char *password,
+                               unsigned char *lmbuffer /* 21 bytes */)
+{
+  CURLcode res;
+  unsigned char pw[14];
+  static const unsigned char magic[] = {
+    0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */
+  };
+  size_t len = CURLMIN(strlen(password), 14);
+
+  Curl_strntoupper((char *)pw, password, len);
+  memset(&pw[len], 0, 14 - len);
+
+  /*
+   * The LanManager hashed password needs to be created using the
+   * password in the network encoding not the host encoding.
+   */
+  res = Curl_convert_to_network(data, (char *)pw, 14);
+  if(res)
+    return;
+
+  {
+    /* Create LanManager hashed password. */
+
+#ifdef USE_SSLEAY
+    DES_key_schedule ks;
+
+    setup_des_key(pw, DESKEY(ks));
+    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
+                    DESKEY(ks), DES_ENCRYPT);
+
+    setup_des_key(pw + 7, DESKEY(ks));
+    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8),
+                    DESKEY(ks), DES_ENCRYPT);
+#elif defined(USE_GNUTLS_NETTLE)
+    struct des_ctx des;
+    setup_des_key(pw, &des);
+    des_encrypt(&des, 8, lmbuffer, magic);
+    setup_des_key(pw + 7, &des);
+    des_encrypt(&des, 8, lmbuffer + 8, magic);
+#elif defined(USE_GNUTLS)
+    gcry_cipher_hd_t des;
+
+    gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+    setup_des_key(pw, &des);
+    gcry_cipher_encrypt(des, lmbuffer, 8, magic, 8);
+    gcry_cipher_close(des);
+
+    gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+    setup_des_key(pw + 7, &des);
+    gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
+    gcry_cipher_close(des);
+#elif defined(USE_NSS) || defined(USE_DARWINSSL)
+    encrypt_des(magic, lmbuffer, pw);
+    encrypt_des(magic, lmbuffer + 8, pw + 7);
+#endif
+
+    memset(lmbuffer + 16, 0, 21 - 16);
+  }
+}
+
+#if USE_NTRESPONSES
+static void ascii_to_unicode_le(unsigned char *dest, const char *src,
+                                size_t srclen)
+{
+  size_t i;
+  for(i = 0; i < srclen; i++) {
+    dest[2 * i] = (unsigned char)src[i];
+    dest[2 * i + 1] = '\0';
+  }
+}
+
+static void ascii_uppercase_to_unicode_le(unsigned char *dest,
+                                          const char *src, size_t srclen)
+{
+  size_t i;
+  for(i = 0; i < srclen; i++) {
+    dest[2 * i] = (unsigned char)(toupper(src[i]));
+    dest[2 * i + 1] = '\0';
+  }
+}
+
+static void write32_le(const int value, unsigned char *buffer)
+{
+  buffer[0] = (char)(value & 0x000000FF);
+  buffer[1] = (char)((value & 0x0000FF00) >> 8);
+  buffer[2] = (char)((value & 0x00FF0000) >> 16);
+  buffer[3] = (char)((value & 0xFF000000) >> 24);
+}
+
+#if defined(HAVE_LONGLONG)
+static void write64_le(const long long value, unsigned char *buffer)
+#else
+static void write64_le(const __int64 value, unsigned char *buffer)
+#endif
+{
+  write32_le((int)value, buffer);
+  write32_le((int)(value >> 32), buffer + 4);
+}
+
+/*
+ * Set up nt hashed passwords
+ */
+CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
+                                   const char *password,
+                                   unsigned char *ntbuffer /* 21 bytes */)
+{
+  size_t len = strlen(password);
+  unsigned char *pw = malloc(len * 2);
+  CURLcode result;
+  if(!pw)
+    return CURLE_OUT_OF_MEMORY;
+
+  ascii_to_unicode_le(pw, password, len);
+
+  /*
+   * The NT hashed password needs to be created using the password in the
+   * network encoding not the host encoding.
+   */
+  result = Curl_convert_to_network(data, (char *)pw, len * 2);
+  if(result)
+    return result;
+
+  {
+    /* Create NT hashed password. */
+#ifdef USE_SSLEAY
+    MD4_CTX MD4pw;
+    MD4_Init(&MD4pw);
+    MD4_Update(&MD4pw, pw, 2 * len);
+    MD4_Final(ntbuffer, &MD4pw);
+#elif defined(USE_GNUTLS_NETTLE)
+    struct md4_ctx MD4pw;
+    md4_init(&MD4pw);
+    md4_update(&MD4pw, (unsigned int)(2 * len), pw);
+    md4_digest(&MD4pw, MD4_DIGEST_SIZE, ntbuffer);
+#elif defined(USE_GNUTLS)
+    gcry_md_hd_t MD4pw;
+    gcry_md_open(&MD4pw, GCRY_MD_MD4, 0);
+    gcry_md_write(MD4pw, pw, 2 * len);
+    memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
+    gcry_md_close(MD4pw);
+#elif defined(USE_NSS)
+    Curl_md4it(ntbuffer, pw, 2 * len);
+#elif defined(USE_DARWINSSL)
+    (void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer);
+#endif
+
+    memset(ntbuffer + 16, 0, 21 - 16);
+  }
+
+  free(pw);
+
+  return CURLE_OK;
+}
+
+/* This returns the HMAC MD5 digest */
+CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
+                       const unsigned char *data, unsigned int datalen,
+                       unsigned char *output)
+{
+  HMAC_context *ctxt = Curl_HMAC_init(Curl_HMAC_MD5, key, keylen);
+
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Update the digest with the given challenge */
+  Curl_HMAC_update(ctxt, data, datalen);
+
+  /* Finalise the digest */
+  Curl_HMAC_final(ctxt, output);
+
+  return CURLE_OK;
+}
+
+/* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
+ * (uppercase UserName + Domain) as the data
+ */
+CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
+                                       const char *domain, size_t domlen,
+                                       unsigned char *ntlmhash,
+                                       unsigned char *ntlmv2hash)
+{
+  /* Unicode representation */
+  size_t identity_len = (userlen + domlen) * 2;
+  unsigned char *identity = malloc(identity_len);
+  CURLcode res = CURLE_OK;
+
+  if(!identity)
+    return CURLE_OUT_OF_MEMORY;
+
+  ascii_uppercase_to_unicode_le(identity, user, userlen);
+  ascii_to_unicode_le(identity + (userlen << 1), domain, domlen);
+
+  res = Curl_hmac_md5(ntlmhash, 16, identity, curlx_uztoui(identity_len),
+                      ntlmv2hash);
+
+  Curl_safefree(identity);
+
+  return res;
+}
+
+/*
+ * Curl_ntlm_core_mk_ntlmv2_resp()
+ *
+ * This creates the NTLMv2 response as set in the ntlm type-3 message.
+ *
+ * Parameters:
+ *
+ * ntlmv2hash       [in] - The ntlmv2 hash (16 bytes)
+ * challenge_client [in] - The client nonce (8 bytes)
+ * ntlm             [in] - The ntlm data struct being used to read TargetInfo
+                           and Server challenge received in the type-2 message
+ * ntresp          [out] - The address where a pointer to newly allocated
+ *                         memory holding the NTLMv2 response.
+ * ntresp_len      [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
+                                       unsigned char *challenge_client,
+                                       struct ntlmdata *ntlm,
+                                       unsigned char **ntresp,
+                                       unsigned int *ntresp_len)
+{
+/* NTLMv2 response structure :
+------------------------------------------------------------------------------
+0     HMAC MD5         16 bytes
+------BLOB--------------------------------------------------------------------
+16    Signature        0x01010000
+20    Reserved         long (0x00000000)
+24    Timestamp        LE, 64-bit signed value representing the number of
+                       tenths of a microsecond since January 1, 1601.
+32    Client Nonce     8 bytes
+40    Unknown          4 bytes
+44    Target Info      N bytes (from the type-2 message)
+44+N  Unknown          4 bytes
+------------------------------------------------------------------------------
+*/
+
+  unsigned int len = 0;
+  unsigned char *ptr = NULL;
+  unsigned char hmac_output[NTLM_HMAC_MD5_LEN];
+#if defined(HAVE_LONGLONG)
+  long long tw;
+#else
+  __int64 tw;
+#endif
+  CURLcode res = CURLE_OK;
+
+  /* Calculate the timestamp */
+#ifdef DEBUGBUILD
+  char *force_timestamp = getenv("CURL_FORCETIME");
+  if(force_timestamp)
+    tw = 11644473600ULL * 10000000ULL;
+  else
+#endif
+  tw = ((long long)time(NULL) + 11644473600ULL) * 10000000ULL;
+
+  /* Calculate the response len */
+  len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN;
+
+  /* Allocate the response */
+  ptr = malloc(len);
+  if(!ptr)
+    return CURLE_OUT_OF_MEMORY;
+
+  memset(ptr, 0, len);
+
+  /* Create the BLOB structure */
+  snprintf((char *)ptr + NTLM_HMAC_MD5_LEN, NTLMv2_BLOB_LEN,
+           NTLMv2_BLOB_SIGNATURE
+           "%c%c%c%c",  /* Reserved = 0 */
+           0, 0, 0, 0);
+
+  write64_le(tw, ptr + 24);
+  memcpy(ptr + 32, challenge_client, 8);
+  memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len);
+
+  /* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */
+  memcpy(ptr + 8, &ntlm->nonce[0], 8);
+  res = Curl_hmac_md5(ntlmv2hash, NTLM_HMAC_MD5_LEN, ptr + 8,
+                      NTLMv2_BLOB_LEN + 8, hmac_output);
+  if(res) {
+    Curl_safefree(ptr);
+    return res;
+  }
+
+  /* Concatenate the HMAC MD5 output  with the BLOB */
+  memcpy(ptr, hmac_output, NTLM_HMAC_MD5_LEN);
+
+  /* Return the response */
+  *ntresp = ptr;
+  *ntresp_len = len;
+
+  return res;
+}
+
+/*
+ * Curl_ntlm_core_mk_lmv2_resp()
+ *
+ * This creates the LMv2 response as used in the ntlm type-3 message.
+ *
+ * Parameters:
+ *
+ * ntlmv2hash        [in] - The ntlmv2 hash (16 bytes)
+ * challenge_client  [in] - The client nonce (8 bytes)
+ * challenge_client  [in] - The server challenge (8 bytes)
+ * lmresp           [out] - The LMv2 response (24 bytes)
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode  Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash,
+                                      unsigned char *challenge_client,
+                                      unsigned char *challenge_server,
+                                      unsigned char *lmresp)
+{
+  unsigned char data[16];
+  unsigned char hmac_output[16];
+  CURLcode res = CURLE_OK;
+
+  memcpy(&data[0], challenge_server, 8);
+  memcpy(&data[8], challenge_client, 8);
+
+  res = Curl_hmac_md5(ntlmv2hash, 16, &data[0], 16, hmac_output);
+  if(res)
+    return res;
+
+  /* Concatenate the HMAC MD5 output  with the client nonce */
+  memcpy(lmresp, hmac_output, 16);
+  memcpy(lmresp+16, challenge_client, 8);
+
+  return res;
+}
+
+#endif /* USE_NTRESPONSES */
+
+#endif /* USE_NTLM && !USE_WINDOWS_SSPI */
diff --git a/Utilities/cmcurl/lib/curl_ntlm_core.h b/Utilities/cmcurl/lib/curl_ntlm_core.h
new file mode 100644
index 0000000..fe41cdd
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_ntlm_core.h
@@ -0,0 +1,89 @@
+#ifndef HEADER_CURL_NTLM_CORE_H
+#define HEADER_CURL_NTLM_CORE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
+
+#ifdef USE_SSLEAY
+#  if !defined(OPENSSL_VERSION_NUMBER) && \
+      !defined(HEADER_SSL_H) && !defined(HEADER_MD5_H)
+#    error "curl_ntlm_core.h shall not be included before OpenSSL headers."
+#  endif
+#  ifdef OPENSSL_NO_MD4
+#    define USE_NTRESPONSES 0
+#    define USE_NTLM2SESSION 0
+#  endif
+#endif
+
+/*
+ * Define USE_NTRESPONSES to 1 in order to make the type-3 message include
+ * the NT response message. Define USE_NTLM2SESSION to 1 in order to make
+ * the type-3 message include the NTLM2Session response message, requires
+ * USE_NTRESPONSES defined to 1.
+ */
+
+#ifndef USE_NTRESPONSES
+#  define USE_NTRESPONSES 1
+#  define USE_NTLM2SESSION 1
+#endif
+
+void Curl_ntlm_core_lm_resp(const unsigned char *keys,
+                            const unsigned char *plaintext,
+                            unsigned char *results);
+
+void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
+                               const char *password,
+                               unsigned char *lmbuffer /* 21 bytes */);
+
+#if USE_NTRESPONSES
+CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
+                       const unsigned char *data, unsigned int datalen,
+                       unsigned char *output);
+
+CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
+                                   const char *password,
+                                   unsigned char *ntbuffer /* 21 bytes */);
+
+CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
+                                       const char *domain, size_t domlen,
+                                       unsigned char *ntlmhash,
+                                       unsigned char *ntlmv2hash);
+
+CURLcode  Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
+                                        unsigned char *challenge_client,
+                                        struct ntlmdata *ntlm,
+                                        unsigned char **ntresp,
+                                        unsigned int *ntresp_len);
+
+CURLcode  Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash,
+                                      unsigned char *challenge_client,
+                                      unsigned char *challenge_server,
+                                      unsigned char *lmresp);
+
+#endif
+
+#endif /* USE_NTLM && !USE_WINDOWS_SSPI */
+
+#endif /* HEADER_CURL_NTLM_CORE_H */
diff --git a/Utilities/cmcurl/lib/curl_ntlm_msgs.c b/Utilities/cmcurl/lib/curl_ntlm_msgs.c
new file mode 100644
index 0000000..b807926
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_ntlm_msgs.c
@@ -0,0 +1,1010 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_NTLM
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#define DEBUG_ME 0
+
+#include "urldata.h"
+#include "non-ascii.h"
+#include "sendf.h"
+#include "curl_base64.h"
+#include "curl_ntlm_core.h"
+#include "curl_gethostname.h"
+#include "curl_multibyte.h"
+#include "warnless.h"
+#include "curl_memory.h"
+
+#ifdef USE_WINDOWS_SSPI
+#  include "curl_sspi.h"
+#endif
+
+#include "vtls/vtls.h"
+
+#define BUILDING_CURL_NTLM_MSGS_C
+#include "curl_ntlm_msgs.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* "NTLMSSP" signature is always in ASCII regardless of the platform */
+#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
+
+#define SHORTPAIR(x) ((x) & 0xff), (((x) >> 8) & 0xff)
+#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8) & 0xff), \
+  (((x) >> 16) & 0xff), (((x) >> 24) & 0xff)
+
+#if DEBUG_ME
+# define DEBUG_OUT(x) x
+static void ntlm_print_flags(FILE *handle, unsigned long flags)
+{
+  if(flags & NTLMFLAG_NEGOTIATE_UNICODE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_UNICODE ");
+  if(flags & NTLMFLAG_NEGOTIATE_OEM)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_OEM ");
+  if(flags & NTLMFLAG_REQUEST_TARGET)
+    fprintf(handle, "NTLMFLAG_REQUEST_TARGET ");
+  if(flags & (1<<3))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_3 ");
+  if(flags & NTLMFLAG_NEGOTIATE_SIGN)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_SIGN ");
+  if(flags & NTLMFLAG_NEGOTIATE_SEAL)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_SEAL ");
+  if(flags & NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE ");
+  if(flags & NTLMFLAG_NEGOTIATE_LM_KEY)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_LM_KEY ");
+  if(flags & NTLMFLAG_NEGOTIATE_NETWARE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_NETWARE ");
+  if(flags & NTLMFLAG_NEGOTIATE_NTLM_KEY)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM_KEY ");
+  if(flags & (1<<10))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_10 ");
+  if(flags & NTLMFLAG_NEGOTIATE_ANONYMOUS)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_ANONYMOUS ");
+  if(flags & NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED ");
+  if(flags & NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED ");
+  if(flags & NTLMFLAG_NEGOTIATE_LOCAL_CALL)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_LOCAL_CALL ");
+  if(flags & NTLMFLAG_NEGOTIATE_ALWAYS_SIGN)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_ALWAYS_SIGN ");
+  if(flags & NTLMFLAG_TARGET_TYPE_DOMAIN)
+    fprintf(handle, "NTLMFLAG_TARGET_TYPE_DOMAIN ");
+  if(flags & NTLMFLAG_TARGET_TYPE_SERVER)
+    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SERVER ");
+  if(flags & NTLMFLAG_TARGET_TYPE_SHARE)
+    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SHARE ");
+  if(flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM2_KEY ");
+  if(flags & NTLMFLAG_REQUEST_INIT_RESPONSE)
+    fprintf(handle, "NTLMFLAG_REQUEST_INIT_RESPONSE ");
+  if(flags & NTLMFLAG_REQUEST_ACCEPT_RESPONSE)
+    fprintf(handle, "NTLMFLAG_REQUEST_ACCEPT_RESPONSE ");
+  if(flags & NTLMFLAG_REQUEST_NONNT_SESSION_KEY)
+    fprintf(handle, "NTLMFLAG_REQUEST_NONNT_SESSION_KEY ");
+  if(flags & NTLMFLAG_NEGOTIATE_TARGET_INFO)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_TARGET_INFO ");
+  if(flags & (1<<24))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_24 ");
+  if(flags & (1<<25))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_25 ");
+  if(flags & (1<<26))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_26 ");
+  if(flags & (1<<27))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_27 ");
+  if(flags & (1<<28))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_28 ");
+  if(flags & NTLMFLAG_NEGOTIATE_128)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_128 ");
+  if(flags & NTLMFLAG_NEGOTIATE_KEY_EXCHANGE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_KEY_EXCHANGE ");
+  if(flags & NTLMFLAG_NEGOTIATE_56)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_56 ");
+}
+
+static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
+{
+  const char *p = buf;
+  (void)handle;
+  fprintf(stderr, "0x");
+  while(len-- > 0)
+    fprintf(stderr, "%02.2x", (unsigned int)*p++);
+}
+#else
+# define DEBUG_OUT(x) Curl_nop_stmt
+#endif
+
+#ifndef USE_WINDOWS_SSPI
+/*
+ * This function converts from the little endian format used in the
+ * incoming package to whatever endian format we're using natively.
+ * Argument is a pointer to a 4 byte buffer.
+ */
+static unsigned int readint_le(unsigned char *buf)
+{
+  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
+    ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
+}
+
+/*
+ * This function converts from the little endian format used in the incoming
+ * package to whatever endian format we're using natively. Argument is a
+ * pointer to a 2 byte buffer.
+ */
+static unsigned int readshort_le(unsigned char *buf)
+{
+  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8);
+}
+
+/*
+ * Curl_ntlm_decode_type2_target()
+ *
+ * This is used to decode the "target info" in the ntlm type-2 message
+ * received.
+ *
+ * Parameters:
+ *
+ * data      [in]    - Pointer to the session handle
+ * buffer    [in]    - The decoded base64 ntlm header of Type 2
+ * size      [in]    - The input buffer size, atleast 32 bytes
+ * ntlm      [in]    - Pointer to ntlm data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
+                                       unsigned char *buffer,
+                                       size_t size,
+                                       struct ntlmdata *ntlm)
+{
+  unsigned int target_info_len = 0;
+  unsigned int target_info_offset = 0;
+
+  Curl_safefree(ntlm->target_info);
+  ntlm->target_info_len = 0;
+
+  if(size >= 48) {
+    target_info_len = readshort_le(&buffer[40]);
+    target_info_offset = readint_le(&buffer[44]);
+    if(target_info_len > 0) {
+      if(((target_info_offset + target_info_len) > size) ||
+         (target_info_offset < 48)) {
+        infof(data, "NTLM handshake failure (bad type-2 message). "
+                    "Target Info Offset Len is set incorrect by the peer\n");
+        return CURLE_REMOTE_ACCESS_DENIED;
+      }
+
+      ntlm->target_info = malloc(target_info_len);
+      if(!ntlm->target_info)
+        return CURLE_OUT_OF_MEMORY;
+
+      memcpy(ntlm->target_info, &buffer[target_info_offset], target_info_len);
+      ntlm->target_info_len = target_info_len;
+
+    }
+
+  }
+
+  return CURLE_OK;
+}
+
+#endif
+
+/*
+  NTLM message structure notes:
+
+  A 'short' is a 'network short', a little-endian 16-bit unsigned value.
+
+  A 'long' is a 'network long', a little-endian, 32-bit unsigned value.
+
+  A 'security buffer' represents a triplet used to point to a buffer,
+  consisting of two shorts and one long:
+
+    1. A 'short' containing the length of the buffer content in bytes.
+    2. A 'short' containing the allocated space for the buffer in bytes.
+    3. A 'long' containing the offset to the start of the buffer in bytes,
+       from the beginning of the NTLM message.
+*/
+
+/*
+ * Curl_ntlm_decode_type2_message()
+ *
+ * This is used to decode a ntlm type-2 message received from a HTTP or SASL
+ * based (such as SMTP, POP3 or IMAP) server. The message is first decoded
+ * from a base64 string into a raw ntlm message and checked for validity
+ * before the appropriate data for creating a type-3 message is written to
+ * the given ntlm data structure.
+ *
+ * Parameters:
+ *
+ * data    [in]     - Pointer to session handle.
+ * header  [in]     - Pointer to the input buffer.
+ * ntlm    [in]     - Pointer to ntlm data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
+                                        const char *header,
+                                        struct ntlmdata *ntlm)
+{
+#ifndef USE_WINDOWS_SSPI
+  static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 };
+#endif
+
+  /* NTLM type-2 message structure:
+
+          Index  Description            Content
+            0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
+                                        (0x4e544c4d53535000)
+            8    NTLM Message Type      long (0x02000000)
+           12    Target Name            security buffer
+           20    Flags                  long
+           24    Challenge              8 bytes
+          (32)   Context                8 bytes (two consecutive longs) (*)
+          (40)   Target Information     security buffer (*)
+          (48)   OS Version Structure   8 bytes (*)
+  32 (48) (56)   Start of data block    (*)
+                                        (*) -> Optional
+  */
+
+  size_t size = 0;
+  unsigned char *buffer = NULL;
+  CURLcode error;
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(USE_WINDOWS_SSPI)
+  (void)data;
+#endif
+
+  error = Curl_base64_decode(header, &buffer, &size);
+  if(error)
+    return error;
+
+  if(!buffer) {
+    infof(data, "NTLM handshake failure (unhandled condition)\n");
+    return CURLE_REMOTE_ACCESS_DENIED;
+  }
+
+#ifdef USE_WINDOWS_SSPI
+  ntlm->type_2 = malloc(size + 1);
+  if(ntlm->type_2 == NULL) {
+    free(buffer);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  ntlm->n_type_2 = curlx_uztoul(size);
+  memcpy(ntlm->type_2, buffer, size);
+#else
+  ntlm->flags = 0;
+
+  if((size < 32) ||
+     (memcmp(buffer, NTLMSSP_SIGNATURE, 8) != 0) ||
+     (memcmp(buffer + 8, type2_marker, sizeof(type2_marker)) != 0)) {
+    /* This was not a good enough type-2 message */
+    free(buffer);
+    infof(data, "NTLM handshake failure (bad type-2 message)\n");
+    return CURLE_REMOTE_ACCESS_DENIED;
+  }
+
+  ntlm->flags = readint_le(&buffer[20]);
+  memcpy(ntlm->nonce, &buffer[24], 8);
+
+  if(ntlm->flags & NTLMFLAG_NEGOTIATE_TARGET_INFO) {
+    error = Curl_ntlm_decode_type2_target(data, buffer, size, ntlm);
+    if(error) {
+      free(buffer);
+      infof(data, "NTLM handshake failure (bad type-2 message)\n");
+      return error;
+    }
+  }
+
+  DEBUG_OUT({
+    fprintf(stderr, "**** TYPE2 header flags=0x%08.8lx ", ntlm->flags);
+    ntlm_print_flags(stderr, ntlm->flags);
+    fprintf(stderr, "\n                  nonce=");
+    ntlm_print_hex(stderr, (char *)ntlm->nonce, 8);
+    fprintf(stderr, "\n****\n");
+    fprintf(stderr, "**** Header %s\n ", header);
+  });
+#endif
+  free(buffer);
+
+  return CURLE_OK;
+}
+
+#ifdef USE_WINDOWS_SSPI
+void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
+{
+  Curl_safefree(ntlm->type_2);
+
+  if(ntlm->has_handles) {
+    s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
+    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
+    ntlm->has_handles = 0;
+  }
+
+  ntlm->max_token_length = 0;
+  Curl_safefree(ntlm->output_token);
+
+  Curl_sspi_free_identity(ntlm->p_identity);
+  ntlm->p_identity = NULL;
+}
+#endif
+
+#ifndef USE_WINDOWS_SSPI
+/* copy the source to the destination and fill in zeroes in every
+   other destination byte! */
+static void unicodecpy(unsigned char *dest, const char *src, size_t length)
+{
+  size_t i;
+  for(i = 0; i < length; i++) {
+    dest[2 * i] = (unsigned char)src[i];
+    dest[2 * i + 1] = '\0';
+  }
+}
+#endif
+
+/*
+ * Curl_ntlm_create_type1_message()
+ *
+ * This is used to generate an already encoded NTLM type-1 message ready for
+ * sending to the recipient, be it a HTTP or SASL based (such as SMTP, POP3
+ * or IMAP) server, using the appropriate compile time crypo API.
+ *
+ * Parameters:
+ *
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_create_type1_message(const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr,
+                                        size_t *outlen)
+{
+  /* NTLM type-1 message structure:
+
+       Index  Description            Content
+         0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
+                                     (0x4e544c4d53535000)
+         8    NTLM Message Type      long (0x01000000)
+        12    Flags                  long
+       (16)   Supplied Domain        security buffer (*)
+       (24)   Supplied Workstation   security buffer (*)
+       (32)   OS Version Structure   8 bytes (*)
+  (32) (40)   Start of data block    (*)
+                                     (*) -> Optional
+  */
+
+  size_t size;
+
+#ifdef USE_WINDOWS_SSPI
+
+  PSecPkgInfo SecurityPackage;
+  SecBuffer type_1_buf;
+  SecBufferDesc type_1_desc;
+  SECURITY_STATUS status;
+  unsigned long attrs;
+  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
+
+  Curl_ntlm_sspi_cleanup(ntlm);
+
+  /* Query the security package for NTLM */
+  status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT("NTLM"),
+                                              &SecurityPackage);
+  if(status != SEC_E_OK)
+    return CURLE_NOT_BUILT_IN;
+
+  ntlm->max_token_length = SecurityPackage->cbMaxToken;
+
+  /* Release the package buffer as it is not required anymore */
+  s_pSecFn->FreeContextBuffer(SecurityPackage);
+
+  /* Allocate our output buffer */
+  ntlm->output_token = malloc(ntlm->max_token_length);
+  if(!ntlm->output_token)
+    return CURLE_OUT_OF_MEMORY;
+
+  if(userp && *userp) {
+    CURLcode result;
+
+    /* Populate our identity structure */
+    result = Curl_create_sspi_identity(userp, passwdp, &ntlm->identity);
+    if(result)
+      return result;
+
+    /* Allow proper cleanup of the identity structure */
+    ntlm->p_identity = &ntlm->identity;
+  }
+  else
+    /* Use the current Windows user */
+    ntlm->p_identity = NULL;
+
+  /* Acquire our credientials handle */
+  status = s_pSecFn->AcquireCredentialsHandle(NULL,
+                                              (TCHAR *) TEXT("NTLM"),
+                                              SECPKG_CRED_OUTBOUND, NULL,
+                                              ntlm->p_identity, NULL, NULL,
+                                              &ntlm->handle, &tsDummy);
+  if(status != SEC_E_OK)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Setup the type-1 "output" security buffer */
+  type_1_desc.ulVersion = SECBUFFER_VERSION;
+  type_1_desc.cBuffers  = 1;
+  type_1_desc.pBuffers  = &type_1_buf;
+  type_1_buf.BufferType = SECBUFFER_TOKEN;
+  type_1_buf.pvBuffer   = ntlm->output_token;
+  type_1_buf.cbBuffer   = curlx_uztoul(ntlm->max_token_length);
+
+  /* Generate our type-1 message */
+  status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
+                                               (TCHAR *) TEXT(""),
+                                               ISC_REQ_CONFIDENTIALITY |
+                                               ISC_REQ_REPLAY_DETECT |
+                                               ISC_REQ_CONNECTION,
+                                               0, SECURITY_NETWORK_DREP,
+                                               NULL, 0,
+                                               &ntlm->c_handle, &type_1_desc,
+                                               &attrs, &tsDummy);
+
+  if(status == SEC_I_COMPLETE_AND_CONTINUE ||
+     status == SEC_I_CONTINUE_NEEDED)
+    s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &type_1_desc);
+  else if(status != SEC_E_OK) {
+    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
+    return CURLE_RECV_ERROR;
+  }
+
+  ntlm->has_handles = 1;
+  size = type_1_buf.cbBuffer;
+
+#else
+
+  unsigned char ntlmbuf[NTLM_BUFSIZE];
+  const char *host = "";              /* empty */
+  const char *domain = "";            /* empty */
+  size_t hostlen = 0;
+  size_t domlen = 0;
+  size_t hostoff = 0;
+  size_t domoff = hostoff + hostlen;  /* This is 0: remember that host and
+                                         domain are empty */
+  (void)userp;
+  (void)passwdp;
+  (void)ntlm;
+
+#if USE_NTLM2SESSION
+#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
+#else
+#define NTLM2FLAG 0
+#endif
+  snprintf((char *)ntlmbuf, NTLM_BUFSIZE,
+           NTLMSSP_SIGNATURE "%c"
+           "\x01%c%c%c" /* 32-bit type = 1 */
+           "%c%c%c%c"   /* 32-bit NTLM flag field */
+           "%c%c"       /* domain length */
+           "%c%c"       /* domain allocated space */
+           "%c%c"       /* domain name offset */
+           "%c%c"       /* 2 zeroes */
+           "%c%c"       /* host length */
+           "%c%c"       /* host allocated space */
+           "%c%c"       /* host name offset */
+           "%c%c"       /* 2 zeroes */
+           "%s"         /* host name */
+           "%s",        /* domain string */
+           0,           /* trailing zero */
+           0, 0, 0,     /* part of type-1 long */
+
+           LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
+                       NTLMFLAG_REQUEST_TARGET |
+                       NTLMFLAG_NEGOTIATE_NTLM_KEY |
+                       NTLM2FLAG |
+                       NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
+           SHORTPAIR(domlen),
+           SHORTPAIR(domlen),
+           SHORTPAIR(domoff),
+           0, 0,
+           SHORTPAIR(hostlen),
+           SHORTPAIR(hostlen),
+           SHORTPAIR(hostoff),
+           0, 0,
+           host,  /* this is empty */
+           domain /* this is empty */);
+
+  /* Initial packet length */
+  size = 32 + hostlen + domlen;
+
+#endif
+
+  DEBUG_OUT({
+    fprintf(stderr, "* TYPE1 header flags=0x%02.2x%02.2x%02.2x%02.2x "
+            "0x%08.8x ",
+            LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
+                        NTLMFLAG_REQUEST_TARGET |
+                        NTLMFLAG_NEGOTIATE_NTLM_KEY |
+                        NTLM2FLAG |
+                        NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
+            NTLMFLAG_NEGOTIATE_OEM |
+            NTLMFLAG_REQUEST_TARGET |
+            NTLMFLAG_NEGOTIATE_NTLM_KEY |
+            NTLM2FLAG |
+            NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
+    ntlm_print_flags(stderr,
+                     NTLMFLAG_NEGOTIATE_OEM |
+                     NTLMFLAG_REQUEST_TARGET |
+                     NTLMFLAG_NEGOTIATE_NTLM_KEY |
+                     NTLM2FLAG |
+                     NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
+    fprintf(stderr, "\n****\n");
+  });
+
+  /* Return with binary blob encoded into base64 */
+#ifdef USE_WINDOWS_SSPI
+  return Curl_base64_encode(NULL, (char *)ntlm->output_token, size,
+                            outptr, outlen);
+#else
+  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
+#endif
+}
+
+/*
+ * Curl_ntlm_create_type3_message()
+ *
+ * This is used to generate an already encoded NTLM type-3 message ready for
+ * sending to the recipient, be it a HTTP or SASL based (such as SMTP, POP3
+ * or IMAP) server, using the appropriate compile time crypo API.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
+                                        const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr,
+                                        size_t *outlen)
+{
+  /* NTLM type-3 message structure:
+
+          Index  Description            Content
+            0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
+                                        (0x4e544c4d53535000)
+            8    NTLM Message Type      long (0x03000000)
+           12    LM/LMv2 Response       security buffer
+           20    NTLM/NTLMv2 Response   security buffer
+           28    Target Name            security buffer
+           36    User Name              security buffer
+           44    Workstation Name       security buffer
+          (52)   Session Key            security buffer (*)
+          (60)   Flags                  long (*)
+          (64)   OS Version Structure   8 bytes (*)
+  52 (64) (72)   Start of data block
+                                          (*) -> Optional
+  */
+
+  size_t size;
+
+#ifdef USE_WINDOWS_SSPI
+  CURLcode result = CURLE_OK;
+  SecBuffer type_2_buf;
+  SecBuffer type_3_buf;
+  SecBufferDesc type_2_desc;
+  SecBufferDesc type_3_desc;
+  SECURITY_STATUS status;
+  unsigned long attrs;
+  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
+
+  (void)passwdp;
+  (void)userp;
+  (void)data;
+
+  /* Setup the type-2 "input" security buffer */
+  type_2_desc.ulVersion = SECBUFFER_VERSION;
+  type_2_desc.cBuffers  = 1;
+  type_2_desc.pBuffers  = &type_2_buf;
+  type_2_buf.BufferType = SECBUFFER_TOKEN;
+  type_2_buf.pvBuffer   = ntlm->type_2;
+  type_2_buf.cbBuffer   = ntlm->n_type_2;
+
+  /* Setup the type-3 "output" security buffer */
+  type_3_desc.ulVersion = SECBUFFER_VERSION;
+  type_3_desc.cBuffers  = 1;
+  type_3_desc.pBuffers  = &type_3_buf;
+  type_3_buf.BufferType = SECBUFFER_TOKEN;
+  type_3_buf.pvBuffer   = ntlm->output_token;
+  type_3_buf.cbBuffer   = curlx_uztoul(ntlm->max_token_length);
+
+  /* Generate our type-3 message */
+  status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
+                                               &ntlm->c_handle,
+                                               (TCHAR *) TEXT(""),
+                                               ISC_REQ_CONFIDENTIALITY |
+                                               ISC_REQ_REPLAY_DETECT |
+                                               ISC_REQ_CONNECTION,
+                                               0, SECURITY_NETWORK_DREP,
+                                               &type_2_desc,
+                                               0, &ntlm->c_handle,
+                                               &type_3_desc,
+                                               &attrs, &tsDummy);
+  if(status != SEC_E_OK)
+    return CURLE_RECV_ERROR;
+
+  size = type_3_buf.cbBuffer;
+
+  /* Return with binary blob encoded into base64 */
+  result = Curl_base64_encode(NULL, (char *)ntlm->output_token, size,
+                              outptr, outlen);
+
+  Curl_ntlm_sspi_cleanup(ntlm);
+
+  return result;
+
+#else
+
+  unsigned char ntlmbuf[NTLM_BUFSIZE];
+  int lmrespoff;
+  unsigned char lmresp[24]; /* fixed-size */
+#if USE_NTRESPONSES
+  int ntrespoff;
+  unsigned int ntresplen = 24;
+  unsigned char ntresp[24]; /* fixed-size */
+  unsigned char *ptr_ntresp = &ntresp[0];
+  unsigned char *ntlmv2resp = NULL;
+#endif
+  bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE;
+  char host[HOSTNAME_MAX + 1] = "";
+  const char *user;
+  const char *domain = "";
+  size_t hostoff = 0;
+  size_t useroff = 0;
+  size_t domoff = 0;
+  size_t hostlen = 0;
+  size_t userlen = 0;
+  size_t domlen = 0;
+  CURLcode res = CURLE_OK;
+
+  user = strchr(userp, '\\');
+  if(!user)
+    user = strchr(userp, '/');
+
+  if(user) {
+    domain = userp;
+    domlen = (user - domain);
+    user++;
+  }
+  else
+    user = userp;
+
+  if(user)
+    userlen = strlen(user);
+
+  /* Get the machine's un-qualified host name as NTLM doesn't like the fully
+     qualified domain name */
+  if(Curl_gethostname(host, sizeof(host))) {
+    infof(data, "gethostname() failed, continuing without!\n");
+    hostlen = 0;
+  }
+  else {
+    hostlen = strlen(host);
+  }
+
+#if USE_NTRESPONSES
+  if(ntlm->target_info_len) {
+    unsigned char ntbuffer[0x18];
+    unsigned int entropy[2];
+    unsigned char ntlmv2hash[0x18];
+
+    entropy[0] = Curl_rand(data);
+    entropy[1] = Curl_rand(data);
+
+    res = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
+    if(res)
+      return res;
+
+    res = Curl_ntlm_core_mk_ntlmv2_hash(user, userlen, domain, domlen,
+                                        ntbuffer, ntlmv2hash);
+    if(res)
+      return res;
+
+    /* LMv2 response */
+    res = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash,
+                                      (unsigned char *)&entropy[0],
+                                      &ntlm->nonce[0], lmresp);
+    if(res)
+      return res;
+
+    /* NTLMv2 response */
+    res = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash,
+                                        (unsigned char *)&entropy[0],
+                                        ntlm, &ntlmv2resp, &ntresplen);
+    if(res)
+      return res;
+
+    ptr_ntresp = ntlmv2resp;
+  }
+  else
+#endif
+
+#if USE_NTLM2SESSION
+  /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
+  if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
+    unsigned char ntbuffer[0x18];
+    unsigned char tmp[0x18];
+    unsigned char md5sum[MD5_DIGEST_LENGTH];
+    unsigned int entropy[2];
+
+    /* Need to create 8 bytes random data */
+    entropy[0] = Curl_rand(data);
+    entropy[1] = Curl_rand(data);
+
+    /* 8 bytes random data as challenge in lmresp */
+    memcpy(lmresp, entropy, 8);
+
+    /* Pad with zeros */
+    memset(lmresp + 8, 0, 0x10);
+
+    /* Fill tmp with challenge(nonce?) + entropy */
+    memcpy(tmp, &ntlm->nonce[0], 8);
+    memcpy(tmp + 8, entropy, 8);
+
+    Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH);
+
+    /* We shall only use the first 8 bytes of md5sum, but the des
+       code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
+    if(CURLE_OUT_OF_MEMORY ==
+       Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
+      return CURLE_OUT_OF_MEMORY;
+
+    Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp);
+
+    /* End of NTLM2 Session code */
+
+  }
+  else
+#endif
+  {
+
+#if USE_NTRESPONSES
+    unsigned char ntbuffer[0x18];
+#endif
+    unsigned char lmbuffer[0x18];
+
+#if USE_NTRESPONSES
+    if(CURLE_OUT_OF_MEMORY ==
+       Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
+      return CURLE_OUT_OF_MEMORY;
+    Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], ntresp);
+#endif
+
+    Curl_ntlm_core_mk_lm_hash(data, passwdp, lmbuffer);
+    Curl_ntlm_core_lm_resp(lmbuffer, &ntlm->nonce[0], lmresp);
+    /* A safer but less compatible alternative is:
+     *   Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], lmresp);
+     * See http://davenport.sourceforge.net/ntlm.html#ntlmVersion2 */
+  }
+
+  if(unicode) {
+    domlen = domlen * 2;
+    userlen = userlen * 2;
+    hostlen = hostlen * 2;
+  }
+
+  lmrespoff = 64; /* size of the message header */
+#if USE_NTRESPONSES
+  ntrespoff = lmrespoff + 0x18;
+  domoff = ntrespoff + ntresplen;
+#else
+  domoff = lmrespoff + 0x18;
+#endif
+  useroff = domoff + domlen;
+  hostoff = useroff + userlen;
+
+  /* Create the big type-3 message binary blob */
+  size = snprintf((char *)ntlmbuf, NTLM_BUFSIZE,
+                  NTLMSSP_SIGNATURE "%c"
+                  "\x03%c%c%c"  /* 32-bit type = 3 */
+
+                  "%c%c"  /* LanManager length */
+                  "%c%c"  /* LanManager allocated space */
+                  "%c%c"  /* LanManager offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* NT-response length */
+                  "%c%c"  /* NT-response allocated space */
+                  "%c%c"  /* NT-response offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* domain length */
+                  "%c%c"  /* domain allocated space */
+                  "%c%c"  /* domain name offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* user length */
+                  "%c%c"  /* user allocated space */
+                  "%c%c"  /* user offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* host length */
+                  "%c%c"  /* host allocated space */
+                  "%c%c"  /* host offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* session key length (unknown purpose) */
+                  "%c%c"  /* session key allocated space (unknown purpose) */
+                  "%c%c"  /* session key offset (unknown purpose) */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c%c%c",  /* flags */
+
+                  /* domain string */
+                  /* user string */
+                  /* host string */
+                  /* LanManager response */
+                  /* NT response */
+
+                  0,                /* zero termination */
+                  0, 0, 0,          /* type-3 long, the 24 upper bits */
+
+                  SHORTPAIR(0x18),  /* LanManager response length, twice */
+                  SHORTPAIR(0x18),
+                  SHORTPAIR(lmrespoff),
+                  0x0, 0x0,
+
+#if USE_NTRESPONSES
+                  SHORTPAIR(ntresplen),  /* NT-response length, twice */
+                  SHORTPAIR(ntresplen),
+                  SHORTPAIR(ntrespoff),
+                  0x0, 0x0,
+#else
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+#endif
+                  SHORTPAIR(domlen),
+                  SHORTPAIR(domlen),
+                  SHORTPAIR(domoff),
+                  0x0, 0x0,
+
+                  SHORTPAIR(userlen),
+                  SHORTPAIR(userlen),
+                  SHORTPAIR(useroff),
+                  0x0, 0x0,
+
+                  SHORTPAIR(hostlen),
+                  SHORTPAIR(hostlen),
+                  SHORTPAIR(hostoff),
+                  0x0, 0x0,
+
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+
+                  LONGQUARTET(ntlm->flags));
+
+  DEBUGASSERT(size == 64);
+  DEBUGASSERT(size == (size_t)lmrespoff);
+
+  /* We append the binary hashes */
+  if(size < (NTLM_BUFSIZE - 0x18)) {
+    memcpy(&ntlmbuf[size], lmresp, 0x18);
+    size += 0x18;
+  }
+
+  DEBUG_OUT({
+    fprintf(stderr, "**** TYPE3 header lmresp=");
+    ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18);
+  });
+
+#if USE_NTRESPONSES
+  if(size < (NTLM_BUFSIZE - ntresplen)) {
+    DEBUGASSERT(size == (size_t)ntrespoff);
+    memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
+    size += ntresplen;
+  }
+
+  DEBUG_OUT({
+    fprintf(stderr, "\n   ntresp=");
+    ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], ntresplen);
+  });
+
+  Curl_safefree(ntlmv2resp);/* Free the dynamic buffer allocated for NTLMv2 */
+
+#endif
+
+  DEBUG_OUT({
+    fprintf(stderr, "\n   flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ",
+            LONGQUARTET(ntlm->flags), ntlm->flags);
+    ntlm_print_flags(stderr, ntlm->flags);
+    fprintf(stderr, "\n****\n");
+  });
+
+  /* Make sure that the domain, user and host strings fit in the
+     buffer before we copy them there. */
+  if(size + userlen + domlen + hostlen >= NTLM_BUFSIZE) {
+    failf(data, "user + domain + host name too big");
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  DEBUGASSERT(size == domoff);
+  if(unicode)
+    unicodecpy(&ntlmbuf[size], domain, domlen / 2);
+  else
+    memcpy(&ntlmbuf[size], domain, domlen);
+
+  size += domlen;
+
+  DEBUGASSERT(size == useroff);
+  if(unicode)
+    unicodecpy(&ntlmbuf[size], user, userlen / 2);
+  else
+    memcpy(&ntlmbuf[size], user, userlen);
+
+  size += userlen;
+
+  DEBUGASSERT(size == hostoff);
+  if(unicode)
+    unicodecpy(&ntlmbuf[size], host, hostlen / 2);
+  else
+    memcpy(&ntlmbuf[size], host, hostlen);
+
+  size += hostlen;
+
+  /* Convert domain, user, and host to ASCII but leave the rest as-is */
+  res = Curl_convert_to_network(data, (char *)&ntlmbuf[domoff],
+                                size - domoff);
+  if(res)
+    return CURLE_CONV_FAILED;
+
+  /* Return with binary blob encoded into base64 */
+  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
+#endif
+}
+
+#endif /* USE_NTLM */
diff --git a/Utilities/cmcurl/http_ntlm.h b/Utilities/cmcurl/lib/curl_ntlm_msgs.h
index a8de220..80413c8 100644
--- a/Utilities/cmcurl/http_ntlm.h
+++ b/Utilities/cmcurl/lib/curl_ntlm_msgs.h
@@ -1,5 +1,5 @@
-#ifndef __HTTP_NTLM_H
-#define __HTTP_NTLM_H
+#ifndef HEADER_CURL_NTLM_MSGS_H
+#define HEADER_CURL_NTLM_MSGS_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,29 +20,51 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-typedef enum {
-  CURLNTLM_NONE, /* not a ntlm */
-  CURLNTLM_BAD,  /* an ntlm, but one we don't like */
-  CURLNTLM_FIRST, /* the first 401-reply we got with NTLM */
-  CURLNTLM_FINE, /* an ntlm we act on */
-
-  CURLNTLM_LAST  /* last entry in this enum, don't use */
-} CURLntlm;
-
-/* this is for ntlm header input */
-CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy, char *header);
-
-/* this is for creating ntlm header output */
-CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
-
-void Curl_ntlm_cleanup(struct connectdata *conn);
-#ifndef USE_NTLM
-#define Curl_ntlm_cleanup(x)
+#include "curl_setup.h"
+
+#ifdef USE_NTLM
+
+/* This is to generate a base64 encoded NTLM type-1 message */
+CURLcode Curl_ntlm_create_type1_message(const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr,
+                                        size_t *outlen);
+
+/* This is to generate a base64 encoded NTLM type-3 message */
+CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
+                                        const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr,
+                                        size_t *outlen);
+
+/* This is to decode a NTLM type-2 message */
+CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
+                                        const char* header,
+                                        struct ntlmdata* ntlm);
+
+/* This is to decode target info received in NTLM type-2 message */
+CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
+                                       unsigned char* buffer,
+                                       size_t size,
+                                       struct ntlmdata* ntlm);
+
+
+/* This is to clean up the ntlm data structure */
+#ifdef USE_WINDOWS_SSPI
+void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
+#else
+#define Curl_ntlm_sspi_cleanup(x)
 #endif
 
+/* NTLM buffer fixed size, large enough for long user + host + domain */
+#define NTLM_BUFSIZE 1024
+
+/* Stuff only required for curl_ntlm_msgs.c */
+#ifdef BUILDING_CURL_NTLM_MSGS_C
 
 /* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */
 
@@ -67,7 +89,7 @@ void Curl_ntlm_cleanup(struct connectdata *conn);
    should be encrypted (message confidentiality). */
 
 #define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE        (1<<6)
-/* unknown purpose */
+/* Indicates that datagram authentication is being used. */
 
 #define NTLMFLAG_NEGOTIATE_LM_KEY                (1<<7)
 /* Indicates that the LAN Manager session key should be used for signing and
@@ -80,7 +102,10 @@ void Curl_ntlm_cleanup(struct connectdata *conn);
 /* Indicates that NTLM authentication is being used. */
 
 /* unknown (1<<10) */
-/* unknown (1<<11) */
+
+#define NTLMFLAG_NEGOTIATE_ANONYMOUS             (1<<11)
+/* Sent by the client in the Type 3 message to indicate that an anonymous
+   context has been established. This also affects the response fields. */
 
 #define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED       (1<<12)
 /* Sent by the client in the Type 1 message to indicate that a desired
@@ -139,8 +164,14 @@ void Curl_ntlm_cleanup(struct connectdata *conn);
 /* Indicates that 128-bit encryption is supported. */
 
 #define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE          (1<<30)
-/* unknown purpose */
+/* Indicates that the client will provide an encrypted master key in
+   the "Session Key" field of the Type 3 message. */
 
 #define NTLMFLAG_NEGOTIATE_56                    (1<<31)
 /* Indicates that 56-bit encryption is supported. */
-#endif
+
+#endif /* BUILDING_CURL_NTLM_MSGS_C */
+
+#endif /* USE_NTLM */
+
+#endif /* HEADER_CURL_NTLM_MSGS_H */
diff --git a/Utilities/cmcurl/lib/curl_ntlm_wb.c b/Utilities/cmcurl/lib/curl_ntlm_wb.c
new file mode 100644
index 0000000..23ee726
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_ntlm_wb.c
@@ -0,0 +1,435 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#define DEBUG_ME 0
+
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "select.h"
+#include "curl_ntlm_msgs.h"
+#include "curl_ntlm_wb.h"
+#include "url.h"
+#include "strerror.h"
+#include "curl_memory.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if DEBUG_ME
+# define DEBUG_OUT(x) x
+#else
+# define DEBUG_OUT(x) Curl_nop_stmt
+#endif
+
+/* Portable 'sclose_nolog' used only in child process instead of 'sclose'
+   to avoid fooling the socket leak detector */
+#if defined(HAVE_CLOSESOCKET)
+#  define sclose_nolog(x)  closesocket((x))
+#elif defined(HAVE_CLOSESOCKET_CAMEL)
+#  define sclose_nolog(x)  CloseSocket((x))
+#else
+#  define sclose_nolog(x)  close((x))
+#endif
+
+void Curl_ntlm_wb_cleanup(struct connectdata *conn)
+{
+  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
+    sclose(conn->ntlm_auth_hlpr_socket);
+    conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
+  }
+
+  if(conn->ntlm_auth_hlpr_pid) {
+    int i;
+    for(i = 0; i < 4; i++) {
+      pid_t ret = waitpid(conn->ntlm_auth_hlpr_pid, NULL, WNOHANG);
+      if(ret == conn->ntlm_auth_hlpr_pid || errno == ECHILD)
+        break;
+      switch(i) {
+      case 0:
+        kill(conn->ntlm_auth_hlpr_pid, SIGTERM);
+        break;
+      case 1:
+        /* Give the process another moment to shut down cleanly before
+           bringing down the axe */
+        Curl_wait_ms(1);
+        break;
+      case 2:
+        kill(conn->ntlm_auth_hlpr_pid, SIGKILL);
+        break;
+      case 3:
+        break;
+      }
+    }
+    conn->ntlm_auth_hlpr_pid = 0;
+  }
+
+  Curl_safefree(conn->challenge_header);
+  conn->challenge_header = NULL;
+  Curl_safefree(conn->response_header);
+  conn->response_header = NULL;
+}
+
+static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
+{
+  curl_socket_t sockfds[2];
+  pid_t child_pid;
+  const char *username;
+  char *slash, *domain = NULL;
+  const char *ntlm_auth = NULL;
+  char *ntlm_auth_alloc = NULL;
+#if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID)
+  struct passwd pw, *pw_res;
+  char pwbuf[1024];
+#endif
+  int error;
+
+  /* Return if communication with ntlm_auth already set up */
+  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD ||
+     conn->ntlm_auth_hlpr_pid)
+    return CURLE_OK;
+
+  username = userp;
+  /* The real ntlm_auth really doesn't like being invoked with an
+     empty username. It won't make inferences for itself, and expects
+     the client to do so (mostly because it's really designed for
+     servers like squid to use for auth, and client support is an
+     afterthought for it). So try hard to provide a suitable username
+     if we don't already have one. But if we can't, provide the
+     empty one anyway. Perhaps they have an implementation of the
+     ntlm_auth helper which *doesn't* need it so we might as well try */
+  if(!username || !username[0]) {
+    username = getenv("NTLMUSER");
+    if(!username || !username[0])
+      username = getenv("LOGNAME");
+    if(!username || !username[0])
+      username = getenv("USER");
+#if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID)
+    if((!username || !username[0]) &&
+       !getpwuid_r(geteuid(), &pw, pwbuf, sizeof(pwbuf), &pw_res) &&
+       pw_res) {
+      username = pw.pw_name;
+    }
+#endif
+    if(!username || !username[0])
+      username = userp;
+  }
+  slash = strpbrk(username, "\\/");
+  if(slash) {
+    if((domain = strdup(username)) == NULL)
+      return CURLE_OUT_OF_MEMORY;
+    slash = domain + (slash - username);
+    *slash = '\0';
+    username = username + (slash - domain) + 1;
+  }
+
+  /* For testing purposes, when DEBUGBUILD is defined and environment
+     variable CURL_NTLM_WB_FILE is set a fake_ntlm is used to perform
+     NTLM challenge/response which only accepts commands and output
+     strings pre-written in test case definitions */
+#ifdef DEBUGBUILD
+  ntlm_auth_alloc = curl_getenv("CURL_NTLM_WB_FILE");
+  if(ntlm_auth_alloc)
+    ntlm_auth = ntlm_auth_alloc;
+  else
+#endif
+    ntlm_auth = NTLM_WB_FILE;
+
+  if(access(ntlm_auth, X_OK) != 0) {
+    error = ERRNO;
+    failf(conn->data, "Could not access ntlm_auth: %s errno %d: %s",
+          ntlm_auth, error, Curl_strerror(conn, error));
+    goto done;
+  }
+
+  if(socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) {
+    error = ERRNO;
+    failf(conn->data, "Could not open socket pair. errno %d: %s",
+          error, Curl_strerror(conn, error));
+    goto done;
+  }
+
+  child_pid = fork();
+  if(child_pid == -1) {
+    error = ERRNO;
+    sclose(sockfds[0]);
+    sclose(sockfds[1]);
+    failf(conn->data, "Could not fork. errno %d: %s",
+          error, Curl_strerror(conn, error));
+    goto done;
+  }
+  else if(!child_pid) {
+    /*
+     * child process
+     */
+
+    /* Don't use sclose in the child since it fools the socket leak detector */
+    sclose_nolog(sockfds[0]);
+    if(dup2(sockfds[1], STDIN_FILENO) == -1) {
+      error = ERRNO;
+      failf(conn->data, "Could not redirect child stdin. errno %d: %s",
+            error, Curl_strerror(conn, error));
+      exit(1);
+    }
+
+    if(dup2(sockfds[1], STDOUT_FILENO) == -1) {
+      error = ERRNO;
+      failf(conn->data, "Could not redirect child stdout. errno %d: %s",
+            error, Curl_strerror(conn, error));
+      exit(1);
+    }
+
+    if(domain)
+      execl(ntlm_auth, ntlm_auth,
+            "--helper-protocol", "ntlmssp-client-1",
+            "--use-cached-creds",
+            "--username", username,
+            "--domain", domain,
+            NULL);
+    else
+      execl(ntlm_auth, ntlm_auth,
+            "--helper-protocol", "ntlmssp-client-1",
+            "--use-cached-creds",
+            "--username", username,
+            NULL);
+
+    error = ERRNO;
+    sclose_nolog(sockfds[1]);
+    failf(conn->data, "Could not execl(). errno %d: %s",
+          error, Curl_strerror(conn, error));
+    exit(1);
+  }
+
+  sclose(sockfds[1]);
+  conn->ntlm_auth_hlpr_socket = sockfds[0];
+  conn->ntlm_auth_hlpr_pid = child_pid;
+  Curl_safefree(domain);
+  Curl_safefree(ntlm_auth_alloc);
+  return CURLE_OK;
+
+done:
+  Curl_safefree(domain);
+  Curl_safefree(ntlm_auth_alloc);
+  return CURLE_REMOTE_ACCESS_DENIED;
+}
+
+static CURLcode ntlm_wb_response(struct connectdata *conn,
+                                 const char *input, curlntlm state)
+{
+  char *buf = malloc(NTLM_BUFSIZE);
+  size_t len_in = strlen(input), len_out = 0;
+
+  if(!buf)
+    return CURLE_OUT_OF_MEMORY;
+
+  while(len_in > 0) {
+    ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
+    if(written == -1) {
+      /* Interrupted by a signal, retry it */
+      if(errno == EINTR)
+        continue;
+      /* write failed if other errors happen */
+      goto done;
+    }
+    input += written;
+    len_in -= written;
+  }
+  /* Read one line */
+  while(1) {
+    ssize_t size;
+    char *newbuf;
+
+    size = sread(conn->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE);
+    if(size == -1) {
+      if(errno == EINTR)
+        continue;
+      goto done;
+    }
+    else if(size == 0)
+      goto done;
+
+    len_out += size;
+    if(buf[len_out - 1] == '\n') {
+      buf[len_out - 1] = '\0';
+      goto wrfinish;
+    }
+    newbuf = realloc(buf, len_out + NTLM_BUFSIZE);
+    if(!newbuf) {
+      free(buf);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    buf = newbuf;
+  }
+  goto done;
+wrfinish:
+  /* Samba/winbind installed but not configured */
+  if(state == NTLMSTATE_TYPE1 &&
+     len_out == 3 &&
+     buf[0] == 'P' && buf[1] == 'W')
+    return CURLE_REMOTE_ACCESS_DENIED;
+  /* invalid response */
+  if(len_out < 4)
+    goto done;
+  if(state == NTLMSTATE_TYPE1 &&
+     (buf[0]!='Y' || buf[1]!='R' || buf[2]!=' '))
+    goto done;
+  if(state == NTLMSTATE_TYPE2 &&
+     (buf[0]!='K' || buf[1]!='K' || buf[2]!=' ') &&
+     (buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
+    goto done;
+
+  conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3);
+  free(buf);
+  return CURLE_OK;
+done:
+  free(buf);
+  return CURLE_REMOTE_ACCESS_DENIED;
+}
+
+/*
+ * This is for creating ntlm header output by delegating challenge/response
+ * to Samba's winbind daemon helper ntlm_auth.
+ */
+CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
+                              bool proxy)
+{
+  /* point to the address of the pointer that holds the string to send to the
+     server, which is for a plain host or for a HTTP proxy */
+  char **allocuserpwd;
+  /* point to the name and password for this */
+  const char *userp;
+  /* point to the correct struct with this */
+  struct ntlmdata *ntlm;
+  struct auth *authp;
+
+  CURLcode res = CURLE_OK;
+  char *input;
+
+  DEBUGASSERT(conn);
+  DEBUGASSERT(conn->data);
+
+  if(proxy) {
+    allocuserpwd = &conn->allocptr.proxyuserpwd;
+    userp = conn->proxyuser;
+    ntlm = &conn->proxyntlm;
+    authp = &conn->data->state.authproxy;
+  }
+  else {
+    allocuserpwd = &conn->allocptr.userpwd;
+    userp = conn->user;
+    ntlm = &conn->ntlm;
+    authp = &conn->data->state.authhost;
+  }
+  authp->done = FALSE;
+
+  /* not set means empty */
+  if(!userp)
+    userp="";
+
+  switch(ntlm->state) {
+  case NTLMSTATE_TYPE1:
+  default:
+    /* Use Samba's 'winbind' daemon to support NTLM authentication,
+     * by delegating the NTLM challenge/response protocal to a helper
+     * in ntlm_auth.
+     * http://devel.squid-cache.org/ntlm/squid_helper_protocol.html
+     * http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
+     * http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
+     * Preprocessor symbol 'NTLM_WB_ENABLED' is defined when this
+     * feature is enabled and 'NTLM_WB_FILE' symbol holds absolute
+     * filename of ntlm_auth helper.
+     * If NTLM authentication using winbind fails, go back to original
+     * request handling process.
+     */
+    /* Create communication with ntlm_auth */
+    res = ntlm_wb_init(conn, userp);
+    if(res)
+      return res;
+    res = ntlm_wb_response(conn, "YR\n", ntlm->state);
+    if(res)
+      return res;
+
+    Curl_safefree(*allocuserpwd);
+    *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
+                            proxy ? "Proxy-" : "",
+                            conn->response_header);
+    DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
+    Curl_safefree(conn->response_header);
+    conn->response_header = NULL;
+    break;
+  case NTLMSTATE_TYPE2:
+    input = aprintf("TT %s\n", conn->challenge_header);
+    if(!input)
+      return CURLE_OUT_OF_MEMORY;
+    res = ntlm_wb_response(conn, input, ntlm->state);
+    free(input);
+    input = NULL;
+    if(res)
+      return res;
+
+    Curl_safefree(*allocuserpwd);
+    *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
+                            proxy ? "Proxy-" : "",
+                            conn->response_header);
+    DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
+    ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
+    authp->done = TRUE;
+    Curl_ntlm_wb_cleanup(conn);
+    break;
+  case NTLMSTATE_TYPE3:
+    /* connection is already authenticated,
+     * don't send a header in future requests */
+    if(*allocuserpwd) {
+      free(*allocuserpwd);
+      *allocuserpwd=NULL;
+    }
+    authp->done = TRUE;
+    break;
+  }
+
+  return CURLE_OK;
+}
+
+#endif /* USE_NTLM && NTLM_WB_ENABLED */
diff --git a/Utilities/cmcurl/strequal.h b/Utilities/cmcurl/lib/curl_ntlm_wb.h
index 6718c3c0..db6bc16 100644
--- a/Utilities/cmcurl/strequal.h
+++ b/Utilities/cmcurl/lib/curl_ntlm_wb.h
@@ -1,5 +1,5 @@
-#ifndef __STREQUAL_H
-#define __STREQUAL_H
+#ifndef HEADER_CURL_NTLM_WB_H
+#define HEADER_CURL_NTLM_WB_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,19 +20,18 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include <curl/curl.h>
+#include "curl_setup.h"
 
-#define strequal(a,b) curl_strequal(a,b)
-#define strnequal(a,b,c) curl_strnequal(a,b,c)
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
 
-/* checkprefix() is a shorter version of the above, used when the first
-   argument is zero-byte terminated */
-#define checkprefix(a,b)    strnequal(a,b,strlen(a))
+/* this is for creating ntlm header output by delegating challenge/response
+   to Samba's winbind daemon helper ntlm_auth */
+CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);
 
-/* case insensitive strstr() */
-char *Curl_strcasestr(const char *haystack, const char *needle);
+void Curl_ntlm_wb_cleanup(struct connectdata *conn);
 
-#endif
+#endif /* USE_NTLM && NTLM_WB_ENABLED */
+
+#endif /* HEADER_CURL_NTLM_WB_H */
diff --git a/Utilities/cmcurl/lib/curl_rtmp.c b/Utilities/cmcurl/lib/curl_rtmp.c
new file mode 100644
index 0000000..e0c24b0
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_rtmp.c
@@ -0,0 +1,311 @@
+/***************************************************************************
+ *                      _   _ ____  _
+ *  Project         ___| | | |  _ \| |
+ *                 / __| | | | |_) | |
+ *                | (__| |_| |  _ <| |___
+ *                 \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010, Howard Chu, <hyc@highlandsun.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_LIBRTMP
+
+#include "urldata.h"
+#include "nonblock.h" /* for curlx_nonblock */
+#include "progress.h" /* for Curl_pgrsSetUploadSize */
+#include "transfer.h"
+#include "warnless.h"
+#include <curl/curl.h>
+#include <librtmp/rtmp.h>
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifdef _WIN32
+#define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
+#define SET_RCVTIMEO(tv,s)   int tv = s*1000
+#else
+#define SET_RCVTIMEO(tv,s)   struct timeval tv = {s,0}
+#endif
+
+#define DEF_BUFTIME    (2*60*60*1000)    /* 2 hours */
+
+static CURLcode rtmp_setup(struct connectdata *conn);
+static CURLcode rtmp_do(struct connectdata *conn, bool *done);
+static CURLcode rtmp_done(struct connectdata *conn, CURLcode, bool premature);
+static CURLcode rtmp_connect(struct connectdata *conn, bool *done);
+static CURLcode rtmp_disconnect(struct connectdata *conn, bool dead);
+
+static Curl_recv rtmp_recv;
+static Curl_send rtmp_send;
+
+/*
+ * RTMP protocol handler.h, based on http://rtmpdump.mplayerhq.hu
+ */
+
+const struct Curl_handler Curl_handler_rtmp = {
+  "RTMP",                               /* scheme */
+  rtmp_setup,                           /* setup_connection */
+  rtmp_do,                              /* do_it */
+  rtmp_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  rtmp_connect,                         /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_RTMP,                            /* defport */
+  CURLPROTO_RTMP,                       /* protocol */
+  PROTOPT_NONE                          /* flags*/
+};
+
+const struct Curl_handler Curl_handler_rtmpt = {
+  "RTMPT",                              /* scheme */
+  rtmp_setup,                           /* setup_connection */
+  rtmp_do,                              /* do_it */
+  rtmp_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  rtmp_connect,                         /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_RTMPT,                           /* defport */
+  CURLPROTO_RTMPT,                      /* protocol */
+  PROTOPT_NONE                          /* flags*/
+};
+
+const struct Curl_handler Curl_handler_rtmpe = {
+  "RTMPE",                              /* scheme */
+  rtmp_setup,                           /* setup_connection */
+  rtmp_do,                              /* do_it */
+  rtmp_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  rtmp_connect,                         /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_RTMP,                            /* defport */
+  CURLPROTO_RTMPE,                      /* protocol */
+  PROTOPT_NONE                          /* flags*/
+};
+
+const struct Curl_handler Curl_handler_rtmpte = {
+  "RTMPTE",                             /* scheme */
+  rtmp_setup,                           /* setup_connection */
+  rtmp_do,                              /* do_it */
+  rtmp_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  rtmp_connect,                         /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_RTMPT,                           /* defport */
+  CURLPROTO_RTMPTE,                     /* protocol */
+  PROTOPT_NONE                          /* flags*/
+};
+
+const struct Curl_handler Curl_handler_rtmps = {
+  "RTMPS",                              /* scheme */
+  rtmp_setup,                           /* setup_connection */
+  rtmp_do,                              /* do_it */
+  rtmp_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  rtmp_connect,                         /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_RTMPS,                           /* defport */
+  CURLPROTO_RTMPS,                      /* protocol */
+  PROTOPT_NONE                          /* flags*/
+};
+
+const struct Curl_handler Curl_handler_rtmpts = {
+  "RTMPTS",                             /* scheme */
+  rtmp_setup,                           /* setup_connection */
+  rtmp_do,                              /* do_it */
+  rtmp_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  rtmp_connect,                         /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_RTMPS,                           /* defport */
+  CURLPROTO_RTMPTS,                     /* protocol */
+  PROTOPT_NONE                          /* flags*/
+};
+
+static CURLcode rtmp_setup(struct connectdata *conn)
+{
+  RTMP *r = RTMP_Alloc();
+
+  if(!r)
+    return CURLE_OUT_OF_MEMORY;
+
+  RTMP_Init(r);
+  RTMP_SetBufferMS(r, DEF_BUFTIME);
+  if(!RTMP_SetupURL(r, conn->data->change.url)) {
+    RTMP_Free(r);
+    return CURLE_URL_MALFORMAT;
+  }
+  conn->proto.generic = r;
+  return CURLE_OK;
+}
+
+static CURLcode rtmp_connect(struct connectdata *conn, bool *done)
+{
+  RTMP *r = conn->proto.generic;
+  SET_RCVTIMEO(tv,10);
+
+  r->m_sb.sb_socket = conn->sock[FIRSTSOCKET];
+
+  /* We have to know if it's a write before we send the
+   * connect request packet
+   */
+  if(conn->data->set.upload)
+    r->Link.protocol |= RTMP_FEATURE_WRITE;
+
+  /* For plain streams, use the buffer toggle trick to keep data flowing */
+  if(!(r->Link.lFlags & RTMP_LF_LIVE) &&
+     !(r->Link.protocol & RTMP_FEATURE_HTTP))
+    r->Link.lFlags |= RTMP_LF_BUFX;
+
+  curlx_nonblock(r->m_sb.sb_socket, FALSE);
+  setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
+             (char *)&tv, sizeof(tv));
+
+  if(!RTMP_Connect1(r, NULL))
+    return CURLE_FAILED_INIT;
+
+  /* Clients must send a periodic BytesReceived report to the server */
+  r->m_bSendCounter = true;
+
+  *done = TRUE;
+  conn->recv[FIRSTSOCKET] = rtmp_recv;
+  conn->send[FIRSTSOCKET] = rtmp_send;
+  return CURLE_OK;
+}
+
+static CURLcode rtmp_do(struct connectdata *conn, bool *done)
+{
+  RTMP *r = conn->proto.generic;
+
+  if(!RTMP_ConnectStream(r, 0))
+    return CURLE_FAILED_INIT;
+
+  if(conn->data->set.upload) {
+    Curl_pgrsSetUploadSize(conn->data, conn->data->state.infilesize);
+    Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
+  }
+  else
+    Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, NULL, -1, NULL);
+  *done = TRUE;
+  return CURLE_OK;
+}
+
+static CURLcode rtmp_done(struct connectdata *conn, CURLcode status,
+                          bool premature)
+{
+  (void)conn; /* unused */
+  (void)status; /* unused */
+  (void)premature; /* unused */
+
+  return CURLE_OK;
+}
+
+static CURLcode rtmp_disconnect(struct connectdata *conn,
+                                bool dead_connection)
+{
+  RTMP *r = conn->proto.generic;
+  (void)dead_connection;
+  if(r) {
+    conn->proto.generic = NULL;
+    RTMP_Close(r);
+    RTMP_Free(r);
+  }
+  return CURLE_OK;
+}
+
+static ssize_t rtmp_recv(struct connectdata *conn, int sockindex, char *buf,
+                         size_t len, CURLcode *err)
+{
+  RTMP *r = conn->proto.generic;
+  ssize_t nread;
+
+  (void)sockindex; /* unused */
+
+  nread = RTMP_Read(r, buf, curlx_uztosi(len));
+  if(nread < 0) {
+    if(r->m_read.status == RTMP_READ_COMPLETE ||
+        r->m_read.status == RTMP_READ_EOF) {
+      conn->data->req.size = conn->data->req.bytecount;
+      nread = 0;
+    }
+    else
+      *err = CURLE_RECV_ERROR;
+  }
+  return nread;
+}
+
+static ssize_t rtmp_send(struct connectdata *conn, int sockindex,
+                         const void *buf, size_t len, CURLcode *err)
+{
+  RTMP *r = conn->proto.generic;
+  ssize_t num;
+
+  (void)sockindex; /* unused */
+
+  num = RTMP_Write(r, (char *)buf, curlx_uztosi(len));
+  if(num < 0)
+    *err = CURLE_SEND_ERROR;
+
+  return num;
+}
+#endif  /* USE_LIBRTMP */
diff --git a/Utilities/cmcurl/lib/curl_rtmp.h b/Utilities/cmcurl/lib/curl_rtmp.h
new file mode 100644
index 0000000..4a9e9e6
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_rtmp.h
@@ -0,0 +1,33 @@
+#ifndef HEADER_CURL_RTMP_H
+#define HEADER_CURL_RTMP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010, Howard Chu, <hyc@highlandsun.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#ifdef USE_LIBRTMP
+extern const struct Curl_handler Curl_handler_rtmp;
+extern const struct Curl_handler Curl_handler_rtmpt;
+extern const struct Curl_handler Curl_handler_rtmpe;
+extern const struct Curl_handler Curl_handler_rtmpte;
+extern const struct Curl_handler Curl_handler_rtmps;
+extern const struct Curl_handler Curl_handler_rtmpts;
+#endif
+
+#endif /* HEADER_CURL_RTMP_H */
diff --git a/Utilities/cmcurl/lib/curl_sasl.c b/Utilities/cmcurl/lib/curl_sasl.c
new file mode 100644
index 0000000..7e2b8af
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_sasl.c
@@ -0,0 +1,741 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC2195 CRAM-MD5 authentication
+ * RFC2831 DIGEST-MD5 authentication
+ * RFC4422 Simple Authentication and Security Layer (SASL)
+ * RFC4616 PLAIN authentication
+ * RFC6749 OAuth 2.0 Authorization Framework
+ * Draft   LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+#include "urldata.h"
+
+#include "curl_base64.h"
+#include "curl_md5.h"
+#include "vtls/vtls.h"
+#include "curl_hmac.h"
+#include "curl_ntlm_msgs.h"
+#include "curl_sasl.h"
+#include "warnless.h"
+#include "curl_memory.h"
+#include "strtok.h"
+#include "rawstr.h"
+
+#ifdef USE_NSS
+#include "vtls/nssg.h" /* for Curl_nss_force_init() */
+#endif
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if defined(USE_WINDOWS_SSPI)
+extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
+#endif
+
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) && !defined(USE_WINDOWS_SSPI)
+#define DIGEST_QOP_VALUE_AUTH             (1 << 0)
+#define DIGEST_QOP_VALUE_AUTH_INT         (1 << 1)
+#define DIGEST_QOP_VALUE_AUTH_CONF        (1 << 2)
+
+#define DIGEST_QOP_VALUE_STRING_AUTH      "auth"
+#define DIGEST_QOP_VALUE_STRING_AUTH_INT  "auth-int"
+#define DIGEST_QOP_VALUE_STRING_AUTH_CONF "auth-conf"
+
+/* Retrieves the value for a corresponding key from the challenge string
+ * returns TRUE if the key could be found, FALSE if it does not exists
+ */
+static bool sasl_digest_get_key_value(const char *chlg,
+                                      const char *key,
+                                      char *value,
+                                      size_t max_val_len,
+                                      char end_char)
+{
+  char *find_pos;
+  size_t i;
+
+  find_pos = strstr(chlg, key);
+  if(!find_pos)
+    return FALSE;
+
+  find_pos += strlen(key);
+
+  for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i)
+    value[i] = *find_pos++;
+  value[i] = '\0';
+
+  return TRUE;
+}
+
+static CURLcode sasl_digest_get_qop_values(const char *options, int *value)
+{
+  char *tmp;
+  char *token;
+  char *tok_buf;
+
+  /* Initialise the output */
+  *value = 0;
+
+  /* Tokenise the list of qop values. Use a temporary clone of the buffer since
+     strtok_r() ruins it. */
+  tmp = strdup(options);
+  if(!tmp)
+    return CURLE_OUT_OF_MEMORY;
+
+  token = strtok_r(tmp, ",", &tok_buf);
+  while(token != NULL) {
+    if(Curl_raw_equal(token, DIGEST_QOP_VALUE_STRING_AUTH))
+      *value |= DIGEST_QOP_VALUE_AUTH;
+    else if(Curl_raw_equal(token, DIGEST_QOP_VALUE_STRING_AUTH_INT))
+      *value |= DIGEST_QOP_VALUE_AUTH_INT;
+    else if(Curl_raw_equal(token, DIGEST_QOP_VALUE_STRING_AUTH_CONF))
+      *value |= DIGEST_QOP_VALUE_AUTH_CONF;
+
+    token = strtok_r(NULL, ",", &tok_buf);
+  }
+
+  Curl_safefree(tmp);
+
+  return CURLE_OK;
+}
+#endif
+
+#if !defined(USE_WINDOWS_SSPI)
+/*
+ * Curl_sasl_build_spn()
+ *
+ * This is used to build a SPN string in the format service/host.
+ *
+ * Parameters:
+ *
+ * serivce  [in] - The service type such as www, smtp, pop or imap.
+ * instance [in] - The instance name such as the host nme or realm.
+ *
+ * Returns a pointer to the newly allocated SPN.
+ */
+char *Curl_sasl_build_spn(const char *service, const char *host)
+{
+  /* Generate and return our SPN */
+  return aprintf("%s/%s", service, host);
+}
+#endif
+
+/*
+ * Curl_sasl_create_plain_message()
+ *
+ * This is used to generate an already encoded PLAIN message ready
+ * for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * userp   [in]     - The user name.
+ * passdwp [in]     - The user's password.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
+                                        const char *userp,
+                                        const char *passwdp,
+                                        char **outptr, size_t *outlen)
+{
+  CURLcode result;
+  char *plainauth;
+  size_t ulen;
+  size_t plen;
+
+  ulen = strlen(userp);
+  plen = strlen(passwdp);
+
+  plainauth = malloc(2 * ulen + plen + 2);
+  if(!plainauth) {
+    *outlen = 0;
+    *outptr = NULL;
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Calculate the reply */
+  memcpy(plainauth, userp, ulen);
+  plainauth[ulen] = '\0';
+  memcpy(plainauth + ulen + 1, userp, ulen);
+  plainauth[2 * ulen + 1] = '\0';
+  memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
+
+  /* Base64 encode the reply */
+  result = Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
+                              outlen);
+  Curl_safefree(plainauth);
+  return result;
+}
+
+/*
+ * Curl_sasl_create_login_message()
+ *
+ * This is used to generate an already encoded LOGIN message containing the
+ * user name or password ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * valuep  [in]     - The user name or user's password.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
+                                        const char *valuep, char **outptr,
+                                        size_t *outlen)
+{
+  size_t vlen = strlen(valuep);
+
+  if(!vlen) {
+    /* Calculate an empty reply */
+    *outptr = strdup("=");
+    if(*outptr) {
+      *outlen = (size_t) 1;
+      return CURLE_OK;
+    }
+
+    *outlen = 0;
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Base64 encode the value */
+  return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
+}
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+ /*
+ * Curl_sasl_decode_cram_md5_message()
+ *
+ * This is used to decode an already encoded CRAM-MD5 challenge message.
+ *
+ * Parameters:
+ *
+ * chlg64  [in]     - Pointer to the base64 encoded challenge message.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_decode_cram_md5_message(const char *chlg64, char **outptr,
+                                           size_t *outlen)
+{
+  CURLcode result = CURLE_OK;
+  size_t chlg64len = strlen(chlg64);
+
+  *outptr = NULL;
+  *outlen = 0;
+
+  /* Decode the challenge if necessary */
+  if(chlg64len && *chlg64 != '=')
+    result = Curl_base64_decode(chlg64, (unsigned char **) outptr, outlen);
+
+    return result;
+ }
+
+ /*
+ * Curl_sasl_create_cram_md5_message()
+ *
+ * This is used to generate an already encoded CRAM-MD5 response message ready
+ * for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * chlg    [in]     - The challenge.
+ * userp   [in]     - The user name.
+ * passdwp [in]     - The user's password.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
+                                           const char *chlg,
+                                           const char *userp,
+                                           const char *passwdp,
+                                           char **outptr, size_t *outlen)
+{
+  CURLcode result = CURLE_OK;
+  size_t chlglen = 0;
+  HMAC_context *ctxt;
+  unsigned char digest[MD5_DIGEST_LEN];
+  char *response;
+
+  if(chlg)
+    chlglen = strlen(chlg);
+
+  /* Compute the digest using the password as the key */
+  ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
+                        (const unsigned char *) passwdp,
+                        curlx_uztoui(strlen(passwdp)));
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Update the digest with the given challenge */
+  if(chlglen > 0)
+    Curl_HMAC_update(ctxt, (const unsigned char *) chlg,
+                     curlx_uztoui(chlglen));
+
+  /* Finalise the digest */
+  Curl_HMAC_final(ctxt, digest);
+
+  /* Generate the response */
+  response = aprintf(
+      "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+           userp, digest[0], digest[1], digest[2], digest[3], digest[4],
+           digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
+           digest[11], digest[12], digest[13], digest[14], digest[15]);
+  if(!response)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Base64 encode the response */
+  result = Curl_base64_encode(data, response, 0, outptr, outlen);
+
+  Curl_safefree(response);
+
+  return result;
+}
+
+#ifndef USE_WINDOWS_SSPI
+/*
+ * sasl_decode_digest_md5_message()
+ *
+ * This is used internally to decode an already encoded DIGEST-MD5 challenge
+ * message into the seperate attributes.
+ *
+ * Parameters:
+ *
+ * chlg64  [in]     - Pointer to the base64 encoded challenge message.
+ * nonce   [in/out] - The buffer where the nonce will be stored.
+ * nlen    [in]     - The length of the nonce buffer.
+ * realm   [in/out] - The buffer where the realm will be stored.
+ * rlen    [in]     - The length of the realm buffer.
+ * alg     [in/out] - The buffer where the algorithm will be stored.
+ * alen    [in]     - The length of the algorithm buffer.
+ * qop     [in/out] - The buffer where the qop-options will be stored.
+ * qlen    [in]     - The length of the qop buffer.
+ *
+ * Returns CURLE_OK on success.
+ */
+static CURLcode sasl_decode_digest_md5_message(const char *chlg64,
+                                               char *nonce, size_t nlen,
+                                               char *realm, size_t rlen,
+                                               char *alg, size_t alen,
+                                               char *qop, size_t qlen)
+{
+  CURLcode result = CURLE_OK;
+  unsigned char *chlg = NULL;
+  size_t chlglen = 0;
+  size_t chlg64len = strlen(chlg64);
+
+  /* Decode the base-64 encoded challenge message */
+  if(chlg64len && *chlg64 != '=') {
+    result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+    if(result)
+      return result;
+  }
+
+  /* Ensure we have a valid challenge message */
+  if(!chlg)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* Retrieve nonce string from the challenge */
+  if(!sasl_digest_get_key_value((char *)chlg, "nonce=\"", nonce, nlen, '\"')) {
+    Curl_safefree(chlg);
+    return CURLE_BAD_CONTENT_ENCODING;
+  }
+
+  /* Retrieve realm string from the challenge */
+  if(!sasl_digest_get_key_value((char *)chlg, "realm=\"", realm, rlen, '\"')) {
+    /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
+    strcpy(realm, "");
+  }
+
+  /* Retrieve algorithm string from the challenge */
+  if(!sasl_digest_get_key_value((char *)chlg, "algorithm=", alg, alen, ',')) {
+    Curl_safefree(chlg);
+    return CURLE_BAD_CONTENT_ENCODING;
+  }
+
+  /* Retrieve qop-options string from the challenge */
+  if(!sasl_digest_get_key_value((char *)chlg, "qop=\"", qop, qlen, '\"')) {
+    Curl_safefree(chlg);
+    return CURLE_BAD_CONTENT_ENCODING;
+  }
+
+  Curl_safefree(chlg);
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_sasl_create_digest_md5_message()
+ *
+ * This is used to generate an already encoded DIGEST-MD5 response message
+ * ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * chlg64  [in]     - Pointer to the base64 encoded challenge message.
+ * userp   [in]     - The user name.
+ * passdwp [in]     - The user's password.
+ * service [in]     - The service type such as www, smtp, pop or imap.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
+                                             const char *chlg64,
+                                             const char *userp,
+                                             const char *passwdp,
+                                             const char *service,
+                                             char **outptr, size_t *outlen)
+{
+  CURLcode result = CURLE_OK;
+  size_t i;
+  MD5_context *ctxt;
+  char *response = NULL;
+  unsigned char digest[MD5_DIGEST_LEN];
+  char HA1_hex[2 * MD5_DIGEST_LEN + 1];
+  char HA2_hex[2 * MD5_DIGEST_LEN + 1];
+  char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
+  char nonce[64];
+  char realm[128];
+  char algorithm[64];
+  char qop_options[64];
+  int qop_values;
+  char cnonce[33];
+  unsigned int entropy[4];
+  char nonceCount[] = "00000001";
+  char method[]     = "AUTHENTICATE";
+  char qop[]        = DIGEST_QOP_VALUE_STRING_AUTH;
+  char *spn         = NULL;
+
+  /* Decode the challange message */
+  result = sasl_decode_digest_md5_message(chlg64, nonce, sizeof(nonce),
+                                          realm, sizeof(realm),
+                                          algorithm, sizeof(algorithm),
+                                          qop_options, sizeof(qop_options));
+  if(result)
+    return result;
+
+  /* We only support md5 sessions */
+  if(strcmp(algorithm, "md5-sess") != 0)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* Get the qop-values from the qop-options */
+  result = sasl_digest_get_qop_values(qop_options, &qop_values);
+  if(result)
+    return result;
+
+  /* We only support auth quality-of-protection */
+  if(!(qop_values & DIGEST_QOP_VALUE_AUTH))
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* Generate 16 bytes of random data */
+  entropy[0] = Curl_rand(data);
+  entropy[1] = Curl_rand(data);
+  entropy[2] = Curl_rand(data);
+  entropy[3] = Curl_rand(data);
+
+  /* Convert the random data into a 32 byte hex string */
+  snprintf(cnonce, sizeof(cnonce), "%08x%08x%08x%08x",
+           entropy[0], entropy[1], entropy[2], entropy[3]);
+
+  /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) userp,
+                  curlx_uztoui(strlen(userp)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) realm,
+                  curlx_uztoui(strlen(realm)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) passwdp,
+                  curlx_uztoui(strlen(passwdp)));
+  Curl_MD5_final(ctxt, digest);
+
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+                  curlx_uztoui(strlen(nonce)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+                  curlx_uztoui(strlen(cnonce)));
+  Curl_MD5_final(ctxt, digest);
+
+  /* Convert calculated 16 octet hex into 32 bytes string */
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
+
+  /* Generate our SPN */
+  spn = Curl_sasl_build_spn(service, realm);
+  if(!spn)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Calculate H(A2) */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt) {
+    Curl_safefree(spn);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  Curl_MD5_update(ctxt, (const unsigned char *) method,
+                  curlx_uztoui(strlen(method)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) spn,
+                  curlx_uztoui(strlen(spn)));
+  Curl_MD5_final(ctxt, digest);
+
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]);
+
+  /* Now calculate the response hash */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt) {
+    Curl_safefree(spn);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+                  curlx_uztoui(strlen(nonce)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+
+  Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
+                  curlx_uztoui(strlen(nonceCount)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+                  curlx_uztoui(strlen(cnonce)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) qop,
+                  curlx_uztoui(strlen(qop)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+
+  Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
+  Curl_MD5_final(ctxt, digest);
+
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
+
+  /* Generate the response */
+  response = aprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","
+                     "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s,"
+                     "qop=%s",
+                     userp, realm, nonce,
+                     cnonce, nonceCount, spn, resp_hash_hex, qop);
+  Curl_safefree(spn);
+  if(!response)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Base64 encode the response */
+  result = Curl_base64_encode(data, response, 0, outptr, outlen);
+
+  Curl_safefree(response);
+
+  return result;
+}
+#endif  /* !USE_WINDOWS_SSPI */
+
+#endif  /* CURL_DISABLE_CRYPTO_AUTH */
+
+#ifdef USE_NTLM
+/*
+ * Curl_sasl_create_ntlm_type1_message()
+ *
+ * This is used to generate an already encoded NTLM type-1 message ready for
+ * sending to the recipient.
+ *
+ * Note: This is a simple wrapper of the NTLM function which means that any
+ * SASL based protocols don't have to include the NTLM functions directly.
+ *
+ * Parameters:
+ *
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr, size_t *outlen)
+{
+  return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr, outlen);
+}
+
+/*
+ * Curl_sasl_decode_ntlm_type2_message()
+ *
+ * This is used to decode an already encoded NTLM type-2 message.
+ *
+ * Parameters:
+ *
+ * data     [in]     - Pointer to session handle.
+ * type2msg [in]     - Pointer to the base64 encoded type-2 message.
+ * ntlm     [in/out] - The ntlm data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
+                                             const char *type2msg,
+                                             struct ntlmdata *ntlm)
+{
+#ifdef USE_NSS
+  CURLcode result;
+
+  /* make sure the crypto backend is initialized */
+  result = Curl_nss_force_init(data);
+  if(result)
+    return result;
+#endif
+
+  return Curl_ntlm_decode_type2_message(data, type2msg, ntlm);
+}
+
+/*
+ * Curl_sasl_create_ntlm_type3_message()
+ *
+ * This is used to generate an already encoded NTLM type-3 message ready for
+ * sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - Pointer to session handle.
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
+                                             const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr, size_t *outlen)
+{
+  return Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm, outptr,
+                                        outlen);
+}
+#endif /* USE_NTLM */
+
+/*
+ * Curl_sasl_create_xoauth2_message()
+ *
+ * This is used to generate an already encoded OAuth 2.0 message ready for
+ * sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * user    [in]     - The user name.
+ * bearer  [in]     - The bearer token.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
+                                          const char *user,
+                                          const char *bearer,
+                                          char **outptr, size_t *outlen)
+{
+  CURLcode result = CURLE_OK;
+  char *xoauth = NULL;
+
+  /* Generate the message */
+  xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
+  if(!xoauth)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Base64 encode the reply */
+  result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen);
+
+  Curl_safefree(xoauth);
+
+  return result;
+}
+
+/*
+ * Curl_sasl_cleanup()
+ *
+ * This is used to cleanup any libraries or curl modules used by the sasl
+ * functions.
+ *
+ * Parameters:
+ *
+ * conn     [in]     - Pointer to the connection data.
+ * authused [in]     - The authentication mechanism used.
+ */
+void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
+{
+#if defined(USE_WINDOWS_SSPI)
+  /* Cleanup the gssapi structure */
+  if(authused == SASL_MECH_GSSAPI) {
+    Curl_sasl_gssapi_cleanup(&conn->krb5);
+  }
+#ifdef USE_NTLM
+  /* Cleanup the ntlm structure */
+  else if(authused == SASL_MECH_NTLM) {
+    Curl_ntlm_sspi_cleanup(&conn->ntlm);
+  }
+#endif
+#else
+  /* Reserved for future use */
+  (void)conn;
+  (void)authused;
+#endif
+}
diff --git a/Utilities/cmcurl/lib/curl_sasl.h b/Utilities/cmcurl/lib/curl_sasl.h
new file mode 100644
index 0000000..e56fa1a
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_sasl.h
@@ -0,0 +1,158 @@
+#ifndef HEADER_CURL_SASL_H
+#define HEADER_CURL_SASL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include <curl/curl.h>
+
+struct SessionHandle;
+struct connectdata;
+struct ntlmdata;
+
+#if defined(USE_WINDOWS_SSPI)
+struct kerberos5data;
+#endif
+
+/* Authentication mechanism values */
+#define SASL_AUTH_NONE          0
+#define SASL_AUTH_ANY           ~0U
+
+/* Authentication mechanism flags */
+#define SASL_MECH_LOGIN             (1 << 0)
+#define SASL_MECH_PLAIN             (1 << 1)
+#define SASL_MECH_CRAM_MD5          (1 << 2)
+#define SASL_MECH_DIGEST_MD5        (1 << 3)
+#define SASL_MECH_GSSAPI            (1 << 4)
+#define SASL_MECH_EXTERNAL          (1 << 5)
+#define SASL_MECH_NTLM              (1 << 6)
+#define SASL_MECH_XOAUTH2           (1 << 7)
+
+/* Authentication mechanism strings */
+#define SASL_MECH_STRING_LOGIN      "LOGIN"
+#define SASL_MECH_STRING_PLAIN      "PLAIN"
+#define SASL_MECH_STRING_CRAM_MD5   "CRAM-MD5"
+#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
+#define SASL_MECH_STRING_GSSAPI     "GSSAPI"
+#define SASL_MECH_STRING_EXTERNAL   "EXTERNAL"
+#define SASL_MECH_STRING_NTLM       "NTLM"
+#define SASL_MECH_STRING_XOAUTH2    "XOAUTH2"
+
+/* This is used to test whether the line starts with the given mechanism */
+#define sasl_mech_equal(line, wordlen, mech) \
+  (wordlen == (sizeof(mech) - 1) / sizeof(char) && \
+   !memcmp(line, mech, wordlen))
+
+/* This is used to build a SPN string */
+#if !defined(USE_WINDOWS_SSPI)
+char *Curl_sasl_build_spn(const char *service, const char *instance);
+#else
+TCHAR *Curl_sasl_build_spn(const char *service, const char *instance);
+#endif
+
+/* This is used to generate a base64 encoded PLAIN authentication message */
+CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
+                                        const char *userp,
+                                        const char *passwdp,
+                                        char **outptr, size_t *outlen);
+
+/* This is used to generate a base64 encoded LOGIN authentication message
+   containing either the user name or password details */
+CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
+                                        const char *valuep, char **outptr,
+                                        size_t *outlen);
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* This is used to decode a base64 encoded CRAM-MD5 challange message */
+CURLcode Curl_sasl_decode_cram_md5_message(const char *chlg64, char **outptr,
+                                           size_t *outlen);
+
+/* This is used to generate a base64 encoded CRAM-MD5 response message */
+CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
+                                           const char *chlg,
+                                           const char *user,
+                                           const char *passwdp,
+                                           char **outptr, size_t *outlen);
+
+/* This is used to generate a base64 encoded DIGEST-MD5 response message */
+CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
+                                             const char *chlg64,
+                                             const char *userp,
+                                             const char *passwdp,
+                                             const char *service,
+                                             char **outptr, size_t *outlen);
+#endif
+
+#ifdef USE_NTLM
+/* This is used to generate a base64 encoded NTLM type-1 message */
+CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr,
+                                             size_t *outlen);
+
+/* This is used to decode a base64 encoded NTLM type-2 message */
+CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
+                                             const char *type2msg,
+                                             struct ntlmdata *ntlm);
+
+/* This is used to generate a base64 encoded NTLM type-3 message */
+CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
+                                             const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr, size_t *outlen);
+
+#endif /* USE_NTLM */
+
+#if defined(USE_WINDOWS_SSPI)
+/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token
+   message */
+CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
+                                              const char *userp,
+                                              const char *passwdp,
+                                              const char *service,
+                                              const bool mutual,
+                                              const char *chlg64,
+                                              struct kerberos5data *krb5,
+                                              char **outptr, size_t *outlen);
+
+/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security
+   token message */
+CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
+                                                  const char *input,
+                                                  struct kerberos5data *krb5,
+                                                  char **outptr,
+                                                  size_t *outlen);
+#endif
+
+/* This is used to generate a base64 encoded XOAUTH2 authentication message
+   containing the user name and bearer token */
+CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
+                                          const char *user,
+                                          const char *bearer,
+                                          char **outptr, size_t *outlen);
+
+/* This is used to cleanup any libraries or curl modules used by the sasl
+   functions */
+void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused);
+
+#endif /* HEADER_CURL_SASL_H */
diff --git a/Utilities/cmcurl/lib/curl_sasl_sspi.c b/Utilities/cmcurl/lib/curl_sasl_sspi.c
new file mode 100644
index 0000000..df4da96
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_sasl_sspi.c
@@ -0,0 +1,696 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2014, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC2831 DIGEST-MD5 authentication
+ * RFC4422 Simple Authentication and Security Layer (SASL)
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_WINDOWS_SSPI)
+
+#include <curl/curl.h>
+
+#include "curl_sasl.h"
+#include "urldata.h"
+#include "curl_base64.h"
+#include "warnless.h"
+#include "curl_memory.h"
+#include "curl_multibyte.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
+
+/*
+ * Curl_sasl_build_spn()
+ *
+ * This is used to build a SPN string in the format service/host.
+ *
+ * Parameters:
+ *
+ * serivce  [in] - The service type such as www, smtp, pop or imap.
+ * instance [in] - The instance name such as the host nme or realm.
+ *
+ * Returns a pointer to the newly allocated SPN.
+ */
+TCHAR *Curl_sasl_build_spn(const char *service, const char *host)
+{
+  char *utf8_spn = NULL;
+  TCHAR *tchar_spn = NULL;
+
+  /* Note: We could use DsMakeSPN() or DsClientMakeSpnForTargetServer() rather
+     than doing this ourselves but the first is only available in Windows XP
+     and Windows Server 2003 and the latter is only available in Windows 2000
+     but not Windows95/98/ME or Windows NT4.0 unless the Active Directory
+     Client Extensions are installed. As such it is far simpler for us to
+     formulate the SPN instead. */
+
+  /* Allocate our UTF8 based SPN */
+  utf8_spn = aprintf("%s/%s", service, host);
+  if(!utf8_spn) {
+    return NULL;
+  }
+
+  /* Allocate our TCHAR based SPN */
+  tchar_spn = Curl_convert_UTF8_to_tchar(utf8_spn);
+  if(!tchar_spn) {
+    Curl_safefree(utf8_spn);
+
+    return NULL;
+  }
+
+  /* Release the UTF8 variant when operating with Unicode */
+  if(utf8_spn != tchar_spn)
+    Curl_safefree(utf8_spn);
+
+  /* Return our newly allocated SPN */
+  return tchar_spn;
+}
+
+#if !defined(CURL_DISABLE_CRYPTO_AUTH)
+/*
+ * Curl_sasl_create_digest_md5_message()
+ *
+ * This is used to generate an already encoded DIGEST-MD5 response message
+ * ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * chlg64  [in]     - Pointer to the base64 encoded challenge message.
+ * userp   [in]     - The user name.
+ * passdwp [in]     - The user's password.
+ * service [in]     - The service type such as www, smtp, pop or imap.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
+                                             const char *chlg64,
+                                             const char *userp,
+                                             const char *passwdp,
+                                             const char *service,
+                                             char **outptr, size_t *outlen)
+{
+  CURLcode result = CURLE_OK;
+  TCHAR *spn = NULL;
+  size_t chlglen = 0;
+  size_t resp_max = 0;
+  unsigned char *chlg = NULL;
+  unsigned char *resp = NULL;
+  CredHandle handle;
+  CtxtHandle ctx;
+  PSecPkgInfo SecurityPackage;
+  SEC_WINNT_AUTH_IDENTITY identity;
+  SecBuffer chlg_buf;
+  SecBuffer resp_buf;
+  SecBufferDesc chlg_desc;
+  SecBufferDesc resp_desc;
+  SECURITY_STATUS status;
+  unsigned long attrs;
+  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
+
+  /* Decode the base-64 encoded challenge message */
+  if(strlen(chlg64) && *chlg64 != '=') {
+    result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+    if(result)
+      return result;
+  }
+
+  /* Ensure we have a valid challenge message */
+  if(!chlg)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* Ensure we have some login credientials as DigestSSP cannot use the current
+     Windows user like NTLMSSP can */
+  if(!userp || !*userp) {
+    Curl_safefree(chlg);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Query the security package for DigestSSP */
+  status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT("WDigest"),
+                                              &SecurityPackage);
+  if(status != SEC_E_OK) {
+    Curl_safefree(chlg);
+
+    return CURLE_NOT_BUILT_IN;
+  }
+
+  resp_max = SecurityPackage->cbMaxToken;
+
+  /* Release the package buffer as it is not required anymore */
+  s_pSecFn->FreeContextBuffer(SecurityPackage);
+
+  /* Allocate our response buffer */
+  resp = malloc(resp_max);
+  if(!resp) {
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Generate our SPN */
+  spn = Curl_sasl_build_spn(service, data->easy_conn->host.name);
+  if(!spn) {
+    Curl_safefree(resp);
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Populate our identity structure */
+  result = Curl_create_sspi_identity(userp, passwdp, &identity);
+  if(result) {
+    Curl_safefree(spn);
+    Curl_safefree(resp);
+    Curl_safefree(chlg);
+
+    return result;
+  }
+
+  /* Acquire our credientials handle */
+  status = s_pSecFn->AcquireCredentialsHandle(NULL,
+                                              (TCHAR *) TEXT("WDigest"),
+                                              SECPKG_CRED_OUTBOUND, NULL,
+                                              &identity, NULL, NULL,
+                                              &handle, &tsDummy);
+
+  if(status != SEC_E_OK) {
+    Curl_sspi_free_identity(&identity);
+    Curl_safefree(spn);
+    Curl_safefree(resp);
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Setup the challenge "input" security buffer */
+  chlg_desc.ulVersion = SECBUFFER_VERSION;
+  chlg_desc.cBuffers  = 1;
+  chlg_desc.pBuffers  = &chlg_buf;
+  chlg_buf.BufferType = SECBUFFER_TOKEN;
+  chlg_buf.pvBuffer   = chlg;
+  chlg_buf.cbBuffer   = curlx_uztoul(chlglen);
+
+  /* Setup the response "output" security buffer */
+  resp_desc.ulVersion = SECBUFFER_VERSION;
+  resp_desc.cBuffers  = 1;
+  resp_desc.pBuffers  = &resp_buf;
+  resp_buf.BufferType = SECBUFFER_TOKEN;
+  resp_buf.pvBuffer   = resp;
+  resp_buf.cbBuffer   = curlx_uztoul(resp_max);
+
+  /* Generate our challenge-response message */
+  status = s_pSecFn->InitializeSecurityContext(&handle, NULL, spn, 0, 0, 0,
+                                               &chlg_desc, 0, &ctx,
+                                               &resp_desc, &attrs, &tsDummy);
+
+  if(status == SEC_I_COMPLETE_AND_CONTINUE ||
+     status == SEC_I_CONTINUE_NEEDED)
+    s_pSecFn->CompleteAuthToken(&handle, &resp_desc);
+  else if(status != SEC_E_OK) {
+    s_pSecFn->FreeCredentialsHandle(&handle);
+    Curl_sspi_free_identity(&identity);
+    Curl_safefree(spn);
+    Curl_safefree(resp);
+    Curl_safefree(chlg);
+
+    return CURLE_RECV_ERROR;
+  }
+
+  /* Base64 encode the response */
+  result = Curl_base64_encode(data, (char *)resp, resp_buf.cbBuffer, outptr,
+                              outlen);
+
+  /* Free our handles */
+  s_pSecFn->DeleteSecurityContext(&ctx);
+  s_pSecFn->FreeCredentialsHandle(&handle);
+
+  /* Free the identity structure */
+  Curl_sspi_free_identity(&identity);
+
+  /* Free the SPN */
+  Curl_safefree(spn);
+
+  /* Free the response buffer */
+  Curl_safefree(resp);
+
+  /* Free the decoeded challenge message */
+  Curl_safefree(chlg);
+
+  return result;
+}
+
+#endif /* !CURL_DISABLE_CRYPTO_AUTH */
+
+/*
+ * Curl_sasl_create_gssapi_user_message()
+ *
+ * This is used to generate an already encoded GSSAPI (Kerberos V5) user token
+ * message ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data        [in]     - The session handle.
+ * userp       [in]     - The user name.
+ * passdwp     [in]     - The user's password.
+ * service     [in]     - The service type such as www, smtp, pop or imap.
+ * mutual_auth [in]     - Flag specifing whether or not mutual authentication
+ *                        is enabled.
+ * chlg64      [in]     - Pointer to the optional base64 encoded challenge
+ *                        message.
+ * krb5        [in/out] - The gssapi data struct being used and modified.
+ * outptr      [in/out] - The address where a pointer to newly allocated memory
+ *                        holding the result will be stored upon completion.
+ * outlen      [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
+                                              const char *userp,
+                                              const char *passwdp,
+                                              const char *service,
+                                              const bool mutual_auth,
+                                              const char *chlg64,
+                                              struct kerberos5data *krb5,
+                                              char **outptr, size_t *outlen)
+{
+  CURLcode result = CURLE_OK;
+  size_t chlglen = 0;
+  unsigned char *chlg = NULL;
+  CtxtHandle context;
+  PSecPkgInfo SecurityPackage;
+  SecBuffer chlg_buf;
+  SecBuffer resp_buf;
+  SecBufferDesc chlg_desc;
+  SecBufferDesc resp_desc;
+  SECURITY_STATUS status;
+  unsigned long attrs;
+  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
+
+  if(!krb5->credentials) {
+    /* Query the security package for Kerberos */
+    status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT("Kerberos"),
+                                                &SecurityPackage);
+    if(status != SEC_E_OK) {
+      return CURLE_NOT_BUILT_IN;
+    }
+
+    krb5->token_max = SecurityPackage->cbMaxToken;
+
+    /* Release the package buffer as it is not required anymore */
+    s_pSecFn->FreeContextBuffer(SecurityPackage);
+
+    /* Generate our SPN */
+    krb5->spn = Curl_sasl_build_spn(service, data->easy_conn->host.name);
+    if(!krb5->spn)
+      return CURLE_OUT_OF_MEMORY;
+
+    if(userp && *userp) {
+      /* Populate our identity structure */
+      result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity);
+      if(result)
+        return result;
+
+      /* Allow proper cleanup of the identity structure */
+      krb5->p_identity = &krb5->identity;
+
+      /* Allocate our response buffer */
+      krb5->output_token = malloc(krb5->token_max);
+      if(!krb5->output_token)
+        return CURLE_OUT_OF_MEMORY;
+    }
+    else
+      /* Use the current Windows user */
+      krb5->p_identity = NULL;
+
+    /* Allocate our credentials handle */
+    krb5->credentials = malloc(sizeof(CredHandle));
+    if(!krb5->credentials)
+      return CURLE_OUT_OF_MEMORY;
+
+    memset(krb5->credentials, 0, sizeof(CredHandle));
+
+    /* Acquire our credientials handle */
+    status = s_pSecFn->AcquireCredentialsHandle(NULL,
+                                                (TCHAR *) TEXT("Kerberos"),
+                                                SECPKG_CRED_OUTBOUND, NULL,
+                                                krb5->p_identity, NULL, NULL,
+                                                krb5->credentials, &tsDummy);
+    if(status != SEC_E_OK)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* Allocate our new context handle */
+    krb5->context = malloc(sizeof(CtxtHandle));
+    if(!krb5->context)
+      return CURLE_OUT_OF_MEMORY;
+
+    memset(krb5->context, 0, sizeof(CtxtHandle));
+  }
+  else {
+    /* Decode the base-64 encoded challenge message */
+    if(strlen(chlg64) && *chlg64 != '=') {
+      result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+      if(result)
+        return result;
+    }
+
+    /* Ensure we have a valid challenge message */
+    if(!chlg)
+      return CURLE_BAD_CONTENT_ENCODING;
+
+    /* Setup the challenge "input" security buffer */
+    chlg_desc.ulVersion = SECBUFFER_VERSION;
+    chlg_desc.cBuffers  = 1;
+    chlg_desc.pBuffers  = &chlg_buf;
+    chlg_buf.BufferType = SECBUFFER_TOKEN;
+    chlg_buf.pvBuffer   = chlg;
+    chlg_buf.cbBuffer   = curlx_uztoul(chlglen);
+  }
+
+  /* Setup the response "output" security buffer */
+  resp_desc.ulVersion = SECBUFFER_VERSION;
+  resp_desc.cBuffers  = 1;
+  resp_desc.pBuffers  = &resp_buf;
+  resp_buf.BufferType = SECBUFFER_TOKEN;
+  resp_buf.pvBuffer   = krb5->output_token;
+  resp_buf.cbBuffer   = curlx_uztoul(krb5->token_max);
+
+  /* Generate our challenge-response message */
+  status = s_pSecFn->InitializeSecurityContext(krb5->credentials,
+                                               chlg ? krb5->context : NULL,
+                                               krb5->spn,
+                                               (mutual_auth ?
+                                                 ISC_REQ_MUTUAL_AUTH : 0),
+                                               0, SECURITY_NATIVE_DREP,
+                                               chlg ? &chlg_desc : NULL, 0,
+                                               &context,
+                                               &resp_desc, &attrs,
+                                               &tsDummy);
+
+  if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
+    Curl_safefree(chlg);
+
+    return CURLE_RECV_ERROR;
+  }
+
+  if(memcmp(&context, krb5->context, sizeof(context))) {
+    s_pSecFn->DeleteSecurityContext(krb5->context);
+
+    memcpy(krb5->context, &context, sizeof(context));
+  }
+
+  if(resp_buf.cbBuffer) {
+    /* Base64 encode the response */
+    result = Curl_base64_encode(data, (char *)resp_buf.pvBuffer,
+                                resp_buf.cbBuffer, outptr, outlen);
+  }
+
+  /* Free the decoded challenge */
+  Curl_safefree(chlg);
+
+  return result;
+}
+
+/*
+ * Curl_sasl_create_gssapi_security_message()
+ *
+ * This is used to generate an already encoded GSSAPI (Kerberos V5) security
+ * token message ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * chlg64  [in]     - Pointer to the optional base64 encoded challenge message.
+ * krb5    [in/out] - The gssapi data struct being used and modified.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
+                                                  const char *chlg64,
+                                                  struct kerberos5data *krb5,
+                                                  char **outptr,
+                                                  size_t *outlen)
+{
+  CURLcode result = CURLE_OK;
+  size_t offset = 0;
+  size_t chlglen = 0;
+  size_t messagelen = 0;
+  size_t appdatalen = 0;
+  unsigned char *chlg = NULL;
+  unsigned char *trailer = NULL;
+  unsigned char *message = NULL;
+  unsigned char *padding = NULL;
+  unsigned char *appdata = NULL;
+  SecBuffer input_buf[2];
+  SecBuffer wrap_buf[3];
+  SecBufferDesc input_desc;
+  SecBufferDesc wrap_desc;
+  unsigned long indata = 0;
+  unsigned long outdata = 0;
+  unsigned long qop = 0;
+  unsigned long sec_layer = 0;
+  unsigned long max_size = 0;
+  SecPkgContext_Sizes sizes;
+  SecPkgCredentials_Names names;
+  SECURITY_STATUS status;
+
+  /* TODO: Verify the unicodeness of this function */
+
+  /* Decode the base-64 encoded input message */
+  if(strlen(chlg64) && *chlg64 != '=') {
+    result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+    if(result)
+      return result;
+  }
+
+  /* Ensure we have a valid challenge message */
+  if(!chlg)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* Get our response size information */
+  status = s_pSecFn->QueryContextAttributes(krb5->context,
+                                            SECPKG_ATTR_SIZES,
+                                            &sizes);
+  if(status != SEC_E_OK) {
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Get the fully qualified username back from the context */
+  status = s_pSecFn->QueryCredentialsAttributes(krb5->credentials,
+                                                SECPKG_CRED_ATTR_NAMES,
+                                                &names);
+  if(status != SEC_E_OK) {
+    Curl_safefree(chlg);
+
+    return CURLE_RECV_ERROR;
+  }
+
+  /* Setup the "input" security buffer */
+  input_desc.ulVersion = SECBUFFER_VERSION;
+  input_desc.cBuffers = 2;
+  input_desc.pBuffers = input_buf;
+  input_buf[0].BufferType = SECBUFFER_STREAM;
+  input_buf[0].pvBuffer = chlg;
+  input_buf[0].cbBuffer = curlx_uztoul(chlglen);
+  input_buf[1].BufferType = SECBUFFER_DATA;
+  input_buf[1].pvBuffer = NULL;
+  input_buf[1].cbBuffer = 0;
+
+  /* Decrypt in the inbound challenge obtaining the qop */
+  status = s_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop);
+  if(status != SEC_E_OK) {
+    Curl_safefree(chlg);
+
+    return CURLE_BAD_CONTENT_ENCODING;
+  }
+
+  /* Not 4 octets long to fail as per RFC4752 Section 3.1 */
+  if(input_buf[1].cbBuffer != 4) {
+    Curl_safefree(chlg);
+
+    return CURLE_BAD_CONTENT_ENCODING;
+  }
+
+  /* Copy the data out into a coinput_bufnvenient variable and free the SSPI
+     allocated buffer as it is not required anymore */
+  memcpy(&indata, input_buf[1].pvBuffer, 4);
+  s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer);
+
+  /* Extract the security layer */
+  sec_layer = indata & 0x000000FF;
+  if(!(sec_layer & KERB_WRAP_NO_ENCRYPT)) {
+    Curl_safefree(chlg);
+
+    return CURLE_BAD_CONTENT_ENCODING;
+  }
+
+  /* Extract the maximum message size the server can receive */
+  max_size = ntohl(indata & 0xFFFFFF00);
+  if(max_size > 0) {
+    /* The server has told us it supports a maximum receive buffer, however, as
+       we don't require one unless we are encrypting data we, tell the server
+       our receive buffer is zero. */
+    max_size = 0;
+  }
+
+  outdata = htonl(max_size) | sec_layer;
+
+  /* Allocate the trailer */
+  trailer = malloc(sizes.cbSecurityTrailer);
+  if(!trailer) {
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Allocate our message */
+  messagelen = 4 + strlen(names.sUserName) + 1;
+  message = malloc(messagelen);
+  if(!message) {
+    Curl_safefree(trailer);
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Populate the message with the security layer, client supported receive
+     message size and authorization identity including the 0x00 based
+     terminator. Note: Dispite RFC4752 Section 3.1 stating "The authorization
+     identity is not terminated with the zero-valued (%x00) octet." it seems
+     necessary to include it. */
+  memcpy(message, &outdata, 4);
+  strcpy((char *)message + 4, names.sUserName);
+
+  /* Allocate the padding */
+  padding = malloc(sizes.cbBlockSize);
+  if(!padding) {
+    Curl_safefree(message);
+    Curl_safefree(trailer);
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Setup the "authentication data" security buffer */
+  wrap_desc.ulVersion    = SECBUFFER_VERSION;
+  wrap_desc.cBuffers     = 3;
+  wrap_desc.pBuffers     = wrap_buf;
+  wrap_buf[0].BufferType = SECBUFFER_TOKEN;
+  wrap_buf[0].pvBuffer   = trailer;
+  wrap_buf[0].cbBuffer   = sizes.cbSecurityTrailer;
+  wrap_buf[1].BufferType = SECBUFFER_DATA;
+  wrap_buf[1].pvBuffer   = message;
+  wrap_buf[1].cbBuffer   = curlx_uztoul(messagelen);
+  wrap_buf[2].BufferType = SECBUFFER_PADDING;
+  wrap_buf[2].pvBuffer   = padding;
+  wrap_buf[2].cbBuffer   = sizes.cbBlockSize;
+
+  /* Encrypt the data */
+  status = s_pSecFn->EncryptMessage(krb5->context, KERB_WRAP_NO_ENCRYPT,
+                                    &wrap_desc, 0);
+  if(status != SEC_E_OK) {
+    Curl_safefree(padding);
+    Curl_safefree(message);
+    Curl_safefree(trailer);
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Allocate the encryption (wrap) buffer */
+  appdatalen = wrap_buf[0].cbBuffer + wrap_buf[1].cbBuffer +
+               wrap_buf[2].cbBuffer;
+  appdata = malloc(appdatalen);
+  if(!appdata) {
+    Curl_safefree(padding);
+    Curl_safefree(message);
+    Curl_safefree(trailer);
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Populate the encryption buffer */
+  memcpy(appdata, wrap_buf[0].pvBuffer, wrap_buf[0].cbBuffer);
+  offset += wrap_buf[0].cbBuffer;
+  memcpy(appdata + offset, wrap_buf[1].pvBuffer, wrap_buf[1].cbBuffer);
+  offset += wrap_buf[1].cbBuffer;
+  memcpy(appdata + offset, wrap_buf[2].pvBuffer, wrap_buf[2].cbBuffer);
+
+  /* Base64 encode the response */
+  result = Curl_base64_encode(data, (char *)appdata, appdatalen, outptr,
+                              outlen);
+
+  /* Free all of our local buffers */
+  Curl_safefree(appdata);
+  Curl_safefree(padding);
+  Curl_safefree(message);
+  Curl_safefree(trailer);
+  Curl_safefree(chlg);
+
+  return result;
+}
+
+void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5)
+{
+  /* Free  the context */
+  if(krb5->context) {
+    s_pSecFn->DeleteSecurityContext(krb5->context);
+    free(krb5->context);
+    krb5->context = NULL;
+  }
+
+  /* Free the credientials handle */
+  if(krb5->credentials) {
+    s_pSecFn->FreeCredentialsHandle(krb5->credentials);
+    free(krb5->credentials);
+    krb5->credentials = NULL;
+  }
+
+  /* Free our identity */
+  Curl_sspi_free_identity(krb5->p_identity);
+  krb5->p_identity = NULL;
+
+  /* Free the SPN and output token */
+  Curl_safefree(krb5->spn);
+  Curl_safefree(krb5->output_token);
+
+  /* Reset any variables */
+  krb5->token_max = 0;
+}
+
+#endif /* USE_WINDOWS_SSPI */
diff --git a/Utilities/cmcurl/krb4.h b/Utilities/cmcurl/lib/curl_sec.h
index f46416e..82151e9 100644
--- a/Utilities/cmcurl/krb4.h
+++ b/Utilities/cmcurl/lib/curl_sec.h
@@ -1,5 +1,5 @@
-#ifndef __KRB4_H
-#define __KRB4_H
+#ifndef HEADER_CURL_SECURITY_H
+#define HEADER_CURL_SECURITY_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 struct Curl_sec_client_mech {
@@ -31,40 +30,22 @@ struct Curl_sec_client_mech {
   void (*end)(void *);
   int (*check_prot)(void *, int);
   int (*overhead)(void *, int, int);
-  int (*encode)(void *, void*, int, int, void**, struct connectdata *);
+  int (*encode)(void *, const void*, int, int, void**, struct connectdata *);
   int (*decode)(void *, void*, int, int, struct connectdata *);
 };
 
-
 #define AUTH_OK         0
 #define AUTH_CONTINUE   1
 #define AUTH_ERROR      2
 
-extern struct Curl_sec_client_mech Curl_krb4_client_mech;
-
-CURLcode Curl_krb_kauth(struct connectdata *conn);
-int Curl_sec_fflush_fd(struct connectdata *conn, int fd);
-int Curl_sec_fprintf (struct connectdata *, FILE *, const char *, ...);
-int Curl_sec_getc (struct connectdata *conn, FILE *);
-int Curl_sec_putc (struct connectdata *conn, int, FILE *);
-int Curl_sec_read (struct connectdata *conn, int, void *, int);
-int Curl_sec_read_msg (struct connectdata *conn, char *, int);
-
-int Curl_sec_vfprintf(struct connectdata *, FILE *, const char *, va_list);
-int Curl_sec_fprintf2(struct connectdata *conn, FILE *f, const char *fmt, ...);
-int Curl_sec_vfprintf2(struct connectdata *conn, FILE *, const char *, va_list);
-ssize_t Curl_sec_send(struct connectdata *conn, int, char *, int);
-int Curl_sec_write(struct connectdata *conn, int, char *, int);
-
+#ifdef HAVE_GSSAPI
+int Curl_sec_read_msg (struct connectdata *conn, char *,
+                       enum protection_level);
 void Curl_sec_end (struct connectdata *);
-int Curl_sec_login (struct connectdata *);
-void Curl_sec_prot (int, char **);
+CURLcode Curl_sec_login (struct connectdata *);
 int Curl_sec_request_prot (struct connectdata *conn, const char *level);
-void Curl_sec_set_protection_level(struct connectdata *conn);
-void Curl_sec_status (void);
-
-enum protection_level Curl_set_command_prot(struct connectdata *,
-                                            enum protection_level);
-
 
+extern struct Curl_sec_client_mech Curl_krb5_client_mech;
 #endif
+
+#endif /* HEADER_CURL_SECURITY_H */
diff --git a/Utilities/cmcurl/lib/curl_setup.h b/Utilities/cmcurl/lib/curl_setup.h
new file mode 100644
index 0000000..9cc5758
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_setup.h
@@ -0,0 +1,708 @@
+#ifndef HEADER_CURL_SETUP_H
+#define HEADER_CURL_SETUP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Define WIN32 when build target is Win32 API
+ */
+
+#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) && \
+    !defined(__SYMBIAN32__)
+#define WIN32
+#endif
+
+/*
+ * Include configuration script results or hand-crafted
+ * configuration file for platforms which lack config tool.
+ */
+
+#ifdef HAVE_CONFIG_H
+
+#include "curl_config.h"
+
+#else /* HAVE_CONFIG_H */
+
+#ifdef _WIN32_WCE
+#  include "config-win32ce.h"
+#else
+#  ifdef WIN32
+#    include "config-win32.h"
+#  endif
+#endif
+
+#if defined(macintosh) && defined(__MRC__)
+#  include "config-mac.h"
+#endif
+
+#ifdef __riscos__
+#  include "config-riscos.h"
+#endif
+
+#ifdef __AMIGA__
+#  include "config-amigaos.h"
+#endif
+
+#ifdef __SYMBIAN32__
+#  include "config-symbian.h"
+#endif
+
+#ifdef __OS400__
+#  include "config-os400.h"
+#endif
+
+#ifdef TPF
+#  include "config-tpf.h"
+#endif
+
+#ifdef __VXWORKS__
+#  include "config-vxworks.h"
+#endif
+
+#endif /* HAVE_CONFIG_H */
+
+#if defined(_MSC_VER)
+# pragma warning(push,1)
+#endif
+
+/* ================================================================ */
+/* Definition of preprocessor macros/symbols which modify compiler  */
+/* behavior or generated code characteristics must be done here,   */
+/* as appropriate, before any system header file is included. It is */
+/* also possible to have them defined in the config file included   */
+/* before this point. As a result of all this we frown inclusion of */
+/* system header files in our config files, avoid this at any cost. */
+/* ================================================================ */
+
+/*
+ * AIX 4.3 and newer needs _THREAD_SAFE defined to build
+ * proper reentrant code. Others may also need it.
+ */
+
+#ifdef NEED_THREAD_SAFE
+#  ifndef _THREAD_SAFE
+#    define _THREAD_SAFE
+#  endif
+#endif
+
+/*
+ * Tru64 needs _REENTRANT set for a few function prototypes and
+ * things to appear in the system header files. Unixware needs it
+ * to build proper reentrant code. Others may also need it.
+ */
+
+#ifdef NEED_REENTRANT
+#  ifndef _REENTRANT
+#    define _REENTRANT
+#  endif
+#endif
+
+/* Solaris needs this to get a POSIX-conformant getpwuid_r */
+#if defined(sun) || defined(__sun)
+#  ifndef _POSIX_PTHREAD_SEMANTICS
+#    define _POSIX_PTHREAD_SEMANTICS 1
+#  endif
+#endif
+
+/* ================================================================ */
+/*  If you need to include a system header file for your platform,  */
+/*  please, do it beyond the point further indicated in this file.  */
+/* ================================================================ */
+
+/*
+ * libcurl's external interface definitions are also used internally,
+ * and might also include required system header files to define them.
+ */
+
+#include <curl/curlbuild.h>
+
+/*
+ * Compile time sanity checks must also be done when building the library.
+ */
+
+#include <curl/curlrules.h>
+
+/*
+ * Ensure that no one is using the old SIZEOF_CURL_OFF_T macro
+ */
+
+#ifdef SIZEOF_CURL_OFF_T
+#  error "SIZEOF_CURL_OFF_T shall not be defined!"
+   Error Compilation_aborted_SIZEOF_CURL_OFF_T_shall_not_be_defined
+#endif
+
+/*
+ * Disable other protocols when http is the only one desired.
+ */
+
+#ifdef HTTP_ONLY
+#  ifndef CURL_DISABLE_TFTP
+#    define CURL_DISABLE_TFTP
+#  endif
+#  ifndef CURL_DISABLE_FTP
+#    define CURL_DISABLE_FTP
+#  endif
+#  ifndef CURL_DISABLE_LDAP
+#    define CURL_DISABLE_LDAP
+#  endif
+#  ifndef CURL_DISABLE_TELNET
+#    define CURL_DISABLE_TELNET
+#  endif
+#  ifndef CURL_DISABLE_DICT
+#    define CURL_DISABLE_DICT
+#  endif
+#  ifndef CURL_DISABLE_FILE
+#    define CURL_DISABLE_FILE
+#  endif
+#  ifndef CURL_DISABLE_RTSP
+#    define CURL_DISABLE_RTSP
+#  endif
+#  ifndef CURL_DISABLE_POP3
+#    define CURL_DISABLE_POP3
+#  endif
+#  ifndef CURL_DISABLE_IMAP
+#    define CURL_DISABLE_IMAP
+#  endif
+#  ifndef CURL_DISABLE_SMTP
+#    define CURL_DISABLE_SMTP
+#  endif
+#  ifndef CURL_DISABLE_RTSP
+#    define CURL_DISABLE_RTSP
+#  endif
+#  ifndef CURL_DISABLE_RTMP
+#    define CURL_DISABLE_RTMP
+#  endif
+#  ifndef CURL_DISABLE_GOPHER
+#    define CURL_DISABLE_GOPHER
+#  endif
+#endif
+
+/*
+ * When http is disabled rtsp is not supported.
+ */
+
+#if defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_RTSP)
+#  define CURL_DISABLE_RTSP
+#endif
+
+/* ================================================================ */
+/* No system header file shall be included in this file before this */
+/* point. The only allowed ones are those included from curlbuild.h */
+/* ================================================================ */
+
+/*
+ * OS/400 setup file includes some system headers.
+ */
+
+#ifdef __OS400__
+#  include "setup-os400.h"
+#endif
+
+/*
+ * VMS setup file includes some system headers.
+ */
+
+#ifdef __VMS
+#  include "setup-vms.h"
+#endif
+
+/*
+ * Include header files for windows builds before redefining anything.
+ * Use this preprocessor block only to include or exclude windows.h,
+ * winsock2.h, ws2tcpip.h or winsock.h. Any other windows thing belongs
+ * to any other further and independent block.  Under Cygwin things work
+ * just as under linux (e.g. <sys/socket.h>) and the winsock headers should
+ * never be included when __CYGWIN__ is defined.  configure script takes
+ * care of this, not defining HAVE_WINDOWS_H, HAVE_WINSOCK_H, HAVE_WINSOCK2_H,
+ * neither HAVE_WS2TCPIP_H when __CYGWIN__ is defined.
+ */
+
+#ifdef HAVE_WINDOWS_H
+#  if defined(UNICODE) && !defined(_UNICODE)
+#    define _UNICODE
+#  endif
+#  if defined(_UNICODE) && !defined(UNICODE)
+#    define UNICODE
+#  endif
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  ifdef HAVE_WINSOCK2_H
+#    include <winsock2.h>
+#    ifdef HAVE_WS2TCPIP_H
+#       include <ws2tcpip.h>
+#    endif
+#  else
+#    ifdef HAVE_WINSOCK_H
+#      include <winsock.h>
+#    endif
+#  endif
+#  include <tchar.h>
+#  ifdef UNICODE
+     typedef wchar_t *(*curl_wcsdup_callback)(const wchar_t *str);
+#  endif
+#endif
+
+/*
+ * Define USE_WINSOCK to 2 if we have and use WINSOCK2 API, else
+ * define USE_WINSOCK to 1 if we have and use WINSOCK  API, else
+ * undefine USE_WINSOCK.
+ */
+
+#undef USE_WINSOCK
+
+#ifdef HAVE_WINSOCK2_H
+#  define USE_WINSOCK 2
+#else
+#  ifdef HAVE_WINSOCK_H
+#    define USE_WINSOCK 1
+#  endif
+#endif
+
+#ifdef USE_LWIPSOCK
+#  include <lwip/init.h>
+#  include <lwip/sockets.h>
+#  include <lwip/netdb.h>
+#endif
+
+#ifdef HAVE_EXTRA_STRICMP_H
+#  include <extra/stricmp.h>
+#endif
+
+#ifdef HAVE_EXTRA_STRDUP_H
+#  include <extra/strdup.h>
+#endif
+
+#ifdef TPF
+#  include <strings.h>    /* for bzero, strcasecmp, and strncasecmp */
+#  include <string.h>     /* for strcpy and strlen */
+#  include <stdlib.h>     /* for rand and srand */
+#  include <sys/socket.h> /* for select and ioctl*/
+#  include <netdb.h>      /* for in_addr_t definition */
+#  include <tpf/sysapi.h> /* for tpf_process_signals */
+   /* change which select is used for libcurl */
+#  define select(a,b,c,d,e) tpf_select_libcurl(a,b,c,d,e)
+#endif
+
+#ifdef __VXWORKS__
+#  include <sockLib.h>    /* for generic BSD socket functions */
+#  include <ioLib.h>      /* for basic I/O interface functions */
+#endif
+
+#ifdef __AMIGA__
+#  ifndef __ixemul__
+#    include <exec/types.h>
+#    include <exec/execbase.h>
+#    include <proto/exec.h>
+#    include <proto/dos.h>
+#    define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0)
+#  endif
+#endif
+
+#include <stdio.h>
+#ifdef HAVE_ASSERT_H
+#include <assert.h>
+#endif
+
+#ifdef __TANDEM /* for nsr-tandem-nsk systems */
+#include <floss.h>
+#endif
+
+#ifndef STDC_HEADERS /* no standard C headers! */
+#include <curl/stdcheaders.h>
+#endif
+
+#ifdef __POCC__
+#  include <sys/types.h>
+#  include <unistd.h>
+#  define sys_nerr EILSEQ
+#endif
+
+/*
+ * Salford-C kludge section (mostly borrowed from wxWidgets).
+ */
+#ifdef __SALFORDC__
+  #pragma suppress 353             /* Possible nested comments */
+  #pragma suppress 593             /* Define not used */
+  #pragma suppress 61              /* enum has no name */
+  #pragma suppress 106             /* unnamed, unused parameter */
+  #include <clib.h>
+#endif
+
+/* Default Windows file API selection.  */
+#ifdef _WIN32
+# if defined(_MSC_VER) && (_INTEGRAL_MAX_BITS >= 64)
+#  define USE_WIN32_LARGE_FILES
+# elif defined(__MINGW32__)
+#  define USE_WIN32_LARGE_FILES
+# else
+#  define USE_WIN32_SMALL_FILES
+# endif
+#endif
+
+/*
+ * Large file (>2Gb) support using WIN32 functions.
+ */
+
+#ifdef USE_WIN32_LARGE_FILES
+#  include <io.h>
+#  include <sys/types.h>
+#  include <sys/stat.h>
+#  undef  lseek
+#  define lseek(fdes,offset,whence)  _lseeki64(fdes, offset, whence)
+#  undef  fstat
+#  define fstat(fdes,stp)            _fstati64(fdes, stp)
+#  undef  stat
+#  define stat(fname,stp)            _stati64(fname, stp)
+#  define struct_stat                struct _stati64
+#  define LSEEK_ERROR                (__int64)-1
+#endif
+
+/*
+ * Small file (<2Gb) support using WIN32 functions.
+ */
+
+#ifdef USE_WIN32_SMALL_FILES
+#  include <io.h>
+#  include <sys/types.h>
+#  include <sys/stat.h>
+#  ifndef _WIN32_WCE
+#    undef  lseek
+#    define lseek(fdes,offset,whence)  _lseek(fdes, (long)offset, whence)
+#    define fstat(fdes,stp)            _fstat(fdes, stp)
+#    define stat(fname,stp)            _stat(fname, stp)
+#    define struct_stat                struct _stat
+#  endif
+#  define LSEEK_ERROR                (long)-1
+#endif
+
+#ifndef struct_stat
+#  define struct_stat struct stat
+#endif
+
+#ifndef LSEEK_ERROR
+#  define LSEEK_ERROR (off_t)-1
+#endif
+
+/*
+ * Default sizeof(off_t) in case it hasn't been defined in config file.
+ */
+
+#ifndef SIZEOF_OFF_T
+#  if defined(__VMS) && !defined(__VAX)
+#    if defined(_LARGEFILE)
+#      define SIZEOF_OFF_T 8
+#    endif
+#  elif defined(__OS400__) && defined(__ILEC400__)
+#    if defined(_LARGE_FILES)
+#      define SIZEOF_OFF_T 8
+#    endif
+#  elif defined(__MVS__) && defined(__IBMC__)
+#    if defined(_LP64) || defined(_LARGE_FILES)
+#      define SIZEOF_OFF_T 8
+#    endif
+#  elif defined(__370__) && defined(__IBMC__)
+#    if defined(_LP64) || defined(_LARGE_FILES)
+#      define SIZEOF_OFF_T 8
+#    endif
+#  endif
+#  ifndef SIZEOF_OFF_T
+#    define SIZEOF_OFF_T 4
+#  endif
+#endif
+
+/*
+ * Arg 2 type for gethostname in case it hasn't been defined in config file.
+ */
+
+#ifndef GETHOSTNAME_TYPE_ARG2
+#  ifdef USE_WINSOCK
+#    define GETHOSTNAME_TYPE_ARG2 int
+#  else
+#    define GETHOSTNAME_TYPE_ARG2 size_t
+#  endif
+#endif
+
+/* Below we define some functions. They should
+
+   4. set the SIGALRM signal timeout
+   5. set dir/file naming defines
+   */
+
+#ifdef WIN32
+
+#  define DIR_CHAR      "\\"
+#  define DOT_CHAR      "_"
+
+#else /* WIN32 */
+
+#  ifdef MSDOS  /* Watt-32 */
+
+#    include <sys/ioctl.h>
+#    define select(n,r,w,x,t) select_s(n,r,w,x,t)
+#    define ioctl(x,y,z) ioctlsocket(x,y,(char *)(z))
+#    include <tcp.h>
+#    ifdef word
+#      undef word
+#    endif
+#    ifdef byte
+#      undef byte
+#    endif
+
+#  endif /* MSDOS */
+
+#  ifdef __minix
+     /* Minix 3 versions up to at least 3.1.3 are missing these prototypes */
+     extern char * strtok_r(char *s, const char *delim, char **last);
+     extern struct tm * gmtime_r(const time_t * const timep, struct tm *tmp);
+#  endif
+
+#  define DIR_CHAR      "/"
+#  ifndef DOT_CHAR
+#    define DOT_CHAR      "."
+#  endif
+
+#  ifdef MSDOS
+#    undef DOT_CHAR
+#    define DOT_CHAR      "_"
+#  endif
+
+#  ifndef fileno /* sunos 4 have this as a macro! */
+     int fileno( FILE *stream);
+#  endif
+
+#endif /* WIN32 */
+
+/*
+ * msvc 6.0 requires PSDK in order to have INET6_ADDRSTRLEN
+ * defined in ws2tcpip.h as well as to provide IPv6 support.
+ */
+
+#if defined(_MSC_VER) && !defined(__POCC__)
+#  if !defined(HAVE_WS2TCPIP_H) || \
+     ((_MSC_VER < 1300) && !defined(INET6_ADDRSTRLEN))
+#    undef HAVE_GETADDRINFO_THREADSAFE
+#    undef HAVE_FREEADDRINFO
+#    undef HAVE_GETADDRINFO
+#    undef HAVE_GETNAMEINFO
+#    undef ENABLE_IPV6
+#  endif
+#endif
+
+/* ---------------------------------------------------------------- */
+/*             resolver specialty compile-time defines              */
+/*         CURLRES_* defines to use in the host*.c sources          */
+/* ---------------------------------------------------------------- */
+
+/*
+ * lcc-win32 doesn't have _beginthreadex(), lacks threads support.
+ */
+
+#if defined(__LCC__) && defined(WIN32)
+#  undef USE_THREADS_POSIX
+#  undef USE_THREADS_WIN32
+#endif
+
+/*
+ * MSVC threads support requires a multi-threaded runtime library.
+ * _beginthreadex() is not available in single-threaded ones.
+ */
+
+#if defined(_MSC_VER) && !defined(__POCC__) && !defined(_MT)
+#  undef USE_THREADS_POSIX
+#  undef USE_THREADS_WIN32
+#endif
+
+/*
+ * Mutually exclusive CURLRES_* definitions.
+ */
+
+#ifdef USE_ARES
+#  define CURLRES_ASYNCH
+#  define CURLRES_ARES
+/* now undef the stock libc functions just to avoid them being used */
+#  undef HAVE_GETADDRINFO
+#  undef HAVE_GETHOSTBYNAME
+#elif defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
+#  define CURLRES_ASYNCH
+#  define CURLRES_THREADED
+#else
+#  define CURLRES_SYNCH
+#endif
+
+#ifdef ENABLE_IPV6
+#  define CURLRES_IPV6
+#else
+#  define CURLRES_IPV4
+#endif
+
+/* ---------------------------------------------------------------- */
+
+/*
+ * When using WINSOCK, TELNET protocol requires WINSOCK2 API.
+ */
+
+#if defined(USE_WINSOCK) && (USE_WINSOCK != 2)
+#  define CURL_DISABLE_TELNET 1
+#endif
+
+/*
+ * msvc 6.0 does not have struct sockaddr_storage and
+ * does not define IPPROTO_ESP in winsock2.h. But both
+ * are available if PSDK is properly installed.
+ */
+
+#if defined(_MSC_VER) && !defined(__POCC__)
+#  if !defined(HAVE_WINSOCK2_H) || ((_MSC_VER < 1300) && !defined(IPPROTO_ESP))
+#    undef HAVE_STRUCT_SOCKADDR_STORAGE
+#  endif
+#endif
+
+/*
+ * Intentionally fail to build when using msvc 6.0 without PSDK installed.
+ * The brave of heart can circumvent this, defining ALLOW_MSVC6_WITHOUT_PSDK
+ * in lib/config-win32.h although absolutely discouraged and unsupported.
+ */
+
+#if defined(_MSC_VER) && !defined(__POCC__)
+#  if !defined(HAVE_WINDOWS_H) || ((_MSC_VER < 1300) && !defined(_FILETIME_))
+#    if !defined(ALLOW_MSVC6_WITHOUT_PSDK)
+#      error MSVC 6.0 requires "February 2003 Platform SDK" a.k.a. \
+             "Windows Server 2003 PSDK"
+#    else
+#      define CURL_DISABLE_LDAP 1
+#    endif
+#  endif
+#endif
+
+#ifdef NETWARE
+int netware_init(void);
+#ifndef __NOVELL_LIBC__
+#include <sys/bsdskt.h>
+#include <sys/timeval.h>
+#endif
+#endif
+
+#if defined(HAVE_LIBIDN) && defined(HAVE_TLD_H)
+/* The lib was present and the tld.h header (which is missing in libidn 0.3.X
+   but we only work with libidn 0.4.1 or later) */
+#define USE_LIBIDN
+#endif
+
+#ifndef SIZEOF_TIME_T
+/* assume default size of time_t to be 32 bit */
+#define SIZEOF_TIME_T 4
+#endif
+
+#define LIBIDN_REQUIRED_VERSION "0.4.1"
+
+#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || \
+    defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) || \
+    defined(USE_CYASSL) || defined(USE_SCHANNEL) || \
+    defined(USE_DARWINSSL) || defined(USE_GSKIT)
+#define USE_SSL    /* SSL support has been enabled */
+#endif
+
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
+    (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
+#define USE_SPNEGO
+#endif
+
+/* Single point where USE_NTLM definition might be done */
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \
+    !defined(CURL_DISABLE_CRYPTO_AUTH)
+#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
+    defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL)
+#define USE_NTLM
+#endif
+#endif
+
+/* non-configure builds may define CURL_WANTS_CA_BUNDLE_ENV */
+#if defined(CURL_WANTS_CA_BUNDLE_ENV) && !defined(CURL_CA_BUNDLE)
+#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")
+#endif
+
+/*
+ * Provide a mechanism to silence picky compilers, such as gcc 4.6+.
+ * Parameters should of course normally not be unused, but for example when
+ * we have multiple implementations of the same interface it may happen.
+ */
+
+#if defined(__GNUC__) && ((__GNUC__ >= 3) || \
+  ((__GNUC__ == 2) && defined(__GNUC_MINOR__) && (__GNUC_MINOR__ >= 7)))
+#  define UNUSED_PARAM __attribute__((__unused__))
+#else
+#  define UNUSED_PARAM /*NOTHING*/
+#endif
+
+/*
+ * Include macros and defines that should only be processed once.
+ */
+
+#ifndef HEADER_CURL_SETUP_ONCE_H
+#include "curl_setup_once.h"
+#endif
+
+/*
+ * Definition of our NOP statement Object-like macro
+ */
+
+#ifndef Curl_nop_stmt
+#  define Curl_nop_stmt do { } WHILE_FALSE
+#endif
+
+/*
+ * Ensure that Winsock and lwIP TCP/IP stacks are not mixed.
+ */
+
+#if defined(__LWIP_OPT_H__)
+#  if defined(SOCKET) || \
+     defined(USE_WINSOCK) || \
+     defined(HAVE_WINSOCK_H) || \
+     defined(HAVE_WINSOCK2_H) || \
+     defined(HAVE_WS2TCPIP_H)
+#    error "Winsock and lwIP TCP/IP stack definitions shall not coexist!"
+#  endif
+#endif
+
+/*
+ * Portable symbolic names for Winsock shutdown() mode flags.
+ */
+
+#ifdef USE_WINSOCK
+#  define SHUT_RD   0x00
+#  define SHUT_WR   0x01
+#  define SHUT_RDWR 0x02
+#endif
+
+/* Define S_ISREG if not defined by system headers, f.e. MSVC */
+#if !defined(S_ISREG) && defined(S_IFMT) && defined(S_IFREG)
+#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
+#endif
+
+/* Define S_ISDIR if not defined by system headers, f.e. MSVC */
+#if !defined(S_ISDIR) && defined(S_IFMT) && defined(S_IFDIR)
+#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
+#endif
+
+#endif /* HEADER_CURL_SETUP_H */
diff --git a/Utilities/cmcurl/lib/curl_setup_once.h b/Utilities/cmcurl/lib/curl_setup_once.h
new file mode 100644
index 0000000..69d6d47
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_setup_once.h
@@ -0,0 +1,551 @@
+#ifndef HEADER_CURL_SETUP_ONCE_H
+#define HEADER_CURL_SETUP_ONCE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+
+/*
+ * Inclusion of common header files.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef NEED_MALLOC_H
+#include <malloc.h>
+#endif
+
+#ifdef NEED_MEMORY_H
+#include <memory.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <time.h>
+#endif
+#else
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+#endif
+
+#ifdef WIN32
+#include <io.h>
+#include <fcntl.h>
+#endif
+
+#if defined(HAVE_STDBOOL_H) && defined(HAVE_BOOL_T)
+#include <stdbool.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef __hpux
+#  if !defined(_XOPEN_SOURCE_EXTENDED) || defined(_KERNEL)
+#    ifdef _APP32_64BIT_OFF_T
+#      define OLD_APP32_64BIT_OFF_T _APP32_64BIT_OFF_T
+#      undef _APP32_64BIT_OFF_T
+#    else
+#      undef OLD_APP32_64BIT_OFF_T
+#    endif
+#  endif
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef __hpux
+#  if !defined(_XOPEN_SOURCE_EXTENDED) || defined(_KERNEL)
+#    ifdef OLD_APP32_64BIT_OFF_T
+#      define _APP32_64BIT_OFF_T OLD_APP32_64BIT_OFF_T
+#      undef OLD_APP32_64BIT_OFF_T
+#    endif
+#  endif
+#endif
+
+
+/*
+ * Definition of timeval struct for platforms that don't have it.
+ */
+
+#ifndef HAVE_STRUCT_TIMEVAL
+struct timeval {
+ long tv_sec;
+ long tv_usec;
+};
+#endif
+
+
+/*
+ * If we have the MSG_NOSIGNAL define, make sure we use
+ * it as the fourth argument of function send()
+ */
+
+#ifdef HAVE_MSG_NOSIGNAL
+#define SEND_4TH_ARG MSG_NOSIGNAL
+#else
+#define SEND_4TH_ARG 0
+#endif
+
+
+#if defined(__minix)
+/* Minix doesn't support recv on TCP sockets */
+#define sread(x,y,z) (ssize_t)read((RECV_TYPE_ARG1)(x), \
+                                   (RECV_TYPE_ARG2)(y), \
+                                   (RECV_TYPE_ARG3)(z))
+
+#elif defined(HAVE_RECV)
+/*
+ * The definitions for the return type and arguments types
+ * of functions recv() and send() belong and come from the
+ * configuration file. Do not define them in any other place.
+ *
+ * HAVE_RECV is defined if you have a function named recv()
+ * which is used to read incoming data from sockets. If your
+ * function has another name then don't define HAVE_RECV.
+ *
+ * If HAVE_RECV is defined then RECV_TYPE_ARG1, RECV_TYPE_ARG2,
+ * RECV_TYPE_ARG3, RECV_TYPE_ARG4 and RECV_TYPE_RETV must also
+ * be defined.
+ *
+ * HAVE_SEND is defined if you have a function named send()
+ * which is used to write outgoing data on a connected socket.
+ * If yours has another name then don't define HAVE_SEND.
+ *
+ * If HAVE_SEND is defined then SEND_TYPE_ARG1, SEND_QUAL_ARG2,
+ * SEND_TYPE_ARG2, SEND_TYPE_ARG3, SEND_TYPE_ARG4 and
+ * SEND_TYPE_RETV must also be defined.
+ */
+
+#if !defined(RECV_TYPE_ARG1) || \
+    !defined(RECV_TYPE_ARG2) || \
+    !defined(RECV_TYPE_ARG3) || \
+    !defined(RECV_TYPE_ARG4) || \
+    !defined(RECV_TYPE_RETV)
+  /* */
+  Error Missing_definition_of_return_and_arguments_types_of_recv
+  /* */
+#else
+#define sread(x,y,z) (ssize_t)recv((RECV_TYPE_ARG1)(x), \
+                                   (RECV_TYPE_ARG2)(y), \
+                                   (RECV_TYPE_ARG3)(z), \
+                                   (RECV_TYPE_ARG4)(0))
+#endif
+#else /* HAVE_RECV */
+#ifndef sread
+  /* */
+  Error Missing_definition_of_macro_sread
+  /* */
+#endif
+#endif /* HAVE_RECV */
+
+
+#if defined(__minix)
+/* Minix doesn't support send on TCP sockets */
+#define swrite(x,y,z) (ssize_t)write((SEND_TYPE_ARG1)(x), \
+                                    (SEND_TYPE_ARG2)(y), \
+                                    (SEND_TYPE_ARG3)(z))
+
+#elif defined(HAVE_SEND)
+#if !defined(SEND_TYPE_ARG1) || \
+    !defined(SEND_QUAL_ARG2) || \
+    !defined(SEND_TYPE_ARG2) || \
+    !defined(SEND_TYPE_ARG3) || \
+    !defined(SEND_TYPE_ARG4) || \
+    !defined(SEND_TYPE_RETV)
+  /* */
+  Error Missing_definition_of_return_and_arguments_types_of_send
+  /* */
+#else
+#define swrite(x,y,z) (ssize_t)send((SEND_TYPE_ARG1)(x), \
+                                    (SEND_TYPE_ARG2)(y), \
+                                    (SEND_TYPE_ARG3)(z), \
+                                    (SEND_TYPE_ARG4)(SEND_4TH_ARG))
+#endif
+#else /* HAVE_SEND */
+#ifndef swrite
+  /* */
+  Error Missing_definition_of_macro_swrite
+  /* */
+#endif
+#endif /* HAVE_SEND */
+
+
+#if 0
+#if defined(HAVE_RECVFROM)
+/*
+ * Currently recvfrom is only used on udp sockets.
+ */
+#if !defined(RECVFROM_TYPE_ARG1) || \
+    !defined(RECVFROM_TYPE_ARG2) || \
+    !defined(RECVFROM_TYPE_ARG3) || \
+    !defined(RECVFROM_TYPE_ARG4) || \
+    !defined(RECVFROM_TYPE_ARG5) || \
+    !defined(RECVFROM_TYPE_ARG6) || \
+    !defined(RECVFROM_TYPE_RETV)
+  /* */
+  Error Missing_definition_of_return_and_arguments_types_of_recvfrom
+  /* */
+#else
+#define sreadfrom(s,b,bl,f,fl) (ssize_t)recvfrom((RECVFROM_TYPE_ARG1)  (s),  \
+                                                 (RECVFROM_TYPE_ARG2 *)(b),  \
+                                                 (RECVFROM_TYPE_ARG3)  (bl), \
+                                                 (RECVFROM_TYPE_ARG4)  (0),  \
+                                                 (RECVFROM_TYPE_ARG5 *)(f),  \
+                                                 (RECVFROM_TYPE_ARG6 *)(fl))
+#endif
+#else /* HAVE_RECVFROM */
+#ifndef sreadfrom
+  /* */
+  Error Missing_definition_of_macro_sreadfrom
+  /* */
+#endif
+#endif /* HAVE_RECVFROM */
+
+
+#ifdef RECVFROM_TYPE_ARG6_IS_VOID
+#  define RECVFROM_ARG6_T int
+#else
+#  define RECVFROM_ARG6_T RECVFROM_TYPE_ARG6
+#endif
+#endif /* if 0 */
+
+
+/*
+ * Function-like macro definition used to close a socket.
+ */
+
+#if defined(HAVE_CLOSESOCKET)
+#  define sclose(x)  closesocket((x))
+#elif defined(HAVE_CLOSESOCKET_CAMEL)
+#  define sclose(x)  CloseSocket((x))
+#elif defined(HAVE_CLOSE_S)
+#  define sclose(x)  close_s((x))
+#elif defined(USE_LWIPSOCK)
+#  define sclose(x)  lwip_close((x))
+#else
+#  define sclose(x)  close((x))
+#endif
+
+/*
+ * Stack-independent version of fcntl() on sockets:
+ */
+#if defined(USE_LWIPSOCK)
+#  define sfcntl  lwip_fcntl
+#else
+#  define sfcntl  fcntl
+#endif
+
+/*
+ * Uppercase macro versions of ANSI/ISO is*() functions/macros which
+ * avoid negative number inputs with argument byte codes > 127.
+ */
+
+#define ISSPACE(x)  (isspace((int)  ((unsigned char)x)))
+#define ISDIGIT(x)  (isdigit((int)  ((unsigned char)x)))
+#define ISALNUM(x)  (isalnum((int)  ((unsigned char)x)))
+#define ISXDIGIT(x) (isxdigit((int) ((unsigned char)x)))
+#define ISGRAPH(x)  (isgraph((int)  ((unsigned char)x)))
+#define ISALPHA(x)  (isalpha((int)  ((unsigned char)x)))
+#define ISPRINT(x)  (isprint((int)  ((unsigned char)x)))
+#define ISUPPER(x)  (isupper((int)  ((unsigned char)x)))
+#define ISLOWER(x)  (islower((int)  ((unsigned char)x)))
+#define ISASCII(x)  (isascii((int)  ((unsigned char)x)))
+
+#define ISBLANK(x)  (int)((((unsigned char)x) == ' ') || \
+                          (((unsigned char)x) == '\t'))
+
+#define TOLOWER(x)  (tolower((int)  ((unsigned char)x)))
+
+
+/*
+ * 'bool' stuff compatible with HP-UX headers.
+ */
+
+#if defined(__hpux) && !defined(HAVE_BOOL_T)
+   typedef int bool;
+#  define false 0
+#  define true 1
+#  define HAVE_BOOL_T
+#endif
+
+
+/*
+ * 'bool' exists on platforms with <stdbool.h>, i.e. C99 platforms.
+ * On non-C99 platforms there's no bool, so define an enum for that.
+ * On C99 platforms 'false' and 'true' also exist. Enum uses a
+ * global namespace though, so use bool_false and bool_true.
+ */
+
+#ifndef HAVE_BOOL_T
+  typedef enum {
+      bool_false = 0,
+      bool_true  = 1
+  } bool;
+
+/*
+ * Use a define to let 'true' and 'false' use those enums.  There
+ * are currently no use of true and false in libcurl proper, but
+ * there are some in the examples. This will cater for any later
+ * code happening to use true and false.
+ */
+#  define false bool_false
+#  define true  bool_true
+#  define HAVE_BOOL_T
+#endif
+
+
+/*
+ * Redefine TRUE and FALSE too, to catch current use. With this
+ * change, 'bool found = 1' will give a warning on MIPSPro, but
+ * 'bool found = TRUE' will not. Change tested on IRIX/MIPSPro,
+ * AIX 5.1/Xlc, Tru64 5.1/cc, w/make test too.
+ */
+
+#ifndef TRUE
+#define TRUE true
+#endif
+#ifndef FALSE
+#define FALSE false
+#endif
+
+
+/*
+ * Macro WHILE_FALSE may be used to build single-iteration do-while loops,
+ * avoiding compiler warnings. Mostly intended for other macro definitions.
+ */
+
+#define WHILE_FALSE  while(0)
+
+#if defined(_MSC_VER) && !defined(__POCC__)
+#  undef WHILE_FALSE
+#  if (_MSC_VER < 1500)
+#    define WHILE_FALSE  while(1, 0)
+#  else
+#    define WHILE_FALSE \
+__pragma(warning(push)) \
+__pragma(warning(disable:4127)) \
+while(0) \
+__pragma(warning(pop))
+#  endif
+#endif
+
+
+/*
+ * Typedef to 'int' if sig_atomic_t is not an available 'typedefed' type.
+ */
+
+#ifndef HAVE_SIG_ATOMIC_T
+typedef int sig_atomic_t;
+#define HAVE_SIG_ATOMIC_T
+#endif
+
+
+/*
+ * Convenience SIG_ATOMIC_T definition
+ */
+
+#ifdef HAVE_SIG_ATOMIC_T_VOLATILE
+#define SIG_ATOMIC_T static sig_atomic_t
+#else
+#define SIG_ATOMIC_T static volatile sig_atomic_t
+#endif
+
+
+/*
+ * Default return type for signal handlers.
+ */
+
+#ifndef RETSIGTYPE
+#define RETSIGTYPE void
+#endif
+
+
+/*
+ * Macro used to include code only in debug builds.
+ */
+
+#ifdef DEBUGBUILD
+#define DEBUGF(x) x
+#else
+#define DEBUGF(x) do { } WHILE_FALSE
+#endif
+
+
+/*
+ * Macro used to include assertion code only in debug builds.
+ */
+
+#if defined(DEBUGBUILD) && defined(HAVE_ASSERT_H)
+#define DEBUGASSERT(x) assert(x)
+#else
+#define DEBUGASSERT(x) do { } WHILE_FALSE
+#endif
+
+
+/*
+ * Macro SOCKERRNO / SET_SOCKERRNO() returns / sets the *socket-related* errno
+ * (or equivalent) on this platform to hide platform details to code using it.
+ */
+
+#ifdef USE_WINSOCK
+#define SOCKERRNO         ((int)WSAGetLastError())
+#define SET_SOCKERRNO(x)  (WSASetLastError((int)(x)))
+#else
+#define SOCKERRNO         (errno)
+#define SET_SOCKERRNO(x)  (errno = (x))
+#endif
+
+
+/*
+ * Macro ERRNO / SET_ERRNO() returns / sets the NOT *socket-related* errno
+ * (or equivalent) on this platform to hide platform details to code using it.
+ */
+
+#if defined(WIN32) && !defined(USE_LWIPSOCK)
+#define ERRNO         ((int)GetLastError())
+#define SET_ERRNO(x)  (SetLastError((DWORD)(x)))
+#else
+#define ERRNO         (errno)
+#define SET_ERRNO(x)  (errno = (x))
+#endif
+
+
+/*
+ * Portable error number symbolic names defined to Winsock error codes.
+ */
+
+#ifdef USE_WINSOCK
+#undef  EBADF            /* override definition in errno.h */
+#define EBADF            WSAEBADF
+#undef  EINTR            /* override definition in errno.h */
+#define EINTR            WSAEINTR
+#undef  EINVAL           /* override definition in errno.h */
+#define EINVAL           WSAEINVAL
+#undef  EWOULDBLOCK      /* override definition in errno.h */
+#define EWOULDBLOCK      WSAEWOULDBLOCK
+#undef  EINPROGRESS      /* override definition in errno.h */
+#define EINPROGRESS      WSAEINPROGRESS
+#undef  EALREADY         /* override definition in errno.h */
+#define EALREADY         WSAEALREADY
+#undef  ENOTSOCK         /* override definition in errno.h */
+#define ENOTSOCK         WSAENOTSOCK
+#undef  EDESTADDRREQ     /* override definition in errno.h */
+#define EDESTADDRREQ     WSAEDESTADDRREQ
+#undef  EMSGSIZE         /* override definition in errno.h */
+#define EMSGSIZE         WSAEMSGSIZE
+#undef  EPROTOTYPE       /* override definition in errno.h */
+#define EPROTOTYPE       WSAEPROTOTYPE
+#undef  ENOPROTOOPT      /* override definition in errno.h */
+#define ENOPROTOOPT      WSAENOPROTOOPT
+#undef  EPROTONOSUPPORT  /* override definition in errno.h */
+#define EPROTONOSUPPORT  WSAEPROTONOSUPPORT
+#define ESOCKTNOSUPPORT  WSAESOCKTNOSUPPORT
+#undef  EOPNOTSUPP       /* override definition in errno.h */
+#define EOPNOTSUPP       WSAEOPNOTSUPP
+#define EPFNOSUPPORT     WSAEPFNOSUPPORT
+#undef  EAFNOSUPPORT     /* override definition in errno.h */
+#define EAFNOSUPPORT     WSAEAFNOSUPPORT
+#undef  EADDRINUSE       /* override definition in errno.h */
+#define EADDRINUSE       WSAEADDRINUSE
+#undef  EADDRNOTAVAIL    /* override definition in errno.h */
+#define EADDRNOTAVAIL    WSAEADDRNOTAVAIL
+#undef  ENETDOWN         /* override definition in errno.h */
+#define ENETDOWN         WSAENETDOWN
+#undef  ENETUNREACH      /* override definition in errno.h */
+#define ENETUNREACH      WSAENETUNREACH
+#undef  ENETRESET        /* override definition in errno.h */
+#define ENETRESET        WSAENETRESET
+#undef  ECONNABORTED     /* override definition in errno.h */
+#define ECONNABORTED     WSAECONNABORTED
+#undef  ECONNRESET       /* override definition in errno.h */
+#define ECONNRESET       WSAECONNRESET
+#undef  ENOBUFS          /* override definition in errno.h */
+#define ENOBUFS          WSAENOBUFS
+#undef  EISCONN          /* override definition in errno.h */
+#define EISCONN          WSAEISCONN
+#undef  ENOTCONN         /* override definition in errno.h */
+#define ENOTCONN         WSAENOTCONN
+#define ESHUTDOWN        WSAESHUTDOWN
+#define ETOOMANYREFS     WSAETOOMANYREFS
+#undef  ETIMEDOUT        /* override definition in errno.h */
+#define ETIMEDOUT        WSAETIMEDOUT
+#undef  ECONNREFUSED     /* override definition in errno.h */
+#define ECONNREFUSED     WSAECONNREFUSED
+#undef  ELOOP            /* override definition in errno.h */
+#define ELOOP            WSAELOOP
+#ifndef ENAMETOOLONG     /* possible previous definition in errno.h */
+#define ENAMETOOLONG     WSAENAMETOOLONG
+#endif
+#define EHOSTDOWN        WSAEHOSTDOWN
+#undef  EHOSTUNREACH     /* override definition in errno.h */
+#define EHOSTUNREACH     WSAEHOSTUNREACH
+#ifndef ENOTEMPTY        /* possible previous definition in errno.h */
+#define ENOTEMPTY        WSAENOTEMPTY
+#endif
+#define EPROCLIM         WSAEPROCLIM
+#define EUSERS           WSAEUSERS
+#define EDQUOT           WSAEDQUOT
+#define ESTALE           WSAESTALE
+#define EREMOTE          WSAEREMOTE
+#endif
+
+/*
+ * Macro argv_item_t hides platform details to code using it.
+ */
+
+#ifdef __VMS
+#define argv_item_t  __char_ptr32
+#else
+#define argv_item_t  char *
+#endif
+
+
+/*
+ * We use this ZERO_NULL to avoid picky compiler warnings,
+ * when assigning a NULL pointer to a function pointer var.
+ */
+
+#define ZERO_NULL 0
+
+
+#endif /* HEADER_CURL_SETUP_ONCE_H */
+
diff --git a/Utilities/cmcurl/lib/curl_sspi.c b/Utilities/cmcurl/lib/curl_sspi.c
new file mode 100644
index 0000000..f09d288
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_sspi.c
@@ -0,0 +1,257 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_WINDOWS_SSPI
+
+#include <curl/curl.h>
+
+#include "curl_sspi.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+#include "curl_multibyte.h"
+#include "warnless.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* We use our own typedef here since some headers might lack these */
+typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
+
+/* See definition of SECURITY_ENTRYPOINT in sspi.h */
+#ifdef UNICODE
+#  ifdef _WIN32_WCE
+#    define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
+#  else
+#    define SECURITYENTRYPOINT "InitSecurityInterfaceW"
+#  endif
+#else
+#  define SECURITYENTRYPOINT "InitSecurityInterfaceA"
+#endif
+
+/* Handle of security.dll or secur32.dll, depending on Windows version */
+HMODULE s_hSecDll = NULL;
+
+/* Pointer to SSPI dispatch table */
+PSecurityFunctionTable s_pSecFn = NULL;
+
+/*
+ * Curl_sspi_global_init()
+ *
+ * This is used to load the Security Service Provider Interface (SSPI)
+ * dynamic link library portably across all Windows versions, without
+ * the need to directly link libcurl, nor the application using it, at
+ * build time.
+ *
+ * Once this function has been executed, Windows SSPI functions can be
+ * called through the Security Service Provider Interface dispatch table.
+ */
+CURLcode Curl_sspi_global_init(void)
+{
+  bool securityDll = FALSE;
+  INITSECURITYINTERFACE_FN pInitSecurityInterface;
+
+  /* If security interface is not yet initialized try to do this */
+  if(!s_hSecDll) {
+    /* Security Service Provider Interface (SSPI) functions are located in
+     * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
+     * have both these DLLs (security.dll forwards calls to secur32.dll) */
+    DWORD majorVersion = 4;
+    DWORD platformId = VER_PLATFORM_WIN32_NT;
+
+#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
+    (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
+    OSVERSIONINFO osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+
+    /* Find out Windows version */
+    if(!GetVersionEx(&osver))
+      return CURLE_FAILED_INIT;
+
+    /* Verify the major version number == 4 and platform id == WIN_NT */
+    if(osver.dwMajorVersion == majorVersion &&
+       osver.dwPlatformId == platformId)
+      securityDll = TRUE;
+#else
+    ULONGLONG majorVersionMask;
+    ULONGLONG platformIdMask;
+    OSVERSIONINFOEX osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+    osver.dwMajorVersion = majorVersion;
+    osver.dwPlatformId = platformId;
+    majorVersionMask = VerSetConditionMask(0, VER_MAJORVERSION, VER_EQUAL);
+    platformIdMask = VerSetConditionMask(0, VER_PLATFORMID, VER_EQUAL);
+
+    /* Verify the major version number == 4 and platform id == WIN_NT */
+    if(VerifyVersionInfo(&osver, VER_MAJORVERSION, majorVersionMask) &&
+       VerifyVersionInfo(&osver, VER_PLATFORMID, platformIdMask))
+      securityDll = TRUE;
+#endif
+
+    /* Load SSPI dll into the address space of the calling process */
+    if(securityDll)
+      s_hSecDll = LoadLibrary(TEXT("security.dll"));
+    else
+      s_hSecDll = LoadLibrary(TEXT("secur32.dll"));
+    if(!s_hSecDll)
+      return CURLE_FAILED_INIT;
+
+    /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
+    pInitSecurityInterface = (INITSECURITYINTERFACE_FN)
+      GetProcAddress(s_hSecDll, SECURITYENTRYPOINT);
+    if(!pInitSecurityInterface)
+      return CURLE_FAILED_INIT;
+
+    /* Get pointer to Security Service Provider Interface dispatch table */
+    s_pSecFn = pInitSecurityInterface();
+    if(!s_pSecFn)
+      return CURLE_FAILED_INIT;
+  }
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_sspi_global_cleanup()
+ *
+ * This deinitializes the Security Service Provider Interface from libcurl.
+ */
+
+void Curl_sspi_global_cleanup(void)
+{
+  if(s_hSecDll) {
+    FreeLibrary(s_hSecDll);
+    s_hSecDll = NULL;
+    s_pSecFn = NULL;
+  }
+}
+
+/*
+ * Curl_create_sspi_identity()
+ *
+ * This is used to populate a SSPI identity structure based on the supplied
+ * username and password.
+ *
+ * Parameters:
+ *
+ * userp    [in]     - The user name in the format User or Domain\User.
+ * passdwp  [in]     - The user's password.
+ * identity [in/out] - The identity structure.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
+                                   SEC_WINNT_AUTH_IDENTITY *identity)
+{
+  xcharp_u useranddomain;
+  xcharp_u user, dup_user;
+  xcharp_u domain, dup_domain;
+  xcharp_u passwd, dup_passwd;
+  size_t domlen = 0;
+
+  domain.const_tchar_ptr = TEXT("");
+
+  /* Initialize the identity */
+  memset(identity, 0, sizeof(*identity));
+
+  useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
+  if(!useranddomain.tchar_ptr)
+    return CURLE_OUT_OF_MEMORY;
+
+  user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
+  if(!user.const_tchar_ptr)
+    user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
+
+  if(user.tchar_ptr) {
+    domain.tchar_ptr = useranddomain.tchar_ptr;
+    domlen = user.tchar_ptr - useranddomain.tchar_ptr;
+    user.tchar_ptr++;
+  }
+  else {
+    user.tchar_ptr = useranddomain.tchar_ptr;
+    domain.const_tchar_ptr = TEXT("");
+    domlen = 0;
+  }
+
+  /* Setup the identity's user and length */
+  dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
+  if(!dup_user.tchar_ptr) {
+    Curl_unicodefree(useranddomain.tchar_ptr);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  identity->User = dup_user.tbyte_ptr;
+  identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
+  dup_user.tchar_ptr = NULL;
+
+  /* Setup the identity's domain and length */
+  dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
+  if(!dup_domain.tchar_ptr) {
+    Curl_unicodefree(useranddomain.tchar_ptr);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
+  *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
+  identity->Domain = dup_domain.tbyte_ptr;
+  identity->DomainLength = curlx_uztoul(domlen);
+  dup_domain.tchar_ptr = NULL;
+
+  Curl_unicodefree(useranddomain.tchar_ptr);
+
+  /* Setup ntlm identity's password and length */
+  passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
+  if(!passwd.tchar_ptr)
+    return CURLE_OUT_OF_MEMORY;
+  dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
+  if(!dup_passwd.tchar_ptr) {
+    Curl_unicodefree(passwd.tchar_ptr);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  identity->Password = dup_passwd.tbyte_ptr;
+  identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
+  dup_passwd.tchar_ptr = NULL;
+
+  Curl_unicodefree(passwd.tchar_ptr);
+
+  /* Setup the identity's flags */
+  identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
+
+  return CURLE_OK;
+}
+
+void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
+{
+  if(identity) {
+    Curl_safefree(identity->User);
+    Curl_safefree(identity->Password);
+    Curl_safefree(identity->Domain);
+  }
+}
+
+#endif /* USE_WINDOWS_SSPI */
diff --git a/Utilities/cmcurl/lib/curl_sspi.h b/Utilities/cmcurl/lib/curl_sspi.h
new file mode 100644
index 0000000..5ab17d5
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_sspi.h
@@ -0,0 +1,315 @@
+#ifndef HEADER_CURL_SSPI_H
+#define HEADER_CURL_SSPI_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_WINDOWS_SSPI
+
+#include <curl/curl.h>
+
+/*
+ * When including the following three headers, it is mandatory to define either
+ * SECURITY_WIN32 or SECURITY_KERNEL, indicating who is compiling the code.
+ */
+
+#undef SECURITY_WIN32
+#undef SECURITY_KERNEL
+#define SECURITY_WIN32 1
+#include <security.h>
+#include <sspi.h>
+#include <rpc.h>
+
+CURLcode Curl_sspi_global_init(void);
+void Curl_sspi_global_cleanup(void);
+
+/* This is used to generate an SSPI identity structure */
+CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
+                                   SEC_WINNT_AUTH_IDENTITY *identity);
+
+/* This is used to free an SSPI identity structure */
+void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity);
+
+/* Forward-declaration of global variables defined in curl_sspi.c */
+
+extern HMODULE s_hSecDll;
+extern PSecurityFunctionTable s_pSecFn;
+
+/* Provide some definitions missing in old headers */
+
+#ifndef SEC_E_INSUFFICIENT_MEMORY
+# define SEC_E_INSUFFICIENT_MEMORY             ((HRESULT)0x80090300L)
+#endif
+#ifndef SEC_E_INVALID_HANDLE
+# define SEC_E_INVALID_HANDLE                  ((HRESULT)0x80090301L)
+#endif
+#ifndef SEC_E_UNSUPPORTED_FUNCTION
+# define SEC_E_UNSUPPORTED_FUNCTION            ((HRESULT)0x80090302L)
+#endif
+#ifndef SEC_E_TARGET_UNKNOWN
+# define SEC_E_TARGET_UNKNOWN                  ((HRESULT)0x80090303L)
+#endif
+#ifndef SEC_E_INTERNAL_ERROR
+# define SEC_E_INTERNAL_ERROR                  ((HRESULT)0x80090304L)
+#endif
+#ifndef SEC_E_SECPKG_NOT_FOUND
+# define SEC_E_SECPKG_NOT_FOUND                ((HRESULT)0x80090305L)
+#endif
+#ifndef SEC_E_NOT_OWNER
+# define SEC_E_NOT_OWNER                       ((HRESULT)0x80090306L)
+#endif
+#ifndef SEC_E_CANNOT_INSTALL
+# define SEC_E_CANNOT_INSTALL                  ((HRESULT)0x80090307L)
+#endif
+#ifndef SEC_E_INVALID_TOKEN
+# define SEC_E_INVALID_TOKEN                   ((HRESULT)0x80090308L)
+#endif
+#ifndef SEC_E_CANNOT_PACK
+# define SEC_E_CANNOT_PACK                     ((HRESULT)0x80090309L)
+#endif
+#ifndef SEC_E_QOP_NOT_SUPPORTED
+# define SEC_E_QOP_NOT_SUPPORTED               ((HRESULT)0x8009030AL)
+#endif
+#ifndef SEC_E_NO_IMPERSONATION
+# define SEC_E_NO_IMPERSONATION                ((HRESULT)0x8009030BL)
+#endif
+#ifndef SEC_E_LOGON_DENIED
+# define SEC_E_LOGON_DENIED                    ((HRESULT)0x8009030CL)
+#endif
+#ifndef SEC_E_UNKNOWN_CREDENTIALS
+# define SEC_E_UNKNOWN_CREDENTIALS             ((HRESULT)0x8009030DL)
+#endif
+#ifndef SEC_E_NO_CREDENTIALS
+# define SEC_E_NO_CREDENTIALS                  ((HRESULT)0x8009030EL)
+#endif
+#ifndef SEC_E_MESSAGE_ALTERED
+# define SEC_E_MESSAGE_ALTERED                 ((HRESULT)0x8009030FL)
+#endif
+#ifndef SEC_E_OUT_OF_SEQUENCE
+# define SEC_E_OUT_OF_SEQUENCE                 ((HRESULT)0x80090310L)
+#endif
+#ifndef SEC_E_NO_AUTHENTICATING_AUTHORITY
+# define SEC_E_NO_AUTHENTICATING_AUTHORITY     ((HRESULT)0x80090311L)
+#endif
+#ifndef SEC_E_BAD_PKGID
+# define SEC_E_BAD_PKGID                       ((HRESULT)0x80090316L)
+#endif
+#ifndef SEC_E_CONTEXT_EXPIRED
+# define SEC_E_CONTEXT_EXPIRED                 ((HRESULT)0x80090317L)
+#endif
+#ifndef SEC_E_INCOMPLETE_MESSAGE
+# define SEC_E_INCOMPLETE_MESSAGE              ((HRESULT)0x80090318L)
+#endif
+#ifndef SEC_E_INCOMPLETE_CREDENTIALS
+# define SEC_E_INCOMPLETE_CREDENTIALS          ((HRESULT)0x80090320L)
+#endif
+#ifndef SEC_E_BUFFER_TOO_SMALL
+# define SEC_E_BUFFER_TOO_SMALL                ((HRESULT)0x80090321L)
+#endif
+#ifndef SEC_E_WRONG_PRINCIPAL
+# define SEC_E_WRONG_PRINCIPAL                 ((HRESULT)0x80090322L)
+#endif
+#ifndef SEC_E_TIME_SKEW
+# define SEC_E_TIME_SKEW                       ((HRESULT)0x80090324L)
+#endif
+#ifndef SEC_E_UNTRUSTED_ROOT
+# define SEC_E_UNTRUSTED_ROOT                  ((HRESULT)0x80090325L)
+#endif
+#ifndef SEC_E_ILLEGAL_MESSAGE
+# define SEC_E_ILLEGAL_MESSAGE                 ((HRESULT)0x80090326L)
+#endif
+#ifndef SEC_E_CERT_UNKNOWN
+# define SEC_E_CERT_UNKNOWN                    ((HRESULT)0x80090327L)
+#endif
+#ifndef SEC_E_CERT_EXPIRED
+# define SEC_E_CERT_EXPIRED                    ((HRESULT)0x80090328L)
+#endif
+#ifndef SEC_E_ENCRYPT_FAILURE
+# define SEC_E_ENCRYPT_FAILURE                 ((HRESULT)0x80090329L)
+#endif
+#ifndef SEC_E_DECRYPT_FAILURE
+# define SEC_E_DECRYPT_FAILURE                 ((HRESULT)0x80090330L)
+#endif
+#ifndef SEC_E_ALGORITHM_MISMATCH
+# define SEC_E_ALGORITHM_MISMATCH              ((HRESULT)0x80090331L)
+#endif
+#ifndef SEC_E_SECURITY_QOS_FAILED
+# define SEC_E_SECURITY_QOS_FAILED             ((HRESULT)0x80090332L)
+#endif
+#ifndef SEC_E_UNFINISHED_CONTEXT_DELETED
+# define SEC_E_UNFINISHED_CONTEXT_DELETED      ((HRESULT)0x80090333L)
+#endif
+#ifndef SEC_E_NO_TGT_REPLY
+# define SEC_E_NO_TGT_REPLY                    ((HRESULT)0x80090334L)
+#endif
+#ifndef SEC_E_NO_IP_ADDRESSES
+# define SEC_E_NO_IP_ADDRESSES                 ((HRESULT)0x80090335L)
+#endif
+#ifndef SEC_E_WRONG_CREDENTIAL_HANDLE
+# define SEC_E_WRONG_CREDENTIAL_HANDLE         ((HRESULT)0x80090336L)
+#endif
+#ifndef SEC_E_CRYPTO_SYSTEM_INVALID
+# define SEC_E_CRYPTO_SYSTEM_INVALID           ((HRESULT)0x80090337L)
+#endif
+#ifndef SEC_E_MAX_REFERRALS_EXCEEDED
+# define SEC_E_MAX_REFERRALS_EXCEEDED          ((HRESULT)0x80090338L)
+#endif
+#ifndef SEC_E_MUST_BE_KDC
+# define SEC_E_MUST_BE_KDC                     ((HRESULT)0x80090339L)
+#endif
+#ifndef SEC_E_STRONG_CRYPTO_NOT_SUPPORTED
+# define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED     ((HRESULT)0x8009033AL)
+#endif
+#ifndef SEC_E_TOO_MANY_PRINCIPALS
+# define SEC_E_TOO_MANY_PRINCIPALS             ((HRESULT)0x8009033BL)
+#endif
+#ifndef SEC_E_NO_PA_DATA
+# define SEC_E_NO_PA_DATA                      ((HRESULT)0x8009033CL)
+#endif
+#ifndef SEC_E_PKINIT_NAME_MISMATCH
+# define SEC_E_PKINIT_NAME_MISMATCH            ((HRESULT)0x8009033DL)
+#endif
+#ifndef SEC_E_SMARTCARD_LOGON_REQUIRED
+# define SEC_E_SMARTCARD_LOGON_REQUIRED        ((HRESULT)0x8009033EL)
+#endif
+#ifndef SEC_E_SHUTDOWN_IN_PROGRESS
+# define SEC_E_SHUTDOWN_IN_PROGRESS            ((HRESULT)0x8009033FL)
+#endif
+#ifndef SEC_E_KDC_INVALID_REQUEST
+# define SEC_E_KDC_INVALID_REQUEST             ((HRESULT)0x80090340L)
+#endif
+#ifndef SEC_E_KDC_UNABLE_TO_REFER
+# define SEC_E_KDC_UNABLE_TO_REFER             ((HRESULT)0x80090341L)
+#endif
+#ifndef SEC_E_KDC_UNKNOWN_ETYPE
+# define SEC_E_KDC_UNKNOWN_ETYPE               ((HRESULT)0x80090342L)
+#endif
+#ifndef SEC_E_UNSUPPORTED_PREAUTH
+# define SEC_E_UNSUPPORTED_PREAUTH             ((HRESULT)0x80090343L)
+#endif
+#ifndef SEC_E_DELEGATION_REQUIRED
+# define SEC_E_DELEGATION_REQUIRED             ((HRESULT)0x80090345L)
+#endif
+#ifndef SEC_E_BAD_BINDINGS
+# define SEC_E_BAD_BINDINGS                    ((HRESULT)0x80090346L)
+#endif
+#ifndef SEC_E_MULTIPLE_ACCOUNTS
+# define SEC_E_MULTIPLE_ACCOUNTS               ((HRESULT)0x80090347L)
+#endif
+#ifndef SEC_E_NO_KERB_KEY
+# define SEC_E_NO_KERB_KEY                     ((HRESULT)0x80090348L)
+#endif
+#ifndef SEC_E_CERT_WRONG_USAGE
+# define SEC_E_CERT_WRONG_USAGE                ((HRESULT)0x80090349L)
+#endif
+#ifndef SEC_E_DOWNGRADE_DETECTED
+# define SEC_E_DOWNGRADE_DETECTED              ((HRESULT)0x80090350L)
+#endif
+#ifndef SEC_E_SMARTCARD_CERT_REVOKED
+# define SEC_E_SMARTCARD_CERT_REVOKED          ((HRESULT)0x80090351L)
+#endif
+#ifndef SEC_E_ISSUING_CA_UNTRUSTED
+# define SEC_E_ISSUING_CA_UNTRUSTED            ((HRESULT)0x80090352L)
+#endif
+#ifndef SEC_E_REVOCATION_OFFLINE_C
+# define SEC_E_REVOCATION_OFFLINE_C            ((HRESULT)0x80090353L)
+#endif
+#ifndef SEC_E_PKINIT_CLIENT_FAILURE
+# define SEC_E_PKINIT_CLIENT_FAILURE           ((HRESULT)0x80090354L)
+#endif
+#ifndef SEC_E_SMARTCARD_CERT_EXPIRED
+# define SEC_E_SMARTCARD_CERT_EXPIRED          ((HRESULT)0x80090355L)
+#endif
+#ifndef SEC_E_NO_S4U_PROT_SUPPORT
+# define SEC_E_NO_S4U_PROT_SUPPORT             ((HRESULT)0x80090356L)
+#endif
+#ifndef SEC_E_CROSSREALM_DELEGATION_FAILURE
+# define SEC_E_CROSSREALM_DELEGATION_FAILURE   ((HRESULT)0x80090357L)
+#endif
+#ifndef SEC_E_REVOCATION_OFFLINE_KDC
+# define SEC_E_REVOCATION_OFFLINE_KDC          ((HRESULT)0x80090358L)
+#endif
+#ifndef SEC_E_ISSUING_CA_UNTRUSTED_KDC
+# define SEC_E_ISSUING_CA_UNTRUSTED_KDC        ((HRESULT)0x80090359L)
+#endif
+#ifndef SEC_E_KDC_CERT_EXPIRED
+# define SEC_E_KDC_CERT_EXPIRED                ((HRESULT)0x8009035AL)
+#endif
+#ifndef SEC_E_KDC_CERT_REVOKED
+# define SEC_E_KDC_CERT_REVOKED                ((HRESULT)0x8009035BL)
+#endif
+#ifndef SEC_E_INVALID_PARAMETER
+# define SEC_E_INVALID_PARAMETER               ((HRESULT)0x8009035DL)
+#endif
+#ifndef SEC_E_DELEGATION_POLICY
+# define SEC_E_DELEGATION_POLICY               ((HRESULT)0x8009035EL)
+#endif
+#ifndef SEC_E_POLICY_NLTM_ONLY
+# define SEC_E_POLICY_NLTM_ONLY                ((HRESULT)0x8009035FL)
+#endif
+
+#ifndef SEC_I_CONTINUE_NEEDED
+# define SEC_I_CONTINUE_NEEDED                 ((HRESULT)0x00090312L)
+#endif
+#ifndef SEC_I_COMPLETE_NEEDED
+# define SEC_I_COMPLETE_NEEDED                 ((HRESULT)0x00090313L)
+#endif
+#ifndef SEC_I_COMPLETE_AND_CONTINUE
+# define SEC_I_COMPLETE_AND_CONTINUE           ((HRESULT)0x00090314L)
+#endif
+#ifndef SEC_I_LOCAL_LOGON
+# define SEC_I_LOCAL_LOGON                     ((HRESULT)0x00090315L)
+#endif
+#ifndef SEC_I_CONTEXT_EXPIRED
+# define SEC_I_CONTEXT_EXPIRED                 ((HRESULT)0x00090317L)
+#endif
+#ifndef SEC_I_INCOMPLETE_CREDENTIALS
+# define SEC_I_INCOMPLETE_CREDENTIALS          ((HRESULT)0x00090320L)
+#endif
+#ifndef SEC_I_RENEGOTIATE
+# define SEC_I_RENEGOTIATE                     ((HRESULT)0x00090321L)
+#endif
+#ifndef SEC_I_NO_LSA_CONTEXT
+# define SEC_I_NO_LSA_CONTEXT                  ((HRESULT)0x00090323L)
+#endif
+#ifndef SEC_I_SIGNATURE_NEEDED
+# define SEC_I_SIGNATURE_NEEDED                ((HRESULT)0x0009035CL)
+#endif
+
+#ifdef UNICODE
+#  define SECFLAG_WINNT_AUTH_IDENTITY \
+     (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
+#else
+#  define SECFLAG_WINNT_AUTH_IDENTITY \
+     (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI
+#endif
+
+/*
+ * Definitions required from ntsecapi.h are directly provided below this point
+ * to avoid including ntsecapi.h due to a conflict with OpenSSL's safestack.h
+ */
+#define KERB_WRAP_NO_ENCRYPT 0x80000001
+
+#endif /* USE_WINDOWS_SSPI */
+
+#endif /* HEADER_CURL_SSPI_H */
diff --git a/Utilities/cmcurl/lib/curl_threads.c b/Utilities/cmcurl/lib/curl_threads.c
new file mode 100644
index 0000000..d40e024
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_threads.c
@@ -0,0 +1,135 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_THREADS_POSIX)
+#  ifdef HAVE_PTHREAD_H
+#    include <pthread.h>
+#  endif
+#elif defined(USE_THREADS_WIN32)
+#  ifdef HAVE_PROCESS_H
+#    include <process.h>
+#  endif
+#endif
+
+#include "curl_threads.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if defined(USE_THREADS_POSIX)
+
+struct curl_actual_call {
+  unsigned int (*func)(void *);
+  void *arg;
+};
+
+static void *curl_thread_create_thunk(void *arg)
+{
+  struct curl_actual_call * ac = arg;
+  unsigned int (*func)(void *) = ac->func;
+  void *real_arg = ac->arg;
+
+  free(ac);
+
+  (*func)(real_arg);
+
+  return 0;
+}
+
+curl_thread_t Curl_thread_create(unsigned int (*func) (void*), void *arg)
+{
+  curl_thread_t t = malloc(sizeof(pthread_t));
+  struct curl_actual_call *ac = malloc(sizeof(struct curl_actual_call));
+  if(!(ac && t))
+    goto err;
+
+  ac->func = func;
+  ac->arg = arg;
+
+  if(pthread_create(t, NULL, curl_thread_create_thunk, ac) != 0)
+    goto err;
+
+  return t;
+
+err:
+  Curl_safefree(t);
+  Curl_safefree(ac);
+  return curl_thread_t_null;
+}
+
+void Curl_thread_destroy(curl_thread_t hnd)
+{
+  if(hnd != curl_thread_t_null) {
+    pthread_detach(*hnd);
+    free(hnd);
+  }
+}
+
+int Curl_thread_join(curl_thread_t *hnd)
+{
+  int ret = (pthread_join(**hnd, NULL) == 0);
+
+  free(*hnd);
+  *hnd = curl_thread_t_null;
+
+  return ret;
+}
+
+#elif defined(USE_THREADS_WIN32)
+
+curl_thread_t Curl_thread_create(unsigned int (CURL_STDCALL *func) (void*),
+                                 void *arg)
+{
+#ifdef _WIN32_WCE
+  return CreateThread(NULL, 0, func, arg, 0, NULL);
+#else
+  curl_thread_t t;
+  t = (curl_thread_t)_beginthreadex(NULL, 0, func, arg, 0, NULL);
+  if((t == 0) || (t == (curl_thread_t)-1L))
+    return curl_thread_t_null;
+  return t;
+#endif
+}
+
+void Curl_thread_destroy(curl_thread_t hnd)
+{
+  CloseHandle(hnd);
+}
+
+int Curl_thread_join(curl_thread_t *hnd)
+{
+  int ret = (WaitForSingleObject(*hnd, INFINITE) == WAIT_OBJECT_0);
+
+  Curl_thread_destroy(*hnd);
+
+  *hnd = curl_thread_t_null;
+
+  return ret;
+}
+
+#endif /* USE_THREADS_* */
diff --git a/Utilities/cmcurl/lib/curl_threads.h b/Utilities/cmcurl/lib/curl_threads.h
new file mode 100644
index 0000000..6457cbb
--- /dev/null
+++ b/Utilities/cmcurl/lib/curl_threads.h
@@ -0,0 +1,57 @@
+#ifndef HEADER_CURL_THREADS_H
+#define HEADER_CURL_THREADS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#if defined(USE_THREADS_POSIX)
+#  define CURL_STDCALL
+#  define curl_mutex_t           pthread_mutex_t
+#  define curl_thread_t          pthread_t *
+#  define curl_thread_t_null     (pthread_t *)0
+#  define Curl_mutex_init(m)     pthread_mutex_init(m, NULL)
+#  define Curl_mutex_acquire(m)  pthread_mutex_lock(m)
+#  define Curl_mutex_release(m)  pthread_mutex_unlock(m)
+#  define Curl_mutex_destroy(m)  pthread_mutex_destroy(m)
+#elif defined(USE_THREADS_WIN32)
+#  define CURL_STDCALL           __stdcall
+#  define curl_mutex_t           CRITICAL_SECTION
+#  define curl_thread_t          HANDLE
+#  define curl_thread_t_null     (HANDLE)0
+#  define Curl_mutex_init(m)     InitializeCriticalSection(m)
+#  define Curl_mutex_acquire(m)  EnterCriticalSection(m)
+#  define Curl_mutex_release(m)  LeaveCriticalSection(m)
+#  define Curl_mutex_destroy(m)  DeleteCriticalSection(m)
+#endif
+
+#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
+
+curl_thread_t Curl_thread_create(unsigned int (CURL_STDCALL *func) (void*),
+                                 void *arg);
+
+void Curl_thread_destroy(curl_thread_t hnd);
+
+int Curl_thread_join(curl_thread_t *hnd);
+
+#endif /* USE_THREADS_POSIX || USE_THREADS_WIN32 */
+
+#endif /* HEADER_CURL_THREADS_H */
diff --git a/Utilities/cmcurl/curlx.h b/Utilities/cmcurl/lib/curlx.h
index 26948d3..9dc90a0 100644
--- a/Utilities/cmcurl/curlx.h
+++ b/Utilities/cmcurl/lib/curlx.h
@@ -1,5 +1,5 @@
-#ifndef __CURLX_H
-#define __CURLX_H
+#ifndef HEADER_CURL_CURLX_H
+#define HEADER_CURL_CURLX_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 /*
@@ -53,6 +52,17 @@
   curlx_tvdiff_secs()
 */
 
+#include "nonblock.h"
+/* "nonblock.h" provides curlx_nonblock() */
+
+#include "warnless.h"
+/* "warnless.h" provides functions:
+
+  curlx_ultous()
+  curlx_ultouc()
+  curlx_uztosi()
+*/
+
 /* Now setup curlx_ * names for the functions that are to become curlx_ and
    be removed from a future libcurl official API:
    curlx_getenv
@@ -65,6 +75,7 @@
 #define curlx_getenv curl_getenv
 #define curlx_strequal curl_strequal
 #define curlx_strnequal curl_strnequal
+#define curlx_raw_equal Curl_raw_equal
 #define curlx_mvsnprintf curl_mvsnprintf
 #define curlx_msnprintf curl_msnprintf
 #define curlx_maprintf curl_maprintf
@@ -78,7 +89,7 @@
 
 #ifdef ENABLE_CURLX_PRINTF
 /* If this define is set, we define all "standard" printf() functions to use
-   the curlx_* version instead. It makes the source code transparant and
+   the curlx_* version instead. It makes the source code transparent and
    easier to understand/patch. Undefine them first in case _MPRINTF_REPLACE
    is set. */
 # undef printf
@@ -104,4 +115,5 @@
 # define vaprintf curlx_mvaprintf
 #endif /* ENABLE_CURLX_PRINTF */
 
-#endif /* __CURLX_H */
+#endif /* HEADER_CURL_CURLX_H */
+
diff --git a/Utilities/cmcurl/dict.c b/Utilities/cmcurl/lib/dict.c
index d6443f4..86ddfb9 100644
--- a/Utilities/cmcurl/dict.c
+++ b/Utilities/cmcurl/lib/dict.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,49 +18,27 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
 #ifndef CURL_DISABLE_DICT
 
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#ifdef WIN32
-#include <time.h>
-#include <io.h>
-#else
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
+#ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
 #endif
+#ifdef HAVE_NETDB_H
 #include <netdb.h>
+#endif
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
 #ifdef HAVE_NET_IF_H
 #include <net/if.h>
 #endif
+#ifdef HAVE_SYS_IOCTL_H
 #include <sys/ioctl.h>
-#include <signal.h>
+#endif
 
 #ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
@@ -70,9 +48,6 @@
 #include <sys/select.h>
 #endif
 
-
-#endif
-
 #include "urldata.h"
 #include <curl/curl.h>
 #include "transfer.h"
@@ -81,47 +56,78 @@
 #include "progress.h"
 #include "strequal.h"
 #include "dict.h"
+#include "rawstr.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
+#include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
 
-static char *unescape_word(struct SessionHandle *data, char *inp)
+/*
+ * Forward declarations.
+ */
+
+static CURLcode dict_do(struct connectdata *conn, bool *done);
+
+/*
+ * DICT protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_dict = {
+  "DICT",                               /* scheme */
+  ZERO_NULL,                            /* setup_connection */
+  dict_do,                              /* do_it */
+  ZERO_NULL,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_DICT,                            /* defport */
+  CURLPROTO_DICT,                       /* protocol */
+  PROTOPT_NONE | PROTOPT_NOURLQUERY      /* flags */
+};
+
+static char *unescape_word(struct SessionHandle *data, const char *inputbuff)
 {
   char *newp;
   char *dictp;
   char *ptr;
   int len;
-  unsigned char byte;
+  char byte;
   int olen=0;
 
-  newp = curl_easy_unescape(data, inp, 0, &len);
+  newp = curl_easy_unescape(data, inputbuff, 0, &len);
   if(!newp)
     return NULL;
 
-  dictp = malloc(len*2 + 1); /* add one for terminating zero */
+  dictp = malloc(((size_t)len)*2 + 1); /* add one for terminating zero */
   if(dictp) {
     /* According to RFC2229 section 2.2, these letters need to be escaped with
        \[letter] */
     for(ptr = newp;
-        (byte = (unsigned char)*ptr) != 0;
+        (byte = *ptr) != 0;
         ptr++) {
-      if ((byte <= 32) || (byte == 127) ||
+      if((byte <= 32) || (byte == 127) ||
           (byte == '\'') || (byte == '\"') || (byte == '\\')) {
         dictp[olen++] = '\\';
       }
       dictp[olen++] = byte;
     }
     dictp[olen]=0;
-
-    free(newp);
   }
+  free(newp);
   return dictp;
 }
 
-CURLcode Curl_dict(struct connectdata *conn, bool *done)
+static CURLcode dict_do(struct connectdata *conn, bool *done)
 {
   char *word;
   char *eword;
@@ -134,8 +140,8 @@ CURLcode Curl_dict(struct connectdata *conn, bool *done)
   struct SessionHandle *data=conn->data;
   curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
 
-  char *path = data->reqdata.path;
-  curl_off_t *bytecount = &data->reqdata.keep.bytecount;
+  char *path = data->state.path;
+  curl_off_t *bytecount = &data->req.bytecount;
 
   *done = TRUE; /* unconditionally */
 
@@ -143,34 +149,35 @@ CURLcode Curl_dict(struct connectdata *conn, bool *done)
     /* AUTH is missing */
   }
 
-  if (strnequal(path, DICT_MATCH, sizeof(DICT_MATCH)-1) ||
-      strnequal(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) ||
-      strnequal(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) {
+  if(Curl_raw_nequal(path, DICT_MATCH, sizeof(DICT_MATCH)-1) ||
+      Curl_raw_nequal(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) ||
+      Curl_raw_nequal(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) {
 
     word = strchr(path, ':');
-    if (word) {
+    if(word) {
       word++;
       database = strchr(word, ':');
-      if (database) {
+      if(database) {
         *database++ = (char)0;
         strategy = strchr(database, ':');
-        if (strategy) {
+        if(strategy) {
           *strategy++ = (char)0;
           nthdef = strchr(strategy, ':');
-          if (nthdef) {
-            *nthdef++ = (char)0;
+          if(nthdef) {
+            *nthdef = (char)0;
           }
         }
       }
     }
 
-    if ((word == NULL) || (*word == (char)0)) {
-      failf(data, "lookup word is missing");
+    if((word == NULL) || (*word == (char)0)) {
+      infof(data, "lookup word is missing\n");
+      word=(char *)"default";
     }
-    if ((database == NULL) || (*database == (char)0)) {
+    if((database == NULL) || (*database == (char)0)) {
       database = (char *)"!";
     }
-    if ((strategy == NULL) || (*strategy == (char)0)) {
+    if((strategy == NULL) || (*strategy == (char)0)) {
       strategy = (char *)".";
     }
 
@@ -193,35 +200,35 @@ CURLcode Curl_dict(struct connectdata *conn, bool *done)
 
     free(eword);
 
-    if(result)
+    if(result) {
       failf(data, "Failed sending DICT request");
-    else
-      result = Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,
-                                   -1, NULL); /* no upload */
-    if(result)
       return result;
+    }
+    Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,
+                        -1, NULL); /* no upload */
   }
-  else if (strnequal(path, DICT_DEFINE, sizeof(DICT_DEFINE)-1) ||
-           strnequal(path, DICT_DEFINE2, sizeof(DICT_DEFINE2)-1) ||
-           strnequal(path, DICT_DEFINE3, sizeof(DICT_DEFINE3)-1)) {
+  else if(Curl_raw_nequal(path, DICT_DEFINE, sizeof(DICT_DEFINE)-1) ||
+           Curl_raw_nequal(path, DICT_DEFINE2, sizeof(DICT_DEFINE2)-1) ||
+           Curl_raw_nequal(path, DICT_DEFINE3, sizeof(DICT_DEFINE3)-1)) {
 
     word = strchr(path, ':');
-    if (word) {
+    if(word) {
       word++;
       database = strchr(word, ':');
-      if (database) {
+      if(database) {
         *database++ = (char)0;
         nthdef = strchr(database, ':');
-        if (nthdef) {
-          *nthdef++ = (char)0;
+        if(nthdef) {
+          *nthdef = (char)0;
         }
       }
     }
 
-    if ((word == NULL) || (*word == (char)0)) {
-      failf(data, "lookup word is missing");
+    if((word == NULL) || (*word == (char)0)) {
+      infof(data, "lookup word is missing\n");
+      word=(char *)"default";
     }
-    if ((database == NULL) || (*database == (char)0)) {
+    if((database == NULL) || (*database == (char)0)) {
       database = (char *)"!";
     }
 
@@ -240,38 +247,34 @@ CURLcode Curl_dict(struct connectdata *conn, bool *done)
 
     free(eword);
 
-    if(result)
+    if(result) {
       failf(data, "Failed sending DICT request");
-    else
-      result = Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,
-                                   -1, NULL); /* no upload */
-
-    if(result)
       return result;
-
+    }
+    Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,
+                        -1, NULL); /* no upload */
   }
   else {
 
     ppath = strchr(path, '/');
-    if (ppath) {
+    if(ppath) {
       int i;
 
       ppath++;
-      for (i = 0; ppath[i]; i++) {
-        if (ppath[i] == ':')
+      for(i = 0; ppath[i]; i++) {
+        if(ppath[i] == ':')
           ppath[i] = ' ';
       }
       result = Curl_sendf(sockfd, conn,
                           "CLIENT " LIBCURL_NAME " " LIBCURL_VERSION "\r\n"
                           "%s\r\n"
                           "QUIT\r\n", ppath);
-      if(result)
+      if(result) {
         failf(data, "Failed sending DICT request");
-      else
-        result = Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,
-                                     -1, NULL);
-      if(result)
         return result;
+      }
+
+      Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount, -1, NULL);
     }
   }
 
diff --git a/Utilities/cmcurl/dict.h b/Utilities/cmcurl/lib/dict.h
index d3da193..44fd9d4 100644
--- a/Utilities/cmcurl/dict.h
+++ b/Utilities/cmcurl/lib/dict.h
@@ -1,6 +1,5 @@
-#ifndef __DICT_H
-#define __DICT_H
-
+#ifndef HEADER_CURL_DICT_H
+#define HEADER_CURL_DICT_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -8,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,10 +20,10 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
+
 #ifndef CURL_DISABLE_DICT
-CURLcode Curl_dict(struct connectdata *conn, bool *done);
-CURLcode Curl_dict_done(struct connectdata *conn);
-#endif
+extern const struct Curl_handler Curl_handler_dict;
 #endif
+
+#endif /* HEADER_CURL_DICT_H */
diff --git a/Utilities/cmcurl/lib/dotdot.c b/Utilities/cmcurl/lib/dotdot.c
new file mode 100644
index 0000000..ae16941
--- /dev/null
+++ b/Utilities/cmcurl/lib/dotdot.c
@@ -0,0 +1,170 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "dotdot.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * "Remove Dot Segments"
+ * http://tools.ietf.org/html/rfc3986#section-5.2.4
+ */
+
+/*
+ * Curl_dedotdotify()
+ *
+ * This function gets a zero-terminated path with dot and dotdot sequences
+ * passed in and strips them off according to the rules in RFC 3986 section
+ * 5.2.4.
+ *
+ * The function handles a query part ('?' + stuff) appended but it expects
+ * that fragments ('#' + stuff) have already been cut off.
+ *
+ * RETURNS
+ *
+ * an allocated dedotdotified output string
+ */
+char *Curl_dedotdotify(const char *input)
+{
+  size_t inlen = strlen(input);
+  char *clone;
+  size_t clen = inlen; /* the length of the cloned input */
+  char *out = malloc(inlen+1);
+  char *outptr;
+  char *orgclone;
+  char *queryp;
+  if(!out)
+    return NULL; /* out of memory */
+
+  /* get a cloned copy of the input */
+  clone = strdup(input);
+  if(!clone) {
+    free(out);
+    return NULL;
+  }
+  orgclone = clone;
+  outptr = out;
+
+  /*
+   * To handle query-parts properly, we must find it and remove it during the
+   * dotdot-operation and then append it again at the end to the output
+   * string.
+   */
+  queryp = strchr(clone, '?');
+  if(queryp)
+    *queryp = 0;
+
+  do {
+
+    /*  A.  If the input buffer begins with a prefix of "../" or "./", then
+        remove that prefix from the input buffer; otherwise, */
+
+    if(!strncmp("./", clone, 2)) {
+      clone+=2;
+      clen-=2;
+    }
+    else if(!strncmp("../", clone, 3)) {
+      clone+=3;
+      clen-=3;
+    }
+
+    /*  B.  if the input buffer begins with a prefix of "/./" or "/.", where
+        "."  is a complete path segment, then replace that prefix with "/" in
+        the input buffer; otherwise, */
+    else if(!strncmp("/./", clone, 3)) {
+      clone+=2;
+      clen-=2;
+    }
+    else if(!strcmp("/.", clone)) {
+      clone[1]='/';
+      clone++;
+      clen-=1;
+    }
+
+    /*  C.  if the input buffer begins with a prefix of "/../" or "/..", where
+        ".." is a complete path segment, then replace that prefix with "/" in
+        the input buffer and remove the last segment and its preceding "/" (if
+        any) from the output buffer; otherwise, */
+
+    else if(!strncmp("/../", clone, 4)) {
+      clone+=3;
+      clen-=3;
+      /* remove the last segment from the output buffer */
+      while(outptr > out) {
+        outptr--;
+        if(*outptr == '/')
+          break;
+      }
+      *outptr = 0; /* zero-terminate where it stops */
+    }
+    else if(!strcmp("/..", clone)) {
+      clone[2]='/';
+      clone+=2;
+      clen-=2;
+      /* remove the last segment from the output buffer */
+      while(outptr > out) {
+        outptr--;
+        if(*outptr == '/')
+          break;
+      }
+      *outptr = 0; /* zero-terminate where it stops */
+    }
+
+    /*  D.  if the input buffer consists only of "." or "..", then remove
+        that from the input buffer; otherwise, */
+
+    else if(!strcmp(".", clone) || !strcmp("..", clone)) {
+      *clone=0;
+    }
+
+    else {
+      /*  E.  move the first path segment in the input buffer to the end of
+          the output buffer, including the initial "/" character (if any) and
+          any subsequent characters up to, but not including, the next "/"
+          character or the end of the input buffer. */
+
+      do {
+        *outptr++ = *clone++;
+        clen--;
+      } while(*clone && (*clone != '/'));
+      *outptr = 0;
+    }
+
+  } while(*clone);
+
+  if(queryp) {
+    size_t qlen;
+    /* There was a query part, append that to the output. The 'clone' string
+       may now have been altered so we copy from the original input string
+       from the correct index. */
+    size_t oindex = queryp - orgclone;
+    qlen = strlen(&input[oindex]);
+    memcpy(outptr, &input[oindex], qlen+1); /* include the ending zero byte */
+  }
+
+  free(orgclone);
+  return out;
+}
diff --git a/Utilities/cmcurl/parsedate.h b/Utilities/cmcurl/lib/dotdot.h
index b29fe9b..cd57822 100644
--- a/Utilities/cmcurl/parsedate.h
+++ b/Utilities/cmcurl/lib/dotdot.h
@@ -1,5 +1,5 @@
-#ifndef __PARSEDATE_H
-#define __PARSEDATE_H
+#ifndef HEADER_CURL_DOTDOT_H
+#define HEADER_CURL_DOTDOT_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,9 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-extern const char * const Curl_wkday[7];
-extern const char * const Curl_month[12];
-
+char *Curl_dedotdotify(const char *input);
 #endif
diff --git a/Utilities/cmcurl/lib/easy.c b/Utilities/cmcurl/lib/easy.c
new file mode 100644
index 0000000..160712e
--- /dev/null
+++ b/Utilities/cmcurl/lib/easy.c
@@ -0,0 +1,1182 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+/*
+ * See comment in curl_memory.h for the explanation of this sanity check.
+ */
+
+#ifdef CURLX_NO_MEMORY_CALLBACKS
+#error "libcurl shall not ever be built with CURLX_NO_MEMORY_CALLBACKS defined"
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#include "strequal.h"
+#include "urldata.h"
+#include <curl/curl.h>
+#include "transfer.h"
+#include "vtls/vtls.h"
+#include "url.h"
+#include "getinfo.h"
+#include "hostip.h"
+#include "share.h"
+#include "strdup.h"
+#include "curl_memory.h"
+#include "progress.h"
+#include "easyif.h"
+#include "select.h"
+#include "sendf.h" /* for failf function prototype */
+#include "curl_ntlm.h"
+#include "connect.h" /* for Curl_getconnectinfo */
+#include "slist.h"
+#include "amigaos.h"
+#include "non-ascii.h"
+#include "warnless.h"
+#include "conncache.h"
+#include "multiif.h"
+#include "sigpipe.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* win32_cleanup() is for win32 socket cleanup functionality, the opposite
+   of win32_init() */
+static void win32_cleanup(void)
+{
+#ifdef USE_WINSOCK
+  WSACleanup();
+#endif
+#ifdef USE_WINDOWS_SSPI
+  Curl_sspi_global_cleanup();
+#endif
+}
+
+/* win32_init() performs win32 socket initialization to properly setup the
+   stack to allow networking */
+static CURLcode win32_init(void)
+{
+#ifdef USE_WINSOCK
+  WORD wVersionRequested;
+  WSADATA wsaData;
+  int res;
+
+#if defined(ENABLE_IPV6) && (USE_WINSOCK < 2)
+  Error IPV6_requires_winsock2
+#endif
+
+  wVersionRequested = MAKEWORD(USE_WINSOCK, USE_WINSOCK);
+
+  res = WSAStartup(wVersionRequested, &wsaData);
+
+  if(res != 0)
+    /* Tell the user that we couldn't find a useable */
+    /* winsock.dll.     */
+    return CURLE_FAILED_INIT;
+
+  /* Confirm that the Windows Sockets DLL supports what we need.*/
+  /* Note that if the DLL supports versions greater */
+  /* than wVersionRequested, it will still return */
+  /* wVersionRequested in wVersion. wHighVersion contains the */
+  /* highest supported version. */
+
+  if(LOBYTE( wsaData.wVersion ) != LOBYTE(wVersionRequested) ||
+     HIBYTE( wsaData.wVersion ) != HIBYTE(wVersionRequested) ) {
+    /* Tell the user that we couldn't find a useable */
+
+    /* winsock.dll. */
+    WSACleanup();
+    return CURLE_FAILED_INIT;
+  }
+  /* The Windows Sockets DLL is acceptable. Proceed. */
+#elif defined(USE_LWIPSOCK)
+  lwip_init();
+#endif
+
+#ifdef USE_WINDOWS_SSPI
+  {
+    CURLcode err = Curl_sspi_global_init();
+    if(err != CURLE_OK)
+      return err;
+  }
+#endif
+
+  return CURLE_OK;
+}
+
+#ifdef USE_LIBIDN
+/*
+ * Initialise use of IDNA library.
+ * It falls back to ASCII if $CHARSET isn't defined. This doesn't work for
+ * idna_to_ascii_lz().
+ */
+static void idna_init (void)
+{
+#ifdef WIN32
+  char buf[60];
+  UINT cp = GetACP();
+
+  if(!getenv("CHARSET") && cp > 0) {
+    snprintf(buf, sizeof(buf), "CHARSET=cp%u", cp);
+    putenv(buf);
+  }
+#else
+  /* to do? */
+#endif
+}
+#endif  /* USE_LIBIDN */
+
+/* true globals -- for curl_global_init() and curl_global_cleanup() */
+static unsigned int  initialized;
+static long          init_flags;
+
+/*
+ * strdup (and other memory functions) is redefined in complicated
+ * ways, but at this point it must be defined as the system-supplied strdup
+ * so the callback pointer is initialized correctly.
+ */
+#if defined(_WIN32_WCE)
+#define system_strdup _strdup
+#elif !defined(HAVE_STRDUP)
+#define system_strdup curlx_strdup
+#else
+#define system_strdup strdup
+#endif
+
+#if defined(_MSC_VER) && defined(_DLL) && !defined(__POCC__)
+#  pragma warning(disable:4232) /* MSVC extension, dllimport identity */
+#endif
+
+#ifndef __SYMBIAN32__
+/*
+ * If a memory-using function (like curl_getenv) is used before
+ * curl_global_init() is called, we need to have these pointers set already.
+ */
+curl_malloc_callback Curl_cmalloc = (curl_malloc_callback)malloc;
+curl_free_callback Curl_cfree = (curl_free_callback)free;
+curl_realloc_callback Curl_crealloc = (curl_realloc_callback)realloc;
+curl_strdup_callback Curl_cstrdup = (curl_strdup_callback)system_strdup;
+curl_calloc_callback Curl_ccalloc = (curl_calloc_callback)calloc;
+#if defined(WIN32) && defined(UNICODE)
+curl_wcsdup_callback Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup;
+#endif
+#else
+/*
+ * Symbian OS doesn't support initialization to code in writeable static data.
+ * Initialization will occur in the curl_global_init() call.
+ */
+curl_malloc_callback Curl_cmalloc;
+curl_free_callback Curl_cfree;
+curl_realloc_callback Curl_crealloc;
+curl_strdup_callback Curl_cstrdup;
+curl_calloc_callback Curl_ccalloc;
+#endif
+
+#if defined(_MSC_VER) && defined(_DLL) && !defined(__POCC__)
+#  pragma warning(default:4232) /* MSVC extension, dllimport identity */
+#endif
+
+/**
+ * curl_global_init() globally initializes cURL given a bitwise set of the
+ * different features of what to initialize.
+ */
+CURLcode curl_global_init(long flags)
+{
+  if(initialized++)
+    return CURLE_OK;
+
+  /* Setup the default memory functions here (again) */
+  Curl_cmalloc = (curl_malloc_callback)malloc;
+  Curl_cfree = (curl_free_callback)free;
+  Curl_crealloc = (curl_realloc_callback)realloc;
+  Curl_cstrdup = (curl_strdup_callback)system_strdup;
+  Curl_ccalloc = (curl_calloc_callback)calloc;
+#if defined(WIN32) && defined(UNICODE)
+  Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup;
+#endif
+
+  if(flags & CURL_GLOBAL_SSL)
+    if(!Curl_ssl_init()) {
+      DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
+      return CURLE_FAILED_INIT;
+    }
+
+  if(flags & CURL_GLOBAL_WIN32)
+    if(win32_init() != CURLE_OK) {
+      DEBUGF(fprintf(stderr, "Error: win32_init failed\n"));
+      return CURLE_FAILED_INIT;
+    }
+
+#ifdef __AMIGA__
+  if(!Curl_amiga_init()) {
+    DEBUGF(fprintf(stderr, "Error: Curl_amiga_init failed\n"));
+    return CURLE_FAILED_INIT;
+  }
+#endif
+
+#ifdef NETWARE
+  if(netware_init()) {
+    DEBUGF(fprintf(stderr, "Warning: LONG namespace not available\n"));
+  }
+#endif
+
+#ifdef USE_LIBIDN
+  idna_init();
+#endif
+
+  if(Curl_resolver_global_init() != CURLE_OK) {
+    DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n"));
+    return CURLE_FAILED_INIT;
+  }
+
+#if defined(USE_LIBSSH2) && defined(HAVE_LIBSSH2_INIT)
+  if(libssh2_init(0)) {
+    DEBUGF(fprintf(stderr, "Error: libssh2_init failed\n"));
+    return CURLE_FAILED_INIT;
+  }
+#endif
+
+  if(flags & CURL_GLOBAL_ACK_EINTR)
+    Curl_ack_eintr = 1;
+
+  init_flags  = flags;
+
+  return CURLE_OK;
+}
+
+/*
+ * curl_global_init_mem() globally initializes cURL and also registers the
+ * user provided callback routines.
+ */
+CURLcode curl_global_init_mem(long flags, curl_malloc_callback m,
+                              curl_free_callback f, curl_realloc_callback r,
+                              curl_strdup_callback s, curl_calloc_callback c)
+{
+  CURLcode code = CURLE_OK;
+
+  /* Invalid input, return immediately */
+  if(!m || !f || !r || !s || !c)
+    return CURLE_FAILED_INIT;
+
+  if(initialized) {
+    /* Already initialized, don't do it again, but bump the variable anyway to
+       work like curl_global_init() and require the same amount of cleanup
+       calls. */
+    initialized++;
+    return CURLE_OK;
+  }
+
+  /* Call the actual init function first */
+  code = curl_global_init(flags);
+  if(code == CURLE_OK) {
+    Curl_cmalloc = m;
+    Curl_cfree = f;
+    Curl_cstrdup = s;
+    Curl_crealloc = r;
+    Curl_ccalloc = c;
+  }
+
+  return code;
+}
+
+/**
+ * curl_global_cleanup() globally cleanups cURL, uses the value of
+ * "init_flags" to determine what needs to be cleaned up and what doesn't.
+ */
+void curl_global_cleanup(void)
+{
+  if(!initialized)
+    return;
+
+  if(--initialized)
+    return;
+
+  Curl_global_host_cache_dtor();
+
+  if(init_flags & CURL_GLOBAL_SSL)
+    Curl_ssl_cleanup();
+
+  Curl_resolver_global_cleanup();
+
+  if(init_flags & CURL_GLOBAL_WIN32)
+    win32_cleanup();
+
+  Curl_amiga_cleanup();
+
+#if defined(USE_LIBSSH2) && defined(HAVE_LIBSSH2_EXIT)
+  (void)libssh2_exit();
+#endif
+
+  init_flags  = 0;
+}
+
+/*
+ * curl_easy_init() is the external interface to alloc, setup and init an
+ * easy handle that is returned. If anything goes wrong, NULL is returned.
+ */
+CURL *curl_easy_init(void)
+{
+  CURLcode res;
+  struct SessionHandle *data;
+
+  /* Make sure we inited the global SSL stuff */
+  if(!initialized) {
+    res = curl_global_init(CURL_GLOBAL_DEFAULT);
+    if(res) {
+      /* something in the global init failed, return nothing */
+      DEBUGF(fprintf(stderr, "Error: curl_global_init failed\n"));
+      return NULL;
+    }
+  }
+
+  /* We use curl_open() with undefined URL so far */
+  res = Curl_open(&data);
+  if(res != CURLE_OK) {
+    DEBUGF(fprintf(stderr, "Error: Curl_open failed\n"));
+    return NULL;
+  }
+
+  return data;
+}
+
+/*
+ * curl_easy_setopt() is the external interface for setting options on an
+ * easy handle.
+ */
+
+#undef curl_easy_setopt
+CURLcode curl_easy_setopt(CURL *curl, CURLoption tag, ...)
+{
+  va_list arg;
+  struct SessionHandle *data = curl;
+  CURLcode ret;
+
+  if(!curl)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+
+  va_start(arg, tag);
+
+  ret = Curl_setopt(data, tag, arg);
+
+  va_end(arg);
+  return ret;
+}
+
+#ifdef CURLDEBUG
+
+struct socketmonitor {
+  struct socketmonitor *next; /* the next node in the list or NULL */
+  struct pollfd socket; /* socket info of what to monitor */
+};
+
+struct events {
+  long ms;              /* timeout, run the timeout function when reached */
+  bool msbump;          /* set TRUE when timeout is set by callback */
+  int num_sockets;      /* number of nodes in the monitor list */
+  struct socketmonitor *list; /* list of sockets to monitor */
+  int running_handles;  /* store the returned number */
+};
+
+/* events_timer
+ *
+ * Callback that gets called with a new value when the timeout should be
+ * updated.
+ */
+
+static int events_timer(CURLM *multi,    /* multi handle */
+                        long timeout_ms, /* see above */
+                        void *userp)    /* private callback pointer */
+{
+  struct events *ev = userp;
+  (void)multi;
+  if(timeout_ms == -1)
+    /* timeout removed */
+    timeout_ms = 0;
+  else if(timeout_ms == 0)
+    /* timeout is already reached! */
+    timeout_ms = 1; /* trigger asap */
+
+  ev->ms = timeout_ms;
+  ev->msbump = TRUE;
+  return 0;
+}
+
+
+/* poll2cselect
+ *
+ * convert from poll() bit definitions to libcurl's CURL_CSELECT_* ones
+ */
+static int poll2cselect(int pollmask)
+{
+  int omask=0;
+  if(pollmask & POLLIN)
+    omask |= CURL_CSELECT_IN;
+  if(pollmask & POLLOUT)
+    omask |= CURL_CSELECT_OUT;
+  if(pollmask & POLLERR)
+    omask |= CURL_CSELECT_ERR;
+  return omask;
+}
+
+
+/* socketcb2poll
+ *
+ * convert from libcurl' CURL_POLL_* bit definitions to poll()'s
+ */
+static short socketcb2poll(int pollmask)
+{
+  short omask=0;
+  if(pollmask & CURL_POLL_IN)
+    omask |= POLLIN;
+  if(pollmask & CURL_POLL_OUT)
+    omask |= POLLOUT;
+  return omask;
+}
+
+/* events_socket
+ *
+ * Callback that gets called with information about socket activity to
+ * monitor.
+ */
+static int events_socket(CURL *easy,      /* easy handle */
+                         curl_socket_t s, /* socket */
+                         int what,        /* see above */
+                         void *userp,     /* private callback
+                                             pointer */
+                         void *socketp)   /* private socket
+                                             pointer */
+{
+  struct events *ev = userp;
+  struct socketmonitor *m;
+  struct socketmonitor *prev=NULL;
+  (void)socketp;
+
+  m = ev->list;
+  while(m) {
+    if(m->socket.fd == s) {
+
+      if(what == CURL_POLL_REMOVE) {
+        struct socketmonitor *nxt = m->next;
+        /* remove this node from the list of monitored sockets */
+        if(prev)
+          prev->next = nxt;
+        else
+          ev->list = nxt;
+        free(m);
+        m = nxt;
+        infof(easy, "socket cb: socket %d REMOVED\n", s);
+      }
+      else {
+        /* The socket 's' is already being monitored, update the activity
+           mask. Convert from libcurl bitmask to the poll one. */
+        m->socket.events = socketcb2poll(what);
+        infof(easy, "socket cb: socket %d UPDATED as %s%s\n", s,
+              what&CURL_POLL_IN?"IN":"",
+              what&CURL_POLL_OUT?"OUT":"");
+      }
+      break;
+    }
+    prev = m;
+    m = m->next; /* move to next node */
+  }
+  if(!m) {
+    if(what == CURL_POLL_REMOVE) {
+      /* this happens a bit too often, libcurl fix perhaps? */
+      /* fprintf(stderr,
+         "%s: socket %d asked to be REMOVED but not present!\n",
+                 __func__, s); */
+    }
+    else {
+      m = malloc(sizeof(struct socketmonitor));
+      m->next = ev->list;
+      m->socket.fd = s;
+      m->socket.events = socketcb2poll(what);
+      m->socket.revents = 0;
+      ev->list = m;
+      infof(easy, "socket cb: socket %d ADDED as %s%s\n", s,
+            what&CURL_POLL_IN?"IN":"",
+            what&CURL_POLL_OUT?"OUT":"");
+    }
+  }
+
+  return 0;
+}
+
+
+/*
+ * events_setup()
+ *
+ * Do the multi handle setups that only event-based transfers need.
+ */
+static void events_setup(CURLM *multi, struct events *ev)
+{
+  /* timer callback */
+  curl_multi_setopt(multi, CURLMOPT_TIMERFUNCTION, events_timer);
+  curl_multi_setopt(multi, CURLMOPT_TIMERDATA, ev);
+
+  /* socket callback */
+  curl_multi_setopt(multi, CURLMOPT_SOCKETFUNCTION, events_socket);
+  curl_multi_setopt(multi, CURLMOPT_SOCKETDATA, ev);
+}
+
+
+/* wait_or_timeout()
+ *
+ * waits for activity on any of the given sockets, or the timeout to trigger.
+ */
+
+static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev)
+{
+  bool done = FALSE;
+  CURLMcode mcode;
+  CURLcode rc = CURLE_OK;
+
+  while(!done) {
+    CURLMsg *msg;
+    struct socketmonitor *m;
+    struct pollfd *f;
+    struct pollfd fds[4];
+    int numfds=0;
+    int pollrc;
+    int i;
+    struct timeval before;
+    struct timeval after;
+
+    /* populate the fds[] array */
+    for(m = ev->list, f=&fds[0]; m; m = m->next) {
+      f->fd = m->socket.fd;
+      f->events = m->socket.events;
+      f->revents = 0;
+      /* fprintf(stderr, "poll() %d check socket %d\n", numfds, f->fd); */
+      f++;
+      numfds++;
+    }
+
+    /* get the time stamp to use to figure out how long poll takes */
+    before = curlx_tvnow();
+
+    /* wait for activity or timeout */
+    pollrc = Curl_poll(fds, numfds, (int)ev->ms);
+
+    after = curlx_tvnow();
+
+    ev->msbump = FALSE; /* reset here */
+
+    if(0 == pollrc) {
+      /* timeout! */
+      ev->ms = 0;
+      /* fprintf(stderr, "call curl_multi_socket_action( TIMEOUT )\n"); */
+      mcode = curl_multi_socket_action(multi, CURL_SOCKET_TIMEOUT, 0,
+                                       &ev->running_handles);
+    }
+    else if(pollrc > 0) {
+      /* loop over the monitored sockets to see which ones had activity */
+      for(i = 0; i< numfds; i++) {
+        if(fds[i].revents) {
+          /* socket activity, tell libcurl */
+          int act = poll2cselect(fds[i].revents); /* convert */
+          infof(multi->easyp, "call curl_multi_socket_action( socket %d )\n",
+                fds[i].fd);
+          mcode = curl_multi_socket_action(multi, fds[i].fd, act,
+                                           &ev->running_handles);
+        }
+      }
+
+      if(!ev->msbump)
+        /* If nothing updated the timeout, we decrease it by the spent time.
+         * If it was updated, it has the new timeout time stored already.
+         */
+        ev->ms += curlx_tvdiff(after, before);
+
+    }
+    if(mcode)
+      return CURLE_URL_MALFORMAT; /* TODO: return a proper error! */
+
+    /* we don't really care about the "msgs_in_queue" value returned in the
+       second argument */
+    msg = curl_multi_info_read(multi, &pollrc);
+    if(msg) {
+      rc = msg->data.result;
+      done = TRUE;
+    }
+  }
+
+  return rc;
+}
+
+
+/* easy_events()
+ *
+ * Runs a transfer in a blocking manner using the events-based API
+ */
+static CURLcode easy_events(CURLM *multi)
+{
+  struct events evs= {2, FALSE, 0, NULL, 0};
+
+  /* if running event-based, do some further multi inits */
+  events_setup(multi, &evs);
+
+  return wait_or_timeout(multi, &evs);
+}
+#else /* CURLDEBUG */
+/* when not built with debug, this function doesn't exist */
+#define easy_events(x) CURLE_NOT_BUILT_IN
+#endif
+
+static CURLcode easy_transfer(CURLM *multi)
+{
+  bool done = FALSE;
+  CURLMcode mcode = CURLM_OK;
+  CURLcode code = CURLE_OK;
+  struct timeval before;
+  int without_fds = 0;  /* count number of consecutive returns from
+                           curl_multi_wait() without any filedescriptors */
+
+  while(!done && !mcode) {
+    int still_running = 0;
+    int ret;
+
+    before = curlx_tvnow();
+    mcode = curl_multi_wait(multi, NULL, 0, 1000, &ret);
+
+    if(mcode == CURLM_OK) {
+      if(ret == -1) {
+        /* poll() failed not on EINTR, indicate a network problem */
+        code = CURLE_RECV_ERROR;
+        break;
+      }
+      else if(ret == 0) {
+        struct timeval after = curlx_tvnow();
+        /* If it returns without any filedescriptor instantly, we need to
+           avoid busy-looping during periods where it has nothing particular
+           to wait for */
+        if(curlx_tvdiff(after, before) <= 10) {
+          without_fds++;
+          if(without_fds > 2) {
+            int sleep_ms = without_fds < 10 ? (1 << (without_fds-1)): 1000;
+            Curl_wait_ms(sleep_ms);
+          }
+        }
+        else
+          /* it wasn't "instant", restart counter */
+          without_fds = 0;
+      }
+      else
+        /* got file descriptor, restart counter */
+        without_fds = 0;
+
+      mcode = curl_multi_perform(multi, &still_running);
+    }
+
+    /* only read 'still_running' if curl_multi_perform() return OK */
+    if((mcode == CURLM_OK) && !still_running) {
+      int rc;
+      CURLMsg *msg = curl_multi_info_read(multi, &rc);
+      if(msg) {
+        code = msg->data.result;
+        done = TRUE;
+      }
+    }
+  }
+
+  /* Make sure to return some kind of error if there was a multi problem */
+  if(mcode) {
+    return (mcode == CURLM_OUT_OF_MEMORY) ? CURLE_OUT_OF_MEMORY :
+            /* The other multi errors should never happen, so return
+               something suitably generic */
+            CURLE_BAD_FUNCTION_ARGUMENT;
+  }
+
+  return code;
+}
+
+
+/*
+ * easy_perform() is the external interface that performs a blocking
+ * transfer as previously setup.
+ *
+ * CONCEPT: This function creates a multi handle, adds the easy handle to it,
+ * runs curl_multi_perform() until the transfer is done, then detaches the
+ * easy handle, destroys the multi handle and returns the easy handle's return
+ * code.
+ *
+ * REALITY: it can't just create and destroy the multi handle that easily. It
+ * needs to keep it around since if this easy handle is used again by this
+ * function, the same multi handle must be re-used so that the same pools and
+ * caches can be used.
+ *
+ * DEBUG: if 'events' is set TRUE, this function will use a replacement engine
+ * instead of curl_multi_perform() and use curl_multi_socket_action().
+ */
+static CURLcode easy_perform(struct SessionHandle *data, bool events)
+{
+  CURLM *multi;
+  CURLMcode mcode;
+  CURLcode code = CURLE_OK;
+  SIGPIPE_VARIABLE(pipe_st);
+
+  if(!data)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+
+  if(data->multi) {
+    failf(data, "easy handle already used in multi handle");
+    return CURLE_FAILED_INIT;
+  }
+
+  if(data->multi_easy)
+    multi = data->multi_easy;
+  else {
+    /* this multi handle will only ever have a single easy handled attached
+       to it, so make it use minimal hashes */
+    multi = Curl_multi_handle(1, 3);
+    if(!multi)
+      return CURLE_OUT_OF_MEMORY;
+    data->multi_easy = multi;
+  }
+
+  /* Copy the MAXCONNECTS option to the multi handle */
+  curl_multi_setopt(multi, CURLMOPT_MAXCONNECTS, data->set.maxconnects);
+
+  mcode = curl_multi_add_handle(multi, data);
+  if(mcode) {
+    curl_multi_cleanup(multi);
+    if(mcode == CURLM_OUT_OF_MEMORY)
+      return CURLE_OUT_OF_MEMORY;
+    else
+      return CURLE_FAILED_INIT;
+  }
+
+  sigpipe_ignore(data, &pipe_st);
+
+  /* assign this after curl_multi_add_handle() since that function checks for
+     it and rejects this handle otherwise */
+  data->multi = multi;
+
+  /* run the transfer */
+  code = events ? easy_events(multi) : easy_transfer(multi);
+
+  /* ignoring the return code isn't nice, but atm we can't really handle
+     a failure here, room for future improvement! */
+  (void)curl_multi_remove_handle(multi, data);
+
+  sigpipe_restore(&pipe_st);
+
+  /* The multi handle is kept alive, owned by the easy handle */
+  return code;
+}
+
+
+/*
+ * curl_easy_perform() is the external interface that performs a blocking
+ * transfer as previously setup.
+ */
+CURLcode curl_easy_perform(CURL *easy)
+{
+  return easy_perform(easy, FALSE);
+}
+
+#ifdef CURLDEBUG
+/*
+ * curl_easy_perform_ev() is the external interface that performs a blocking
+ * transfer using the event-based API internally.
+ */
+CURLcode curl_easy_perform_ev(CURL *easy)
+{
+  return easy_perform(easy, TRUE);
+}
+
+#endif
+
+/*
+ * curl_easy_cleanup() is the external interface to cleaning/freeing the given
+ * easy handle.
+ */
+void curl_easy_cleanup(CURL *curl)
+{
+  struct SessionHandle *data = (struct SessionHandle *)curl;
+  SIGPIPE_VARIABLE(pipe_st);
+
+  if(!data)
+    return;
+
+  sigpipe_ignore(data, &pipe_st);
+  Curl_close(data);
+  sigpipe_restore(&pipe_st);
+}
+
+/*
+ * curl_easy_getinfo() is an external interface that allows an app to retrieve
+ * information from a performed transfer and similar.
+ */
+#undef curl_easy_getinfo
+CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...)
+{
+  va_list arg;
+  void *paramp;
+  CURLcode ret;
+  struct SessionHandle *data = (struct SessionHandle *)curl;
+
+  va_start(arg, info);
+  paramp = va_arg(arg, void *);
+
+  ret = Curl_getinfo(data, info, paramp);
+
+  va_end(arg);
+  return ret;
+}
+
+/*
+ * curl_easy_duphandle() is an external interface to allow duplication of a
+ * given input easy handle. The returned handle will be a new working handle
+ * with all options set exactly as the input source handle.
+ */
+CURL *curl_easy_duphandle(CURL *incurl)
+{
+  struct SessionHandle *data=(struct SessionHandle *)incurl;
+
+  struct SessionHandle *outcurl = calloc(1, sizeof(struct SessionHandle));
+  if(NULL == outcurl)
+    goto fail;
+
+  /*
+   * We setup a few buffers we need. We should probably make them
+   * get setup on-demand in the code, as that would probably decrease
+   * the likeliness of us forgetting to init a buffer here in the future.
+   */
+  outcurl->state.headerbuff = malloc(HEADERSIZE);
+  if(!outcurl->state.headerbuff)
+    goto fail;
+  outcurl->state.headersize = HEADERSIZE;
+
+  /* copy all userdefined values */
+  if(Curl_dupset(outcurl, data) != CURLE_OK)
+    goto fail;
+
+  /* the connection cache is setup on demand */
+  outcurl->state.conn_cache = NULL;
+
+  outcurl->state.lastconnect = NULL;
+
+  outcurl->progress.flags    = data->progress.flags;
+  outcurl->progress.callback = data->progress.callback;
+
+  if(data->cookies) {
+    /* If cookies are enabled in the parent handle, we enable them
+       in the clone as well! */
+    outcurl->cookies = Curl_cookie_init(data,
+                                        data->cookies->filename,
+                                        outcurl->cookies,
+                                        data->set.cookiesession);
+    if(!outcurl->cookies)
+      goto fail;
+  }
+
+  /* duplicate all values in 'change' */
+  if(data->change.cookielist) {
+    outcurl->change.cookielist =
+      Curl_slist_duplicate(data->change.cookielist);
+    if(!outcurl->change.cookielist)
+      goto fail;
+  }
+
+  if(data->change.url) {
+    outcurl->change.url = strdup(data->change.url);
+    if(!outcurl->change.url)
+      goto fail;
+    outcurl->change.url_alloc = TRUE;
+  }
+
+  if(data->change.referer) {
+    outcurl->change.referer = strdup(data->change.referer);
+    if(!outcurl->change.referer)
+      goto fail;
+    outcurl->change.referer_alloc = TRUE;
+  }
+
+  /* Clone the resolver handle, if present, for the new handle */
+  if(Curl_resolver_duphandle(&outcurl->state.resolver,
+                             data->state.resolver) != CURLE_OK)
+    goto fail;
+
+  Curl_convert_setup(outcurl);
+
+  outcurl->magic = CURLEASY_MAGIC_NUMBER;
+
+  /* we reach this point and thus we are OK */
+
+  return outcurl;
+
+  fail:
+
+  if(outcurl) {
+    curl_slist_free_all(outcurl->change.cookielist);
+    outcurl->change.cookielist = NULL;
+    Curl_safefree(outcurl->state.headerbuff);
+    Curl_safefree(outcurl->change.url);
+    Curl_safefree(outcurl->change.referer);
+    Curl_freeset(outcurl);
+    free(outcurl);
+  }
+
+  return NULL;
+}
+
+/*
+ * curl_easy_reset() is an external interface that allows an app to re-
+ * initialize a session handle to the default values.
+ */
+void curl_easy_reset(CURL *curl)
+{
+  struct SessionHandle *data = (struct SessionHandle *)curl;
+
+  Curl_safefree(data->state.pathbuffer);
+
+  data->state.path = NULL;
+
+  Curl_free_request_state(data);
+
+  /* zero out UserDefined data: */
+  Curl_freeset(data);
+  memset(&data->set, 0, sizeof(struct UserDefined));
+  (void)Curl_init_userdefined(&data->set);
+
+  /* zero out Progress data: */
+  memset(&data->progress, 0, sizeof(struct Progress));
+
+  data->progress.flags |= PGRS_HIDE;
+  data->state.current_speed = -1; /* init to negative == impossible */
+}
+
+/*
+ * curl_easy_pause() allows an application to pause or unpause a specific
+ * transfer and direction. This function sets the full new state for the
+ * current connection this easy handle operates on.
+ *
+ * NOTE: if you have the receiving paused and you call this function to remove
+ * the pausing, you may get your write callback called at this point.
+ *
+ * Action is a bitmask consisting of CURLPAUSE_* bits in curl/curl.h
+ */
+CURLcode curl_easy_pause(CURL *curl, int action)
+{
+  struct SessionHandle *data = (struct SessionHandle *)curl;
+  struct SingleRequest *k = &data->req;
+  CURLcode result = CURLE_OK;
+
+  /* first switch off both pause bits */
+  int newstate = k->keepon &~ (KEEP_RECV_PAUSE| KEEP_SEND_PAUSE);
+
+  /* set the new desired pause bits */
+  newstate |= ((action & CURLPAUSE_RECV)?KEEP_RECV_PAUSE:0) |
+    ((action & CURLPAUSE_SEND)?KEEP_SEND_PAUSE:0);
+
+  /* put it back in the keepon */
+  k->keepon = newstate;
+
+  if(!(newstate & KEEP_RECV_PAUSE) && data->state.tempwrite) {
+    /* we have a buffer for sending that we now seem to be able to deliver
+       since the receive pausing is lifted! */
+
+    /* get the pointer, type and length in local copies since the function may
+       return PAUSE again and then we'll get a new copy allocted and stored in
+       the tempwrite variables */
+    char *tempwrite = data->state.tempwrite;
+    char *freewrite = tempwrite; /* store this pointer to free it later */
+    size_t tempsize = data->state.tempwritesize;
+    int temptype = data->state.tempwritetype;
+    size_t chunklen;
+
+    /* clear tempwrite here just to make sure it gets cleared if there's no
+       further use of it, and make sure we don't clear it after the function
+       invoke as it may have been set to a new value by then */
+    data->state.tempwrite = NULL;
+
+    /* since the write callback API is define to never exceed
+       CURL_MAX_WRITE_SIZE bytes in a single call, and since we may in fact
+       have more data than that in our buffer here, we must loop sending the
+       data in multiple calls until there's no data left or we get another
+       pause returned.
+
+       A tricky part is that the function we call will "buffer" the data
+       itself when it pauses on a particular buffer, so we may need to do some
+       extra trickery if we get a pause return here.
+    */
+    do {
+      chunklen = (tempsize > CURL_MAX_WRITE_SIZE)?CURL_MAX_WRITE_SIZE:tempsize;
+
+      result = Curl_client_write(data->easy_conn,
+                                 temptype, tempwrite, chunklen);
+      if(result)
+        /* failures abort the loop at once */
+        break;
+
+      if(data->state.tempwrite && (tempsize - chunklen)) {
+        /* Ouch, the reading is again paused and the block we send is now
+           "cached". If this is the final chunk we can leave it like this, but
+           if we have more chunks that are cached after this, we need to free
+           the newly cached one and put back a version that is truly the entire
+           contents that is saved for later
+        */
+        char *newptr;
+
+        /* note that tempsize is still the size as before the callback was
+           used, and thus the whole piece of data to keep */
+        newptr = realloc(data->state.tempwrite, tempsize);
+
+        if(!newptr) {
+          free(data->state.tempwrite); /* free old area */
+          data->state.tempwrite = NULL;
+          result = CURLE_OUT_OF_MEMORY;
+          /* tempwrite will be freed further down */
+          break;
+        }
+        data->state.tempwrite = newptr; /* store new pointer */
+        memcpy(newptr, tempwrite, tempsize);
+        data->state.tempwritesize = tempsize; /* store new size */
+        /* tempwrite will be freed further down */
+        break; /* go back to pausing until further notice */
+      }
+      else {
+        tempsize -= chunklen;  /* left after the call above */
+        tempwrite += chunklen; /* advance the pointer */
+      }
+
+    } while((result == CURLE_OK) && tempsize);
+
+    free(freewrite); /* this is unconditionally no longer used */
+  }
+
+  /* if there's no error and we're not pausing both directions, we want
+     to have this handle checked soon */
+  if(!result &&
+     ((newstate&(KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) !=
+      (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) )
+    Curl_expire(data, 1); /* get this handle going again */
+
+  return result;
+}
+
+
+static CURLcode easy_connection(struct SessionHandle *data,
+                                curl_socket_t *sfd,
+                                struct connectdata **connp)
+{
+  if(data == NULL)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+
+  /* only allow these to be called on handles with CURLOPT_CONNECT_ONLY */
+  if(!data->set.connect_only) {
+    failf(data, "CONNECT_ONLY is required!");
+    return CURLE_UNSUPPORTED_PROTOCOL;
+  }
+
+  *sfd = Curl_getconnectinfo(data, connp);
+
+  if(*sfd == CURL_SOCKET_BAD) {
+    failf(data, "Failed to get recent socket");
+    return CURLE_UNSUPPORTED_PROTOCOL;
+  }
+
+  return CURLE_OK;
+}
+
+/*
+ * Receives data from the connected socket. Use after successful
+ * curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
+ * Returns CURLE_OK on success, error code on error.
+ */
+CURLcode curl_easy_recv(CURL *curl, void *buffer, size_t buflen, size_t *n)
+{
+  curl_socket_t sfd;
+  CURLcode ret;
+  ssize_t n1;
+  struct connectdata *c;
+  struct SessionHandle *data = (struct SessionHandle *)curl;
+
+  ret = easy_connection(data, &sfd, &c);
+  if(ret)
+    return ret;
+
+  *n = 0;
+  ret = Curl_read(c, sfd, buffer, buflen, &n1);
+
+  if(ret != CURLE_OK)
+    return ret;
+
+  *n = (size_t)n1;
+
+  return CURLE_OK;
+}
+
+/*
+ * Sends data over the connected socket. Use after successful
+ * curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
+ */
+CURLcode curl_easy_send(CURL *curl, const void *buffer, size_t buflen,
+                        size_t *n)
+{
+  curl_socket_t sfd;
+  CURLcode ret;
+  ssize_t n1;
+  struct connectdata *c = NULL;
+  struct SessionHandle *data = (struct SessionHandle *)curl;
+
+  ret = easy_connection(data, &sfd, &c);
+  if(ret)
+    return ret;
+
+  *n = 0;
+  ret = Curl_write(c, sfd, buffer, buflen, &n1);
+
+  if(n1 == -1)
+    return CURLE_SEND_ERROR;
+
+  /* detect EAGAIN */
+  if((CURLE_OK == ret) && (0 == n1))
+    return CURLE_AGAIN;
+
+  *n = (size_t)n1;
+
+  return ret;
+}
diff --git a/Utilities/cmcurl/lib/easyif.h b/Utilities/cmcurl/lib/easyif.h
new file mode 100644
index 0000000..043ff43
--- /dev/null
+++ b/Utilities/cmcurl/lib/easyif.h
@@ -0,0 +1,33 @@
+#ifndef HEADER_CURL_EASYIF_H
+#define HEADER_CURL_EASYIF_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Prototypes for library-wide functions provided by easy.c
+ */
+#ifdef CURLDEBUG
+CURL_EXTERN CURLcode curl_easy_perform_ev(CURL *easy);
+#endif
+
+#endif /* HEADER_CURL_EASYIF_H */
+
diff --git a/Utilities/cmcurl/escape.c b/Utilities/cmcurl/lib/escape.c
index 9552b0f..d7f8a8f 100644
--- a/Utilities/cmcurl/escape.c
+++ b/Utilities/cmcurl/lib/escape.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,23 +18,20 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 /* Escape and unescape URL encoding in strings. The functions return a new
  * allocated string or NULL if an error occurred.  */
 
-#include "setup.h"
-#include <ctype.h>
+#include "curl_setup.h"
+
 #include <curl/curl.h>
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "memory.h"
-/* urldata.h and easyif.h are included for Curl_convert_... prototypes */
+#include "curl_memory.h"
 #include "urldata.h"
-#include "easyif.h"
+#include "warnless.h"
+#include "non-ascii.h"
+#include "escape.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -42,6 +39,33 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
+/* Portable character check (remember EBCDIC). Do not use isalnum() because
+   its behavior is altered by the current locale.
+   See http://tools.ietf.org/html/rfc3986#section-2.3
+*/
+static bool Curl_isunreserved(unsigned char in)
+{
+  switch (in) {
+    case '0': case '1': case '2': case '3': case '4':
+    case '5': case '6': case '7': case '8': case '9':
+    case 'a': case 'b': case 'c': case 'd': case 'e':
+    case 'f': case 'g': case 'h': case 'i': case 'j':
+    case 'k': case 'l': case 'm': case 'n': case 'o':
+    case 'p': case 'q': case 'r': case 's': case 't':
+    case 'u': case 'v': case 'w': case 'x': case 'y': case 'z':
+    case 'A': case 'B': case 'C': case 'D': case 'E':
+    case 'F': case 'G': case 'H': case 'I': case 'J':
+    case 'K': case 'L': case 'M': case 'N': case 'O':
+    case 'P': case 'Q': case 'R': case 'S': case 'T':
+    case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z':
+    case '-': case '.': case '_': case '~':
+      return TRUE;
+    default:
+      break;
+  }
+  return FALSE;
+}
+
 /* for ABI-compatibility with previous versions */
 char *curl_escape(const char *string, int inlength)
 {
@@ -59,15 +83,12 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
   size_t alloc = (inlength?(size_t)inlength:strlen(string))+1;
   char *ns;
   char *testing_ptr = NULL;
-  unsigned char in;
+  unsigned char in; /* we need to treat the characters unsigned */
   size_t newlen = alloc;
-  int strindex=0;
+  size_t strindex=0;
   size_t length;
+  CURLcode res;
 
-#ifndef CURL_DOES_CONVERSIONS
-  /* avoid compiler warnings */
-  (void)handle;
-#endif
   ns = malloc(alloc);
   if(!ns)
     return NULL;
@@ -75,9 +96,11 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
   length = alloc-1;
   while(length--) {
     in = *string;
-    if(!(in >= 'a' && in <= 'z') &&
-       !(in >= 'A' && in <= 'Z') &&
-       !(in >= '0' && in <= '9')) {
+
+    if(Curl_isunreserved(in))
+      /* just copy this */
+      ns[strindex++]=in;
+    else {
       /* encode it */
       newlen += 2; /* the size grows with two, since this'll become a %XX */
       if(newlen > alloc) {
@@ -92,49 +115,52 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
         }
       }
 
-#ifdef CURL_DOES_CONVERSIONS
-/* escape sequences are always in ASCII so convert them on non-ASCII hosts */
-      if (!handle ||
-          (Curl_convert_to_network(handle, &in, 1) != CURLE_OK)) {
+      res = Curl_convert_to_network(handle, &in, 1);
+      if(res) {
         /* Curl_convert_to_network calls failf if unsuccessful */
         free(ns);
         return NULL;
       }
-#endif /* CURL_DOES_CONVERSIONS */
 
       snprintf(&ns[strindex], 4, "%%%02X", in);
 
       strindex+=3;
     }
-    else {
-      /* just copy this */
-      ns[strindex++]=in;
-    }
     string++;
   }
   ns[strindex]=0; /* terminate it */
   return ns;
 }
 
-char *curl_easy_unescape(CURL *handle, const char *string, int length,
-                         int *olen)
+/*
+ * Curl_urldecode() URL decodes the given string.
+ *
+ * Optionally detects control characters (byte codes lower than 32) in the
+ * data and rejects such data.
+ *
+ * Returns a pointer to a malloced string in *ostring with length given in
+ * *olen. If length == 0, the length is assumed to be strlen(string).
+ *
+ */
+CURLcode Curl_urldecode(struct SessionHandle *data,
+                        const char *string, size_t length,
+                        char **ostring, size_t *olen,
+                        bool reject_ctrl)
 {
-  int alloc = (length?length:(int)strlen(string))+1;
+  size_t alloc = (length?length:strlen(string))+1;
   char *ns = malloc(alloc);
   unsigned char in;
-  int strindex=0;
-  long hex;
-
-#ifndef CURL_DOES_CONVERSIONS
-  /* avoid compiler warnings */
-  (void)handle;
-#endif
-  if( !ns )
-    return NULL;
+  size_t strindex=0;
+  unsigned long hex;
+  CURLcode res;
+
+  if(!ns)
+    return CURLE_OUT_OF_MEMORY;
 
   while(--alloc > 0) {
     in = *string;
-    if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
+    if(('%' == in) && (alloc > 2) &&
+       ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
       /* this is two hexadecimal digits following a '%' */
       char hexstr[3];
       char *ptr;
@@ -142,23 +168,24 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
       hexstr[1] = string[2];
       hexstr[2] = 0;
 
-      hex = strtol(hexstr, &ptr, 16);
+      hex = strtoul(hexstr, &ptr, 16);
 
-      in = (unsigned char)hex; /* this long is never bigger than 255 anyway */
+      in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */
 
-#ifdef CURL_DOES_CONVERSIONS
-/* escape sequences are always in ASCII so convert them on non-ASCII hosts */
-      if (!handle ||
-          (Curl_convert_from_network(handle, &in, 1) != CURLE_OK)) {
+      res = Curl_convert_from_network(data, &in, 1);
+      if(res) {
         /* Curl_convert_from_network calls failf if unsuccessful */
         free(ns);
-        return NULL;
+        return res;
       }
-#endif /* CURL_DOES_CONVERSIONS */
 
       string+=2;
       alloc-=2;
     }
+    if(reject_ctrl && (in < 0x20)) {
+      free(ns);
+      return CURLE_URL_MALFORMAT;
+    }
 
     ns[strindex++] = in;
     string++;
@@ -168,11 +195,36 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
   if(olen)
     /* store output size */
     *olen = strindex;
-  return ns;
+
+  /* store output string */
+  *ostring = ns;
+
+  return CURLE_OK;
+}
+
+/*
+ * Unescapes the given URL escaped string of given length. Returns a
+ * pointer to a malloced string with length given in *olen.
+ * If length == 0, the length is assumed to be strlen(string).
+ * If olen == NULL, no output length is stored.
+ */
+char *curl_easy_unescape(CURL *handle, const char *string, int length,
+                         int *olen)
+{
+  char *str = NULL;
+  size_t inputlen = length;
+  size_t outputlen;
+  CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen,
+                                FALSE);
+  if(res)
+    return NULL;
+  if(olen)
+    *olen = curlx_uztosi(outputlen);
+  return str;
 }
 
 /* For operating systems/environments that use different malloc/free
-   ssystems for the app and for this library, we provide a free that uses
+   systems for the app and for this library, we provide a free that uses
    the library's memory system */
 void curl_free(void *p)
 {
diff --git a/Utilities/cmcurl/lib/escape.h b/Utilities/cmcurl/lib/escape.h
new file mode 100644
index 0000000..731b136
--- /dev/null
+++ b/Utilities/cmcurl/lib/escape.h
@@ -0,0 +1,33 @@
+#ifndef HEADER_CURL_ESCAPE_H
+#define HEADER_CURL_ESCAPE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+/* Escape and unescape URL encoding in strings. The functions return a new
+ * allocated string or NULL if an error occurred.  */
+
+CURLcode Curl_urldecode(struct SessionHandle *data,
+                        const char *string, size_t length,
+                        char **ostring, size_t *olen,
+                        bool reject_crlf);
+
+#endif /* HEADER_CURL_ESCAPE_H */
+
diff --git a/Utilities/cmcurl/lib/file.c b/Utilities/cmcurl/lib/file.c
new file mode 100644
index 0000000..73df42e
--- /dev/null
+++ b/Utilities/cmcurl/lib/file.c
@@ -0,0 +1,583 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_FILE
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include "strtoofft.h"
+#include "urldata.h"
+#include <curl/curl.h>
+#include "progress.h"
+#include "sendf.h"
+#include "escape.h"
+#include "file.h"
+#include "speedcheck.h"
+#include "getinfo.h"
+#include "transfer.h"
+#include "url.h"
+#include "curl_memory.h"
+#include "parsedate.h" /* for the week day and month names */
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if defined(WIN32) || defined(MSDOS) || defined(__EMX__) || \
+  defined(__SYMBIAN32__)
+#define DOS_FILESYSTEM 1
+#endif
+
+#ifdef OPEN_NEEDS_ARG3
+#  define open_readonly(p,f) open((p),(f),(0))
+#else
+#  define open_readonly(p,f) open((p),(f))
+#endif
+
+/*
+ * Forward declarations.
+ */
+
+static CURLcode file_do(struct connectdata *, bool *done);
+static CURLcode file_done(struct connectdata *conn,
+                          CURLcode status, bool premature);
+static CURLcode file_connect(struct connectdata *conn, bool *done);
+static CURLcode file_disconnect(struct connectdata *conn,
+                                bool dead_connection);
+static CURLcode file_setup_connection(struct connectdata *conn);
+
+/*
+ * FILE scheme handler.
+ */
+
+const struct Curl_handler Curl_handler_file = {
+  "FILE",                               /* scheme */
+  file_setup_connection,                /* setup_connection */
+  file_do,                              /* do_it */
+  file_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  file_connect,                         /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  file_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  0,                                    /* defport */
+  CURLPROTO_FILE,                       /* protocol */
+  PROTOPT_NONETWORK | PROTOPT_NOURLQUERY /* flags */
+};
+
+
+static CURLcode file_setup_connection(struct connectdata *conn)
+{
+  /* allocate the FILE specific struct */
+  conn->data->req.protop = calloc(1, sizeof(struct FILEPROTO));
+  if(!conn->data->req.protop)
+    return CURLE_OUT_OF_MEMORY;
+
+  return CURLE_OK;
+}
+
+ /*
+  Check if this is a range download, and if so, set the internal variables
+  properly. This code is copied from the FTP implementation and might as
+  well be factored out.
+ */
+static CURLcode file_range(struct connectdata *conn)
+{
+  curl_off_t from, to;
+  curl_off_t totalsize=-1;
+  char *ptr;
+  char *ptr2;
+  struct SessionHandle *data = conn->data;
+
+  if(data->state.use_range && data->state.range) {
+    from=curlx_strtoofft(data->state.range, &ptr, 0);
+    while(*ptr && (ISSPACE(*ptr) || (*ptr=='-')))
+      ptr++;
+    to=curlx_strtoofft(ptr, &ptr2, 0);
+    if(ptr == ptr2) {
+      /* we didn't get any digit */
+      to=-1;
+    }
+    if((-1 == to) && (from>=0)) {
+      /* X - */
+      data->state.resume_from = from;
+      DEBUGF(infof(data, "RANGE %" CURL_FORMAT_CURL_OFF_T " to end of file\n",
+                   from));
+    }
+    else if(from < 0) {
+      /* -Y */
+      data->req.maxdownload = -from;
+      data->state.resume_from = from;
+      DEBUGF(infof(data, "RANGE the last %" CURL_FORMAT_CURL_OFF_T " bytes\n",
+                   -from));
+    }
+    else {
+      /* X-Y */
+      totalsize = to-from;
+      data->req.maxdownload = totalsize+1; /* include last byte */
+      data->state.resume_from = from;
+      DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T
+                   " getting %" CURL_FORMAT_CURL_OFF_T " bytes\n",
+                   from, data->req.maxdownload));
+    }
+    DEBUGF(infof(data, "range-download from %" CURL_FORMAT_CURL_OFF_T
+                 " to %" CURL_FORMAT_CURL_OFF_T ", totally %"
+                 CURL_FORMAT_CURL_OFF_T " bytes\n",
+                 from, to, data->req.maxdownload));
+  }
+  else
+    data->req.maxdownload = -1;
+  return CURLE_OK;
+}
+
+/*
+ * file_connect() gets called from Curl_protocol_connect() to allow us to
+ * do protocol-specific actions at connect-time.  We emulate a
+ * connect-then-transfer protocol and "connect" to the file here
+ */
+static CURLcode file_connect(struct connectdata *conn, bool *done)
+{
+  struct SessionHandle *data = conn->data;
+  char *real_path;
+  struct FILEPROTO *file = data->req.protop;
+  int fd;
+#ifdef DOS_FILESYSTEM
+  int i;
+  char *actual_path;
+#endif
+
+  real_path = curl_easy_unescape(data, data->state.path, 0, NULL);
+  if(!real_path)
+    return CURLE_OUT_OF_MEMORY;
+
+#ifdef DOS_FILESYSTEM
+  /* If the first character is a slash, and there's
+     something that looks like a drive at the beginning of
+     the path, skip the slash.  If we remove the initial
+     slash in all cases, paths without drive letters end up
+     relative to the current directory which isn't how
+     browsers work.
+
+     Some browsers accept | instead of : as the drive letter
+     separator, so we do too.
+
+     On other platforms, we need the slash to indicate an
+     absolute pathname.  On Windows, absolute paths start
+     with a drive letter.
+  */
+  actual_path = real_path;
+  if((actual_path[0] == '/') &&
+      actual_path[1] &&
+     (actual_path[2] == ':' || actual_path[2] == '|')) {
+    actual_path[2] = ':';
+    actual_path++;
+  }
+
+  /* change path separators from '/' to '\\' for DOS, Windows and OS/2 */
+  for(i=0; actual_path[i] != '\0'; ++i)
+    if(actual_path[i] == '/')
+      actual_path[i] = '\\';
+
+  fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
+  file->path = actual_path;
+#else
+  fd = open_readonly(real_path, O_RDONLY);
+  file->path = real_path;
+#endif
+  file->freepath = real_path; /* free this when done */
+
+  file->fd = fd;
+  if(!data->set.upload && (fd == -1)) {
+    failf(data, "Couldn't open file %s", data->state.path);
+    file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE);
+    return CURLE_FILE_COULDNT_READ_FILE;
+  }
+  *done = TRUE;
+
+  return CURLE_OK;
+}
+
+static CURLcode file_done(struct connectdata *conn,
+                               CURLcode status, bool premature)
+{
+  struct FILEPROTO *file = conn->data->req.protop;
+  (void)status; /* not used */
+  (void)premature; /* not used */
+
+  if(file) {
+    Curl_safefree(file->freepath);
+    file->path = NULL;
+    if(file->fd != -1)
+      close(file->fd);
+    file->fd = -1;
+  }
+
+  return CURLE_OK;
+}
+
+static CURLcode file_disconnect(struct connectdata *conn,
+                                bool dead_connection)
+{
+  struct FILEPROTO *file = conn->data->req.protop;
+  (void)dead_connection; /* not used */
+
+  if(file) {
+    Curl_safefree(file->freepath);
+    file->path = NULL;
+    if(file->fd != -1)
+      close(file->fd);
+    file->fd = -1;
+  }
+
+  return CURLE_OK;
+}
+
+#ifdef DOS_FILESYSTEM
+#define DIRSEP '\\'
+#else
+#define DIRSEP '/'
+#endif
+
+static CURLcode file_upload(struct connectdata *conn)
+{
+  struct FILEPROTO *file = conn->data->req.protop;
+  const char *dir = strchr(file->path, DIRSEP);
+  int fd;
+  int mode;
+  CURLcode res=CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *buf = data->state.buffer;
+  size_t nread;
+  size_t nwrite;
+  curl_off_t bytecount = 0;
+  struct timeval now = Curl_tvnow();
+  struct_stat file_stat;
+  const char* buf2;
+
+  /*
+   * Since FILE: doesn't do the full init, we need to provide some extra
+   * assignments here.
+   */
+  conn->fread_func = data->set.fread_func;
+  conn->fread_in = data->set.in;
+  conn->data->req.upload_fromhere = buf;
+
+  if(!dir)
+    return CURLE_FILE_COULDNT_READ_FILE; /* fix: better error code */
+
+  if(!dir[1])
+    return CURLE_FILE_COULDNT_READ_FILE; /* fix: better error code */
+
+#ifdef O_BINARY
+#define MODE_DEFAULT O_WRONLY|O_CREAT|O_BINARY
+#else
+#define MODE_DEFAULT O_WRONLY|O_CREAT
+#endif
+
+  if(data->state.resume_from)
+    mode = MODE_DEFAULT|O_APPEND;
+  else
+    mode = MODE_DEFAULT|O_TRUNC;
+
+  fd = open(file->path, mode, conn->data->set.new_file_perms);
+  if(fd < 0) {
+    failf(data, "Can't open %s for writing", file->path);
+    return CURLE_WRITE_ERROR;
+  }
+
+  if(-1 != data->state.infilesize)
+    /* known size of data to "upload" */
+    Curl_pgrsSetUploadSize(data, data->state.infilesize);
+
+  /* treat the negative resume offset value as the case of "-" */
+  if(data->state.resume_from < 0) {
+    if(fstat(fd, &file_stat)) {
+      close(fd);
+      failf(data, "Can't get the size of %s", file->path);
+      return CURLE_WRITE_ERROR;
+    }
+    else
+      data->state.resume_from = (curl_off_t)file_stat.st_size;
+  }
+
+  while(res == CURLE_OK) {
+    int readcount;
+    res = Curl_fillreadbuffer(conn, BUFSIZE, &readcount);
+    if(res)
+      break;
+
+    if(readcount <= 0)  /* fix questionable compare error. curlvms */
+      break;
+
+    nread = (size_t)readcount;
+
+    /*skip bytes before resume point*/
+    if(data->state.resume_from) {
+      if((curl_off_t)nread <= data->state.resume_from ) {
+        data->state.resume_from -= nread;
+        nread = 0;
+        buf2 = buf;
+      }
+      else {
+        buf2 = buf + data->state.resume_from;
+        nread -= (size_t)data->state.resume_from;
+        data->state.resume_from = 0;
+      }
+    }
+    else
+      buf2 = buf;
+
+    /* write the data to the target */
+    nwrite = write(fd, buf2, nread);
+    if(nwrite != nread) {
+      res = CURLE_SEND_ERROR;
+      break;
+    }
+
+    bytecount += nread;
+
+    Curl_pgrsSetUploadCounter(data, bytecount);
+
+    if(Curl_pgrsUpdate(conn))
+      res = CURLE_ABORTED_BY_CALLBACK;
+    else
+      res = Curl_speedcheck(data, now);
+  }
+  if(!res && Curl_pgrsUpdate(conn))
+    res = CURLE_ABORTED_BY_CALLBACK;
+
+  close(fd);
+
+  return res;
+}
+
+/*
+ * file_do() is the protocol-specific function for the do-phase, separated
+ * from the connect-phase above. Other protocols merely setup the transfer in
+ * the do-phase, to have it done in the main transfer loop but since some
+ * platforms we support don't allow select()ing etc on file handles (as
+ * opposed to sockets) we instead perform the whole do-operation in this
+ * function.
+ */
+static CURLcode file_do(struct connectdata *conn, bool *done)
+{
+  /* This implementation ignores the host name in conformance with
+     RFC 1738. Only local files (reachable via the standard file system)
+     are supported. This means that files on remotely mounted directories
+     (via NFS, Samba, NT sharing) can be accessed through a file:// URL
+  */
+  CURLcode res = CURLE_OK;
+  struct_stat statbuf; /* struct_stat instead of struct stat just to allow the
+                          Windows version to have a different struct without
+                          having to redefine the simple word 'stat' */
+  curl_off_t expected_size=0;
+  bool fstated=FALSE;
+  ssize_t nread;
+  struct SessionHandle *data = conn->data;
+  char *buf = data->state.buffer;
+  curl_off_t bytecount = 0;
+  int fd;
+  struct timeval now = Curl_tvnow();
+  struct FILEPROTO *file;
+
+  *done = TRUE; /* unconditionally */
+
+  Curl_initinfo(data);
+  Curl_pgrsStartNow(data);
+
+  if(data->set.upload)
+    return file_upload(conn);
+
+  file = conn->data->req.protop;
+
+  /* get the fd from the connection phase */
+  fd = file->fd;
+
+  /* VMS: This only works reliable for STREAMLF files */
+  if(-1 != fstat(fd, &statbuf)) {
+    /* we could stat it, then read out the size */
+    expected_size = statbuf.st_size;
+    /* and store the modification time */
+    data->info.filetime = (long)statbuf.st_mtime;
+    fstated = TRUE;
+  }
+
+  if(fstated && !data->state.range && data->set.timecondition) {
+    if(!Curl_meets_timecondition(data, (time_t)data->info.filetime)) {
+      *done = TRUE;
+      return CURLE_OK;
+    }
+  }
+
+  /* If we have selected NOBODY and HEADER, it means that we only want file
+     information. Which for FILE can't be much more than the file size and
+     date. */
+  if(data->set.opt_no_body && data->set.include_header && fstated) {
+    CURLcode result;
+    snprintf(buf, sizeof(data->state.buffer),
+             "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", expected_size);
+    result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+    if(result)
+      return result;
+
+    result = Curl_client_write(conn, CLIENTWRITE_BOTH,
+                               (char *)"Accept-ranges: bytes\r\n", 0);
+    if(result)
+      return result;
+
+    if(fstated) {
+      time_t filetime = (time_t)statbuf.st_mtime;
+      struct tm buffer;
+      const struct tm *tm = &buffer;
+      result = Curl_gmtime(filetime, &buffer);
+      if(result)
+        return result;
+
+      /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
+      snprintf(buf, BUFSIZE-1,
+               "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
+               Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+               tm->tm_mday,
+               Curl_month[tm->tm_mon],
+               tm->tm_year + 1900,
+               tm->tm_hour,
+               tm->tm_min,
+               tm->tm_sec);
+      result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+    }
+    /* if we fstat()ed the file, set the file size to make it available post-
+       transfer */
+    if(fstated)
+      Curl_pgrsSetDownloadSize(data, expected_size);
+    return result;
+  }
+
+  /* Check whether file range has been specified */
+  file_range(conn);
+
+  /* Adjust the start offset in case we want to get the N last bytes
+   * of the stream iff the filesize could be determined */
+  if(data->state.resume_from < 0) {
+    if(!fstated) {
+      failf(data, "Can't get the size of file.");
+      return CURLE_READ_ERROR;
+    }
+    else
+      data->state.resume_from += (curl_off_t)statbuf.st_size;
+  }
+
+  if(data->state.resume_from <= expected_size)
+    expected_size -= data->state.resume_from;
+  else {
+    failf(data, "failed to resume file:// transfer");
+    return CURLE_BAD_DOWNLOAD_RESUME;
+  }
+
+  /* A high water mark has been specified so we obey... */
+  if(data->req.maxdownload > 0)
+    expected_size = data->req.maxdownload;
+
+  if(fstated && (expected_size == 0))
+    return CURLE_OK;
+
+  /* The following is a shortcut implementation of file reading
+     this is both more efficient than the former call to download() and
+     it avoids problems with select() and recv() on file descriptors
+     in Winsock */
+  if(fstated)
+    Curl_pgrsSetDownloadSize(data, expected_size);
+
+  if(data->state.resume_from) {
+    if(data->state.resume_from !=
+       lseek(fd, data->state.resume_from, SEEK_SET))
+      return CURLE_BAD_DOWNLOAD_RESUME;
+  }
+
+  Curl_pgrsTime(data, TIMER_STARTTRANSFER);
+
+  while(res == CURLE_OK) {
+    /* Don't fill a whole buffer if we want less than all data */
+    size_t bytestoread =
+      (expected_size < CURL_OFF_T_C(BUFSIZE) - CURL_OFF_T_C(1)) ?
+      curlx_sotouz(expected_size) : BUFSIZE - 1;
+
+    nread = read(fd, buf, bytestoread);
+
+    if(nread > 0)
+      buf[nread] = 0;
+
+    if(nread <= 0 || expected_size == 0)
+      break;
+
+    bytecount += nread;
+    expected_size -= nread;
+
+    res = Curl_client_write(conn, CLIENTWRITE_BODY, buf, nread);
+    if(res)
+      return res;
+
+    Curl_pgrsSetDownloadCounter(data, bytecount);
+
+    if(Curl_pgrsUpdate(conn))
+      res = CURLE_ABORTED_BY_CALLBACK;
+    else
+      res = Curl_speedcheck(data, now);
+  }
+  if(Curl_pgrsUpdate(conn))
+    res = CURLE_ABORTED_BY_CALLBACK;
+
+  return res;
+}
+
+#endif
diff --git a/Utilities/cmcurl/lib/file.h b/Utilities/cmcurl/lib/file.h
new file mode 100644
index 0000000..997474b
--- /dev/null
+++ b/Utilities/cmcurl/lib/file.h
@@ -0,0 +1,41 @@
+#ifndef HEADER_CURL_FILE_H
+#define HEADER_CURL_FILE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+
+/****************************************************************************
+ * FILE unique setup
+ ***************************************************************************/
+struct FILEPROTO {
+  char *path; /* the path we operate on */
+  char *freepath; /* pointer to the allocated block we must free, this might
+                     differ from the 'path' pointer */
+  int fd;     /* open file descriptor to read from! */
+};
+
+#ifndef CURL_DISABLE_FILE
+extern const struct Curl_handler Curl_handler_file;
+#endif
+
+#endif /* HEADER_CURL_FILE_H */
+
diff --git a/Utilities/cmcurl/lib/fileinfo.c b/Utilities/cmcurl/lib/fileinfo.c
new file mode 100644
index 0000000..8c8ee98
--- /dev/null
+++ b/Utilities/cmcurl/lib/fileinfo.c
@@ -0,0 +1,54 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010-2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "strdup.h"
+#include "fileinfo.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+struct curl_fileinfo *Curl_fileinfo_alloc(void)
+{
+  struct curl_fileinfo *tmp = malloc(sizeof(struct curl_fileinfo));
+  if(!tmp)
+    return NULL;
+  memset(tmp, 0, sizeof(struct curl_fileinfo));
+  return tmp;
+}
+
+void Curl_fileinfo_dtor(void *user, void *element)
+{
+  struct curl_fileinfo *finfo = element;
+  (void) user;
+  if(!finfo)
+    return;
+
+  Curl_safefree(finfo->b_data);
+
+  free(finfo);
+}
diff --git a/Utilities/cmcurl/lib/fileinfo.h b/Utilities/cmcurl/lib/fileinfo.h
new file mode 100644
index 0000000..b0e5e59
--- /dev/null
+++ b/Utilities/cmcurl/lib/fileinfo.h
@@ -0,0 +1,33 @@
+#ifndef HEADER_CURL_FILEINFO_H
+#define HEADER_CURL_FILEINFO_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include <curl/curl.h>
+
+struct curl_fileinfo *Curl_fileinfo_alloc(void);
+
+void Curl_fileinfo_dtor(void *, void *);
+
+struct curl_fileinfo *Curl_fileinfo_dup(const struct curl_fileinfo *src);
+
+#endif /* HEADER_CURL_FILEINFO_H */
diff --git a/Utilities/cmcurl/formdata.c b/Utilities/cmcurl/lib/formdata.c
index f10c6c7..3260928 100644
--- a/Utilities/cmcurl/formdata.c
+++ b/Utilities/cmcurl/lib/formdata.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,111 +18,24 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-/*
-  Debug the form generator stand-alone by compiling this source file with:
-
-  gcc -DHAVE_CONFIG_H -I../ -g -D_FORM_DEBUG -DCURLDEBUG -o formdata -I../include formdata.c strequal.c memdebug.c mprintf.c strerror.c
-
-  run the 'formdata' executable the output should end with:
-  All Tests seem to have worked ...
-  and the following parts should be there:
-
-Content-Disposition: form-data; name="simple_COPYCONTENTS"
-value for simple COPYCONTENTS
-
-Content-Disposition: form-data; name="COPYCONTENTS_+_CONTENTTYPE"
-Content-Type: image/gif
-value for COPYCONTENTS + CONTENTTYPE
-
-Content-Disposition: form-data; name="PRNAME_+_NAMELENGTH_+_COPYNAME_+_CONTENTSLENGTH"
-vlue for PTRNAME + NAMELENGTH + COPYNAME + CONTENTSLENGTH
-(or you might see P^@RNAME and v^@lue at the start)
-
-Content-Disposition: form-data; name="simple_PTRCONTENTS"
-value for simple PTRCONTENTS
-
-Content-Disposition: form-data; name="PTRCONTENTS_+_CONTENTSLENGTH"
-vlue for PTRCONTENTS + CONTENTSLENGTH
-(or you might see v^@lue at the start)
-
-Content-Disposition: form-data; name="PTRCONTENTS_+_CONTENTSLENGTH_+_CONTENTTYPE"
-Content-Type: text/plain
-vlue for PTRCOTNENTS + CONTENTSLENGTH + CONTENTTYPE
-(or you might see v^@lue at the start)
-
-Content-Disposition: form-data; name="FILE1_+_CONTENTTYPE"; filename="inet_ntoa_r.h"
-Content-Type: text/html
-...
-
-Content-Disposition: form-data; name="FILE1_+_FILE2"
-Content-Type: multipart/mixed, boundary=curlz1s0dkticx49MV1KGcYP5cvfSsz
-...
-Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
-...
-Content-Disposition: attachment; filename="Makefile.b32"
-Content-Type: text/plain
-...
-
-Content-Disposition: form-data; name="FILE1_+_FILE2_+_FILE3"
-Content-Type: multipart/mixed, boundary=curlirkYPmPwu6FrJ1vJ1u1BmtIufh1
-...
-Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
-...
-Content-Disposition: attachment; filename="Makefile.b32"
-Content-Type: text/plain
-...
-Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
-...
-
-
-Content-Disposition: form-data; name="ARRAY: FILE1_+_FILE2_+_FILE3"
-Content-Type: multipart/mixed, boundary=curlirkYPmPwu6FrJ1vJ1u1BmtIufh1
-...
-Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
-...
-Content-Disposition: attachment; filename="Makefile.b32"
-Content-Type: text/plain
-...
-Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
-...
-
-Content-Disposition: form-data; name="FILECONTENT"
-...
-
- */
+#include "curl_setup.h"
 
-#include "setup.h"
 #include <curl/curl.h>
 
-/* Length of the random boundary string. */
-#define BOUNDARY_LENGTH 40
-
 #if !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY)
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <time.h>
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
 #if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME)
 #include <libgen.h>
 #endif
+
 #include "urldata.h" /* for struct SessionHandle */
-#include "easyif.h" /* for Curl_convert_... prototypes */
 #include "formdata.h"
+#include "vtls/vtls.h"
 #include "strequal.h"
-#include "memory.h"
+#include "curl_memory.h"
+#include "sendf.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -134,12 +47,13 @@ Content-Disposition: form-data; name="FILECONTENT"
 
 #ifndef CURL_DISABLE_HTTP
 
-#if defined(HAVE_BASENAME) && defined(NEED_BASENAME_PROTO)
-/* This system has a basename() but no prototype for it! */
-char *basename(char *path);
+#ifndef HAVE_BASENAME
+static char *Curl_basename(char *path);
+#define basename(x)  Curl_basename((x))
 #endif
 
 static size_t readfromfile(struct Form *form, char *buffer, size_t size);
+static char *formboundary(struct SessionHandle *data);
 
 /* What kind of Content-Type to use on un-specified files with unrecognized
    extensions. */
@@ -159,19 +73,19 @@ static size_t readfromfile(struct Form *form, char *buffer, size_t size);
  *
  ***************************************************************************/
 static struct curl_httppost *
-AddHttpPost(char * name, size_t namelength,
-            char * value, size_t contentslength,
-            char * buffer, size_t bufferlength,
+AddHttpPost(char *name, size_t namelength,
+            char *value, size_t contentslength,
+            char *buffer, size_t bufferlength,
             char *contenttype,
             long flags,
             struct curl_slist* contentHeader,
-            char *showfilename,
+            char *showfilename, char *userp,
             struct curl_httppost *parent_post,
             struct curl_httppost **httppost,
             struct curl_httppost **last_post)
 {
   struct curl_httppost *post;
-  post = (struct curl_httppost *)calloc(sizeof(struct curl_httppost), 1);
+  post = calloc(1, sizeof(struct curl_httppost));
   if(post) {
     post->name = name;
     post->namelength = (long)(name?(namelength?namelength:strlen(name)):0);
@@ -182,12 +96,13 @@ AddHttpPost(char * name, size_t namelength,
     post->contenttype = contenttype;
     post->contentheader = contentHeader;
     post->showfilename = showfilename;
+    post->userp = userp,
     post->flags = flags;
   }
   else
     return NULL;
 
-  if (parent_post) {
+  if(parent_post) {
     /* now, point our 'more' to the original 'more' */
     post->more = parent_post->more;
 
@@ -221,27 +136,24 @@ static FormInfo * AddFormInfo(char *value,
                               FormInfo *parent_form_info)
 {
   FormInfo *form_info;
-  form_info = (FormInfo *)malloc(sizeof(FormInfo));
+  form_info = calloc(1, sizeof(struct FormInfo));
   if(form_info) {
-    memset(form_info, 0, sizeof(FormInfo));
-    if (value)
+    if(value)
       form_info->value = value;
-    if (contenttype)
+    if(contenttype)
       form_info->contenttype = contenttype;
     form_info->flags = HTTPPOST_FILENAME;
   }
   else
     return NULL;
 
-  if (parent_form_info) {
+  if(parent_form_info) {
     /* now, point our 'more' to the original 'more' */
     form_info->more = parent_form_info->more;
 
     /* then move the original 'more' to point to ourselves */
     parent_form_info->more = form_info;
   }
-  else
-    return NULL;
 
   return form_info;
 }
@@ -256,8 +168,8 @@ static FormInfo * AddFormInfo(char *value,
  * Returns some valid contenttype for filename.
  *
  ***************************************************************************/
-static const char * ContentTypeForFilename (const char *filename,
-                                            const char *prevtype)
+static const char *ContentTypeForFilename(const char *filename,
+                                          const char *prevtype)
 {
   const char *contenttype = NULL;
   unsigned int i;
@@ -274,24 +186,25 @@ static const char * ContentTypeForFilename (const char *filename,
     {".jpg",  "image/jpeg"},
     {".jpeg", "image/jpeg"},
     {".txt",  "text/plain"},
-    {".html", "text/html"}
+    {".html", "text/html"},
+    {".xml", "application/xml"}
   };
 
   if(prevtype)
     /* default to the previously set/used! */
     contenttype = prevtype;
   else
-    /* It seems RFC1867 defines no Content-Type to default to
-       text/plain so we don't actually need to set this: */
     contenttype = HTTPPOST_CONTENTTYPE_DEFAULT;
 
-  for(i=0; i<sizeof(ctts)/sizeof(ctts[0]); i++) {
-    if(strlen(filename) >= strlen(ctts[i].extension)) {
-      if(strequal(filename +
-                  strlen(filename) - strlen(ctts[i].extension),
-                  ctts[i].extension)) {
-        contenttype = ctts[i].type;
-        break;
+  if(filename) { /* in case a NULL was passed in */
+    for(i=0; i<sizeof(ctts)/sizeof(ctts[0]); i++) {
+      if(strlen(filename) >= strlen(ctts[i].extension)) {
+        if(strequal(filename +
+                    strlen(filename) - strlen(ctts[i].extension),
+                    ctts[i].extension)) {
+          contenttype = ctts[i].type;
+          break;
+        }
       }
     }
   }
@@ -316,20 +229,24 @@ static char *memdup(const char *src, size_t buffer_length)
   bool add = FALSE;
   char *buffer;
 
-  if (buffer_length)
+  if(buffer_length)
     length = buffer_length;
-  else {
+  else if(src) {
     length = strlen(src);
     add = TRUE;
   }
-  buffer = (char*)malloc(length+add);
-  if (!buffer)
+  else
+    /* no length and a NULL src pointer! */
+    return strdup("");
+
+  buffer = malloc(length+add);
+  if(!buffer)
     return NULL; /* fail */
 
   memcpy(buffer, src, length);
 
   /* if length unknown do null termination */
-  if (add)
+  if(add)
     buffer[length] = '\0';
 
   return buffer;
@@ -377,7 +294,7 @@ static char *memdup(const char *src, size_t buffer_length)
  * CURL_FORMADD_NULL           if a null pointer was given for a char
  * CURL_FORMADD_MEMORY         if the allocation of a FormInfo struct failed
  * CURL_FORMADD_UNKNOWN_OPTION if an unknown option was used
- * CURL_FORMADD_INCOMPLETE     if the some FormInfo is not complete (or an error)
+ * CURL_FORMADD_INCOMPLETE     if the some FormInfo is not complete (or error)
  * CURL_FORMADD_MEMORY         if a HttpPost struct cannot be allocated
  * CURL_FORMADD_MEMORY         if some allocation for string copying failed.
  * CURL_FORMADD_ILLEGAL_ARRAY  if an illegal option is used in an array
@@ -405,7 +322,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
   /*
    * We need to allocate the first struct to fill in.
    */
-  first_form = (FormInfo *)calloc(sizeof(struct FormInfo), 1);
+  first_form = calloc(1, sizeof(struct FormInfo));
   if(!first_form)
     return CURL_FORMADD_MEMORY;
 
@@ -414,16 +331,16 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
   /*
    * Loop through all the options set. Break if we have an error to report.
    */
-  while (return_value == CURL_FORMADD_OK) {
+  while(return_value == CURL_FORMADD_OK) {
 
     /* first see if we have more parts of the array param */
-    if ( array_state ) {
+    if(array_state && forms) {
       /* get the upcoming option from the given array */
       option = forms->option;
       array_value = (char *)forms->value;
 
       forms++; /* advance this to next entry */
-      if (CURLFORM_END == option) {
+      if(CURLFORM_END == option) {
         /* end of array state */
         array_state = FALSE;
         continue;
@@ -432,7 +349,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
     else {
       /* This is not array-state, get next option */
       option = va_arg(params, CURLformoption);
-      if (CURLFORM_END == option)
+      if(CURLFORM_END == option)
         break;
     }
 
@@ -443,7 +360,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
         return_value = CURL_FORMADD_ILLEGAL_ARRAY;
       else {
         forms = va_arg(params, struct curl_forms *);
-        if (forms)
+        if(forms)
           array_state = TRUE;
         else
           return_value = CURL_FORMADD_NULL;
@@ -455,29 +372,31 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
        */
     case CURLFORM_PTRNAME:
 #ifdef CURL_DOES_CONVERSIONS
-      /* treat CURLFORM_PTR like CURLFORM_COPYNAME so we'll
-         have safe memory for the eventual conversion */
+      /* Treat CURLFORM_PTR like CURLFORM_COPYNAME so that libcurl will copy
+       * the data in all cases so that we'll have safe memory for the eventual
+       * conversion.
+       */
 #else
       current_form->flags |= HTTPPOST_PTRNAME; /* fall through */
 #endif
     case CURLFORM_COPYNAME:
-      if (current_form->name)
+      if(current_form->name)
         return_value = CURL_FORMADD_OPTION_TWICE;
       else {
         char *name = array_state?
           array_value:va_arg(params, char *);
-        if (name)
+        if(name)
           current_form->name = name; /* store for the moment */
         else
           return_value = CURL_FORMADD_NULL;
       }
       break;
     case CURLFORM_NAMELENGTH:
-      if (current_form->namelength)
+      if(current_form->namelength)
         return_value = CURL_FORMADD_OPTION_TWICE;
       else
         current_form->namelength =
-          array_state?(long)array_value:(long)va_arg(params, long);
+          array_state?(size_t)array_value:(size_t)va_arg(params, long);
       break;
 
       /*
@@ -486,33 +405,33 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
     case CURLFORM_PTRCONTENTS:
       current_form->flags |= HTTPPOST_PTRCONTENTS; /* fall through */
     case CURLFORM_COPYCONTENTS:
-      if (current_form->value)
+      if(current_form->value)
         return_value = CURL_FORMADD_OPTION_TWICE;
       else {
         char *value =
           array_state?array_value:va_arg(params, char *);
-        if (value)
+        if(value)
           current_form->value = value; /* store for the moment */
         else
           return_value = CURL_FORMADD_NULL;
       }
       break;
     case CURLFORM_CONTENTSLENGTH:
-      if (current_form->contentslength)
+      if(current_form->contentslength)
         return_value = CURL_FORMADD_OPTION_TWICE;
       else
         current_form->contentslength =
-          array_state?(long)array_value:va_arg(params, long);
+          array_state?(size_t)array_value:(size_t)va_arg(params, long);
       break;
 
       /* Get contents from a given file name */
     case CURLFORM_FILECONTENT:
-      if (current_form->flags != 0)
+      if(current_form->flags & (HTTPPOST_PTRCONTENTS|HTTPPOST_READFILE))
         return_value = CURL_FORMADD_OPTION_TWICE;
       else {
-        char *filename = array_state?
+        const char *filename = array_state?
           array_value:va_arg(params, char *);
-        if (filename) {
+        if(filename) {
           current_form->value = strdup(filename);
           if(!current_form->value)
             return_value = CURL_FORMADD_MEMORY;
@@ -529,15 +448,27 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
       /* We upload a file */
     case CURLFORM_FILE:
       {
-        char *filename = array_state?array_value:
+        const char *filename = array_state?array_value:
           va_arg(params, char *);
 
-        if (current_form->value) {
-          if (current_form->flags & HTTPPOST_FILENAME) {
-            if (filename) {
-              if ((current_form = AddFormInfo(strdup(filename),
-                                              NULL, current_form)) == NULL)
+        if(current_form->value) {
+          if(current_form->flags & HTTPPOST_FILENAME) {
+            if(filename) {
+              char *fname = strdup(filename);
+              if(!fname)
                 return_value = CURL_FORMADD_MEMORY;
+              else {
+                form = AddFormInfo(fname, NULL, current_form);
+                if(!form) {
+                  Curl_safefree(fname);
+                  return_value = CURL_FORMADD_MEMORY;
+                }
+                else {
+                  form->value_alloc = TRUE;
+                  current_form = form;
+                  form = NULL;
+                }
+              }
             }
             else
               return_value = CURL_FORMADD_NULL;
@@ -546,7 +477,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
             return_value = CURL_FORMADD_OPTION_TWICE;
         }
         else {
-          if (filename) {
+          if(filename) {
             current_form->value = strdup(filename);
             if(!current_form->value)
               return_value = CURL_FORMADD_MEMORY;
@@ -561,70 +492,72 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
         break;
       }
 
-    case CURLFORM_BUFFER:
-      {
-        char *filename = array_state?array_value:
-          va_arg(params, char *);
-
-        if (current_form->value) {
-          if (current_form->flags & HTTPPOST_BUFFER) {
-            if (filename) {
-              if ((current_form = AddFormInfo(strdup(filename),
-                                              NULL, current_form)) == NULL)
-                return_value = CURL_FORMADD_MEMORY;
-            }
-            else
-              return_value = CURL_FORMADD_NULL;
-          }
-          else
-            return_value = CURL_FORMADD_OPTION_TWICE;
-        }
-        else {
-          if (filename) {
-            current_form->value = strdup(filename);
-            if(!current_form->value)
-              return_value = CURL_FORMADD_MEMORY;
-          }
-          else
-            return_value = CURL_FORMADD_NULL;
-          current_form->flags |= HTTPPOST_BUFFER;
-        }
-        break;
-      }
-
     case CURLFORM_BUFFERPTR:
-        current_form->flags |= HTTPPOST_PTRBUFFER;
-      if (current_form->buffer)
+      current_form->flags |= HTTPPOST_PTRBUFFER|HTTPPOST_BUFFER;
+      if(current_form->buffer)
         return_value = CURL_FORMADD_OPTION_TWICE;
       else {
         char *buffer =
           array_state?array_value:va_arg(params, char *);
-        if (buffer)
+        if(buffer) {
           current_form->buffer = buffer; /* store for the moment */
+          current_form->value = buffer; /* make it non-NULL to be accepted
+                                           as fine */
+        }
         else
           return_value = CURL_FORMADD_NULL;
       }
       break;
 
     case CURLFORM_BUFFERLENGTH:
-      if (current_form->bufferlength)
+      if(current_form->bufferlength)
         return_value = CURL_FORMADD_OPTION_TWICE;
       else
         current_form->bufferlength =
-          array_state?(long)array_value:va_arg(params, long);
+          array_state?(size_t)array_value:(size_t)va_arg(params, long);
+      break;
+
+    case CURLFORM_STREAM:
+      current_form->flags |= HTTPPOST_CALLBACK;
+      if(current_form->userp)
+        return_value = CURL_FORMADD_OPTION_TWICE;
+      else {
+        char *userp =
+          array_state?array_value:va_arg(params, char *);
+        if(userp) {
+          current_form->userp = userp;
+          current_form->value = userp; /* this isn't strictly true but we
+                                          derive a value from this later on
+                                          and we need this non-NULL to be
+                                          accepted as a fine form part */
+        }
+        else
+          return_value = CURL_FORMADD_NULL;
+      }
       break;
 
     case CURLFORM_CONTENTTYPE:
       {
-        char *contenttype =
+        const char *contenttype =
           array_state?array_value:va_arg(params, char *);
-        if (current_form->contenttype) {
-          if (current_form->flags & HTTPPOST_FILENAME) {
-            if (contenttype) {
-              if ((current_form = AddFormInfo(NULL,
-                                              strdup(contenttype),
-                                              current_form)) == NULL)
+        if(current_form->contenttype) {
+          if(current_form->flags & HTTPPOST_FILENAME) {
+            if(contenttype) {
+              char *type = strdup(contenttype);
+              if(!type)
                 return_value = CURL_FORMADD_MEMORY;
+              else {
+                form = AddFormInfo(NULL, type, current_form);
+                if(!form) {
+                  Curl_safefree(type);
+                  return_value = CURL_FORMADD_MEMORY;
+                }
+                else {
+                  form->contenttype_alloc = TRUE;
+                  current_form = form;
+                  form = NULL;
+                }
+              }
             }
             else
               return_value = CURL_FORMADD_NULL;
@@ -633,7 +566,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
             return_value = CURL_FORMADD_OPTION_TWICE;
         }
         else {
-          if (contenttype) {
+          if(contenttype) {
             current_form->contenttype = strdup(contenttype);
             if(!current_form->contenttype)
               return_value = CURL_FORMADD_MEMORY;
@@ -653,7 +586,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
           (struct curl_slist*)array_value:
           va_arg(params, struct curl_slist*);
 
-        if( current_form->contentheader )
+        if(current_form->contentheader)
           return_value = CURL_FORMADD_OPTION_TWICE;
         else
           current_form->contentheader = list;
@@ -661,10 +594,11 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
         break;
       }
     case CURLFORM_FILENAME:
+    case CURLFORM_BUFFER:
       {
-        char *filename = array_state?array_value:
+        const char *filename = array_state?array_value:
           va_arg(params, char *);
-        if( current_form->showfilename )
+        if(current_form->showfilename)
           return_value = CURL_FORMADD_OPTION_TWICE;
         else {
           current_form->showfilename = strdup(filename);
@@ -677,63 +611,92 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
       }
     default:
       return_value = CURL_FORMADD_UNKNOWN_OPTION;
+      break;
+    }
+  }
+
+  if(CURL_FORMADD_OK != return_value) {
+    /* On error, free allocated fields for all nodes of the FormInfo linked
+       list without deallocating nodes. List nodes are deallocated later on */
+    FormInfo *ptr;
+    for(ptr = first_form; ptr != NULL; ptr = ptr->more) {
+      if(ptr->name_alloc) {
+        Curl_safefree(ptr->name);
+        ptr->name_alloc = FALSE;
+      }
+      if(ptr->value_alloc) {
+        Curl_safefree(ptr->value);
+        ptr->value_alloc = FALSE;
+      }
+      if(ptr->contenttype_alloc) {
+        Curl_safefree(ptr->contenttype);
+        ptr->contenttype_alloc = FALSE;
+      }
+      if(ptr->showfilename_alloc) {
+        Curl_safefree(ptr->showfilename);
+        ptr->showfilename_alloc = FALSE;
+      }
     }
   }
 
   if(CURL_FORMADD_OK == return_value) {
-    /* go through the list, check for copleteness and if everything is
+    /* go through the list, check for completeness and if everything is
      * alright add the HttpPost item otherwise set return_value accordingly */
 
     post = NULL;
     for(form = first_form;
         form != NULL;
         form = form->more) {
-      if ( ((!form->name || !form->value) && !post) ||
-           ( (form->contentslength) &&
-             (form->flags & HTTPPOST_FILENAME) ) ||
-           ( (form->flags & HTTPPOST_FILENAME) &&
-             (form->flags & HTTPPOST_PTRCONTENTS) ) ||
-
-           ( (!form->buffer) &&
-             (form->flags & HTTPPOST_BUFFER) &&
-             (form->flags & HTTPPOST_PTRBUFFER) ) ||
-
-           ( (form->flags & HTTPPOST_READFILE) &&
-             (form->flags & HTTPPOST_PTRCONTENTS) )
-           ) {
+      if(((!form->name || !form->value) && !post) ||
+         ( (form->contentslength) &&
+           (form->flags & HTTPPOST_FILENAME) ) ||
+         ( (form->flags & HTTPPOST_FILENAME) &&
+           (form->flags & HTTPPOST_PTRCONTENTS) ) ||
+
+         ( (!form->buffer) &&
+           (form->flags & HTTPPOST_BUFFER) &&
+           (form->flags & HTTPPOST_PTRBUFFER) ) ||
+
+         ( (form->flags & HTTPPOST_READFILE) &&
+           (form->flags & HTTPPOST_PTRCONTENTS) )
+        ) {
         return_value = CURL_FORMADD_INCOMPLETE;
         break;
       }
       else {
-        if ( ((form->flags & HTTPPOST_FILENAME) ||
-              (form->flags & HTTPPOST_BUFFER)) &&
-             !form->contenttype ) {
+        if(((form->flags & HTTPPOST_FILENAME) ||
+            (form->flags & HTTPPOST_BUFFER)) &&
+           !form->contenttype ) {
+          char *f = form->flags & HTTPPOST_BUFFER?
+            form->showfilename : form->value;
+
           /* our contenttype is missing */
-          form->contenttype
-            = strdup(ContentTypeForFilename(form->value, prevtype));
+          form->contenttype = strdup(ContentTypeForFilename(f, prevtype));
           if(!form->contenttype) {
             return_value = CURL_FORMADD_MEMORY;
             break;
           }
           form->contenttype_alloc = TRUE;
         }
-        if ( !(form->flags & HTTPPOST_PTRNAME) &&
-             (form == first_form) ) {
-          /* copy name (without strdup; possibly contains null characters) */
-          form->name = memdup(form->name, form->namelength);
-          if (!form->name) {
+        if(!(form->flags & HTTPPOST_PTRNAME) &&
+           (form == first_form) ) {
+          /* Note that there's small risk that form->name is NULL here if the
+             app passed in a bad combo, so we better check for that first. */
+          if(form->name)
+            /* copy name (without strdup; possibly contains null characters) */
+            form->name = memdup(form->name, form->namelength);
+          if(!form->name) {
             return_value = CURL_FORMADD_MEMORY;
             break;
           }
           form->name_alloc = TRUE;
         }
-        if ( !(form->flags & HTTPPOST_FILENAME) &&
-             !(form->flags & HTTPPOST_READFILE) &&
-             !(form->flags & HTTPPOST_PTRCONTENTS) &&
-             !(form->flags & HTTPPOST_PTRBUFFER) ) {
+        if(!(form->flags & (HTTPPOST_FILENAME | HTTPPOST_READFILE |
+                            HTTPPOST_PTRCONTENTS | HTTPPOST_PTRBUFFER |
+                            HTTPPOST_CALLBACK)) ) {
           /* copy value (without strdup; possibly contains null characters) */
           form->value = memdup(form->value, form->contentslength);
-          if (!form->value) {
+          if(!form->value) {
             return_value = CURL_FORMADD_MEMORY;
             break;
           }
@@ -744,6 +707,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
                            form->buffer, form->bufferlength,
                            form->contenttype, form->flags,
                            form->contentheader, form->showfilename,
+                           form->userp,
                            post, httppost,
                            last_post);
 
@@ -752,36 +716,43 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
           break;
         }
 
-        if (form->contenttype)
+        if(form->contenttype)
           prevtype = form->contenttype;
       }
     }
-  }
-
-  if(return_value) {
-    /* we return on error, free possibly allocated fields */
-    if(!form)
-      form = current_form;
-    if(form) {
-      if(form->name_alloc)
-        free(form->name);
-      if(form->value_alloc)
-        free(form->value);
-      if(form->contenttype_alloc)
-        free(form->contenttype);
-      if(form->showfilename_alloc)
-        free(form->showfilename);
+    if(CURL_FORMADD_OK != return_value) {
+      /* On error, free allocated fields for nodes of the FormInfo linked
+         list which are not already owned by the httppost linked list
+         without deallocating nodes. List nodes are deallocated later on */
+      FormInfo *ptr;
+      for(ptr = form; ptr != NULL; ptr = ptr->more) {
+        if(ptr->name_alloc) {
+          Curl_safefree(ptr->name);
+          ptr->name_alloc = FALSE;
+        }
+        if(ptr->value_alloc) {
+          Curl_safefree(ptr->value);
+          ptr->value_alloc = FALSE;
+        }
+        if(ptr->contenttype_alloc) {
+          Curl_safefree(ptr->contenttype);
+          ptr->contenttype_alloc = FALSE;
+        }
+        if(ptr->showfilename_alloc) {
+          Curl_safefree(ptr->showfilename);
+          ptr->showfilename_alloc = FALSE;
+        }
+      }
     }
   }
 
-  /* always delete the allocated memory before returning */
-  form = first_form;
-  while (form != NULL) {
-    FormInfo *delete_form;
-
-    delete_form = form;
-    form = form->more;
-    free (delete_form);
+  /* Always deallocate FormInfo linked list nodes without touching node
+     fields given that these have either been deallocated or are owned
+     now by the httppost linked list */
+  while(first_form) {
+    FormInfo *ptr = first_form->more;
+    Curl_safefree(first_form);
+    first_form = ptr;
   }
 
   return return_value;
@@ -789,6 +760,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
 
 /*
  * curl_formadd() is a public API to add a section to the multipart formpost.
+ *
+ * @unittest: 1308
  */
 
 CURLFORMcode curl_formadd(struct curl_httppost **httppost,
@@ -803,6 +776,70 @@ CURLFORMcode curl_formadd(struct curl_httppost **httppost,
   return result;
 }
 
+#ifdef __VMS
+#include <fabdef.h>
+/*
+ * get_vms_file_size does what it takes to get the real size of the file
+ *
+ * For fixed files, find out the size of the EOF block and adjust.
+ *
+ * For all others, have to read the entire file in, discarding the contents.
+ * Most posted text files will be small, and binary files like zlib archives
+ * and CD/DVD images should be either a STREAM_LF format or a fixed format.
+ *
+ */
+curl_off_t VmsRealFileSize(const char * name,
+                           const struct_stat * stat_buf)
+{
+  char buffer[8192];
+  curl_off_t count;
+  int ret_stat;
+  FILE * file;
+
+  file = fopen(name, "r");
+  if(file == NULL)
+    return 0;
+
+  count = 0;
+  ret_stat = 1;
+  while(ret_stat > 0) {
+    ret_stat = fread(buffer, 1, sizeof(buffer), file);
+    if(ret_stat != 0)
+      count += ret_stat;
+  }
+  fclose(file);
+
+  return count;
+}
+
+/*
+ *
+ *  VmsSpecialSize checks to see if the stat st_size can be trusted and
+ *  if not to call a routine to get the correct size.
+ *
+ */
+static curl_off_t VmsSpecialSize(const char * name,
+                                 const struct_stat * stat_buf)
+{
+  switch(stat_buf->st_fab_rfm) {
+  case FAB$C_VAR:
+  case FAB$C_VFC:
+    return VmsRealFileSize(name, stat_buf);
+    break;
+  default:
+    return stat_buf->st_size;
+  }
+}
+
+#endif
+
+#ifndef __VMS
+#define filesize(name, stat_data) (stat_data.st_size)
+#else
+    /* Getting the expected file size needs help on VMS */
+#define filesize(name, stat_data) VmsSpecialSize(name, &stat_data)
+#endif
+
 /*
  * AddFormData() adds a chunk of data to the FormData linked list.
  *
@@ -814,24 +851,30 @@ static CURLcode AddFormData(struct FormData **formp,
                             size_t length,
                             curl_off_t *size)
 {
-  struct FormData *newform = (struct FormData *)
-    malloc(sizeof(struct FormData));
-  if (!newform)
+  struct FormData *newform = malloc(sizeof(struct FormData));
+  if(!newform)
     return CURLE_OUT_OF_MEMORY;
   newform->next = NULL;
 
-  /* we make it easier for plain strings: */
-  if(!length)
-    length = strlen((char *)line);
+  if(type <= FORM_CONTENT) {
+    /* we make it easier for plain strings: */
+    if(!length)
+      length = strlen((char *)line);
 
-  newform->line = (char *)malloc(length+1);
-  if (!newform->line) {
-    free(newform);
-    return CURLE_OUT_OF_MEMORY;
+    newform->line = malloc(length+1);
+    if(!newform->line) {
+      free(newform);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    memcpy(newform->line, line, length);
+    newform->length = length;
+    newform->line[length]=0; /* zero terminate for easier debugging */
   }
-  memcpy(newform->line, line, length);
-  newform->length = length;
-  newform->line[length]=0; /* zero terminate for easier debugging */
+  else
+    /* For callbacks and files we don't have any actual data so we just keep a
+       pointer to whatever this points to */
+    newform->line = (char *)line;
+
   newform->type = type;
 
   if(*formp) {
@@ -841,17 +884,20 @@ static CURLcode AddFormData(struct FormData **formp,
   else
     *formp = newform;
 
-  if (size) {
-    if((type == FORM_DATA) || (type == FORM_CONTENT))
+  if(size) {
+    if(type != FORM_FILE)
+      /* for static content as well as callback data we add the size given
+         as input argument */
       *size += length;
     else {
       /* Since this is a file to be uploaded here, add the size of the actual
          file */
       if(!strequal("-", newform->line)) {
         struct_stat file;
-        if(!stat(newform->line, &file)) {
-          *size += file.st_size;
-        }
+        if(!stat(newform->line, &file) && !S_ISDIR(file.st_mode))
+          *size += filesize(newform->line, file);
+        else
+          return CURLE_BAD_FUNCTION_ARGUMENT;
       }
     }
   }
@@ -889,48 +935,21 @@ void Curl_formclean(struct FormData **form_ptr)
 
   do {
     next=form->next;  /* the following form line */
-    free(form->line); /* free the line */
+    if(form->type <= FORM_CONTENT)
+      free(form->line); /* free the line */
     free(form);       /* free the struct */
 
-  } while ((form = next) != NULL); /* continue */
+  } while((form = next) != NULL); /* continue */
 
   *form_ptr = NULL;
 }
 
-#ifdef CURL_DOES_CONVERSIONS
-/*
- * Curl_formcovert() is used from http.c, this converts any
-   form items that need to be sent in the network encoding.
-   Returns CURLE_OK on success.
- */
-CURLcode Curl_formconvert(struct SessionHandle *data, struct FormData *form)
-{
-  struct FormData *next;
-  CURLcode rc;
-
-  if(!form)
-    return CURLE_OK;
-
-  if(!data)
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-
-  do {
-    next=form->next;  /* the following form line */
-    if (form->type == FORM_DATA) {
-      rc = Curl_convert_to_network(data, form->line, form->length);
-      /* Curl_convert_to_network calls failf if unsuccessful */
-      if (rc != CURLE_OK)
-        return rc;
-    }
-  } while ((form = next) != NULL); /* continue */
-  return CURLE_OK;
-}
-#endif /* CURL_DOES_CONVERSIONS */
-
 /*
  * curl_formget()
  * Serialize a curl_httppost struct.
  * Returns 0 on success.
+ *
+ * @unittest: 1308
  */
 int curl_formget(struct curl_httppost *form, void *arg,
                  curl_formget_callback append)
@@ -939,30 +958,32 @@ int curl_formget(struct curl_httppost *form, void *arg,
   curl_off_t size;
   struct FormData *data, *ptr;
 
-  rc = Curl_getFormData(&data, form, NULL, &size);
-  if (rc != CURLE_OK)
+  rc = Curl_getformdata(NULL, &data, form, NULL, &size);
+  if(rc != CURLE_OK)
     return (int)rc;
 
-  for (ptr = data; ptr; ptr = ptr->next) {
-    if (ptr->type == FORM_FILE) {
+  for(ptr = data; ptr; ptr = ptr->next) {
+    if((ptr->type == FORM_FILE) || (ptr->type == FORM_CALLBACK)) {
       char buffer[8192];
-      size_t read;
+      size_t nread;
       struct Form temp;
 
       Curl_FormInit(&temp, ptr);
 
       do {
-        read = readfromfile(&temp, buffer, sizeof(buffer));
-        if ((read == (size_t) -1) || (read != append(arg, buffer, read))) {
-          if (temp.fp) {
+        nread = readfromfile(&temp, buffer, sizeof(buffer));
+        if((nread == (size_t) -1) ||
+           (nread > sizeof(buffer)) ||
+           (nread != append(arg, buffer, nread))) {
+          if(temp.fp)
             fclose(temp.fp);
-          }
           Curl_formclean(&data);
           return -1;
         }
-      } while (read == sizeof(buffer));
-    } else {
-      if (ptr->length != append(arg, ptr->line, ptr->length)) {
+      } while(nread);
+    }
+    else {
+      if(ptr->length != append(arg, ptr->line, ptr->length)) {
         Curl_formclean(&data);
         return -1;
       }
@@ -991,9 +1012,11 @@ void curl_formfree(struct curl_httppost *form)
     if(form->more)
       curl_formfree(form->more);
 
-    if( !(form->flags & HTTPPOST_PTRNAME) && form->name)
+    if(!(form->flags & HTTPPOST_PTRNAME) && form->name)
       free(form->name); /* free the name */
-    if( !(form->flags & HTTPPOST_PTRCONTENTS) && form->contents)
+    if(!(form->flags &
+         (HTTPPOST_PTRCONTENTS|HTTPPOST_BUFFER|HTTPPOST_CALLBACK)) &&
+       form->contents)
       free(form->contents); /* free the contents */
     if(form->contenttype)
       free(form->contenttype); /* free the content type */
@@ -1001,7 +1024,7 @@ void curl_formfree(struct curl_httppost *form)
       free(form->showfilename); /* free the faked file name */
     free(form);       /* free the struct */
 
-  } while ((form = next) != NULL); /* continue */
+  } while((form = next) != NULL); /* continue */
 }
 
 #ifndef HAVE_BASENAME
@@ -1029,7 +1052,7 @@ void curl_formfree(struct curl_httppost *form)
   required to be reentrant is not required to be thread-safe.
 
 */
-static char *basename(char *path)
+static char *Curl_basename(char *path)
 {
   /* Ignore all the details above for now and make a quick and simple
      implementaion here */
@@ -1051,7 +1074,7 @@ static char *basename(char *path)
 }
 #endif
 
-static char *strippath(char *fullfile)
+static char *strippath(const char *fullfile)
 {
   char *filename;
   char *base;
@@ -1063,19 +1086,67 @@ static char *strippath(char *fullfile)
 
   free(filename); /* free temporary buffer */
 
-  return base; /* returns an allocated string! */
+  return base; /* returns an allocated string or NULL ! */
+}
+
+static CURLcode formdata_add_filename(const struct curl_httppost *file,
+                                      struct FormData **form,
+                                      curl_off_t *size)
+{
+  CURLcode result = CURLE_OK;
+  char *filename = file->showfilename;
+  char *filebasename = NULL;
+  char *filename_escaped = NULL;
+
+  if(!filename) {
+    filebasename = strippath(file->contents);
+    if(!filebasename)
+      return CURLE_OUT_OF_MEMORY;
+    filename = filebasename;
+  }
+
+  if(strchr(filename, '\\') || strchr(filename, '"')) {
+    char *p0, *p1;
+
+    /* filename need be escaped */
+    filename_escaped = malloc(strlen(filename)*2+1);
+    if(!filename_escaped) {
+      Curl_safefree(filebasename);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    p0 = filename_escaped;
+    p1 = filename;
+    while(*p1) {
+      if(*p1 == '\\' || *p1 == '"')
+        *p0++ = '\\';
+      *p0++ = *p1++;
+    }
+    *p0 = '\0';
+    filename = filename_escaped;
+  }
+  result = AddFormDataf(form, size,
+                        "; filename=\"%s\"",
+                        filename);
+  Curl_safefree(filename_escaped);
+  Curl_safefree(filebasename);
+  return result;
 }
 
 /*
- * Curl_getFormData() converts a linked list of "meta data" into a complete
+ * Curl_getformdata() converts a linked list of "meta data" into a complete
  * (possibly huge) multipart formdata. The input list is in 'post', while the
  * output resulting linked lists gets stored in '*finalform'. *sizep will get
  * the total size of the whole POST.
  * A multipart/form_data content-type is built, unless a custom content-type
  * is passed in 'custom_content_type'.
+ *
+ * This function will not do a failf() for the potential memory failures but
+ * should for all other errors it spots. Just note that this function MAY get
+ * a NULL pointer in the 'data' argument.
  */
 
-CURLcode Curl_getFormData(struct FormData **finalform,
+CURLcode Curl_getformdata(struct SessionHandle *data,
+                          struct FormData **finalform,
                           struct curl_httppost *post,
                           const char *custom_content_type,
                           curl_off_t *sizep)
@@ -1085,17 +1156,17 @@ CURLcode Curl_getFormData(struct FormData **finalform,
   struct curl_httppost *file;
   CURLcode result = CURLE_OK;
 
-  curl_off_t size=0; /* support potentially ENORMOUS formposts */
+  curl_off_t size = 0; /* support potentially ENORMOUS formposts */
   char *boundary;
-  char *fileboundary=NULL;
+  char *fileboundary = NULL;
   struct curl_slist* curList;
 
-  *finalform=NULL; /* default form is empty */
+  *finalform = NULL; /* default form is empty */
 
   if(!post)
     return result; /* no input => no output! */
 
-  boundary = Curl_FormBoundary();
+  boundary = formboundary(data);
   if(!boundary)
     return CURLE_OUT_OF_MEMORY;
 
@@ -1106,8 +1177,8 @@ CURLcode Curl_getFormData(struct FormData **finalform,
                         "Content-Type: multipart/form-data",
                         boundary);
 
-  if (result) {
-    free(boundary);
+  if(result) {
+    Curl_safefree(boundary);
     return result;
   }
   /* we DO NOT include that line in the total size of the POST, since it'll be
@@ -1119,13 +1190,13 @@ CURLcode Curl_getFormData(struct FormData **finalform,
 
     if(size) {
       result = AddFormDataf(&form, &size, "\r\n");
-      if (result)
+      if(result)
         break;
     }
 
     /* boundary */
     result = AddFormDataf(&form, &size, "--%s\r\n", boundary);
-    if (result)
+    if(result)
       break;
 
     /* Maybe later this should be disabled when a custom_content_type is
@@ -1134,29 +1205,34 @@ CURLcode Curl_getFormData(struct FormData **finalform,
     */
     result = AddFormDataf(&form, &size,
                           "Content-Disposition: form-data; name=\"");
-    if (result)
+    if(result)
       break;
 
     result = AddFormData(&form, FORM_DATA, post->name, post->namelength,
                          &size);
-    if (result)
+    if(result)
       break;
 
     result = AddFormDataf(&form, &size, "\"");
-    if (result)
+    if(result)
       break;
 
     if(post->more) {
       /* If used, this is a link to more file names, we must then do
          the magic to include several files with the same field name */
 
-      fileboundary = Curl_FormBoundary();
+      Curl_safefree(fileboundary);
+      fileboundary = formboundary(data);
+      if(!fileboundary) {
+        result = CURLE_OUT_OF_MEMORY;
+        break;
+      }
 
       result = AddFormDataf(&form, &size,
-                            "\r\nContent-Type: multipart/mixed,"
+                            "\r\nContent-Type: multipart/mixed;"
                             " boundary=%s\r\n",
                             fileboundary);
-      if (result)
+      if(result)
         break;
     }
 
@@ -1170,34 +1246,26 @@ CURLcode Curl_getFormData(struct FormData **finalform,
 
       if(post->more) {
         /* if multiple-file */
-        char *filebasename=
-          (!file->showfilename)?strippath(file->contents):NULL;
-
         result = AddFormDataf(&form, &size,
                               "\r\n--%s\r\nContent-Disposition: "
-                              "attachment; filename=\"%s\"",
-                              fileboundary,
-                              (file->showfilename?file->showfilename:
-                               filebasename));
-        if (filebasename)
-          free(filebasename);
-        if (result)
+                              "attachment",
+                              fileboundary);
+        if(result)
+          break;
+        result = formdata_add_filename(file, &form, &size);
+        if(result)
           break;
       }
-      else if((post->flags & HTTPPOST_FILENAME) ||
-              (post->flags & HTTPPOST_BUFFER)) {
-
-        char *filebasename=
-          (!post->showfilename)?strippath(post->contents):NULL;
-
-        result = AddFormDataf(&form, &size,
-                              "; filename=\"%s\"",
-                              (post->showfilename?post->showfilename:
-                               filebasename));
-        if (filebasename)
-          free(filebasename);
+      else if(post->flags & (HTTPPOST_FILENAME|HTTPPOST_BUFFER|
+                             HTTPPOST_CALLBACK)) {
+        /* it should be noted that for the HTTPPOST_FILENAME and
+           HTTPPOST_CALLBACK cases the ->showfilename struct member is always
+           assigned at this point */
+        if(post->showfilename || (post->flags & HTTPPOST_FILENAME)) {
+          result = formdata_add_filename(post, &form, &size);
+        }
 
-        if (result)
+        if(result)
           break;
       }
 
@@ -1206,43 +1274,23 @@ CURLcode Curl_getFormData(struct FormData **finalform,
         result = AddFormDataf(&form, &size,
                               "\r\nContent-Type: %s",
                               file->contenttype);
-        if (result)
+        if(result)
           break;
       }
 
       curList = file->contentheader;
-      while( curList ) {
+      while(curList) {
         /* Process the additional headers specified for this form */
         result = AddFormDataf( &form, &size, "\r\n%s", curList->data );
-        if (result)
+        if(result)
           break;
         curList = curList->next;
       }
-      if (result) {
-        Curl_formclean(&firstform);
-        free(boundary);
-        return result;
-      }
-
-#if 0
-      /* The header Content-Transfer-Encoding: seems to confuse some receivers
-       * (like the built-in PHP engine). While I can't see any reason why it
-       * should, I can just as well skip this to the benefit of the users who
-       * are using such confused receivers.
-       */
-
-      if(file->contenttype &&
-         !checkprefix("text/", file->contenttype)) {
-        /* this is not a text content, mention our binary encoding */
-        result = AddFormDataf(&form, &size,
-                              "\r\nContent-Transfer-Encoding: binary");
-        if (result)
-          break;
-      }
-#endif
+      if(result)
+        break;
 
       result = AddFormDataf(&form, &size, "\r\n\r\n");
-      if (result)
+      if(result)
         break;
 
       if((post->flags & HTTPPOST_FILENAME) ||
@@ -1261,7 +1309,7 @@ CURLcode Curl_getFormData(struct FormData **finalform,
 
         if(fileread) {
           if(fileread != stdin) {
-            /* close the file again */
+            /* close the file */
             fclose(fileread);
             /* add the file name only - for later reading from this */
             result = AddFormData(&form, FORM_FILE, file->contents, 0, &size);
@@ -1274,54 +1322,39 @@ CURLcode Curl_getFormData(struct FormData **finalform,
              */
             size_t nread;
             char buffer[512];
-            while ((nread = fread(buffer, 1, sizeof(buffer), fileread)) != 0) {
+            while((nread = fread(buffer, 1, sizeof(buffer), fileread)) != 0) {
               result = AddFormData(&form, FORM_CONTENT, buffer, nread, &size);
-              if (result)
+              if(result)
                 break;
             }
           }
-
-          if (result) {
-            Curl_formclean(&firstform);
-            free(boundary);
-            return result;
-          }
-
         }
         else {
-#ifdef _FORM_DEBUG
-          fprintf(stderr,
-                  "\n==> Curl_getFormData couldn't open/read \"%s\"\n",
-                  file->contents);
-#endif
-          Curl_formclean(&firstform);
-          free(boundary);
+          if(data)
+            failf(data, "couldn't open file \"%s\"", file->contents);
           *finalform = NULL;
-          return CURLE_READ_ERROR;
+          result = CURLE_READ_ERROR;
         }
-
       }
-      else if (post->flags & HTTPPOST_BUFFER) {
+      else if(post->flags & HTTPPOST_BUFFER)
         /* include contents of buffer */
         result = AddFormData(&form, FORM_CONTENT, post->buffer,
                              post->bufferlength, &size);
-          if (result)
-            break;
-      }
-
-      else {
+      else if(post->flags & HTTPPOST_CALLBACK)
+        /* the contents should be read with the callback and the size
+           is set with the contentslength */
+        result = AddFormData(&form, FORM_CALLBACK, post->userp,
+                             post->contentslength, &size);
+      else
         /* include the contents we got */
         result = AddFormData(&form, FORM_CONTENT, post->contents,
                              post->contentslength, &size);
-        if (result)
-          break;
-      }
-    } while ((file = file->more) != NULL); /* for each specified file for this field */
-    if (result) {
-      Curl_formclean(&firstform);
-      free(boundary);
-      return result;
-    }
+
+      file = file->more;
+    } while(file && !result); /* for each specified file for this field */
+
+    if(result)
+      break;
 
     if(post->more) {
       /* this was a multiple-file inclusion, make a termination file
@@ -1329,33 +1362,31 @@ CURLcode Curl_getFormData(struct FormData **finalform,
       result = AddFormDataf(&form, &size,
                            "\r\n--%s--",
                            fileboundary);
-      free(fileboundary);
-      if (result)
+      if(result)
         break;
     }
 
-  } while ((post = post->next) != NULL); /* for each field */
-  if (result) {
-    Curl_formclean(&firstform);
-    free(boundary);
-    return result;
-  }
+  } while((post = post->next) != NULL); /* for each field */
 
   /* end-boundary for everything */
-  result = AddFormDataf(&form, &size,
-                       "\r\n--%s--\r\n",
-                       boundary);
-  if (result) {
+  if(CURLE_OK == result)
+    result = AddFormDataf(&form, &size,
+                          "\r\n--%s--\r\n",
+                          boundary);
+
+  if(result) {
     Curl_formclean(&firstform);
-    free(boundary);
+    Curl_safefree(fileboundary);
+    Curl_safefree(boundary);
     return result;
   }
 
   *sizep = size;
 
-  free(boundary);
+  Curl_safefree(fileboundary);
+  Curl_safefree(boundary);
 
-  *finalform=firstform;
+  *finalform = firstform;
 
   return result;
 }
@@ -1372,25 +1403,75 @@ int Curl_FormInit(struct Form *form, struct FormData *formdata )
   form->data = formdata;
   form->sent = 0;
   form->fp = NULL;
+  form->fread_func = ZERO_NULL;
 
   return 0;
 }
 
-static size_t readfromfile(struct Form *form, char *buffer, size_t size)
+#ifndef __VMS
+# define fopen_read fopen
+#else
+  /*
+   * vmsfopenread
+   *
+   * For upload to work as expected on VMS, different optional
+   * parameters must be added to the fopen command based on
+   * record format of the file.
+   *
+   */
+# define fopen_read vmsfopenread
+static FILE * vmsfopenread(const char *file, const char *mode) {
+  struct_stat statbuf;
+  int result;
+
+  result = stat(file, &statbuf);
+
+  switch (statbuf.st_fab_rfm) {
+  case FAB$C_VAR:
+  case FAB$C_VFC:
+  case FAB$C_STMCR:
+    return fopen(file, "r");
+    break;
+  default:
+    return fopen(file, "r", "rfm=stmlf", "ctx=stm");
+  }
+}
+#endif
+
+/*
+ * readfromfile()
+ *
+ * The read callback that this function may use can return a value larger than
+ * 'size' (which then this function returns) that indicates a problem and it
+ * must be properly dealt with
+ */
+static size_t readfromfile(struct Form *form, char *buffer,
+                           size_t size)
 {
   size_t nread;
-  if(!form->fp) {
-    /* this file hasn't yet been opened */
-    form->fp = fopen(form->data->line, "rb"); /* b is for binary */
-    if(!form->fp)
-      return (size_t)-1; /* failure */
-  }
-  nread = fread(buffer, 1, size, form->fp);
+  bool callback = (form->data->type == FORM_CALLBACK)?TRUE:FALSE;
 
-  if(nread != size) {
+  if(callback) {
+    if(form->fread_func == ZERO_NULL)
+      return 0;
+    else
+      nread = form->fread_func(buffer, 1, size, form->data->line);
+  }
+  else {
+    if(!form->fp) {
+      /* this file hasn't yet been opened */
+      form->fp = fopen_read(form->data->line, "rb"); /* b is for binary */
+      if(!form->fp)
+        return (size_t)-1; /* failure */
+    }
+    nread = fread(buffer, 1, size, form->fp);
+  }
+  if(!nread) {
     /* this is the last chunk from the file, move on */
-    fclose(form->fp);
-    form->fp = NULL;
+    if(form->fp) {
+      fclose(form->fp);
+      form->fp = NULL;
+    }
     form->data = form->data->next;
   }
 
@@ -1417,7 +1498,8 @@ size_t Curl_FormReader(char *buffer,
   if(!form->data)
     return 0; /* nothing, error, empty */
 
-  if(form->data->type == FORM_FILE) {
+  if((form->data->type == FORM_FILE) ||
+     (form->data->type == FORM_CALLBACK)) {
     gotsize = readfromfile(form, buffer, wantedsize);
 
     if(gotsize)
@@ -1426,7 +1508,7 @@ size_t Curl_FormReader(char *buffer,
   }
   do {
 
-    if( (form->data->length - form->sent ) > wantedsize - gotsize) {
+    if((form->data->length - form->sent ) > wantedsize - gotsize) {
 
       memcpy(buffer + gotsize , form->data->line + form->sent,
              wantedsize - gotsize);
@@ -1445,10 +1527,9 @@ size_t Curl_FormReader(char *buffer,
 
     form->data = form->data->next; /* advance */
 
-  } while(form->data && (form->data->type != FORM_FILE));
+  } while(form->data && (form->data->type < FORM_CALLBACK));
   /* If we got an empty line and we have more data, we proceed to the next
-     line immediately to avoid returning zero before we've reached the end.
-     This is the bug reported November 22 1999 on curl 6.3. (Daniel) */
+     line immediately to avoid returning zero before we've reached the end. */
 
   return gotsize;
 }
@@ -1474,161 +1555,18 @@ char *Curl_formpostheader(void *formp, size_t *len)
   return header;
 }
 
-
-#ifdef _FORM_DEBUG
-int FormAddTest(const char * errormsg,
-                 struct curl_httppost **httppost,
-                 struct curl_httppost **last_post,
-                 ...)
-{
-  int result;
-  va_list arg;
-  va_start(arg, last_post);
-  if ((result = FormAdd(httppost, last_post, arg)))
-    fprintf (stderr, "ERROR doing FormAdd ret: %d action: %s\n", result,
-             errormsg);
-  va_end(arg);
-  return result;
-}
-
-
-int main()
+/*
+ * formboundary() creates a suitable boundary string and returns an allocated
+ * one.
+ */
+static char *formboundary(struct SessionHandle *data)
 {
-  char name1[] = "simple_COPYCONTENTS";
-  char name2[] = "COPYCONTENTS_+_CONTENTTYPE";
-  char name3[] = "PTRNAME_+_NAMELENGTH_+_COPYNAME_+_CONTENTSLENGTH";
-  char name4[] = "simple_PTRCONTENTS";
-  char name5[] = "PTRCONTENTS_+_CONTENTSLENGTH";
-  char name6[] = "PTRCONTENTS_+_CONTENTSLENGTH_+_CONTENTTYPE";
-  char name7[] = "FILE1_+_CONTENTTYPE";
-  char name8[] = "FILE1_+_FILE2";
-  char name9[] = "FILE1_+_FILE2_+_FILE3";
-  char name10[] = "ARRAY: FILE1_+_FILE2_+_FILE3";
-  char name11[] = "FILECONTENT";
-  char value1[] = "value for simple COPYCONTENTS";
-  char value2[] = "value for COPYCONTENTS + CONTENTTYPE";
-  char value3[] = "value for PTRNAME + NAMELENGTH + COPYNAME + CONTENTSLENGTH";
-  char value4[] = "value for simple PTRCONTENTS";
-  char value5[] = "value for PTRCONTENTS + CONTENTSLENGTH";
-  char value6[] = "value for PTRCOTNENTS + CONTENTSLENGTH + CONTENTTYPE";
-  char value7[] = "inet_ntoa_r.h";
-  char value8[] = "Makefile.b32";
-  char type2[] = "image/gif";
-  char type6[] = "text/plain";
-  char type7[] = "text/html";
-  int name3length = strlen(name3);
-  int value3length = strlen(value3);
-  int value5length = strlen(value4);
-  int value6length = strlen(value5);
-  int errors = 0;
-  CURLcode rc;
-  size_t size;
-  size_t nread;
-  char buffer[4096];
-  struct curl_httppost *httppost=NULL;
-  struct curl_httppost *last_post=NULL;
-  struct curl_forms forms[4];
-
-  struct FormData *form;
-  struct Form formread;
-
-  if (FormAddTest("simple COPYCONTENTS test", &httppost, &last_post,
-                  CURLFORM_COPYNAME, name1, CURLFORM_COPYCONTENTS, value1,
-                  CURLFORM_END))
-    ++errors;
-  if (FormAddTest("COPYCONTENTS  + CONTENTTYPE test", &httppost, &last_post,
-                  CURLFORM_COPYNAME, name2, CURLFORM_COPYCONTENTS, value2,
-                  CURLFORM_CONTENTTYPE, type2, CURLFORM_END))
-    ++errors;
-  /* make null character at start to check that contentslength works
-     correctly */
-  name3[1] = '\0';
-  value3[1] = '\0';
-  if (FormAddTest("PTRNAME + NAMELENGTH + COPYNAME + CONTENTSLENGTH test",
-                  &httppost, &last_post,
-                  CURLFORM_PTRNAME, name3, CURLFORM_COPYCONTENTS, value3,
-                  CURLFORM_CONTENTSLENGTH, value3length,
-                  CURLFORM_NAMELENGTH, name3length, CURLFORM_END))
-    ++errors;
-  if (FormAddTest("simple PTRCONTENTS test", &httppost, &last_post,
-                  CURLFORM_COPYNAME, name4, CURLFORM_PTRCONTENTS, value4,
-                  CURLFORM_END))
-    ++errors;
-  /* make null character at start to check that contentslength works
-     correctly */
-  value5[1] = '\0';
-  if (FormAddTest("PTRCONTENTS + CONTENTSLENGTH test", &httppost, &last_post,
-                  CURLFORM_COPYNAME, name5, CURLFORM_PTRCONTENTS, value5,
-                  CURLFORM_CONTENTSLENGTH, value5length, CURLFORM_END))
-    ++errors;
-  /* make null character at start to check that contentslength works
-     correctly */
-  value6[1] = '\0';
-  if (FormAddTest("PTRCONTENTS + CONTENTSLENGTH + CONTENTTYPE test",
-                  &httppost, &last_post,
-                  CURLFORM_COPYNAME, name6, CURLFORM_PTRCONTENTS, value6,
-                  CURLFORM_CONTENTSLENGTH, value6length,
-                  CURLFORM_CONTENTTYPE, type6, CURLFORM_END))
-    ++errors;
-  if (FormAddTest("FILE + CONTENTTYPE test", &httppost, &last_post,
-                  CURLFORM_COPYNAME, name7, CURLFORM_FILE, value7,
-                  CURLFORM_CONTENTTYPE, type7, CURLFORM_END))
-    ++errors;
-  if (FormAddTest("FILE1 + FILE2 test", &httppost, &last_post,
-                  CURLFORM_COPYNAME, name8, CURLFORM_FILE, value7,
-                  CURLFORM_FILE, value8, CURLFORM_END))
-    ++errors;
-  if (FormAddTest("FILE1 + FILE2 + FILE3 test", &httppost, &last_post,
-                  CURLFORM_COPYNAME, name9, CURLFORM_FILE, value7,
-                  CURLFORM_FILE, value8, CURLFORM_FILE, value7, CURLFORM_END))
-    ++errors;
-  forms[0].option = CURLFORM_FILE;
-  forms[0].value  = value7;
-  forms[1].option = CURLFORM_FILE;
-  forms[1].value  = value8;
-  forms[2].option = CURLFORM_FILE;
-  forms[2].value  = value7;
-  forms[3].option  = CURLFORM_END;
-  if (FormAddTest("FILE1 + FILE2 + FILE3 ARRAY test", &httppost, &last_post,
-                  CURLFORM_COPYNAME, name10, CURLFORM_ARRAY, forms,
-                  CURLFORM_END))
-    ++errors;
-  if (FormAddTest("FILECONTENT test", &httppost, &last_post,
-                  CURLFORM_COPYNAME, name11, CURLFORM_FILECONTENT, value7,
-                  CURLFORM_END))
-    ++errors;
-
-  rc = Curl_getFormData(&form, httppost, NULL, &size);
-  if(rc != CURLE_OK) {
-    if(rc != CURLE_READ_ERROR) {
-      const char *errortext = curl_easy_strerror(rc);
-      fprintf(stdout, "\n==> Curl_getFormData error: %s\n", errortext);
-    }
-    return 0;
-  }
-
-  Curl_FormInit(&formread, form);
-
-  do {
-    nread = Curl_FormReader(buffer, 1, sizeof(buffer),
-                            (FILE *)&formread);
-
-    if(nread < 1)
-      break;
-    fwrite(buffer, nread, 1, stdout);
-  } while(1);
-
-  fprintf(stdout, "size: %d\n", size);
-  if (errors)
-    fprintf(stdout, "\n==> %d Test(s) failed!\n", errors);
-  else
-    fprintf(stdout, "\nAll Tests seem to have worked (please check output)\n");
-
-  return 0;
+  /* 24 dashes and 16 hexadecimal digits makes 64 bit (18446744073709551615)
+     combinations */
+  return aprintf("------------------------%08x%08x",
+                 Curl_rand(data), Curl_rand(data));
 }
 
-#endif  /* _FORM_DEBUG */
-
 #else  /* CURL_DISABLE_HTTP */
 CURLFORMcode curl_formadd(struct curl_httppost **httppost,
                           struct curl_httppost **last_post,
@@ -1654,41 +1592,5 @@ void curl_formfree(struct curl_httppost *form)
   /* does nothing HTTP is disabled */
 }
 
-#endif  /* CURL_DISABLE_HTTP */
 
-#if !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY)
-
-/*
- * Curl_FormBoundary() creates a suitable boundary string and returns an
- * allocated one. This is also used by SSL-code so it must be present even
- * if HTTP is disabled!
- */
-char *Curl_FormBoundary(void)
-{
-  char *retstring;
-  static int randomizer;   /* this is just so that two boundaries within
-                              the same form won't be identical */
-  size_t i;
-
-  static const char table16[]="abcdef0123456789";
-
-  retstring = (char *)malloc(BOUNDARY_LENGTH+1);
-
-  if(!retstring)
-    return NULL; /* failed */
-
-  srand((unsigned int)time(NULL)+randomizer++); /* seed */
-
-  strcpy(retstring, "----------------------------");
-
-  for(i=strlen(retstring); i<BOUNDARY_LENGTH; i++)
-    retstring[i] = table16[rand()%16];
-
-  /* 28 dashes and 12 hexadecimal digits makes 12^16 (184884258895036416)
-     combinations */
-  retstring[BOUNDARY_LENGTH]=0; /* zero terminate */
-
-  return retstring;
-}
-
-#endif  /* !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY) */
+#endif  /* !defined(CURL_DISABLE_HTTP) */
diff --git a/Utilities/cmcurl/formdata.h b/Utilities/cmcurl/lib/formdata.h
index 4ca0f3c..22f504b 100644
--- a/Utilities/cmcurl/formdata.h
+++ b/Utilities/cmcurl/lib/formdata.h
@@ -1,6 +1,5 @@
-#ifndef __FORMDATA_H
-#define __FORMDATA_H
-
+#ifndef HEADER_CURL_FORMDATA_H
+#define HEADER_CURL_FORMDATA_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -8,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,14 +20,15 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 enum formtype {
   FORM_DATA,    /* form metadata (convert to network encoding if necessary) */
   FORM_CONTENT, /* form content  (never convert) */
-  FORM_FILE     /* 'line' points to a file name we should read from 
-                    to create the form data (never convert) */
+  FORM_CALLBACK, /* 'line' points to the custom pointer we pass to the callback
+                  */
+  FORM_FILE     /* 'line' points to a file name we should read from
+                   to create the form data (never convert) */
 };
 
 /* plain and simple linked list with lines to send */
@@ -44,6 +44,7 @@ struct Form {
   size_t sent;           /* number of bytes of the current line that has
                             already been sent in a previous invoke */
   FILE *fp;              /* file to read from */
+  curl_read_callback fread_func; /* fread callback pointer */
 };
 
 /* used by FormAdd for temporary storage */
@@ -62,17 +63,18 @@ typedef struct FormInfo {
   char *showfilename; /* The file name to show. If not set, the actual
                          file name will be used */
   bool showfilename_alloc;
+  char *userp;        /* pointer for the read callback */
   struct curl_slist* contentheader;
   struct FormInfo *more;
 } FormInfo;
 
 int Curl_FormInit(struct Form *form, struct FormData *formdata );
 
-CURLcode
-Curl_getFormData(struct FormData **,
-                 struct curl_httppost *post,
-                 const char *custom_contenttype,
-                 curl_off_t *size);
+CURLcode Curl_getformdata(struct SessionHandle *data,
+                          struct FormData **,
+                          struct curl_httppost *post,
+                          const char *custom_contenttype,
+                          curl_off_t *size);
 
 /* fread() emulation */
 size_t Curl_FormReader(char *buffer,
@@ -93,5 +95,4 @@ void Curl_formclean(struct FormData **);
 
 CURLcode Curl_formconvert(struct SessionHandle *, struct FormData *);
 
-#endif
-
+#endif /* HEADER_CURL_FORMDATA_H */
diff --git a/Utilities/cmcurl/lib/ftp.c b/Utilities/cmcurl/lib/ftp.c
new file mode 100644
index 0000000..1644983
--- /dev/null
+++ b/Utilities/cmcurl/lib/ftp.c
@@ -0,0 +1,4586 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_FTP
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
+#undef in_addr_t
+#define in_addr_t unsigned long
+#endif
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "sendf.h"
+#include "if2ip.h"
+#include "hostip.h"
+#include "progress.h"
+#include "transfer.h"
+#include "escape.h"
+#include "http.h" /* for HTTP proxy tunnel stuff */
+#include "socks.h"
+#include "ftp.h"
+#include "fileinfo.h"
+#include "ftplistparser.h"
+#include "curl_sec.h"
+#include "strtoofft.h"
+#include "strequal.h"
+#include "vtls/vtls.h"
+#include "connect.h"
+#include "strerror.h"
+#include "inet_ntop.h"
+#include "inet_pton.h"
+#include "select.h"
+#include "parsedate.h" /* for the week day and month names */
+#include "sockaddr.h" /* required for Curl_sockaddr_storage */
+#include "multiif.h"
+#include "url.h"
+#include "rawstr.h"
+#include "speedcheck.h"
+#include "warnless.h"
+#include "http_proxy.h"
+#include "non-ascii.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifndef NI_MAXHOST
+#define NI_MAXHOST 1025
+#endif
+#ifndef INET_ADDRSTRLEN
+#define INET_ADDRSTRLEN 16
+#endif
+
+#ifdef CURL_DISABLE_VERBOSE_STRINGS
+#define ftp_pasv_verbose(a,b,c,d)  Curl_nop_stmt
+#endif
+
+/* Local API functions */
+#ifndef DEBUGBUILD
+static void _state(struct connectdata *conn,
+                   ftpstate newstate);
+#define state(x,y) _state(x,y)
+#else
+static void _state(struct connectdata *conn,
+                   ftpstate newstate,
+                   int lineno);
+#define state(x,y) _state(x,y,__LINE__)
+#endif
+
+static CURLcode ftp_sendquote(struct connectdata *conn,
+                              struct curl_slist *quote);
+static CURLcode ftp_quit(struct connectdata *conn);
+static CURLcode ftp_parse_url_path(struct connectdata *conn);
+static CURLcode ftp_regular_transfer(struct connectdata *conn, bool *done);
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+static void ftp_pasv_verbose(struct connectdata *conn,
+                             Curl_addrinfo *ai,
+                             char *newhost, /* ascii version */
+                             int port);
+#endif
+static CURLcode ftp_state_prepare_transfer(struct connectdata *conn);
+static CURLcode ftp_state_mdtm(struct connectdata *conn);
+static CURLcode ftp_state_quote(struct connectdata *conn,
+                                bool init, ftpstate instate);
+static CURLcode ftp_nb_type(struct connectdata *conn,
+                            bool ascii, ftpstate newstate);
+static int ftp_need_type(struct connectdata *conn,
+                         bool ascii);
+static CURLcode ftp_do(struct connectdata *conn, bool *done);
+static CURLcode ftp_done(struct connectdata *conn,
+                         CURLcode, bool premature);
+static CURLcode ftp_connect(struct connectdata *conn, bool *done);
+static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection);
+static CURLcode ftp_do_more(struct connectdata *conn, int *completed);
+static CURLcode ftp_multi_statemach(struct connectdata *conn, bool *done);
+static int ftp_getsock(struct connectdata *conn, curl_socket_t *socks,
+                       int numsocks);
+static int ftp_domore_getsock(struct connectdata *conn, curl_socket_t *socks,
+                              int numsocks);
+static CURLcode ftp_doing(struct connectdata *conn,
+                          bool *dophase_done);
+static CURLcode ftp_setup_connection(struct connectdata * conn);
+
+static CURLcode init_wc_data(struct connectdata *conn);
+static CURLcode wc_statemach(struct connectdata *conn);
+
+static void wc_data_dtor(void *ptr);
+
+static CURLcode ftp_state_retr(struct connectdata *conn, curl_off_t filesize);
+
+static CURLcode ftp_readresp(curl_socket_t sockfd,
+                             struct pingpong *pp,
+                             int *ftpcode,
+                             size_t *size);
+static CURLcode ftp_dophase_done(struct connectdata *conn,
+                                 bool connected);
+
+/* easy-to-use macro: */
+#define PPSENDF(x,y,z)  if((result = Curl_pp_sendf(x,y,z)) != CURLE_OK) \
+                              return result
+
+
+/*
+ * FTP protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_ftp = {
+  "FTP",                           /* scheme */
+  ftp_setup_connection,            /* setup_connection */
+  ftp_do,                          /* do_it */
+  ftp_done,                        /* done */
+  ftp_do_more,                     /* do_more */
+  ftp_connect,                     /* connect_it */
+  ftp_multi_statemach,             /* connecting */
+  ftp_doing,                       /* doing */
+  ftp_getsock,                     /* proto_getsock */
+  ftp_getsock,                     /* doing_getsock */
+  ftp_domore_getsock,              /* domore_getsock */
+  ZERO_NULL,                       /* perform_getsock */
+  ftp_disconnect,                  /* disconnect */
+  ZERO_NULL,                       /* readwrite */
+  PORT_FTP,                        /* defport */
+  CURLPROTO_FTP,                   /* protocol */
+  PROTOPT_DUAL | PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD
+  | PROTOPT_NOURLQUERY /* flags */
+};
+
+
+#ifdef USE_SSL
+/*
+ * FTPS protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_ftps = {
+  "FTPS",                          /* scheme */
+  ftp_setup_connection,            /* setup_connection */
+  ftp_do,                          /* do_it */
+  ftp_done,                        /* done */
+  ftp_do_more,                     /* do_more */
+  ftp_connect,                     /* connect_it */
+  ftp_multi_statemach,             /* connecting */
+  ftp_doing,                       /* doing */
+  ftp_getsock,                     /* proto_getsock */
+  ftp_getsock,                     /* doing_getsock */
+  ftp_domore_getsock,              /* domore_getsock */
+  ZERO_NULL,                       /* perform_getsock */
+  ftp_disconnect,                  /* disconnect */
+  ZERO_NULL,                       /* readwrite */
+  PORT_FTPS,                       /* defport */
+  CURLPROTO_FTPS,                  /* protocol */
+  PROTOPT_SSL | PROTOPT_DUAL | PROTOPT_CLOSEACTION |
+  PROTOPT_NEEDSPWD | PROTOPT_NOURLQUERY /* flags */
+};
+#endif
+
+#ifndef CURL_DISABLE_HTTP
+/*
+ * HTTP-proxyed FTP protocol handler.
+ */
+
+static const struct Curl_handler Curl_handler_ftp_proxy = {
+  "FTP",                                /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_FTP,                             /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+
+#ifdef USE_SSL
+/*
+ * HTTP-proxyed FTPS protocol handler.
+ */
+
+static const struct Curl_handler Curl_handler_ftps_proxy = {
+  "FTPS",                               /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_FTPS,                            /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+#endif
+#endif
+
+
+/*
+ * NOTE: back in the old days, we added code in the FTP code that made NOBODY
+ * requests on files respond with headers passed to the client/stdout that
+ * looked like HTTP ones.
+ *
+ * This approach is not very elegant, it causes confusion and is error-prone.
+ * It is subject for removal at the next (or at least a future) soname bump.
+ * Until then you can test the effects of the removal by undefining the
+ * following define named CURL_FTP_HTTPSTYLE_HEAD.
+ */
+#define CURL_FTP_HTTPSTYLE_HEAD 1
+
+static void freedirs(struct ftp_conn *ftpc)
+{
+  int i;
+  if(ftpc->dirs) {
+    for(i=0; i < ftpc->dirdepth; i++) {
+      if(ftpc->dirs[i]) {
+        free(ftpc->dirs[i]);
+        ftpc->dirs[i]=NULL;
+      }
+    }
+    free(ftpc->dirs);
+    ftpc->dirs = NULL;
+    ftpc->dirdepth = 0;
+  }
+  if(ftpc->file) {
+    free(ftpc->file);
+    ftpc->file = NULL;
+  }
+}
+
+/* Returns non-zero if the given string contains CR (\r) or LF (\n),
+   which are not allowed within RFC 959 <string>.
+   Note: The input string is in the client's encoding which might
+   not be ASCII, so escape sequences \r & \n must be used instead
+   of hex values 0x0d & 0x0a.
+*/
+static bool isBadFtpString(const char *string)
+{
+  return ((NULL != strchr(string, '\r')) ||
+          (NULL != strchr(string, '\n'))) ? TRUE : FALSE;
+}
+
+/***********************************************************************
+ *
+ * AcceptServerConnect()
+ *
+ * After connection request is received from the server this function is
+ * called to accept the connection and close the listening socket
+ *
+ */
+static CURLcode AcceptServerConnect(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  curl_socket_t sock = conn->sock[SECONDARYSOCKET];
+  curl_socket_t s = CURL_SOCKET_BAD;
+#ifdef ENABLE_IPV6
+  struct Curl_sockaddr_storage add;
+#else
+  struct sockaddr_in add;
+#endif
+  curl_socklen_t size = (curl_socklen_t) sizeof(add);
+
+  if(0 == getsockname(sock, (struct sockaddr *) &add, &size)) {
+    size = sizeof(add);
+
+    s=accept(sock, (struct sockaddr *) &add, &size);
+  }
+  Curl_closesocket(conn, sock); /* close the first socket */
+
+  if(CURL_SOCKET_BAD == s) {
+    failf(data, "Error accept()ing server connect");
+    return CURLE_FTP_PORT_FAILED;
+  }
+  infof(data, "Connection accepted from server\n");
+
+  conn->sock[SECONDARYSOCKET] = s;
+  curlx_nonblock(s, TRUE); /* enable non-blocking */
+  conn->sock_accepted[SECONDARYSOCKET] = TRUE;
+
+  if(data->set.fsockopt) {
+    int error = 0;
+
+    /* activate callback for setting socket options */
+    error = data->set.fsockopt(data->set.sockopt_client,
+                               s,
+                               CURLSOCKTYPE_ACCEPT);
+
+    if(error) {
+      Curl_closesocket(conn, s); /* close the socket and bail out */
+      conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
+      return CURLE_ABORTED_BY_CALLBACK;
+    }
+  }
+
+  return CURLE_OK;
+
+}
+
+/*
+ * ftp_timeleft_accept() returns the amount of milliseconds left allowed for
+ * waiting server to connect. If the value is negative, the timeout time has
+ * already elapsed.
+ *
+ * The start time is stored in progress.t_acceptdata - as set with
+ * Curl_pgrsTime(..., TIMER_STARTACCEPT);
+ *
+ */
+static long ftp_timeleft_accept(struct SessionHandle *data)
+{
+  long timeout_ms = DEFAULT_ACCEPT_TIMEOUT;
+  long other;
+  struct timeval now;
+
+  if(data->set.accepttimeout > 0)
+    timeout_ms = data->set.accepttimeout;
+
+  now = Curl_tvnow();
+
+  /* check if the generic timeout possibly is set shorter */
+  other =  Curl_timeleft(data, &now, FALSE);
+  if(other && (other < timeout_ms))
+    /* note that this also works fine for when other happens to be negative
+       due to it already having elapsed */
+    timeout_ms = other;
+  else {
+    /* subtract elapsed time */
+    timeout_ms -= Curl_tvdiff(now, data->progress.t_acceptdata);
+    if(!timeout_ms)
+      /* avoid returning 0 as that means no timeout! */
+      return -1;
+  }
+
+  return timeout_ms;
+}
+
+
+/***********************************************************************
+ *
+ * ReceivedServerConnect()
+ *
+ * After allowing server to connect to us from data port, this function
+ * checks both data connection for connection establishment and ctrl
+ * connection for a negative response regarding a failure in connecting
+ *
+ */
+static CURLcode ReceivedServerConnect(struct connectdata *conn, bool *received)
+{
+  struct SessionHandle *data = conn->data;
+  curl_socket_t ctrl_sock = conn->sock[FIRSTSOCKET];
+  curl_socket_t data_sock = conn->sock[SECONDARYSOCKET];
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  struct pingpong *pp = &ftpc->pp;
+  int result;
+  long timeout_ms;
+  ssize_t nread;
+  int ftpcode;
+
+  *received = FALSE;
+
+  timeout_ms = ftp_timeleft_accept(data);
+  infof(data, "Checking for server connect\n");
+  if(timeout_ms < 0) {
+    /* if a timeout was already reached, bail out */
+    failf(data, "Accept timeout occurred while waiting server connect");
+    return CURLE_FTP_ACCEPT_TIMEOUT;
+  }
+
+  /* First check whether there is a cached response from server */
+  if(pp->cache_size && pp->cache && pp->cache[0] > '3') {
+    /* Data connection could not be established, let's return */
+    infof(data, "There is negative response in cache while serv connect\n");
+    Curl_GetFTPResponse(&nread, conn, &ftpcode);
+    return CURLE_FTP_ACCEPT_FAILED;
+  }
+
+  result = Curl_socket_check(ctrl_sock, data_sock, CURL_SOCKET_BAD, 0);
+
+  /* see if the connection request is already here */
+  switch (result) {
+  case -1: /* error */
+    /* let's die here */
+    failf(data, "Error while waiting for server connect");
+    return CURLE_FTP_ACCEPT_FAILED;
+  case 0:  /* Server connect is not received yet */
+    break; /* loop */
+  default:
+
+    if(result & CURL_CSELECT_IN2) {
+      infof(data, "Ready to accept data connection from server\n");
+      *received = TRUE;
+    }
+    else if(result & CURL_CSELECT_IN) {
+      infof(data, "Ctrl conn has data while waiting for data conn\n");
+      Curl_GetFTPResponse(&nread, conn, &ftpcode);
+
+      if(ftpcode/100 > 3)
+        return CURLE_FTP_ACCEPT_FAILED;
+
+      return CURLE_FTP_WEIRD_SERVER_REPLY;
+    }
+
+    break;
+  } /* switch() */
+
+  return CURLE_OK;
+}
+
+
+/***********************************************************************
+ *
+ * InitiateTransfer()
+ *
+ * After connection from server is accepted this function is called to
+ * setup transfer parameters and initiate the data transfer.
+ *
+ */
+static CURLcode InitiateTransfer(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  struct FTP *ftp = data->req.protop;
+  CURLcode result = CURLE_OK;
+
+  if(conn->ssl[SECONDARYSOCKET].use) {
+    /* since we only have a plaintext TCP connection here, we must now
+     * do the TLS stuff */
+    infof(data, "Doing the SSL/TLS handshake on the data stream\n");
+    result = Curl_ssl_connect(conn, SECONDARYSOCKET);
+    if(result)
+      return result;
+  }
+
+  if(conn->proto.ftpc.state_saved == FTP_STOR) {
+    *(ftp->bytecountp)=0;
+
+    /* When we know we're uploading a specified file, we can get the file
+       size prior to the actual upload. */
+
+    Curl_pgrsSetUploadSize(data, data->state.infilesize);
+
+    /* set the SO_SNDBUF for the secondary socket for those who need it */
+    Curl_sndbufset(conn->sock[SECONDARYSOCKET]);
+
+    Curl_setup_transfer(conn, -1, -1, FALSE, NULL, /* no download */
+                        SECONDARYSOCKET, ftp->bytecountp);
+  }
+  else {
+    /* FTP download: */
+    Curl_setup_transfer(conn, SECONDARYSOCKET,
+                        conn->proto.ftpc.retr_size_saved, FALSE,
+                        ftp->bytecountp, -1, NULL); /* no upload here */
+  }
+
+  conn->proto.ftpc.pp.pending_resp = TRUE; /* expect server response */
+  state(conn, FTP_STOP);
+
+  return CURLE_OK;
+}
+
+/***********************************************************************
+ *
+ * AllowServerConnect()
+ *
+ * When we've issue the PORT command, we have told the server to connect to
+ * us. This function checks whether data connection is established if so it is
+ * accepted.
+ *
+ */
+static CURLcode AllowServerConnect(struct connectdata *conn, bool *connected)
+{
+  struct SessionHandle *data = conn->data;
+  long timeout_ms;
+  CURLcode ret = CURLE_OK;
+
+  *connected = FALSE;
+  infof(data, "Preparing for accepting server on data port\n");
+
+  /* Save the time we start accepting server connect */
+  Curl_pgrsTime(data, TIMER_STARTACCEPT);
+
+  timeout_ms = ftp_timeleft_accept(data);
+  if(timeout_ms < 0) {
+    /* if a timeout was already reached, bail out */
+    failf(data, "Accept timeout occurred while waiting server connect");
+    return CURLE_FTP_ACCEPT_TIMEOUT;
+  }
+
+  /* see if the connection request is already here */
+  ret = ReceivedServerConnect(conn, connected);
+  if(ret)
+    return ret;
+
+  if(*connected) {
+    ret = AcceptServerConnect(conn);
+    if(ret)
+      return ret;
+
+    ret = InitiateTransfer(conn);
+    if(ret)
+      return ret;
+  }
+  else {
+    /* Add timeout to multi handle and break out of the loop */
+    if(ret == CURLE_OK && *connected == FALSE) {
+      if(data->set.accepttimeout > 0)
+        Curl_expire(data, data->set.accepttimeout);
+      else
+        Curl_expire(data, DEFAULT_ACCEPT_TIMEOUT);
+    }
+  }
+
+  return ret;
+}
+
+/* macro to check for a three-digit ftp status code at the start of the
+   given string */
+#define STATUSCODE(line) (ISDIGIT(line[0]) && ISDIGIT(line[1]) &&       \
+                          ISDIGIT(line[2]))
+
+/* macro to check for the last line in an FTP server response */
+#define LASTLINE(line) (STATUSCODE(line) && (' ' == line[3]))
+
+static bool ftp_endofresp(struct connectdata *conn, char *line, size_t len,
+                          int *code)
+{
+  (void)conn;
+
+  if((len > 3) && LASTLINE(line)) {
+    *code = curlx_sltosi(strtol(line, NULL, 10));
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+static CURLcode ftp_readresp(curl_socket_t sockfd,
+                             struct pingpong *pp,
+                             int *ftpcode, /* return the ftp-code if done */
+                             size_t *size) /* size of the response */
+{
+  struct connectdata *conn = pp->conn;
+  struct SessionHandle *data = conn->data;
+#ifdef HAVE_GSSAPI
+  char * const buf = data->state.buffer;
+#endif
+  CURLcode result = CURLE_OK;
+  int code;
+
+  result = Curl_pp_readresp(sockfd, pp, &code, size);
+
+#if defined(HAVE_GSSAPI)
+  /* handle the security-oriented responses 6xx ***/
+  /* FIXME: some errorchecking perhaps... ***/
+  switch(code) {
+  case 631:
+    code = Curl_sec_read_msg(conn, buf, PROT_SAFE);
+    break;
+  case 632:
+    code = Curl_sec_read_msg(conn, buf, PROT_PRIVATE);
+    break;
+  case 633:
+    code = Curl_sec_read_msg(conn, buf, PROT_CONFIDENTIAL);
+    break;
+  default:
+    /* normal ftp stuff we pass through! */
+    break;
+  }
+#endif
+
+  /* store the latest code for later retrieval */
+  data->info.httpcode=code;
+
+  if(ftpcode)
+    *ftpcode = code;
+
+  if(421 == code) {
+    /* 421 means "Service not available, closing control connection." and FTP
+     * servers use it to signal that idle session timeout has been exceeded.
+     * If we ignored the response, it could end up hanging in some cases.
+     *
+     * This response code can come at any point so having it treated
+     * generically is a good idea.
+     */
+    infof(data, "We got a 421 - timeout!\n");
+    state(conn, FTP_STOP);
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  return result;
+}
+
+/* --- parse FTP server responses --- */
+
+/*
+ * Curl_GetFTPResponse() is a BLOCKING function to read the full response
+ * from a server after a command.
+ *
+ */
+
+CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
+                             struct connectdata *conn,
+                             int *ftpcode) /* return the ftp-code */
+{
+  /*
+   * We cannot read just one byte per read() and then go back to select() as
+   * the OpenSSL read() doesn't grok that properly.
+   *
+   * Alas, read as much as possible, split up into lines, use the ending
+   * line in a response or continue reading.  */
+
+  curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
+  long timeout;              /* timeout in milliseconds */
+  long interval_ms;
+  struct SessionHandle *data = conn->data;
+  CURLcode result = CURLE_OK;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  struct pingpong *pp = &ftpc->pp;
+  size_t nread;
+  int cache_skip=0;
+  int value_to_be_ignored=0;
+
+  if(ftpcode)
+    *ftpcode = 0; /* 0 for errors */
+  else
+    /* make the pointer point to something for the rest of this function */
+    ftpcode = &value_to_be_ignored;
+
+  *nreadp=0;
+
+  while(!*ftpcode && !result) {
+    /* check and reset timeout value every lap */
+    timeout = Curl_pp_state_timeout(pp);
+
+    if(timeout <=0 ) {
+      failf(data, "FTP response timeout");
+      return CURLE_OPERATION_TIMEDOUT; /* already too little time */
+    }
+
+    interval_ms = 1000;  /* use 1 second timeout intervals */
+    if(timeout < interval_ms)
+      interval_ms = timeout;
+
+    /*
+     * Since this function is blocking, we need to wait here for input on the
+     * connection and only then we call the response reading function. We do
+     * timeout at least every second to make the timeout check run.
+     *
+     * A caution here is that the ftp_readresp() function has a cache that may
+     * contain pieces of a response from the previous invoke and we need to
+     * make sure we don't just wait for input while there is unhandled data in
+     * that cache. But also, if the cache is there, we call ftp_readresp() and
+     * the cache wasn't good enough to continue we must not just busy-loop
+     * around this function.
+     *
+     */
+
+    if(pp->cache && (cache_skip < 2)) {
+      /*
+       * There's a cache left since before. We then skipping the wait for
+       * socket action, unless this is the same cache like the previous round
+       * as then the cache was deemed not enough to act on and we then need to
+       * wait for more data anyway.
+       */
+    }
+    else {
+      switch (Curl_socket_ready(sockfd, CURL_SOCKET_BAD, interval_ms)) {
+      case -1: /* select() error, stop reading */
+        failf(data, "FTP response aborted due to select/poll error: %d",
+              SOCKERRNO);
+        return CURLE_RECV_ERROR;
+
+      case 0: /* timeout */
+        if(Curl_pgrsUpdate(conn))
+          return CURLE_ABORTED_BY_CALLBACK;
+        continue; /* just continue in our loop for the timeout duration */
+
+      default: /* for clarity */
+        break;
+      }
+    }
+    result = ftp_readresp(sockfd, pp, ftpcode, &nread);
+    if(result)
+      break;
+
+    if(!nread && pp->cache)
+      /* bump cache skip counter as on repeated skips we must wait for more
+         data */
+      cache_skip++;
+    else
+      /* when we got data or there is no cache left, we reset the cache skip
+         counter */
+      cache_skip=0;
+
+    *nreadp += nread;
+
+  } /* while there's buffer left and loop is requested */
+
+  pp->pending_resp = FALSE;
+
+  return result;
+}
+
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+  /* for debug purposes */
+static const char * const ftp_state_names[]={
+  "STOP",
+  "WAIT220",
+  "AUTH",
+  "USER",
+  "PASS",
+  "ACCT",
+  "PBSZ",
+  "PROT",
+  "CCC",
+  "PWD",
+  "SYST",
+  "NAMEFMT",
+  "QUOTE",
+  "RETR_PREQUOTE",
+  "STOR_PREQUOTE",
+  "POSTQUOTE",
+  "CWD",
+  "MKD",
+  "MDTM",
+  "TYPE",
+  "LIST_TYPE",
+  "RETR_TYPE",
+  "STOR_TYPE",
+  "SIZE",
+  "RETR_SIZE",
+  "STOR_SIZE",
+  "REST",
+  "RETR_REST",
+  "PORT",
+  "PRET",
+  "PASV",
+  "LIST",
+  "RETR",
+  "STOR",
+  "QUIT"
+};
+#endif
+
+/* This is the ONLY way to change FTP state! */
+static void _state(struct connectdata *conn,
+                   ftpstate newstate
+#ifdef DEBUGBUILD
+                   , int lineno
+#endif
+  )
+{
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+  if(ftpc->state != newstate)
+    infof(conn->data, "FTP %p (line %d) state change from %s to %s\n",
+          (void *)ftpc, lineno, ftp_state_names[ftpc->state],
+          ftp_state_names[newstate]);
+#endif
+  ftpc->state = newstate;
+}
+
+static CURLcode ftp_state_user(struct connectdata *conn)
+{
+  CURLcode result;
+  struct FTP *ftp = conn->data->req.protop;
+  /* send USER */
+  PPSENDF(&conn->proto.ftpc.pp, "USER %s", ftp->user?ftp->user:"");
+
+  state(conn, FTP_USER);
+  conn->data->state.ftp_trying_alternative = FALSE;
+
+  return CURLE_OK;
+}
+
+static CURLcode ftp_state_pwd(struct connectdata *conn)
+{
+  CURLcode result;
+
+  /* send PWD to discover our entry point */
+  PPSENDF(&conn->proto.ftpc.pp, "%s", "PWD");
+  state(conn, FTP_PWD);
+
+  return CURLE_OK;
+}
+
+/* For the FTP "protocol connect" and "doing" phases only */
+static int ftp_getsock(struct connectdata *conn,
+                       curl_socket_t *socks,
+                       int numsocks)
+{
+  return Curl_pp_getsock(&conn->proto.ftpc.pp, socks, numsocks);
+}
+
+/* For the FTP "DO_MORE" phase only */
+static int ftp_domore_getsock(struct connectdata *conn, curl_socket_t *socks,
+                              int numsocks)
+{
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  if(!numsocks)
+    return GETSOCK_BLANK;
+
+  /* When in DO_MORE state, we could be either waiting for us to connect to a
+   * remote site, or we could wait for that site to connect to us. Or just
+   * handle ordinary commands.
+   */
+
+  if(FTP_STOP == ftpc->state) {
+    int bits = GETSOCK_READSOCK(0);
+
+    /* if stopped and still in this state, then we're also waiting for a
+       connect on the secondary connection */
+    socks[0] = conn->sock[FIRSTSOCKET];
+
+    if(!conn->data->set.ftp_use_port) {
+      int s;
+      int i;
+      /* PORT is used to tell the server to connect to us, and during that we
+         don't do happy eyeballs, but we do if we connect to the server */
+      for(s=1, i=0; i<2; i++) {
+        if(conn->tempsock[i] != CURL_SOCKET_BAD) {
+          socks[s] = conn->tempsock[i];
+          bits |= GETSOCK_WRITESOCK(s++);
+        }
+      }
+    }
+    else {
+      socks[1] = conn->sock[SECONDARYSOCKET];
+      bits |= GETSOCK_WRITESOCK(1);
+    }
+
+    return bits;
+  }
+  else
+    return Curl_pp_getsock(&conn->proto.ftpc.pp, socks, numsocks);
+}
+
+/* This is called after the FTP_QUOTE state is passed.
+
+   ftp_state_cwd() sends the range of CWD commands to the server to change to
+   the correct directory. It may also need to send MKD commands to create
+   missing ones, if that option is enabled.
+*/
+static CURLcode ftp_state_cwd(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  if(ftpc->cwddone)
+    /* already done and fine */
+    result = ftp_state_mdtm(conn);
+  else {
+    ftpc->count2 = 0; /* count2 counts failed CWDs */
+
+    /* count3 is set to allow a MKD to fail once. In the case when first CWD
+       fails and then MKD fails (due to another session raced it to create the
+       dir) this then allows for a second try to CWD to it */
+    ftpc->count3 = (conn->data->set.ftp_create_missing_dirs==2)?1:0;
+
+    if(conn->bits.reuse && ftpc->entrypath) {
+      /* This is a re-used connection. Since we change directory to where the
+         transfer is taking place, we must first get back to the original dir
+         where we ended up after login: */
+      ftpc->count1 = 0; /* we count this as the first path, then we add one
+                          for all upcoming ones in the ftp->dirs[] array */
+      PPSENDF(&conn->proto.ftpc.pp, "CWD %s", ftpc->entrypath);
+      state(conn, FTP_CWD);
+    }
+    else {
+      if(ftpc->dirdepth) {
+        ftpc->count1 = 1;
+        /* issue the first CWD, the rest is sent when the CWD responses are
+           received... */
+        PPSENDF(&conn->proto.ftpc.pp, "CWD %s", ftpc->dirs[ftpc->count1 -1]);
+        state(conn, FTP_CWD);
+      }
+      else {
+        /* No CWD necessary */
+        result = ftp_state_mdtm(conn);
+      }
+    }
+  }
+  return result;
+}
+
+typedef enum {
+  EPRT,
+  PORT,
+  DONE
+} ftpport;
+
+static CURLcode ftp_state_use_port(struct connectdata *conn,
+                                   ftpport fcmd) /* start with this */
+
+{
+  CURLcode result = CURLE_OK;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  struct SessionHandle *data=conn->data;
+  curl_socket_t portsock= CURL_SOCKET_BAD;
+  char myhost[256] = "";
+
+  struct Curl_sockaddr_storage ss;
+  Curl_addrinfo *res, *ai;
+  curl_socklen_t sslen;
+  char hbuf[NI_MAXHOST];
+  struct sockaddr *sa=(struct sockaddr *)&ss;
+  struct sockaddr_in * const sa4 = (void *)sa;
+#ifdef ENABLE_IPV6
+  struct sockaddr_in6 * const sa6 = (void *)sa;
+#endif
+  char tmp[1024];
+  static const char mode[][5] = { "EPRT", "PORT" };
+  int rc;
+  int error;
+  char *host = NULL;
+  char *string_ftpport = data->set.str[STRING_FTPPORT];
+  struct Curl_dns_entry *h=NULL;
+  unsigned short port_min = 0;
+  unsigned short port_max = 0;
+  unsigned short port;
+  bool possibly_non_local = TRUE;
+
+  char *addr = NULL;
+
+  /* Step 1, figure out what is requested,
+   * accepted format :
+   * (ipv4|ipv6|domain|interface)?(:port(-range)?)?
+   */
+
+  if(data->set.str[STRING_FTPPORT] &&
+     (strlen(data->set.str[STRING_FTPPORT]) > 1)) {
+
+#ifdef ENABLE_IPV6
+    size_t addrlen = INET6_ADDRSTRLEN > strlen(string_ftpport) ?
+      INET6_ADDRSTRLEN : strlen(string_ftpport);
+#else
+    size_t addrlen = INET_ADDRSTRLEN > strlen(string_ftpport) ?
+      INET_ADDRSTRLEN : strlen(string_ftpport);
+#endif
+    char *ip_start = string_ftpport;
+    char *ip_end = NULL;
+    char *port_start = NULL;
+    char *port_sep = NULL;
+
+    addr = calloc(addrlen+1, 1);
+    if(!addr)
+      return CURLE_OUT_OF_MEMORY;
+
+#ifdef ENABLE_IPV6
+    if(*string_ftpport == '[') {
+      /* [ipv6]:port(-range) */
+      ip_start = string_ftpport + 1;
+      if((ip_end = strchr(string_ftpport, ']')) != NULL )
+        strncpy(addr, ip_start, ip_end - ip_start);
+    }
+    else
+#endif
+      if(*string_ftpport == ':') {
+        /* :port */
+        ip_end = string_ftpport;
+    }
+    else if((ip_end = strchr(string_ftpport, ':')) != NULL) {
+        /* either ipv6 or (ipv4|domain|interface):port(-range) */
+#ifdef ENABLE_IPV6
+      if(Curl_inet_pton(AF_INET6, string_ftpport, sa6) == 1) {
+        /* ipv6 */
+        port_min = port_max = 0;
+        strcpy(addr, string_ftpport);
+        ip_end = NULL; /* this got no port ! */
+      }
+      else
+#endif
+        /* (ipv4|domain|interface):port(-range) */
+        strncpy(addr, string_ftpport, ip_end - ip_start );
+    }
+    else
+      /* ipv4|interface */
+      strcpy(addr, string_ftpport);
+
+    /* parse the port */
+    if(ip_end != NULL) {
+      if((port_start = strchr(ip_end, ':')) != NULL) {
+        port_min = curlx_ultous(strtoul(port_start+1, NULL, 10));
+        if((port_sep = strchr(port_start, '-')) != NULL) {
+          port_max = curlx_ultous(strtoul(port_sep + 1, NULL, 10));
+        }
+        else
+          port_max = port_min;
+      }
+    }
+
+    /* correct errors like:
+     *  :1234-1230
+     *  :-4711 , in this case port_min is (unsigned)-1,
+     *           therefore port_min > port_max for all cases
+     *           but port_max = (unsigned)-1
+     */
+    if(port_min > port_max )
+      port_min = port_max = 0;
+
+
+    if(*addr != '\0') {
+      /* attempt to get the address of the given interface name */
+      switch(Curl_if2ip(conn->ip_addr->ai_family, conn->scope, addr,
+                     hbuf, sizeof(hbuf))) {
+        case IF2IP_NOT_FOUND:
+          /* not an interface, use the given string as host name instead */
+          host = addr;
+          break;
+        case IF2IP_AF_NOT_SUPPORTED:
+          return CURLE_FTP_PORT_FAILED;
+        case IF2IP_FOUND:
+          host = hbuf; /* use the hbuf for host name */
+      }
+    }
+    else
+      /* there was only a port(-range) given, default the host */
+      host = NULL;
+  } /* data->set.ftpport */
+
+  if(!host) {
+    /* not an interface and not a host name, get default by extracting
+       the IP from the control connection */
+
+    sslen = sizeof(ss);
+    if(getsockname(conn->sock[FIRSTSOCKET], sa, &sslen)) {
+      failf(data, "getsockname() failed: %s",
+          Curl_strerror(conn, SOCKERRNO) );
+      Curl_safefree(addr);
+      return CURLE_FTP_PORT_FAILED;
+    }
+    switch(sa->sa_family) {
+#ifdef ENABLE_IPV6
+    case AF_INET6:
+      Curl_inet_ntop(sa->sa_family, &sa6->sin6_addr, hbuf, sizeof(hbuf));
+      break;
+#endif
+    default:
+      Curl_inet_ntop(sa->sa_family, &sa4->sin_addr, hbuf, sizeof(hbuf));
+      break;
+    }
+    host = hbuf; /* use this host name */
+    possibly_non_local = FALSE; /* we know it is local now */
+  }
+
+  /* resolv ip/host to ip */
+  rc = Curl_resolv(conn, host, 0, &h);
+  if(rc == CURLRESOLV_PENDING)
+    (void)Curl_resolver_wait_resolv(conn, &h);
+  if(h) {
+    res = h->addr;
+    /* when we return from this function, we can forget about this entry
+       to we can unlock it now already */
+    Curl_resolv_unlock(data, h);
+  } /* (h) */
+  else
+    res = NULL; /* failure! */
+
+  if(res == NULL) {
+    failf(data, "failed to resolve the address provided to PORT: %s", host);
+    Curl_safefree(addr);
+    return CURLE_FTP_PORT_FAILED;
+  }
+
+  Curl_safefree(addr);
+  host = NULL;
+
+  /* step 2, create a socket for the requested address */
+
+  portsock = CURL_SOCKET_BAD;
+  error = 0;
+  for(ai = res; ai; ai = ai->ai_next) {
+    result = Curl_socket(conn, ai, NULL, &portsock);
+    if(result) {
+      error = SOCKERRNO;
+      continue;
+    }
+    break;
+  }
+  if(!ai) {
+    failf(data, "socket failure: %s", Curl_strerror(conn, error));
+    return CURLE_FTP_PORT_FAILED;
+  }
+
+  /* step 3, bind to a suitable local address */
+
+  memcpy(sa, ai->ai_addr, ai->ai_addrlen);
+  sslen = ai->ai_addrlen;
+
+  for(port = port_min; port <= port_max;) {
+    if(sa->sa_family == AF_INET)
+      sa4->sin_port = htons(port);
+#ifdef ENABLE_IPV6
+    else
+      sa6->sin6_port = htons(port);
+#endif
+    /* Try binding the given address. */
+    if(bind(portsock, sa, sslen) ) {
+      /* It failed. */
+      error = SOCKERRNO;
+      if(possibly_non_local && (error == EADDRNOTAVAIL)) {
+        /* The requested bind address is not local.  Use the address used for
+         * the control connection instead and restart the port loop
+         */
+
+        infof(data, "bind(port=%hu) on non-local address failed: %s\n", port,
+              Curl_strerror(conn, error) );
+
+        sslen = sizeof(ss);
+        if(getsockname(conn->sock[FIRSTSOCKET], sa, &sslen)) {
+          failf(data, "getsockname() failed: %s",
+                Curl_strerror(conn, SOCKERRNO) );
+          Curl_closesocket(conn, portsock);
+          return CURLE_FTP_PORT_FAILED;
+        }
+        port = port_min;
+        possibly_non_local = FALSE; /* don't try this again */
+        continue;
+      }
+      else if(error != EADDRINUSE && error != EACCES) {
+        failf(data, "bind(port=%hu) failed: %s", port,
+              Curl_strerror(conn, error) );
+        Curl_closesocket(conn, portsock);
+        return CURLE_FTP_PORT_FAILED;
+      }
+    }
+    else
+      break;
+
+    port++;
+  }
+
+  /* maybe all ports were in use already*/
+  if(port > port_max) {
+    failf(data, "bind() failed, we ran out of ports!");
+    Curl_closesocket(conn, portsock);
+    return CURLE_FTP_PORT_FAILED;
+  }
+
+  /* get the name again after the bind() so that we can extract the
+     port number it uses now */
+  sslen = sizeof(ss);
+  if(getsockname(portsock, (struct sockaddr *)sa, &sslen)) {
+    failf(data, "getsockname() failed: %s",
+          Curl_strerror(conn, SOCKERRNO) );
+    Curl_closesocket(conn, portsock);
+    return CURLE_FTP_PORT_FAILED;
+  }
+
+  /* step 4, listen on the socket */
+
+  if(listen(portsock, 1)) {
+    failf(data, "socket failure: %s", Curl_strerror(conn, SOCKERRNO));
+    Curl_closesocket(conn, portsock);
+    return CURLE_FTP_PORT_FAILED;
+  }
+
+  /* step 5, send the proper FTP command */
+
+  /* get a plain printable version of the numerical address to work with
+     below */
+  Curl_printable_address(ai, myhost, sizeof(myhost));
+
+#ifdef ENABLE_IPV6
+  if(!conn->bits.ftp_use_eprt && conn->bits.ipv6)
+    /* EPRT is disabled but we are connected to a IPv6 host, so we ignore the
+       request and enable EPRT again! */
+    conn->bits.ftp_use_eprt = TRUE;
+#endif
+
+  for(; fcmd != DONE; fcmd++) {
+
+    if(!conn->bits.ftp_use_eprt && (EPRT == fcmd))
+      /* if disabled, goto next */
+      continue;
+
+    if((PORT == fcmd) && sa->sa_family != AF_INET)
+      /* PORT is ipv4 only */
+      continue;
+
+    switch (sa->sa_family) {
+    case AF_INET:
+      port = ntohs(sa4->sin_port);
+      break;
+#ifdef ENABLE_IPV6
+    case AF_INET6:
+      port = ntohs(sa6->sin6_port);
+      break;
+#endif
+    default:
+      continue; /* might as well skip this */
+    }
+
+    if(EPRT == fcmd) {
+      /*
+       * Two fine examples from RFC2428;
+       *
+       * EPRT |1|132.235.1.2|6275|
+       *
+       * EPRT |2|1080::8:800:200C:417A|5282|
+       */
+
+      result = Curl_pp_sendf(&ftpc->pp, "%s |%d|%s|%hu|", mode[fcmd],
+                             sa->sa_family == AF_INET?1:2,
+                             myhost, port);
+      if(result) {
+        failf(data, "Failure sending EPRT command: %s",
+              curl_easy_strerror(result));
+        Curl_closesocket(conn, portsock);
+        /* don't retry using PORT */
+        ftpc->count1 = PORT;
+        /* bail out */
+        state(conn, FTP_STOP);
+        return result;
+      }
+      break;
+    }
+    else if(PORT == fcmd) {
+      char *source = myhost;
+      char *dest = tmp;
+
+      /* translate x.x.x.x to x,x,x,x */
+      while(source && *source) {
+        if(*source == '.')
+          *dest=',';
+        else
+          *dest = *source;
+        dest++;
+        source++;
+      }
+      *dest = 0;
+      snprintf(dest, 20, ",%d,%d", (int)(port>>8), (int)(port&0xff));
+
+      result = Curl_pp_sendf(&ftpc->pp, "%s %s", mode[fcmd], tmp);
+      if(result) {
+        failf(data, "Failure sending PORT command: %s",
+              curl_easy_strerror(result));
+        Curl_closesocket(conn, portsock);
+        /* bail out */
+        state(conn, FTP_STOP);
+        return result;
+      }
+      break;
+    }
+  }
+
+  /* store which command was sent */
+  ftpc->count1 = fcmd;
+
+  /* we set the secondary socket variable to this for now, it is only so that
+     the cleanup function will close it in case we fail before the true
+     secondary stuff is made */
+  if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
+    Curl_closesocket(conn, conn->sock[SECONDARYSOCKET]);
+  conn->sock[SECONDARYSOCKET] = portsock;
+
+  /* this tcpconnect assignment below is a hackish work-around to make the
+     multi interface with active FTP work - as it will not wait for a
+     (passive) connect in Curl_is_connected().
+
+     The *proper* fix is to make sure that the active connection from the
+     server is done in a non-blocking way. Currently, it is still BLOCKING.
+  */
+  conn->bits.tcpconnect[SECONDARYSOCKET] = TRUE;
+
+  state(conn, FTP_PORT);
+  return result;
+}
+
+static CURLcode ftp_state_use_pasv(struct connectdata *conn)
+{
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  CURLcode result = CURLE_OK;
+  /*
+    Here's the excecutive summary on what to do:
+
+    PASV is RFC959, expect:
+    227 Entering Passive Mode (a1,a2,a3,a4,p1,p2)
+
+    LPSV is RFC1639, expect:
+    228 Entering Long Passive Mode (4,4,a1,a2,a3,a4,2,p1,p2)
+
+    EPSV is RFC2428, expect:
+    229 Entering Extended Passive Mode (|||port|)
+
+  */
+
+  static const char mode[][5] = { "EPSV", "PASV" };
+  int modeoff;
+
+#ifdef PF_INET6
+  if(!conn->bits.ftp_use_epsv && conn->bits.ipv6)
+    /* EPSV is disabled but we are connected to a IPv6 host, so we ignore the
+       request and enable EPSV again! */
+    conn->bits.ftp_use_epsv = TRUE;
+#endif
+
+  modeoff = conn->bits.ftp_use_epsv?0:1;
+
+  PPSENDF(&ftpc->pp, "%s", mode[modeoff]);
+
+  ftpc->count1 = modeoff;
+  state(conn, FTP_PASV);
+  infof(conn->data, "Connect data stream passively\n");
+
+  return result;
+}
+
+/*
+ * ftp_state_prepare_transfer() starts PORT, PASV or PRET etc.
+ *
+ * REST is the last command in the chain of commands when a "head"-like
+ * request is made. Thus, if an actual transfer is to be made this is where we
+ * take off for real.
+ */
+static CURLcode ftp_state_prepare_transfer(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct FTP *ftp = conn->data->req.protop;
+  struct SessionHandle *data = conn->data;
+
+  if(ftp->transfer != FTPTRANSFER_BODY) {
+    /* doesn't transfer any data */
+
+    /* still possibly do PRE QUOTE jobs */
+    state(conn, FTP_RETR_PREQUOTE);
+    result = ftp_state_quote(conn, TRUE, FTP_RETR_PREQUOTE);
+  }
+  else if(data->set.ftp_use_port) {
+    /* We have chosen to use the PORT (or similar) command */
+    result = ftp_state_use_port(conn, EPRT);
+  }
+  else {
+    /* We have chosen (this is default) to use the PASV (or similar) command */
+    if(data->set.ftp_use_pret) {
+      /* The user has requested that we send a PRET command
+         to prepare the server for the upcoming PASV */
+      if(!conn->proto.ftpc.file) {
+        PPSENDF(&conn->proto.ftpc.pp, "PRET %s",
+                data->set.str[STRING_CUSTOMREQUEST]?
+                data->set.str[STRING_CUSTOMREQUEST]:
+                (data->set.ftp_list_only?"NLST":"LIST"));
+      }
+      else if(data->set.upload) {
+        PPSENDF(&conn->proto.ftpc.pp, "PRET STOR %s", conn->proto.ftpc.file);
+      }
+      else {
+        PPSENDF(&conn->proto.ftpc.pp, "PRET RETR %s", conn->proto.ftpc.file);
+      }
+      state(conn, FTP_PRET);
+    }
+    else {
+      result = ftp_state_use_pasv(conn);
+    }
+  }
+  return result;
+}
+
+static CURLcode ftp_state_rest(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct FTP *ftp = conn->data->req.protop;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  if((ftp->transfer != FTPTRANSFER_BODY) && ftpc->file) {
+    /* if a "head"-like request is being made (on a file) */
+
+    /* Determine if server can respond to REST command and therefore
+       whether it supports range */
+    PPSENDF(&conn->proto.ftpc.pp, "REST %d", 0);
+
+    state(conn, FTP_REST);
+  }
+  else
+    result = ftp_state_prepare_transfer(conn);
+
+  return result;
+}
+
+static CURLcode ftp_state_size(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct FTP *ftp = conn->data->req.protop;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  if((ftp->transfer == FTPTRANSFER_INFO) && ftpc->file) {
+    /* if a "head"-like request is being made (on a file) */
+
+    /* we know ftpc->file is a valid pointer to a file name */
+    PPSENDF(&ftpc->pp, "SIZE %s", ftpc->file);
+
+    state(conn, FTP_SIZE);
+  }
+  else
+    result = ftp_state_rest(conn);
+
+  return result;
+}
+
+static CURLcode ftp_state_list(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  /* If this output is to be machine-parsed, the NLST command might be better
+     to use, since the LIST command output is not specified or standard in any
+     way. It has turned out that the NLST list output is not the same on all
+     servers either... */
+
+  /*
+     if FTPFILE_NOCWD was specified, we are currently in
+     the user's home directory, so we should add the path
+     as argument for the LIST / NLST / or custom command.
+     Whether the server will support this, is uncertain.
+
+     The other ftp_filemethods will CWD into dir/dir/ first and
+     then just do LIST (in that case: nothing to do here)
+  */
+  char *cmd,*lstArg,*slashPos;
+
+  lstArg = NULL;
+  if((data->set.ftp_filemethod == FTPFILE_NOCWD) &&
+     data->state.path &&
+     data->state.path[0] &&
+     strchr(data->state.path,'/')) {
+
+    lstArg = strdup(data->state.path);
+    if(!lstArg)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* Check if path does not end with /, as then we cut off the file part */
+    if(lstArg[strlen(lstArg) - 1] != '/')  {
+
+      /* chop off the file part if format is dir/dir/file */
+      slashPos = strrchr(lstArg,'/');
+      if(slashPos)
+        *(slashPos+1) = '\0';
+    }
+  }
+
+  cmd = aprintf( "%s%s%s",
+                 data->set.str[STRING_CUSTOMREQUEST]?
+                 data->set.str[STRING_CUSTOMREQUEST]:
+                 (data->set.ftp_list_only?"NLST":"LIST"),
+                 lstArg? " ": "",
+                 lstArg? lstArg: "" );
+
+  if(!cmd) {
+    if(lstArg)
+      free(lstArg);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  result = Curl_pp_sendf(&conn->proto.ftpc.pp, "%s", cmd);
+
+  if(lstArg)
+    free(lstArg);
+
+  free(cmd);
+
+  if(result != CURLE_OK)
+    return result;
+
+  state(conn, FTP_LIST);
+
+  return result;
+}
+
+static CURLcode ftp_state_retr_prequote(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  /* We've sent the TYPE, now we must send the list of prequote strings */
+
+  result = ftp_state_quote(conn, TRUE, FTP_RETR_PREQUOTE);
+
+  return result;
+}
+
+static CURLcode ftp_state_stor_prequote(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  /* We've sent the TYPE, now we must send the list of prequote strings */
+
+  result = ftp_state_quote(conn, TRUE, FTP_STOR_PREQUOTE);
+
+  return result;
+}
+
+static CURLcode ftp_state_type(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct FTP *ftp = conn->data->req.protop;
+  struct SessionHandle *data = conn->data;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  /* If we have selected NOBODY and HEADER, it means that we only want file
+     information. Which in FTP can't be much more than the file size and
+     date. */
+  if(data->set.opt_no_body && ftpc->file &&
+     ftp_need_type(conn, data->set.prefer_ascii)) {
+    /* The SIZE command is _not_ RFC 959 specified, and therefor many servers
+       may not support it! It is however the only way we have to get a file's
+       size! */
+
+    ftp->transfer = FTPTRANSFER_INFO;
+    /* this means no actual transfer will be made */
+
+    /* Some servers return different sizes for different modes, and thus we
+       must set the proper type before we check the size */
+    result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_TYPE);
+    if(result)
+      return result;
+  }
+  else
+    result = ftp_state_size(conn);
+
+  return result;
+}
+
+/* This is called after the CWD commands have been done in the beginning of
+   the DO phase */
+static CURLcode ftp_state_mdtm(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  /* Requested time of file or time-depended transfer? */
+  if((data->set.get_filetime || data->set.timecondition) && ftpc->file) {
+
+    /* we have requested to get the modified-time of the file, this is a white
+       spot as the MDTM is not mentioned in RFC959 */
+    PPSENDF(&ftpc->pp, "MDTM %s", ftpc->file);
+
+    state(conn, FTP_MDTM);
+  }
+  else
+    result = ftp_state_type(conn);
+
+  return result;
+}
+
+
+/* This is called after the TYPE and possible quote commands have been sent */
+static CURLcode ftp_state_ul_setup(struct connectdata *conn,
+                                   bool sizechecked)
+{
+  CURLcode result = CURLE_OK;
+  struct FTP *ftp = conn->data->req.protop;
+  struct SessionHandle *data = conn->data;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  int seekerr = CURL_SEEKFUNC_OK;
+
+  if((data->state.resume_from && !sizechecked) ||
+     ((data->state.resume_from > 0) && sizechecked)) {
+    /* we're about to continue the uploading of a file */
+    /* 1. get already existing file's size. We use the SIZE command for this
+       which may not exist in the server!  The SIZE command is not in
+       RFC959. */
+
+    /* 2. This used to set REST. But since we can do append, we
+       don't another ftp command. We just skip the source file
+       offset and then we APPEND the rest on the file instead */
+
+    /* 3. pass file-size number of bytes in the source file */
+    /* 4. lower the infilesize counter */
+    /* => transfer as usual */
+
+    if(data->state.resume_from < 0 ) {
+      /* Got no given size to start from, figure it out */
+      PPSENDF(&ftpc->pp, "SIZE %s", ftpc->file);
+      state(conn, FTP_STOR_SIZE);
+      return result;
+    }
+
+    /* enable append */
+    data->set.ftp_append = TRUE;
+
+    /* Let's read off the proper amount of bytes from the input. */
+    if(conn->seek_func) {
+      seekerr = conn->seek_func(conn->seek_client, data->state.resume_from,
+                                SEEK_SET);
+    }
+
+    if(seekerr != CURL_SEEKFUNC_OK) {
+      if(seekerr != CURL_SEEKFUNC_CANTSEEK) {
+        failf(data, "Could not seek stream");
+        return CURLE_FTP_COULDNT_USE_REST;
+      }
+      /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */
+      else {
+        curl_off_t passed=0;
+        do {
+          size_t readthisamountnow =
+            (data->state.resume_from - passed > CURL_OFF_T_C(BUFSIZE)) ?
+            BUFSIZE : curlx_sotouz(data->state.resume_from - passed);
+
+          size_t actuallyread =
+            conn->fread_func(data->state.buffer, 1, readthisamountnow,
+                             conn->fread_in);
+
+          passed += actuallyread;
+          if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
+            /* this checks for greater-than only to make sure that the
+               CURL_READFUNC_ABORT return code still aborts */
+            failf(data, "Failed to read data");
+            return CURLE_FTP_COULDNT_USE_REST;
+          }
+        } while(passed < data->state.resume_from);
+      }
+    }
+    /* now, decrease the size of the read */
+    if(data->state.infilesize>0) {
+      data->state.infilesize -= data->state.resume_from;
+
+      if(data->state.infilesize <= 0) {
+        infof(data, "File already completely uploaded\n");
+
+        /* no data to transfer */
+        Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+
+        /* Set ->transfer so that we won't get any error in
+         * ftp_done() because we didn't transfer anything! */
+        ftp->transfer = FTPTRANSFER_NONE;
+
+        state(conn, FTP_STOP);
+        return CURLE_OK;
+      }
+    }
+    /* we've passed, proceed as normal */
+  } /* resume_from */
+
+  PPSENDF(&ftpc->pp, data->set.ftp_append?"APPE %s":"STOR %s",
+          ftpc->file);
+
+  state(conn, FTP_STOR);
+
+  return result;
+}
+
+static CURLcode ftp_state_quote(struct connectdata *conn,
+                                bool init,
+                                ftpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct FTP *ftp = data->req.protop;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  bool quote=FALSE;
+  struct curl_slist *item;
+
+  switch(instate) {
+  case FTP_QUOTE:
+  default:
+    item = data->set.quote;
+    break;
+  case FTP_RETR_PREQUOTE:
+  case FTP_STOR_PREQUOTE:
+    item = data->set.prequote;
+    break;
+  case FTP_POSTQUOTE:
+    item = data->set.postquote;
+    break;
+  }
+
+  /*
+   * This state uses:
+   * 'count1' to iterate over the commands to send
+   * 'count2' to store wether to allow commands to fail
+   */
+
+  if(init)
+    ftpc->count1 = 0;
+  else
+    ftpc->count1++;
+
+  if(item) {
+    int i = 0;
+
+    /* Skip count1 items in the linked list */
+    while((i< ftpc->count1) && item) {
+      item = item->next;
+      i++;
+    }
+    if(item) {
+      char *cmd = item->data;
+      if(cmd[0] == '*') {
+        cmd++;
+        ftpc->count2 = 1; /* the sent command is allowed to fail */
+      }
+      else
+        ftpc->count2 = 0; /* failure means cancel operation */
+
+      PPSENDF(&ftpc->pp, "%s", cmd);
+      state(conn, instate);
+      quote = TRUE;
+    }
+  }
+
+  if(!quote) {
+    /* No more quote to send, continue to ... */
+    switch(instate) {
+    case FTP_QUOTE:
+    default:
+      result = ftp_state_cwd(conn);
+      break;
+    case FTP_RETR_PREQUOTE:
+      if(ftp->transfer != FTPTRANSFER_BODY)
+        state(conn, FTP_STOP);
+      else {
+        if(ftpc->known_filesize != -1) {
+          Curl_pgrsSetDownloadSize(data, ftpc->known_filesize);
+          result = ftp_state_retr(conn, ftpc->known_filesize);
+        }
+        else {
+          PPSENDF(&ftpc->pp, "SIZE %s", ftpc->file);
+          state(conn, FTP_RETR_SIZE);
+        }
+      }
+      break;
+    case FTP_STOR_PREQUOTE:
+      result = ftp_state_ul_setup(conn, FALSE);
+      break;
+    case FTP_POSTQUOTE:
+      break;
+    }
+  }
+
+  return result;
+}
+
+/* called from ftp_state_pasv_resp to switch to PASV in case of EPSV
+   problems */
+static CURLcode ftp_epsv_disable(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  infof(conn->data, "Failed EPSV attempt. Disabling EPSV\n");
+  /* disable it for next transfer */
+  conn->bits.ftp_use_epsv = FALSE;
+  conn->data->state.errorbuf = FALSE; /* allow error message to get
+                                         rewritten */
+  PPSENDF(&conn->proto.ftpc.pp, "%s", "PASV");
+  conn->proto.ftpc.count1++;
+  /* remain in/go to the FTP_PASV state */
+  state(conn, FTP_PASV);
+  return result;
+}
+
+/*
+ * Perform the necessary magic that needs to be done once the TCP connection
+ * to the proxy has completed.
+ */
+static CURLcode proxy_magic(struct connectdata *conn,
+                            char *newhost, unsigned short newport,
+                            bool *magicdone)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data=conn->data;
+
+  *magicdone = FALSE;
+  switch(conn->proxytype) {
+  case CURLPROXY_SOCKS5:
+  case CURLPROXY_SOCKS5_HOSTNAME:
+    result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, newhost,
+                         newport, SECONDARYSOCKET, conn);
+    *magicdone = TRUE;
+    break;
+  case CURLPROXY_SOCKS4:
+    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
+                         SECONDARYSOCKET, conn, FALSE);
+    *magicdone = TRUE;
+    break;
+  case CURLPROXY_SOCKS4A:
+    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
+                         SECONDARYSOCKET, conn, TRUE);
+    *magicdone = TRUE;
+    break;
+  case CURLPROXY_HTTP:
+  case CURLPROXY_HTTP_1_0:
+    /* do nothing here. handled later. */
+    break;
+  default:
+    failf(data, "unknown proxytype option given");
+    result = CURLE_COULDNT_CONNECT;
+    break;
+  }
+
+  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
+    /* BLOCKING */
+    /* We want "seamless" FTP operations through HTTP proxy tunnel */
+
+    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
+     * member conn->proto.http; we want FTP through HTTP and we have to
+     * change the member temporarily for connecting to the HTTP proxy. After
+     * Curl_proxyCONNECT we have to set back the member to the original
+     * struct FTP pointer
+     */
+    struct HTTP http_proxy;
+    struct FTP *ftp_save = data->req.protop;
+    memset(&http_proxy, 0, sizeof(http_proxy));
+    data->req.protop = &http_proxy;
+
+    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport);
+
+    data->req.protop = ftp_save;
+
+    if(result)
+      return result;
+
+    if(conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE) {
+      /* the CONNECT procedure is not complete, the tunnel is not yet up */
+      state(conn, FTP_STOP); /* this phase is completed */
+      return result;
+    }
+    else
+      *magicdone = TRUE;
+  }
+  return result;
+}
+
+static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
+                                    int ftpcode)
+{
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  CURLcode result;
+  struct SessionHandle *data=conn->data;
+  struct Curl_dns_entry *addr=NULL;
+  int rc;
+  unsigned short connectport; /* the local port connect() should use! */
+  char *str=&data->state.buffer[4];  /* start on the first letter */
+
+  if((ftpc->count1 == 0) &&
+     (ftpcode == 229)) {
+    /* positive EPSV response */
+    char *ptr = strchr(str, '(');
+    if(ptr) {
+      unsigned int num;
+      char separator[4];
+      ptr++;
+      if(5  == sscanf(ptr, "%c%c%c%u%c",
+                      &separator[0],
+                      &separator[1],
+                      &separator[2],
+                      &num,
+                      &separator[3])) {
+        const char sep1 = separator[0];
+        int i;
+
+        /* The four separators should be identical, or else this is an oddly
+           formatted reply and we bail out immediately. */
+        for(i=1; i<4; i++) {
+          if(separator[i] != sep1) {
+            ptr=NULL; /* set to NULL to signal error */
+            break;
+          }
+        }
+        if(num > 0xffff) {
+          failf(data, "Illegal port number in EPSV reply");
+          return CURLE_FTP_WEIRD_PASV_REPLY;
+        }
+        if(ptr) {
+          ftpc->newport = (unsigned short)(num & 0xffff);
+
+          if(conn->bits.tunnel_proxy ||
+             conn->proxytype == CURLPROXY_SOCKS5 ||
+             conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME ||
+             conn->proxytype == CURLPROXY_SOCKS4 ||
+             conn->proxytype == CURLPROXY_SOCKS4A)
+            /* proxy tunnel -> use other host info because ip_addr_str is the
+               proxy address not the ftp host */
+            snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s",
+                     conn->host.name);
+          else
+            /* use the same IP we are already connected to */
+            snprintf(ftpc->newhost, NEWHOST_BUFSIZE, "%s", conn->ip_addr_str);
+        }
+      }
+      else
+        ptr=NULL;
+    }
+    if(!ptr) {
+      failf(data, "Weirdly formatted EPSV reply");
+      return CURLE_FTP_WEIRD_PASV_REPLY;
+    }
+  }
+  else if((ftpc->count1 == 1) &&
+          (ftpcode == 227)) {
+    /* positive PASV response */
+    int ip[4];
+    int port[2];
+
+    /*
+     * Scan for a sequence of six comma-separated numbers and use them as
+     * IP+port indicators.
+     *
+     * Found reply-strings include:
+     * "227 Entering Passive Mode (127,0,0,1,4,51)"
+     * "227 Data transfer will passively listen to 127,0,0,1,4,51"
+     * "227 Entering passive mode. 127,0,0,1,4,51"
+     */
+    while(*str) {
+      if(6 == sscanf(str, "%d,%d,%d,%d,%d,%d",
+                      &ip[0], &ip[1], &ip[2], &ip[3],
+                      &port[0], &port[1]))
+        break;
+      str++;
+    }
+
+    if(!*str) {
+      failf(data, "Couldn't interpret the 227-response");
+      return CURLE_FTP_WEIRD_227_FORMAT;
+    }
+
+    /* we got OK from server */
+    if(data->set.ftp_skip_ip) {
+      /* told to ignore the remotely given IP but instead use the one we used
+         for the control connection */
+      infof(data, "Skips %d.%d.%d.%d for data connection, uses %s instead\n",
+            ip[0], ip[1], ip[2], ip[3],
+            conn->ip_addr_str);
+      if(conn->bits.tunnel_proxy ||
+         conn->proxytype == CURLPROXY_SOCKS5 ||
+         conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME ||
+         conn->proxytype == CURLPROXY_SOCKS4 ||
+         conn->proxytype == CURLPROXY_SOCKS4A)
+        /* proxy tunnel -> use other host info because ip_addr_str is the
+           proxy address not the ftp host */
+        snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s", conn->host.name);
+      else
+        snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s",
+                 conn->ip_addr_str);
+    }
+    else
+      snprintf(ftpc->newhost, sizeof(ftpc->newhost),
+               "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+    ftpc->newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
+  }
+  else if(ftpc->count1 == 0) {
+    /* EPSV failed, move on to PASV */
+    return ftp_epsv_disable(conn);
+  }
+  else {
+    failf(data, "Bad PASV/EPSV response: %03d", ftpcode);
+    return CURLE_FTP_WEIRD_PASV_REPLY;
+  }
+
+  if(conn->bits.proxy) {
+    /*
+     * This connection uses a proxy and we need to connect to the proxy again
+     * here. We don't want to rely on a former host lookup that might've
+     * expired now, instead we remake the lookup here and now!
+     */
+    rc = Curl_resolv(conn, conn->proxy.name, (int)conn->port, &addr);
+    if(rc == CURLRESOLV_PENDING)
+      /* BLOCKING, ignores the return code but 'addr' will be NULL in
+         case of failure */
+      (void)Curl_resolver_wait_resolv(conn, &addr);
+
+    connectport =
+      (unsigned short)conn->port; /* we connect to the proxy's port */
+
+    if(!addr) {
+      failf(data, "Can't resolve proxy host %s:%hu",
+            conn->proxy.name, connectport);
+      return CURLE_FTP_CANT_GET_HOST;
+    }
+  }
+  else {
+    /* normal, direct, ftp connection */
+    rc = Curl_resolv(conn, ftpc->newhost, ftpc->newport, &addr);
+    if(rc == CURLRESOLV_PENDING)
+      /* BLOCKING */
+      (void)Curl_resolver_wait_resolv(conn, &addr);
+
+    connectport = ftpc->newport; /* we connect to the remote port */
+
+    if(!addr) {
+      failf(data, "Can't resolve new host %s:%hu", ftpc->newhost, connectport);
+      return CURLE_FTP_CANT_GET_HOST;
+    }
+  }
+
+  conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
+  result = Curl_connecthost(conn, addr);
+
+  Curl_resolv_unlock(data, addr); /* we're done using this address */
+
+  if(result) {
+    if(ftpc->count1 == 0 && ftpcode == 229)
+      return ftp_epsv_disable(conn);
+
+    return result;
+  }
+
+
+  /*
+   * When this is used from the multi interface, this might've returned with
+   * the 'connected' set to FALSE and thus we are now awaiting a non-blocking
+   * connect to connect.
+   */
+
+  if(data->set.verbose)
+    /* this just dumps information about this second connection */
+    ftp_pasv_verbose(conn, conn->ip_addr, ftpc->newhost, connectport);
+
+  conn->bits.do_more = TRUE;
+  state(conn, FTP_STOP); /* this phase is completed */
+
+  return result;
+}
+
+static CURLcode ftp_state_port_resp(struct connectdata *conn,
+                                    int ftpcode)
+{
+  struct SessionHandle *data = conn->data;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  ftpport fcmd = (ftpport)ftpc->count1;
+  CURLcode result = CURLE_OK;
+
+  if(ftpcode != 200) {
+    /* the command failed */
+
+    if(EPRT == fcmd) {
+      infof(data, "disabling EPRT usage\n");
+      conn->bits.ftp_use_eprt = FALSE;
+    }
+    fcmd++;
+
+    if(fcmd == DONE) {
+      failf(data, "Failed to do PORT");
+      result = CURLE_FTP_PORT_FAILED;
+    }
+    else
+      /* try next */
+      result = ftp_state_use_port(conn, fcmd);
+  }
+  else {
+    infof(data, "Connect data stream actively\n");
+    state(conn, FTP_STOP); /* end of DO phase */
+    result = ftp_dophase_done(conn, FALSE);
+  }
+
+  return result;
+}
+
+static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
+                                    int ftpcode)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data=conn->data;
+  struct FTP *ftp = data->req.protop;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  switch(ftpcode) {
+  case 213:
+    {
+      /* we got a time. Format should be: "YYYYMMDDHHMMSS[.sss]" where the
+         last .sss part is optional and means fractions of a second */
+      int year, month, day, hour, minute, second;
+      char *buf = data->state.buffer;
+      if(6 == sscanf(buf+4, "%04d%02d%02d%02d%02d%02d",
+                     &year, &month, &day, &hour, &minute, &second)) {
+        /* we have a time, reformat it */
+        time_t secs=time(NULL);
+        /* using the good old yacc/bison yuck */
+        snprintf(buf, sizeof(conn->data->state.buffer),
+                 "%04d%02d%02d %02d:%02d:%02d GMT",
+                 year, month, day, hour, minute, second);
+        /* now, convert this into a time() value: */
+        data->info.filetime = (long)curl_getdate(buf, &secs);
+      }
+
+#ifdef CURL_FTP_HTTPSTYLE_HEAD
+      /* If we asked for a time of the file and we actually got one as well,
+         we "emulate" a HTTP-style header in our output. */
+
+      if(data->set.opt_no_body &&
+         ftpc->file &&
+         data->set.get_filetime &&
+         (data->info.filetime>=0) ) {
+        time_t filetime = (time_t)data->info.filetime;
+        struct tm buffer;
+        const struct tm *tm = &buffer;
+
+        result = Curl_gmtime(filetime, &buffer);
+        if(result)
+          return result;
+
+        /* format: "Tue, 15 Nov 1994 12:45:26" */
+        snprintf(buf, BUFSIZE-1,
+                 "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
+                 Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+                 tm->tm_mday,
+                 Curl_month[tm->tm_mon],
+                 tm->tm_year + 1900,
+                 tm->tm_hour,
+                 tm->tm_min,
+                 tm->tm_sec);
+        result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+        if(result)
+          return result;
+      } /* end of a ridiculous amount of conditionals */
+#endif
+    }
+    break;
+  default:
+    infof(data, "unsupported MDTM reply format\n");
+    break;
+  case 550: /* "No such file or directory" */
+    failf(data, "Given file does not exist");
+    result = CURLE_FTP_COULDNT_RETR_FILE;
+    break;
+  }
+
+  if(data->set.timecondition) {
+    if((data->info.filetime > 0) && (data->set.timevalue > 0)) {
+      switch(data->set.timecondition) {
+      case CURL_TIMECOND_IFMODSINCE:
+      default:
+        if(data->info.filetime <= data->set.timevalue) {
+          infof(data, "The requested document is not new enough\n");
+          ftp->transfer = FTPTRANSFER_NONE; /* mark to not transfer data */
+          data->info.timecond = TRUE;
+          state(conn, FTP_STOP);
+          return CURLE_OK;
+        }
+        break;
+      case CURL_TIMECOND_IFUNMODSINCE:
+        if(data->info.filetime > data->set.timevalue) {
+          infof(data, "The requested document is not old enough\n");
+          ftp->transfer = FTPTRANSFER_NONE; /* mark to not transfer data */
+          data->info.timecond = TRUE;
+          state(conn, FTP_STOP);
+          return CURLE_OK;
+        }
+        break;
+      } /* switch */
+    }
+    else {
+      infof(data, "Skipping time comparison\n");
+    }
+  }
+
+  if(!result)
+    result = ftp_state_type(conn);
+
+  return result;
+}
+
+static CURLcode ftp_state_type_resp(struct connectdata *conn,
+                                    int ftpcode,
+                                    ftpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data=conn->data;
+
+  if(ftpcode/100 != 2) {
+    /* "sasserftpd" and "(u)r(x)bot ftpd" both responds with 226 after a
+       successful 'TYPE I'. While that is not as RFC959 says, it is still a
+       positive response code and we allow that. */
+    failf(data, "Couldn't set desired mode");
+    return CURLE_FTP_COULDNT_SET_TYPE;
+  }
+  if(ftpcode != 200)
+    infof(data, "Got a %03d response code instead of the assumed 200\n",
+          ftpcode);
+
+  if(instate == FTP_TYPE)
+    result = ftp_state_size(conn);
+  else if(instate == FTP_LIST_TYPE)
+    result = ftp_state_list(conn);
+  else if(instate == FTP_RETR_TYPE)
+    result = ftp_state_retr_prequote(conn);
+  else if(instate == FTP_STOR_TYPE)
+    result = ftp_state_stor_prequote(conn);
+
+  return result;
+}
+
+static CURLcode ftp_state_retr(struct connectdata *conn,
+                                         curl_off_t filesize)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data=conn->data;
+  struct FTP *ftp = data->req.protop;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  if(data->set.max_filesize && (filesize > data->set.max_filesize)) {
+    failf(data, "Maximum file size exceeded");
+    return CURLE_FILESIZE_EXCEEDED;
+  }
+  ftp->downloadsize = filesize;
+
+  if(data->state.resume_from) {
+    /* We always (attempt to) get the size of downloads, so it is done before
+       this even when not doing resumes. */
+    if(filesize == -1) {
+      infof(data, "ftp server doesn't support SIZE\n");
+      /* We couldn't get the size and therefore we can't know if there really
+         is a part of the file left to get, although the server will just
+         close the connection when we start the connection so it won't cause
+         us any harm, just not make us exit as nicely. */
+    }
+    else {
+      /* We got a file size report, so we check that there actually is a
+         part of the file left to get, or else we go home.  */
+      if(data->state.resume_from< 0) {
+        /* We're supposed to download the last abs(from) bytes */
+        if(filesize < -data->state.resume_from) {
+          failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T
+                ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")",
+                data->state.resume_from, filesize);
+          return CURLE_BAD_DOWNLOAD_RESUME;
+        }
+        /* convert to size to download */
+        ftp->downloadsize = -data->state.resume_from;
+        /* download from where? */
+        data->state.resume_from = filesize - ftp->downloadsize;
+      }
+      else {
+        if(filesize < data->state.resume_from) {
+          failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T
+                ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")",
+                data->state.resume_from, filesize);
+          return CURLE_BAD_DOWNLOAD_RESUME;
+        }
+        /* Now store the number of bytes we are expected to download */
+        ftp->downloadsize = filesize-data->state.resume_from;
+      }
+    }
+
+    if(ftp->downloadsize == 0) {
+      /* no data to transfer */
+      Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+      infof(data, "File already completely downloaded\n");
+
+      /* Set ->transfer so that we won't get any error in ftp_done()
+       * because we didn't transfer the any file */
+      ftp->transfer = FTPTRANSFER_NONE;
+      state(conn, FTP_STOP);
+      return CURLE_OK;
+    }
+
+    /* Set resume file transfer offset */
+    infof(data, "Instructs server to resume from offset %"
+          CURL_FORMAT_CURL_OFF_T "\n", data->state.resume_from);
+
+    PPSENDF(&ftpc->pp, "REST %" CURL_FORMAT_CURL_OFF_T,
+            data->state.resume_from);
+
+    state(conn, FTP_RETR_REST);
+  }
+  else {
+    /* no resume */
+    PPSENDF(&ftpc->pp, "RETR %s", ftpc->file);
+    state(conn, FTP_RETR);
+  }
+
+  return result;
+}
+
+static CURLcode ftp_state_size_resp(struct connectdata *conn,
+                                    int ftpcode,
+                                    ftpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data=conn->data;
+  curl_off_t filesize;
+  char *buf = data->state.buffer;
+
+  /* get the size from the ascii string: */
+  filesize = (ftpcode == 213)?curlx_strtoofft(buf+4, NULL, 0):-1;
+
+  if(instate == FTP_SIZE) {
+#ifdef CURL_FTP_HTTPSTYLE_HEAD
+    if(-1 != filesize) {
+      snprintf(buf, sizeof(data->state.buffer),
+               "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", filesize);
+      result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+      if(result)
+        return result;
+    }
+#endif
+    Curl_pgrsSetDownloadSize(data, filesize);
+    result = ftp_state_rest(conn);
+  }
+  else if(instate == FTP_RETR_SIZE) {
+    Curl_pgrsSetDownloadSize(data, filesize);
+    result = ftp_state_retr(conn, filesize);
+  }
+  else if(instate == FTP_STOR_SIZE) {
+    data->state.resume_from = filesize;
+    result = ftp_state_ul_setup(conn, TRUE);
+  }
+
+  return result;
+}
+
+static CURLcode ftp_state_rest_resp(struct connectdata *conn,
+                                    int ftpcode,
+                                    ftpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  switch(instate) {
+  case FTP_REST:
+  default:
+#ifdef CURL_FTP_HTTPSTYLE_HEAD
+    if(ftpcode == 350) {
+      char buffer[24]= { "Accept-ranges: bytes\r\n" };
+      result = Curl_client_write(conn, CLIENTWRITE_BOTH, buffer, 0);
+      if(result)
+        return result;
+    }
+#endif
+    result = ftp_state_prepare_transfer(conn);
+    break;
+
+  case FTP_RETR_REST:
+    if(ftpcode != 350) {
+      failf(conn->data, "Couldn't use REST");
+      result = CURLE_FTP_COULDNT_USE_REST;
+    }
+    else {
+      PPSENDF(&ftpc->pp, "RETR %s", ftpc->file);
+      state(conn, FTP_RETR);
+    }
+    break;
+  }
+
+  return result;
+}
+
+static CURLcode ftp_state_stor_resp(struct connectdata *conn,
+                                    int ftpcode, ftpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  if(ftpcode>=400) {
+    failf(data, "Failed FTP upload: %0d", ftpcode);
+    state(conn, FTP_STOP);
+    /* oops, we never close the sockets! */
+    return CURLE_UPLOAD_FAILED;
+  }
+
+  conn->proto.ftpc.state_saved = instate;
+
+  /* PORT means we are now awaiting the server to connect to us. */
+  if(data->set.ftp_use_port) {
+    bool connected;
+
+    state(conn, FTP_STOP); /* no longer in STOR state */
+
+    result = AllowServerConnect(conn, &connected);
+    if(result)
+      return result;
+
+    if(!connected) {
+      struct ftp_conn *ftpc = &conn->proto.ftpc;
+      infof(data, "Data conn was not available immediately\n");
+      ftpc->wait_data_conn = TRUE;
+    }
+
+    return CURLE_OK;
+  }
+  else
+    return InitiateTransfer(conn);
+}
+
+/* for LIST and RETR responses */
+static CURLcode ftp_state_get_resp(struct connectdata *conn,
+                                    int ftpcode,
+                                    ftpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct FTP *ftp = data->req.protop;
+  char *buf = data->state.buffer;
+
+  if((ftpcode == 150) || (ftpcode == 125)) {
+
+    /*
+      A;
+      150 Opening BINARY mode data connection for /etc/passwd (2241
+      bytes).  (ok, the file is being transferred)
+
+      B:
+      150 Opening ASCII mode data connection for /bin/ls
+
+      C:
+      150 ASCII data connection for /bin/ls (137.167.104.91,37445) (0 bytes).
+
+      D:
+      150 Opening ASCII mode data connection for [file] (0.0.0.0,0) (545 bytes)
+
+      E:
+      125 Data connection already open; Transfer starting. */
+
+    curl_off_t size=-1; /* default unknown size */
+
+
+    /*
+     * It appears that there are FTP-servers that return size 0 for files when
+     * SIZE is used on the file while being in BINARY mode. To work around
+     * that (stupid) behavior, we attempt to parse the RETR response even if
+     * the SIZE returned size zero.
+     *
+     * Debugging help from Salvatore Sorrentino on February 26, 2003.
+     */
+
+    if((instate != FTP_LIST) &&
+       !data->set.prefer_ascii &&
+       (ftp->downloadsize < 1)) {
+      /*
+       * It seems directory listings either don't show the size or very
+       * often uses size 0 anyway. ASCII transfers may very well turn out
+       * that the transferred amount of data is not the same as this line
+       * tells, why using this number in those cases only confuses us.
+       *
+       * Example D above makes this parsing a little tricky */
+      char *bytes;
+      bytes=strstr(buf, " bytes");
+      if(bytes--) {
+        long in=(long)(bytes-buf);
+        /* this is a hint there is size information in there! ;-) */
+        while(--in) {
+          /* scan for the left parenthesis and break there */
+          if('(' == *bytes)
+            break;
+          /* skip only digits */
+          if(!ISDIGIT(*bytes)) {
+            bytes=NULL;
+            break;
+          }
+          /* one more estep backwards */
+          bytes--;
+        }
+        /* if we have nothing but digits: */
+        if(bytes++) {
+          /* get the number! */
+          size = curlx_strtoofft(bytes, NULL, 0);
+        }
+      }
+    }
+    else if(ftp->downloadsize > -1)
+      size = ftp->downloadsize;
+
+    if(size > data->req.maxdownload && data->req.maxdownload > 0)
+      size = data->req.size = data->req.maxdownload;
+    else if((instate != FTP_LIST) && (data->set.prefer_ascii))
+      size = -1; /* kludge for servers that understate ASCII mode file size */
+
+    infof(data, "Maxdownload = %" CURL_FORMAT_CURL_OFF_T "\n",
+          data->req.maxdownload);
+
+    if(instate != FTP_LIST)
+      infof(data, "Getting file with size: %" CURL_FORMAT_CURL_OFF_T "\n",
+            size);
+
+    /* FTP download: */
+    conn->proto.ftpc.state_saved = instate;
+    conn->proto.ftpc.retr_size_saved = size;
+
+    if(data->set.ftp_use_port) {
+      bool connected;
+
+      result = AllowServerConnect(conn, &connected);
+      if(result)
+        return result;
+
+      if(!connected) {
+        struct ftp_conn *ftpc = &conn->proto.ftpc;
+        infof(data, "Data conn was not available immediately\n");
+        state(conn, FTP_STOP);
+        ftpc->wait_data_conn = TRUE;
+      }
+    }
+    else
+      return InitiateTransfer(conn);
+  }
+  else {
+    if((instate == FTP_LIST) && (ftpcode == 450)) {
+      /* simply no matching files in the dir listing */
+      ftp->transfer = FTPTRANSFER_NONE; /* don't download anything */
+      state(conn, FTP_STOP); /* this phase is over */
+    }
+    else {
+      failf(data, "RETR response: %03d", ftpcode);
+      return instate == FTP_RETR && ftpcode == 550?
+        CURLE_REMOTE_FILE_NOT_FOUND:
+        CURLE_FTP_COULDNT_RETR_FILE;
+    }
+  }
+
+  return result;
+}
+
+/* after USER, PASS and ACCT */
+static CURLcode ftp_state_loggedin(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  if(conn->ssl[FIRSTSOCKET].use) {
+    /* PBSZ = PROTECTION BUFFER SIZE.
+
+    The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
+
+    Specifically, the PROT command MUST be preceded by a PBSZ
+    command and a PBSZ command MUST be preceded by a successful
+    security data exchange (the TLS negotiation in this case)
+
+    ... (and on page 8):
+
+    Thus the PBSZ command must still be issued, but must have a
+    parameter of '0' to indicate that no buffering is taking place
+    and the data connection should not be encapsulated.
+    */
+    PPSENDF(&conn->proto.ftpc.pp, "PBSZ %d", 0);
+    state(conn, FTP_PBSZ);
+  }
+  else {
+    result = ftp_state_pwd(conn);
+  }
+  return result;
+}
+
+/* for USER and PASS responses */
+static CURLcode ftp_state_user_resp(struct connectdata *conn,
+                                    int ftpcode,
+                                    ftpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct FTP *ftp = data->req.protop;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  (void)instate; /* no use for this yet */
+
+  /* some need password anyway, and others just return 2xx ignored */
+  if((ftpcode == 331) && (ftpc->state == FTP_USER)) {
+    /* 331 Password required for ...
+       (the server requires to send the user's password too) */
+    PPSENDF(&ftpc->pp, "PASS %s", ftp->passwd?ftp->passwd:"");
+    state(conn, FTP_PASS);
+  }
+  else if(ftpcode/100 == 2) {
+    /* 230 User ... logged in.
+       (the user logged in with or without password) */
+    result = ftp_state_loggedin(conn);
+  }
+  else if(ftpcode == 332) {
+    if(data->set.str[STRING_FTP_ACCOUNT]) {
+      PPSENDF(&ftpc->pp, "ACCT %s", data->set.str[STRING_FTP_ACCOUNT]);
+      state(conn, FTP_ACCT);
+    }
+    else {
+      failf(data, "ACCT requested but none available");
+      result = CURLE_LOGIN_DENIED;
+    }
+  }
+  else {
+    /* All other response codes, like:
+
+    530 User ... access denied
+    (the server denies to log the specified user) */
+
+    if(conn->data->set.str[STRING_FTP_ALTERNATIVE_TO_USER] &&
+        !conn->data->state.ftp_trying_alternative) {
+      /* Ok, USER failed.  Let's try the supplied command. */
+      PPSENDF(&conn->proto.ftpc.pp, "%s",
+              conn->data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
+      conn->data->state.ftp_trying_alternative = TRUE;
+      state(conn, FTP_USER);
+      result = CURLE_OK;
+    }
+    else {
+      failf(data, "Access denied: %03d", ftpcode);
+      result = CURLE_LOGIN_DENIED;
+    }
+  }
+  return result;
+}
+
+/* for ACCT response */
+static CURLcode ftp_state_acct_resp(struct connectdata *conn,
+                                    int ftpcode)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  if(ftpcode != 230) {
+    failf(data, "ACCT rejected by server: %03d", ftpcode);
+    result = CURLE_FTP_WEIRD_PASS_REPLY; /* FIX */
+  }
+  else
+    result = ftp_state_loggedin(conn);
+
+  return result;
+}
+
+
+static CURLcode ftp_statemach_act(struct connectdata *conn)
+{
+  CURLcode result;
+  curl_socket_t sock = conn->sock[FIRSTSOCKET];
+  struct SessionHandle *data=conn->data;
+  int ftpcode;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  struct pingpong *pp = &ftpc->pp;
+  static const char ftpauth[][4]  = { "SSL", "TLS" };
+  size_t nread = 0;
+
+  if(pp->sendleft)
+    return Curl_pp_flushsend(pp);
+
+  result = ftp_readresp(sock, pp, &ftpcode, &nread);
+  if(result)
+    return result;
+
+  if(ftpcode) {
+    /* we have now received a full FTP server response */
+    switch(ftpc->state) {
+    case FTP_WAIT220:
+      if(ftpcode == 230)
+        /* 230 User logged in - already! */
+        return ftp_state_user_resp(conn, ftpcode, ftpc->state);
+      else if(ftpcode != 220) {
+        failf(data, "Got a %03d ftp-server response when 220 was expected",
+              ftpcode);
+        return CURLE_FTP_WEIRD_SERVER_REPLY;
+      }
+
+      /* We have received a 220 response fine, now we proceed. */
+#ifdef HAVE_GSSAPI
+      if(data->set.krb) {
+        /* If not anonymous login, try a secure login. Note that this
+           procedure is still BLOCKING. */
+
+        Curl_sec_request_prot(conn, "private");
+        /* We set private first as default, in case the line below fails to
+           set a valid level */
+        Curl_sec_request_prot(conn, data->set.str[STRING_KRB_LEVEL]);
+
+        if(Curl_sec_login(conn) != CURLE_OK)
+          infof(data, "Logging in with password in cleartext!\n");
+        else
+          infof(data, "Authentication successful\n");
+      }
+#endif
+
+      if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+        /* We don't have a SSL/TLS connection yet, but FTPS is
+           requested. Try a FTPS connection now */
+
+        ftpc->count3=0;
+        switch(data->set.ftpsslauth) {
+        case CURLFTPAUTH_DEFAULT:
+        case CURLFTPAUTH_SSL:
+          ftpc->count2 = 1; /* add one to get next */
+          ftpc->count1 = 0;
+          break;
+        case CURLFTPAUTH_TLS:
+          ftpc->count2 = -1; /* subtract one to get next */
+          ftpc->count1 = 1;
+          break;
+        default:
+          failf(data, "unsupported parameter to CURLOPT_FTPSSLAUTH: %d",
+                (int)data->set.ftpsslauth);
+          return CURLE_UNKNOWN_OPTION; /* we don't know what to do */
+        }
+        PPSENDF(&ftpc->pp, "AUTH %s", ftpauth[ftpc->count1]);
+        state(conn, FTP_AUTH);
+      }
+      else {
+        result = ftp_state_user(conn);
+        if(result)
+          return result;
+      }
+
+      break;
+
+    case FTP_AUTH:
+      /* we have gotten the response to a previous AUTH command */
+
+      /* RFC2228 (page 5) says:
+       *
+       * If the server is willing to accept the named security mechanism,
+       * and does not require any security data, it must respond with
+       * reply code 234/334.
+       */
+
+      if((ftpcode == 234) || (ftpcode == 334)) {
+        /* Curl_ssl_connect is BLOCKING */
+        result = Curl_ssl_connect(conn, FIRSTSOCKET);
+        if(CURLE_OK == result) {
+          conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
+          result = ftp_state_user(conn);
+        }
+      }
+      else if(ftpc->count3 < 1) {
+        ftpc->count3++;
+        ftpc->count1 += ftpc->count2; /* get next attempt */
+        result = Curl_pp_sendf(&ftpc->pp, "AUTH %s", ftpauth[ftpc->count1]);
+        /* remain in this same state */
+      }
+      else {
+        if(data->set.use_ssl > CURLUSESSL_TRY)
+          /* we failed and CURLUSESSL_CONTROL or CURLUSESSL_ALL is set */
+          result = CURLE_USE_SSL_FAILED;
+        else
+          /* ignore the failure and continue */
+          result = ftp_state_user(conn);
+      }
+
+      if(result)
+        return result;
+      break;
+
+    case FTP_USER:
+    case FTP_PASS:
+      result = ftp_state_user_resp(conn, ftpcode, ftpc->state);
+      break;
+
+    case FTP_ACCT:
+      result = ftp_state_acct_resp(conn, ftpcode);
+      break;
+
+    case FTP_PBSZ:
+      PPSENDF(&ftpc->pp, "PROT %c",
+              data->set.use_ssl == CURLUSESSL_CONTROL ? 'C' : 'P');
+      state(conn, FTP_PROT);
+
+      break;
+
+    case FTP_PROT:
+      if(ftpcode/100 == 2)
+        /* We have enabled SSL for the data connection! */
+        conn->ssl[SECONDARYSOCKET].use =
+          (data->set.use_ssl != CURLUSESSL_CONTROL) ? TRUE : FALSE;
+      /* FTP servers typically responds with 500 if they decide to reject
+         our 'P' request */
+      else if(data->set.use_ssl > CURLUSESSL_CONTROL)
+        /* we failed and bails out */
+        return CURLE_USE_SSL_FAILED;
+
+      if(data->set.ftp_ccc) {
+        /* CCC - Clear Command Channel
+         */
+        PPSENDF(&ftpc->pp, "%s", "CCC");
+        state(conn, FTP_CCC);
+      }
+      else {
+        result = ftp_state_pwd(conn);
+        if(result)
+          return result;
+      }
+      break;
+
+    case FTP_CCC:
+      if(ftpcode < 500) {
+        /* First shut down the SSL layer (note: this call will block) */
+        result = Curl_ssl_shutdown(conn, FIRSTSOCKET);
+
+        if(result) {
+          failf(conn->data, "Failed to clear the command channel (CCC)");
+          return result;
+        }
+      }
+
+      /* Then continue as normal */
+      result = ftp_state_pwd(conn);
+      if(result)
+        return result;
+      break;
+
+    case FTP_PWD:
+      if(ftpcode == 257) {
+        char *ptr=&data->state.buffer[4];  /* start on the first letter */
+        char *dir;
+        char *store;
+
+        dir = malloc(nread + 1);
+        if(!dir)
+          return CURLE_OUT_OF_MEMORY;
+
+        /* Reply format is like
+           257<space>[rubbish]"<directory-name>"<space><commentary> and the
+           RFC959 says
+
+           The directory name can contain any character; embedded
+           double-quotes should be escaped by double-quotes (the
+           "quote-doubling" convention).
+        */
+
+        /* scan for the first double-quote for non-standard responses */
+        while(ptr < &data->state.buffer[sizeof(data->state.buffer)]
+              && *ptr != '\n' && *ptr != '\0' && *ptr != '"')
+          ptr++;
+
+        if('\"' == *ptr) {
+          /* it started good */
+          ptr++;
+          for(store = dir; *ptr;) {
+            if('\"' == *ptr) {
+              if('\"' == ptr[1]) {
+                /* "quote-doubling" */
+                *store = ptr[1];
+                ptr++;
+              }
+              else {
+                /* end of path */
+                *store = '\0'; /* zero terminate */
+                break; /* get out of this loop */
+              }
+            }
+            else
+              *store = *ptr;
+            store++;
+            ptr++;
+          }
+
+          /* If the path name does not look like an absolute path (i.e.: it
+             does not start with a '/'), we probably need some server-dependent
+             adjustments. For example, this is the case when connecting to
+             an OS400 FTP server: this server supports two name syntaxes,
+             the default one being incompatible with standard pathes. In
+             addition, this server switches automatically to the regular path
+             syntax when one is encountered in a command: this results in
+             having an entrypath in the wrong syntax when later used in CWD.
+               The method used here is to check the server OS: we do it only
+             if the path name looks strange to minimize overhead on other
+             systems. */
+
+          if(!ftpc->server_os && dir[0] != '/') {
+
+            result = Curl_pp_sendf(&ftpc->pp, "%s", "SYST");
+            if(result != CURLE_OK) {
+              free(dir);
+              return result;
+            }
+            Curl_safefree(ftpc->entrypath);
+            ftpc->entrypath = dir; /* remember this */
+            infof(data, "Entry path is '%s'\n", ftpc->entrypath);
+            /* also save it where getinfo can access it: */
+            data->state.most_recent_ftp_entrypath = ftpc->entrypath;
+            state(conn, FTP_SYST);
+            break;
+          }
+
+          Curl_safefree(ftpc->entrypath);
+          ftpc->entrypath = dir; /* remember this */
+          infof(data, "Entry path is '%s'\n", ftpc->entrypath);
+          /* also save it where getinfo can access it: */
+          data->state.most_recent_ftp_entrypath = ftpc->entrypath;
+        }
+        else {
+          /* couldn't get the path */
+          free(dir);
+          infof(data, "Failed to figure out path\n");
+        }
+      }
+      state(conn, FTP_STOP); /* we are done with the CONNECT phase! */
+      DEBUGF(infof(data, "protocol connect phase DONE\n"));
+      break;
+
+    case FTP_SYST:
+      if(ftpcode == 215) {
+        char *ptr=&data->state.buffer[4];  /* start on the first letter */
+        char *os;
+        char *store;
+
+        os = malloc(nread + 1);
+        if(!os)
+          return CURLE_OUT_OF_MEMORY;
+
+        /* Reply format is like
+           215<space><OS-name><space><commentary>
+        */
+        while(*ptr == ' ')
+          ptr++;
+        for(store = os; *ptr && *ptr != ' ';)
+          *store++ = *ptr++;
+        *store = '\0'; /* zero terminate */
+
+        /* Check for special servers here. */
+
+        if(strequal(os, "OS/400")) {
+          /* Force OS400 name format 1. */
+          result = Curl_pp_sendf(&ftpc->pp, "%s", "SITE NAMEFMT 1");
+          if(result != CURLE_OK) {
+            free(os);
+            return result;
+          }
+          /* remember target server OS */
+          Curl_safefree(ftpc->server_os);
+          ftpc->server_os = os;
+          state(conn, FTP_NAMEFMT);
+          break;
+        }
+        else {
+          /* Nothing special for the target server. */
+          /* remember target server OS */
+          Curl_safefree(ftpc->server_os);
+          ftpc->server_os = os;
+        }
+      }
+      else {
+        /* Cannot identify server OS. Continue anyway and cross fingers. */
+      }
+
+      state(conn, FTP_STOP); /* we are done with the CONNECT phase! */
+      DEBUGF(infof(data, "protocol connect phase DONE\n"));
+      break;
+
+    case FTP_NAMEFMT:
+      if(ftpcode == 250) {
+        /* Name format change successful: reload initial path. */
+        ftp_state_pwd(conn);
+        break;
+      }
+
+      state(conn, FTP_STOP); /* we are done with the CONNECT phase! */
+      DEBUGF(infof(data, "protocol connect phase DONE\n"));
+      break;
+
+    case FTP_QUOTE:
+    case FTP_POSTQUOTE:
+    case FTP_RETR_PREQUOTE:
+    case FTP_STOR_PREQUOTE:
+      if((ftpcode >= 400) && !ftpc->count2) {
+        /* failure response code, and not allowed to fail */
+        failf(conn->data, "QUOT command failed with %03d", ftpcode);
+        return CURLE_QUOTE_ERROR;
+      }
+      result = ftp_state_quote(conn, FALSE, ftpc->state);
+      if(result)
+        return result;
+
+      break;
+
+    case FTP_CWD:
+      if(ftpcode/100 != 2) {
+        /* failure to CWD there */
+        if(conn->data->set.ftp_create_missing_dirs &&
+           ftpc->count1 && !ftpc->count2) {
+          /* try making it */
+          ftpc->count2++; /* counter to prevent CWD-MKD loops */
+          PPSENDF(&ftpc->pp, "MKD %s", ftpc->dirs[ftpc->count1 - 1]);
+          state(conn, FTP_MKD);
+        }
+        else {
+          /* return failure */
+          failf(data, "Server denied you to change to the given directory");
+          ftpc->cwdfail = TRUE; /* don't remember this path as we failed
+                                   to enter it */
+          return CURLE_REMOTE_ACCESS_DENIED;
+        }
+      }
+      else {
+        /* success */
+        ftpc->count2=0;
+        if(++ftpc->count1 <= ftpc->dirdepth) {
+          /* send next CWD */
+          PPSENDF(&ftpc->pp, "CWD %s", ftpc->dirs[ftpc->count1 - 1]);
+        }
+        else {
+          result = ftp_state_mdtm(conn);
+          if(result)
+            return result;
+        }
+      }
+      break;
+
+    case FTP_MKD:
+      if((ftpcode/100 != 2) && !ftpc->count3--) {
+        /* failure to MKD the dir */
+        failf(data, "Failed to MKD dir: %03d", ftpcode);
+        return CURLE_REMOTE_ACCESS_DENIED;
+      }
+      state(conn, FTP_CWD);
+      /* send CWD */
+      PPSENDF(&ftpc->pp, "CWD %s", ftpc->dirs[ftpc->count1 - 1]);
+      break;
+
+    case FTP_MDTM:
+      result = ftp_state_mdtm_resp(conn, ftpcode);
+      break;
+
+    case FTP_TYPE:
+    case FTP_LIST_TYPE:
+    case FTP_RETR_TYPE:
+    case FTP_STOR_TYPE:
+      result = ftp_state_type_resp(conn, ftpcode, ftpc->state);
+      break;
+
+    case FTP_SIZE:
+    case FTP_RETR_SIZE:
+    case FTP_STOR_SIZE:
+      result = ftp_state_size_resp(conn, ftpcode, ftpc->state);
+      break;
+
+    case FTP_REST:
+    case FTP_RETR_REST:
+      result = ftp_state_rest_resp(conn, ftpcode, ftpc->state);
+      break;
+
+    case FTP_PRET:
+      if(ftpcode != 200) {
+        /* there only is this one standard OK return code. */
+        failf(data, "PRET command not accepted: %03d", ftpcode);
+        return CURLE_FTP_PRET_FAILED;
+      }
+      result = ftp_state_use_pasv(conn);
+      break;
+
+    case FTP_PASV:
+      result = ftp_state_pasv_resp(conn, ftpcode);
+      break;
+
+    case FTP_PORT:
+      result = ftp_state_port_resp(conn, ftpcode);
+      break;
+
+    case FTP_LIST:
+    case FTP_RETR:
+      result = ftp_state_get_resp(conn, ftpcode, ftpc->state);
+      break;
+
+    case FTP_STOR:
+      result = ftp_state_stor_resp(conn, ftpcode, ftpc->state);
+      break;
+
+    case FTP_QUIT:
+      /* fallthrough, just stop! */
+    default:
+      /* internal error */
+      state(conn, FTP_STOP);
+      break;
+    }
+  } /* if(ftpcode) */
+
+  return result;
+}
+
+
+/* called repeatedly until done from multi.c */
+static CURLcode ftp_multi_statemach(struct connectdata *conn,
+                                    bool *done)
+{
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  CURLcode result = Curl_pp_statemach(&ftpc->pp, FALSE);
+
+  /* Check for the state outside of the Curl_socket_ready() return code checks
+     since at times we are in fact already in this state when this function
+     gets called. */
+  *done = (ftpc->state == FTP_STOP) ? TRUE : FALSE;
+
+  return result;
+}
+
+static CURLcode ftp_block_statemach(struct connectdata *conn)
+{
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  struct pingpong *pp = &ftpc->pp;
+  CURLcode result = CURLE_OK;
+
+  while(ftpc->state != FTP_STOP) {
+    result = Curl_pp_statemach(pp, TRUE);
+    if(result)
+      break;
+  }
+
+  return result;
+}
+
+/*
+ * ftp_connect() should do everything that is to be considered a part of
+ * the connection phase.
+ *
+ * The variable 'done' points to will be TRUE if the protocol-layer connect
+ * phase is done when this function returns, or FALSE if not.
+ *
+ */
+static CURLcode ftp_connect(struct connectdata *conn,
+                                 bool *done) /* see description above */
+{
+  CURLcode result;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  struct pingpong *pp = &ftpc->pp;
+
+  *done = FALSE; /* default to not done yet */
+
+  /* We always support persistent connections on ftp */
+  connkeep(conn, "FTP default");
+
+  pp->response_time = RESP_TIMEOUT; /* set default response time-out */
+  pp->statemach_act = ftp_statemach_act;
+  pp->endofresp = ftp_endofresp;
+  pp->conn = conn;
+
+  if(conn->handler->flags & PROTOPT_SSL) {
+    /* BLOCKING */
+    result = Curl_ssl_connect(conn, FIRSTSOCKET);
+    if(result)
+      return result;
+  }
+
+  Curl_pp_init(pp); /* init the generic pingpong data */
+
+  /* When we connect, we start in the state where we await the 220
+     response */
+  state(conn, FTP_WAIT220);
+
+  result = ftp_multi_statemach(conn, done);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * ftp_done()
+ *
+ * The DONE function. This does what needs to be done after a single DO has
+ * performed.
+ *
+ * Input argument is already checked for validity.
+ */
+static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
+                              bool premature)
+{
+  struct SessionHandle *data = conn->data;
+  struct FTP *ftp = data->req.protop;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  struct pingpong *pp = &ftpc->pp;
+  ssize_t nread;
+  int ftpcode;
+  CURLcode result = CURLE_OK;
+  bool was_ctl_valid = ftpc->ctl_valid;
+  char *path;
+  const char *path_to_use = data->state.path;
+
+  if(!ftp)
+    /* When the easy handle is removed from the multi while libcurl is still
+     * trying to resolve the host name, it seems that the ftp struct is not
+     * yet initialized, but the removal action calls Curl_done() which calls
+     * this function. So we simply return success if no ftp pointer is set.
+     */
+    return CURLE_OK;
+
+  switch(status) {
+  case CURLE_BAD_DOWNLOAD_RESUME:
+  case CURLE_FTP_WEIRD_PASV_REPLY:
+  case CURLE_FTP_PORT_FAILED:
+  case CURLE_FTP_ACCEPT_FAILED:
+  case CURLE_FTP_ACCEPT_TIMEOUT:
+  case CURLE_FTP_COULDNT_SET_TYPE:
+  case CURLE_FTP_COULDNT_RETR_FILE:
+  case CURLE_PARTIAL_FILE:
+  case CURLE_UPLOAD_FAILED:
+  case CURLE_REMOTE_ACCESS_DENIED:
+  case CURLE_FILESIZE_EXCEEDED:
+  case CURLE_REMOTE_FILE_NOT_FOUND:
+  case CURLE_WRITE_ERROR:
+    /* the connection stays alive fine even though this happened */
+    /* fall-through */
+  case CURLE_OK: /* doesn't affect the control connection's status */
+    if(!premature) {
+      ftpc->ctl_valid = was_ctl_valid;
+      break;
+    }
+    /* until we cope better with prematurely ended requests, let them
+     * fallback as if in complete failure */
+  default:       /* by default, an error means the control connection is
+                    wedged and should not be used anymore */
+    ftpc->ctl_valid = FALSE;
+    ftpc->cwdfail = TRUE; /* set this TRUE to prevent us to remember the
+                             current path, as this connection is going */
+    connclose(conn, "FTP ended with bad error code");
+    result = status;      /* use the already set error code */
+    break;
+  }
+
+  /* now store a copy of the directory we are in */
+  if(ftpc->prevpath)
+    free(ftpc->prevpath);
+
+  if(data->set.wildcardmatch) {
+    if(data->set.chunk_end && ftpc->file) {
+      data->set.chunk_end(data->wildcard.customptr);
+    }
+    ftpc->known_filesize = -1;
+  }
+
+  /* get the "raw" path */
+  path = curl_easy_unescape(data, path_to_use, 0, NULL);
+  if(!path) {
+    /* out of memory, but we can limp along anyway (and should try to
+     * since we may already be in the out of memory cleanup path) */
+    if(!result)
+      result = CURLE_OUT_OF_MEMORY;
+    ftpc->ctl_valid = FALSE; /* mark control connection as bad */
+    connclose(conn, "FTP: out of memory!"); /* mark for connection closure */
+    ftpc->prevpath = NULL; /* no path remembering */
+  }
+  else {
+    size_t flen = ftpc->file?strlen(ftpc->file):0; /* file is "raw" already */
+    size_t dlen = strlen(path)-flen;
+    if(!ftpc->cwdfail) {
+      if(dlen && (data->set.ftp_filemethod != FTPFILE_NOCWD)) {
+        ftpc->prevpath = path;
+        if(flen)
+          /* if 'path' is not the whole string */
+          ftpc->prevpath[dlen]=0; /* terminate */
+      }
+      else {
+        /* we never changed dir */
+        ftpc->prevpath=strdup("");
+        free(path);
+      }
+      if(ftpc->prevpath)
+        infof(data, "Remembering we are in dir \"%s\"\n", ftpc->prevpath);
+    }
+    else {
+      ftpc->prevpath = NULL; /* no path */
+      free(path);
+    }
+  }
+  /* free the dir tree and file parts */
+  freedirs(ftpc);
+
+  /* shut down the socket to inform the server we're done */
+
+#ifdef _WIN32_WCE
+  shutdown(conn->sock[SECONDARYSOCKET],2);  /* SD_BOTH */
+#endif
+
+  if(conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) {
+    if(!result && ftpc->dont_check && data->req.maxdownload > 0) {
+      /* partial download completed */
+      result = Curl_pp_sendf(pp, "%s", "ABOR");
+      if(result) {
+        failf(data, "Failure sending ABOR command: %s",
+              curl_easy_strerror(result));
+        ftpc->ctl_valid = FALSE; /* mark control connection as bad */
+        connclose(conn, "ABOR command failed"); /* connection closure */
+      }
+    }
+
+    if(conn->ssl[SECONDARYSOCKET].use) {
+      /* The secondary socket is using SSL so we must close down that part
+         first before we close the socket for real */
+      Curl_ssl_close(conn, SECONDARYSOCKET);
+
+      /* Note that we keep "use" set to TRUE since that (next) connection is
+         still requested to use SSL */
+    }
+    if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET]) {
+      Curl_closesocket(conn, conn->sock[SECONDARYSOCKET]);
+      conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
+      conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
+    }
+  }
+
+  if(!result && (ftp->transfer == FTPTRANSFER_BODY) && ftpc->ctl_valid &&
+     pp->pending_resp && !premature) {
+    /*
+     * Let's see what the server says about the transfer we just performed,
+     * but lower the timeout as sometimes this connection has died while the
+     * data has been transferred. This happens when doing through NATs etc that
+     * abandon old silent connections.
+     */
+    long old_time = pp->response_time;
+
+    pp->response_time = 60*1000; /* give it only a minute for now */
+    pp->response = Curl_tvnow(); /* timeout relative now */
+
+    result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
+
+    pp->response_time = old_time; /* set this back to previous value */
+
+    if(!nread && (CURLE_OPERATION_TIMEDOUT == result)) {
+      failf(data, "control connection looks dead");
+      ftpc->ctl_valid = FALSE; /* mark control connection as bad */
+      connclose(conn, "Timeout or similar in FTP DONE operation"); /* close */
+    }
+
+    if(result)
+      return result;
+
+    if(ftpc->dont_check && data->req.maxdownload > 0) {
+      /* we have just sent ABOR and there is no reliable way to check if it was
+       * successful or not; we have to close the connection now */
+      infof(data, "partial download completed, closing connection\n");
+      connclose(conn, "Partial download with no ability to check");
+      return result;
+    }
+
+    if(!ftpc->dont_check) {
+      /* 226 Transfer complete, 250 Requested file action okay, completed. */
+      if((ftpcode != 226) && (ftpcode != 250)) {
+        failf(data, "server did not report OK, got %d", ftpcode);
+        result = CURLE_PARTIAL_FILE;
+      }
+    }
+  }
+
+  if(result || premature)
+    /* the response code from the transfer showed an error already so no
+       use checking further */
+    ;
+  else if(data->set.upload) {
+    if((-1 != data->state.infilesize) &&
+       (data->state.infilesize != *ftp->bytecountp) &&
+       !data->set.crlf &&
+       (ftp->transfer == FTPTRANSFER_BODY)) {
+      failf(data, "Uploaded unaligned file size (%" CURL_FORMAT_CURL_OFF_T
+            " out of %" CURL_FORMAT_CURL_OFF_T " bytes)",
+            *ftp->bytecountp, data->state.infilesize);
+      result = CURLE_PARTIAL_FILE;
+    }
+  }
+  else {
+    if((-1 != data->req.size) &&
+       (data->req.size != *ftp->bytecountp) &&
+#ifdef CURL_DO_LINEEND_CONV
+       /* Most FTP servers don't adjust their file SIZE response for CRLFs, so
+        * we'll check to see if the discrepancy can be explained by the number
+        * of CRLFs we've changed to LFs.
+        */
+       ((data->req.size + data->state.crlf_conversions) !=
+        *ftp->bytecountp) &&
+#endif /* CURL_DO_LINEEND_CONV */
+       (data->req.maxdownload != *ftp->bytecountp)) {
+      failf(data, "Received only partial file: %" CURL_FORMAT_CURL_OFF_T
+            " bytes", *ftp->bytecountp);
+      result = CURLE_PARTIAL_FILE;
+    }
+    else if(!ftpc->dont_check &&
+            !*ftp->bytecountp &&
+            (data->req.size>0)) {
+      failf(data, "No data was received!");
+      result = CURLE_FTP_COULDNT_RETR_FILE;
+    }
+  }
+
+  /* clear these for next connection */
+  ftp->transfer = FTPTRANSFER_BODY;
+  ftpc->dont_check = FALSE;
+
+  /* Send any post-transfer QUOTE strings? */
+  if(!status && !result && !premature && data->set.postquote)
+    result = ftp_sendquote(conn, data->set.postquote);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * ftp_sendquote()
+ *
+ * Where a 'quote' means a list of custom commands to send to the server.
+ * The quote list is passed as an argument.
+ *
+ * BLOCKING
+ */
+
+static
+CURLcode ftp_sendquote(struct connectdata *conn, struct curl_slist *quote)
+{
+  struct curl_slist *item;
+  ssize_t nread;
+  int ftpcode;
+  CURLcode result;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  struct pingpong *pp = &ftpc->pp;
+
+  item = quote;
+  while(item) {
+    if(item->data) {
+      char *cmd = item->data;
+      bool acceptfail = FALSE;
+
+      /* if a command starts with an asterisk, which a legal FTP command never
+         can, the command will be allowed to fail without it causing any
+         aborts or cancels etc. It will cause libcurl to act as if the command
+         is successful, whatever the server reponds. */
+
+      if(cmd[0] == '*') {
+        cmd++;
+        acceptfail = TRUE;
+      }
+
+      PPSENDF(&conn->proto.ftpc.pp, "%s", cmd);
+
+      pp->response = Curl_tvnow(); /* timeout relative now */
+
+      result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
+      if(result)
+        return result;
+
+      if(!acceptfail && (ftpcode >= 400)) {
+        failf(conn->data, "QUOT string not accepted: %s", cmd);
+        return CURLE_QUOTE_ERROR;
+      }
+    }
+
+    item = item->next;
+  }
+
+  return CURLE_OK;
+}
+
+/***********************************************************************
+ *
+ * ftp_need_type()
+ *
+ * Returns TRUE if we in the current situation should send TYPE
+ */
+static int ftp_need_type(struct connectdata *conn,
+                         bool ascii_wanted)
+{
+  return conn->proto.ftpc.transfertype != (ascii_wanted?'A':'I');
+}
+
+/***********************************************************************
+ *
+ * ftp_nb_type()
+ *
+ * Set TYPE. We only deal with ASCII or BINARY so this function
+ * sets one of them.
+ * If the transfer type is not sent, simulate on OK response in newstate
+ */
+static CURLcode ftp_nb_type(struct connectdata *conn,
+                            bool ascii, ftpstate newstate)
+{
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  CURLcode result;
+  char want = (char)(ascii?'A':'I');
+
+  if(ftpc->transfertype == want) {
+    state(conn, newstate);
+    return ftp_state_type_resp(conn, 200, newstate);
+  }
+
+  PPSENDF(&ftpc->pp, "TYPE %c", want);
+  state(conn, newstate);
+
+  /* keep track of our current transfer type */
+  ftpc->transfertype = want;
+  return CURLE_OK;
+}
+
+/***************************************************************************
+ *
+ * ftp_pasv_verbose()
+ *
+ * This function only outputs some informationals about this second connection
+ * when we've issued a PASV command before and thus we have connected to a
+ * possibly new IP address.
+ *
+ */
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+static void
+ftp_pasv_verbose(struct connectdata *conn,
+                 Curl_addrinfo *ai,
+                 char *newhost, /* ascii version */
+                 int port)
+{
+  char buf[256];
+  Curl_printable_address(ai, buf, sizeof(buf));
+  infof(conn->data, "Connecting to %s (%s) port %d\n", newhost, buf, port);
+}
+#endif
+
+/*
+  Check if this is a range download, and if so, set the internal variables
+  properly.
+ */
+
+static CURLcode ftp_range(struct connectdata *conn)
+{
+  curl_off_t from, to;
+  char *ptr;
+  char *ptr2;
+  struct SessionHandle *data = conn->data;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  if(data->state.use_range && data->state.range) {
+    from=curlx_strtoofft(data->state.range, &ptr, 0);
+    while(*ptr && (ISSPACE(*ptr) || (*ptr=='-')))
+      ptr++;
+    to=curlx_strtoofft(ptr, &ptr2, 0);
+    if(ptr == ptr2) {
+      /* we didn't get any digit */
+      to=-1;
+    }
+    if((-1 == to) && (from>=0)) {
+      /* X - */
+      data->state.resume_from = from;
+      DEBUGF(infof(conn->data, "FTP RANGE %" CURL_FORMAT_CURL_OFF_T
+                   " to end of file\n", from));
+    }
+    else if(from < 0) {
+      /* -Y */
+      data->req.maxdownload = -from;
+      data->state.resume_from = from;
+      DEBUGF(infof(conn->data, "FTP RANGE the last %" CURL_FORMAT_CURL_OFF_T
+                   " bytes\n", -from));
+    }
+    else {
+      /* X-Y */
+      data->req.maxdownload = (to-from)+1; /* include last byte */
+      data->state.resume_from = from;
+      DEBUGF(infof(conn->data, "FTP RANGE from %" CURL_FORMAT_CURL_OFF_T
+                   " getting %" CURL_FORMAT_CURL_OFF_T " bytes\n",
+                   from, data->req.maxdownload));
+    }
+    DEBUGF(infof(conn->data, "range-download from %" CURL_FORMAT_CURL_OFF_T
+                 " to %" CURL_FORMAT_CURL_OFF_T ", totally %"
+                 CURL_FORMAT_CURL_OFF_T " bytes\n",
+                 from, to, data->req.maxdownload));
+    ftpc->dont_check = TRUE; /* dont check for successful transfer */
+  }
+  else
+    data->req.maxdownload = -1;
+  return CURLE_OK;
+}
+
+
+/*
+ * ftp_do_more()
+ *
+ * This function shall be called when the second FTP (data) connection is
+ * connected.
+ *
+ * 'complete' can return 0 for incomplete, 1 for done and -1 for go back
+ * (which basically is only for when PASV is being sent to retry a failed
+ * EPSV).
+ */
+
+static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
+{
+  struct SessionHandle *data=conn->data;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  CURLcode result = CURLE_OK;
+  bool connected = FALSE;
+  bool complete = FALSE;
+
+  /* the ftp struct is inited in ftp_connect() */
+  struct FTP *ftp = data->req.protop;
+
+  /* if the second connection isn't done yet, wait for it */
+  if(!conn->bits.tcpconnect[SECONDARYSOCKET]) {
+    if(conn->tunnel_state[SECONDARYSOCKET] == TUNNEL_CONNECT) {
+      /* As we're in TUNNEL_CONNECT state now, we know the proxy name and port
+         aren't used so we blank their arguments. TODO: make this nicer */
+      result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, NULL, 0);
+
+      return result;
+    }
+
+    result = Curl_is_connected(conn, SECONDARYSOCKET, &connected);
+
+    /* Ready to do more? */
+    if(connected) {
+      DEBUGF(infof(data, "DO-MORE connected phase starts\n"));
+      if(conn->bits.proxy) {
+        infof(data, "Connection to proxy confirmed\n");
+        result = proxy_magic(conn, ftpc->newhost, ftpc->newport, &connected);
+      }
+    }
+    else {
+      if(result && (ftpc->count1 == 0)) {
+        *completep = -1; /* go back to DOING please */
+        /* this is a EPSV connect failing, try PASV instead */
+        return ftp_epsv_disable(conn);
+      }
+      return result;
+    }
+  }
+
+  if(ftpc->state) {
+    /* already in a state so skip the intial commands.
+       They are only done to kickstart the do_more state */
+    result = ftp_multi_statemach(conn, &complete);
+
+    *completep = (int)complete;
+
+    /* if we got an error or if we don't wait for a data connection return
+       immediately */
+    if(result || (ftpc->wait_data_conn != TRUE))
+      return result;
+
+    if(ftpc->wait_data_conn)
+      /* if we reach the end of the FTP state machine here, *complete will be
+         TRUE but so is ftpc->wait_data_conn, which says we need to wait for
+         the data connection and therefore we're not actually complete */
+      *completep = 0;
+  }
+
+  if(ftp->transfer <= FTPTRANSFER_INFO) {
+    /* a transfer is about to take place, or if not a file name was given
+       so we'll do a SIZE on it later and then we need the right TYPE first */
+
+    if(ftpc->wait_data_conn == TRUE) {
+      bool serv_conned;
+
+      result = ReceivedServerConnect(conn, &serv_conned);
+      if(result)
+        return result; /* Failed to accept data connection */
+
+      if(serv_conned) {
+        /* It looks data connection is established */
+        result = AcceptServerConnect(conn);
+        ftpc->wait_data_conn = FALSE;
+        if(!result)
+          result = InitiateTransfer(conn);
+
+        if(result)
+          return result;
+
+        *completep = 1; /* this state is now complete when the server has
+                           connected back to us */
+      }
+    }
+    else if(data->set.upload) {
+      result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_STOR_TYPE);
+      if(result)
+        return result;
+
+      result = ftp_multi_statemach(conn, &complete);
+      *completep = (int)complete;
+    }
+    else {
+      /* download */
+      ftp->downloadsize = -1; /* unknown as of yet */
+
+      result = ftp_range(conn);
+      if(result)
+        ;
+      else if(data->set.ftp_list_only || !ftpc->file) {
+        /* The specified path ends with a slash, and therefore we think this
+           is a directory that is requested, use LIST. But before that we
+           need to set ASCII transfer mode. */
+
+        /* But only if a body transfer was requested. */
+        if(ftp->transfer == FTPTRANSFER_BODY) {
+          result = ftp_nb_type(conn, TRUE, FTP_LIST_TYPE);
+          if(result)
+            return result;
+        }
+        /* otherwise just fall through */
+      }
+      else {
+        result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_RETR_TYPE);
+        if(result)
+          return result;
+      }
+
+      result = ftp_multi_statemach(conn, &complete);
+      *completep = (int)complete;
+    }
+    return result;
+  }
+
+  if((result == CURLE_OK) && (ftp->transfer != FTPTRANSFER_BODY))
+    /* no data to transfer. FIX: it feels like a kludge to have this here
+       too! */
+    Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+
+  if(!ftpc->wait_data_conn) {
+    /* no waiting for the data connection so this is now complete */
+    *completep = 1;
+    DEBUGF(infof(data, "DO-MORE phase ends with %d\n", (int)result));
+  }
+
+  return result;
+}
+
+
+
+/***********************************************************************
+ *
+ * ftp_perform()
+ *
+ * This is the actual DO function for FTP. Get a file/directory according to
+ * the options previously setup.
+ */
+
+static
+CURLcode ftp_perform(struct connectdata *conn,
+                     bool *connected,  /* connect status after PASV / PORT */
+                     bool *dophase_done)
+{
+  /* this is FTP and no proxy */
+  CURLcode result=CURLE_OK;
+
+  DEBUGF(infof(conn->data, "DO phase starts\n"));
+
+  if(conn->data->set.opt_no_body) {
+    /* requested no body means no transfer... */
+    struct FTP *ftp = conn->data->req.protop;
+    ftp->transfer = FTPTRANSFER_INFO;
+  }
+
+  *dophase_done = FALSE; /* not done yet */
+
+  /* start the first command in the DO phase */
+  result = ftp_state_quote(conn, TRUE, FTP_QUOTE);
+  if(result)
+    return result;
+
+  /* run the state-machine */
+  result = ftp_multi_statemach(conn, dophase_done);
+
+  *connected = conn->bits.tcpconnect[SECONDARYSOCKET];
+
+  infof(conn->data, "ftp_perform ends with SECONDARY: %d\n", *connected);
+
+  if(*dophase_done) {
+    DEBUGF(infof(conn->data, "DO phase is complete1\n"));
+  }
+
+  return result;
+}
+
+static void wc_data_dtor(void *ptr)
+{
+  struct ftp_wc_tmpdata *tmp = ptr;
+  if(tmp)
+    Curl_ftp_parselist_data_free(&tmp->parser);
+  Curl_safefree(tmp);
+}
+
+static CURLcode init_wc_data(struct connectdata *conn)
+{
+  char *last_slash;
+  char *path = conn->data->state.path;
+  struct WildcardData *wildcard = &(conn->data->wildcard);
+  CURLcode ret = CURLE_OK;
+  struct ftp_wc_tmpdata *ftp_tmp;
+
+  last_slash = strrchr(conn->data->state.path, '/');
+  if(last_slash) {
+    last_slash++;
+    if(last_slash[0] == '\0') {
+      wildcard->state = CURLWC_CLEAN;
+      ret = ftp_parse_url_path(conn);
+      return ret;
+    }
+    else {
+      wildcard->pattern = strdup(last_slash);
+      if(!wildcard->pattern)
+        return CURLE_OUT_OF_MEMORY;
+      last_slash[0] = '\0'; /* cut file from path */
+    }
+  }
+  else { /* there is only 'wildcard pattern' or nothing */
+    if(path[0]) {
+      wildcard->pattern = strdup(path);
+      if(!wildcard->pattern)
+        return CURLE_OUT_OF_MEMORY;
+      path[0] = '\0';
+    }
+    else { /* only list */
+      wildcard->state = CURLWC_CLEAN;
+      ret = ftp_parse_url_path(conn);
+      return ret;
+    }
+  }
+
+  /* program continues only if URL is not ending with slash, allocate needed
+     resources for wildcard transfer */
+
+  /* allocate ftp protocol specific temporary wildcard data */
+  ftp_tmp = calloc(1, sizeof(struct ftp_wc_tmpdata));
+  if(!ftp_tmp) {
+    Curl_safefree(wildcard->pattern);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* INITIALIZE parselist structure */
+  ftp_tmp->parser = Curl_ftp_parselist_data_alloc();
+  if(!ftp_tmp->parser) {
+    Curl_safefree(wildcard->pattern);
+    Curl_safefree(ftp_tmp);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  wildcard->tmp = ftp_tmp; /* put it to the WildcardData tmp pointer */
+  wildcard->tmp_dtor = wc_data_dtor;
+
+  /* wildcard does not support NOCWD option (assert it?) */
+  if(conn->data->set.ftp_filemethod == FTPFILE_NOCWD)
+    conn->data->set.ftp_filemethod = FTPFILE_MULTICWD;
+
+  /* try to parse ftp url */
+  ret = ftp_parse_url_path(conn);
+  if(ret) {
+    Curl_safefree(wildcard->pattern);
+    wildcard->tmp_dtor(wildcard->tmp);
+    wildcard->tmp_dtor = ZERO_NULL;
+    wildcard->tmp = NULL;
+    return ret;
+  }
+
+  wildcard->path = strdup(conn->data->state.path);
+  if(!wildcard->path) {
+    Curl_safefree(wildcard->pattern);
+    wildcard->tmp_dtor(wildcard->tmp);
+    wildcard->tmp_dtor = ZERO_NULL;
+    wildcard->tmp = NULL;
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* backup old write_function */
+  ftp_tmp->backup.write_function = conn->data->set.fwrite_func;
+  /* parsing write function */
+  conn->data->set.fwrite_func = Curl_ftp_parselist;
+  /* backup old file descriptor */
+  ftp_tmp->backup.file_descriptor = conn->data->set.out;
+  /* let the writefunc callback know what curl pointer is working with */
+  conn->data->set.out = conn;
+
+  infof(conn->data, "Wildcard - Parsing started\n");
+  return CURLE_OK;
+}
+
+/* This is called recursively */
+static CURLcode wc_statemach(struct connectdata *conn)
+{
+  struct WildcardData * const wildcard = &(conn->data->wildcard);
+  CURLcode ret = CURLE_OK;
+
+  switch (wildcard->state) {
+  case CURLWC_INIT:
+    ret = init_wc_data(conn);
+    if(wildcard->state == CURLWC_CLEAN)
+      /* only listing! */
+      break;
+    else
+      wildcard->state = ret ? CURLWC_ERROR : CURLWC_MATCHING;
+    break;
+
+  case CURLWC_MATCHING: {
+    /* In this state is LIST response successfully parsed, so lets restore
+       previous WRITEFUNCTION callback and WRITEDATA pointer */
+    struct ftp_wc_tmpdata *ftp_tmp = wildcard->tmp;
+    conn->data->set.fwrite_func = ftp_tmp->backup.write_function;
+    conn->data->set.out = ftp_tmp->backup.file_descriptor;
+    ftp_tmp->backup.write_function = ZERO_NULL;
+    ftp_tmp->backup.file_descriptor = NULL;
+    wildcard->state = CURLWC_DOWNLOADING;
+
+    if(Curl_ftp_parselist_geterror(ftp_tmp->parser)) {
+      /* error found in LIST parsing */
+      wildcard->state = CURLWC_CLEAN;
+      return wc_statemach(conn);
+    }
+    else if(wildcard->filelist->size == 0) {
+      /* no corresponding file */
+      wildcard->state = CURLWC_CLEAN;
+      return CURLE_REMOTE_FILE_NOT_FOUND;
+    }
+    return wc_statemach(conn);
+  }
+
+  case CURLWC_DOWNLOADING: {
+    /* filelist has at least one file, lets get first one */
+    struct ftp_conn *ftpc = &conn->proto.ftpc;
+    struct curl_fileinfo *finfo = wildcard->filelist->head->ptr;
+
+    char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);
+    if(!tmp_path)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* switch default "state.pathbuffer" and tmp_path, good to see
+       ftp_parse_url_path function to understand this trick */
+    Curl_safefree(conn->data->state.pathbuffer);
+    conn->data->state.pathbuffer = tmp_path;
+    conn->data->state.path = tmp_path;
+
+    infof(conn->data, "Wildcard - START of \"%s\"\n", finfo->filename);
+    if(conn->data->set.chunk_bgn) {
+      long userresponse = conn->data->set.chunk_bgn(
+          finfo, wildcard->customptr, (int)wildcard->filelist->size);
+      switch(userresponse) {
+      case CURL_CHUNK_BGN_FUNC_SKIP:
+        infof(conn->data, "Wildcard - \"%s\" skipped by user\n",
+              finfo->filename);
+        wildcard->state = CURLWC_SKIP;
+        return wc_statemach(conn);
+      case CURL_CHUNK_BGN_FUNC_FAIL:
+        return CURLE_CHUNK_FAILED;
+      }
+    }
+
+    if(finfo->filetype != CURLFILETYPE_FILE) {
+      wildcard->state = CURLWC_SKIP;
+      return wc_statemach(conn);
+    }
+
+    if(finfo->flags & CURLFINFOFLAG_KNOWN_SIZE)
+      ftpc->known_filesize = finfo->size;
+
+    ret = ftp_parse_url_path(conn);
+    if(ret) {
+      return ret;
+    }
+
+    /* we don't need the Curl_fileinfo of first file anymore */
+    Curl_llist_remove(wildcard->filelist, wildcard->filelist->head, NULL);
+
+    if(wildcard->filelist->size == 0) { /* remains only one file to down. */
+      wildcard->state = CURLWC_CLEAN;
+      /* after that will be ftp_do called once again and no transfer
+         will be done because of CURLWC_CLEAN state */
+      return CURLE_OK;
+    }
+  } break;
+
+  case CURLWC_SKIP: {
+    if(conn->data->set.chunk_end)
+      conn->data->set.chunk_end(conn->data->wildcard.customptr);
+    Curl_llist_remove(wildcard->filelist, wildcard->filelist->head, NULL);
+    wildcard->state = (wildcard->filelist->size == 0) ?
+                      CURLWC_CLEAN : CURLWC_DOWNLOADING;
+    return wc_statemach(conn);
+  }
+
+  case CURLWC_CLEAN: {
+    struct ftp_wc_tmpdata *ftp_tmp = wildcard->tmp;
+    ret = CURLE_OK;
+    if(ftp_tmp) {
+      ret = Curl_ftp_parselist_geterror(ftp_tmp->parser);
+    }
+    wildcard->state = ret ? CURLWC_ERROR : CURLWC_DONE;
+  } break;
+
+  case CURLWC_DONE:
+  case CURLWC_ERROR:
+    break;
+  }
+
+  return ret;
+}
+
+/***********************************************************************
+ *
+ * ftp_do()
+ *
+ * This function is registered as 'curl_do' function. It decodes the path
+ * parts etc as a wrapper to the actual DO function (ftp_perform).
+ *
+ * The input argument is already checked for validity.
+ */
+static CURLcode ftp_do(struct connectdata *conn, bool *done)
+{
+  CURLcode retcode = CURLE_OK;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  *done = FALSE; /* default to false */
+  ftpc->wait_data_conn = FALSE; /* default to no such wait */
+
+  if(conn->data->set.wildcardmatch) {
+    retcode = wc_statemach(conn);
+    if(conn->data->wildcard.state == CURLWC_SKIP ||
+      conn->data->wildcard.state == CURLWC_DONE) {
+      /* do not call ftp_regular_transfer */
+      return CURLE_OK;
+    }
+    if(retcode) /* error, loop or skipping the file */
+      return retcode;
+  }
+  else { /* no wildcard FSM needed */
+    retcode = ftp_parse_url_path(conn);
+    if(retcode)
+      return retcode;
+  }
+
+  retcode = ftp_regular_transfer(conn, done);
+
+  return retcode;
+}
+
+
+CURLcode Curl_ftpsendf(struct connectdata *conn,
+                       const char *fmt, ...)
+{
+  ssize_t bytes_written;
+#define SBUF_SIZE 1024
+  char s[SBUF_SIZE];
+  size_t write_len;
+  char *sptr=s;
+  CURLcode res = CURLE_OK;
+#ifdef HAVE_GSSAPI
+  enum protection_level data_sec = conn->data_prot;
+#endif
+
+  va_list ap;
+  va_start(ap, fmt);
+  write_len = vsnprintf(s, SBUF_SIZE-3, fmt, ap);
+  va_end(ap);
+
+  strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */
+  write_len +=2;
+
+  bytes_written=0;
+
+  res = Curl_convert_to_network(conn->data, s, write_len);
+  /* Curl_convert_to_network calls failf if unsuccessful */
+  if(res)
+    return(res);
+
+  for(;;) {
+#ifdef HAVE_GSSAPI
+    conn->data_prot = PROT_CMD;
+#endif
+    res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
+                     &bytes_written);
+#ifdef HAVE_GSSAPI
+    DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST);
+    conn->data_prot = data_sec;
+#endif
+
+    if(CURLE_OK != res)
+      break;
+
+    if(conn->data->set.verbose)
+      Curl_debug(conn->data, CURLINFO_HEADER_OUT,
+                 sptr, (size_t)bytes_written, conn);
+
+    if(bytes_written != (ssize_t)write_len) {
+      write_len -= bytes_written;
+      sptr += bytes_written;
+    }
+    else
+      break;
+  }
+
+  return res;
+}
+
+/***********************************************************************
+ *
+ * ftp_quit()
+ *
+ * This should be called before calling sclose() on an ftp control connection
+ * (not data connections). We should then wait for the response from the
+ * server before returning. The calling code should then try to close the
+ * connection.
+ *
+ */
+static CURLcode ftp_quit(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  if(conn->proto.ftpc.ctl_valid) {
+    result = Curl_pp_sendf(&conn->proto.ftpc.pp, "%s", "QUIT");
+    if(result) {
+      failf(conn->data, "Failure sending QUIT command: %s",
+            curl_easy_strerror(result));
+      conn->proto.ftpc.ctl_valid = FALSE; /* mark control connection as bad */
+      connclose(conn, "QUIT command failed"); /* mark for connection closure */
+      state(conn, FTP_STOP);
+      return result;
+    }
+
+    state(conn, FTP_QUIT);
+
+    result = ftp_block_statemach(conn);
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * ftp_disconnect()
+ *
+ * Disconnect from an FTP server. Cleanup protocol-specific per-connection
+ * resources. BLOCKING.
+ */
+static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection)
+{
+  struct ftp_conn *ftpc= &conn->proto.ftpc;
+  struct pingpong *pp = &ftpc->pp;
+
+  /* We cannot send quit unconditionally. If this connection is stale or
+     bad in any way, sending quit and waiting around here will make the
+     disconnect wait in vain and cause more problems than we need to.
+
+     ftp_quit() will check the state of ftp->ctl_valid. If it's ok it
+     will try to send the QUIT command, otherwise it will just return.
+  */
+  if(dead_connection)
+    ftpc->ctl_valid = FALSE;
+
+  /* The FTP session may or may not have been allocated/setup at this point! */
+  (void)ftp_quit(conn); /* ignore errors on the QUIT */
+
+  if(ftpc->entrypath) {
+    struct SessionHandle *data = conn->data;
+    if(data->state.most_recent_ftp_entrypath == ftpc->entrypath) {
+      data->state.most_recent_ftp_entrypath = NULL;
+    }
+    free(ftpc->entrypath);
+    ftpc->entrypath = NULL;
+  }
+
+  freedirs(ftpc);
+  if(ftpc->prevpath) {
+    free(ftpc->prevpath);
+    ftpc->prevpath = NULL;
+  }
+  if(ftpc->server_os) {
+    free(ftpc->server_os);
+    ftpc->server_os = NULL;
+  }
+
+  Curl_pp_disconnect(pp);
+
+#ifdef HAVE_GSSAPI
+  Curl_sec_end(conn);
+#endif
+
+  return CURLE_OK;
+}
+
+/***********************************************************************
+ *
+ * ftp_parse_url_path()
+ *
+ * Parse the URL path into separate path components.
+ *
+ */
+static
+CURLcode ftp_parse_url_path(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  /* the ftp struct is already inited in ftp_connect() */
+  struct FTP *ftp = data->req.protop;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  const char *slash_pos;  /* position of the first '/' char in curpos */
+  const char *path_to_use = data->state.path;
+  const char *cur_pos;
+  const char *filename = NULL;
+
+  cur_pos = path_to_use; /* current position in path. point at the begin
+                            of next path component */
+
+  ftpc->ctl_valid = FALSE;
+  ftpc->cwdfail = FALSE;
+
+  switch(data->set.ftp_filemethod) {
+  case FTPFILE_NOCWD:
+    /* fastest, but less standard-compliant */
+
+    /*
+      The best time to check whether the path is a file or directory is right
+      here. so:
+
+      the first condition in the if() right here, is there just in case
+      someone decides to set path to NULL one day
+   */
+    if(data->state.path &&
+       data->state.path[0] &&
+       (data->state.path[strlen(data->state.path) - 1] != '/') )
+      filename = data->state.path;  /* this is a full file path */
+      /*
+        ftpc->file is not used anywhere other than for operations on a file.
+        In other words, never for directory operations.
+        So we can safely leave filename as NULL here and use it as a
+        argument in dir/file decisions.
+      */
+    break;
+
+  case FTPFILE_SINGLECWD:
+    /* get the last slash */
+    if(!path_to_use[0]) {
+      /* no dir, no file */
+      ftpc->dirdepth = 0;
+      break;
+    }
+    slash_pos=strrchr(cur_pos, '/');
+    if(slash_pos || !*cur_pos) {
+      size_t dirlen = slash_pos-cur_pos;
+
+      ftpc->dirs = calloc(1, sizeof(ftpc->dirs[0]));
+      if(!ftpc->dirs)
+        return CURLE_OUT_OF_MEMORY;
+
+      if(!dirlen)
+        dirlen++;
+
+      ftpc->dirs[0] = curl_easy_unescape(conn->data, slash_pos ? cur_pos : "/",
+                                         slash_pos ? curlx_uztosi(dirlen) : 1,
+                                         NULL);
+      if(!ftpc->dirs[0]) {
+        freedirs(ftpc);
+        return CURLE_OUT_OF_MEMORY;
+      }
+      ftpc->dirdepth = 1; /* we consider it to be a single dir */
+      filename = slash_pos ? slash_pos+1 : cur_pos; /* rest is file name */
+    }
+    else
+      filename = cur_pos;  /* this is a file name only */
+    break;
+
+  default: /* allow pretty much anything */
+  case FTPFILE_MULTICWD:
+    ftpc->dirdepth = 0;
+    ftpc->diralloc = 5; /* default dir depth to allocate */
+    ftpc->dirs = calloc(ftpc->diralloc, sizeof(ftpc->dirs[0]));
+    if(!ftpc->dirs)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* we have a special case for listing the root dir only */
+    if(strequal(path_to_use, "/")) {
+      cur_pos++; /* make it point to the zero byte */
+      ftpc->dirs[0] = strdup("/");
+      ftpc->dirdepth++;
+    }
+    else {
+      /* parse the URL path into separate path components */
+      while((slash_pos = strchr(cur_pos, '/')) != NULL) {
+        /* 1 or 0 pointer offset to indicate absolute directory */
+        ssize_t absolute_dir = ((cur_pos - data->state.path > 0) &&
+                                (ftpc->dirdepth == 0))?1:0;
+
+        /* seek out the next path component */
+        if(slash_pos-cur_pos) {
+          /* we skip empty path components, like "x//y" since the FTP command
+             CWD requires a parameter and a non-existent parameter a) doesn't
+             work on many servers and b) has no effect on the others. */
+          int len = curlx_sztosi(slash_pos - cur_pos + absolute_dir);
+          ftpc->dirs[ftpc->dirdepth] =
+            curl_easy_unescape(conn->data, cur_pos - absolute_dir, len, NULL);
+          if(!ftpc->dirs[ftpc->dirdepth]) { /* run out of memory ... */
+            failf(data, "no memory");
+            freedirs(ftpc);
+            return CURLE_OUT_OF_MEMORY;
+          }
+          if(isBadFtpString(ftpc->dirs[ftpc->dirdepth])) {
+            free(ftpc->dirs[ftpc->dirdepth]);
+            freedirs(ftpc);
+            return CURLE_URL_MALFORMAT;
+          }
+        }
+        else {
+          cur_pos = slash_pos + 1; /* jump to the rest of the string */
+          if(!ftpc->dirdepth) {
+            /* path starts with a slash, add that as a directory */
+            ftpc->dirs[ftpc->dirdepth] = strdup("/");
+            if(!ftpc->dirs[ftpc->dirdepth++]) { /* run out of memory ... */
+              failf(data, "no memory");
+              freedirs(ftpc);
+              return CURLE_OUT_OF_MEMORY;
+            }
+          }
+          continue;
+        }
+
+        cur_pos = slash_pos + 1; /* jump to the rest of the string */
+        if(++ftpc->dirdepth >= ftpc->diralloc) {
+          /* enlarge array */
+          char **bigger;
+          ftpc->diralloc *= 2; /* double the size each time */
+          bigger = realloc(ftpc->dirs, ftpc->diralloc * sizeof(ftpc->dirs[0]));
+          if(!bigger) {
+            freedirs(ftpc);
+            return CURLE_OUT_OF_MEMORY;
+          }
+          ftpc->dirs = bigger;
+        }
+      }
+    }
+    filename = cur_pos;  /* the rest is the file name */
+    break;
+  } /* switch */
+
+  if(filename && *filename) {
+    ftpc->file = curl_easy_unescape(conn->data, filename, 0, NULL);
+    if(NULL == ftpc->file) {
+      freedirs(ftpc);
+      failf(data, "no memory");
+      return CURLE_OUT_OF_MEMORY;
+    }
+    if(isBadFtpString(ftpc->file)) {
+      freedirs(ftpc);
+      return CURLE_URL_MALFORMAT;
+    }
+  }
+  else
+    ftpc->file=NULL; /* instead of point to a zero byte, we make it a NULL
+                       pointer */
+
+  if(data->set.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) {
+    /* We need a file name when uploading. Return error! */
+    failf(data, "Uploading to a URL without a file name!");
+    return CURLE_URL_MALFORMAT;
+  }
+
+  ftpc->cwddone = FALSE; /* default to not done */
+
+  if(ftpc->prevpath) {
+    /* prevpath is "raw" so we convert the input path before we compare the
+       strings */
+    int dlen;
+    char *path = curl_easy_unescape(conn->data, data->state.path, 0, &dlen);
+    if(!path) {
+      freedirs(ftpc);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    dlen -= ftpc->file?curlx_uztosi(strlen(ftpc->file)):0;
+    if((dlen == curlx_uztosi(strlen(ftpc->prevpath))) &&
+       strnequal(path, ftpc->prevpath, dlen)) {
+      infof(data, "Request has same path as previous transfer\n");
+      ftpc->cwddone = TRUE;
+    }
+    free(path);
+  }
+
+  return CURLE_OK;
+}
+
+/* call this when the DO phase has completed */
+static CURLcode ftp_dophase_done(struct connectdata *conn,
+                                 bool connected)
+{
+  struct FTP *ftp = conn->data->req.protop;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+
+  if(connected) {
+    int completed;
+    CURLcode result = ftp_do_more(conn, &completed);
+
+    if(result) {
+      if(conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) {
+        /* close the second socket if it was created already */
+        Curl_closesocket(conn, conn->sock[SECONDARYSOCKET]);
+        conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
+      }
+      return result;
+    }
+  }
+
+  if(ftp->transfer != FTPTRANSFER_BODY)
+    /* no data to transfer */
+    Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+  else if(!connected)
+    /* since we didn't connect now, we want do_more to get called */
+    conn->bits.do_more = TRUE;
+
+  ftpc->ctl_valid = TRUE; /* seems good */
+
+  return CURLE_OK;
+}
+
+/* called from multi.c while DOing */
+static CURLcode ftp_doing(struct connectdata *conn,
+                          bool *dophase_done)
+{
+  CURLcode result = ftp_multi_statemach(conn, dophase_done);
+
+  if(result)
+    DEBUGF(infof(conn->data, "DO phase failed\n"));
+  else if(*dophase_done) {
+    result = ftp_dophase_done(conn, FALSE /* not connected */);
+
+    DEBUGF(infof(conn->data, "DO phase is complete2\n"));
+  }
+  return result;
+}
+
+/***********************************************************************
+ *
+ * ftp_regular_transfer()
+ *
+ * The input argument is already checked for validity.
+ *
+ * Performs all commands done before a regular transfer between a local and a
+ * remote host.
+ *
+ * ftp->ctl_valid starts out as FALSE, and gets set to TRUE if we reach the
+ * ftp_done() function without finding any major problem.
+ */
+static
+CURLcode ftp_regular_transfer(struct connectdata *conn,
+                              bool *dophase_done)
+{
+  CURLcode result=CURLE_OK;
+  bool connected=FALSE;
+  struct SessionHandle *data = conn->data;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  data->req.size = -1; /* make sure this is unknown at this point */
+
+  Curl_pgrsSetUploadCounter(data, 0);
+  Curl_pgrsSetDownloadCounter(data, 0);
+  Curl_pgrsSetUploadSize(data, -1);
+  Curl_pgrsSetDownloadSize(data, -1);
+
+  ftpc->ctl_valid = TRUE; /* starts good */
+
+  result = ftp_perform(conn,
+                       &connected, /* have we connected after PASV/PORT */
+                       dophase_done); /* all commands in the DO-phase done? */
+
+  if(CURLE_OK == result) {
+
+    if(!*dophase_done)
+      /* the DO phase has not completed yet */
+      return CURLE_OK;
+
+    result = ftp_dophase_done(conn, connected);
+
+    if(result)
+      return result;
+  }
+  else
+    freedirs(ftpc);
+
+  return result;
+}
+
+static CURLcode ftp_setup_connection(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  char *type;
+  char command;
+  struct FTP *ftp;
+
+  if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) {
+    /* Unless we have asked to tunnel ftp operations through the proxy, we
+       switch and use HTTP operations only */
+#ifndef CURL_DISABLE_HTTP
+    if(conn->handler == &Curl_handler_ftp)
+      conn->handler = &Curl_handler_ftp_proxy;
+    else {
+#ifdef USE_SSL
+      conn->handler = &Curl_handler_ftps_proxy;
+#else
+      failf(data, "FTPS not supported!");
+      return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+    }
+    /* set it up as a HTTP connection instead */
+    return conn->handler->setup_connection(conn);
+#else
+    failf(data, "FTP over http proxy requires HTTP support built-in!");
+    return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+  }
+
+  conn->data->req.protop = ftp = malloc(sizeof(struct FTP));
+  if(NULL == ftp)
+    return CURLE_OUT_OF_MEMORY;
+
+  data->state.path++;   /* don't include the initial slash */
+  data->state.slash_removed = TRUE; /* we've skipped the slash */
+
+  /* FTP URLs support an extension like ";type=<typecode>" that
+   * we'll try to get now! */
+  type = strstr(data->state.path, ";type=");
+
+  if(!type)
+    type = strstr(conn->host.rawalloc, ";type=");
+
+  if(type) {
+    *type = 0;                     /* it was in the middle of the hostname */
+    command = Curl_raw_toupper(type[6]);
+    conn->bits.type_set = TRUE;
+
+    switch (command) {
+    case 'A': /* ASCII mode */
+      data->set.prefer_ascii = TRUE;
+      break;
+
+    case 'D': /* directory mode */
+      data->set.ftp_list_only = TRUE;
+      break;
+
+    case 'I': /* binary mode */
+    default:
+      /* switch off ASCII */
+      data->set.prefer_ascii = FALSE;
+      break;
+    }
+  }
+
+  /* get some initial data into the ftp struct */
+  ftp->bytecountp = &conn->data->req.bytecount;
+  ftp->transfer = FTPTRANSFER_BODY;
+  ftp->downloadsize = 0;
+
+  /* No need to duplicate user+password, the connectdata struct won't change
+     during a session, but we re-init them here since on subsequent inits
+     since the conn struct may have changed or been replaced.
+  */
+  ftp->user = conn->user;
+  ftp->passwd = conn->passwd;
+  if(isBadFtpString(ftp->user))
+    return CURLE_URL_MALFORMAT;
+  if(isBadFtpString(ftp->passwd))
+    return CURLE_URL_MALFORMAT;
+
+  conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
+
+  return CURLE_OK;
+}
+
+#endif /* CURL_DISABLE_FTP */
diff --git a/Utilities/cmcurl/lib/ftp.h b/Utilities/cmcurl/lib/ftp.h
new file mode 100644
index 0000000..b6bfc02
--- /dev/null
+++ b/Utilities/cmcurl/lib/ftp.h
@@ -0,0 +1,160 @@
+#ifndef HEADER_CURL_FTP_H
+#define HEADER_CURL_FTP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "pingpong.h"
+
+#ifndef CURL_DISABLE_FTP
+extern const struct Curl_handler Curl_handler_ftp;
+
+#ifdef USE_SSL
+extern const struct Curl_handler Curl_handler_ftps;
+#endif
+
+CURLcode Curl_ftpsendf(struct connectdata *, const char *fmt, ...);
+CURLcode Curl_GetFTPResponse(ssize_t *nread, struct connectdata *conn,
+                             int *ftpcode);
+#endif /* CURL_DISABLE_FTP */
+
+/****************************************************************************
+ * FTP unique setup
+ ***************************************************************************/
+typedef enum {
+  FTP_STOP,    /* do nothing state, stops the state machine */
+  FTP_WAIT220, /* waiting for the initial 220 response immediately after
+                  a connect */
+  FTP_AUTH,
+  FTP_USER,
+  FTP_PASS,
+  FTP_ACCT,
+  FTP_PBSZ,
+  FTP_PROT,
+  FTP_CCC,
+  FTP_PWD,
+  FTP_SYST,
+  FTP_NAMEFMT,
+  FTP_QUOTE, /* waiting for a response to a command sent in a quote list */
+  FTP_RETR_PREQUOTE,
+  FTP_STOR_PREQUOTE,
+  FTP_POSTQUOTE,
+  FTP_CWD,  /* change dir */
+  FTP_MKD,  /* if the dir didn't exist */
+  FTP_MDTM, /* to figure out the datestamp */
+  FTP_TYPE, /* to set type when doing a head-like request */
+  FTP_LIST_TYPE, /* set type when about to do a dir list */
+  FTP_RETR_TYPE, /* set type when about to RETR a file */
+  FTP_STOR_TYPE, /* set type when about to STOR a file */
+  FTP_SIZE, /* get the remote file's size for head-like request */
+  FTP_RETR_SIZE, /* get the remote file's size for RETR */
+  FTP_STOR_SIZE, /* get the size for STOR */
+  FTP_REST, /* when used to check if the server supports it in head-like */
+  FTP_RETR_REST, /* when asking for "resume" in for RETR */
+  FTP_PORT, /* generic state for PORT, LPRT and EPRT, check count1 */
+  FTP_PRET, /* generic state for PRET RETR, PRET STOR and PRET LIST/NLST */
+  FTP_PASV, /* generic state for PASV and EPSV, check count1 */
+  FTP_LIST, /* generic state for LIST, NLST or a custom list command */
+  FTP_RETR,
+  FTP_STOR, /* generic state for STOR and APPE */
+  FTP_QUIT,
+  FTP_LAST  /* never used */
+} ftpstate;
+
+struct ftp_parselist_data; /* defined later in ftplistparser.c */
+
+struct ftp_wc_tmpdata {
+  struct ftp_parselist_data *parser;
+
+  struct {
+    curl_write_callback write_function;
+    FILE *file_descriptor;
+  } backup;
+};
+
+typedef enum {
+  FTPFILE_MULTICWD  = 1, /* as defined by RFC1738 */
+  FTPFILE_NOCWD     = 2, /* use SIZE / RETR / STOR on the full path */
+  FTPFILE_SINGLECWD = 3  /* make one CWD, then SIZE / RETR / STOR on the
+                            file */
+} curl_ftpfile;
+
+/* This FTP struct is used in the SessionHandle. All FTP data that is
+   connection-oriented must be in FTP_conn to properly deal with the fact that
+   perhaps the SessionHandle is changed between the times the connection is
+   used. */
+struct FTP {
+  curl_off_t *bytecountp;
+  char *user;    /* user name string */
+  char *passwd;  /* password string */
+
+  /* transfer a file/body or not, done as a typedefed enum just to make
+     debuggers display the full symbol and not just the numerical value */
+  curl_pp_transfer transfer;
+  curl_off_t downloadsize;
+};
+
+
+/* ftp_conn is used for struct connection-oriented data in the connectdata
+   struct */
+struct ftp_conn {
+  struct pingpong pp;
+  char *entrypath; /* the PWD reply when we logged on */
+  char **dirs;   /* realloc()ed array for path components */
+  int dirdepth;  /* number of entries used in the 'dirs' array */
+  int diralloc;  /* number of entries allocated for the 'dirs' array */
+  char *file;    /* decoded file */
+  bool dont_check;  /* Set to TRUE to prevent the final (post-transfer)
+                       file size and 226/250 status check. It should still
+                       read the line, just ignore the result. */
+  bool ctl_valid;   /* Tells Curl_ftp_quit() whether or not to do anything. If
+                       the connection has timed out or been closed, this
+                       should be FALSE when it gets to Curl_ftp_quit() */
+  bool cwddone;     /* if it has been determined that the proper CWD combo
+                       already has been done */
+  bool cwdfail;     /* set TRUE if a CWD command fails, as then we must prevent
+                       caching the current directory */
+  bool wait_data_conn; /* this is set TRUE if data connection is waited */
+  char *prevpath;   /* conn->path from the previous transfer */
+  char transfertype; /* set by ftp_transfertype for use by Curl_client_write()a
+                        and others (A/I or zero) */
+  int count1; /* general purpose counter for the state machine */
+  int count2; /* general purpose counter for the state machine */
+  int count3; /* general purpose counter for the state machine */
+  ftpstate state; /* always use ftp.c:state() to change state! */
+  ftpstate state_saved; /* transfer type saved to be reloaded after
+                           data connection is established */
+  curl_off_t retr_size_saved; /* Size of retrieved file saved */
+  char * server_os;     /* The target server operating system. */
+  curl_off_t known_filesize; /* file size is different from -1, if wildcard
+                                LIST parsing was done and wc_statemach set
+                                it */
+  /* newhost must be able to hold a full IP-style address in ASCII, which
+     in the IPv6 case means 5*8-1 = 39 letters */
+#define NEWHOST_BUFSIZE 48
+  char newhost[NEWHOST_BUFSIZE]; /* this is the pair to connect the DATA... */
+  unsigned short newport;        /* connection to */
+
+};
+
+#define DEFAULT_ACCEPT_TIMEOUT   60000 /* milliseconds == one minute */
+
+#endif /* HEADER_CURL_FTP_H */
diff --git a/Utilities/cmcurl/lib/ftplistparser.c b/Utilities/cmcurl/lib/ftplistparser.c
new file mode 100644
index 0000000..4a46dd1
--- /dev/null
+++ b/Utilities/cmcurl/lib/ftplistparser.c
@@ -0,0 +1,1053 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/**
+ * Now implemented:
+ *
+ * 1) UNIX version 1
+ * drwxr-xr-x 1 user01 ftp  512 Jan 29 23:32 prog
+ * 2) UNIX version 2
+ * drwxr-xr-x 1 user01 ftp  512 Jan 29 1997  prog
+ * 3) UNIX version 3
+ * drwxr-xr-x 1      1   1  512 Jan 29 23:32 prog
+ * 4) UNIX symlink
+ * lrwxr-xr-x 1 user01 ftp  512 Jan 29 23:32 prog -> prog2000
+ * 5) DOS style
+ * 01-29-97 11:32PM <DIR> prog
+ */
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_FTP
+
+#include <curl/curl.h>
+
+#include "urldata.h"
+#include "fileinfo.h"
+#include "llist.h"
+#include "strtoofft.h"
+#include "rawstr.h"
+#include "ftp.h"
+#include "ftplistparser.h"
+#include "curl_fnmatch.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* allocs buffer which will contain one line of LIST command response */
+#define FTP_BUFFER_ALLOCSIZE 160
+
+typedef enum {
+  PL_UNIX_TOTALSIZE = 0,
+  PL_UNIX_FILETYPE,
+  PL_UNIX_PERMISSION,
+  PL_UNIX_HLINKS,
+  PL_UNIX_USER,
+  PL_UNIX_GROUP,
+  PL_UNIX_SIZE,
+  PL_UNIX_TIME,
+  PL_UNIX_FILENAME,
+  PL_UNIX_SYMLINK
+} pl_unix_mainstate;
+
+typedef union {
+  enum {
+    PL_UNIX_TOTALSIZE_INIT = 0,
+    PL_UNIX_TOTALSIZE_READING
+  } total_dirsize;
+
+  enum {
+    PL_UNIX_HLINKS_PRESPACE = 0,
+    PL_UNIX_HLINKS_NUMBER
+  } hlinks;
+
+  enum {
+    PL_UNIX_USER_PRESPACE = 0,
+    PL_UNIX_USER_PARSING
+  } user;
+
+  enum {
+    PL_UNIX_GROUP_PRESPACE = 0,
+    PL_UNIX_GROUP_NAME
+  } group;
+
+  enum {
+    PL_UNIX_SIZE_PRESPACE = 0,
+    PL_UNIX_SIZE_NUMBER
+  } size;
+
+  enum {
+    PL_UNIX_TIME_PREPART1 = 0,
+    PL_UNIX_TIME_PART1,
+    PL_UNIX_TIME_PREPART2,
+    PL_UNIX_TIME_PART2,
+    PL_UNIX_TIME_PREPART3,
+    PL_UNIX_TIME_PART3
+  } time;
+
+  enum {
+    PL_UNIX_FILENAME_PRESPACE = 0,
+    PL_UNIX_FILENAME_NAME,
+    PL_UNIX_FILENAME_WINDOWSEOL
+  } filename;
+
+  enum {
+    PL_UNIX_SYMLINK_PRESPACE = 0,
+    PL_UNIX_SYMLINK_NAME,
+    PL_UNIX_SYMLINK_PRETARGET1,
+    PL_UNIX_SYMLINK_PRETARGET2,
+    PL_UNIX_SYMLINK_PRETARGET3,
+    PL_UNIX_SYMLINK_PRETARGET4,
+    PL_UNIX_SYMLINK_TARGET,
+    PL_UNIX_SYMLINK_WINDOWSEOL
+  } symlink;
+} pl_unix_substate;
+
+typedef enum {
+  PL_WINNT_DATE = 0,
+  PL_WINNT_TIME,
+  PL_WINNT_DIRORSIZE,
+  PL_WINNT_FILENAME
+} pl_winNT_mainstate;
+
+typedef union {
+  enum {
+    PL_WINNT_TIME_PRESPACE = 0,
+    PL_WINNT_TIME_TIME
+  } time;
+  enum {
+    PL_WINNT_DIRORSIZE_PRESPACE = 0,
+    PL_WINNT_DIRORSIZE_CONTENT
+  } dirorsize;
+  enum {
+    PL_WINNT_FILENAME_PRESPACE = 0,
+    PL_WINNT_FILENAME_CONTENT,
+    PL_WINNT_FILENAME_WINEOL
+  } filename;
+} pl_winNT_substate;
+
+/* This struct is used in wildcard downloading - for parsing LIST response */
+struct ftp_parselist_data {
+  enum {
+    OS_TYPE_UNKNOWN = 0,
+    OS_TYPE_UNIX,
+    OS_TYPE_WIN_NT
+  } os_type;
+
+  union {
+    struct {
+      pl_unix_mainstate main;
+      pl_unix_substate sub;
+    } UNIX;
+
+    struct {
+      pl_winNT_mainstate main;
+      pl_winNT_substate sub;
+    } NT;
+  } state;
+
+  CURLcode error;
+  struct curl_fileinfo *file_data;
+  unsigned int item_length;
+  size_t item_offset;
+  struct {
+    size_t filename;
+    size_t user;
+    size_t group;
+    size_t time;
+    size_t perm;
+    size_t symlink_target;
+  } offsets;
+};
+
+struct ftp_parselist_data *Curl_ftp_parselist_data_alloc(void)
+{
+  return calloc(1, sizeof(struct ftp_parselist_data));
+}
+
+
+void Curl_ftp_parselist_data_free(struct ftp_parselist_data **pl_data)
+{
+  if(*pl_data)
+    free(*pl_data);
+  *pl_data = NULL;
+}
+
+
+CURLcode Curl_ftp_parselist_geterror(struct ftp_parselist_data *pl_data)
+{
+  return pl_data->error;
+}
+
+
+#define FTP_LP_MALFORMATED_PERM 0x01000000
+
+static int ftp_pl_get_permission(const char *str)
+{
+  int permissions = 0;
+  /* USER */
+  if(str[0] == 'r')
+    permissions |= 1 << 8;
+  else if(str[0] != '-')
+    permissions |= FTP_LP_MALFORMATED_PERM;
+  if(str[1] == 'w')
+    permissions |= 1 << 7;
+  else if(str[1] != '-')
+    permissions |= FTP_LP_MALFORMATED_PERM;
+
+  if(str[2] == 'x')
+    permissions |= 1 << 6;
+  else if(str[2] == 's') {
+    permissions |= 1 << 6;
+    permissions |= 1 << 11;
+  }
+  else if(str[2] == 'S')
+    permissions |= 1 << 11;
+  else if(str[2] != '-')
+    permissions |= FTP_LP_MALFORMATED_PERM;
+  /* GROUP */
+  if(str[3] == 'r')
+    permissions |= 1 << 5;
+  else if(str[3] != '-')
+    permissions |= FTP_LP_MALFORMATED_PERM;
+  if(str[4] == 'w')
+    permissions |= 1 << 4;
+  else if(str[4] != '-')
+    permissions |= FTP_LP_MALFORMATED_PERM;
+  if(str[5] == 'x')
+    permissions |= 1 << 3;
+  else if(str[5] == 's') {
+    permissions |= 1 << 3;
+    permissions |= 1 << 10;
+  }
+  else if(str[5] == 'S')
+    permissions |= 1 << 10;
+  else if(str[5] != '-')
+    permissions |= FTP_LP_MALFORMATED_PERM;
+  /* others */
+  if(str[6] == 'r')
+    permissions |= 1 << 2;
+  else if(str[6] != '-')
+    permissions |= FTP_LP_MALFORMATED_PERM;
+  if(str[7] == 'w')
+    permissions |= 1 << 1;
+  else if(str[7] != '-')
+      permissions |= FTP_LP_MALFORMATED_PERM;
+  if(str[8] == 'x')
+    permissions |= 1;
+  else if(str[8] == 't') {
+    permissions |= 1;
+    permissions |= 1 << 9;
+  }
+  else if(str[8] == 'T')
+    permissions |= 1 << 9;
+  else if(str[8] != '-')
+    permissions |= FTP_LP_MALFORMATED_PERM;
+
+  return permissions;
+}
+
+static void PL_ERROR(struct connectdata *conn, CURLcode err)
+{
+  struct ftp_wc_tmpdata *tmpdata = conn->data->wildcard.tmp;
+  struct ftp_parselist_data *parser = tmpdata->parser;
+  if(parser->file_data)
+    Curl_fileinfo_dtor(NULL, parser->file_data);
+  parser->file_data = NULL;
+  parser->error = err;
+}
+
+static bool ftp_pl_gettime(struct ftp_parselist_data *parser, char *string)
+{
+  (void)parser;
+  (void)string;
+  /* TODO
+   * There could be possible parse timestamp from server. Leaving unimplemented
+   * for now.
+   * If you want implement this, please add CURLFINFOFLAG_KNOWN_TIME flag to
+   * parser->file_data->flags
+   *
+   * Ftp servers are giving usually these formats:
+   *  Apr 11  1998 (unknown time.. set it to 00:00:00?)
+   *  Apr 11 12:21 (unknown year -> set it to NOW() time?)
+   *  08-05-09  02:49PM  (ms-dos format)
+   *  20100421092538 -> for MLST/MLSD response
+   */
+
+  return FALSE;
+}
+
+static CURLcode ftp_pl_insert_finfo(struct connectdata *conn,
+                                    struct curl_fileinfo *finfo)
+{
+  curl_fnmatch_callback compare;
+  struct WildcardData *wc = &conn->data->wildcard;
+  struct ftp_wc_tmpdata *tmpdata = wc->tmp;
+  struct curl_llist *llist = wc->filelist;
+  struct ftp_parselist_data *parser = tmpdata->parser;
+  bool add = TRUE;
+
+  /* move finfo pointers to b_data */
+  char *str = finfo->b_data;
+  finfo->filename       = str + parser->offsets.filename;
+  finfo->strings.group  = parser->offsets.group ?
+                          str + parser->offsets.group : NULL;
+  finfo->strings.perm   = parser->offsets.perm ?
+                          str + parser->offsets.perm : NULL;
+  finfo->strings.target = parser->offsets.symlink_target ?
+                          str + parser->offsets.symlink_target : NULL;
+  finfo->strings.time   = str + parser->offsets.time;
+  finfo->strings.user   = parser->offsets.user ?
+                          str + parser->offsets.user : NULL;
+
+  /* get correct fnmatch callback */
+  compare = conn->data->set.fnmatch;
+  if(!compare)
+    compare = Curl_fnmatch;
+
+  /* filter pattern-corresponding filenames */
+  if(compare(conn->data->set.fnmatch_data, wc->pattern,
+             finfo->filename) == 0) {
+    /* discard symlink which is containing multiple " -> " */
+    if((finfo->filetype == CURLFILETYPE_SYMLINK) && finfo->strings.target &&
+       (strstr(finfo->strings.target, " -> "))) {
+      add = FALSE;
+    }
+  }
+  else {
+    add = FALSE;
+  }
+
+  if(add) {
+    if(!Curl_llist_insert_next(llist, llist->tail, finfo)) {
+      Curl_fileinfo_dtor(NULL, finfo);
+      tmpdata->parser->file_data = NULL;
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  else {
+    Curl_fileinfo_dtor(NULL, finfo);
+  }
+
+  tmpdata->parser->file_data = NULL;
+  return CURLE_OK;
+}
+
+size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
+                          void *connptr)
+{
+  size_t bufflen = size*nmemb;
+  struct connectdata *conn = (struct connectdata *)connptr;
+  struct ftp_wc_tmpdata *tmpdata = conn->data->wildcard.tmp;
+  struct ftp_parselist_data *parser = tmpdata->parser;
+  struct curl_fileinfo *finfo;
+  unsigned long i = 0;
+  CURLcode rc;
+
+  if(parser->error) { /* error in previous call */
+    /* scenario:
+     * 1. call => OK..
+     * 2. call => OUT_OF_MEMORY (or other error)
+     * 3. (last) call => is skipped RIGHT HERE and the error is hadled later
+     *    in wc_statemach()
+     */
+    return bufflen;
+  }
+
+  if(parser->os_type == OS_TYPE_UNKNOWN && bufflen > 0) {
+    /* considering info about FILE response format */
+    parser->os_type = (buffer[0] >= '0' && buffer[0] <= '9') ?
+                       OS_TYPE_WIN_NT : OS_TYPE_UNIX;
+  }
+
+  while(i < bufflen) { /* FSM */
+
+    char c = buffer[i];
+    if(!parser->file_data) { /* tmp file data is not allocated yet */
+      parser->file_data = Curl_fileinfo_alloc();
+      if(!parser->file_data) {
+        parser->error = CURLE_OUT_OF_MEMORY;
+        return bufflen;
+      }
+      parser->file_data->b_data = malloc(FTP_BUFFER_ALLOCSIZE);
+      if(!parser->file_data->b_data) {
+        PL_ERROR(conn, CURLE_OUT_OF_MEMORY);
+        return bufflen;
+      }
+      parser->file_data->b_size = FTP_BUFFER_ALLOCSIZE;
+      parser->item_offset = 0;
+      parser->item_length = 0;
+    }
+
+    finfo = parser->file_data;
+    finfo->b_data[finfo->b_used++] = c;
+
+    if(finfo->b_used >= finfo->b_size - 1) {
+      /* if it is important, extend buffer space for file data */
+      char *tmp = realloc(finfo->b_data,
+                          finfo->b_size + FTP_BUFFER_ALLOCSIZE);
+      if(tmp) {
+        finfo->b_size += FTP_BUFFER_ALLOCSIZE;
+        finfo->b_data = tmp;
+      }
+      else {
+        Curl_fileinfo_dtor(NULL, parser->file_data);
+        parser->file_data = NULL;
+        parser->error = CURLE_OUT_OF_MEMORY;
+        PL_ERROR(conn, CURLE_OUT_OF_MEMORY);
+        return bufflen;
+      }
+    }
+
+    switch (parser->os_type) {
+    case OS_TYPE_UNIX:
+      switch (parser->state.UNIX.main) {
+      case PL_UNIX_TOTALSIZE:
+        switch(parser->state.UNIX.sub.total_dirsize) {
+        case PL_UNIX_TOTALSIZE_INIT:
+          if(c == 't') {
+            parser->state.UNIX.sub.total_dirsize = PL_UNIX_TOTALSIZE_READING;
+            parser->item_length++;
+          }
+          else {
+            parser->state.UNIX.main = PL_UNIX_FILETYPE;
+            /* start FSM again not considering size of directory */
+            finfo->b_used = 0;
+            i--;
+          }
+          break;
+        case PL_UNIX_TOTALSIZE_READING:
+          parser->item_length++;
+          if(c == '\r') {
+            parser->item_length--;
+            finfo->b_used--;
+          }
+          else if(c == '\n') {
+            finfo->b_data[parser->item_length - 1] = 0;
+            if(strncmp("total ", finfo->b_data, 6) == 0) {
+              char *endptr = finfo->b_data+6;
+              /* here we can deal with directory size, pass the leading white
+                 spaces and then the digits */
+              while(ISSPACE(*endptr))
+                endptr++;
+              while(ISDIGIT(*endptr))
+                endptr++;
+              if(*endptr != 0) {
+                PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+                return bufflen;
+              }
+              else {
+                parser->state.UNIX.main = PL_UNIX_FILETYPE;
+                finfo->b_used = 0;
+              }
+            }
+            else {
+              PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+              return bufflen;
+            }
+          }
+          break;
+        }
+        break;
+      case PL_UNIX_FILETYPE:
+        switch (c) {
+        case '-':
+          finfo->filetype = CURLFILETYPE_FILE;
+          break;
+        case 'd':
+          finfo->filetype = CURLFILETYPE_DIRECTORY;
+          break;
+        case 'l':
+          finfo->filetype = CURLFILETYPE_SYMLINK;
+          break;
+        case 'p':
+          finfo->filetype = CURLFILETYPE_NAMEDPIPE;
+          break;
+        case 's':
+          finfo->filetype = CURLFILETYPE_SOCKET;
+          break;
+        case 'c':
+          finfo->filetype = CURLFILETYPE_DEVICE_CHAR;
+          break;
+        case 'b':
+          finfo->filetype = CURLFILETYPE_DEVICE_BLOCK;
+          break;
+        case 'D':
+          finfo->filetype = CURLFILETYPE_DOOR;
+          break;
+        default:
+          PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+          return bufflen;
+        }
+        parser->state.UNIX.main = PL_UNIX_PERMISSION;
+        parser->item_length = 0;
+        parser->item_offset = 1;
+        break;
+      case PL_UNIX_PERMISSION:
+        parser->item_length++;
+        if(parser->item_length <= 9) {
+          if(!strchr("rwx-tTsS", c)) {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+        }
+        else if(parser->item_length == 10) {
+          unsigned int perm;
+          if(c != ' ') {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          finfo->b_data[10] = 0; /* terminate permissions */
+          perm = ftp_pl_get_permission(finfo->b_data + parser->item_offset);
+          if(perm & FTP_LP_MALFORMATED_PERM) {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          parser->file_data->flags |= CURLFINFOFLAG_KNOWN_PERM;
+          parser->file_data->perm = perm;
+          parser->offsets.perm = parser->item_offset;
+
+          parser->item_length = 0;
+          parser->state.UNIX.main = PL_UNIX_HLINKS;
+          parser->state.UNIX.sub.hlinks = PL_UNIX_HLINKS_PRESPACE;
+        }
+        break;
+      case PL_UNIX_HLINKS:
+        switch(parser->state.UNIX.sub.hlinks) {
+        case PL_UNIX_HLINKS_PRESPACE:
+          if(c != ' ') {
+            if(c >= '0' && c <= '9') {
+              parser->item_offset = finfo->b_used - 1;
+              parser->item_length = 1;
+              parser->state.UNIX.sub.hlinks = PL_UNIX_HLINKS_NUMBER;
+            }
+            else {
+              PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+              return bufflen;
+            }
+          }
+          break;
+        case PL_UNIX_HLINKS_NUMBER:
+          parser->item_length ++;
+          if(c == ' ') {
+            char *p;
+            long int hlinks;
+            finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
+            hlinks = strtol(finfo->b_data + parser->item_offset, &p, 10);
+            if(p[0] == '\0' && hlinks != LONG_MAX && hlinks != LONG_MIN) {
+              parser->file_data->flags |= CURLFINFOFLAG_KNOWN_HLINKCOUNT;
+              parser->file_data->hardlinks = hlinks;
+            }
+            parser->item_length = 0;
+            parser->item_offset = 0;
+            parser->state.UNIX.main = PL_UNIX_USER;
+            parser->state.UNIX.sub.user = PL_UNIX_USER_PRESPACE;
+          }
+          else if(c < '0' || c > '9') {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        }
+        break;
+      case PL_UNIX_USER:
+        switch(parser->state.UNIX.sub.user) {
+        case PL_UNIX_USER_PRESPACE:
+          if(c != ' ') {
+            parser->item_offset = finfo->b_used - 1;
+            parser->item_length = 1;
+            parser->state.UNIX.sub.user = PL_UNIX_USER_PARSING;
+          }
+          break;
+        case PL_UNIX_USER_PARSING:
+          parser->item_length++;
+          if(c == ' ') {
+            finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
+            parser->offsets.user = parser->item_offset;
+            parser->state.UNIX.main = PL_UNIX_GROUP;
+            parser->state.UNIX.sub.group = PL_UNIX_GROUP_PRESPACE;
+            parser->item_offset = 0;
+            parser->item_length = 0;
+          }
+          break;
+        }
+        break;
+      case PL_UNIX_GROUP:
+        switch(parser->state.UNIX.sub.group) {
+        case PL_UNIX_GROUP_PRESPACE:
+          if(c != ' ') {
+            parser->item_offset = finfo->b_used - 1;
+            parser->item_length = 1;
+            parser->state.UNIX.sub.group = PL_UNIX_GROUP_NAME;
+          }
+          break;
+        case PL_UNIX_GROUP_NAME:
+          parser->item_length++;
+          if(c == ' ') {
+            finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
+            parser->offsets.group = parser->item_offset;
+            parser->state.UNIX.main = PL_UNIX_SIZE;
+            parser->state.UNIX.sub.size = PL_UNIX_SIZE_PRESPACE;
+            parser->item_offset = 0;
+            parser->item_length = 0;
+          }
+          break;
+        }
+        break;
+      case PL_UNIX_SIZE:
+        switch(parser->state.UNIX.sub.size) {
+        case PL_UNIX_SIZE_PRESPACE:
+          if(c != ' ') {
+            if(c >= '0' && c <= '9') {
+              parser->item_offset = finfo->b_used - 1;
+              parser->item_length = 1;
+              parser->state.UNIX.sub.size = PL_UNIX_SIZE_NUMBER;
+            }
+            else {
+              PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+              return bufflen;
+            }
+          }
+          break;
+        case PL_UNIX_SIZE_NUMBER:
+          parser->item_length++;
+          if(c == ' ') {
+            char *p;
+            curl_off_t fsize;
+            finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
+            fsize = curlx_strtoofft(finfo->b_data+parser->item_offset, &p, 10);
+            if(p[0] == '\0' && fsize != CURL_OFF_T_MAX &&
+                               fsize != CURL_OFF_T_MIN) {
+              parser->file_data->flags |= CURLFINFOFLAG_KNOWN_SIZE;
+              parser->file_data->size = fsize;
+            }
+            parser->item_length = 0;
+            parser->item_offset = 0;
+            parser->state.UNIX.main = PL_UNIX_TIME;
+            parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART1;
+          }
+          else if(!ISDIGIT(c)) {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        }
+        break;
+      case PL_UNIX_TIME:
+        switch(parser->state.UNIX.sub.time) {
+        case PL_UNIX_TIME_PREPART1:
+          if(c != ' ') {
+            if(ISALNUM(c)) {
+              parser->item_offset = finfo->b_used -1;
+              parser->item_length = 1;
+              parser->state.UNIX.sub.time = PL_UNIX_TIME_PART1;
+            }
+            else {
+              PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+              return bufflen;
+            }
+          }
+          break;
+        case PL_UNIX_TIME_PART1:
+          parser->item_length++;
+          if(c == ' ') {
+            parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART2;
+          }
+          else if(!ISALNUM(c) && c != '.') {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        case PL_UNIX_TIME_PREPART2:
+          parser->item_length++;
+          if(c != ' ') {
+            if(ISALNUM(c)) {
+              parser->state.UNIX.sub.time = PL_UNIX_TIME_PART2;
+            }
+            else {
+              PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+              return bufflen;
+            }
+          }
+          break;
+        case PL_UNIX_TIME_PART2:
+          parser->item_length++;
+          if(c == ' ') {
+            parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART3;
+          }
+          else if(!ISALNUM(c) && c != '.') {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        case PL_UNIX_TIME_PREPART3:
+          parser->item_length++;
+          if(c != ' ') {
+            if(ISALNUM(c)) {
+              parser->state.UNIX.sub.time = PL_UNIX_TIME_PART3;
+            }
+            else {
+              PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+              return bufflen;
+            }
+          }
+          break;
+        case PL_UNIX_TIME_PART3:
+          parser->item_length++;
+          if(c == ' ') {
+            finfo->b_data[parser->item_offset + parser->item_length -1] = 0;
+            parser->offsets.time = parser->item_offset;
+            if(ftp_pl_gettime(parser, finfo->b_data + parser->item_offset)) {
+              parser->file_data->flags |= CURLFINFOFLAG_KNOWN_TIME;
+            }
+            if(finfo->filetype == CURLFILETYPE_SYMLINK) {
+              parser->state.UNIX.main = PL_UNIX_SYMLINK;
+              parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRESPACE;
+            }
+            else {
+              parser->state.UNIX.main = PL_UNIX_FILENAME;
+              parser->state.UNIX.sub.filename = PL_UNIX_FILENAME_PRESPACE;
+            }
+          }
+          else if(!ISALNUM(c) && c != '.' && c != ':') {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        }
+        break;
+      case PL_UNIX_FILENAME:
+        switch(parser->state.UNIX.sub.filename) {
+        case PL_UNIX_FILENAME_PRESPACE:
+          if(c != ' ') {
+            parser->item_offset = finfo->b_used - 1;
+            parser->item_length = 1;
+            parser->state.UNIX.sub.filename = PL_UNIX_FILENAME_NAME;
+          }
+          break;
+        case PL_UNIX_FILENAME_NAME:
+          parser->item_length++;
+          if(c == '\r') {
+            parser->item_length--;
+            parser->state.UNIX.sub.filename = PL_UNIX_FILENAME_WINDOWSEOL;
+          }
+          else if(c == '\n') {
+            finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
+            parser->offsets.filename = parser->item_offset;
+            parser->state.UNIX.main = PL_UNIX_FILETYPE;
+            rc = ftp_pl_insert_finfo(conn, finfo);
+            if(rc) {
+              PL_ERROR(conn, rc);
+              return bufflen;
+            }
+          }
+          break;
+        case PL_UNIX_FILENAME_WINDOWSEOL:
+          if(c == '\n') {
+            finfo->b_data[parser->item_offset + parser->item_length] = 0;
+            parser->offsets.filename = parser->item_offset;
+            parser->state.UNIX.main = PL_UNIX_FILETYPE;
+            rc = ftp_pl_insert_finfo(conn, finfo);
+            if(rc) {
+              PL_ERROR(conn, rc);
+              return bufflen;
+            }
+          }
+          else {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        }
+        break;
+      case PL_UNIX_SYMLINK:
+        switch(parser->state.UNIX.sub.symlink) {
+        case PL_UNIX_SYMLINK_PRESPACE:
+          if(c != ' ') {
+            parser->item_offset = finfo->b_used - 1;
+            parser->item_length = 1;
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
+          }
+          break;
+        case PL_UNIX_SYMLINK_NAME:
+          parser->item_length++;
+          if(c == ' ') {
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET1;
+          }
+          else if(c == '\r' || c == '\n') {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        case PL_UNIX_SYMLINK_PRETARGET1:
+          parser->item_length++;
+          if(c == '-') {
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET2;
+          }
+          else if(c == '\r' || c == '\n') {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          else {
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
+          }
+          break;
+        case PL_UNIX_SYMLINK_PRETARGET2:
+          parser->item_length++;
+          if(c == '>') {
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET3;
+          }
+          else if(c == '\r' || c == '\n') {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          else {
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
+          }
+          break;
+        case PL_UNIX_SYMLINK_PRETARGET3:
+          parser->item_length++;
+          if(c == ' ') {
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET4;
+            /* now place where is symlink following */
+            finfo->b_data[parser->item_offset + parser->item_length - 4] = 0;
+            parser->offsets.filename = parser->item_offset;
+            parser->item_length = 0;
+            parser->item_offset = 0;
+          }
+          else if(c == '\r' || c == '\n') {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          else {
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
+          }
+          break;
+        case PL_UNIX_SYMLINK_PRETARGET4:
+          if(c != '\r' && c != '\n') {
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_TARGET;
+            parser->item_offset = finfo->b_used - 1;
+            parser->item_length = 1;
+          }
+          else {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        case PL_UNIX_SYMLINK_TARGET:
+          parser->item_length ++;
+          if(c == '\r') {
+            parser->item_length --;
+            parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_WINDOWSEOL;
+          }
+          else if(c == '\n') {
+            finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
+            parser->offsets.symlink_target = parser->item_offset;
+            rc = ftp_pl_insert_finfo(conn, finfo);
+            if(rc) {
+              PL_ERROR(conn, rc);
+              return bufflen;
+            }
+            parser->state.UNIX.main = PL_UNIX_FILETYPE;
+          }
+          break;
+        case PL_UNIX_SYMLINK_WINDOWSEOL:
+          if(c == '\n') {
+            finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
+            parser->offsets.symlink_target = parser->item_offset;
+            rc = ftp_pl_insert_finfo(conn, finfo);
+            if(rc) {
+              PL_ERROR(conn, rc);
+              return bufflen;
+            }
+            parser->state.UNIX.main = PL_UNIX_FILETYPE;
+          }
+          else {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        }
+        break;
+      }
+      break;
+    case OS_TYPE_WIN_NT:
+      switch(parser->state.NT.main) {
+      case PL_WINNT_DATE:
+        parser->item_length++;
+        if(parser->item_length < 9) {
+          if(!strchr("0123456789-", c)) { /* only simple control */
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+        }
+        else if(parser->item_length == 9) {
+          if(c == ' ') {
+            parser->state.NT.main = PL_WINNT_TIME;
+            parser->state.NT.sub.time = PL_WINNT_TIME_PRESPACE;
+          }
+          else {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+        }
+        else {
+          PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+          return bufflen;
+        }
+        break;
+      case PL_WINNT_TIME:
+        parser->item_length++;
+        switch(parser->state.NT.sub.time) {
+        case PL_WINNT_TIME_PRESPACE:
+          if(!ISSPACE(c)) {
+            parser->state.NT.sub.time = PL_WINNT_TIME_TIME;
+          }
+          break;
+        case PL_WINNT_TIME_TIME:
+          if(c == ' ') {
+            parser->offsets.time = parser->item_offset;
+            finfo->b_data[parser->item_offset + parser->item_length -1] = 0;
+            parser->state.NT.main = PL_WINNT_DIRORSIZE;
+            parser->state.NT.sub.dirorsize = PL_WINNT_DIRORSIZE_PRESPACE;
+            parser->item_length = 0;
+          }
+          else if(!strchr("APM0123456789:", c)) {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        }
+        break;
+      case PL_WINNT_DIRORSIZE:
+        switch(parser->state.NT.sub.dirorsize) {
+        case PL_WINNT_DIRORSIZE_PRESPACE:
+          if(c == ' ') {
+
+          }
+          else {
+            parser->item_offset = finfo->b_used - 1;
+            parser->item_length = 1;
+            parser->state.NT.sub.dirorsize = PL_WINNT_DIRORSIZE_CONTENT;
+          }
+          break;
+        case PL_WINNT_DIRORSIZE_CONTENT:
+          parser->item_length ++;
+          if(c == ' ') {
+            finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
+            if(strcmp("<DIR>", finfo->b_data + parser->item_offset) == 0) {
+              finfo->filetype = CURLFILETYPE_DIRECTORY;
+              finfo->size = 0;
+            }
+            else {
+              char *endptr;
+              finfo->size = curlx_strtoofft(finfo->b_data +
+                                            parser->item_offset,
+                                            &endptr, 10);
+              if(!*endptr) {
+                if(finfo->size == CURL_OFF_T_MAX ||
+                   finfo->size == CURL_OFF_T_MIN) {
+                  if(errno == ERANGE) {
+                    PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+                    return bufflen;
+                  }
+                }
+              }
+              else {
+                PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+                return bufflen;
+              }
+              /* correct file type */
+              parser->file_data->filetype = CURLFILETYPE_FILE;
+            }
+
+            parser->file_data->flags |= CURLFINFOFLAG_KNOWN_SIZE;
+            parser->item_length = 0;
+            parser->state.NT.main = PL_WINNT_FILENAME;
+            parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
+          }
+          break;
+        }
+        break;
+      case PL_WINNT_FILENAME:
+        switch (parser->state.NT.sub.filename) {
+        case PL_WINNT_FILENAME_PRESPACE:
+          if(c != ' ') {
+            parser->item_offset = finfo->b_used -1;
+            parser->item_length = 1;
+            parser->state.NT.sub.filename = PL_WINNT_FILENAME_CONTENT;
+          }
+          break;
+        case PL_WINNT_FILENAME_CONTENT:
+          parser->item_length++;
+          if(c == '\r') {
+            parser->state.NT.sub.filename = PL_WINNT_FILENAME_WINEOL;
+            finfo->b_data[finfo->b_used - 1] = 0;
+          }
+          else if(c == '\n') {
+            parser->offsets.filename = parser->item_offset;
+            finfo->b_data[finfo->b_used - 1] = 0;
+            parser->offsets.filename = parser->item_offset;
+            rc = ftp_pl_insert_finfo(conn, finfo);
+            if(rc) {
+              PL_ERROR(conn, rc);
+              return bufflen;
+            }
+            parser->state.NT.main = PL_WINNT_DATE;
+            parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
+          }
+          break;
+        case PL_WINNT_FILENAME_WINEOL:
+          if(c == '\n') {
+            parser->offsets.filename = parser->item_offset;
+            rc = ftp_pl_insert_finfo(conn, finfo);
+            if(rc) {
+              PL_ERROR(conn, rc);
+              return bufflen;
+            }
+            parser->state.NT.main = PL_WINNT_DATE;
+            parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
+          }
+          else {
+            PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
+            return bufflen;
+          }
+          break;
+        }
+        break;
+      }
+      break;
+    default:
+      return bufflen+1;
+    }
+
+    i++;
+  }
+
+  return bufflen;
+}
+
+#endif /* CURL_DISABLE_FTP */
diff --git a/Utilities/cmcurl/lib/ftplistparser.h b/Utilities/cmcurl/lib/ftplistparser.h
new file mode 100644
index 0000000..96764e2
--- /dev/null
+++ b/Utilities/cmcurl/lib/ftplistparser.h
@@ -0,0 +1,41 @@
+#ifndef HEADER_CURL_FTPLISTPARSER_H
+#define HEADER_CURL_FTPLISTPARSER_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_FTP
+
+/* WRITEFUNCTION callback for parsing LIST responses */
+size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
+                          void *connptr);
+
+struct ftp_parselist_data; /* defined inside ftplibparser.c */
+
+CURLcode Curl_ftp_parselist_geterror(struct ftp_parselist_data *pl_data);
+
+struct ftp_parselist_data *Curl_ftp_parselist_data_alloc(void);
+
+void Curl_ftp_parselist_data_free(struct ftp_parselist_data **pl_data);
+
+#endif /* CURL_DISABLE_FTP */
+#endif /* HEADER_CURL_FTPLISTPARSER_H */
diff --git a/Utilities/cmcurl/getenv.c b/Utilities/cmcurl/lib/getenv.c
index 4f955f8..36215aa 100644
--- a/Utilities/cmcurl/getenv.c
+++ b/Utilities/cmcurl/lib/getenv.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,21 +18,12 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef VMS
-#include <unixlib.h>
-#endif
+#include "curl_setup.h"
 
 #include <curl/curl.h>
-#include "memory.h"
+#include "curl_memory.h"
 
 #include "memdebug.h"
 
@@ -46,21 +37,14 @@ char *GetEnv(const char *variable)
   char env[MAX_PATH]; /* MAX_PATH is from windef.h */
   char *temp = getenv(variable);
   env[0] = '\0';
-  if (temp != NULL)
-    ExpandEnvironmentStrings(temp, env, sizeof(env));
-#else
-#ifdef  VMS
-  char *env = getenv(variable);
-  if (env && strcmp("HOME",variable) == 0) {
-        env = decc$translate_vms(env);
-  }
+  if(temp != NULL)
+    ExpandEnvironmentStringsA(temp, env, sizeof(env));
+  return (env[0] != '\0')?strdup(env):NULL;
 #else
-  /* no length control */
   char *env = getenv(variable);
-#endif
-#endif
   return (env && env[0])?strdup(env):NULL;
 #endif
+#endif
 }
 
 char *curl_getenv(const char *v)
diff --git a/Utilities/cmcurl/lib/getinfo.c b/Utilities/cmcurl/lib/getinfo.c
new file mode 100644
index 0000000..8905d36
--- /dev/null
+++ b/Utilities/cmcurl/lib/getinfo.c
@@ -0,0 +1,381 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+
+#include "urldata.h"
+#include "getinfo.h"
+
+#include "curl_memory.h"
+#include "vtls/vtls.h"
+#include "connect.h" /* Curl_getconnectinfo() */
+#include "progress.h"
+
+/* Make this the last #include */
+#include "memdebug.h"
+
+/*
+ * This is supposed to be called in the beginning of a perform() session
+ * and should reset all session-info variables
+ */
+CURLcode Curl_initinfo(struct SessionHandle *data)
+{
+  struct Progress *pro = &data->progress;
+  struct PureInfo *info =&data->info;
+
+  pro->t_nslookup = 0;
+  pro->t_connect = 0;
+  pro->t_appconnect = 0;
+  pro->t_pretransfer = 0;
+  pro->t_starttransfer = 0;
+  pro->timespent = 0;
+  pro->t_redirect = 0;
+
+  info->httpcode = 0;
+  info->httpproxycode = 0;
+  info->httpversion = 0;
+  info->filetime = -1; /* -1 is an illegal time and thus means unknown */
+  info->timecond = FALSE;
+
+  if(info->contenttype)
+    free(info->contenttype);
+  info->contenttype = NULL;
+
+  info->header_size = 0;
+  info->request_size = 0;
+  info->numconnects = 0;
+
+  info->conn_primary_ip[0] = '\0';
+  info->conn_local_ip[0] = '\0';
+  info->conn_primary_port = 0;
+  info->conn_local_port = 0;
+
+  return CURLE_OK;
+}
+
+static CURLcode getinfo_char(struct SessionHandle *data, CURLINFO info,
+                             char **param_charp)
+{
+  switch(info) {
+  case CURLINFO_EFFECTIVE_URL:
+    *param_charp = data->change.url?data->change.url:(char *)"";
+    break;
+  case CURLINFO_CONTENT_TYPE:
+    *param_charp = data->info.contenttype;
+    break;
+  case CURLINFO_PRIVATE:
+    *param_charp = (char *) data->set.private_data;
+    break;
+  case CURLINFO_FTP_ENTRY_PATH:
+    /* Return the entrypath string from the most recent connection.
+       This pointer was copied from the connectdata structure by FTP.
+       The actual string may be free()ed by subsequent libcurl calls so
+       it must be copied to a safer area before the next libcurl call.
+       Callers must never free it themselves. */
+    *param_charp = data->state.most_recent_ftp_entrypath;
+    break;
+  case CURLINFO_REDIRECT_URL:
+    /* Return the URL this request would have been redirected to if that
+       option had been enabled! */
+    *param_charp = data->info.wouldredirect;
+    break;
+  case CURLINFO_PRIMARY_IP:
+    /* Return the ip address of the most recent (primary) connection */
+    *param_charp = data->info.conn_primary_ip;
+    break;
+  case CURLINFO_LOCAL_IP:
+    /* Return the source/local ip address of the most recent (primary)
+       connection */
+    *param_charp = data->info.conn_local_ip;
+    break;
+  case CURLINFO_RTSP_SESSION_ID:
+    *param_charp = data->set.str[STRING_RTSP_SESSION_ID];
+    break;
+
+  default:
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  }
+  return CURLE_OK;
+}
+
+static CURLcode getinfo_long(struct SessionHandle *data, CURLINFO info,
+                             long *param_longp)
+{
+  curl_socket_t sockfd;
+
+  union {
+    unsigned long *to_ulong;
+    long          *to_long;
+  } lptr;
+
+  switch(info) {
+  case CURLINFO_RESPONSE_CODE:
+    *param_longp = data->info.httpcode;
+    break;
+  case CURLINFO_HTTP_CONNECTCODE:
+    *param_longp = data->info.httpproxycode;
+    break;
+  case CURLINFO_FILETIME:
+    *param_longp = data->info.filetime;
+    break;
+  case CURLINFO_HEADER_SIZE:
+    *param_longp = data->info.header_size;
+    break;
+  case CURLINFO_REQUEST_SIZE:
+    *param_longp = data->info.request_size;
+    break;
+  case CURLINFO_SSL_VERIFYRESULT:
+    *param_longp = data->set.ssl.certverifyresult;
+    break;
+  case CURLINFO_REDIRECT_COUNT:
+    *param_longp = data->set.followlocation;
+    break;
+  case CURLINFO_HTTPAUTH_AVAIL:
+    lptr.to_long = param_longp;
+    *lptr.to_ulong = data->info.httpauthavail;
+    break;
+  case CURLINFO_PROXYAUTH_AVAIL:
+    lptr.to_long = param_longp;
+    *lptr.to_ulong = data->info.proxyauthavail;
+    break;
+  case CURLINFO_OS_ERRNO:
+    *param_longp = data->state.os_errno;
+    break;
+  case CURLINFO_NUM_CONNECTS:
+    *param_longp = data->info.numconnects;
+    break;
+  case CURLINFO_LASTSOCKET:
+    sockfd = Curl_getconnectinfo(data, NULL);
+
+    /* note: this is not a good conversion for systems with 64 bit sockets and
+       32 bit longs */
+    if(sockfd != CURL_SOCKET_BAD)
+      *param_longp = (long)sockfd;
+    else
+      /* this interface is documented to return -1 in case of badness, which
+         may not be the same as the CURL_SOCKET_BAD value */
+      *param_longp = -1;
+    break;
+  case CURLINFO_PRIMARY_PORT:
+    /* Return the (remote) port of the most recent (primary) connection */
+    *param_longp = data->info.conn_primary_port;
+    break;
+  case CURLINFO_LOCAL_PORT:
+    /* Return the local port of the most recent (primary) connection */
+    *param_longp = data->info.conn_local_port;
+    break;
+  case CURLINFO_CONDITION_UNMET:
+    /* return if the condition prevented the document to get transferred */
+    *param_longp = data->info.timecond ? 1L : 0L;
+    break;
+  case CURLINFO_RTSP_CLIENT_CSEQ:
+    *param_longp = data->state.rtsp_next_client_CSeq;
+    break;
+  case CURLINFO_RTSP_SERVER_CSEQ:
+    *param_longp = data->state.rtsp_next_server_CSeq;
+    break;
+  case CURLINFO_RTSP_CSEQ_RECV:
+    *param_longp = data->state.rtsp_CSeq_recv;
+    break;
+
+  default:
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  }
+  return CURLE_OK;
+}
+
+static CURLcode getinfo_double(struct SessionHandle *data, CURLINFO info,
+                               double *param_doublep)
+{
+  switch(info) {
+  case CURLINFO_TOTAL_TIME:
+    *param_doublep = data->progress.timespent;
+    break;
+  case CURLINFO_NAMELOOKUP_TIME:
+    *param_doublep = data->progress.t_nslookup;
+    break;
+  case CURLINFO_CONNECT_TIME:
+    *param_doublep = data->progress.t_connect;
+    break;
+  case CURLINFO_APPCONNECT_TIME:
+    *param_doublep = data->progress.t_appconnect;
+    break;
+  case CURLINFO_PRETRANSFER_TIME:
+    *param_doublep =  data->progress.t_pretransfer;
+    break;
+  case CURLINFO_STARTTRANSFER_TIME:
+    *param_doublep = data->progress.t_starttransfer;
+    break;
+  case CURLINFO_SIZE_UPLOAD:
+    *param_doublep =  (double)data->progress.uploaded;
+    break;
+  case CURLINFO_SIZE_DOWNLOAD:
+    *param_doublep = (double)data->progress.downloaded;
+    break;
+  case CURLINFO_SPEED_DOWNLOAD:
+    *param_doublep =  (double)data->progress.dlspeed;
+    break;
+  case CURLINFO_SPEED_UPLOAD:
+    *param_doublep = (double)data->progress.ulspeed;
+    break;
+  case CURLINFO_CONTENT_LENGTH_DOWNLOAD:
+    *param_doublep = (data->progress.flags & PGRS_DL_SIZE_KNOWN)?
+      (double)data->progress.size_dl:-1;
+    break;
+  case CURLINFO_CONTENT_LENGTH_UPLOAD:
+    *param_doublep = (data->progress.flags & PGRS_UL_SIZE_KNOWN)?
+      (double)data->progress.size_ul:-1;
+    break;
+  case CURLINFO_REDIRECT_TIME:
+    *param_doublep =  data->progress.t_redirect;
+    break;
+
+  default:
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  }
+  return CURLE_OK;
+}
+
+static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
+                              struct curl_slist **param_slistp)
+{
+  union {
+    struct curl_certinfo * to_certinfo;
+    struct curl_slist    * to_slist;
+  } ptr;
+
+  switch(info) {
+  case CURLINFO_SSL_ENGINES:
+    *param_slistp = Curl_ssl_engines_list(data);
+    break;
+  case CURLINFO_COOKIELIST:
+    *param_slistp = Curl_cookie_list(data);
+    break;
+  case CURLINFO_CERTINFO:
+    /* Return the a pointer to the certinfo struct. Not really an slist
+       pointer but we can pretend it is here */
+    ptr.to_certinfo = &data->info.certs;
+    *param_slistp = ptr.to_slist;
+    break;
+  case CURLINFO_TLS_SESSION:
+    {
+      struct curl_tlssessioninfo **tsip = (struct curl_tlssessioninfo **)
+                                          param_slistp;
+      struct curl_tlssessioninfo *tsi = &data->tsi;
+      struct connectdata *conn = data->easy_conn;
+      unsigned int sockindex = 0;
+      void *internals = NULL;
+
+      *tsip = tsi;
+      tsi->backend = CURLSSLBACKEND_NONE;
+      tsi->internals = NULL;
+
+      if(!conn)
+        break;
+
+      /* Find the active ("in use") SSL connection, if any */
+      while((sockindex < sizeof(conn->ssl) / sizeof(conn->ssl[0])) &&
+            (!conn->ssl[sockindex].use))
+        sockindex++;
+
+      if(sockindex == sizeof(conn->ssl) / sizeof(conn->ssl[0]))
+        break; /* no SSL session found */
+
+      /* Return the TLS session information from the relevant backend */
+#ifdef USE_SSLEAY
+      internals = conn->ssl[sockindex].ctx;
+#endif
+#ifdef USE_GNUTLS
+      internals = conn->ssl[sockindex].session;
+#endif
+#ifdef USE_NSS
+      internals = conn->ssl[sockindex].handle;
+#endif
+#ifdef USE_QSOSSL
+      internals = conn->ssl[sockindex].handle;
+#endif
+#ifdef USE_GSKIT
+      internals = conn->ssl[sockindex].handle;
+#endif
+      if(internals) {
+        tsi->backend = Curl_ssl_backend();
+        tsi->internals = internals;
+      }
+      /* NOTE: For other SSL backends, it is not immediately clear what data
+         to return from 'struct ssl_connect_data'; thus, for now we keep the
+         backend as CURLSSLBACKEND_NONE in those cases, which should be
+         interpreted as "not supported" */
+    }
+    break;
+  default:
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  }
+  return CURLE_OK;
+}
+
+CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
+{
+  va_list arg;
+  long *param_longp=NULL;
+  double *param_doublep=NULL;
+  char **param_charp=NULL;
+  struct curl_slist **param_slistp=NULL;
+  int type;
+  /* default return code is to error out! */
+  CURLcode ret = CURLE_BAD_FUNCTION_ARGUMENT;
+
+  if(!data)
+    return ret;
+
+  va_start(arg, info);
+
+  type = CURLINFO_TYPEMASK & (int)info;
+  switch(type) {
+  case CURLINFO_STRING:
+    param_charp = va_arg(arg, char **);
+    if(NULL != param_charp)
+      ret = getinfo_char(data, info, param_charp);
+    break;
+  case CURLINFO_LONG:
+    param_longp = va_arg(arg, long *);
+    if(NULL != param_longp)
+      ret = getinfo_long(data, info, param_longp);
+    break;
+  case CURLINFO_DOUBLE:
+    param_doublep = va_arg(arg, double *);
+    if(NULL != param_doublep)
+      ret = getinfo_double(data, info, param_doublep);
+    break;
+  case CURLINFO_SLIST:
+    param_slistp = va_arg(arg, struct curl_slist **);
+    if(NULL != param_slistp)
+      ret = getinfo_slist(data, info, param_slistp);
+    break;
+  default:
+    break;
+  }
+
+  va_end(arg);
+  return ret;
+}
diff --git a/Utilities/cmcurl/lib/getinfo.h b/Utilities/cmcurl/lib/getinfo.h
new file mode 100644
index 0000000..3879ff7
--- /dev/null
+++ b/Utilities/cmcurl/lib/getinfo.h
@@ -0,0 +1,27 @@
+#ifndef HEADER_CURL_GETINFO_H
+#define HEADER_CURL_GETINFO_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...);
+CURLcode Curl_initinfo(struct SessionHandle *data);
+
+#endif /* HEADER_CURL_GETINFO_H */
diff --git a/Utilities/cmcurl/lib/gopher.c b/Utilities/cmcurl/lib/gopher.c
new file mode 100644
index 0000000..b1dd65f
--- /dev/null
+++ b/Utilities/cmcurl/lib/gopher.c
@@ -0,0 +1,169 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_GOPHER
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "transfer.h"
+#include "sendf.h"
+
+#include "progress.h"
+#include "strequal.h"
+#include "gopher.h"
+#include "rawstr.h"
+#include "select.h"
+#include "url.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * Forward declarations.
+ */
+
+static CURLcode gopher_do(struct connectdata *conn, bool *done);
+
+/*
+ * Gopher protocol handler.
+ * This is also a nice simple template to build off for simple
+ * connect-command-download protocols.
+ */
+
+const struct Curl_handler Curl_handler_gopher = {
+  "GOPHER",                             /* scheme */
+  ZERO_NULL,                            /* setup_connection */
+  gopher_do,                            /* do_it */
+  ZERO_NULL,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_GOPHER,                          /* defport */
+  CURLPROTO_GOPHER,                     /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+static CURLcode gopher_do(struct connectdata *conn, bool *done)
+{
+  CURLcode result=CURLE_OK;
+  struct SessionHandle *data=conn->data;
+  curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
+
+  curl_off_t *bytecount = &data->req.bytecount;
+  char *path = data->state.path;
+  char *sel;
+  char *sel_org = NULL;
+  ssize_t amount, k;
+
+  *done = TRUE; /* unconditionally */
+
+  /* Create selector. Degenerate cases: / and /1 => convert to "" */
+  if(strlen(path) <= 2)
+    sel = (char *)"";
+  else {
+    char *newp;
+    size_t j, i;
+    int len;
+
+    /* Otherwise, drop / and the first character (i.e., item type) ... */
+    newp = path;
+    newp+=2;
+
+    /* ... then turn ? into TAB for search servers, Veronica, etc. ... */
+    j = strlen(newp);
+    for(i=0; i<j; i++)
+      if(newp[i] == '?')
+        newp[i] = '\x09';
+
+    /* ... and finally unescape */
+    sel = curl_easy_unescape(data, newp, 0, &len);
+    if(!sel)
+      return CURLE_OUT_OF_MEMORY;
+    sel_org = sel;
+  }
+
+  /* We use Curl_write instead of Curl_sendf to make sure the entire buffer is
+     sent, which could be sizeable with long selectors. */
+  k = curlx_uztosz(strlen(sel));
+
+  for(;;) {
+    result = Curl_write(conn, sockfd, sel, k, &amount);
+    if(CURLE_OK == result) { /* Which may not have written it all! */
+      result = Curl_client_write(conn, CLIENTWRITE_HEADER, sel, amount);
+      if(result) {
+        Curl_safefree(sel_org);
+        return result;
+      }
+      k -= amount;
+      sel += amount;
+      if(k < 1)
+        break; /* but it did write it all */
+    }
+    else {
+      failf(data, "Failed sending Gopher request");
+      Curl_safefree(sel_org);
+      return result;
+    }
+    /* Don't busyloop. The entire loop thing is a work-around as it causes a
+       BLOCKING behavior which is a NO-NO. This function should rather be
+       split up in a do and a doing piece where the pieces that aren't
+       possible to send now will be sent in the doing function repeatedly
+       until the entire request is sent.
+
+       Wait a while for the socket to be writable. Note that this doesn't
+       acknowledge the timeout.
+    */
+    Curl_socket_ready(CURL_SOCKET_BAD, sockfd, 100);
+  }
+
+  Curl_safefree(sel_org);
+
+  /* We can use Curl_sendf to send the terminal \r\n relatively safely and
+     save allocing another string/doing another _write loop. */
+  result = Curl_sendf(sockfd, conn, "\r\n");
+  if(result != CURLE_OK) {
+    failf(data, "Failed sending Gopher request");
+    return result;
+  }
+  result = Curl_client_write(conn, CLIENTWRITE_HEADER, (char *)"\r\n", 2);
+  if(result)
+    return result;
+
+  Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,
+                      -1, NULL); /* no upload */
+  return CURLE_OK;
+}
+#endif /*CURL_DISABLE_GOPHER*/
diff --git a/Utilities/cmcurl/ldap.h b/Utilities/cmcurl/lib/gopher.h
index b2d4f39..38bbc4b 100644
--- a/Utilities/cmcurl/ldap.h
+++ b/Utilities/cmcurl/lib/gopher.h
@@ -1,6 +1,5 @@
-#ifndef __LDAP_H
-#define __LDAP_H
-
+#ifndef HEADER_CURL_GOPHER_H
+#define HEADER_CURL_GOPHER_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -8,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,9 +20,10 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-#ifndef CURL_DISABLE_LDAP
-CURLcode Curl_ldap(struct connectdata *conn, bool *done);
+
+#ifndef CURL_DISABLE_GOPHER
+extern const struct Curl_handler Curl_handler_gopher;
 #endif
-#endif /* __LDAP_H */
+
+#endif /* HEADER_CURL_GOPHER_H */
diff --git a/Utilities/cmcurl/lib/hash.c b/Utilities/cmcurl/lib/hash.c
new file mode 100644
index 0000000..4a12e1a
--- /dev/null
+++ b/Utilities/cmcurl/lib/hash.c
@@ -0,0 +1,400 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "hash.h"
+#include "llist.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+static void
+hash_element_dtor(void *user, void *element)
+{
+  struct curl_hash *h = (struct curl_hash *) user;
+  struct curl_hash_element *e = (struct curl_hash_element *) element;
+
+  Curl_safefree(e->key);
+
+  if(e->ptr) {
+    h->dtor(e->ptr);
+    e->ptr = NULL;
+  }
+
+  e->key_len = 0;
+
+  free(e);
+}
+
+/* return 1 on error, 0 is fine */
+int
+Curl_hash_init(struct curl_hash *h,
+               int slots,
+               hash_function hfunc,
+               comp_function comparator,
+               curl_hash_dtor dtor)
+{
+  int i;
+
+  if(!slots || !hfunc || !comparator ||!dtor) {
+    return 1; /* failure */
+  }
+
+  h->hash_func = hfunc;
+  h->comp_func = comparator;
+  h->dtor = dtor;
+  h->size = 0;
+  h->slots = slots;
+
+  h->table = malloc(slots * sizeof(struct curl_llist *));
+  if(h->table) {
+    for(i = 0; i < slots; ++i) {
+      h->table[i] = Curl_llist_alloc((curl_llist_dtor) hash_element_dtor);
+      if(!h->table[i]) {
+        while(i--) {
+          Curl_llist_destroy(h->table[i], NULL);
+          h->table[i] = NULL;
+        }
+        free(h->table);
+        h->table = NULL;
+        h->slots = 0;
+        return 1; /* failure */
+      }
+    }
+    return 0; /* fine */
+  }
+  else {
+    h->slots = 0;
+    return 1; /* failure */
+  }
+}
+
+struct curl_hash *
+Curl_hash_alloc(int slots,
+                hash_function hfunc,
+                comp_function comparator,
+                curl_hash_dtor dtor)
+{
+  struct curl_hash *h;
+
+  if(!slots || !hfunc || !comparator ||!dtor) {
+    return NULL; /* failure */
+  }
+
+  h = malloc(sizeof(struct curl_hash));
+  if(h) {
+    if(Curl_hash_init(h, slots, hfunc, comparator, dtor)) {
+      /* failure */
+      free(h);
+      h = NULL;
+    }
+  }
+
+  return h;
+}
+
+
+
+static struct curl_hash_element *
+mk_hash_element(const void *key, size_t key_len, const void *p)
+{
+  struct curl_hash_element *he = malloc(sizeof(struct curl_hash_element));
+
+  if(he) {
+    void *dupkey = malloc(key_len);
+    if(dupkey) {
+      /* copy the key */
+      memcpy(dupkey, key, key_len);
+
+      he->key = dupkey;
+      he->key_len = key_len;
+      he->ptr = (void *) p;
+    }
+    else {
+      /* failed to duplicate the key, free memory and fail */
+      free(he);
+      he = NULL;
+    }
+  }
+  return he;
+}
+
+#define FETCH_LIST(x,y,z) x->table[x->hash_func(y, z, x->slots)]
+
+/* Insert the data in the hash. If there already was a match in the hash,
+ * that data is replaced.
+ *
+ * @unittest: 1305
+ */
+void *
+Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p)
+{
+  struct curl_hash_element  *he;
+  struct curl_llist_element *le;
+  struct curl_llist *l = FETCH_LIST (h, key, key_len);
+
+  for(le = l->head; le; le = le->next) {
+    he = (struct curl_hash_element *) le->ptr;
+    if(h->comp_func(he->key, he->key_len, key, key_len)) {
+      Curl_llist_remove(l, le, (void *)h);
+      --h->size;
+      break;
+    }
+  }
+
+  he = mk_hash_element(key, key_len, p);
+  if(he) {
+    if(Curl_llist_insert_next(l, l->tail, he)) {
+      ++h->size;
+      return p; /* return the new entry */
+    }
+    /*
+     * Couldn't insert it, destroy the 'he' element and the key again. We
+     * don't call hash_element_dtor() since that would also call the
+     * "destructor" for the actual data 'p'. When we fail, we shall not touch
+     * that data.
+     */
+    free(he->key);
+    free(he);
+  }
+
+  return NULL; /* failure */
+}
+
+/* remove the identified hash entry, returns non-zero on failure */
+int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len)
+{
+  struct curl_llist_element *le;
+  struct curl_hash_element  *he;
+  struct curl_llist *l = FETCH_LIST(h, key, key_len);
+
+  for(le = l->head; le; le = le->next) {
+    he = le->ptr;
+    if(h->comp_func(he->key, he->key_len, key, key_len)) {
+      Curl_llist_remove(l, le, (void *) h);
+      --h->size;
+      return 0;
+    }
+  }
+  return 1;
+}
+
+void *
+Curl_hash_pick(struct curl_hash *h, void *key, size_t key_len)
+{
+  struct curl_llist_element *le;
+  struct curl_hash_element  *he;
+  struct curl_llist *l;
+
+  if(h) {
+    l = FETCH_LIST(h, key, key_len);
+    for(le = l->head; le; le = le->next) {
+      he = le->ptr;
+      if(h->comp_func(he->key, he->key_len, key, key_len)) {
+        return he->ptr;
+      }
+    }
+  }
+
+  return NULL;
+}
+
+#if defined(DEBUGBUILD) && defined(AGGRESIVE_TEST)
+void
+Curl_hash_apply(curl_hash *h, void *user,
+                void (*cb)(void *user, void *ptr))
+{
+  struct curl_llist_element  *le;
+  int                  i;
+
+  for(i = 0; i < h->slots; ++i) {
+    for(le = (h->table[i])->head;
+        le;
+        le = le->next) {
+      curl_hash_element *el = le->ptr;
+      cb(user, el->ptr);
+    }
+  }
+}
+#endif
+
+void
+Curl_hash_clean(struct curl_hash *h)
+{
+  int i;
+
+  for(i = 0; i < h->slots; ++i) {
+    Curl_llist_destroy(h->table[i], (void *) h);
+    h->table[i] = NULL;
+  }
+
+  Curl_safefree(h->table);
+  h->size = 0;
+  h->slots = 0;
+}
+
+void
+Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
+                               int (*comp)(void *, void *))
+{
+  struct curl_llist_element *le;
+  struct curl_llist_element *lnext;
+  struct curl_llist *list;
+  int i;
+
+  if(!h)
+    return;
+
+  for(i = 0; i < h->slots; ++i) {
+    list = h->table[i];
+    le = list->head; /* get first list entry */
+    while(le) {
+      struct curl_hash_element *he = le->ptr;
+      lnext = le->next;
+      /* ask the callback function if we shall remove this entry or not */
+      if(comp(user, he->ptr)) {
+        Curl_llist_remove(list, le, (void *) h);
+        --h->size; /* one less entry in the hash now */
+      }
+      le = lnext;
+    }
+  }
+}
+
+void
+Curl_hash_destroy(struct curl_hash *h)
+{
+  if(!h)
+    return;
+
+  Curl_hash_clean(h);
+
+  free(h);
+}
+
+size_t Curl_hash_str(void* key, size_t key_length, size_t slots_num)
+{
+  const char* key_str = (const char *) key;
+  const char *end = key_str + key_length;
+  unsigned long h = 5381;
+
+  while(key_str < end) {
+    h += h << 5;
+    h ^= (unsigned long) *key_str++;
+  }
+
+  return (h % slots_num);
+}
+
+size_t Curl_str_key_compare(void*k1, size_t key1_len, void*k2, size_t key2_len)
+{
+  char *key1 = (char *)k1;
+  char *key2 = (char *)k2;
+
+  if(key1_len == key2_len &&
+      *key1 == *key2 &&
+      memcmp(key1, key2, key1_len) == 0) {
+    return 1;
+  }
+
+  return 0;
+}
+
+void Curl_hash_start_iterate(struct curl_hash *hash,
+                             struct curl_hash_iterator *iter)
+{
+  iter->hash = hash;
+  iter->slot_index = 0;
+  iter->current_element = NULL;
+}
+
+struct curl_hash_element *
+Curl_hash_next_element(struct curl_hash_iterator *iter)
+{
+  int i;
+  struct curl_hash *h = iter->hash;
+
+  /* Get the next element in the current list, if any */
+  if(iter->current_element)
+    iter->current_element = iter->current_element->next;
+
+  /* If we have reached the end of the list, find the next one */
+  if(!iter->current_element) {
+    for(i = iter->slot_index;i < h->slots;i++) {
+      if(h->table[i]->head) {
+        iter->current_element = h->table[i]->head;
+        iter->slot_index = i+1;
+        break;
+      }
+    }
+  }
+
+  if(iter->current_element) {
+    struct curl_hash_element *he = iter->current_element->ptr;
+    return he;
+  }
+  else {
+    iter->current_element = NULL;
+    return NULL;
+  }
+}
+
+#if 0 /* useful function for debugging hashes and their contents */
+void Curl_hash_print(struct curl_hash *h,
+                     void (*func)(void *))
+{
+  struct curl_hash_iterator iter;
+  struct curl_hash_element *he;
+  int last_index = -1;
+
+  if(!h)
+    return;
+
+  fprintf(stderr, "=Hash dump=\n");
+
+  Curl_hash_start_iterate(h, &iter);
+
+  he = Curl_hash_next_element(&iter);
+  while(he) {
+    if(iter.slot_index != last_index) {
+      fprintf(stderr, "index %d:", iter.slot_index);
+      if(last_index >= 0) {
+        fprintf(stderr, "\n");
+      }
+      last_index = iter.slot_index;
+    }
+
+    if(func)
+      func(he->ptr);
+    else
+      fprintf(stderr, " [%p]", (void *)he->ptr);
+
+    he = Curl_hash_next_element(&iter);
+  }
+  fprintf(stderr, "\n");
+}
+#endif
diff --git a/Utilities/cmcurl/lib/hash.h b/Utilities/cmcurl/lib/hash.h
new file mode 100644
index 0000000..aa935d4
--- /dev/null
+++ b/Utilities/cmcurl/lib/hash.h
@@ -0,0 +1,106 @@
+#ifndef HEADER_CURL_HASH_H
+#define HEADER_CURL_HASH_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <stddef.h>
+
+#include "llist.h"
+
+/* Hash function prototype */
+typedef size_t (*hash_function) (void* key,
+                                 size_t key_length,
+                                 size_t slots_num);
+
+/*
+   Comparator function prototype. Compares two keys.
+*/
+typedef size_t (*comp_function) (void* key1,
+                                 size_t key1_len,
+                                 void*key2,
+                                 size_t key2_len);
+
+typedef void (*curl_hash_dtor)(void *);
+
+struct curl_hash {
+  struct curl_llist **table;
+
+  /* Hash function to be used for this hash table */
+  hash_function hash_func;
+
+  /* Comparator function to compare keys */
+  comp_function comp_func;
+  curl_hash_dtor   dtor;
+  int slots;
+  size_t size;
+};
+
+struct curl_hash_element {
+  void   *ptr;
+  char   *key;
+  size_t key_len;
+};
+
+struct curl_hash_iterator {
+  struct curl_hash *hash;
+  int slot_index;
+  struct curl_llist_element *current_element;
+};
+
+int Curl_hash_init(struct curl_hash *h,
+                   int slots,
+                   hash_function hfunc,
+                   comp_function comparator,
+                   curl_hash_dtor dtor);
+
+struct curl_hash *Curl_hash_alloc(int slots,
+                                  hash_function hfunc,
+                                  comp_function comparator,
+                                  curl_hash_dtor dtor);
+
+void *Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p);
+int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len);
+void *Curl_hash_pick(struct curl_hash *, void * key, size_t key_len);
+void Curl_hash_apply(struct curl_hash *h, void *user,
+                     void (*cb)(void *user, void *ptr));
+int Curl_hash_count(struct curl_hash *h);
+void Curl_hash_clean(struct curl_hash *h);
+void Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
+                                    int (*comp)(void *, void *));
+void Curl_hash_destroy(struct curl_hash *h);
+
+size_t Curl_hash_str(void* key, size_t key_length, size_t slots_num);
+size_t Curl_str_key_compare(void*k1, size_t key1_len, void*k2,
+                            size_t key2_len);
+
+void Curl_hash_start_iterate(struct curl_hash *hash,
+                             struct curl_hash_iterator *iter);
+struct curl_hash_element *
+Curl_hash_next_element(struct curl_hash_iterator *iter);
+
+void Curl_hash_print(struct curl_hash *h,
+                     void (*func)(void *));
+
+
+#endif /* HEADER_CURL_HASH_H */
diff --git a/Utilities/cmcurl/lib/hmac.c b/Utilities/cmcurl/lib/hmac.c
new file mode 100644
index 0000000..dace820
--- /dev/null
+++ b/Utilities/cmcurl/lib/hmac.c
@@ -0,0 +1,133 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC2104 Keyed-Hashing for Message Authentication
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+
+#include "curl_hmac.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * Generic HMAC algorithm.
+ *
+ *   This module computes HMAC digests based on any hash function. Parameters
+ * and computing procedures are set-up dynamically at HMAC computation
+ * context initialisation.
+ */
+
+static const unsigned char hmac_ipad = 0x36;
+static const unsigned char hmac_opad = 0x5C;
+
+
+
+HMAC_context *
+Curl_HMAC_init(const HMAC_params * hashparams,
+               const unsigned char * key,
+               unsigned int keylen)
+{
+  size_t i;
+  HMAC_context * ctxt;
+  unsigned char * hkey;
+  unsigned char b;
+
+  /* Create HMAC context. */
+  i = sizeof *ctxt + 2 * hashparams->hmac_ctxtsize +
+    hashparams->hmac_resultlen;
+  ctxt = malloc(i);
+
+  if(!ctxt)
+    return ctxt;
+
+  ctxt->hmac_hash = hashparams;
+  ctxt->hmac_hashctxt1 = (void *) (ctxt + 1);
+  ctxt->hmac_hashctxt2 = (void *) ((char *) ctxt->hmac_hashctxt1 +
+      hashparams->hmac_ctxtsize);
+
+  /* If the key is too long, replace it by its hash digest. */
+  if(keylen > hashparams->hmac_maxkeylen) {
+    (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1);
+    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, key, keylen);
+    hkey = (unsigned char *) ctxt->hmac_hashctxt2 + hashparams->hmac_ctxtsize;
+    (*hashparams->hmac_hfinal)(hkey, ctxt->hmac_hashctxt1);
+    key = hkey;
+    keylen = hashparams->hmac_resultlen;
+  }
+
+  /* Prime the two hash contexts with the modified key. */
+  (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1);
+  (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt2);
+
+  for(i = 0; i < keylen; i++) {
+    b = (unsigned char)(*key ^ hmac_ipad);
+    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &b, 1);
+    b = (unsigned char)(*key++ ^ hmac_opad);
+    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &b, 1);
+  }
+
+  for(; i < hashparams->hmac_maxkeylen; i++) {
+    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &hmac_ipad, 1);
+    (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &hmac_opad, 1);
+  }
+
+  /* Done, return pointer to HMAC context. */
+  return ctxt;
+}
+
+int Curl_HMAC_update(HMAC_context * ctxt,
+                     const unsigned char * data,
+                     unsigned int len)
+{
+  /* Update first hash calculation. */
+  (*ctxt->hmac_hash->hmac_hupdate)(ctxt->hmac_hashctxt1, data, len);
+  return 0;
+}
+
+
+int Curl_HMAC_final(HMAC_context * ctxt, unsigned char * result)
+{
+  const HMAC_params * hashparams = ctxt->hmac_hash;
+
+  /* Do not get result if called with a null parameter: only release
+     storage. */
+
+  if(!result)
+    result = (unsigned char *) ctxt->hmac_hashctxt2 +
+     ctxt->hmac_hash->hmac_ctxtsize;
+
+  (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt1);
+  (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2,
+   result, hashparams->hmac_resultlen);
+  (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt2);
+  free((char *) ctxt);
+  return 0;
+}
+
+#endif /* CURL_DISABLE_CRYPTO_AUTH */
diff --git a/Utilities/cmcurl/hostasyn.c b/Utilities/cmcurl/lib/hostasyn.c
index 3df1479..8151b67 100644
--- a/Utilities/cmcurl/hostasyn.c
+++ b/Utilities/cmcurl/lib/hostasyn.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,22 +18,10 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
-#include <string.h>
-
-#ifdef NEED_MALLOC_H
-#include <malloc.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
@@ -43,20 +31,9 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>     /* for the close() proto */
-#endif
-#ifdef  VMS
+#ifdef __VMS
 #include <in.h>
 #include <inet.h>
-#include <stdlib.h>
-#endif
-
-#ifdef HAVE_SETJMP_H
-#include <setjmp.h>
 #endif
 
 #ifdef HAVE_PROCESS_H
@@ -74,11 +51,7 @@
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-#include "memory.h"
+#include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
 
@@ -86,38 +59,27 @@
  * Only for builds using asynchronous name resolves
  **********************************************************************/
 #ifdef CURLRES_ASYNCH
+
 /*
- * addrinfo_callback() gets called by ares, gethostbyname_thread() or
- * getaddrinfo_thread() when we got the name resolved (or not!).
- *
- * If the status argument is CURL_ASYNC_SUCCESS, we might need to copy the
- * address field since it might be freed when this function returns. This
- * operation stores the resolved data in the DNS cache.
+ * Curl_addrinfo_callback() gets called by ares, gethostbyname_thread()
+ * or getaddrinfo_thread() when we got the name resolved (or not!).
  *
- * NOTE: for IPv6 operations, Curl_addrinfo_copy() returns the same
- * pointer it is given as argument!
+ * If the status argument is CURL_ASYNC_SUCCESS, this function takes
+ * ownership of the Curl_addrinfo passed, storing the resolved data
+ * in the DNS cache.
  *
  * The storage operation locks and unlocks the DNS cache.
  */
-static CURLcode addrinfo_callback(void *arg, /* "struct connectdata *" */
-                                  int status,
-                                  void *addr)
+CURLcode Curl_addrinfo_callback(struct connectdata *conn,
+                                int status,
+                                struct Curl_addrinfo *ai)
 {
-  struct connectdata *conn = (struct connectdata *)arg;
   struct Curl_dns_entry *dns = NULL;
   CURLcode rc = CURLE_OK;
 
   conn->async.status = status;
 
   if(CURL_ASYNC_SUCCESS == status) {
-
-    /*
-     * IPv4/ares: Curl_addrinfo_copy() copies the address and returns an
-     * allocated version.
-     *
-     * IPv6: Curl_addrinfo_copy() returns the input pointer!
-     */
-    Curl_addrinfo *ai = Curl_addrinfo_copy(addr, conn->async.port);
     if(ai) {
       struct SessionHandle *data = conn->data;
 
@@ -136,8 +98,9 @@ static CURLcode addrinfo_callback(void *arg, /* "struct connectdata *" */
       if(data->share)
         Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
     }
-    else
+    else {
       rc = CURLE_OUT_OF_MEMORY;
+    }
   }
 
   conn->async.dns = dns;
@@ -152,23 +115,43 @@ static CURLcode addrinfo_callback(void *arg, /* "struct connectdata *" */
   return rc;
 }
 
-CURLcode Curl_addrinfo4_callback(void *arg, /* "struct connectdata *" */
-                                 int status,
-                                 struct hostent *hostent)
+/* Call this function after Curl_connect() has returned async=TRUE and
+   then a successful name resolve has been received.
+
+   Note: this function disconnects and frees the conn data in case of
+   resolve failure */
+CURLcode Curl_async_resolved(struct connectdata *conn,
+                             bool *protocol_done)
 {
-  return addrinfo_callback(arg, status, hostent);
+  CURLcode code;
+
+  if(conn->async.dns) {
+    conn->dns_entry = conn->async.dns;
+    conn->async.dns = NULL;
+  }
+
+  code = Curl_setup_conn(conn, protocol_done);
+
+  if(code)
+    /* We're not allowed to return failure with memory left allocated
+       in the connectdata struct, free those here */
+    Curl_disconnect(conn, FALSE); /* close the connection */
+
+  return code;
 }
 
-#ifdef CURLRES_IPV6
-CURLcode Curl_addrinfo6_callback(void *arg, /* "struct connectdata *" */
-                                 int status,
-                                 struct addrinfo *ai)
+/*
+ * Curl_getaddrinfo() is the generic low-level name resolve API within this
+ * source file. There are several versions of this function - for different
+ * name resolve layers (selected at build-time). They all take this same set
+ * of arguments
+ */
+Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
+                                const char *hostname,
+                                int port,
+                                int *waitp)
 {
- /* NOTE: for CURLRES_ARES, the 'ai' argument is really a
-  * 'struct hostent' pointer.
-  */
-  return addrinfo_callback(arg, status, ai);
+  return Curl_resolver_getaddrinfo(conn, hostname, port, waitp);
 }
-#endif
 
-#endif /* CURLRES_ASYNC */
+#endif /* CURLRES_ASYNCH */
diff --git a/Utilities/cmcurl/lib/hostcheck.c b/Utilities/cmcurl/lib/hostcheck.c
new file mode 100644
index 0000000..42eb2ee
--- /dev/null
+++ b/Utilities/cmcurl/lib/hostcheck.c
@@ -0,0 +1,148 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \
+    defined(USE_GSKIT)
+/* these backends use functions from this file */
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#include "hostcheck.h"
+#include "rawstr.h"
+#include "inet_pton.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * Match a hostname against a wildcard pattern.
+ * E.g.
+ *  "foo.host.com" matches "*.host.com".
+ *
+ * We use the matching rule described in RFC6125, section 6.4.3.
+ * http://tools.ietf.org/html/rfc6125#section-6.4.3
+ *
+ * In addition: ignore trailing dots in the host names and wildcards, so that
+ * the names are used normalized. This is what the browsers do.
+ *
+ * Do not allow wildcard matching on IP numbers. There are apparently
+ * certificates being used with an IP address in the CN field, thus making no
+ * apparent distinction between a name and an IP. We need to detect the use of
+ * an IP address and not wildcard match on such names.
+ *
+ * NOTE: hostmatch() gets called with copied buffers so that it can modify the
+ * contents at will.
+ */
+
+static int hostmatch(char *hostname, char *pattern)
+{
+  const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
+  int wildcard_enabled;
+  size_t prefixlen, suffixlen;
+  struct in_addr ignored;
+#ifdef ENABLE_IPV6
+  struct sockaddr_in6 si6;
+#endif
+
+  /* normalize pattern and hostname by stripping off trailing dots */
+  size_t len = strlen(hostname);
+  if(hostname[len-1]=='.')
+    hostname[len-1]=0;
+  len = strlen(pattern);
+  if(pattern[len-1]=='.')
+    pattern[len-1]=0;
+
+  pattern_wildcard = strchr(pattern, '*');
+  if(pattern_wildcard == NULL)
+    return Curl_raw_equal(pattern, hostname) ?
+      CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+
+  /* detect IP address as hostname and fail the match if so */
+  if(Curl_inet_pton(AF_INET, hostname, &ignored) > 0)
+    return CURL_HOST_NOMATCH;
+#ifdef ENABLE_IPV6
+  else if(Curl_inet_pton(AF_INET6, hostname, &si6.sin6_addr) > 0)
+    return CURL_HOST_NOMATCH;
+#endif
+
+  /* We require at least 2 dots in pattern to avoid too wide wildcard
+     match. */
+  wildcard_enabled = 1;
+  pattern_label_end = strchr(pattern, '.');
+  if(pattern_label_end == NULL || strchr(pattern_label_end+1, '.') == NULL ||
+     pattern_wildcard > pattern_label_end ||
+     Curl_raw_nequal(pattern, "xn--", 4)) {
+    wildcard_enabled = 0;
+  }
+  if(!wildcard_enabled)
+    return Curl_raw_equal(pattern, hostname) ?
+      CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+
+  hostname_label_end = strchr(hostname, '.');
+  if(hostname_label_end == NULL ||
+     !Curl_raw_equal(pattern_label_end, hostname_label_end))
+    return CURL_HOST_NOMATCH;
+
+  /* The wildcard must match at least one character, so the left-most
+     label of the hostname is at least as large as the left-most label
+     of the pattern. */
+  if(hostname_label_end - hostname < pattern_label_end - pattern)
+    return CURL_HOST_NOMATCH;
+
+  prefixlen = pattern_wildcard - pattern;
+  suffixlen = pattern_label_end - (pattern_wildcard+1);
+  return Curl_raw_nequal(pattern, hostname, prefixlen) &&
+    Curl_raw_nequal(pattern_wildcard+1, hostname_label_end - suffixlen,
+                    suffixlen) ?
+    CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+}
+
+int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
+{
+  char *matchp;
+  char *hostp;
+  int res = 0;
+  if(!match_pattern || !*match_pattern ||
+      !hostname || !*hostname) /* sanity check */
+    ;
+  else {
+    matchp = strdup(match_pattern);
+    if(matchp) {
+      hostp = strdup(hostname);
+      if(hostp) {
+        if(hostmatch(hostp, matchp) == CURL_HOST_MATCH)
+          res= 1;
+        free(hostp);
+      }
+      free(matchp);
+    }
+  }
+
+  return res;
+}
+
+#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT */
diff --git a/Utilities/cmcurl/lib/hostcheck.h b/Utilities/cmcurl/lib/hostcheck.h
new file mode 100644
index 0000000..f4a517a
--- /dev/null
+++ b/Utilities/cmcurl/lib/hostcheck.h
@@ -0,0 +1,32 @@
+#ifndef HEADER_CURL_HOSTCHECK_H
+#define HEADER_CURL_HOSTCHECK_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include <curl/curl.h>
+
+#define CURL_HOST_NOMATCH 0
+#define CURL_HOST_MATCH   1
+int Curl_cert_hostcheck(const char *match_pattern, const char *hostname);
+
+#endif /* HEADER_CURL_HOSTCHECK_H */
+
diff --git a/Utilities/cmcurl/lib/hostip.c b/Utilities/cmcurl/lib/hostip.c
new file mode 100644
index 0000000..73b3f82
--- /dev/null
+++ b/Utilities/cmcurl/lib/hostip.c
@@ -0,0 +1,857 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#ifdef HAVE_SETJMP_H
+#include <setjmp.h>
+#endif
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+
+#ifdef HAVE_PROCESS_H
+#include <process.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "hostip.h"
+#include "hash.h"
+#include "share.h"
+#include "strerror.h"
+#include "url.h"
+#include "inet_ntop.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if defined(CURLRES_SYNCH) && \
+    defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP)
+/* alarm-based timeouts can only be used with all the dependencies satisfied */
+#define USE_ALARM_TIMEOUT
+#endif
+
+/*
+ * hostip.c explained
+ * ==================
+ *
+ * The main COMPILE-TIME DEFINES to keep in mind when reading the host*.c
+ * source file are these:
+ *
+ * CURLRES_IPV6 - this host has getaddrinfo() and family, and thus we use
+ * that. The host may not be able to resolve IPv6, but we don't really have to
+ * take that into account. Hosts that aren't IPv6-enabled have CURLRES_IPV4
+ * defined.
+ *
+ * CURLRES_ARES - is defined if libcurl is built to use c-ares for
+ * asynchronous name resolves. This can be Windows or *nix.
+ *
+ * CURLRES_THREADED - is defined if libcurl is built to run under (native)
+ * Windows, and then the name resolve will be done in a new thread, and the
+ * supported API will be the same as for ares-builds.
+ *
+ * If any of the two previous are defined, CURLRES_ASYNCH is defined too. If
+ * libcurl is not built to use an asynchronous resolver, CURLRES_SYNCH is
+ * defined.
+ *
+ * The host*.c sources files are split up like this:
+ *
+ * hostip.c   - method-independent resolver functions and utility functions
+ * hostasyn.c - functions for asynchronous name resolves
+ * hostsyn.c  - functions for synchronous name resolves
+ * hostip4.c  - ipv4-specific functions
+ * hostip6.c  - ipv6-specific functions
+ *
+ * The two asynchronous name resolver backends are implemented in:
+ * asyn-ares.c   - functions for ares-using name resolves
+ * asyn-thread.c - functions for threaded name resolves
+
+ * The hostip.h is the united header file for all this. It defines the
+ * CURLRES_* defines based on the config*.h and curl_setup.h defines.
+ */
+
+/* These two symbols are for the global DNS cache */
+static struct curl_hash hostname_cache;
+static int host_cache_initialized;
+
+static void freednsentry(void *freethis);
+
+/*
+ * Curl_global_host_cache_init() initializes and sets up a global DNS cache.
+ * Global DNS cache is general badness. Do not use. This will be removed in
+ * a future version. Use the share interface instead!
+ *
+ * Returns a struct curl_hash pointer on success, NULL on failure.
+ */
+struct curl_hash *Curl_global_host_cache_init(void)
+{
+  int rc = 0;
+  if(!host_cache_initialized) {
+    rc = Curl_hash_init(&hostname_cache, 7, Curl_hash_str,
+                        Curl_str_key_compare, freednsentry);
+    if(!rc)
+      host_cache_initialized = 1;
+  }
+  return rc?NULL:&hostname_cache;
+}
+
+/*
+ * Destroy and cleanup the global DNS cache
+ */
+void Curl_global_host_cache_dtor(void)
+{
+  if(host_cache_initialized) {
+    /* first make sure that any custom "CURLOPT_RESOLVE" names are
+       cleared off */
+    Curl_hostcache_clean(NULL, &hostname_cache);
+    /* then free the remaining hash completely */
+    Curl_hash_clean(&hostname_cache);
+    host_cache_initialized = 0;
+  }
+}
+
+/*
+ * Return # of adresses in a Curl_addrinfo struct
+ */
+int Curl_num_addresses(const Curl_addrinfo *addr)
+{
+  int i = 0;
+  while(addr) {
+    addr = addr->ai_next;
+    i++;
+  }
+  return i;
+}
+
+/*
+ * Curl_printable_address() returns a printable version of the 1st address
+ * given in the 'ai' argument. The result will be stored in the buf that is
+ * bufsize bytes big.
+ *
+ * If the conversion fails, it returns NULL.
+ */
+const char *
+Curl_printable_address(const Curl_addrinfo *ai, char *buf, size_t bufsize)
+{
+  const struct sockaddr_in *sa4;
+  const struct in_addr *ipaddr4;
+#ifdef ENABLE_IPV6
+  const struct sockaddr_in6 *sa6;
+  const struct in6_addr *ipaddr6;
+#endif
+
+  switch (ai->ai_family) {
+    case AF_INET:
+      sa4 = (const void *)ai->ai_addr;
+      ipaddr4 = &sa4->sin_addr;
+      return Curl_inet_ntop(ai->ai_family, (const void *)ipaddr4, buf,
+                            bufsize);
+#ifdef ENABLE_IPV6
+    case AF_INET6:
+      sa6 = (const void *)ai->ai_addr;
+      ipaddr6 = &sa6->sin6_addr;
+      return Curl_inet_ntop(ai->ai_family, (const void *)ipaddr6, buf,
+                            bufsize);
+#endif
+    default:
+      break;
+  }
+  return NULL;
+}
+
+/*
+ * Return a hostcache id string for the provided host + port, to be used by
+ * the DNS caching.
+ */
+static char *
+create_hostcache_id(const char *name, int port)
+{
+  /* create and return the new allocated entry */
+  char *id = aprintf("%s:%d", name, port);
+  char *ptr = id;
+  if(ptr) {
+    /* lower case the name part */
+    while(*ptr && (*ptr != ':')) {
+      *ptr = (char)TOLOWER(*ptr);
+      ptr++;
+    }
+  }
+  return id;
+}
+
+struct hostcache_prune_data {
+  long cache_timeout;
+  time_t now;
+};
+
+/*
+ * This function is set as a callback to be called for every entry in the DNS
+ * cache when we want to prune old unused entries.
+ *
+ * Returning non-zero means remove the entry, return 0 to keep it in the
+ * cache.
+ */
+static int
+hostcache_timestamp_remove(void *datap, void *hc)
+{
+  struct hostcache_prune_data *data =
+    (struct hostcache_prune_data *) datap;
+  struct Curl_dns_entry *c = (struct Curl_dns_entry *) hc;
+
+  return !c->inuse && (data->now - c->timestamp >= data->cache_timeout);
+}
+
+/*
+ * Prune the DNS cache. This assumes that a lock has already been taken.
+ */
+static void
+hostcache_prune(struct curl_hash *hostcache, long cache_timeout, time_t now)
+{
+  struct hostcache_prune_data user;
+
+  user.cache_timeout = cache_timeout;
+  user.now = now;
+
+  Curl_hash_clean_with_criterium(hostcache,
+                                 (void *) &user,
+                                 hostcache_timestamp_remove);
+}
+
+/*
+ * Library-wide function for pruning the DNS cache. This function takes and
+ * returns the appropriate locks.
+ */
+void Curl_hostcache_prune(struct SessionHandle *data)
+{
+  time_t now;
+
+  if((data->set.dns_cache_timeout == -1) || !data->dns.hostcache)
+    /* cache forever means never prune, and NULL hostcache means
+       we can't do it */
+    return;
+
+  if(data->share)
+    Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
+
+  time(&now);
+
+  /* Remove outdated and unused entries from the hostcache */
+  hostcache_prune(data->dns.hostcache,
+                  data->set.dns_cache_timeout,
+                  now);
+
+  if(data->share)
+    Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+}
+
+/*
+ * Check if the entry should be pruned. Assumes a locked cache.
+ */
+static int
+remove_entry_if_stale(struct SessionHandle *data, struct Curl_dns_entry *dns)
+{
+  struct hostcache_prune_data user;
+
+  if(!dns || (data->set.dns_cache_timeout == -1) || !data->dns.hostcache ||
+     dns->inuse)
+    /* cache forever means never prune, and NULL hostcache means we can't do
+       it, if it still is in use then we leave it */
+    return 0;
+
+  time(&user.now);
+  user.cache_timeout = data->set.dns_cache_timeout;
+
+  if(!hostcache_timestamp_remove(&user,dns) )
+    return 0;
+
+  Curl_hash_clean_with_criterium(data->dns.hostcache,
+                                 (void *) &user,
+                                 hostcache_timestamp_remove);
+
+  return 1;
+}
+
+
+#ifdef HAVE_SIGSETJMP
+/* Beware this is a global and unique instance. This is used to store the
+   return address that we can jump back to from inside a signal handler. This
+   is not thread-safe stuff. */
+sigjmp_buf curl_jmpenv;
+#endif
+
+/*
+ * Curl_fetch_addr() fetches a 'Curl_dns_entry' already in the DNS cache.
+ *
+ * Curl_resolv() checks initially and multi_runsingle() checks each time
+ * it discovers the handle in the state WAITRESOLVE whether the hostname
+ * has already been resolved and the address has already been stored in
+ * the DNS cache. This short circuits waiting for a lot of pending
+ * lookups for the same hostname requested by different handles.
+ *
+ * Returns the Curl_dns_entry entry pointer or NULL if not in the cache.
+ */
+struct Curl_dns_entry *
+Curl_fetch_addr(struct connectdata *conn,
+                const char *hostname,
+                int port, int *stale)
+{
+  char *entry_id = NULL;
+  struct Curl_dns_entry *dns = NULL;
+  size_t entry_len;
+  struct SessionHandle *data = conn->data;
+
+  /* Create an entry id, based upon the hostname and port */
+  entry_id = create_hostcache_id(hostname, port);
+  /* If we can't create the entry id, fail */
+  if(!entry_id)
+    return dns;
+
+  entry_len = strlen(entry_id);
+
+  /* See if its already in our dns cache */
+  dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len+1);
+
+  /* free the allocated entry_id again */
+  free(entry_id);
+
+  /* See whether the returned entry is stale. Done before we release lock */
+  *stale = remove_entry_if_stale(data, dns);
+  if(*stale)
+    dns = NULL; /* the memory deallocation is being handled by the hash */
+
+  return dns;
+}
+
+/*
+ * Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache.
+ *
+ * When calling Curl_resolv() has resulted in a response with a returned
+ * address, we call this function to store the information in the dns
+ * cache etc
+ *
+ * Returns the Curl_dns_entry entry pointer or NULL if the storage failed.
+ */
+struct Curl_dns_entry *
+Curl_cache_addr(struct SessionHandle *data,
+                Curl_addrinfo *addr,
+                const char *hostname,
+                int port)
+{
+  char *entry_id;
+  size_t entry_len;
+  struct Curl_dns_entry *dns;
+  struct Curl_dns_entry *dns2;
+
+  /* Create an entry id, based upon the hostname and port */
+  entry_id = create_hostcache_id(hostname, port);
+  /* If we can't create the entry id, fail */
+  if(!entry_id)
+    return NULL;
+  entry_len = strlen(entry_id);
+
+  /* Create a new cache entry */
+  dns = calloc(1, sizeof(struct Curl_dns_entry));
+  if(!dns) {
+    free(entry_id);
+    return NULL;
+  }
+
+  dns->inuse = 0;   /* init to not used */
+  dns->addr = addr; /* this is the address(es) */
+  time(&dns->timestamp);
+  if(dns->timestamp == 0)
+    dns->timestamp = 1;   /* zero indicates that entry isn't in hash table */
+
+  /* Store the resolved data in our DNS cache. */
+  dns2 = Curl_hash_add(data->dns.hostcache, entry_id, entry_len+1,
+                       (void *)dns);
+  if(!dns2) {
+    free(dns);
+    free(entry_id);
+    return NULL;
+  }
+
+  dns = dns2;
+  dns->inuse++;         /* mark entry as in-use */
+
+  /* free the allocated entry_id */
+  free(entry_id);
+
+  return dns;
+}
+
+/*
+ * Curl_resolv() is the main name resolve function within libcurl. It resolves
+ * a name and returns a pointer to the entry in the 'entry' argument (if one
+ * is provided). This function might return immediately if we're using asynch
+ * resolves. See the return codes.
+ *
+ * The cache entry we return will get its 'inuse' counter increased when this
+ * function is used. You MUST call Curl_resolv_unlock() later (when you're
+ * done using this struct) to decrease the counter again.
+ *
+ * In debug mode, we specifically test for an interface name "LocalHost"
+ * and resolve "localhost" instead as a means to permit test cases
+ * to connect to a local test server with any host name.
+ *
+ * Return codes:
+ *
+ * CURLRESOLV_ERROR   (-1) = error, no pointer
+ * CURLRESOLV_RESOLVED (0) = OK, pointer provided
+ * CURLRESOLV_PENDING  (1) = waiting for response, no pointer
+ */
+
+int Curl_resolv(struct connectdata *conn,
+                const char *hostname,
+                int port,
+                struct Curl_dns_entry **entry)
+{
+  struct Curl_dns_entry *dns = NULL;
+  struct SessionHandle *data = conn->data;
+  CURLcode result;
+  int stale, rc = CURLRESOLV_ERROR; /* default to failure */
+
+  *entry = NULL;
+
+  if(data->share)
+    Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
+
+  dns = Curl_fetch_addr(conn, hostname, port, &stale);
+
+  infof(data, "Hostname was %sfound in DNS cache\n", dns||stale?"":"NOT ");
+  if(stale)
+    infof(data, "Hostname in DNS cache was stale, zapped\n");
+
+
+  if(dns) {
+    dns->inuse++; /* we use it! */
+    rc = CURLRESOLV_RESOLVED;
+  }
+
+  if(data->share)
+    Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+
+  if(!dns) {
+    /* The entry was not in the cache. Resolve it to IP address */
+
+    Curl_addrinfo *addr;
+    int respwait;
+
+    /* Check what IP specifics the app has requested and if we can provide it.
+     * If not, bail out. */
+    if(!Curl_ipvalid(conn))
+      return CURLRESOLV_ERROR;
+
+    /* If Curl_getaddrinfo() returns NULL, 'respwait' might be set to a
+       non-zero value indicating that we need to wait for the response to the
+       resolve call */
+    addr = Curl_getaddrinfo(conn,
+#ifdef DEBUGBUILD
+                            (data->set.str[STRING_DEVICE]
+                             && !strcmp(data->set.str[STRING_DEVICE],
+                                        "LocalHost"))?"localhost":
+#endif
+                            hostname, port, &respwait);
+
+    if(!addr) {
+      if(respwait) {
+        /* the response to our resolve call will come asynchronously at
+           a later time, good or bad */
+        /* First, check that we haven't received the info by now */
+        result = Curl_resolver_is_resolved(conn, &dns);
+        if(result) /* error detected */
+          return CURLRESOLV_ERROR;
+        if(dns)
+          rc = CURLRESOLV_RESOLVED; /* pointer provided */
+        else
+          rc = CURLRESOLV_PENDING; /* no info yet */
+      }
+    }
+    else {
+      if(data->share)
+        Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
+
+      /* we got a response, store it in the cache */
+      dns = Curl_cache_addr(data, addr, hostname, port);
+
+      if(data->share)
+        Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+
+      if(!dns)
+        /* returned failure, bail out nicely */
+        Curl_freeaddrinfo(addr);
+      else
+        rc = CURLRESOLV_RESOLVED;
+    }
+  }
+
+  *entry = dns;
+
+  return rc;
+}
+
+#ifdef USE_ALARM_TIMEOUT
+/*
+ * This signal handler jumps back into the main libcurl code and continues
+ * execution.  This effectively causes the remainder of the application to run
+ * within a signal handler which is nonportable and could lead to problems.
+ */
+static
+RETSIGTYPE alarmfunc(int sig)
+{
+  /* this is for "-ansi -Wall -pedantic" to stop complaining!   (rabe) */
+  (void)sig;
+  siglongjmp(curl_jmpenv, 1);
+  return;
+}
+#endif /* USE_ALARM_TIMEOUT */
+
+/*
+ * Curl_resolv_timeout() is the same as Curl_resolv() but specifies a
+ * timeout.  This function might return immediately if we're using asynch
+ * resolves. See the return codes.
+ *
+ * The cache entry we return will get its 'inuse' counter increased when this
+ * function is used. You MUST call Curl_resolv_unlock() later (when you're
+ * done using this struct) to decrease the counter again.
+ *
+ * If built with a synchronous resolver and use of signals is not
+ * disabled by the application, then a nonzero timeout will cause a
+ * timeout after the specified number of milliseconds. Otherwise, timeout
+ * is ignored.
+ *
+ * Return codes:
+ *
+ * CURLRESOLV_TIMEDOUT(-2) = warning, time too short or previous alarm expired
+ * CURLRESOLV_ERROR   (-1) = error, no pointer
+ * CURLRESOLV_RESOLVED (0) = OK, pointer provided
+ * CURLRESOLV_PENDING  (1) = waiting for response, no pointer
+ */
+
+int Curl_resolv_timeout(struct connectdata *conn,
+                        const char *hostname,
+                        int port,
+                        struct Curl_dns_entry **entry,
+                        long timeoutms)
+{
+#ifdef USE_ALARM_TIMEOUT
+#ifdef HAVE_SIGACTION
+  struct sigaction keep_sigact;   /* store the old struct here */
+  volatile bool keep_copysig = FALSE; /* wether old sigact has been saved */
+  struct sigaction sigact;
+#else
+#ifdef HAVE_SIGNAL
+  void (*keep_sigact)(int);       /* store the old handler here */
+#endif /* HAVE_SIGNAL */
+#endif /* HAVE_SIGACTION */
+  volatile long timeout;
+  volatile unsigned int prev_alarm = 0;
+  struct SessionHandle *data = conn->data;
+#endif /* USE_ALARM_TIMEOUT */
+  int rc;
+
+  *entry = NULL;
+
+  if(timeoutms < 0)
+    /* got an already expired timeout */
+    return CURLRESOLV_TIMEDOUT;
+
+#ifdef USE_ALARM_TIMEOUT
+  if(data->set.no_signal)
+    /* Ignore the timeout when signals are disabled */
+    timeout = 0;
+  else
+    timeout = timeoutms;
+
+  if(!timeout)
+    /* USE_ALARM_TIMEOUT defined, but no timeout actually requested */
+    return Curl_resolv(conn, hostname, port, entry);
+
+  if(timeout < 1000)
+    /* The alarm() function only provides integer second resolution, so if
+       we want to wait less than one second we must bail out already now. */
+    return CURLRESOLV_TIMEDOUT;
+
+  /*************************************************************
+   * Set signal handler to catch SIGALRM
+   * Store the old value to be able to set it back later!
+   *************************************************************/
+#ifdef HAVE_SIGACTION
+  sigaction(SIGALRM, NULL, &sigact);
+  keep_sigact = sigact;
+  keep_copysig = TRUE; /* yes, we have a copy */
+  sigact.sa_handler = alarmfunc;
+#ifdef SA_RESTART
+  /* HPUX doesn't have SA_RESTART but defaults to that behaviour! */
+  sigact.sa_flags &= ~SA_RESTART;
+#endif
+  /* now set the new struct */
+  sigaction(SIGALRM, &sigact, NULL);
+#else /* HAVE_SIGACTION */
+  /* no sigaction(), revert to the much lamer signal() */
+#ifdef HAVE_SIGNAL
+  keep_sigact = signal(SIGALRM, alarmfunc);
+#endif
+#endif /* HAVE_SIGACTION */
+
+  /* alarm() makes a signal get sent when the timeout fires off, and that
+     will abort system calls */
+  prev_alarm = alarm(curlx_sltoui(timeout/1000L));
+
+  /* This allows us to time-out from the name resolver, as the timeout
+     will generate a signal and we will siglongjmp() from that here.
+     This technique has problems (see alarmfunc).
+     This should be the last thing we do before calling Curl_resolv(),
+     as otherwise we'd have to worry about variables that get modified
+     before we invoke Curl_resolv() (and thus use "volatile"). */
+  if(sigsetjmp(curl_jmpenv, 1)) {
+    /* this is coming from a siglongjmp() after an alarm signal */
+    failf(data, "name lookup timed out");
+    rc = CURLRESOLV_ERROR;
+    goto clean_up;
+  }
+
+#else
+#ifndef CURLRES_ASYNCH
+  if(timeoutms)
+    infof(conn->data, "timeout on name lookup is not supported\n");
+#else
+  (void)timeoutms; /* timeoutms not used with an async resolver */
+#endif
+#endif /* USE_ALARM_TIMEOUT */
+
+  /* Perform the actual name resolution. This might be interrupted by an
+   * alarm if it takes too long.
+   */
+  rc = Curl_resolv(conn, hostname, port, entry);
+
+#ifdef USE_ALARM_TIMEOUT
+clean_up:
+
+  if(!prev_alarm)
+    /* deactivate a possibly active alarm before uninstalling the handler */
+    alarm(0);
+
+#ifdef HAVE_SIGACTION
+  if(keep_copysig) {
+    /* we got a struct as it looked before, now put that one back nice
+       and clean */
+    sigaction(SIGALRM, &keep_sigact, NULL); /* put it back */
+  }
+#else
+#ifdef HAVE_SIGNAL
+  /* restore the previous SIGALRM handler */
+  signal(SIGALRM, keep_sigact);
+#endif
+#endif /* HAVE_SIGACTION */
+
+  /* switch back the alarm() to either zero or to what it was before minus
+     the time we spent until now! */
+  if(prev_alarm) {
+    /* there was an alarm() set before us, now put it back */
+    unsigned long elapsed_ms = Curl_tvdiff(Curl_tvnow(), conn->created);
+
+    /* the alarm period is counted in even number of seconds */
+    unsigned long alarm_set = prev_alarm - elapsed_ms/1000;
+
+    if(!alarm_set ||
+       ((alarm_set >= 0x80000000) && (prev_alarm < 0x80000000)) ) {
+      /* if the alarm time-left reached zero or turned "negative" (counted
+         with unsigned values), we should fire off a SIGALRM here, but we
+         won't, and zero would be to switch it off so we never set it to
+         less than 1! */
+      alarm(1);
+      rc = CURLRESOLV_TIMEDOUT;
+      failf(data, "Previous alarm fired off!");
+    }
+    else
+      alarm((unsigned int)alarm_set);
+  }
+#endif /* USE_ALARM_TIMEOUT */
+
+  return rc;
+}
+
+/*
+ * Curl_resolv_unlock() unlocks the given cached DNS entry. When this has been
+ * made, the struct may be destroyed due to pruning. It is important that only
+ * one unlock is made for each Curl_resolv() call.
+ *
+ * May be called with 'data' == NULL for global cache.
+ */
+void Curl_resolv_unlock(struct SessionHandle *data, struct Curl_dns_entry *dns)
+{
+  DEBUGASSERT(dns && (dns->inuse>0));
+
+  if(data && data->share)
+    Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
+
+  dns->inuse--;
+  /* only free if nobody is using AND it is not in hostcache (timestamp ==
+     0) */
+  if(dns->inuse == 0 && dns->timestamp == 0) {
+    Curl_freeaddrinfo(dns->addr);
+    free(dns);
+  }
+
+  if(data && data->share)
+    Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+}
+
+/*
+ * File-internal: free a cache dns entry.
+ */
+static void freednsentry(void *freethis)
+{
+  struct Curl_dns_entry *p = (struct Curl_dns_entry *) freethis;
+
+  /* mark the entry as not in hostcache */
+  p->timestamp = 0;
+  if(p->inuse == 0) {
+    Curl_freeaddrinfo(p->addr);
+    free(p);
+  }
+}
+
+/*
+ * Curl_mk_dnscache() creates a new DNS cache and returns the handle for it.
+ */
+struct curl_hash *Curl_mk_dnscache(void)
+{
+  return Curl_hash_alloc(7, Curl_hash_str, Curl_str_key_compare, freednsentry);
+}
+
+static int hostcache_inuse(void *data, void *hc)
+{
+  struct Curl_dns_entry *c = (struct Curl_dns_entry *) hc;
+
+  if(c->inuse == 1)
+    Curl_resolv_unlock(data, c);
+
+  return 1; /* free all entries */
+}
+
+/*
+ * Curl_hostcache_clean()
+ *
+ * This _can_ be called with 'data' == NULL but then of course no locking
+ * can be done!
+ */
+
+void Curl_hostcache_clean(struct SessionHandle *data,
+                          struct curl_hash *hash)
+{
+  /* Entries added to the hostcache with the CURLOPT_RESOLVE function are
+   * still present in the cache with the inuse counter set to 1. Detect them
+   * and cleanup!
+   */
+  Curl_hash_clean_with_criterium(hash, data, hostcache_inuse);
+}
+
+
+CURLcode Curl_loadhostpairs(struct SessionHandle *data)
+{
+  struct curl_slist *hostp;
+  char hostname[256];
+  char address[256];
+  int port;
+
+  for(hostp = data->change.resolve; hostp; hostp = hostp->next ) {
+    if(!hostp->data)
+      continue;
+    if(hostp->data[0] == '-') {
+      /* TODO: mark an entry for removal */
+    }
+    else if(3 == sscanf(hostp->data, "%255[^:]:%d:%255s", hostname, &port,
+                        address)) {
+      struct Curl_dns_entry *dns;
+      Curl_addrinfo *addr;
+      char *entry_id;
+      size_t entry_len;
+
+      addr = Curl_str2addr(address, port);
+      if(!addr) {
+        infof(data, "Resolve %s found illegal!\n", hostp->data);
+        continue;
+      }
+
+      /* Create an entry id, based upon the hostname and port */
+      entry_id = create_hostcache_id(hostname, port);
+      /* If we can't create the entry id, fail */
+      if(!entry_id) {
+        Curl_freeaddrinfo(addr);
+        return CURLE_OUT_OF_MEMORY;
+      }
+
+      entry_len = strlen(entry_id);
+
+      if(data->share)
+        Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
+
+      /* See if its already in our dns cache */
+      dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len+1);
+
+      /* free the allocated entry_id again */
+      free(entry_id);
+
+      if(!dns)
+        /* if not in the cache already, put this host in the cache */
+        dns = Curl_cache_addr(data, addr, hostname, port);
+      else
+        /* this is a duplicate, free it again */
+        Curl_freeaddrinfo(addr);
+
+      if(data->share)
+        Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+
+      if(!dns) {
+        Curl_freeaddrinfo(addr);
+        return CURLE_OUT_OF_MEMORY;
+      }
+      infof(data, "Added %s:%d:%s to DNS cache\n",
+            hostname, port, address);
+    }
+  }
+  data->change.resolve = NULL; /* dealt with now */
+
+  return CURLE_OK;
+}
diff --git a/Utilities/cmcurl/hostip.h b/Utilities/cmcurl/lib/hostip.h
index e6d63ca..4404651 100644
--- a/Utilities/cmcurl/hostip.h
+++ b/Utilities/cmcurl/lib/hostip.h
@@ -1,5 +1,5 @@
-#ifndef __HOSTIP_H
-#define __HOSTIP_H
+#ifndef HEADER_CURL_HOSTIP_H
+#define HEADER_CURL_HOSTIP_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,57 +20,20 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 #include "hash.h"
+#include "curl_addrinfo.h"
+#include "asyn.h"
 
-#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
-#undef in_addr_t
-#define in_addr_t uint32_t
-#endif
-
-/*
- * Setup comfortable CURLRES_* defines to use in the host*.c sources.
- */
-
-#ifdef USE_ARES
-#define CURLRES_ASYNCH
-#define CURLRES_ARES
-#endif
-
-#ifdef USE_THREADING_GETHOSTBYNAME
-#define CURLRES_ASYNCH
-#define CURLRES_THREADED
-#endif
-
-#ifdef USE_THREADING_GETADDRINFO
-#define CURLRES_ASYNCH
-#define CURLRES_THREADED
+#ifdef HAVE_SETJMP_H
+#include <setjmp.h>
 #endif
 
-#ifdef ENABLE_IPV6
-#define CURLRES_IPV6
-#else
-#define CURLRES_IPV4
-#endif
-
-#if defined(CURLRES_IPV4) || defined(CURLRES_ARES)
-#if !defined(HAVE_GETHOSTBYNAME_R) || defined(CURLRES_ASYNCH)
-/* If built for ipv4 and missing gethostbyname_r(), or if using async name
-   resolve, we need the Curl_addrinfo_copy() function (which itself needs the
-   Curl_he2ai() function)) */
-#define CURLRES_ADDRINFO_COPY
-#endif
-#endif /* IPv4/ares-only */
-
-#ifndef CURLRES_ASYNCH
-#define CURLRES_SYNCH
-#endif
-
-#ifndef USE_LIBIDN
-#define CURLRES_IDN
+#ifdef NETWARE
+#undef in_addr_t
+#define in_addr_t unsigned long
 #endif
 
 /* Allocate enough memory to hold the full name information structs and
@@ -83,48 +46,27 @@
 #define CURL_TIMEOUT_RESOLVE 300 /* when using asynch methods, we allow this
                                     many seconds for a name resolve */
 
-#ifdef CURLRES_ARES
-#define CURL_ASYNC_SUCCESS ARES_SUCCESS
-#else
 #define CURL_ASYNC_SUCCESS CURLE_OK
-#define ares_cancel(x) do {} while(0)
-#define ares_destroy(x) do {} while(0)
-#endif
-
-/*
- * Curl_addrinfo MUST be used for all name resolved info.
- */
-#ifdef CURLRES_IPV6
-typedef struct addrinfo Curl_addrinfo;
-#else
-/* OK, so some ipv4-only include tree probably have the addrinfo struct, but
-   to work even on those that don't, we provide our own look-alike! */
-struct Curl_addrinfo {
-  int                   ai_flags;
-  int                   ai_family;
-  int                   ai_socktype;
-  int                   ai_protocol;
-  socklen_t             ai_addrlen;   /* Follow rfc3493 struct addrinfo */
-  char                 *ai_canonname;
-  struct sockaddr      *ai_addr;
-  struct Curl_addrinfo *ai_next;
-};
-typedef struct Curl_addrinfo Curl_addrinfo;
-#endif
 
 struct addrinfo;
 struct hostent;
 struct SessionHandle;
 struct connectdata;
 
-void Curl_global_host_cache_init(void);
+/*
+ * Curl_global_host_cache_init() initializes and sets up a global DNS cache.
+ * Global DNS cache is general badness. Do not use. This will be removed in
+ * a future version. Use the share interface instead!
+ *
+ * Returns a struct curl_hash pointer on success, NULL on failure.
+ */
+struct curl_hash *Curl_global_host_cache_init(void);
 void Curl_global_host_cache_dtor(void);
-struct curl_hash *Curl_global_host_cache_get(void);
-
-#define Curl_global_host_cache_use(__p) ((__p)->set.global_dns_cache)
 
 struct Curl_dns_entry {
   Curl_addrinfo *addr;
+  /* timestamp == 0 -- entry not in hostcache
+     timestamp != 0 -- entry is in hostcache */
   time_t timestamp;
   long inuse;      /* use-counter, make very sure you decrease this
                       when you're done using the address you received */
@@ -138,17 +80,31 @@ struct Curl_dns_entry {
  * use, or we'll leak memory!
  */
 /* return codes */
+#define CURLRESOLV_TIMEDOUT -2
 #define CURLRESOLV_ERROR    -1
 #define CURLRESOLV_RESOLVED  0
 #define CURLRESOLV_PENDING   1
 int Curl_resolv(struct connectdata *conn, const char *hostname,
                 int port, struct Curl_dns_entry **dnsentry);
+int Curl_resolv_timeout(struct connectdata *conn, const char *hostname,
+                        int port, struct Curl_dns_entry **dnsentry,
+                        long timeoutms);
+
+#ifdef CURLRES_IPV6
+/*
+ * Curl_ipv6works() returns TRUE if ipv6 seems to work.
+ */
+bool Curl_ipv6works(void);
+#else
+#define Curl_ipv6works() FALSE
+#endif
 
 /*
  * Curl_ipvalid() checks what CURL_IPRESOLVE_* requirements that might've
  * been set and returns TRUE if they are OK.
  */
-bool Curl_ipvalid(struct SessionHandle *data);
+bool Curl_ipvalid(struct connectdata *conn);
+
 
 /*
  * Curl_getaddrinfo() is the generic low-level name resolve API within this
@@ -161,20 +117,6 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
                                 int port,
                                 int *waitp);
 
-CURLcode Curl_is_resolved(struct connectdata *conn,
-                          struct Curl_dns_entry **dns);
-CURLcode Curl_wait_for_resolv(struct connectdata *conn,
-                              struct Curl_dns_entry **dnsentry);
-
-/* Curl_resolv_getsock() is a generic function that exists in multiple
-   versions depending on what name resolve technology we've built to use. The
-   function is called from the multi_getsock() function.  'sock' is a pointer
-   to an array to hold the file descriptors, with 'numsock' being the size of
-   that array (in number of entries). This function is supposed to return
-   bitmask indicating what file descriptors (referring to array indexes in the
-   'sock' array) to wait for, read/write. */
-int Curl_resolv_getsock(struct connectdata *conn, curl_socket_t *sock,
-                        int numsocks);
 
 /* unlock a previously resolved dns entry */
 void Curl_resolv_unlock(struct SessionHandle *data,
@@ -183,9 +125,6 @@ void Curl_resolv_unlock(struct SessionHandle *data,
 /* for debugging purposes only: */
 void Curl_scan_cache_used(void *user, void *ptr);
 
-/* free name info */
-void Curl_freeaddrinfo(Curl_addrinfo *freeaddr);
-
 /* make a new dns cache and return the handle */
 struct curl_hash *Curl_mk_dnscache(void);
 
@@ -195,14 +134,7 @@ void Curl_hostcache_prune(struct SessionHandle *data);
 /* Return # of adresses in a Curl_addrinfo struct */
 int Curl_num_addresses (const Curl_addrinfo *addr);
 
-#ifdef CURLDEBUG
-void curl_dofreeaddrinfo(struct addrinfo *freethis,
-                         int line, const char *source);
-int curl_dogetaddrinfo(const char *hostname, const char *service,
-                       struct addrinfo *hints,
-                       struct addrinfo **result,
-                       int line, const char *source);
-#ifdef HAVE_GETNAMEINFO
+#if defined(CURLDEBUG) && defined(HAVE_GETNAMEINFO)
 int curl_dogetnameinfo(GETNAMEINFO_QUAL_ARG1 GETNAMEINFO_TYPE_ARG1 sa,
                        GETNAMEINFO_TYPE_ARG2 salen,
                        char *host, GETNAMEINFO_TYPE_ARG46 hostlen,
@@ -210,30 +142,26 @@ int curl_dogetnameinfo(GETNAMEINFO_QUAL_ARG1 GETNAMEINFO_TYPE_ARG1 sa,
                        GETNAMEINFO_TYPE_ARG7 flags,
                        int line, const char *source);
 #endif
-#endif
 
-/* This is the callback function that is used when we build with asynch
-   resolve, ipv4 */
-CURLcode Curl_addrinfo4_callback(void *arg,
-                                 int status,
-                                 struct hostent *hostent);
-/* This is the callback function that is used when we build with asynch
-   resolve, ipv6 */
-CURLcode Curl_addrinfo6_callback(void *arg,
-                                 int status,
-                                 struct addrinfo *ai);
+/* IPv4 threadsafe resolve function used for synch and asynch builds */
+Curl_addrinfo *Curl_ipv4_resolve_r(const char * hostname, int port);
 
+CURLcode Curl_async_resolved(struct connectdata *conn,
+                             bool *protocol_connect);
 
-/* [ipv4/ares only] Creates a Curl_addrinfo struct from a numerical-only IP
-   address */
-Curl_addrinfo *Curl_ip2addr(in_addr_t num, const char *hostname, int port);
-
-/* [ipv4/ares only] Curl_he2ai() converts a struct hostent to a Curl_addrinfo chain
-   and returns it */
-Curl_addrinfo *Curl_he2ai(const struct hostent *, int port);
+#ifndef CURLRES_ASYNCH
+#define Curl_async_resolved(x,y) CURLE_OK
+#endif
 
-/* Clone a Curl_addrinfo struct, works protocol independently */
-Curl_addrinfo *Curl_addrinfo_copy(const void *orig, int port);
+/*
+ * Curl_addrinfo_callback() is used when we build with any asynch specialty.
+ * Handles end of async request processing. Inserts ai into hostcache when
+ * status is CURL_ASYNC_SUCCESS. Twiddles fields in conn to indicate async
+ * request completed whether successful or failed.
+ */
+CURLcode Curl_addrinfo_callback(struct connectdata *conn,
+                                int status,
+                                Curl_addrinfo *ai);
 
 /*
  * Curl_printable_address() returns a printable version of the 1st address
@@ -244,6 +172,17 @@ const char *Curl_printable_address(const Curl_addrinfo *ip,
                                    char *buf, size_t bufsize);
 
 /*
+ * Curl_fetch_addr() fetches a 'Curl_dns_entry' already in the DNS cache.
+ *
+ * Returns the Curl_dns_entry entry pointer or NULL if not in the cache.
+ */
+struct Curl_dns_entry *
+Curl_fetch_addr(struct connectdata *conn,
+                const char *hostname,
+                int port,
+                int *stale);
+
+/*
  * Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache.
  *
  * Returns the Curl_dns_entry entry pointer or NULL if the storage failed.
@@ -252,20 +191,60 @@ struct Curl_dns_entry *
 Curl_cache_addr(struct SessionHandle *data, Curl_addrinfo *addr,
                 const char *hostname, int port);
 
-/*
- * Curl_destroy_thread_data() cleans up async resolver data.
- * Complementary of ares_destroy.
- */
-struct Curl_async; /* forward-declaration */
-void Curl_destroy_thread_data(struct Curl_async *async);
-
 #ifndef INADDR_NONE
 #define CURL_INADDR_NONE (in_addr_t) ~0
 #else
 #define CURL_INADDR_NONE INADDR_NONE
 #endif
 
+#ifdef HAVE_SIGSETJMP
+/* Forward-declaration of variable defined in hostip.c. Beware this
+ * is a global and unique instance. This is used to store the return
+ * address that we can jump back to from inside a signal handler.
+ * This is not thread-safe stuff.
+ */
+extern sigjmp_buf curl_jmpenv;
+#endif
+
+/*
+ * Function provided by the resolver backend to set DNS servers to use.
+ */
+CURLcode Curl_set_dns_servers(struct SessionHandle *data, char *servers);
+
+/*
+ * Function provided by the resolver backend to set
+ * outgoing interface to use for DNS requests
+ */
+CURLcode Curl_set_dns_interface(struct SessionHandle *data,
+                                const char *interf);
 
+/*
+ * Function provided by the resolver backend to set
+ * local IPv4 address to use as source address for DNS requests
+ */
+CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
+                                const char *local_ip4);
 
+/*
+ * Function provided by the resolver backend to set
+ * local IPv6 address to use as source address for DNS requests
+ */
+CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
+                                const char *local_ip6);
 
-#endif
+/*
+ * Clean off entries from the cache
+ */
+void Curl_hostcache_clean(struct SessionHandle *data, struct curl_hash *hash);
+
+/*
+ * Destroy the hostcache of this handle.
+ */
+void Curl_hostcache_destroy(struct SessionHandle *data);
+
+/*
+ * Populate the cache with specified entries from CURLOPT_RESOLVE.
+ */
+CURLcode Curl_loadhostpairs(struct SessionHandle *data);
+
+#endif /* HEADER_CURL_HOSTIP_H */
diff --git a/Utilities/cmcurl/hostip4.c b/Utilities/cmcurl/lib/hostip4.c
index 877baa2..1e39f4a 100644
--- a/Utilities/cmcurl/hostip4.c
+++ b/Utilities/cmcurl/lib/hostip4.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,23 +18,10 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
-#include <string.h>
-#include <errno.h>
-
-#ifdef NEED_MALLOC_H
-#include <malloc.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
@@ -44,20 +31,9 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>     /* for the close() proto */
-#endif
-#ifdef  VMS
+#ifdef __VMS
 #include <in.h>
 #include <inet.h>
-#include <stdlib.h>
-#endif
-
-#ifdef HAVE_SETJMP_H
-#include <setjmp.h>
 #endif
 
 #ifdef HAVE_PROCESS_H
@@ -76,11 +52,7 @@
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-#include "memory.h"
+#include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
 
@@ -92,16 +64,16 @@
  * Curl_ipvalid() checks what CURL_IPRESOLVE_* requirements that might've
  * been set and returns TRUE if they are OK.
  */
-bool Curl_ipvalid(struct SessionHandle *data)
+bool Curl_ipvalid(struct connectdata *conn)
 {
-  if(data->set.ip_version == CURL_IPRESOLVE_V6)
+  if(conn->ip_version == CURL_IPRESOLVE_V6)
     /* an ipv6 address was requested and we can't get/use one */
     return FALSE;
 
   return TRUE; /* OK, proceed */
 }
 
-#ifdef CURLRES_SYNCH /* the functions below are for synchronous resolves */
+#ifdef CURLRES_SYNCH
 
 /*
  * Curl_getaddrinfo() - the ipv4 synchronous version.
@@ -125,20 +97,63 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
                                 int *waitp)
 {
   Curl_addrinfo *ai = NULL;
+
+#ifdef CURL_DISABLE_VERBOSE_STRINGS
+  (void)conn;
+#endif
+
+  *waitp = 0; /* synchronous response only */
+
+  ai = Curl_ipv4_resolve_r(hostname, port);
+  if(!ai)
+    infof(conn->data, "Curl_ipv4_resolve_r failed for %s\n", hostname);
+
+  return ai;
+}
+#endif /* CURLRES_SYNCH */
+#endif /* CURLRES_IPV4 */
+
+#if defined(CURLRES_IPV4) && !defined(CURLRES_ARES)
+
+/*
+ * Curl_ipv4_resolve_r() - ipv4 threadsafe resolver function.
+ *
+ * This is used for both synchronous and asynchronous resolver builds,
+ * implying that only threadsafe code and function calls may be used.
+ *
+ */
+Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname,
+                                   int port)
+{
+#if !defined(HAVE_GETADDRINFO_THREADSAFE) && defined(HAVE_GETHOSTBYNAME_R_3)
+  int res;
+#endif
+  Curl_addrinfo *ai = NULL;
   struct hostent *h = NULL;
-  in_addr_t in;
-  struct SessionHandle *data = conn->data;
+  struct in_addr in;
   struct hostent *buf = NULL;
 
-  (void)port; /* unused in IPv4 code */
+  if(Curl_inet_pton(AF_INET, hostname, &in) > 0)
+    /* This is a dotted IP address 123.123.123.123-style */
+    return Curl_ip2addr(AF_INET, &in, hostname, port);
 
-  *waitp = 0; /* don't wait, we act synchronously */
+#if defined(HAVE_GETADDRINFO_THREADSAFE)
+  else {
+    struct addrinfo hints;
+    char sbuf[12];
+    char *sbufptr = NULL;
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_INET;
+    hints.ai_socktype = SOCK_STREAM;
+    if(port) {
+      snprintf(sbuf, sizeof(sbuf), "%d", port);
+      sbufptr = sbuf;
+    }
 
-  if(1 == Curl_inet_pton(AF_INET, hostname, &in))
-    /* This is a dotted IP address 123.123.123.123-style */
-    return Curl_ip2addr(in, hostname, port);
+    (void)Curl_getaddrinfo_ex(hostname, sbufptr, &hints, &ai);
 
-#if defined(HAVE_GETHOSTBYNAME_R)
+#elif defined(HAVE_GETHOSTBYNAME_R)
   /*
    * gethostbyname_r() is the preferred resolve function for many platforms.
    * Since there are three different versions of it, the following code is
@@ -146,9 +161,8 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
    */
   else {
     int h_errnop;
-    int res=ERANGE;
 
-    buf = (struct hostent *)calloc(CURL_HOSTENT_SIZE, 1);
+    buf = calloc(1, CURL_HOSTENT_SIZE);
     if(!buf)
       return NULL; /* major failure */
     /*
@@ -157,9 +171,8 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
      * platforms.
      */
 
-#ifdef HAVE_GETHOSTBYNAME_R_5
+#if defined(HAVE_GETHOSTBYNAME_R_5)
     /* Solaris, IRIX and more */
-    (void)res; /* prevent compiler warning */
     h = gethostbyname_r(hostname,
                         (struct hostent *)buf,
                         (char *)buf + sizeof(struct hostent),
@@ -176,11 +189,10 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
       ;
     }
     else
-#endif /* HAVE_GETHOSTBYNAME_R_5 */
-#ifdef HAVE_GETHOSTBYNAME_R_6
+#elif defined(HAVE_GETHOSTBYNAME_R_6)
     /* Linux */
 
-    res=gethostbyname_r(hostname,
+    (void)gethostbyname_r(hostname,
                         (struct hostent *)buf,
                         (char *)buf + sizeof(struct hostent),
                         CURL_HOSTENT_SIZE - sizeof(struct hostent),
@@ -218,8 +230,7 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
      */
 
     if(!h) /* failure */
-#endif/* HAVE_GETHOSTBYNAME_R_6 */
-#ifdef HAVE_GETHOSTBYNAME_R_3
+#elif defined(HAVE_GETHOSTBYNAME_R_3)
     /* AIX, Digital Unix/Tru64, HPUX 10, more? */
 
     /* For AIX 4.3 or later, we don't use gethostbyname_r() at all, because of
@@ -252,7 +263,7 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
                             (struct hostent *)buf,
                             (struct hostent_data *)((char *)buf +
                                                     sizeof(struct hostent)));
-      h_errnop= errno; /* we don't deal with this, but set it anyway */
+      h_errnop = SOCKERRNO; /* we don't deal with this, but set it anyway */
     }
     else
       res = -1; /* failure, too smallish buffer size */
@@ -271,119 +282,29 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
        */
     }
     else
-#endif /* HAVE_GETHOSTBYNAME_R_3 */
-      {
-      infof(data, "gethostbyname_r(2) failed for %s\n", hostname);
+#endif /* HAVE_...BYNAME_R_5 || HAVE_...BYNAME_R_6 || HAVE_...BYNAME_R_3 */
+    {
       h = NULL; /* set return code to NULL */
       free(buf);
     }
-#else /* HAVE_GETHOSTBYNAME_R */
+#else /* HAVE_GETADDRINFO_THREADSAFE || HAVE_GETHOSTBYNAME_R */
     /*
-     * Here is code for platforms that don't have gethostbyname_r() or for
-     * which the gethostbyname() is the preferred() function.
+     * Here is code for platforms that don't have a thread safe
+     * getaddrinfo() nor gethostbyname_r() function or for which
+     * gethostbyname() is the preferred one.
      */
   else {
-    h = gethostbyname(hostname);
-    if (!h)
-      infof(data, "gethostbyname(2) failed for %s\n", hostname);
-#endif /*HAVE_GETHOSTBYNAME_R */
+    h = gethostbyname((void*)hostname);
+#endif /* HAVE_GETADDRINFO_THREADSAFE || HAVE_GETHOSTBYNAME_R */
   }
 
   if(h) {
     ai = Curl_he2ai(h, port);
 
-    if (buf) /* used a *_r() function */
+    if(buf) /* used a *_r() function */
       free(buf);
   }
 
   return ai;
 }
-
-#endif /* CURLRES_SYNCH */
-#endif /* CURLRES_IPV4 */
-
-/*
- * Curl_he2ai() translates from a hostent struct to a Curl_addrinfo struct.
- * The Curl_addrinfo is meant to work like the addrinfo struct does for IPv6
- * stacks, but for all hosts and environments.
- *
- *   Curl_addrinfo defined in "lib/hostip.h"
- *
- *     struct Curl_addrinfo {
- *       int                   ai_flags;
- *       int                   ai_family;
- *       int                   ai_socktype;
- *       int                   ai_protocol;
- *       socklen_t             ai_addrlen;   * Follow rfc3493 struct addrinfo *
- *       char                 *ai_canonname;
- *       struct sockaddr      *ai_addr;
- *       struct Curl_addrinfo *ai_next;
- *     };
- *
- *   hostent defined in <netdb.h>
- *
- *     struct hostent {
- *       char    *h_name;
- *       char    **h_aliases;
- *       int     h_addrtype;
- *       int     h_length;
- *       char    **h_addr_list;
- *     };
- *
- *   for backward compatibility:
- *
- *     #define h_addr  h_addr_list[0]
- */
-
-Curl_addrinfo *Curl_he2ai(const struct hostent *he, int port)
-{
-  Curl_addrinfo *ai;
-  Curl_addrinfo *prevai = NULL;
-  Curl_addrinfo *firstai = NULL;
-  struct sockaddr_in *addr;
-  int i;
-  struct in_addr *curr;
-
-  if(!he)
-    /* no input == no output! */
-    return NULL;
-
-  for(i=0; (curr = (struct in_addr *)he->h_addr_list[i]) != NULL; i++) {
-
-    ai = calloc(1, sizeof(Curl_addrinfo) + sizeof(struct sockaddr_in));
-
-    if(!ai)
-      break;
-
-    if(!firstai)
-      /* store the pointer we want to return from this function */
-      firstai = ai;
-
-    if(prevai)
-      /* make the previous entry point to this */
-      prevai->ai_next = ai;
-
-    ai->ai_family = AF_INET;              /* we only support this */
-
-    /* we return all names as STREAM, so when using this address for TFTP
-       the type must be ignored and conn->socktype be used instead! */
-    ai->ai_socktype = SOCK_STREAM;
-
-    ai->ai_addrlen = sizeof(struct sockaddr_in);
-    /* make the ai_addr point to the address immediately following this struct
-       and use that area to store the address */
-    ai->ai_addr = (struct sockaddr *) ((char*)ai + sizeof(Curl_addrinfo));
-
-    /* leave the rest of the struct filled with zero */
-
-    addr = (struct sockaddr_in *)ai->ai_addr; /* storage area for this info */
-
-    memcpy((char *)&(addr->sin_addr), curr, sizeof(struct in_addr));
-    addr->sin_family = he->h_addrtype;
-    addr->sin_port = htons((unsigned short)port);
-
-    prevai = ai;
-  }
-  return firstai;
-}
-
+#endif /* defined(CURLRES_IPV4) && !defined(CURLRES_ARES) */
diff --git a/Utilities/cmcurl/hostip6.c b/Utilities/cmcurl/lib/hostip6.c
index c8bbdb5..8327004 100644
--- a/Utilities/cmcurl/hostip6.c
+++ b/Utilities/cmcurl/lib/hostip6.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,22 +18,10 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
-#include <string.h>
-
-#ifdef NEED_MALLOC_H
-#include <malloc.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
@@ -43,20 +31,9 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>     /* for the close() proto */
-#endif
-#ifdef  VMS
+#ifdef __VMS
 #include <in.h>
 #include <inet.h>
-#include <stdlib.h>
-#endif
-
-#ifdef HAVE_SETJMP_H
-#include <setjmp.h>
 #endif
 
 #ifdef HAVE_PROCESS_H
@@ -76,11 +53,7 @@
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-#include "memory.h"
+#include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
 
@@ -88,61 +61,19 @@
  * Only for ipv6-enabled builds
  **********************************************************************/
 #ifdef CURLRES_IPV6
-#ifndef CURLRES_ARES
-/*
- * This is a wrapper function for freeing name information in a protocol
- * independent way. This takes care of using the appropriate underlaying
- * function.
- */
-void Curl_freeaddrinfo(Curl_addrinfo *p)
-{
-  freeaddrinfo(p);
-}
 
-#ifdef CURLRES_ASYNCH
-/*
- * Curl_addrinfo_copy() is used by the asynch callback to copy a given
- * address. But this is an ipv6 build and then we don't copy the address, we
- * just return the same pointer!
- */
-Curl_addrinfo *Curl_addrinfo_copy(const void *orig, int port)
-{
-  (void) port;
-  return (Curl_addrinfo*)orig;
-}
-#endif  /* CURLRES_ASYNCH */
-#endif  /* CURLRES_ARES */
 
-#ifdef CURLDEBUG
+#if defined(CURLDEBUG) && defined(HAVE_GETNAMEINFO)
 /* These are strictly for memory tracing and are using the same style as the
  * family otherwise present in memdebug.c. I put these ones here since they
- * require a bunch of structs I didn't wanna include in memdebug.c
+ * require a bunch of structs I didn't want to include in memdebug.c
  */
-int curl_dogetaddrinfo(const char *hostname, const char *service,
-                       struct addrinfo *hints,
-                       struct addrinfo **result,
-                       int line, const char *source)
-{
-  int res=(getaddrinfo)(hostname, service, hints, result);
-  if(0 == res) {
-    /* success */
-    if(logfile)
-      fprintf(logfile, "ADDR %s:%d getaddrinfo() = %p\n",
-              source, line, (void *)*result);
-  }
-  else {
-    if(logfile)
-      fprintf(logfile, "ADDR %s:%d getaddrinfo() failed\n",
-              source, line);
-  }
-  return res;
-}
 
 /*
  * For CURLRES_ARS, this should be written using ares_gethostbyaddr()
  * (ignoring the fact c-ares doesn't return 'serv').
  */
-#ifdef HAVE_GETNAMEINFO
+
 int curl_dogetnameinfo(GETNAMEINFO_QUAL_ARG1 GETNAMEINFO_TYPE_ARG1 sa,
                        GETNAMEINFO_TYPE_ARG2 salen,
                        char *host, GETNAMEINFO_TYPE_ARG46 hostlen,
@@ -154,67 +85,70 @@ int curl_dogetnameinfo(GETNAMEINFO_QUAL_ARG1 GETNAMEINFO_TYPE_ARG1 sa,
                           host, hostlen,
                           serv, servlen,
                           flags);
-  if(0 == res) {
+  if(0 == res)
     /* success */
-    if(logfile)
-      fprintf(logfile, "GETNAME %s:%d getnameinfo()\n",
-              source, line);
-  }
-  else {
-    if(logfile)
-      fprintf(logfile, "GETNAME %s:%d getnameinfo() failed = %d\n",
-              source, line, res);
-  }
+    curl_memlog("GETNAME %s:%d getnameinfo()\n",
+                source, line);
+  else
+    curl_memlog("GETNAME %s:%d getnameinfo() failed = %d\n",
+                source, line, res);
   return res;
 }
-#endif
+#endif /* defined(CURLDEBUG) && defined(HAVE_GETNAMEINFO) */
 
-void curl_dofreeaddrinfo(struct addrinfo *freethis,
-                         int line, const char *source)
+/*
+ * Curl_ipv6works() returns TRUE if ipv6 seems to work.
+ */
+bool Curl_ipv6works(void)
 {
-  (freeaddrinfo)(freethis);
-  if(logfile)
-    fprintf(logfile, "ADDR %s:%d freeaddrinfo(%p)\n",
-            source, line, (void *)freethis);
+  /* the nature of most system is that IPv6 status doesn't come and go
+     during a program's lifetime so we only probe the first time and then we
+     have the info kept for fast re-use */
+  static int ipv6_works = -1;
+  if(-1 == ipv6_works) {
+    /* probe to see if we have a working IPv6 stack */
+    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
+    if(s == CURL_SOCKET_BAD)
+      /* an ipv6 address was requested but we can't get/use one */
+      ipv6_works = 0;
+    else {
+      ipv6_works = 1;
+      Curl_closesocket(NULL, s);
+    }
+  }
+  return (ipv6_works>0)?TRUE:FALSE;
 }
-#endif  /* CURLDEBUG */
 
 /*
  * Curl_ipvalid() checks what CURL_IPRESOLVE_* requirements that might've
  * been set and returns TRUE if they are OK.
  */
-bool Curl_ipvalid(struct SessionHandle *data)
+bool Curl_ipvalid(struct connectdata *conn)
 {
-  if(data->set.ip_version == CURL_IPRESOLVE_V6) {
-    /* see if we have an IPv6 stack */
-    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
-    if (s == CURL_SOCKET_BAD)
-      /* an ipv6 address was requested and we can't get/use one */
-      return FALSE;
-    sclose(s);
-  }
+  if(conn->ip_version == CURL_IPRESOLVE_V6)
+    return Curl_ipv6works();
   return TRUE;
 }
 
-#if !defined(USE_THREADING_GETADDRINFO) && !defined(CURLRES_ARES)
+#if defined(CURLRES_SYNCH)
 
 #ifdef DEBUG_ADDRINFO
-static void dump_addrinfo(struct connectdata *conn, const struct addrinfo *ai)
+static void dump_addrinfo(struct connectdata *conn, const Curl_addrinfo *ai)
 {
   printf("dump_addrinfo:\n");
-  for ( ; ai; ai = ai->ai_next) {
+  for(; ai; ai = ai->ai_next) {
     char  buf[INET6_ADDRSTRLEN];
 
     printf("    fam %2d, CNAME %s, ",
            ai->ai_family, ai->ai_canonname ? ai->ai_canonname : "<none>");
-    if (Curl_printable_address(ai, buf, sizeof(buf)))
+    if(Curl_printable_address(ai, buf, sizeof(buf)))
       printf("%s\n", buf);
     else
-      printf("failed; %s\n", Curl_strerror(conn, Curl_sockerrno()));
+      printf("failed; %s\n", Curl_strerror(conn, SOCKERRNO));
   }
 }
 #else
-#define dump_addrinfo(x,y)
+#define dump_addrinfo(x,y) Curl_nop_stmt
 #endif
 
 /*
@@ -231,47 +165,35 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
                                 int port,
                                 int *waitp)
 {
-  struct addrinfo hints, *res;
+  struct addrinfo hints;
+  Curl_addrinfo *res;
   int error;
-  char sbuf[NI_MAXSERV];
+  char sbuf[12];
   char *sbufptr = NULL;
   char addrbuf[128];
-  curl_socket_t s;
   int pf;
   struct SessionHandle *data = conn->data;
 
-  *waitp=0; /* don't wait, we have the response now */
-
-  /* see if we have an IPv6 stack */
-  s = socket(PF_INET6, SOCK_DGRAM, 0);
-  if (s == CURL_SOCKET_BAD) {
-    /* Some non-IPv6 stacks have been found to make very slow name resolves
-     * when PF_UNSPEC is used, so thus we switch to a mere PF_INET lookup if
-     * the stack seems to be a non-ipv6 one. */
+  *waitp = 0; /* synchronous response only */
 
+  /*
+   * Check if a limited name resolve has been requested.
+   */
+  switch(conn->ip_version) {
+  case CURL_IPRESOLVE_V4:
     pf = PF_INET;
+    break;
+  case CURL_IPRESOLVE_V6:
+    pf = PF_INET6;
+    break;
+  default:
+    pf = PF_UNSPEC;
+    break;
   }
-  else {
-    /* This seems to be an IPv6-capable stack, use PF_UNSPEC for the widest
-     * possible checks. And close the socket again.
-     */
-    sclose(s);
 
-    /*
-     * Check if a more limited name resolve has been requested.
-     */
-    switch(data->set.ip_version) {
-    case CURL_IPRESOLVE_V4:
-      pf = PF_INET;
-      break;
-    case CURL_IPRESOLVE_V6:
-      pf = PF_INET6;
-      break;
-    default:
-      pf = PF_UNSPEC;
-      break;
-    }
-  }
+  if((pf != PF_INET) && !Curl_ipv6works())
+    /* the stack seems to be a non-ipv6 one */
+    pf = PF_INET;
 
   memset(&hints, 0, sizeof(hints));
   hints.ai_family = pf;
@@ -282,17 +204,13 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
     /* the given address is numerical only, prevent a reverse lookup */
     hints.ai_flags = AI_NUMERICHOST;
   }
-#if 0 /* removed nov 8 2005 before 7.15.1 */
-  else
-    hints.ai_flags = AI_CANONNAME;
-#endif
 
   if(port) {
     snprintf(sbuf, sizeof(sbuf), "%d", port);
     sbufptr=sbuf;
   }
-  error = getaddrinfo(hostname, sbufptr, &hints, &res);
-  if (error) {
+  error = Curl_getaddrinfo_ex(hostname, sbufptr, &hints, &res);
+  if(error) {
     infof(data, "getaddrinfo(3) failed for %s:%d\n", hostname, port);
     return NULL;
   }
@@ -301,6 +219,6 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
 
   return res;
 }
-#endif /* !USE_THREADING_GETADDRINFO && !CURLRES_ARES */
-#endif /* ipv6 */
+#endif /* CURLRES_SYNCH */
+#endif /* CURLRES_IPV6 */
 
diff --git a/Utilities/cmcurl/lib/hostsyn.c b/Utilities/cmcurl/lib/hostsyn.c
new file mode 100644
index 0000000..4ad3c63
--- /dev/null
+++ b/Utilities/cmcurl/lib/hostsyn.c
@@ -0,0 +1,111 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#ifdef HAVE_PROCESS_H
+#include <process.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "hostip.h"
+#include "hash.h"
+#include "share.h"
+#include "strerror.h"
+#include "url.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/***********************************************************************
+ * Only for builds using synchronous name resolves
+ **********************************************************************/
+#ifdef CURLRES_SYNCH
+
+/*
+ * Function provided by the resolver backend to set DNS servers to use.
+ */
+CURLcode Curl_set_dns_servers(struct SessionHandle *data,
+                              char *servers)
+{
+  (void)data;
+  (void)servers;
+  return CURLE_NOT_BUILT_IN;
+
+}
+
+/*
+ * Function provided by the resolver backend to set
+ * outgoing interface to use for DNS requests
+ */
+CURLcode Curl_set_dns_interface(struct SessionHandle *data,
+                                const char *interf)
+{
+  (void)data;
+  (void)interf;
+  return CURLE_NOT_BUILT_IN;
+}
+
+/*
+ * Function provided by the resolver backend to set
+ * local IPv4 address to use as source address for DNS requests
+ */
+CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
+                                const char *local_ip4)
+{
+  (void)data;
+  (void)local_ip4;
+  return CURLE_NOT_BUILT_IN;
+}
+
+/*
+ * Function provided by the resolver backend to set
+ * local IPv6 address to use as source address for DNS requests
+ */
+CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
+                                const char *local_ip6)
+{
+  (void)data;
+  (void)local_ip6;
+  return CURLE_NOT_BUILT_IN;
+}
+
+#endif /* truly sync */
diff --git a/Utilities/cmcurl/lib/http.c b/Utilities/cmcurl/lib/http.c
new file mode 100644
index 0000000..35baa34
--- /dev/null
+++ b/Utilities/cmcurl/lib/http.c
@@ -0,0 +1,3664 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_HTTP
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "transfer.h"
+#include "sendf.h"
+#include "formdata.h"
+#include "progress.h"
+#include "curl_base64.h"
+#include "cookie.h"
+#include "strequal.h"
+#include "vtls/vtls.h"
+#include "http_digest.h"
+#include "curl_ntlm.h"
+#include "curl_ntlm_wb.h"
+#include "http_negotiate.h"
+#include "url.h"
+#include "share.h"
+#include "hostip.h"
+#include "http.h"
+#include "curl_memory.h"
+#include "select.h"
+#include "parsedate.h" /* for the week day and month names */
+#include "strtoofft.h"
+#include "multiif.h"
+#include "rawstr.h"
+#include "content_encoding.h"
+#include "http_proxy.h"
+#include "warnless.h"
+#include "non-ascii.h"
+#include "bundles.h"
+#include "pipeline.h"
+#include "http2.h"
+#include "connect.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * Forward declarations.
+ */
+
+static int http_getsock_do(struct connectdata *conn,
+                           curl_socket_t *socks,
+                           int numsocks);
+static int http_should_fail(struct connectdata *conn);
+
+#ifdef USE_SSL
+static CURLcode https_connecting(struct connectdata *conn, bool *done);
+static int https_getsock(struct connectdata *conn,
+                         curl_socket_t *socks,
+                         int numsocks);
+#else
+#define https_connecting(x,y) CURLE_COULDNT_CONNECT
+#endif
+
+/*
+ * HTTP handler interface.
+ */
+const struct Curl_handler Curl_handler_http = {
+  "HTTP",                               /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  Curl_http_connect,                    /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  http_getsock_do,                      /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_HTTP,                            /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_CREDSPERREQUEST               /* flags */
+};
+
+#ifdef USE_SSL
+/*
+ * HTTPS handler interface.
+ */
+const struct Curl_handler Curl_handler_https = {
+  "HTTPS",                              /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  Curl_http_connect,                    /* connect_it */
+  https_connecting,                     /* connecting */
+  ZERO_NULL,                            /* doing */
+  https_getsock,                        /* proto_getsock */
+  http_getsock_do,                      /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_HTTPS,                           /* defport */
+  CURLPROTO_HTTPS,                      /* protocol */
+  PROTOPT_SSL | PROTOPT_CREDSPERREQUEST /* flags */
+};
+#endif
+
+
+CURLcode Curl_http_setup_conn(struct connectdata *conn)
+{
+  /* allocate the HTTP-specific struct for the SessionHandle, only to survive
+     during this request */
+  DEBUGASSERT(conn->data->req.protop == NULL);
+
+  conn->data->req.protop = calloc(1, sizeof(struct HTTP));
+  if(!conn->data->req.protop)
+    return CURLE_OUT_OF_MEMORY;
+
+  return CURLE_OK;
+}
+
+/*
+ * checkheaders() checks the linked list of custom HTTP headers for a
+ * particular header (prefix).
+ *
+ * Returns a pointer to the first matching header or NULL if none matched.
+ */
+char *Curl_checkheaders(const struct connectdata *conn,
+                        const char *thisheader)
+{
+  struct curl_slist *head;
+  size_t thislen = strlen(thisheader);
+  struct SessionHandle *data = conn->data;
+
+  for(head = data->set.headers;head; head=head->next) {
+    if(Curl_raw_nequal(head->data, thisheader, thislen))
+      return head->data;
+  }
+  return NULL;
+}
+
+/*
+ * checkProxyHeaders() checks the linked list of custom proxy headers
+ * if proxy headers are not available, then it will lookup into http header
+ * link list
+ *
+ * It takes a connectdata struct as input instead of the SessionHandle simply
+ * to know if this is a proxy request or not, as it then might check a
+ * different header list.
+ *
+ */
+char *Curl_checkProxyheaders(const struct connectdata *conn,
+                             const char *thisheader)
+{
+  struct curl_slist *head;
+  size_t thislen = strlen(thisheader);
+  struct SessionHandle *data = conn->data;
+
+  for(head = (conn->bits.proxy && data->set.sep_headers)?
+        data->set.proxyheaders:data->set.headers;
+      head; head=head->next) {
+    if(Curl_raw_nequal(head->data, thisheader, thislen))
+      return head->data;
+  }
+  return NULL;
+}
+
+/*
+ * Strip off leading and trailing whitespace from the value in the
+ * given HTTP header line and return a strdupped copy. Returns NULL in
+ * case of allocation failure. Returns an empty string if the header value
+ * consists entirely of whitespace.
+ */
+char *Curl_copy_header_value(const char *header)
+{
+  const char *start;
+  const char *end;
+  char *value;
+  size_t len;
+
+  DEBUGASSERT(header);
+
+  /* Find the end of the header name */
+  while(*header && (*header != ':'))
+    ++header;
+
+  if(*header)
+    /* Skip over colon */
+    ++header;
+
+  /* Find the first non-space letter */
+  start = header;
+  while(*start && ISSPACE(*start))
+    start++;
+
+  /* data is in the host encoding so
+     use '\r' and '\n' instead of 0x0d and 0x0a */
+  end = strchr(start, '\r');
+  if(!end)
+    end = strchr(start, '\n');
+  if(!end)
+    end = strchr(start, '\0');
+  if(!end)
+    return NULL;
+
+  /* skip all trailing space letters */
+  while((end > start) && ISSPACE(*end))
+    end--;
+
+  /* get length of the type */
+  len = end - start + 1;
+
+  value = malloc(len + 1);
+  if(!value)
+    return NULL;
+
+  memcpy(value, start, len);
+  value[len] = 0; /* zero terminate */
+
+  return value;
+}
+
+/*
+ * http_output_basic() sets up an Authorization: header (or the proxy version)
+ * for HTTP Basic authentication.
+ *
+ * Returns CURLcode.
+ */
+static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
+{
+  size_t size = 0;
+  char *authorization = NULL;
+  struct SessionHandle *data = conn->data;
+  char **userp;
+  const char *user;
+  const char *pwd;
+  CURLcode error;
+
+  if(proxy) {
+    userp = &conn->allocptr.proxyuserpwd;
+    user = conn->proxyuser;
+    pwd = conn->proxypasswd;
+  }
+  else {
+    userp = &conn->allocptr.userpwd;
+    user = conn->user;
+    pwd = conn->passwd;
+  }
+
+  snprintf(data->state.buffer, sizeof(data->state.buffer), "%s:%s", user, pwd);
+
+  error = Curl_base64_encode(data,
+                             data->state.buffer, strlen(data->state.buffer),
+                             &authorization, &size);
+  if(error)
+    return error;
+
+  if(!authorization)
+    return CURLE_REMOTE_ACCESS_DENIED;
+
+  Curl_safefree(*userp);
+  *userp = aprintf("%sAuthorization: Basic %s\r\n",
+                   proxy?"Proxy-":"",
+                   authorization);
+  free(authorization);
+  if(!*userp)
+    return CURLE_OUT_OF_MEMORY;
+
+  return CURLE_OK;
+}
+
+/* pickoneauth() selects the most favourable authentication method from the
+ * ones available and the ones we want.
+ *
+ * return TRUE if one was picked
+ */
+static bool pickoneauth(struct auth *pick)
+{
+  bool picked;
+  /* only deal with authentication we want */
+  unsigned long avail = pick->avail & pick->want;
+  picked = TRUE;
+
+  /* The order of these checks is highly relevant, as this will be the order
+     of preference in case of the existence of multiple accepted types. */
+  if(avail & CURLAUTH_NEGOTIATE)
+    pick->picked = CURLAUTH_NEGOTIATE;
+  else if(avail & CURLAUTH_DIGEST)
+    pick->picked = CURLAUTH_DIGEST;
+  else if(avail & CURLAUTH_NTLM)
+    pick->picked = CURLAUTH_NTLM;
+  else if(avail & CURLAUTH_NTLM_WB)
+    pick->picked = CURLAUTH_NTLM_WB;
+  else if(avail & CURLAUTH_BASIC)
+    pick->picked = CURLAUTH_BASIC;
+  else {
+    pick->picked = CURLAUTH_PICKNONE; /* we select to use nothing */
+    picked = FALSE;
+  }
+  pick->avail = CURLAUTH_NONE; /* clear it here */
+
+  return picked;
+}
+
+/*
+ * Curl_http_perhapsrewind()
+ *
+ * If we are doing POST or PUT {
+ *   If we have more data to send {
+ *     If we are doing NTLM {
+ *       Keep sending since we must not disconnect
+ *     }
+ *     else {
+ *       If there is more than just a little data left to send, close
+ *       the current connection by force.
+ *     }
+ *   }
+ *   If we have sent any data {
+ *     If we don't have track of all the data {
+ *       call app to tell it to rewind
+ *     }
+ *     else {
+ *       rewind internally so that the operation can restart fine
+ *     }
+ *   }
+ * }
+ */
+static CURLcode http_perhapsrewind(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  struct HTTP *http = data->req.protop;
+  curl_off_t bytessent;
+  curl_off_t expectsend = -1; /* default is unknown */
+
+  if(!http)
+    /* If this is still NULL, we have not reach very far and we can safely
+       skip this rewinding stuff */
+    return CURLE_OK;
+
+  switch(data->set.httpreq) {
+  case HTTPREQ_GET:
+  case HTTPREQ_HEAD:
+    return CURLE_OK;
+  default:
+    break;
+  }
+
+  bytessent = http->writebytecount;
+
+  if(conn->bits.authneg)
+    /* This is a state where we are known to be negotiating and we don't send
+       any data then. */
+    expectsend = 0;
+  else {
+    /* figure out how much data we are expected to send */
+    switch(data->set.httpreq) {
+    case HTTPREQ_POST:
+      if(data->set.postfieldsize != -1)
+        expectsend = data->set.postfieldsize;
+      else if(data->set.postfields)
+        expectsend = (curl_off_t)strlen(data->set.postfields);
+      break;
+    case HTTPREQ_PUT:
+      if(data->state.infilesize != -1)
+        expectsend = data->state.infilesize;
+      break;
+    case HTTPREQ_POST_FORM:
+      expectsend = http->postsize;
+      break;
+    default:
+      break;
+    }
+  }
+
+  conn->bits.rewindaftersend = FALSE; /* default */
+
+  if((expectsend == -1) || (expectsend > bytessent)) {
+    /* There is still data left to send */
+    if((data->state.authproxy.picked == CURLAUTH_NTLM) ||
+       (data->state.authhost.picked == CURLAUTH_NTLM) ||
+       (data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||
+       (data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
+      if(((expectsend - bytessent) < 2000) ||
+         (conn->ntlm.state != NTLMSTATE_NONE) ||
+         (conn->proxyntlm.state != NTLMSTATE_NONE)) {
+        /* The NTLM-negotiation has started *OR* there is just a little (<2K)
+           data left to send, keep on sending. */
+
+        /* rewind data when completely done sending! */
+        if(!conn->bits.authneg) {
+          conn->bits.rewindaftersend = TRUE;
+          infof(data, "Rewind stream after send\n");
+        }
+
+        return CURLE_OK;
+      }
+      if(conn->bits.close)
+        /* this is already marked to get closed */
+        return CURLE_OK;
+
+      infof(data, "NTLM send, close instead of sending %"
+            CURL_FORMAT_CURL_OFF_T " bytes\n",
+            (curl_off_t)(expectsend - bytessent));
+    }
+
+    /* This is not NTLM or many bytes left to send: close
+     */
+    connclose(conn, "Mid-auth HTTP and much data left to send");
+    data->req.size = 0; /* don't download any more than 0 bytes */
+
+    /* There still is data left to send, but this connection is marked for
+       closure so we can safely do the rewind right now */
+  }
+
+  if(bytessent)
+    /* we rewind now at once since if we already sent something */
+    return Curl_readrewind(conn);
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_http_auth_act() gets called when all HTTP headers have been received
+ * and it checks what authentication methods that are available and decides
+ * which one (if any) to use. It will set 'newurl' if an auth method was
+ * picked.
+ */
+
+CURLcode Curl_http_auth_act(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  bool pickhost = FALSE;
+  bool pickproxy = FALSE;
+  CURLcode code = CURLE_OK;
+
+  if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
+    /* this is a transient response code, ignore */
+    return CURLE_OK;
+
+  if(data->state.authproblem)
+    return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;
+
+  if(conn->bits.user_passwd &&
+     ((data->req.httpcode == 401) ||
+      (conn->bits.authneg && data->req.httpcode < 300))) {
+    pickhost = pickoneauth(&data->state.authhost);
+    if(!pickhost)
+      data->state.authproblem = TRUE;
+  }
+  if(conn->bits.proxy_user_passwd &&
+     ((data->req.httpcode == 407) ||
+      (conn->bits.authneg && data->req.httpcode < 300))) {
+    pickproxy = pickoneauth(&data->state.authproxy);
+    if(!pickproxy)
+      data->state.authproblem = TRUE;
+  }
+
+  if(pickhost || pickproxy) {
+    /* In case this is GSS auth, the newurl field is already allocated so
+       we must make sure to free it before allocating a new one. As figured
+       out in bug #2284386 */
+    Curl_safefree(data->req.newurl);
+    data->req.newurl = strdup(data->change.url); /* clone URL */
+    if(!data->req.newurl)
+      return CURLE_OUT_OF_MEMORY;
+
+    if((data->set.httpreq != HTTPREQ_GET) &&
+       (data->set.httpreq != HTTPREQ_HEAD) &&
+       !conn->bits.rewindaftersend) {
+      code = http_perhapsrewind(conn);
+      if(code)
+        return code;
+    }
+  }
+
+  else if((data->req.httpcode < 300) &&
+          (!data->state.authhost.done) &&
+          conn->bits.authneg) {
+    /* no (known) authentication available,
+       authentication is not "done" yet and
+       no authentication seems to be required and
+       we didn't try HEAD or GET */
+    if((data->set.httpreq != HTTPREQ_GET) &&
+       (data->set.httpreq != HTTPREQ_HEAD)) {
+      data->req.newurl = strdup(data->change.url); /* clone URL */
+      if(!data->req.newurl)
+        return CURLE_OUT_OF_MEMORY;
+      data->state.authhost.done = TRUE;
+    }
+  }
+  if(http_should_fail(conn)) {
+    failf (data, "The requested URL returned error: %d",
+           data->req.httpcode);
+    code = CURLE_HTTP_RETURNED_ERROR;
+  }
+
+  return code;
+}
+
+
+/*
+ * Output the correct authentication header depending on the auth type
+ * and whether or not it is to a proxy.
+ */
+static CURLcode
+output_auth_headers(struct connectdata *conn,
+                    struct auth *authstatus,
+                    const char *request,
+                    const char *path,
+                    bool proxy)
+{
+  struct SessionHandle *data = conn->data;
+  const char *auth=NULL;
+  CURLcode result = CURLE_OK;
+#ifdef USE_SPNEGO
+  struct negotiatedata *negdata = proxy?
+    &data->state.proxyneg:&data->state.negotiate;
+#endif
+
+#ifdef CURL_DISABLE_CRYPTO_AUTH
+  (void)request;
+  (void)path;
+#endif
+
+#ifdef USE_SPNEGO
+  negdata->state = GSS_AUTHNONE;
+  if((authstatus->picked == CURLAUTH_NEGOTIATE) &&
+     negdata->context && !GSS_ERROR(negdata->status)) {
+    auth="Negotiate";
+    result = Curl_output_negotiate(conn, proxy);
+    if(result)
+      return result;
+    authstatus->done = TRUE;
+    negdata->state = GSS_AUTHSENT;
+  }
+  else
+#endif
+#ifdef USE_NTLM
+  if(authstatus->picked == CURLAUTH_NTLM) {
+    auth="NTLM";
+    result = Curl_output_ntlm(conn, proxy);
+    if(result)
+      return result;
+  }
+  else
+#endif
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+  if(authstatus->picked == CURLAUTH_NTLM_WB) {
+    auth="NTLM_WB";
+    result = Curl_output_ntlm_wb(conn, proxy);
+    if(result)
+      return result;
+  }
+  else
+#endif
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+  if(authstatus->picked == CURLAUTH_DIGEST) {
+    auth="Digest";
+    result = Curl_output_digest(conn,
+                                proxy,
+                                (const unsigned char *)request,
+                                (const unsigned char *)path);
+    if(result)
+      return result;
+  }
+  else
+#endif
+  if(authstatus->picked == CURLAUTH_BASIC) {
+    /* Basic */
+    if((proxy && conn->bits.proxy_user_passwd &&
+        !Curl_checkProxyheaders(conn, "Proxy-authorization:")) ||
+       (!proxy && conn->bits.user_passwd &&
+        !Curl_checkheaders(conn, "Authorization:"))) {
+      auth="Basic";
+      result = http_output_basic(conn, proxy);
+      if(result)
+        return result;
+    }
+    /* NOTE: this function should set 'done' TRUE, as the other auth
+       functions work that way */
+    authstatus->done = TRUE;
+  }
+
+  if(auth) {
+    infof(data, "%s auth using %s with user '%s'\n",
+          proxy?"Proxy":"Server", auth,
+          proxy?(conn->proxyuser?conn->proxyuser:""):
+                (conn->user?conn->user:""));
+    authstatus->multi = (!authstatus->done) ? TRUE : FALSE;
+  }
+  else
+    authstatus->multi = FALSE;
+
+  return CURLE_OK;
+}
+
+/**
+ * Curl_http_output_auth() setups the authentication headers for the
+ * host/proxy and the correct authentication
+ * method. conn->data->state.authdone is set to TRUE when authentication is
+ * done.
+ *
+ * @param conn all information about the current connection
+ * @param request pointer to the request keyword
+ * @param path pointer to the requested path
+ * @param proxytunnel boolean if this is the request setting up a "proxy
+ * tunnel"
+ *
+ * @returns CURLcode
+ */
+CURLcode
+Curl_http_output_auth(struct connectdata *conn,
+                      const char *request,
+                      const char *path,
+                      bool proxytunnel) /* TRUE if this is the request setting
+                                           up the proxy tunnel */
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct auth *authhost;
+  struct auth *authproxy;
+
+  DEBUGASSERT(data);
+
+  authhost = &data->state.authhost;
+  authproxy = &data->state.authproxy;
+
+  if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
+     conn->bits.user_passwd)
+    /* continue please */ ;
+  else {
+    authhost->done = TRUE;
+    authproxy->done = TRUE;
+    return CURLE_OK; /* no authentication with no user or password */
+  }
+
+  if(authhost->want && !authhost->picked)
+    /* The app has selected one or more methods, but none has been picked
+       so far by a server round-trip. Then we set the picked one to the
+       want one, and if this is one single bit it'll be used instantly. */
+    authhost->picked = authhost->want;
+
+  if(authproxy->want && !authproxy->picked)
+    /* The app has selected one or more methods, but none has been picked so
+       far by a proxy round-trip. Then we set the picked one to the want one,
+       and if this is one single bit it'll be used instantly. */
+    authproxy->picked = authproxy->want;
+
+#ifndef CURL_DISABLE_PROXY
+  /* Send proxy authentication header if needed */
+  if(conn->bits.httpproxy &&
+      (conn->bits.tunnel_proxy == proxytunnel)) {
+    result = output_auth_headers(conn, authproxy, request, path, TRUE);
+    if(result)
+      return result;
+  }
+  else
+#else
+  (void)proxytunnel;
+#endif /* CURL_DISABLE_PROXY */
+    /* we have no proxy so let's pretend we're done authenticating
+       with it */
+    authproxy->done = TRUE;
+
+  /* To prevent the user+password to get sent to other than the original
+     host due to a location-follow, we do some weirdo checks here */
+  if(!data->state.this_is_a_follow ||
+     conn->bits.netrc ||
+     !data->state.first_host ||
+     data->set.http_disable_hostname_check_before_authentication ||
+     Curl_raw_equal(data->state.first_host, conn->host.name)) {
+    result = output_auth_headers(conn, authhost, request, path, FALSE);
+  }
+  else
+    authhost->done = TRUE;
+
+  return result;
+}
+
+
+/*
+ * Curl_http_input_auth() deals with Proxy-Authenticate: and WWW-Authenticate:
+ * headers. They are dealt with both in the transfer.c main loop and in the
+ * proxy CONNECT loop.
+ */
+
+CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
+                              const char *auth) /* the first non-space */
+{
+  /*
+   * This resource requires authentication
+   */
+  struct SessionHandle *data = conn->data;
+
+#ifdef USE_SPNEGO
+  struct negotiatedata *negdata = proxy?
+    &data->state.proxyneg:&data->state.negotiate;
+#endif
+  unsigned long *availp;
+  struct auth *authp;
+
+  if(proxy) {
+    availp = &data->info.proxyauthavail;
+    authp = &data->state.authproxy;
+  }
+  else {
+    availp = &data->info.httpauthavail;
+    authp = &data->state.authhost;
+  }
+
+  /*
+   * Here we check if we want the specific single authentication (using ==) and
+   * if we do, we initiate usage of it.
+   *
+   * If the provided authentication is wanted as one out of several accepted
+   * types (using &), we OR this authentication type to the authavail
+   * variable.
+   *
+   * Note:
+   *
+   * ->picked is first set to the 'want' value (one or more bits) before the
+   * request is sent, and then it is again set _after_ all response 401/407
+   * headers have been received but then only to a single preferred method
+   * (bit).
+   *
+   */
+
+  while(*auth) {
+#ifdef USE_SPNEGO
+    if(checkprefix("Negotiate", auth)) {
+      int neg;
+      *availp |= CURLAUTH_NEGOTIATE;
+      authp->avail |= CURLAUTH_NEGOTIATE;
+
+      if(authp->picked == CURLAUTH_NEGOTIATE) {
+        if(negdata->state == GSS_AUTHSENT || negdata->state == GSS_AUTHNONE) {
+          neg = Curl_input_negotiate(conn, proxy, auth);
+          if(neg == 0) {
+            DEBUGASSERT(!data->req.newurl);
+            data->req.newurl = strdup(data->change.url);
+            if(!data->req.newurl)
+              return CURLE_OUT_OF_MEMORY;
+            data->state.authproblem = FALSE;
+            /* we received a GSS auth token and we dealt with it fine */
+            negdata->state = GSS_AUTHRECV;
+          }
+          else
+            data->state.authproblem = TRUE;
+        }
+      }
+    }
+    else
+#endif
+#ifdef USE_NTLM
+      /* NTLM support requires the SSL crypto libs */
+      if(checkprefix("NTLM", auth)) {
+        *availp |= CURLAUTH_NTLM;
+        authp->avail |= CURLAUTH_NTLM;
+        if(authp->picked == CURLAUTH_NTLM ||
+           authp->picked == CURLAUTH_NTLM_WB) {
+          /* NTLM authentication is picked and activated */
+          CURLcode ntlm =
+            Curl_input_ntlm(conn, proxy, auth);
+          if(CURLE_OK == ntlm) {
+            data->state.authproblem = FALSE;
+#ifdef NTLM_WB_ENABLED
+            if(authp->picked == CURLAUTH_NTLM_WB) {
+              *availp &= ~CURLAUTH_NTLM;
+              authp->avail &= ~CURLAUTH_NTLM;
+              *availp |= CURLAUTH_NTLM_WB;
+              authp->avail |= CURLAUTH_NTLM_WB;
+
+              /* Get the challenge-message which will be passed to
+               * ntlm_auth for generating the type 3 message later */
+              while(*auth && ISSPACE(*auth))
+                auth++;
+              if(checkprefix("NTLM", auth)) {
+                auth += strlen("NTLM");
+                while(*auth && ISSPACE(*auth))
+                  auth++;
+                if(*auth)
+                  if((conn->challenge_header = strdup(auth)) == NULL)
+                    return CURLE_OUT_OF_MEMORY;
+              }
+            }
+#endif
+          }
+          else {
+            infof(data, "Authentication problem. Ignoring this.\n");
+            data->state.authproblem = TRUE;
+          }
+        }
+      }
+      else
+#endif
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+        if(checkprefix("Digest", auth)) {
+          if((authp->avail & CURLAUTH_DIGEST) != 0) {
+            infof(data, "Ignoring duplicate digest auth header.\n");
+          }
+          else {
+            CURLdigest dig;
+            *availp |= CURLAUTH_DIGEST;
+            authp->avail |= CURLAUTH_DIGEST;
+
+            /* We call this function on input Digest headers even if Digest
+             * authentication isn't activated yet, as we need to store the
+             * incoming data from this header in case we are gonna use
+             * Digest. */
+            dig = Curl_input_digest(conn, proxy, auth);
+
+            if(CURLDIGEST_FINE != dig) {
+              infof(data, "Authentication problem. Ignoring this.\n");
+              data->state.authproblem = TRUE;
+            }
+          }
+        }
+        else
+#endif
+          if(checkprefix("Basic", auth)) {
+            *availp |= CURLAUTH_BASIC;
+            authp->avail |= CURLAUTH_BASIC;
+            if(authp->picked == CURLAUTH_BASIC) {
+              /* We asked for Basic authentication but got a 40X back
+                 anyway, which basically means our name+password isn't
+                 valid. */
+              authp->avail = CURLAUTH_NONE;
+              infof(data, "Authentication problem. Ignoring this.\n");
+              data->state.authproblem = TRUE;
+            }
+          }
+
+    /* there may be multiple methods on one line, so keep reading */
+    while(*auth && *auth != ',') /* read up to the next comma */
+      auth++;
+    if(*auth == ',') /* if we're on a comma, skip it */
+      auth++;
+    while(*auth && ISSPACE(*auth))
+      auth++;
+  }
+  return CURLE_OK;
+}
+
+/**
+ * http_should_fail() determines whether an HTTP response has gotten us
+ * into an error state or not.
+ *
+ * @param conn all information about the current connection
+ *
+ * @retval 0 communications should continue
+ *
+ * @retval 1 communications should not continue
+ */
+static int http_should_fail(struct connectdata *conn)
+{
+  struct SessionHandle *data;
+  int httpcode;
+
+  DEBUGASSERT(conn);
+  data = conn->data;
+  DEBUGASSERT(data);
+
+  httpcode = data->req.httpcode;
+
+  /*
+  ** If we haven't been asked to fail on error,
+  ** don't fail.
+  */
+  if(!data->set.http_fail_on_error)
+    return 0;
+
+  /*
+  ** Any code < 400 is never terminal.
+  */
+  if(httpcode < 400)
+    return 0;
+
+  /*
+  ** Any code >= 400 that's not 401 or 407 is always
+  ** a terminal error
+  */
+  if((httpcode != 401) &&
+      (httpcode != 407))
+    return 1;
+
+  /*
+  ** All we have left to deal with is 401 and 407
+  */
+  DEBUGASSERT((httpcode == 401) || (httpcode == 407));
+
+  /*
+  ** Examine the current authentication state to see if this
+  ** is an error.  The idea is for this function to get
+  ** called after processing all the headers in a response
+  ** message.  So, if we've been to asked to authenticate a
+  ** particular stage, and we've done it, we're OK.  But, if
+  ** we're already completely authenticated, it's not OK to
+  ** get another 401 or 407.
+  **
+  ** It is possible for authentication to go stale such that
+  ** the client needs to reauthenticate.  Once that info is
+  ** available, use it here.
+  */
+
+  /*
+  ** Either we're not authenticating, or we're supposed to
+  ** be authenticating something else.  This is an error.
+  */
+  if((httpcode == 401) && !conn->bits.user_passwd)
+    return TRUE;
+  if((httpcode == 407) && !conn->bits.proxy_user_passwd)
+    return TRUE;
+
+  return data->state.authproblem;
+}
+
+/*
+ * readmoredata() is a "fread() emulation" to provide POST and/or request
+ * data. It is used when a huge POST is to be made and the entire chunk wasn't
+ * sent in the first send(). This function will then be called from the
+ * transfer.c loop when more data is to be sent to the peer.
+ *
+ * Returns the amount of bytes it filled the buffer with.
+ */
+static size_t readmoredata(char *buffer,
+                           size_t size,
+                           size_t nitems,
+                           void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  struct HTTP *http = conn->data->req.protop;
+  size_t fullsize = size * nitems;
+
+  if(0 == http->postsize)
+    /* nothing to return */
+    return 0;
+
+  /* make sure that a HTTP request is never sent away chunked! */
+  conn->data->req.forbidchunk = (http->sending == HTTPSEND_REQUEST)?TRUE:FALSE;
+
+  if(http->postsize <= (curl_off_t)fullsize) {
+    memcpy(buffer, http->postdata, (size_t)http->postsize);
+    fullsize = (size_t)http->postsize;
+
+    if(http->backup.postsize) {
+      /* move backup data into focus and continue on that */
+      http->postdata = http->backup.postdata;
+      http->postsize = http->backup.postsize;
+      conn->fread_func = http->backup.fread_func;
+      conn->fread_in = http->backup.fread_in;
+
+      http->sending++; /* move one step up */
+
+      http->backup.postsize=0;
+    }
+    else
+      http->postsize = 0;
+
+    return fullsize;
+  }
+
+  memcpy(buffer, http->postdata, fullsize);
+  http->postdata += fullsize;
+  http->postsize -= fullsize;
+
+  return fullsize;
+}
+
+/* ------------------------------------------------------------------------- */
+/* add_buffer functions */
+
+/*
+ * Curl_add_buffer_init() sets up and returns a fine buffer struct
+ */
+Curl_send_buffer *Curl_add_buffer_init(void)
+{
+  return calloc(1, sizeof(Curl_send_buffer));
+}
+
+/*
+ * Curl_add_buffer_send() sends a header buffer and frees all associated
+ * memory.  Body data may be appended to the header data if desired.
+ *
+ * Returns CURLcode
+ */
+CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
+                              struct connectdata *conn,
+
+                               /* add the number of sent bytes to this
+                                  counter */
+                              long *bytes_written,
+
+                               /* how much of the buffer contains body data */
+                              size_t included_body_bytes,
+                              int socketindex)
+
+{
+  ssize_t amount;
+  CURLcode res;
+  char *ptr;
+  size_t size;
+  struct HTTP *http = conn->data->req.protop;
+  size_t sendsize;
+  curl_socket_t sockfd;
+  size_t headersize;
+
+  DEBUGASSERT(socketindex <= SECONDARYSOCKET);
+
+  sockfd = conn->sock[socketindex];
+
+  /* The looping below is required since we use non-blocking sockets, but due
+     to the circumstances we will just loop and try again and again etc */
+
+  ptr = in->buffer;
+  size = in->size_used;
+
+  headersize = size - included_body_bytes; /* the initial part that isn't body
+                                              is header */
+
+  DEBUGASSERT(size > included_body_bytes);
+
+  res = Curl_convert_to_network(conn->data, ptr, headersize);
+  /* Curl_convert_to_network calls failf if unsuccessful */
+  if(res) {
+    /* conversion failed, free memory and return to the caller */
+    if(in->buffer)
+      free(in->buffer);
+    free(in);
+    return res;
+  }
+
+
+  if(conn->handler->flags & PROTOPT_SSL) {
+    /* We never send more than CURL_MAX_WRITE_SIZE bytes in one single chunk
+       when we speak HTTPS, as if only a fraction of it is sent now, this data
+       needs to fit into the normal read-callback buffer later on and that
+       buffer is using this size.
+    */
+
+    sendsize= (size > CURL_MAX_WRITE_SIZE)?CURL_MAX_WRITE_SIZE:size;
+
+    /* OpenSSL is very picky and we must send the SAME buffer pointer to the
+       library when we attempt to re-send this buffer. Sending the same data
+       is not enough, we must use the exact same address. For this reason, we
+       must copy the data to the uploadbuffer first, since that is the buffer
+       we will be using if this send is retried later.
+    */
+    memcpy(conn->data->state.uploadbuffer, ptr, sendsize);
+    ptr = conn->data->state.uploadbuffer;
+  }
+  else
+    sendsize = size;
+
+  res = Curl_write(conn, sockfd, ptr, sendsize, &amount);
+
+  if(CURLE_OK == res) {
+    /*
+     * Note that we may not send the entire chunk at once, and we have a set
+     * number of data bytes at the end of the big buffer (out of which we may
+     * only send away a part).
+     */
+    /* how much of the header that was sent */
+    size_t headlen = (size_t)amount>headersize?headersize:(size_t)amount;
+    size_t bodylen = amount - headlen;
+
+    if(conn->data->set.verbose) {
+      /* this data _may_ contain binary stuff */
+      Curl_debug(conn->data, CURLINFO_HEADER_OUT, ptr, headlen, conn);
+      if(bodylen) {
+        /* there was body data sent beyond the initial header part, pass that
+           on to the debug callback too */
+        Curl_debug(conn->data, CURLINFO_DATA_OUT,
+                   ptr+headlen, bodylen, conn);
+      }
+    }
+    if(bodylen)
+      /* since we sent a piece of the body here, up the byte counter for it
+         accordingly */
+      http->writebytecount += bodylen;
+
+    /* 'amount' can never be a very large value here so typecasting it so a
+       signed 31 bit value should not cause problems even if ssize_t is
+       64bit */
+    *bytes_written += (long)amount;
+
+    if(http) {
+      if((size_t)amount != size) {
+        /* The whole request could not be sent in one system call. We must
+           queue it up and send it later when we get the chance. We must not
+           loop here and wait until it might work again. */
+
+        size -= amount;
+
+        ptr = in->buffer + amount;
+
+        /* backup the currently set pointers */
+        http->backup.fread_func = conn->fread_func;
+        http->backup.fread_in = conn->fread_in;
+        http->backup.postdata = http->postdata;
+        http->backup.postsize = http->postsize;
+
+        /* set the new pointers for the request-sending */
+        conn->fread_func = (curl_read_callback)readmoredata;
+        conn->fread_in = (void *)conn;
+        http->postdata = ptr;
+        http->postsize = (curl_off_t)size;
+
+        http->send_buffer = in;
+        http->sending = HTTPSEND_REQUEST;
+
+        return CURLE_OK;
+      }
+      http->sending = HTTPSEND_BODY;
+      /* the full buffer was sent, clean up and return */
+    }
+    else {
+      if((size_t)amount != size)
+        /* We have no continue-send mechanism now, fail. This can only happen
+           when this function is used from the CONNECT sending function. We
+           currently (stupidly) assume that the whole request is always sent
+           away in the first single chunk.
+
+           This needs FIXing.
+        */
+        return CURLE_SEND_ERROR;
+      else
+        conn->writechannel_inuse = FALSE;
+    }
+  }
+  if(in->buffer)
+    free(in->buffer);
+  free(in);
+
+  return res;
+}
+
+
+/*
+ * add_bufferf() add the formatted input to the buffer.
+ */
+CURLcode Curl_add_bufferf(Curl_send_buffer *in, const char *fmt, ...)
+{
+  char *s;
+  va_list ap;
+  va_start(ap, fmt);
+  s = vaprintf(fmt, ap); /* this allocs a new string to append */
+  va_end(ap);
+
+  if(s) {
+    CURLcode result = Curl_add_buffer(in, s, strlen(s));
+    free(s);
+    return result;
+  }
+  /* If we failed, we cleanup the whole buffer and return error */
+  if(in->buffer)
+    free(in->buffer);
+  free(in);
+  return CURLE_OUT_OF_MEMORY;
+}
+
+/*
+ * add_buffer() appends a memory chunk to the existing buffer
+ */
+CURLcode Curl_add_buffer(Curl_send_buffer *in, const void *inptr, size_t size)
+{
+  char *new_rb;
+  size_t new_size;
+
+  if(~size < in->size_used) {
+    /* If resulting used size of send buffer would wrap size_t, cleanup
+       the whole buffer and return error. Otherwise the required buffer
+       size will fit into a single allocatable memory chunk */
+    Curl_safefree(in->buffer);
+    free(in);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  if(!in->buffer ||
+     ((in->size_used + size) > (in->size_max - 1))) {
+
+    /* If current buffer size isn't enough to hold the result, use a
+       buffer size that doubles the required size. If this new size
+       would wrap size_t, then just use the largest possible one */
+
+    if((size > (size_t)-1/2) || (in->size_used > (size_t)-1/2) ||
+       (~(size*2) < (in->size_used*2)))
+      new_size = (size_t)-1;
+    else
+      new_size = (in->size_used+size)*2;
+
+    if(in->buffer)
+      /* we have a buffer, enlarge the existing one */
+      new_rb = realloc(in->buffer, new_size);
+    else
+      /* create a new buffer */
+      new_rb = malloc(new_size);
+
+    if(!new_rb) {
+      /* If we failed, we cleanup the whole buffer and return error */
+      Curl_safefree(in->buffer);
+      free(in);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    in->buffer = new_rb;
+    in->size_max = new_size;
+  }
+  memcpy(&in->buffer[in->size_used], inptr, size);
+
+  in->size_used += size;
+
+  return CURLE_OK;
+}
+
+/* end of the add_buffer functions */
+/* ------------------------------------------------------------------------- */
+
+
+
+/*
+ * Curl_compareheader()
+ *
+ * Returns TRUE if 'headerline' contains the 'header' with given 'content'.
+ * Pass headers WITH the colon.
+ */
+bool
+Curl_compareheader(const char *headerline, /* line to check */
+                   const char *header,  /* header keyword _with_ colon */
+                   const char *content) /* content string to find */
+{
+  /* RFC2616, section 4.2 says: "Each header field consists of a name followed
+   * by a colon (":") and the field value. Field names are case-insensitive.
+   * The field value MAY be preceded by any amount of LWS, though a single SP
+   * is preferred." */
+
+  size_t hlen = strlen(header);
+  size_t clen;
+  size_t len;
+  const char *start;
+  const char *end;
+
+  if(!Curl_raw_nequal(headerline, header, hlen))
+    return FALSE; /* doesn't start with header */
+
+  /* pass the header */
+  start = &headerline[hlen];
+
+  /* pass all white spaces */
+  while(*start && ISSPACE(*start))
+    start++;
+
+  /* find the end of the header line */
+  end = strchr(start, '\r'); /* lines end with CRLF */
+  if(!end) {
+    /* in case there's a non-standard compliant line here */
+    end = strchr(start, '\n');
+
+    if(!end)
+      /* hm, there's no line ending here, use the zero byte! */
+      end = strchr(start, '\0');
+  }
+
+  len = end-start; /* length of the content part of the input line */
+  clen = strlen(content); /* length of the word to find */
+
+  /* find the content string in the rest of the line */
+  for(;len>=clen;len--, start++) {
+    if(Curl_raw_nequal(start, content, clen))
+      return TRUE; /* match! */
+  }
+
+  return FALSE; /* no match */
+}
+
+/*
+ * Curl_http_connect() performs HTTP stuff to do at connect-time, called from
+ * the generic Curl_connect().
+ */
+CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
+{
+  CURLcode result;
+
+  /* We default to persistent connections. We set this already in this connect
+     function to make the re-use checks properly be able to check this bit. */
+  connkeep(conn, "HTTP default");
+
+  /* the CONNECT procedure might not have been completed */
+  result = Curl_proxy_connect(conn);
+  if(result)
+    return result;
+
+  if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
+    /* nothing else to do except wait right now - we're not done here. */
+    return CURLE_OK;
+
+  if(conn->given->flags & PROTOPT_SSL) {
+    /* perform SSL initialization */
+    result = https_connecting(conn, done);
+    if(result)
+      return result;
+  }
+  else
+    *done = TRUE;
+
+  return CURLE_OK;
+}
+
+/* this returns the socket to wait for in the DO and DOING state for the multi
+   interface and then we're always _sending_ a request and thus we wait for
+   the single socket to become writable only */
+static int http_getsock_do(struct connectdata *conn,
+                           curl_socket_t *socks,
+                           int numsocks)
+{
+  /* write mode */
+  (void)numsocks; /* unused, we trust it to be at least 1 */
+  socks[0] = conn->sock[FIRSTSOCKET];
+  return GETSOCK_WRITESOCK(0);
+}
+
+#ifdef USE_SSL
+static CURLcode https_connecting(struct connectdata *conn, bool *done)
+{
+  CURLcode result;
+  DEBUGASSERT((conn) && (conn->handler->flags & PROTOPT_SSL));
+
+  /* perform SSL initialization for this socket */
+  result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, done);
+  if(result)
+    connclose(conn, "Failed HTTPS connection");
+
+  return result;
+}
+#endif
+
+#if defined(USE_SSLEAY) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
+    defined(USE_DARWINSSL) || defined(USE_POLARSSL) || defined(USE_NSS)
+/* This function is for OpenSSL, GnuTLS, darwinssl, schannel and polarssl only.
+   It should be made to query the generic SSL layer instead. */
+static int https_getsock(struct connectdata *conn,
+                         curl_socket_t *socks,
+                         int numsocks)
+{
+  if(conn->handler->flags & PROTOPT_SSL) {
+    struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
+
+    if(!numsocks)
+      return GETSOCK_BLANK;
+
+    if(connssl->connecting_state == ssl_connect_2_writing) {
+      /* write mode */
+      socks[0] = conn->sock[FIRSTSOCKET];
+      return GETSOCK_WRITESOCK(0);
+    }
+    else if(connssl->connecting_state == ssl_connect_2_reading) {
+      /* read mode */
+      socks[0] = conn->sock[FIRSTSOCKET];
+      return GETSOCK_READSOCK(0);
+    }
+  }
+  return CURLE_OK;
+}
+#else
+#ifdef USE_SSL
+static int https_getsock(struct connectdata *conn,
+                         curl_socket_t *socks,
+                         int numsocks)
+{
+  (void)conn;
+  (void)socks;
+  (void)numsocks;
+  return GETSOCK_BLANK;
+}
+#endif /* USE_SSL */
+#endif /* USE_SSLEAY || USE_GNUTLS || USE_SCHANNEL */
+
+/*
+ * Curl_http_done() gets called from Curl_done() after a single HTTP request
+ * has been performed.
+ */
+
+CURLcode Curl_http_done(struct connectdata *conn,
+                        CURLcode status, bool premature)
+{
+  struct SessionHandle *data = conn->data;
+  struct HTTP *http =data->req.protop;
+
+  Curl_unencode_cleanup(conn);
+
+#ifdef USE_SPNEGO
+  if(data->state.proxyneg.state == GSS_AUTHSENT ||
+      data->state.negotiate.state == GSS_AUTHSENT)
+    Curl_cleanup_negotiate(data);
+#endif
+
+  /* set the proper values (possibly modified on POST) */
+  conn->fread_func = data->set.fread_func; /* restore */
+  conn->fread_in = data->set.in; /* restore */
+  conn->seek_func = data->set.seek_func; /* restore */
+  conn->seek_client = data->set.seek_client; /* restore */
+
+  if(http == NULL)
+    return CURLE_OK;
+
+  if(http->send_buffer) {
+    Curl_send_buffer *buff = http->send_buffer;
+
+    free(buff->buffer);
+    free(buff);
+    http->send_buffer = NULL; /* clear the pointer */
+  }
+
+  if(HTTPREQ_POST_FORM == data->set.httpreq) {
+    data->req.bytecount = http->readbytecount + http->writebytecount;
+
+    Curl_formclean(&http->sendit); /* Now free that whole lot */
+    if(http->form.fp) {
+      /* a file being uploaded was left opened, close it! */
+      fclose(http->form.fp);
+      http->form.fp = NULL;
+    }
+  }
+  else if(HTTPREQ_PUT == data->set.httpreq)
+    data->req.bytecount = http->readbytecount + http->writebytecount;
+
+  if(status != CURLE_OK)
+    return (status);
+
+  if(!premature && /* this check is pointless when DONE is called before the
+                      entire operation is complete */
+     !conn->bits.retry &&
+     !data->set.connect_only &&
+     ((http->readbytecount +
+       data->req.headerbytecount -
+       data->req.deductheadercount)) <= 0) {
+    /* If this connection isn't simply closed to be retried, AND nothing was
+       read from the HTTP server (that counts), this can't be right so we
+       return an error here */
+    failf(data, "Empty reply from server");
+    return CURLE_GOT_NOTHING;
+  }
+
+  return CURLE_OK;
+}
+
+
+/*
+ * Determine if we should use HTTP 1.1 (OR BETTER) for this request. Reasons
+ * to avoid it include:
+ *
+ * - if the user specifically requested HTTP 1.0
+ * - if the server we are connected to only supports 1.0
+ * - if any server previously contacted to handle this request only supports
+ * 1.0.
+ */
+static bool use_http_1_1plus(const struct SessionHandle *data,
+                             const struct connectdata *conn)
+{
+  return ((data->set.httpversion >= CURL_HTTP_VERSION_1_1) ||
+         ((data->set.httpversion != CURL_HTTP_VERSION_1_0) &&
+          ((conn->httpversion == 11) ||
+           ((conn->httpversion != 10) &&
+            (data->state.httpversion != 10))))) ? TRUE : FALSE;
+}
+
+/* check and possibly add an Expect: header */
+static CURLcode expect100(struct SessionHandle *data,
+                          struct connectdata *conn,
+                          Curl_send_buffer *req_buffer)
+{
+  CURLcode result = CURLE_OK;
+  const char *ptr;
+  data->state.expect100header = FALSE; /* default to false unless it is set
+                                          to TRUE below */
+  if(use_http_1_1plus(data, conn)) {
+    /* if not doing HTTP 1.0 or disabled explicitly, we add a Expect:
+       100-continue to the headers which actually speeds up post operations
+       (as there is one packet coming back from the web server) */
+    ptr = Curl_checkheaders(conn, "Expect:");
+    if(ptr) {
+      data->state.expect100header =
+        Curl_compareheader(ptr, "Expect:", "100-continue");
+    }
+    else {
+      result = Curl_add_bufferf(req_buffer,
+                         "Expect: 100-continue\r\n");
+      if(result == CURLE_OK)
+        data->state.expect100header = TRUE;
+    }
+  }
+  return result;
+}
+
+enum proxy_use {
+  HEADER_SERVER,  /* direct to server */
+  HEADER_PROXY,   /* regular request to proxy */
+  HEADER_CONNECT  /* sending CONNECT to a proxy */
+};
+
+CURLcode Curl_add_custom_headers(struct connectdata *conn,
+                                 bool is_connect,
+                                 Curl_send_buffer *req_buffer)
+{
+  char *ptr;
+  struct curl_slist *h[2];
+  struct curl_slist *headers;
+  int numlists=1; /* by default */
+  struct SessionHandle *data = conn->data;
+  int i;
+
+  enum proxy_use proxy;
+
+  if(is_connect)
+    proxy = HEADER_CONNECT;
+  else
+    proxy = conn->bits.httpproxy && !conn->bits.tunnel_proxy?
+      HEADER_PROXY:HEADER_SERVER;
+
+  switch(proxy) {
+  case HEADER_SERVER:
+    h[0] = data->set.headers;
+    break;
+  case HEADER_PROXY:
+    h[0] = data->set.headers;
+    if(data->set.sep_headers) {
+      h[1] = data->set.proxyheaders;
+      numlists++;
+    }
+    break;
+  case HEADER_CONNECT:
+    if(data->set.sep_headers)
+      h[0] = data->set.proxyheaders;
+    else
+      h[0] = data->set.headers;
+    break;
+  }
+
+  /* loop through one or two lists */
+  for(i=0; i < numlists; i++) {
+    headers = h[i];
+
+    while(headers) {
+      ptr = strchr(headers->data, ':');
+      if(ptr) {
+        /* we require a colon for this to be a true header */
+
+        ptr++; /* pass the colon */
+        while(*ptr && ISSPACE(*ptr))
+          ptr++;
+
+        if(*ptr) {
+          /* only send this if the contents was non-blank */
+
+          if(conn->allocptr.host &&
+             /* a Host: header was sent already, don't pass on any custom Host:
+                header as that will produce *two* in the same request! */
+             checkprefix("Host:", headers->data))
+            ;
+          else if(data->set.httpreq == HTTPREQ_POST_FORM &&
+                  /* this header (extended by formdata.c) is sent later */
+                  checkprefix("Content-Type:", headers->data))
+            ;
+          else if(conn->bits.authneg &&
+                  /* while doing auth neg, don't allow the custom length since
+                     we will force length zero then */
+                  checkprefix("Content-Length", headers->data))
+            ;
+          else if(conn->allocptr.te &&
+                  /* when asking for Transfer-Encoding, don't pass on a custom
+                     Connection: */
+                  checkprefix("Connection", headers->data))
+            ;
+          else {
+            CURLcode result = Curl_add_bufferf(req_buffer, "%s\r\n",
+                                               headers->data);
+            if(result)
+              return result;
+          }
+        }
+      }
+      else {
+        ptr = strchr(headers->data, ';');
+        if(ptr) {
+
+          ptr++; /* pass the semicolon */
+          while(*ptr && ISSPACE(*ptr))
+            ptr++;
+
+          if(*ptr) {
+            /* this may be used for something else in the future */
+          }
+          else {
+            if(*(--ptr) == ';') {
+              CURLcode result;
+
+              /* send no-value custom header if terminated by semicolon */
+              *ptr = ':';
+              result = Curl_add_bufferf(req_buffer, "%s\r\n",
+                                        headers->data);
+              if(result)
+                return result;
+            }
+          }
+        }
+      }
+      headers = headers->next;
+    }
+  }
+  return CURLE_OK;
+}
+
+CURLcode Curl_add_timecondition(struct SessionHandle *data,
+                                Curl_send_buffer *req_buffer)
+{
+  const struct tm *tm;
+  char *buf = data->state.buffer;
+  CURLcode result = CURLE_OK;
+  struct tm keeptime;
+
+  result = Curl_gmtime(data->set.timevalue, &keeptime);
+  if(result) {
+    failf(data, "Invalid TIMEVALUE");
+    return result;
+  }
+  tm = &keeptime;
+
+  /* The If-Modified-Since header family should have their times set in
+   * GMT as RFC2616 defines: "All HTTP date/time stamps MUST be
+   * represented in Greenwich Mean Time (GMT), without exception. For the
+   * purposes of HTTP, GMT is exactly equal to UTC (Coordinated Universal
+   * Time)." (see page 20 of RFC2616).
+   */
+
+  /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
+  snprintf(buf, BUFSIZE-1,
+           "%s, %02d %s %4d %02d:%02d:%02d GMT",
+           Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+           tm->tm_mday,
+           Curl_month[tm->tm_mon],
+           tm->tm_year + 1900,
+           tm->tm_hour,
+           tm->tm_min,
+           tm->tm_sec);
+
+  switch(data->set.timecondition) {
+  case CURL_TIMECOND_IFMODSINCE:
+  default:
+    result = Curl_add_bufferf(req_buffer,
+                              "If-Modified-Since: %s\r\n", buf);
+    break;
+  case CURL_TIMECOND_IFUNMODSINCE:
+    result = Curl_add_bufferf(req_buffer,
+                              "If-Unmodified-Since: %s\r\n", buf);
+    break;
+  case CURL_TIMECOND_LASTMOD:
+    result = Curl_add_bufferf(req_buffer,
+                              "Last-Modified: %s\r\n", buf);
+    break;
+  }
+
+  return result;
+}
+
+/*
+ * Curl_http() gets called from the generic Curl_do() function when a HTTP
+ * request is to be performed. This creates and sends a properly constructed
+ * HTTP request.
+ */
+CURLcode Curl_http(struct connectdata *conn, bool *done)
+{
+  struct SessionHandle *data=conn->data;
+  CURLcode result=CURLE_OK;
+  struct HTTP *http;
+  const char *ppath = data->state.path;
+  bool paste_ftp_userpwd = FALSE;
+  char ftp_typecode[sizeof("/;type=?")] = "";
+  const char *host = conn->host.name;
+  const char *te = ""; /* transfer-encoding */
+  const char *ptr;
+  const char *request;
+  Curl_HttpReq httpreq = data->set.httpreq;
+  char *addcookies = NULL;
+  curl_off_t included_body = 0;
+  const char *httpstring;
+  Curl_send_buffer *req_buffer;
+  curl_off_t postsize = 0; /* curl_off_t to handle large file sizes */
+  int seekerr = CURL_SEEKFUNC_OK;
+
+  /* Always consider the DO phase done after this function call, even if there
+     may be parts of the request that is not yet sent, since we can deal with
+     the rest of the request in the PERFORM phase. */
+  *done = TRUE;
+
+  if(conn->httpversion < 20) { /* unless the connection is re-used and already
+                                  http2 */
+    switch (conn->negnpn) {
+    case NPN_HTTP2:
+      result = Curl_http2_init(conn);
+      if(result)
+        return result;
+
+      result = Curl_http2_setup(conn);
+      if(result)
+        return result;
+
+      result = Curl_http2_switched(conn);
+      if(result)
+        return result;
+      break;
+    case NPN_HTTP1_1:
+      /* continue with HTTP/1.1 when explicitly requested */
+      break;
+    default:
+      /* and as fallback */
+      break;
+    }
+  }
+  else {
+    /* prepare for a http2 request */
+    result = Curl_http2_setup(conn);
+    if(result)
+      return result;
+  }
+
+  http = data->req.protop;
+
+  if(!data->state.this_is_a_follow) {
+    /* this is not a followed location, get the original host name */
+    if(data->state.first_host)
+      /* Free to avoid leaking memory on multiple requests*/
+      free(data->state.first_host);
+
+    data->state.first_host = strdup(conn->host.name);
+    if(!data->state.first_host)
+      return CURLE_OUT_OF_MEMORY;
+  }
+  http->writebytecount = http->readbytecount = 0;
+
+  if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) &&
+     data->set.upload) {
+    httpreq = HTTPREQ_PUT;
+  }
+
+  /* Now set the 'request' pointer to the proper request string */
+  if(data->set.str[STRING_CUSTOMREQUEST])
+    request = data->set.str[STRING_CUSTOMREQUEST];
+  else {
+    if(data->set.opt_no_body)
+      request = "HEAD";
+    else {
+      DEBUGASSERT((httpreq > HTTPREQ_NONE) && (httpreq < HTTPREQ_LAST));
+      switch(httpreq) {
+      case HTTPREQ_POST:
+      case HTTPREQ_POST_FORM:
+        request = "POST";
+        break;
+      case HTTPREQ_PUT:
+        request = "PUT";
+        break;
+      default: /* this should never happen */
+      case HTTPREQ_GET:
+        request = "GET";
+        break;
+      case HTTPREQ_HEAD:
+        request = "HEAD";
+        break;
+      }
+    }
+  }
+
+  /* The User-Agent string might have been allocated in url.c already, because
+     it might have been used in the proxy connect, but if we have got a header
+     with the user-agent string specified, we erase the previously made string
+     here. */
+  if(Curl_checkheaders(conn, "User-Agent:") && conn->allocptr.uagent) {
+    free(conn->allocptr.uagent);
+    conn->allocptr.uagent=NULL;
+  }
+
+  /* setup the authentication headers */
+  result = Curl_http_output_auth(conn, request, ppath, FALSE);
+  if(result)
+    return result;
+
+  if((data->state.authhost.multi || data->state.authproxy.multi) &&
+     (httpreq != HTTPREQ_GET) &&
+     (httpreq != HTTPREQ_HEAD)) {
+    /* Auth is required and we are not authenticated yet. Make a PUT or POST
+       with content-length zero as a "probe". */
+    conn->bits.authneg = TRUE;
+  }
+  else
+    conn->bits.authneg = FALSE;
+
+  Curl_safefree(conn->allocptr.ref);
+  if(data->change.referer && !Curl_checkheaders(conn, "Referer:")) {
+    conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer);
+    if(!conn->allocptr.ref)
+      return CURLE_OUT_OF_MEMORY;
+  }
+  else
+    conn->allocptr.ref = NULL;
+
+  if(data->set.str[STRING_COOKIE] && !Curl_checkheaders(conn, "Cookie:"))
+    addcookies = data->set.str[STRING_COOKIE];
+
+  if(!Curl_checkheaders(conn, "Accept-Encoding:") &&
+     data->set.str[STRING_ENCODING]) {
+    Curl_safefree(conn->allocptr.accept_encoding);
+    conn->allocptr.accept_encoding =
+      aprintf("Accept-Encoding: %s\r\n", data->set.str[STRING_ENCODING]);
+    if(!conn->allocptr.accept_encoding)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
+#ifdef HAVE_LIBZ
+  /* we only consider transfer-encoding magic if libz support is built-in */
+
+  if(!Curl_checkheaders(conn, "TE:") &&
+     data->set.http_transfer_encoding) {
+    /* When we are to insert a TE: header in the request, we must also insert
+       TE in a Connection: header, so we need to merge the custom provided
+       Connection: header and prevent the original to get sent. Note that if
+       the user has inserted his/hers own TE: header we don't do this magic
+       but then assume that the user will handle it all! */
+    char *cptr = Curl_checkheaders(conn, "Connection:");
+#define TE_HEADER "TE: gzip\r\n"
+
+    Curl_safefree(conn->allocptr.te);
+
+    /* Create the (updated) Connection: header */
+    conn->allocptr.te = cptr? aprintf("%s, TE\r\n" TE_HEADER, cptr):
+      strdup("Connection: TE\r\n" TE_HEADER);
+
+    if(!conn->allocptr.te)
+      return CURLE_OUT_OF_MEMORY;
+  }
+#endif
+
+  if(conn->httpversion == 20)
+    /* In HTTP2 forbids Transfer-Encoding: chunked */
+    ptr = NULL;
+  else {
+    ptr = Curl_checkheaders(conn, "Transfer-Encoding:");
+    if(ptr) {
+      /* Some kind of TE is requested, check if 'chunked' is chosen */
+      data->req.upload_chunky =
+        Curl_compareheader(ptr, "Transfer-Encoding:", "chunked");
+    }
+    else {
+      if((conn->handler->protocol&PROTO_FAMILY_HTTP) &&
+         data->set.upload &&
+         (data->state.infilesize == -1)) {
+        if(conn->bits.authneg)
+          /* don't enable chunked during auth neg */
+          ;
+        else if(use_http_1_1plus(data, conn)) {
+          /* HTTP, upload, unknown file size and not HTTP 1.0 */
+          data->req.upload_chunky = TRUE;
+        }
+        else {
+          failf(data, "Chunky upload is not supported by HTTP 1.0");
+          return CURLE_UPLOAD_FAILED;
+        }
+      }
+      else {
+        /* else, no chunky upload */
+        data->req.upload_chunky = FALSE;
+      }
+
+      if(data->req.upload_chunky)
+        te = "Transfer-Encoding: chunked\r\n";
+    }
+  }
+
+  Curl_safefree(conn->allocptr.host);
+
+  ptr = Curl_checkheaders(conn, "Host:");
+  if(ptr && (!data->state.this_is_a_follow ||
+             Curl_raw_equal(data->state.first_host, conn->host.name))) {
+#if !defined(CURL_DISABLE_COOKIES)
+    /* If we have a given custom Host: header, we extract the host name in
+       order to possibly use it for cookie reasons later on. We only allow the
+       custom Host: header if this is NOT a redirect, as setting Host: in the
+       redirected request is being out on thin ice. Except if the host name
+       is the same as the first one! */
+    char *cookiehost = Curl_copy_header_value(ptr);
+    if(!cookiehost)
+      return CURLE_OUT_OF_MEMORY;
+    if(!*cookiehost)
+      /* ignore empty data */
+      free(cookiehost);
+    else {
+      /* If the host begins with '[', we start searching for the port after
+         the bracket has been closed */
+      int startsearch = 0;
+      if(*cookiehost == '[') {
+        char *closingbracket;
+        /* since the 'cookiehost' is an allocated memory area that will be
+           freed later we cannot simply increment the pointer */
+        memmove(cookiehost, cookiehost + 1, strlen(cookiehost) - 1);
+        closingbracket = strchr(cookiehost, ']');
+        if(closingbracket)
+          *closingbracket = 0;
+      }
+      else {
+        char *colon = strchr(cookiehost + startsearch, ':');
+        if(colon)
+          *colon = 0; /* The host must not include an embedded port number */
+      }
+      Curl_safefree(conn->allocptr.cookiehost);
+      conn->allocptr.cookiehost = cookiehost;
+    }
+#endif
+
+    conn->allocptr.host = NULL;
+  }
+  else {
+    /* When building Host: headers, we must put the host name within
+       [brackets] if the host name is a plain IPv6-address. RFC2732-style. */
+
+    if(((conn->given->protocol&CURLPROTO_HTTPS) &&
+        (conn->remote_port == PORT_HTTPS)) ||
+       ((conn->given->protocol&CURLPROTO_HTTP) &&
+        (conn->remote_port == PORT_HTTP)) )
+      /* if(HTTPS on port 443) OR (HTTP on port 80) then don't include
+         the port number in the host string */
+      conn->allocptr.host = aprintf("Host: %s%s%s\r\n",
+                                    conn->bits.ipv6_ip?"[":"",
+                                    host,
+                                    conn->bits.ipv6_ip?"]":"");
+    else
+      conn->allocptr.host = aprintf("Host: %s%s%s:%hu\r\n",
+                                    conn->bits.ipv6_ip?"[":"",
+                                    host,
+                                    conn->bits.ipv6_ip?"]":"",
+                                    conn->remote_port);
+
+    if(!conn->allocptr.host)
+      /* without Host: we can't make a nice request */
+      return CURLE_OUT_OF_MEMORY;
+  }
+
+#ifndef CURL_DISABLE_PROXY
+  if(conn->bits.httpproxy && !conn->bits.tunnel_proxy)  {
+    /* Using a proxy but does not tunnel through it */
+
+    /* The path sent to the proxy is in fact the entire URL. But if the remote
+       host is a IDN-name, we must make sure that the request we produce only
+       uses the encoded host name! */
+    if(conn->host.dispname != conn->host.name) {
+      char *url = data->change.url;
+      ptr = strstr(url, conn->host.dispname);
+      if(ptr) {
+        /* This is where the display name starts in the URL, now replace this
+           part with the encoded name. TODO: This method of replacing the host
+           name is rather crude as I believe there's a slight risk that the
+           user has entered a user name or password that contain the host name
+           string. */
+        size_t currlen = strlen(conn->host.dispname);
+        size_t newlen = strlen(conn->host.name);
+        size_t urllen = strlen(url);
+
+        char *newurl;
+
+        newurl = malloc(urllen + newlen - currlen + 1);
+        if(newurl) {
+          /* copy the part before the host name */
+          memcpy(newurl, url, ptr - url);
+          /* append the new host name instead of the old */
+          memcpy(newurl + (ptr - url), conn->host.name, newlen);
+          /* append the piece after the host name */
+          memcpy(newurl + newlen + (ptr - url),
+                 ptr + currlen, /* copy the trailing zero byte too */
+                 urllen - (ptr-url) - currlen + 1);
+          if(data->change.url_alloc) {
+            Curl_safefree(data->change.url);
+            data->change.url_alloc = FALSE;
+          }
+          data->change.url = newurl;
+          data->change.url_alloc = TRUE;
+        }
+        else
+          return CURLE_OUT_OF_MEMORY;
+      }
+    }
+    ppath = data->change.url;
+    if(checkprefix("ftp://", ppath)) {
+      if(data->set.proxy_transfer_mode) {
+        /* when doing ftp, append ;type=<a|i> if not present */
+        char *type = strstr(ppath, ";type=");
+        if(type && type[6] && type[7] == 0) {
+          switch (Curl_raw_toupper(type[6])) {
+          case 'A':
+          case 'D':
+          case 'I':
+            break;
+          default:
+            type = NULL;
+          }
+        }
+        if(!type) {
+          char *p = ftp_typecode;
+          /* avoid sending invalid URLs like ftp://example.com;type=i if the
+           * user specified ftp://example.com without the slash */
+          if(!*data->state.path && ppath[strlen(ppath) - 1] != '/') {
+            *p++ = '/';
+          }
+          snprintf(p, sizeof(ftp_typecode) - 1, ";type=%c",
+                   data->set.prefer_ascii ? 'a' : 'i');
+        }
+      }
+      if(conn->bits.user_passwd && !conn->bits.userpwd_in_url)
+        paste_ftp_userpwd = TRUE;
+    }
+  }
+#endif /* CURL_DISABLE_PROXY */
+
+  if(HTTPREQ_POST_FORM == httpreq) {
+    /* we must build the whole post sequence first, so that we have a size of
+       the whole transfer before we start to send it */
+    result = Curl_getformdata(data, &http->sendit, data->set.httppost,
+                              Curl_checkheaders(conn, "Content-Type:"),
+                              &http->postsize);
+    if(result)
+      return result;
+  }
+
+  http->p_accept = Curl_checkheaders(conn, "Accept:")?NULL:"Accept: */*\r\n";
+
+  if(( (HTTPREQ_POST == httpreq) ||
+       (HTTPREQ_POST_FORM == httpreq) ||
+       (HTTPREQ_PUT == httpreq) ) &&
+     data->state.resume_from) {
+    /**********************************************************************
+     * Resuming upload in HTTP means that we PUT or POST and that we have
+     * got a resume_from value set. The resume value has already created
+     * a Range: header that will be passed along. We need to "fast forward"
+     * the file the given number of bytes and decrease the assume upload
+     * file size before we continue this venture in the dark lands of HTTP.
+     *********************************************************************/
+
+    if(data->state.resume_from < 0 ) {
+      /*
+       * This is meant to get the size of the present remote-file by itself.
+       * We don't support this now. Bail out!
+       */
+      data->state.resume_from = 0;
+    }
+
+    if(data->state.resume_from && !data->state.this_is_a_follow) {
+      /* do we still game? */
+
+      /* Now, let's read off the proper amount of bytes from the
+         input. */
+      if(conn->seek_func) {
+        seekerr = conn->seek_func(conn->seek_client, data->state.resume_from,
+                                  SEEK_SET);
+      }
+
+      if(seekerr != CURL_SEEKFUNC_OK) {
+        if(seekerr != CURL_SEEKFUNC_CANTSEEK) {
+          failf(data, "Could not seek stream");
+          return CURLE_READ_ERROR;
+        }
+        /* when seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */
+        else {
+          curl_off_t passed=0;
+          do {
+            size_t readthisamountnow =
+              (data->state.resume_from - passed > CURL_OFF_T_C(BUFSIZE)) ?
+              BUFSIZE : curlx_sotouz(data->state.resume_from - passed);
+
+            size_t actuallyread =
+              data->set.fread_func(data->state.buffer, 1, readthisamountnow,
+                                   data->set.in);
+
+            passed += actuallyread;
+            if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
+              /* this checks for greater-than only to make sure that the
+                 CURL_READFUNC_ABORT return code still aborts */
+              failf(data, "Could only read %" CURL_FORMAT_CURL_OFF_T
+                    " bytes from the input", passed);
+              return CURLE_READ_ERROR;
+            }
+          } while(passed < data->state.resume_from);
+        }
+      }
+
+      /* now, decrease the size of the read */
+      if(data->state.infilesize>0) {
+        data->state.infilesize -= data->state.resume_from;
+
+        if(data->state.infilesize <= 0) {
+          failf(data, "File already completely uploaded");
+          return CURLE_PARTIAL_FILE;
+        }
+      }
+      /* we've passed, proceed as normal */
+    }
+  }
+  if(data->state.use_range) {
+    /*
+     * A range is selected. We use different headers whether we're downloading
+     * or uploading and we always let customized headers override our internal
+     * ones if any such are specified.
+     */
+    if(((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) &&
+       !Curl_checkheaders(conn, "Range:")) {
+      /* if a line like this was already allocated, free the previous one */
+      if(conn->allocptr.rangeline)
+        free(conn->allocptr.rangeline);
+      conn->allocptr.rangeline = aprintf("Range: bytes=%s\r\n",
+                                         data->state.range);
+    }
+    else if((httpreq != HTTPREQ_GET) &&
+            !Curl_checkheaders(conn, "Content-Range:")) {
+
+      /* if a line like this was already allocated, free the previous one */
+      if(conn->allocptr.rangeline)
+        free(conn->allocptr.rangeline);
+
+      if(data->set.set_resume_from < 0) {
+        /* Upload resume was asked for, but we don't know the size of the
+           remote part so we tell the server (and act accordingly) that we
+           upload the whole file (again) */
+        conn->allocptr.rangeline =
+          aprintf("Content-Range: bytes 0-%" CURL_FORMAT_CURL_OFF_T
+                  "/%" CURL_FORMAT_CURL_OFF_T "\r\n",
+                  data->state.infilesize - 1, data->state.infilesize);
+
+      }
+      else if(data->state.resume_from) {
+        /* This is because "resume" was selected */
+        curl_off_t total_expected_size=
+          data->state.resume_from + data->state.infilesize;
+        conn->allocptr.rangeline =
+          aprintf("Content-Range: bytes %s%" CURL_FORMAT_CURL_OFF_T
+                  "/%" CURL_FORMAT_CURL_OFF_T "\r\n",
+                  data->state.range, total_expected_size-1,
+                  total_expected_size);
+      }
+      else {
+        /* Range was selected and then we just pass the incoming range and
+           append total size */
+        conn->allocptr.rangeline =
+          aprintf("Content-Range: bytes %s/%" CURL_FORMAT_CURL_OFF_T "\r\n",
+                  data->state.range, data->state.infilesize);
+      }
+      if(!conn->allocptr.rangeline)
+        return CURLE_OUT_OF_MEMORY;
+    }
+  }
+
+  /* Use 1.1 unless the user specifically asked for 1.0 or the server only
+     supports 1.0 */
+  httpstring= use_http_1_1plus(data, conn)?"1.1":"1.0";
+
+  /* initialize a dynamic send-buffer */
+  req_buffer = Curl_add_buffer_init();
+
+  if(!req_buffer)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* add the main request stuff */
+  /* GET/HEAD/POST/PUT */
+  result = Curl_add_bufferf(req_buffer, "%s ", request);
+  if(result)
+    return result;
+
+  /* url */
+  if(paste_ftp_userpwd)
+    result = Curl_add_bufferf(req_buffer, "ftp://%s:%s@%s",
+                              conn->user, conn->passwd,
+                              ppath + sizeof("ftp://") - 1);
+  else
+    result = Curl_add_buffer(req_buffer, ppath, strlen(ppath));
+  if(result)
+    return result;
+
+  result =
+    Curl_add_bufferf(req_buffer,
+                     "%s" /* ftp typecode (;type=x) */
+                     " HTTP/%s\r\n" /* HTTP version */
+                     "%s" /* proxyuserpwd */
+                     "%s" /* userpwd */
+                     "%s" /* range */
+                     "%s" /* user agent */
+                     "%s" /* host */
+                     "%s" /* accept */
+                     "%s" /* TE: */
+                     "%s" /* accept-encoding */
+                     "%s" /* referer */
+                     "%s" /* Proxy-Connection */
+                     "%s",/* transfer-encoding */
+
+                     ftp_typecode,
+                     httpstring,
+                     conn->allocptr.proxyuserpwd?
+                     conn->allocptr.proxyuserpwd:"",
+                     conn->allocptr.userpwd?conn->allocptr.userpwd:"",
+                     (data->state.use_range && conn->allocptr.rangeline)?
+                     conn->allocptr.rangeline:"",
+                     (data->set.str[STRING_USERAGENT] &&
+                      *data->set.str[STRING_USERAGENT] &&
+                      conn->allocptr.uagent)?
+                     conn->allocptr.uagent:"",
+                     (conn->allocptr.host?conn->allocptr.host:""),
+                     http->p_accept?http->p_accept:"",
+                     conn->allocptr.te?conn->allocptr.te:"",
+                     (data->set.str[STRING_ENCODING] &&
+                      *data->set.str[STRING_ENCODING] &&
+                      conn->allocptr.accept_encoding)?
+                     conn->allocptr.accept_encoding:"",
+                     (data->change.referer && conn->allocptr.ref)?
+                     conn->allocptr.ref:"" /* Referer: <data> */,
+                     (conn->bits.httpproxy &&
+                      !conn->bits.tunnel_proxy &&
+                      !Curl_checkProxyheaders(conn, "Proxy-Connection:"))?
+                     "Proxy-Connection: Keep-Alive\r\n":"",
+                     te
+      );
+
+  /*
+   * Free userpwd now --- cannot reuse this for Negotiate and possibly NTLM
+   * with basic and digest, it will be freed anyway by the next request
+   */
+
+  Curl_safefree (conn->allocptr.userpwd);
+  conn->allocptr.userpwd = NULL;
+
+  if(result)
+    return result;
+
+  if(!(conn->handler->flags&PROTOPT_SSL) &&
+     (data->set.httpversion == CURL_HTTP_VERSION_2_0)) {
+    /* append HTTP2 upgrade magic stuff to the HTTP request if it isn't done
+       over SSL */
+    result = Curl_http2_request_upgrade(req_buffer, conn);
+    if(result)
+      return result;
+  }
+
+#if !defined(CURL_DISABLE_COOKIES)
+  if(data->cookies || addcookies) {
+    struct Cookie *co=NULL; /* no cookies from start */
+    int count=0;
+
+    if(data->cookies) {
+      Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+      co = Curl_cookie_getlist(data->cookies,
+                               conn->allocptr.cookiehost?
+                               conn->allocptr.cookiehost:host,
+                               data->state.path,
+                               (conn->handler->protocol&CURLPROTO_HTTPS)?
+                               TRUE:FALSE);
+      Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+    }
+    if(co) {
+      struct Cookie *store=co;
+      /* now loop through all cookies that matched */
+      while(co) {
+        if(co->value) {
+          if(0 == count) {
+            result = Curl_add_bufferf(req_buffer, "Cookie: ");
+            if(result)
+              break;
+          }
+          result = Curl_add_bufferf(req_buffer,
+                                    "%s%s=%s", count?"; ":"",
+                                    co->name, co->value);
+          if(result)
+            break;
+          count++;
+        }
+        co = co->next; /* next cookie please */
+      }
+      Curl_cookie_freelist(store, FALSE); /* free the cookie list */
+    }
+    if(addcookies && (CURLE_OK == result)) {
+      if(!count)
+        result = Curl_add_bufferf(req_buffer, "Cookie: ");
+      if(CURLE_OK == result) {
+        result = Curl_add_bufferf(req_buffer, "%s%s",
+                                  count?"; ":"",
+                                  addcookies);
+        count++;
+      }
+    }
+    if(count && (CURLE_OK == result))
+      result = Curl_add_buffer(req_buffer, "\r\n", 2);
+
+    if(result)
+      return result;
+  }
+#endif
+
+  if(data->set.timecondition) {
+    result = Curl_add_timecondition(data, req_buffer);
+    if(result)
+      return result;
+  }
+
+  result = Curl_add_custom_headers(conn, FALSE, req_buffer);
+  if(result)
+    return result;
+
+  http->postdata = NULL;  /* nothing to post at this point */
+  Curl_pgrsSetUploadSize(data, -1); /* upload size is unknown atm */
+
+  /* If 'authdone' is FALSE, we must not set the write socket index to the
+     Curl_transfer() call below, as we're not ready to actually upload any
+     data yet. */
+
+  switch(httpreq) {
+
+  case HTTPREQ_POST_FORM:
+    if(!http->sendit || conn->bits.authneg) {
+      /* nothing to post! */
+      result = Curl_add_bufferf(req_buffer, "Content-Length: 0\r\n\r\n");
+      if(result)
+        return result;
+
+      result = Curl_add_buffer_send(req_buffer, conn,
+                                    &data->info.request_size, 0, FIRSTSOCKET);
+      if(result)
+        failf(data, "Failed sending POST request");
+      else
+        /* setup variables for the upcoming transfer */
+        Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE, &http->readbytecount,
+                            -1, NULL);
+      break;
+    }
+
+    if(Curl_FormInit(&http->form, http->sendit)) {
+      failf(data, "Internal HTTP POST error!");
+      return CURLE_HTTP_POST_ERROR;
+    }
+
+    /* Get the currently set callback function pointer and store that in the
+       form struct since we might want the actual user-provided callback later
+       on. The conn->fread_func pointer itself will be changed for the
+       multipart case to the function that returns a multipart formatted
+       stream. */
+    http->form.fread_func = conn->fread_func;
+
+    /* Set the read function to read from the generated form data */
+    conn->fread_func = (curl_read_callback)Curl_FormReader;
+    conn->fread_in = &http->form;
+
+    http->sending = HTTPSEND_BODY;
+
+    if(!data->req.upload_chunky &&
+       !Curl_checkheaders(conn, "Content-Length:")) {
+      /* only add Content-Length if not uploading chunked */
+      result = Curl_add_bufferf(req_buffer,
+                                "Content-Length: %" CURL_FORMAT_CURL_OFF_T
+                                "\r\n", http->postsize);
+      if(result)
+        return result;
+    }
+
+    result = expect100(data, conn, req_buffer);
+    if(result)
+      return result;
+
+    {
+
+      /* Get Content-Type: line from Curl_formpostheader.
+       */
+      char *contentType;
+      size_t linelength=0;
+      contentType = Curl_formpostheader((void *)&http->form,
+                                        &linelength);
+      if(!contentType) {
+        failf(data, "Could not get Content-Type header line!");
+        return CURLE_HTTP_POST_ERROR;
+      }
+
+      result = Curl_add_buffer(req_buffer, contentType, linelength);
+      if(result)
+        return result;
+    }
+
+    /* make the request end in a true CRLF */
+    result = Curl_add_buffer(req_buffer, "\r\n", 2);
+    if(result)
+      return result;
+
+    /* set upload size to the progress meter */
+    Curl_pgrsSetUploadSize(data, http->postsize);
+
+    /* fire away the whole request to the server */
+    result = Curl_add_buffer_send(req_buffer, conn,
+                                  &data->info.request_size, 0, FIRSTSOCKET);
+    if(result)
+      failf(data, "Failed sending POST request");
+    else
+      /* setup variables for the upcoming transfer */
+      Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
+                          &http->readbytecount, FIRSTSOCKET,
+                          &http->writebytecount);
+
+    if(result) {
+      Curl_formclean(&http->sendit); /* free that whole lot */
+      return result;
+    }
+
+    /* convert the form data */
+    result = Curl_convert_form(data, http->sendit);
+    if(result) {
+      Curl_formclean(&http->sendit); /* free that whole lot */
+      return result;
+    }
+
+    break;
+
+  case HTTPREQ_PUT: /* Let's PUT the data to the server! */
+
+    if(conn->bits.authneg)
+      postsize = 0;
+    else
+      postsize = data->state.infilesize;
+
+    if((postsize != -1) && !data->req.upload_chunky &&
+       !Curl_checkheaders(conn, "Content-Length:")) {
+      /* only add Content-Length if not uploading chunked */
+      result = Curl_add_bufferf(req_buffer,
+                                "Content-Length: %" CURL_FORMAT_CURL_OFF_T
+                                "\r\n", postsize);
+      if(result)
+        return result;
+    }
+
+    if(postsize != 0) {
+      result = expect100(data, conn, req_buffer);
+      if(result)
+        return result;
+    }
+
+    result = Curl_add_buffer(req_buffer, "\r\n", 2); /* end of headers */
+    if(result)
+      return result;
+
+    /* set the upload size to the progress meter */
+    Curl_pgrsSetUploadSize(data, postsize);
+
+    /* this sends the buffer and frees all the buffer resources */
+    result = Curl_add_buffer_send(req_buffer, conn,
+                                  &data->info.request_size, 0, FIRSTSOCKET);
+    if(result)
+      failf(data, "Failed sending PUT request");
+    else
+      /* prepare for transfer */
+      Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
+                          &http->readbytecount, postsize?FIRSTSOCKET:-1,
+                          postsize?&http->writebytecount:NULL);
+    if(result)
+      return result;
+    break;
+
+  case HTTPREQ_POST:
+    /* this is the simple POST, using x-www-form-urlencoded style */
+
+    if(conn->bits.authneg)
+      postsize = 0;
+    else {
+      /* figure out the size of the postfields */
+      postsize = (data->set.postfieldsize != -1)?
+        data->set.postfieldsize:
+        (data->set.postfields? (curl_off_t)strlen(data->set.postfields):-1);
+    }
+
+    /* We only set Content-Length and allow a custom Content-Length if
+       we don't upload data chunked, as RFC2616 forbids us to set both
+       kinds of headers (Transfer-Encoding: chunked and Content-Length) */
+    if((postsize != -1) && !data->req.upload_chunky &&
+       !Curl_checkheaders(conn, "Content-Length:")) {
+      /* we allow replacing this header if not during auth negotiation,
+         although it isn't very wise to actually set your own */
+      result = Curl_add_bufferf(req_buffer,
+                                "Content-Length: %" CURL_FORMAT_CURL_OFF_T
+                                "\r\n", postsize);
+      if(result)
+        return result;
+    }
+
+    if(!Curl_checkheaders(conn, "Content-Type:")) {
+      result = Curl_add_bufferf(req_buffer,
+                                "Content-Type: application/"
+                                "x-www-form-urlencoded\r\n");
+      if(result)
+        return result;
+    }
+
+    /* For really small posts we don't use Expect: headers at all, and for
+       the somewhat bigger ones we allow the app to disable it. Just make
+       sure that the expect100header is always set to the preferred value
+       here. */
+    ptr = Curl_checkheaders(conn, "Expect:");
+    if(ptr) {
+      data->state.expect100header =
+        Curl_compareheader(ptr, "Expect:", "100-continue");
+    }
+    else if(postsize > TINY_INITIAL_POST_SIZE || postsize < 0) {
+      result = expect100(data, conn, req_buffer);
+      if(result)
+        return result;
+    }
+    else
+      data->state.expect100header = FALSE;
+
+    if(data->set.postfields) {
+
+      /* In HTTP2, we send request body in DATA frame regardless of
+         its size. */
+      if(conn->httpversion != 20 &&
+         !data->state.expect100header &&
+         (postsize < MAX_INITIAL_POST_SIZE))  {
+        /* if we don't use expect: 100  AND
+           postsize is less than MAX_INITIAL_POST_SIZE
+
+           then append the post data to the HTTP request header. This limit
+           is no magic limit but only set to prevent really huge POSTs to
+           get the data duplicated with malloc() and family. */
+
+        result = Curl_add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
+        if(result)
+          return result;
+
+        if(!data->req.upload_chunky) {
+          /* We're not sending it 'chunked', append it to the request
+             already now to reduce the number if send() calls */
+          result = Curl_add_buffer(req_buffer, data->set.postfields,
+                                   (size_t)postsize);
+          included_body = postsize;
+        }
+        else {
+          if(postsize) {
+            /* Append the POST data chunky-style */
+            result = Curl_add_bufferf(req_buffer, "%x\r\n", (int)postsize);
+            if(CURLE_OK == result) {
+              result = Curl_add_buffer(req_buffer, data->set.postfields,
+                                       (size_t)postsize);
+              if(CURLE_OK == result)
+                 result = Curl_add_buffer(req_buffer, "\r\n", 2);
+              included_body = postsize + 2;
+            }
+          }
+          if(CURLE_OK == result)
+            result = Curl_add_buffer(req_buffer,
+                                     "\x30\x0d\x0a\x0d\x0a", 5);
+          /* 0  CR  LF  CR  LF */
+          included_body += 5;
+        }
+        if(result)
+          return result;
+        /* Make sure the progress information is accurate */
+        Curl_pgrsSetUploadSize(data, postsize);
+      }
+      else {
+        /* A huge POST coming up, do data separate from the request */
+        http->postsize = postsize;
+        http->postdata = data->set.postfields;
+
+        http->sending = HTTPSEND_BODY;
+
+        conn->fread_func = (curl_read_callback)readmoredata;
+        conn->fread_in = (void *)conn;
+
+        /* set the upload size to the progress meter */
+        Curl_pgrsSetUploadSize(data, http->postsize);
+
+        result = Curl_add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
+        if(result)
+          return result;
+      }
+    }
+    else {
+      result = Curl_add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
+      if(result)
+        return result;
+
+      if(data->req.upload_chunky && conn->bits.authneg) {
+        /* Chunky upload is selected and we're negotiating auth still, send
+           end-of-data only */
+        result = Curl_add_buffer(req_buffer,
+                                 "\x30\x0d\x0a\x0d\x0a", 5);
+        /* 0  CR  LF  CR  LF */
+        if(result)
+          return result;
+      }
+
+      else if(data->set.postfieldsize) {
+        /* set the upload size to the progress meter */
+        Curl_pgrsSetUploadSize(data, postsize?postsize:-1);
+
+        /* set the pointer to mark that we will send the post body using the
+           read callback, but only if we're not in authenticate
+           negotiation  */
+        if(!conn->bits.authneg) {
+          http->postdata = (char *)&http->postdata;
+          http->postsize = postsize;
+        }
+      }
+    }
+    /* issue the request */
+    result = Curl_add_buffer_send(req_buffer, conn, &data->info.request_size,
+                                  (size_t)included_body, FIRSTSOCKET);
+
+    if(result)
+      failf(data, "Failed sending HTTP POST request");
+    else
+      Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
+                          &http->readbytecount, http->postdata?FIRSTSOCKET:-1,
+                          http->postdata?&http->writebytecount:NULL);
+    break;
+
+  default:
+    result = Curl_add_buffer(req_buffer, "\r\n", 2);
+    if(result)
+      return result;
+
+    /* issue the request */
+    result = Curl_add_buffer_send(req_buffer, conn,
+                                  &data->info.request_size, 0, FIRSTSOCKET);
+
+    if(result)
+      failf(data, "Failed sending HTTP request");
+    else
+      /* HTTP GET/HEAD download: */
+      Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE, &http->readbytecount,
+                          http->postdata?FIRSTSOCKET:-1,
+                          http->postdata?&http->writebytecount:NULL);
+  }
+  if(result)
+    return result;
+
+  if(http->writebytecount) {
+    /* if a request-body has been sent off, we make sure this progress is noted
+       properly */
+    Curl_pgrsSetUploadCounter(data, http->writebytecount);
+    if(Curl_pgrsUpdate(conn))
+      result = CURLE_ABORTED_BY_CALLBACK;
+
+    if(http->writebytecount >= postsize) {
+      /* already sent the entire request body, mark the "upload" as
+         complete */
+      infof(data, "upload completely sent off: %" CURL_FORMAT_CURL_OFF_T
+            " out of %" CURL_FORMAT_CURL_OFF_T " bytes\n",
+            http->writebytecount, postsize);
+      data->req.upload_done = TRUE;
+      data->req.keepon &= ~KEEP_SEND; /* we're done writing */
+      data->req.exp100 = EXP100_SEND_DATA; /* already sent */
+    }
+  }
+
+  return result;
+}
+
+/*
+ * checkhttpprefix()
+ *
+ * Returns TRUE if member of the list matches prefix of string
+ */
+static bool
+checkhttpprefix(struct SessionHandle *data,
+                const char *s)
+{
+  struct curl_slist *head = data->set.http200aliases;
+  bool rc = FALSE;
+#ifdef CURL_DOES_CONVERSIONS
+  /* convert from the network encoding using a scratch area */
+  char *scratch = strdup(s);
+  if(NULL == scratch) {
+    failf (data, "Failed to allocate memory for conversion!");
+    return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */
+  }
+  if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s)+1)) {
+    /* Curl_convert_from_network calls failf if unsuccessful */
+    free(scratch);
+    return FALSE; /* can't return CURLE_foobar so return FALSE */
+  }
+  s = scratch;
+#endif /* CURL_DOES_CONVERSIONS */
+
+  while(head) {
+    if(checkprefix(head->data, s)) {
+      rc = TRUE;
+      break;
+    }
+    head = head->next;
+  }
+
+  if(!rc && (checkprefix("HTTP/", s)))
+    rc = TRUE;
+
+#ifdef CURL_DOES_CONVERSIONS
+  free(scratch);
+#endif /* CURL_DOES_CONVERSIONS */
+  return rc;
+}
+
+#ifndef CURL_DISABLE_RTSP
+static bool
+checkrtspprefix(struct SessionHandle *data,
+                const char *s)
+{
+
+#ifdef CURL_DOES_CONVERSIONS
+  /* convert from the network encoding using a scratch area */
+  char *scratch = strdup(s);
+  if(NULL == scratch) {
+    failf (data, "Failed to allocate memory for conversion!");
+    return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */
+  }
+  if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s)+1)) {
+    /* Curl_convert_from_network calls failf if unsuccessful */
+    free(scratch);
+    return FALSE; /* can't return CURLE_foobar so return FALSE */
+  }
+  s = scratch;
+#else
+  (void)data; /* unused */
+#endif /* CURL_DOES_CONVERSIONS */
+  if(checkprefix("RTSP/", s))
+    return TRUE;
+  else
+    return FALSE;
+}
+#endif /* CURL_DISABLE_RTSP */
+
+static bool
+checkprotoprefix(struct SessionHandle *data, struct connectdata *conn,
+                 const char *s)
+{
+#ifndef CURL_DISABLE_RTSP
+  if(conn->handler->protocol & CURLPROTO_RTSP)
+    return checkrtspprefix(data, s);
+#else
+  (void)conn;
+#endif /* CURL_DISABLE_RTSP */
+
+  return checkhttpprefix(data, s);
+}
+
+/*
+ * header_append() copies a chunk of data to the end of the already received
+ * header. We make sure that the full string fit in the allocated header
+ * buffer, or else we enlarge it.
+ */
+static CURLcode header_append(struct SessionHandle *data,
+                              struct SingleRequest *k,
+                              size_t length)
+{
+  if(k->hbuflen + length >= data->state.headersize) {
+    /* We enlarge the header buffer as it is too small */
+    char *newbuff;
+    size_t hbufp_index;
+    size_t newsize;
+
+    if(k->hbuflen + length > CURL_MAX_HTTP_HEADER) {
+      /* The reason to have a max limit for this is to avoid the risk of a bad
+         server feeding libcurl with a never-ending header that will cause
+         reallocs infinitely */
+      failf (data, "Avoided giant realloc for header (max is %d)!",
+             CURL_MAX_HTTP_HEADER);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    newsize=CURLMAX((k->hbuflen+ length)*3/2, data->state.headersize*2);
+    hbufp_index = k->hbufp - data->state.headerbuff;
+    newbuff = realloc(data->state.headerbuff, newsize);
+    if(!newbuff) {
+      failf (data, "Failed to alloc memory for big header!");
+      return CURLE_OUT_OF_MEMORY;
+    }
+    data->state.headersize=newsize;
+    data->state.headerbuff = newbuff;
+    k->hbufp = data->state.headerbuff + hbufp_index;
+  }
+  memcpy(k->hbufp, k->str_start, length);
+  k->hbufp += length;
+  k->hbuflen += length;
+  *k->hbufp = 0;
+
+  return CURLE_OK;
+}
+
+static void print_http_error(struct SessionHandle *data)
+{
+  struct SingleRequest *k = &data->req;
+  char *beg = k->p;
+
+  /* make sure that data->req.p points to the HTTP status line */
+  if(!strncmp(beg, "HTTP", 4)) {
+
+    /* skip to HTTP status code */
+    beg = strchr(beg, ' ');
+    if(beg && *++beg) {
+
+      /* find trailing CR */
+      char end_char = '\r';
+      char *end = strchr(beg, end_char);
+      if(!end) {
+        /* try to find LF (workaround for non-compliant HTTP servers) */
+        end_char = '\n';
+        end = strchr(beg, end_char);
+      }
+
+      if(end) {
+        /* temporarily replace CR or LF by NUL and print the error message */
+        *end = '\0';
+        failf(data, "The requested URL returned error: %s", beg);
+
+        /* restore the previously replaced CR or LF */
+        *end = end_char;
+        return;
+      }
+    }
+  }
+
+  /* fall-back to printing the HTTP status code only */
+  failf(data, "The requested URL returned error: %d", k->httpcode);
+}
+
+/*
+ * Read any HTTP header lines from the server and pass them to the client app.
+ */
+CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
+                                       struct connectdata *conn,
+                                       ssize_t *nread,
+                                       bool *stop_reading)
+{
+  CURLcode result;
+  struct SingleRequest *k = &data->req;
+
+  /* header line within buffer loop */
+  do {
+    size_t rest_length;
+    size_t full_length;
+    int writetype;
+
+    /* str_start is start of line within buf */
+    k->str_start = k->str;
+
+    /* data is in network encoding so use 0x0a instead of '\n' */
+    k->end_ptr = memchr(k->str_start, 0x0a, *nread);
+
+    if(!k->end_ptr) {
+      /* Not a complete header line within buffer, append the data to
+         the end of the headerbuff. */
+      result = header_append(data, k, *nread);
+      if(result)
+        return result;
+
+      if(!k->headerline && (k->hbuflen>5)) {
+        /* make a first check that this looks like a protocol header */
+        if(!checkprotoprefix(data, conn, data->state.headerbuff)) {
+          /* this is not the beginning of a protocol first header line */
+          k->header = FALSE;
+          k->badheader = HEADER_ALLBAD;
+          break;
+        }
+      }
+
+      break; /* read more and try again */
+    }
+
+    /* decrease the size of the remaining (supposed) header line */
+    rest_length = (k->end_ptr - k->str)+1;
+    *nread -= (ssize_t)rest_length;
+
+    k->str = k->end_ptr + 1; /* move past new line */
+
+    full_length = k->str - k->str_start;
+
+    result = header_append(data, k, full_length);
+    if(result)
+      return result;
+
+    k->end_ptr = k->hbufp;
+    k->p = data->state.headerbuff;
+
+    /****
+     * We now have a FULL header line that p points to
+     *****/
+
+    if(!k->headerline) {
+      /* the first read header */
+      if((k->hbuflen>5) &&
+         !checkprotoprefix(data, conn, data->state.headerbuff)) {
+        /* this is not the beginning of a protocol first header line */
+        k->header = FALSE;
+        if(*nread)
+          /* since there's more, this is a partial bad header */
+          k->badheader = HEADER_PARTHEADER;
+        else {
+          /* this was all we read so it's all a bad header */
+          k->badheader = HEADER_ALLBAD;
+          *nread = (ssize_t)rest_length;
+        }
+        break;
+      }
+    }
+
+    /* headers are in network encoding so
+       use 0x0a and 0x0d instead of '\n' and '\r' */
+    if((0x0a == *k->p) || (0x0d == *k->p)) {
+      size_t headerlen;
+      /* Zero-length header line means end of headers! */
+
+#ifdef CURL_DOES_CONVERSIONS
+      if(0x0d == *k->p) {
+        *k->p = '\r'; /* replace with CR in host encoding */
+        k->p++;       /* pass the CR byte */
+      }
+      if(0x0a == *k->p) {
+        *k->p = '\n'; /* replace with LF in host encoding */
+        k->p++;       /* pass the LF byte */
+      }
+#else
+      if('\r' == *k->p)
+        k->p++; /* pass the \r byte */
+      if('\n' == *k->p)
+        k->p++; /* pass the \n byte */
+#endif /* CURL_DOES_CONVERSIONS */
+
+      if(100 <= k->httpcode && 199 >= k->httpcode) {
+        /*
+         * We have made a HTTP PUT or POST and this is 1.1-lingo
+         * that tells us that the server is OK with this and ready
+         * to receive the data.
+         * However, we'll get more headers now so we must get
+         * back into the header-parsing state!
+         */
+        k->header = TRUE;
+        k->headerline = 0; /* restart the header line counter */
+
+        /* "A user agent MAY ignore unexpected 1xx status responses." */
+        switch(k->httpcode) {
+        case 100:
+          /* if we did wait for this do enable write now! */
+          if(k->exp100) {
+            k->exp100 = EXP100_SEND_DATA;
+            k->keepon |= KEEP_SEND;
+          }
+          break;
+        case 101:
+          /* Switching Protocols */
+          if(k->upgr101 == UPGR101_REQUESTED) {
+            infof(data, "Received 101\n");
+            k->upgr101 = UPGR101_RECEIVED;
+
+            /* switch to http2 now */
+            result = Curl_http2_switched(conn);
+            if(result)
+              return result;
+          }
+          break;
+        default:
+          break;
+        }
+      }
+      else {
+        k->header = FALSE; /* no more header to parse! */
+
+        if((k->size == -1) && !k->chunk && !conn->bits.close &&
+           (conn->httpversion == 11) &&
+           !(conn->handler->protocol & CURLPROTO_RTSP) &&
+           data->set.httpreq != HTTPREQ_HEAD) {
+          /* On HTTP 1.1, when connection is not to get closed, but no
+             Content-Length nor Content-Encoding chunked have been
+             received, according to RFC2616 section 4.4 point 5, we
+             assume that the server will close the connection to
+             signal the end of the document. */
+          infof(data, "no chunk, no close, no size. Assume close to "
+                "signal end\n");
+          connclose(conn, "HTTP: No end-of-message indicator");
+        }
+      }
+
+      /*
+       * When all the headers have been parsed, see if we should give
+       * up and return an error.
+       */
+      if(http_should_fail(conn)) {
+        failf (data, "The requested URL returned error: %d",
+               k->httpcode);
+        return CURLE_HTTP_RETURNED_ERROR;
+      }
+
+      /* now, only output this if the header AND body are requested:
+       */
+      writetype = CLIENTWRITE_HEADER;
+      if(data->set.include_header)
+        writetype |= CLIENTWRITE_BODY;
+
+      headerlen = k->p - data->state.headerbuff;
+
+      result = Curl_client_write(conn, writetype,
+                                 data->state.headerbuff,
+                                 headerlen);
+      if(result)
+        return result;
+
+      data->info.header_size += (long)headerlen;
+      data->req.headerbytecount += (long)headerlen;
+
+      data->req.deductheadercount =
+        (100 <= k->httpcode && 199 >= k->httpcode)?data->req.headerbytecount:0;
+
+      if(!*stop_reading) {
+        /* Curl_http_auth_act() checks what authentication methods
+         * that are available and decides which one (if any) to
+         * use. It will set 'newurl' if an auth method was picked. */
+        result = Curl_http_auth_act(conn);
+
+        if(result)
+          return result;
+
+        if(k->httpcode >= 300) {
+          if((!conn->bits.authneg) && !conn->bits.close &&
+             !conn->bits.rewindaftersend) {
+            /*
+             * General treatment of errors when about to send data. Including :
+             * "417 Expectation Failed", while waiting for 100-continue.
+             *
+             * The check for close above is done simply because of something
+             * else has already deemed the connection to get closed then
+             * something else should've considered the big picture and we
+             * avoid this check.
+             *
+             * rewindaftersend indicates that something has told libcurl to
+             * continue sending even if it gets discarded
+             */
+
+            switch(data->set.httpreq) {
+            case HTTPREQ_PUT:
+            case HTTPREQ_POST:
+            case HTTPREQ_POST_FORM:
+              /* We got an error response. If this happened before the whole
+               * request body has been sent we stop sending and mark the
+               * connection for closure after we've read the entire response.
+               */
+              if(!k->upload_done) {
+                infof(data, "HTTP error before end of send, stop sending\n");
+                connclose(conn, "Stop sending data before everything sent");
+                k->upload_done = TRUE;
+                k->keepon &= ~KEEP_SEND; /* don't send */
+                if(data->state.expect100header)
+                  k->exp100 = EXP100_FAILED;
+              }
+              break;
+
+            default: /* default label present to avoid compiler warnings */
+              break;
+            }
+          }
+        }
+
+        if(conn->bits.rewindaftersend) {
+          /* We rewind after a complete send, so thus we continue
+             sending now */
+          infof(data, "Keep sending data to get tossed away!\n");
+          k->keepon |= KEEP_SEND;
+        }
+      }
+
+      if(!k->header) {
+        /*
+         * really end-of-headers.
+         *
+         * If we requested a "no body", this is a good time to get
+         * out and return home.
+         */
+        if(data->set.opt_no_body)
+          *stop_reading = TRUE;
+        else {
+          /* If we know the expected size of this document, we set the
+             maximum download size to the size of the expected
+             document or else, we won't know when to stop reading!
+
+             Note that we set the download maximum even if we read a
+             "Connection: close" header, to make sure that
+             "Content-Length: 0" still prevents us from attempting to
+             read the (missing) response-body.
+          */
+          /* According to RFC2616 section 4.4, we MUST ignore
+             Content-Length: headers if we are now receiving data
+             using chunked Transfer-Encoding.
+          */
+          if(k->chunk)
+            k->maxdownload = k->size = -1;
+        }
+        if(-1 != k->size) {
+          /* We do this operation even if no_body is true, since this
+             data might be retrieved later with curl_easy_getinfo()
+             and its CURLINFO_CONTENT_LENGTH_DOWNLOAD option. */
+
+          Curl_pgrsSetDownloadSize(data, k->size);
+          k->maxdownload = k->size;
+        }
+
+        /* If max download size is *zero* (nothing) we already
+           have nothing and can safely return ok now! */
+        if(0 == k->maxdownload)
+          *stop_reading = TRUE;
+
+        if(*stop_reading) {
+          /* we make sure that this socket isn't read more now */
+          k->keepon &= ~KEEP_RECV;
+        }
+
+        if(data->set.verbose)
+          Curl_debug(data, CURLINFO_HEADER_IN,
+                     k->str_start, headerlen, conn);
+        break;          /* exit header line loop */
+      }
+
+      /* We continue reading headers, so reset the line-based
+         header parsing variables hbufp && hbuflen */
+      k->hbufp = data->state.headerbuff;
+      k->hbuflen = 0;
+      continue;
+    }
+
+    /*
+     * Checks for special headers coming up.
+     */
+
+    if(!k->headerline++) {
+      /* This is the first header, it MUST be the error code line
+         or else we consider this to be the body right away! */
+      int httpversion_major;
+      int rtspversion_major;
+      int nc = 0;
+#ifdef CURL_DOES_CONVERSIONS
+#define HEADER1 scratch
+#define SCRATCHSIZE 21
+      CURLcode res;
+      char scratch[SCRATCHSIZE+1]; /* "HTTP/major.minor 123" */
+      /* We can't really convert this yet because we
+         don't know if it's the 1st header line or the body.
+         So we do a partial conversion into a scratch area,
+         leaving the data at k->p as-is.
+      */
+      strncpy(&scratch[0], k->p, SCRATCHSIZE);
+      scratch[SCRATCHSIZE] = 0; /* null terminate */
+      res = Curl_convert_from_network(data,
+                                      &scratch[0],
+                                      SCRATCHSIZE);
+      if(res)
+        /* Curl_convert_from_network calls failf if unsuccessful */
+        return res;
+#else
+#define HEADER1 k->p /* no conversion needed, just use k->p */
+#endif /* CURL_DOES_CONVERSIONS */
+
+      if(conn->handler->protocol & PROTO_FAMILY_HTTP) {
+        nc = sscanf(HEADER1,
+                    " HTTP/%d.%d %3d",
+                    &httpversion_major,
+                    &conn->httpversion,
+                    &k->httpcode);
+        if(nc==3) {
+          conn->httpversion += 10 * httpversion_major;
+        }
+        else {
+          /* this is the real world, not a Nirvana
+             NCSA 1.5.x returns this crap when asked for HTTP/1.1
+          */
+          nc=sscanf(HEADER1, " HTTP %3d", &k->httpcode);
+          conn->httpversion = 10;
+
+          /* If user has set option HTTP200ALIASES,
+             compare header line against list of aliases
+          */
+          if(!nc) {
+            if(checkhttpprefix(data, k->p)) {
+              nc = 1;
+              k->httpcode = 200;
+              conn->httpversion = 10;
+            }
+          }
+        }
+      }
+      else if(conn->handler->protocol & CURLPROTO_RTSP) {
+        nc = sscanf(HEADER1,
+                    " RTSP/%d.%d %3d",
+                    &rtspversion_major,
+                    &conn->rtspversion,
+                    &k->httpcode);
+        if(nc==3) {
+          conn->rtspversion += 10 * rtspversion_major;
+          conn->httpversion = 11; /* For us, RTSP acts like HTTP 1.1 */
+        }
+        else {
+          /* TODO: do we care about the other cases here? */
+          nc = 0;
+        }
+      }
+
+      if(nc) {
+        data->info.httpcode = k->httpcode;
+
+        data->info.httpversion = conn->httpversion;
+        if(!data->state.httpversion ||
+           data->state.httpversion > conn->httpversion)
+          /* store the lowest server version we encounter */
+          data->state.httpversion = conn->httpversion;
+
+        /*
+         * This code executes as part of processing the header.  As a
+         * result, it's not totally clear how to interpret the
+         * response code yet as that depends on what other headers may
+         * be present.  401 and 407 may be errors, but may be OK
+         * depending on how authentication is working.  Other codes
+         * are definitely errors, so give up here.
+         */
+        if(data->set.http_fail_on_error && (k->httpcode >= 400) &&
+           ((k->httpcode != 401) || !conn->bits.user_passwd) &&
+           ((k->httpcode != 407) || !conn->bits.proxy_user_passwd) ) {
+
+          if(data->state.resume_from &&
+             (data->set.httpreq==HTTPREQ_GET) &&
+             (k->httpcode == 416)) {
+            /* "Requested Range Not Satisfiable", just proceed and
+               pretend this is no error */
+          }
+          else {
+            /* serious error, go home! */
+            print_http_error(data);
+            return CURLE_HTTP_RETURNED_ERROR;
+          }
+        }
+
+        if(conn->httpversion == 10) {
+          /* Default action for HTTP/1.0 must be to close, unless
+             we get one of those fancy headers that tell us the
+             server keeps it open for us! */
+          infof(data, "HTTP 1.0, assume close after body\n");
+          connclose(conn, "HTTP/1.0 close after body");
+        }
+        else if(conn->httpversion >= 11 &&
+                !conn->bits.close) {
+          struct connectbundle *cb_ptr;
+
+          /* If HTTP version is >= 1.1 and connection is persistent
+             server supports pipelining. */
+          DEBUGF(infof(data,
+                       "HTTP 1.1 or later with persistent connection, "
+                       "pipelining supported\n"));
+          /* Activate pipelining if needed */
+          cb_ptr = conn->bundle;
+          if(cb_ptr) {
+            if(!Curl_pipeline_site_blacklisted(data, conn))
+              cb_ptr->server_supports_pipelining = TRUE;
+          }
+        }
+
+        switch(k->httpcode) {
+        case 204:
+          /* (quote from RFC2616, section 10.2.5): The server has
+           * fulfilled the request but does not need to return an
+           * entity-body ... The 204 response MUST NOT include a
+           * message-body, and thus is always terminated by the first
+           * empty line after the header fields. */
+          /* FALLTHROUGH */
+        case 304:
+          /* (quote from RFC2616, section 10.3.5): The 304 response
+           * MUST NOT contain a message-body, and thus is always
+           * terminated by the first empty line after the header
+           * fields.  */
+          if(data->set.timecondition)
+            data->info.timecond = TRUE;
+          k->size=0;
+          k->maxdownload=0;
+          k->ignorecl = TRUE; /* ignore Content-Length headers */
+          break;
+        default:
+          /* nothing */
+          break;
+        }
+      }
+      else {
+        k->header = FALSE;   /* this is not a header line */
+        break;
+      }
+    }
+
+    result = Curl_convert_from_network(data, k->p, strlen(k->p));
+    /* Curl_convert_from_network calls failf if unsuccessful */
+    if(result)
+      return result;
+
+    /* Check for Content-Length: header lines to get size */
+    if(!k->ignorecl && !data->set.ignorecl &&
+       checkprefix("Content-Length:", k->p)) {
+      curl_off_t contentlength = curlx_strtoofft(k->p+15, NULL, 10);
+      if(data->set.max_filesize &&
+         contentlength > data->set.max_filesize) {
+        failf(data, "Maximum file size exceeded");
+        return CURLE_FILESIZE_EXCEEDED;
+      }
+      if(contentlength >= 0) {
+        k->size = contentlength;
+        k->maxdownload = k->size;
+        /* we set the progress download size already at this point
+           just to make it easier for apps/callbacks to extract this
+           info as soon as possible */
+        Curl_pgrsSetDownloadSize(data, k->size);
+      }
+      else {
+        /* Negative Content-Length is really odd, and we know it
+           happens for example when older Apache servers send large
+           files */
+        connclose(conn, "negative content-length");
+        infof(data, "Negative content-length: %" CURL_FORMAT_CURL_OFF_T
+              ", closing after transfer\n", contentlength);
+      }
+    }
+    /* check for Content-Type: header lines to get the MIME-type */
+    else if(checkprefix("Content-Type:", k->p)) {
+      char *contenttype = Curl_copy_header_value(k->p);
+      if(!contenttype)
+        return CURLE_OUT_OF_MEMORY;
+      if(!*contenttype)
+        /* ignore empty data */
+        free(contenttype);
+      else {
+        Curl_safefree(data->info.contenttype);
+        data->info.contenttype = contenttype;
+      }
+    }
+    else if(checkprefix("Server:", k->p)) {
+      char *server_name = Curl_copy_header_value(k->p);
+
+      /* Turn off pipelining if the server version is blacklisted */
+      if(conn->bundle && conn->bundle->server_supports_pipelining) {
+        if(Curl_pipeline_server_blacklisted(data, server_name))
+          conn->bundle->server_supports_pipelining = FALSE;
+      }
+      Curl_safefree(server_name);
+    }
+    else if((conn->httpversion == 10) &&
+            conn->bits.httpproxy &&
+            Curl_compareheader(k->p,
+                               "Proxy-Connection:", "keep-alive")) {
+      /*
+       * When a HTTP/1.0 reply comes when using a proxy, the
+       * 'Proxy-Connection: keep-alive' line tells us the
+       * connection will be kept alive for our pleasure.
+       * Default action for 1.0 is to close.
+       */
+      connkeep(conn, "Proxy-Connection keep-alive"); /* don't close */
+      infof(data, "HTTP/1.0 proxy connection set to keep alive!\n");
+    }
+    else if((conn->httpversion == 11) &&
+            conn->bits.httpproxy &&
+            Curl_compareheader(k->p,
+                               "Proxy-Connection:", "close")) {
+      /*
+       * We get a HTTP/1.1 response from a proxy and it says it'll
+       * close down after this transfer.
+       */
+      connclose(conn, "Proxy-Connection: asked to close after done");
+      infof(data, "HTTP/1.1 proxy connection set close!\n");
+    }
+    else if((conn->httpversion == 10) &&
+            Curl_compareheader(k->p, "Connection:", "keep-alive")) {
+      /*
+       * A HTTP/1.0 reply with the 'Connection: keep-alive' line
+       * tells us the connection will be kept alive for our
+       * pleasure.  Default action for 1.0 is to close.
+       *
+       * [RFC2068, section 19.7.1] */
+      connkeep(conn, "Connection keep-alive");
+      infof(data, "HTTP/1.0 connection set to keep alive!\n");
+    }
+    else if(Curl_compareheader(k->p, "Connection:", "close")) {
+      /*
+       * [RFC 2616, section 8.1.2.1]
+       * "Connection: close" is HTTP/1.1 language and means that
+       * the connection will close when this request has been
+       * served.
+       */
+      connclose(conn, "Connection: close used");
+    }
+    else if(checkprefix("Transfer-Encoding:", k->p)) {
+      /* One or more encodings. We check for chunked and/or a compression
+         algorithm. */
+      /*
+       * [RFC 2616, section 3.6.1] A 'chunked' transfer encoding
+       * means that the server will send a series of "chunks". Each
+       * chunk starts with line with info (including size of the
+       * coming block) (terminated with CRLF), then a block of data
+       * with the previously mentioned size. There can be any amount
+       * of chunks, and a chunk-data set to zero signals the
+       * end-of-chunks. */
+
+      char *start;
+
+      /* Find the first non-space letter */
+      start = k->p + 18;
+
+      for(;;) {
+        /* skip whitespaces and commas */
+        while(*start && (ISSPACE(*start) || (*start == ',')))
+          start++;
+
+        if(checkprefix("chunked", start)) {
+          k->chunk = TRUE; /* chunks coming our way */
+
+          /* init our chunky engine */
+          Curl_httpchunk_init(conn);
+
+          start += 7;
+        }
+
+        if(k->auto_decoding)
+          /* TODO: we only support the first mentioned compression for now */
+          break;
+
+        if(checkprefix("identity", start)) {
+          k->auto_decoding = IDENTITY;
+          start += 8;
+        }
+        else if(checkprefix("deflate", start)) {
+          k->auto_decoding = DEFLATE;
+          start += 7;
+        }
+        else if(checkprefix("gzip", start)) {
+          k->auto_decoding = GZIP;
+          start += 4;
+        }
+        else if(checkprefix("x-gzip", start)) {
+          k->auto_decoding = GZIP;
+          start += 6;
+        }
+        else if(checkprefix("compress", start)) {
+          k->auto_decoding = COMPRESS;
+          start += 8;
+        }
+        else if(checkprefix("x-compress", start)) {
+          k->auto_decoding = COMPRESS;
+          start += 10;
+        }
+        else
+          /* unknown! */
+          break;
+
+      }
+
+    }
+    else if(checkprefix("Content-Encoding:", k->p) &&
+            (data->set.str[STRING_ENCODING] ||
+             conn->httpversion == 20)) {
+      /*
+       * Process Content-Encoding. Look for the values: identity,
+       * gzip, deflate, compress, x-gzip and x-compress. x-gzip and
+       * x-compress are the same as gzip and compress. (Sec 3.5 RFC
+       * 2616). zlib cannot handle compress.  However, errors are
+       * handled further down when the response body is processed
+       */
+      char *start;
+
+      /* Find the first non-space letter */
+      start = k->p + 17;
+      while(*start && ISSPACE(*start))
+        start++;
+
+      /* Record the content-encoding for later use */
+      if(checkprefix("identity", start))
+        k->auto_decoding = IDENTITY;
+      else if(checkprefix("deflate", start))
+        k->auto_decoding = DEFLATE;
+      else if(checkprefix("gzip", start)
+              || checkprefix("x-gzip", start))
+        k->auto_decoding = GZIP;
+      else if(checkprefix("compress", start)
+              || checkprefix("x-compress", start))
+        k->auto_decoding = COMPRESS;
+    }
+    else if(checkprefix("Content-Range:", k->p)) {
+      /* Content-Range: bytes [num]-
+         Content-Range: bytes: [num]-
+         Content-Range: [num]-
+         Content-Range: [asterisk]/[total]
+
+         The second format was added since Sun's webserver
+         JavaWebServer/1.1.1 obviously sends the header this way!
+         The third added since some servers use that!
+         The forth means the requested range was unsatisfied.
+      */
+
+      char *ptr = k->p + 14;
+
+      /* Move forward until first digit or asterisk */
+      while(*ptr && !ISDIGIT(*ptr) && *ptr != '*')
+        ptr++;
+
+      /* if it truly stopped on a digit */
+      if(ISDIGIT(*ptr)) {
+        k->offset = curlx_strtoofft(ptr, NULL, 10);
+
+        if(data->state.resume_from == k->offset)
+          /* we asked for a resume and we got it */
+          k->content_range = TRUE;
+      }
+      else
+        data->state.resume_from = 0; /* get everything */
+    }
+#if !defined(CURL_DISABLE_COOKIES)
+    else if(data->cookies &&
+            checkprefix("Set-Cookie:", k->p)) {
+      Curl_share_lock(data, CURL_LOCK_DATA_COOKIE,
+                      CURL_LOCK_ACCESS_SINGLE);
+      Curl_cookie_add(data,
+                      data->cookies, TRUE, k->p+11,
+                      /* If there is a custom-set Host: name, use it
+                         here, or else use real peer host name. */
+                      conn->allocptr.cookiehost?
+                      conn->allocptr.cookiehost:conn->host.name,
+                      data->state.path);
+      Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+    }
+#endif
+    else if(checkprefix("Last-Modified:", k->p) &&
+            (data->set.timecondition || data->set.get_filetime) ) {
+      time_t secs=time(NULL);
+      k->timeofdoc = curl_getdate(k->p+strlen("Last-Modified:"),
+                                  &secs);
+      if(data->set.get_filetime)
+        data->info.filetime = (long)k->timeofdoc;
+    }
+    else if((checkprefix("WWW-Authenticate:", k->p) &&
+             (401 == k->httpcode)) ||
+            (checkprefix("Proxy-authenticate:", k->p) &&
+             (407 == k->httpcode))) {
+
+      bool proxy = (k->httpcode == 407) ? TRUE : FALSE;
+      char *auth = Curl_copy_header_value(k->p);
+      if(!auth)
+        return CURLE_OUT_OF_MEMORY;
+
+      result = Curl_http_input_auth(conn, proxy, auth);
+
+      Curl_safefree(auth);
+
+      if(result)
+        return result;
+    }
+    else if((k->httpcode >= 300 && k->httpcode < 400) &&
+            checkprefix("Location:", k->p) &&
+            !data->req.location) {
+      /* this is the URL that the server advises us to use instead */
+      char *location = Curl_copy_header_value(k->p);
+      if(!location)
+        return CURLE_OUT_OF_MEMORY;
+      if(!*location)
+        /* ignore empty data */
+        free(location);
+      else {
+        data->req.location = location;
+
+        if(data->set.http_follow_location) {
+          DEBUGASSERT(!data->req.newurl);
+          data->req.newurl = strdup(data->req.location); /* clone */
+          if(!data->req.newurl)
+            return CURLE_OUT_OF_MEMORY;
+
+          /* some cases of POST and PUT etc needs to rewind the data
+             stream at this point */
+          result = http_perhapsrewind(conn);
+          if(result)
+            return result;
+        }
+      }
+    }
+    else if(conn->handler->protocol & CURLPROTO_RTSP) {
+      result = Curl_rtsp_parseheader(conn, k->p);
+      if(result)
+        return result;
+    }
+
+    /*
+     * End of header-checks. Write them to the client.
+     */
+
+    writetype = CLIENTWRITE_HEADER;
+    if(data->set.include_header)
+      writetype |= CLIENTWRITE_BODY;
+
+    if(data->set.verbose)
+      Curl_debug(data, CURLINFO_HEADER_IN,
+                 k->p, (size_t)k->hbuflen, conn);
+
+    result = Curl_client_write(conn, writetype, k->p, k->hbuflen);
+    if(result)
+      return result;
+
+    data->info.header_size += (long)k->hbuflen;
+    data->req.headerbytecount += (long)k->hbuflen;
+
+    /* reset hbufp pointer && hbuflen */
+    k->hbufp = data->state.headerbuff;
+    k->hbuflen = 0;
+  }
+  while(!*stop_reading && *k->str); /* header line within buffer */
+
+  /* We might have reached the end of the header part here, but
+     there might be a non-header part left in the end of the read
+     buffer. */
+
+  return CURLE_OK;
+}
+
+#endif /* CURL_DISABLE_HTTP */
diff --git a/Utilities/cmcurl/lib/http.h b/Utilities/cmcurl/lib/http.h
new file mode 100644
index 0000000..907755a
--- /dev/null
+++ b/Utilities/cmcurl/lib/http.h
@@ -0,0 +1,223 @@
+#ifndef HEADER_CURL_HTTP_H
+#define HEADER_CURL_HTTP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_HTTP
+
+#ifdef USE_NGHTTP2
+#include <nghttp2/nghttp2.h>
+#endif
+
+extern const struct Curl_handler Curl_handler_http;
+
+#ifdef USE_SSL
+extern const struct Curl_handler Curl_handler_https;
+#endif
+
+/* Header specific functions */
+bool Curl_compareheader(const char *headerline,  /* line to check */
+                        const char *header,   /* header keyword _with_ colon */
+                        const char *content); /* content string to find */
+
+char *Curl_checkheaders(const struct connectdata *conn,
+                        const char *thisheader);
+char *Curl_copy_header_value(const char *header);
+
+char *Curl_checkProxyheaders(const struct connectdata *conn,
+                             const char *thisheader);
+/* ------------------------------------------------------------------------- */
+/*
+ * The add_buffer series of functions are used to build one large memory chunk
+ * from repeated function invokes. Used so that the entire HTTP request can
+ * be sent in one go.
+ */
+struct Curl_send_buffer {
+  char *buffer;
+  size_t size_max;
+  size_t size_used;
+};
+typedef struct Curl_send_buffer Curl_send_buffer;
+
+Curl_send_buffer *Curl_add_buffer_init(void);
+CURLcode Curl_add_bufferf(Curl_send_buffer *in, const char *fmt, ...);
+CURLcode Curl_add_buffer(Curl_send_buffer *in, const void *inptr, size_t size);
+CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
+                              struct connectdata *conn,
+                              long *bytes_written,
+                              size_t included_body_bytes,
+                              int socketindex);
+
+CURLcode Curl_add_timecondition(struct SessionHandle *data,
+                                Curl_send_buffer *buf);
+CURLcode Curl_add_custom_headers(struct connectdata *conn,
+                                 bool is_connect,
+                                 Curl_send_buffer *req_buffer);
+
+/* protocol-specific functions set up to be called by the main engine */
+CURLcode Curl_http(struct connectdata *conn, bool *done);
+CURLcode Curl_http_done(struct connectdata *, CURLcode, bool premature);
+CURLcode Curl_http_connect(struct connectdata *conn, bool *done);
+CURLcode Curl_http_setup_conn(struct connectdata *conn);
+
+/* The following functions are defined in http_chunks.c */
+void Curl_httpchunk_init(struct connectdata *conn);
+CHUNKcode Curl_httpchunk_read(struct connectdata *conn, char *datap,
+                              ssize_t length, ssize_t *wrote);
+
+/* These functions are in http.c */
+void Curl_http_auth_stage(struct SessionHandle *data, int stage);
+CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
+                              const char *auth);
+CURLcode Curl_http_auth_act(struct connectdata *conn);
+CURLcode Curl_http_perhapsrewind(struct connectdata *conn);
+
+/* If only the PICKNONE bit is set, there has been a round-trip and we
+   selected to use no auth at all. Ie, we actively select no auth, as opposed
+   to not having one selected. The other CURLAUTH_* defines are present in the
+   public curl/curl.h header. */
+#define CURLAUTH_PICKNONE (1<<30) /* don't use auth */
+
+/* MAX_INITIAL_POST_SIZE indicates the number of bytes that will make the POST
+   data get included in the initial data chunk sent to the server. If the
+   data is larger than this, it will automatically get split up in multiple
+   system calls.
+
+   This value used to be fairly big (100K), but we must take into account that
+   if the server rejects the POST due for authentication reasons, this data
+   will always be uncondtionally sent and thus it may not be larger than can
+   always be afforded to send twice.
+
+   It must not be greater than 64K to work on VMS.
+*/
+#ifndef MAX_INITIAL_POST_SIZE
+#define MAX_INITIAL_POST_SIZE (64*1024)
+#endif
+
+#ifndef TINY_INITIAL_POST_SIZE
+#define TINY_INITIAL_POST_SIZE 1024
+#endif
+
+#endif /* CURL_DISABLE_HTTP */
+
+/****************************************************************************
+ * HTTP unique setup
+ ***************************************************************************/
+struct HTTP {
+  struct FormData *sendit;
+  curl_off_t postsize; /* off_t to handle large file sizes */
+  const char *postdata;
+
+  const char *p_pragma;      /* Pragma: string */
+  const char *p_accept;      /* Accept: string */
+  curl_off_t readbytecount;
+  curl_off_t writebytecount;
+
+  /* For FORM posting */
+  struct Form form;
+
+  struct back {
+    curl_read_callback fread_func; /* backup storage for fread pointer */
+    void *fread_in;           /* backup storage for fread_in pointer */
+    const char *postdata;
+    curl_off_t postsize;
+  } backup;
+
+  enum {
+    HTTPSEND_NADA,    /* init */
+    HTTPSEND_REQUEST, /* sending a request */
+    HTTPSEND_BODY,    /* sending body */
+    HTTPSEND_LAST     /* never use this */
+  } sending;
+
+  void *send_buffer; /* used if the request couldn't be sent in one chunk,
+                        points to an allocated send_buffer struct */
+};
+
+typedef int (*sending)(void); /* Curl_send */
+typedef int (*recving)(void); /* Curl_recv */
+
+struct http_conn {
+#ifdef USE_NGHTTP2
+#define H2_BINSETTINGS_LEN 80
+  nghttp2_session *h2;
+  uint8_t binsettings[H2_BINSETTINGS_LEN];
+  size_t  binlen; /* length of the binsettings data */
+  char *mem;     /* points to a buffer in memory to store */
+  size_t len;    /* size of the buffer 'mem' points to */
+  bool bodystarted;
+  sending send_underlying; /* underlying send Curl_send callback */
+  recving recv_underlying; /* underlying recv Curl_recv callback */
+  bool closed; /* TRUE on HTTP2 stream close */
+  Curl_send_buffer *header_recvbuf; /* store response headers.  We
+                                       store non-final and final
+                                       response headers into it. */
+  size_t nread_header_recvbuf; /* number of bytes in header_recvbuf
+                                  fed into upper layer */
+  int32_t stream_id; /* stream we are interested in */
+  const uint8_t *data; /* pointer to data chunk, received in
+                          on_data_chunk */
+  size_t datalen; /* the number of bytes left in data */
+  char *inbuf; /* buffer to receive data from underlying socket */
+  /* We need separate buffer for transmission and reception because we
+     may call nghttp2_session_send() after the
+     nghttp2_session_mem_recv() but mem buffer is still not full. In
+     this case, we wrongly sends the content of mem buffer if we share
+     them for both cases. */
+  const uint8_t *upload_mem; /* points to a buffer to read from */
+  size_t upload_len; /* size of the buffer 'upload_mem' points to */
+  size_t upload_left; /* number of bytes left to upload */
+  int status_code; /* HTTP status code */
+#else
+  int unused; /* prevent a compiler warning */
+#endif
+};
+
+CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
+                                     struct connectdata *conn,
+                                     ssize_t *nread,
+                                     bool *stop_reading);
+
+/**
+ * Curl_http_output_auth() setups the authentication headers for the
+ * host/proxy and the correct authentication
+ * method. conn->data->state.authdone is set to TRUE when authentication is
+ * done.
+ *
+ * @param conn all information about the current connection
+ * @param request pointer to the request keyword
+ * @param path pointer to the requested path
+ * @param proxytunnel boolean if this is the request setting up a "proxy
+ * tunnel"
+ *
+ * @returns CURLcode
+ */
+CURLcode
+Curl_http_output_auth(struct connectdata *conn,
+                      const char *request,
+                      const char *path,
+                      bool proxytunnel); /* TRUE if this is the request setting
+                                            up the proxy tunnel */
+
+#endif /* HEADER_CURL_HTTP_H */
+
diff --git a/Utilities/cmcurl/lib/http2.c b/Utilities/cmcurl/lib/http2.c
new file mode 100644
index 0000000..604514d
--- /dev/null
+++ b/Utilities/cmcurl/lib/http2.c
@@ -0,0 +1,1036 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_NGHTTP2
+#define _MPRINTF_REPLACE
+#include <curl/mprintf.h>
+
+#include <nghttp2/nghttp2.h>
+#include "urldata.h"
+#include "http2.h"
+#include "http.h"
+#include "sendf.h"
+#include "curl_base64.h"
+#include "curl_memory.h"
+#include "rawstr.h"
+#include "multiif.h"
+
+/* include memdebug.h last */
+#include "memdebug.h"
+
+#if (NGHTTP2_VERSION_NUM < 0x000600)
+#error too old nghttp2 version, upgrade!
+#endif
+
+static int http2_perform_getsock(const struct connectdata *conn,
+                                 curl_socket_t *sock, /* points to
+                                                         numsocks
+                                                         number of
+                                                         sockets */
+                                 int numsocks)
+{
+  const struct http_conn *httpc = &conn->proto.httpc;
+  int bitmap = GETSOCK_BLANK;
+  (void)numsocks;
+
+  /* TODO We should check underlying socket state if it is SSL socket
+     because of renegotiation. */
+  sock[0] = conn->sock[FIRSTSOCKET];
+
+  if(nghttp2_session_want_read(httpc->h2))
+    bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
+
+  if(nghttp2_session_want_write(httpc->h2))
+    bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
+
+  return bitmap;
+}
+
+static int http2_getsock(struct connectdata *conn,
+                         curl_socket_t *sock, /* points to numsocks
+                                                 number of sockets */
+                         int numsocks)
+{
+  return http2_perform_getsock(conn, sock, numsocks);
+}
+
+static CURLcode http2_disconnect(struct connectdata *conn,
+                                 bool dead_connection)
+{
+  struct http_conn *httpc = &conn->proto.httpc;
+  (void)dead_connection;
+
+  infof(conn->data, "HTTP/2 DISCONNECT starts now\n");
+
+  nghttp2_session_del(httpc->h2);
+
+  Curl_safefree(httpc->header_recvbuf->buffer);
+  Curl_safefree(httpc->header_recvbuf);
+
+  Curl_safefree(httpc->inbuf);
+
+  infof(conn->data, "HTTP/2 DISCONNECT done\n");
+
+  return CURLE_OK;
+}
+
+/*
+ * HTTP2 handler interface. This isn't added to the general list of protocols
+ * but will be used at run-time when the protocol is dynamically switched from
+ * HTTP to HTTP2.
+ */
+const struct Curl_handler Curl_handler_http2 = {
+  "HTTP2",                              /* scheme */
+  ZERO_NULL,                            /* setup_connection */
+  Curl_http,                            /* do_it */
+  ZERO_NULL,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  http2_getsock,                        /* proto_getsock */
+  http2_getsock,                        /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  http2_perform_getsock,                /* perform_getsock */
+  http2_disconnect,                     /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_HTTP,                            /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+const struct Curl_handler Curl_handler_http2_ssl = {
+  "HTTP2",                              /* scheme */
+  ZERO_NULL,                            /* setup_connection */
+  Curl_http,                            /* do_it */
+  ZERO_NULL,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  http2_getsock,                        /* proto_getsock */
+  http2_getsock,                        /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  http2_perform_getsock,                /* perform_getsock */
+  http2_disconnect,                     /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_HTTP,                            /* defport */
+  CURLPROTO_HTTPS,                      /* protocol */
+  PROTOPT_SSL                           /* flags */
+};
+
+/*
+ * Store nghttp2 version info in this buffer, Prefix with a space.  Return
+ * total length written.
+ */
+int Curl_http2_ver(char *p, size_t len)
+{
+  nghttp2_info *h2 = nghttp2_version(0);
+  return snprintf(p, len, " nghttp2/%s", h2->version_str);
+}
+
+/*
+ * The implementation of nghttp2_send_callback type. Here we write |data| with
+ * size |length| to the network and return the number of bytes actually
+ * written. See the documentation of nghttp2_send_callback for the details.
+ */
+static ssize_t send_callback(nghttp2_session *h2,
+                             const uint8_t *data, size_t length, int flags,
+                             void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  struct http_conn *httpc = &conn->proto.httpc;
+  ssize_t written;
+  CURLcode rc;
+  (void)h2;
+  (void)flags;
+
+  rc = 0;
+  written = ((Curl_send*)httpc->send_underlying)(conn, FIRSTSOCKET,
+                                                 data, length, &rc);
+
+  if(rc == CURLE_AGAIN) {
+    return NGHTTP2_ERR_WOULDBLOCK;
+  }
+
+  if(written == -1) {
+    failf(conn->data, "Failed sending HTTP2 data");
+    return NGHTTP2_ERR_CALLBACK_FAILURE;
+  }
+
+  if(!written)
+    return NGHTTP2_ERR_WOULDBLOCK;
+
+  return written;
+}
+
+static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
+                         void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  struct http_conn *c = &conn->proto.httpc;
+  int rv;
+  size_t left, ncopy;
+
+  (void)session;
+  (void)frame;
+  infof(conn->data, "on_frame_recv() was called with header %x\n",
+        frame->hd.type);
+  switch(frame->hd.type) {
+  case NGHTTP2_DATA:
+    /* If body started, then receiving DATA is illegal. */
+    if(!c->bodystarted) {
+      rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
+                                     frame->hd.stream_id,
+                                     NGHTTP2_PROTOCOL_ERROR);
+
+      if(nghttp2_is_fatal(rv)) {
+        return NGHTTP2_ERR_CALLBACK_FAILURE;
+      }
+    }
+    break;
+  case NGHTTP2_HEADERS:
+    if(frame->headers.cat == NGHTTP2_HCAT_REQUEST)
+      break;
+
+    if(c->bodystarted) {
+      /* Only valid HEADERS after body started is trailer header,
+         which is not fully supported in this code.  If HEADERS is not
+         trailer, then it is a PROTOCOL_ERROR. */
+      if((frame->hd.flags & NGHTTP2_FLAG_END_STREAM) == 0) {
+        rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
+                                       frame->hd.stream_id,
+                                       NGHTTP2_PROTOCOL_ERROR);
+
+        if(nghttp2_is_fatal(rv)) {
+          return NGHTTP2_ERR_CALLBACK_FAILURE;
+        }
+      }
+      break;
+    }
+
+    if(c->status_code == -1) {
+      /* No :status header field means PROTOCOL_ERROR. */
+      rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
+                                     frame->hd.stream_id,
+                                     NGHTTP2_PROTOCOL_ERROR);
+
+      if(nghttp2_is_fatal(rv)) {
+        return NGHTTP2_ERR_CALLBACK_FAILURE;
+      }
+
+      break;
+    }
+
+    /* Only final status code signals the end of header */
+    if(c->status_code / 100 != 1) {
+      c->bodystarted = TRUE;
+    }
+
+    c->status_code = -1;
+
+    Curl_add_buffer(c->header_recvbuf, "\r\n", 2);
+
+    left = c->header_recvbuf->size_used - c->nread_header_recvbuf;
+    ncopy = c->len < left ? c->len : left;
+
+    memcpy(c->mem, c->header_recvbuf->buffer + c->nread_header_recvbuf, ncopy);
+    c->nread_header_recvbuf += ncopy;
+
+    c->mem += ncopy;
+    c->len -= ncopy;
+    break;
+  case NGHTTP2_PUSH_PROMISE:
+    rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
+                                   frame->push_promise.promised_stream_id,
+                                   NGHTTP2_CANCEL);
+    if(nghttp2_is_fatal(rv)) {
+      return rv;
+    }
+    break;
+  }
+  return 0;
+}
+
+static int on_invalid_frame_recv(nghttp2_session *session,
+                                 const nghttp2_frame *frame,
+                                 uint32_t error_code, void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  (void)session;
+  (void)frame;
+  infof(conn->data, "on_invalid_frame_recv() was called, error_code = %d\n",
+        error_code);
+  return 0;
+}
+
+static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+                              int32_t stream_id,
+                              const uint8_t *data, size_t len, void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  struct http_conn *c = &conn->proto.httpc;
+  size_t nread;
+  (void)session;
+  (void)flags;
+  (void)data;
+  infof(conn->data, "on_data_chunk_recv() "
+        "len = %u, stream = %x\n", len, stream_id);
+
+  if(stream_id != c->stream_id) {
+    return 0;
+  }
+
+  nread = c->len < len ? c->len : len;
+  memcpy(c->mem, data, nread);
+
+  c->mem += nread;
+  c->len -= nread;
+
+  infof(conn->data, "%zu data written\n", nread);
+
+  if(nread < len) {
+    c->data = data + nread;
+    c->datalen = len - nread;
+    return NGHTTP2_ERR_PAUSE;
+  }
+  return 0;
+}
+
+static int before_frame_send(nghttp2_session *session,
+                             const nghttp2_frame *frame,
+                             void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  (void)session;
+  (void)frame;
+  infof(conn->data, "before_frame_send() was called\n");
+  return 0;
+}
+static int on_frame_send(nghttp2_session *session,
+                         const nghttp2_frame *frame,
+                         void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  (void)session;
+  (void)frame;
+  infof(conn->data, "on_frame_send() was called\n");
+  return 0;
+}
+static int on_frame_not_send(nghttp2_session *session,
+                             const nghttp2_frame *frame,
+                             int lib_error_code, void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  (void)session;
+  (void)frame;
+  infof(conn->data, "on_frame_not_send() was called, lib_error_code = %d\n",
+        lib_error_code);
+  return 0;
+}
+static int on_stream_close(nghttp2_session *session, int32_t stream_id,
+                           uint32_t error_code, void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  struct http_conn *c = &conn->proto.httpc;
+  (void)session;
+  (void)stream_id;
+  infof(conn->data, "on_stream_close() was called, error_code = %d\n",
+        error_code);
+
+  if(stream_id != c->stream_id) {
+    return 0;
+  }
+
+  c->closed = TRUE;
+
+  return 0;
+}
+
+static int on_begin_headers(nghttp2_session *session,
+                            const nghttp2_frame *frame, void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  (void)session;
+  (void)frame;
+  infof(conn->data, "on_begin_headers() was called\n");
+  return 0;
+}
+
+/* Decode HTTP status code.  Returns -1 if no valid status code was
+   decoded. */
+static int decode_status_code(const uint8_t *value, size_t len)
+{
+  int i;
+  int res;
+
+  if(len != 3) {
+    return -1;
+  }
+
+  res = 0;
+
+  for(i = 0; i < 3; ++i) {
+    char c = value[i];
+
+    if(c < '0' || c > '9') {
+      return -1;
+    }
+
+    res *= 10;
+    res += c - '0';
+  }
+
+  return res;
+}
+
+static const char STATUS[] = ":status";
+
+/* frame->hd.type is either NGHTTP2_HEADERS or NGHTTP2_PUSH_PROMISE */
+static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+                     const uint8_t *name, size_t namelen,
+                     const uint8_t *value, size_t valuelen,
+                     uint8_t flags,
+                     void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  struct http_conn *c = &conn->proto.httpc;
+  int rv;
+  int goodname;
+  int goodheader;
+
+  (void)session;
+  (void)frame;
+  (void)flags;
+
+  if(frame->hd.stream_id != c->stream_id) {
+    return 0;
+  }
+
+  if(c->bodystarted) {
+    /* Ignore trailer or HEADERS not mapped to HTTP semantics.  The
+       consequence is handled in on_frame_recv(). */
+    return 0;
+  }
+
+  goodname = nghttp2_check_header_name(name, namelen);
+  goodheader = nghttp2_check_header_value(value, valuelen);
+
+  if(!goodname || !goodheader) {
+
+    infof(conn->data, "Detected bad incoming header %s%s, reset stream!\n",
+          goodname?"":"name",
+          goodheader?"":"value");
+
+    rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
+                                   frame->hd.stream_id,
+                                   NGHTTP2_PROTOCOL_ERROR);
+
+    if(nghttp2_is_fatal(rv)) {
+      return NGHTTP2_ERR_CALLBACK_FAILURE;
+    }
+
+    return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+  }
+
+  if(namelen == sizeof(":status") - 1 &&
+     memcmp(STATUS, name, namelen) == 0) {
+
+    /* :status must appear exactly once. */
+    if(c->status_code != -1 ||
+       (c->status_code = decode_status_code(value, valuelen)) == -1) {
+
+      rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
+                                     frame->hd.stream_id,
+                                     NGHTTP2_PROTOCOL_ERROR);
+      if(nghttp2_is_fatal(rv)) {
+        return NGHTTP2_ERR_CALLBACK_FAILURE;
+      }
+
+      return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+    }
+
+    Curl_add_buffer(c->header_recvbuf, "HTTP/2.0 ", 9);
+    Curl_add_buffer(c->header_recvbuf, value, valuelen);
+    Curl_add_buffer(c->header_recvbuf, "\r\n", 2);
+
+    return 0;
+  }
+  else {
+    /* Here we are sure that namelen > 0 because of
+       nghttp2_check_header_name().  Pseudo header other than :status
+       is illegal. */
+    if(c->status_code == -1 || name[0] == ':') {
+      rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
+                                     frame->hd.stream_id,
+                                     NGHTTP2_PROTOCOL_ERROR);
+      if(nghttp2_is_fatal(rv)) {
+        return NGHTTP2_ERR_CALLBACK_FAILURE;
+      }
+
+      return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+    }
+
+    /* convert to a HTTP1-style header */
+    Curl_add_buffer(c->header_recvbuf, name, namelen);
+    Curl_add_buffer(c->header_recvbuf, ":", 1);
+    Curl_add_buffer(c->header_recvbuf, value, valuelen);
+    Curl_add_buffer(c->header_recvbuf, "\r\n", 2);
+
+    infof(conn->data, "got http2 header: %.*s: %.*s\n",
+          namelen, name, valuelen, value);
+  }
+
+  return 0; /* 0 is successful */
+}
+
+static ssize_t data_source_read_callback(nghttp2_session *session,
+                                         int32_t stream_id,
+                                         uint8_t *buf, size_t length,
+                                         uint32_t *data_flags,
+                                         nghttp2_data_source *source,
+                                         void *userp)
+{
+  struct connectdata *conn = (struct connectdata *)userp;
+  struct http_conn *c = &conn->proto.httpc;
+  size_t nread;
+  (void)session;
+  (void)stream_id;
+  (void)source;
+
+  nread = c->upload_len < length ? c->upload_len : length;
+  if(nread > 0) {
+    memcpy(buf, c->upload_mem, nread);
+    c->upload_mem += nread;
+    c->upload_len -= nread;
+    c->upload_left -= nread;
+  }
+
+  if(c->upload_left == 0)
+    *data_flags = 1;
+  else if(nread == 0)
+    return NGHTTP2_ERR_DEFERRED;
+
+  return nread;
+}
+
+/*
+ * The HTTP2 settings we send in the Upgrade request
+ */
+static nghttp2_settings_entry settings[] = {
+  { NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 100 },
+  { NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE, NGHTTP2_INITIAL_WINDOW_SIZE },
+};
+
+#define H2_BUFSIZE 4096
+
+/*
+ * Initialize nghttp2 for a Curl connection
+ */
+CURLcode Curl_http2_init(struct connectdata *conn)
+{
+  if(!conn->proto.httpc.h2) {
+    int rc;
+    nghttp2_session_callbacks *callbacks;
+
+    conn->proto.httpc.inbuf = malloc(H2_BUFSIZE);
+    if(conn->proto.httpc.inbuf == NULL)
+      return CURLE_OUT_OF_MEMORY;
+
+    rc = nghttp2_session_callbacks_new(&callbacks);
+
+    if(rc) {
+      failf(conn->data, "Couldn't initialize nghttp2 callbacks!");
+      return CURLE_OUT_OF_MEMORY; /* most likely at least */
+    }
+
+    /* nghttp2_send_callback */
+    nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
+    /* nghttp2_on_frame_recv_callback */
+    nghttp2_session_callbacks_set_on_frame_recv_callback
+      (callbacks, on_frame_recv);
+    /* nghttp2_on_invalid_frame_recv_callback */
+    nghttp2_session_callbacks_set_on_invalid_frame_recv_callback
+      (callbacks, on_invalid_frame_recv);
+    /* nghttp2_on_data_chunk_recv_callback */
+    nghttp2_session_callbacks_set_on_data_chunk_recv_callback
+      (callbacks, on_data_chunk_recv);
+    /* nghttp2_before_frame_send_callback */
+    nghttp2_session_callbacks_set_before_frame_send_callback
+      (callbacks, before_frame_send);
+    /* nghttp2_on_frame_send_callback */
+    nghttp2_session_callbacks_set_on_frame_send_callback
+      (callbacks, on_frame_send);
+    /* nghttp2_on_frame_not_send_callback */
+    nghttp2_session_callbacks_set_on_frame_not_send_callback
+      (callbacks, on_frame_not_send);
+    /* nghttp2_on_stream_close_callback */
+    nghttp2_session_callbacks_set_on_stream_close_callback
+      (callbacks, on_stream_close);
+    /* nghttp2_on_begin_headers_callback */
+    nghttp2_session_callbacks_set_on_begin_headers_callback
+      (callbacks, on_begin_headers);
+    /* nghttp2_on_header_callback */
+    nghttp2_session_callbacks_set_on_header_callback(callbacks, on_header);
+
+    /* The nghttp2 session is not yet setup, do it */
+    rc = nghttp2_session_client_new(&conn->proto.httpc.h2,
+                                    callbacks, conn);
+
+    nghttp2_session_callbacks_del(callbacks);
+
+    if(rc) {
+      failf(conn->data, "Couldn't initialize nghttp2!");
+      return CURLE_OUT_OF_MEMORY; /* most likely at least */
+    }
+  }
+  return CURLE_OK;
+}
+
+/*
+ * Send a request using http2
+ */
+CURLcode Curl_http2_send_request(struct connectdata *conn)
+{
+  (void)conn;
+  return CURLE_OK;
+}
+
+/*
+ * Append headers to ask for a HTTP1.1 to HTTP2 upgrade.
+ */
+CURLcode Curl_http2_request_upgrade(Curl_send_buffer *req,
+                                    struct connectdata *conn)
+{
+  CURLcode result;
+  ssize_t binlen;
+  char *base64;
+  size_t blen;
+  struct SingleRequest *k = &conn->data->req;
+  uint8_t *binsettings = conn->proto.httpc.binsettings;
+
+  result = Curl_http2_init(conn);
+  if(result)
+    return result;
+
+  result = Curl_http2_setup(conn);
+  if(result)
+    return result;
+
+  /* As long as we have a fixed set of settings, we don't have to dynamically
+   * figure out the base64 strings since it'll always be the same. However,
+   * the settings will likely not be fixed every time in the future.
+   */
+
+  /* this returns number of bytes it wrote */
+  binlen = nghttp2_pack_settings_payload(binsettings, H2_BINSETTINGS_LEN,
+                                         settings,
+                                         sizeof(settings)/sizeof(settings[0]));
+  if(!binlen) {
+    failf(conn->data, "nghttp2 unexpectedly failed on pack_settings_payload");
+    return CURLE_FAILED_INIT;
+  }
+  conn->proto.httpc.binlen = binlen;
+
+  result = Curl_base64url_encode(conn->data, (const char *)binsettings, binlen,
+                                 &base64, &blen);
+  if(result)
+    return result;
+
+  result = Curl_add_bufferf(req,
+                            "Connection: Upgrade, HTTP2-Settings\r\n"
+                            "Upgrade: %s\r\n"
+                            "HTTP2-Settings: %s\r\n",
+                            NGHTTP2_CLEARTEXT_PROTO_VERSION_ID, base64);
+  Curl_safefree(base64);
+
+  k->upgr101 = UPGR101_REQUESTED;
+
+  return result;
+}
+
+/*
+ * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
+ * a regular CURLcode value.
+ */
+static ssize_t http2_recv(struct connectdata *conn, int sockindex,
+                          char *mem, size_t len, CURLcode *err)
+{
+  CURLcode rc;
+  ssize_t rv;
+  ssize_t nread;
+  struct http_conn *httpc = &conn->proto.httpc;
+
+  (void)sockindex; /* we always do HTTP2 on sockindex 0 */
+
+  if(httpc->closed) {
+    /* Reset to FALSE to prevent infinite loop in readwrite_data
+       function. */
+    httpc->closed = FALSE;
+    return 0;
+  }
+
+  /* Nullify here because we call nghttp2_session_send() and they
+     might refer to the old buffer. */
+  httpc->upload_mem = NULL;
+  httpc->upload_len = 0;
+
+  if(httpc->bodystarted &&
+     httpc->nread_header_recvbuf < httpc->header_recvbuf->size_used) {
+    size_t left =
+      httpc->header_recvbuf->size_used - httpc->nread_header_recvbuf;
+    size_t ncopy = len < left ? len : left;
+    memcpy(mem, httpc->header_recvbuf->buffer + httpc->nread_header_recvbuf,
+           ncopy);
+    httpc->nread_header_recvbuf += ncopy;
+    return ncopy;
+  }
+
+  if(httpc->data) {
+    nread = len < httpc->datalen ? len : httpc->datalen;
+    memcpy(mem, httpc->data, nread);
+
+    httpc->data += nread;
+    httpc->datalen -= nread;
+
+    infof(conn->data, "%zu data written\n", nread);
+    if(httpc->datalen == 0) {
+      httpc->data = NULL;
+      httpc->datalen = 0;
+    }
+    return nread;
+  }
+
+  conn->proto.httpc.mem = mem;
+  conn->proto.httpc.len = len;
+
+  infof(conn->data, "http2_recv: %d bytes buffer\n",
+        conn->proto.httpc.len);
+
+  rc = 0;
+  nread = ((Curl_recv*)httpc->recv_underlying)(conn, FIRSTSOCKET,
+                                               httpc->inbuf, H2_BUFSIZE, &rc);
+
+  if(rc == CURLE_AGAIN) {
+    *err = rc;
+    return -1;
+  }
+
+  if(nread == -1) {
+    failf(conn->data, "Failed receiving HTTP2 data");
+    *err = rc;
+    return 0;
+  }
+
+  infof(conn->data, "nread=%zd\n", nread);
+  rv = nghttp2_session_mem_recv(httpc->h2,
+                                (const uint8_t *)httpc->inbuf, nread);
+
+  if(nghttp2_is_fatal((int)rv)) {
+    failf(conn->data, "nghttp2_session_mem_recv() returned %d:%s\n",
+          rv, nghttp2_strerror((int)rv));
+    *err = CURLE_RECV_ERROR;
+    return 0;
+  }
+  infof(conn->data, "nghttp2_session_mem_recv() returns %zd\n", rv);
+  /* Always send pending frames in nghttp2 session, because
+     nghttp2_session_mem_recv() may queue new frame */
+  rv = nghttp2_session_send(httpc->h2);
+  if(rv != 0) {
+    *err = CURLE_SEND_ERROR;
+    return 0;
+  }
+  if(len != httpc->len) {
+    return len - conn->proto.httpc.len;
+  }
+  /* If stream is closed, return 0 to signal the http routine to close
+     the connection */
+  if(httpc->closed) {
+    /* Reset to FALSE to prevent infinite loop in readwrite_data
+       function. */
+    httpc->closed = FALSE;
+    return 0;
+  }
+  *err = CURLE_AGAIN;
+  return -1;
+}
+
+/* Index where :authority header field will appear in request header
+   field list. */
+#define AUTHORITY_DST_IDX 3
+
+/* return number of received (decrypted) bytes */
+static ssize_t http2_send(struct connectdata *conn, int sockindex,
+                          const void *mem, size_t len, CURLcode *err)
+{
+  /*
+   * BIG TODO: Currently, we send request in this function, but this
+   * function is also used to send request body. It would be nice to
+   * add dedicated function for request.
+   */
+  int rv;
+  struct http_conn *httpc = &conn->proto.httpc;
+  nghttp2_nv *nva;
+  size_t nheader;
+  size_t i;
+  size_t authority_idx;
+  char *hdbuf = (char*)mem;
+  char *end;
+  nghttp2_data_provider data_prd;
+  int32_t stream_id;
+
+  (void)sockindex;
+
+  infof(conn->data, "http2_send len=%zu\n", len);
+
+  if(httpc->stream_id != -1) {
+    /* If stream_id != -1, we have dispatched request HEADERS, and now
+       are going to send or sending request body in DATA frame */
+    httpc->upload_mem = mem;
+    httpc->upload_len = len;
+    nghttp2_session_resume_data(httpc->h2, httpc->stream_id);
+    rv = nghttp2_session_send(httpc->h2);
+    if(nghttp2_is_fatal(rv)) {
+      *err = CURLE_SEND_ERROR;
+      return -1;
+    }
+    return len - httpc->upload_len;
+  }
+
+  /* Calculate number of headers contained in [mem, mem + len) */
+  /* Here, we assume the curl http code generate *correct* HTTP header
+     field block */
+  nheader = 0;
+  for(i = 0; i < len; ++i) {
+    if(hdbuf[i] == 0x0a) {
+      ++nheader;
+    }
+  }
+  /* We counted additional 2 \n in the first and last line. We need 3
+     new headers: :method, :path and :scheme. Therefore we need one
+     more space. */
+  nheader += 1;
+  nva = malloc(sizeof(nghttp2_nv) * nheader);
+  if(nva == NULL) {
+    *err = CURLE_OUT_OF_MEMORY;
+    return -1;
+  }
+  /* Extract :method, :path from request line */
+  end = strchr(hdbuf, ' ');
+  nva[0].name = (unsigned char *)":method";
+  nva[0].namelen = (uint16_t)strlen((char *)nva[0].name);
+  nva[0].value = (unsigned char *)hdbuf;
+  nva[0].valuelen = (uint16_t)(end - hdbuf);
+  nva[0].flags = NGHTTP2_NV_FLAG_NONE;
+
+  hdbuf = end + 1;
+
+  end = strchr(hdbuf, ' ');
+  nva[1].name = (unsigned char *)":path";
+  nva[1].namelen = (uint16_t)strlen((char *)nva[1].name);
+  nva[1].value = (unsigned char *)hdbuf;
+  nva[1].valuelen = (uint16_t)(end - hdbuf);
+  nva[1].flags = NGHTTP2_NV_FLAG_NONE;
+
+  nva[2].name = (unsigned char *)":scheme";
+  nva[2].namelen = (uint16_t)strlen((char *)nva[2].name);
+  if(conn->handler->flags & PROTOPT_SSL)
+    nva[2].value = (unsigned char *)"https";
+  else
+    nva[2].value = (unsigned char *)"http";
+  nva[2].valuelen = (uint16_t)strlen((char *)nva[2].value);
+  nva[2].flags = NGHTTP2_NV_FLAG_NONE;
+
+  hdbuf = strchr(hdbuf, 0x0a);
+  ++hdbuf;
+
+  authority_idx = 0;
+
+  for(i = 3; i < nheader; ++i) {
+    end = strchr(hdbuf, ':');
+    assert(end);
+    if(end - hdbuf == 4 && Curl_raw_nequal("host", hdbuf, 4)) {
+      authority_idx = i;
+      nva[i].name = (unsigned char *)":authority";
+      nva[i].namelen = (uint16_t)strlen((char *)nva[i].name);
+    }
+    else {
+      nva[i].name = (unsigned char *)hdbuf;
+      nva[i].namelen = (uint16_t)(end - hdbuf);
+    }
+    hdbuf = end + 1;
+    for(; *hdbuf == ' '; ++hdbuf);
+    end = strchr(hdbuf, 0x0d);
+    assert(end);
+    nva[i].value = (unsigned char *)hdbuf;
+    nva[i].valuelen = (uint16_t)(end - hdbuf);
+    nva[i].flags = NGHTTP2_NV_FLAG_NONE;
+
+    hdbuf = end + 2;
+    /* Inspect Content-Length header field and retrieve the request
+       entity length so that we can set END_STREAM to the last DATA
+       frame. */
+    if(nva[i].namelen == 14 &&
+       Curl_raw_nequal("content-length", (char*)nva[i].name, 14)) {
+      size_t j;
+      for(j = 0; j < nva[i].valuelen; ++j) {
+        httpc->upload_left *= 10;
+        httpc->upload_left += nva[i].value[j] - '0';
+      }
+      infof(conn->data, "request content-length=%zu\n", httpc->upload_left);
+    }
+  }
+
+  /* :authority must come before non-pseudo header fields */
+  if(authority_idx != 0 && authority_idx != AUTHORITY_DST_IDX) {
+    nghttp2_nv authority = nva[authority_idx];
+    for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) {
+      nva[i] = nva[i - 1];
+    }
+    nva[i] = authority;
+  }
+
+  switch(conn->data->set.httpreq) {
+  case HTTPREQ_POST:
+  case HTTPREQ_POST_FORM:
+  case HTTPREQ_PUT:
+    data_prd.read_callback = data_source_read_callback;
+    data_prd.source.ptr = NULL;
+    stream_id = nghttp2_submit_request(httpc->h2, NULL, nva, nheader,
+                                       &data_prd, NULL);
+    break;
+  default:
+    stream_id = nghttp2_submit_request(httpc->h2, NULL, nva, nheader,
+                                       NULL, NULL);
+  }
+
+  Curl_safefree(nva);
+
+  if(stream_id < 0) {
+    *err = CURLE_SEND_ERROR;
+    return -1;
+  }
+
+  httpc->stream_id = stream_id;
+
+  rv = nghttp2_session_send(httpc->h2);
+
+  if(rv != 0) {
+    *err = CURLE_SEND_ERROR;
+    return -1;
+  }
+
+  if(httpc->stream_id != -1) {
+    /* If whole HEADERS frame was sent off to the underlying socket,
+       the nghttp2 library calls data_source_read_callback. But only
+       it found that no data available, so it deferred the DATA
+       transmission. Which means that nghttp2_session_want_write()
+       returns 0 on http2_perform_getsock(), which results that no
+       writable socket check is performed. To workaround this, we
+       issue nghttp2_session_resume_data() here to bring back DATA
+       transmission from deferred state. */
+    nghttp2_session_resume_data(httpc->h2, httpc->stream_id);
+  }
+
+  return len;
+}
+
+CURLcode Curl_http2_setup(struct connectdata *conn)
+{
+  struct http_conn *httpc = &conn->proto.httpc;
+  if(conn->handler->flags & PROTOPT_SSL)
+    conn->handler = &Curl_handler_http2_ssl;
+  else
+    conn->handler = &Curl_handler_http2;
+
+  infof(conn->data, "Using HTTP2\n");
+  httpc->bodystarted = FALSE;
+  httpc->closed = FALSE;
+  httpc->header_recvbuf = Curl_add_buffer_init();
+  httpc->nread_header_recvbuf = 0;
+  httpc->data = NULL;
+  httpc->datalen = 0;
+  httpc->upload_left = 0;
+  httpc->upload_mem = NULL;
+  httpc->upload_len = 0;
+  httpc->stream_id = -1;
+  httpc->status_code = -1;
+
+  conn->httpversion = 20;
+
+  return 0;
+}
+
+CURLcode Curl_http2_switched(struct connectdata *conn)
+{
+  CURLcode rc;
+  struct http_conn *httpc = &conn->proto.httpc;
+  int rv;
+  struct SessionHandle *data = conn->data;
+
+  httpc->recv_underlying = (recving)conn->recv[FIRSTSOCKET];
+  httpc->send_underlying = (sending)conn->send[FIRSTSOCKET];
+  conn->recv[FIRSTSOCKET] = http2_recv;
+  conn->send[FIRSTSOCKET] = http2_send;
+
+  rv = (int) ((Curl_send*)httpc->send_underlying)
+    (conn, FIRSTSOCKET,
+     NGHTTP2_CLIENT_CONNECTION_PREFACE,
+     NGHTTP2_CLIENT_CONNECTION_PREFACE_LEN,
+     &rc);
+  if(rc)
+    /* TODO: This may get CURLE_AGAIN */
+    return rc;
+
+  if(rv != 24) {
+    failf(data, "Only sent partial HTTP2 packet");
+    return CURLE_SEND_ERROR;
+  }
+
+  if(conn->data->req.upgr101 == UPGR101_RECEIVED) {
+    /* stream 1 is opened implicitly on upgrade */
+    httpc->stream_id = 1;
+    /* queue SETTINGS frame (again) */
+    rv = nghttp2_session_upgrade(httpc->h2, httpc->binsettings,
+                                 httpc->binlen, NULL);
+    if(rv != 0) {
+      failf(data, "nghttp2_session_upgrade() failed: %s(%d)",
+            nghttp2_strerror(rv), rv);
+      return CURLE_HTTP2;
+    }
+  }
+  else {
+    /* stream ID is unknown at this point */
+    httpc->stream_id = -1;
+    rv = nghttp2_submit_settings(httpc->h2, NGHTTP2_FLAG_NONE, NULL, 0);
+    if(rv != 0) {
+      failf(data, "nghttp2_submit_settings() failed: %s(%d)",
+            nghttp2_strerror(rv), rv);
+      return CURLE_HTTP2;
+    }
+  }
+  return CURLE_OK;
+}
+
+#endif
diff --git a/Utilities/cmcurl/lib/http2.h b/Utilities/cmcurl/lib/http2.h
new file mode 100644
index 0000000..66aa6fd
--- /dev/null
+++ b/Utilities/cmcurl/lib/http2.h
@@ -0,0 +1,50 @@
+#ifndef HEADER_CURL_HTTP2_H
+#define HEADER_CURL_HTTP2_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_NGHTTP2
+#include "http.h"
+/*
+ * Store nghttp2 version info in this buffer, Prefix with a space.  Return
+ * total length written.
+ */
+int Curl_http2_ver(char *p, size_t len);
+
+CURLcode Curl_http2_init(struct connectdata *conn);
+CURLcode Curl_http2_send_request(struct connectdata *conn);
+CURLcode Curl_http2_request_upgrade(Curl_send_buffer *req,
+                                    struct connectdata *conn);
+CURLcode Curl_http2_setup(struct connectdata *conn);
+CURLcode Curl_http2_switched(struct connectdata *conn);
+#else /* USE_NGHTTP2 */
+#define Curl_http2_init(x) CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_send_request(x) CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_request_upgrade(x,y) CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_setup(x) CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_switched(x) CURLE_UNSUPPORTED_PROTOCOL
+#endif
+
+#endif /* HEADER_CURL_HTTP2_H */
+
diff --git a/Utilities/cmcurl/http_chunks.c b/Utilities/cmcurl/lib/http_chunks.c
index 1b03a55..61a6098 100644
--- a/Utilities/cmcurl/http_chunks.c
+++ b/Utilities/cmcurl/lib/http_chunks.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,25 +18,21 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-#include "setup.h"
+
+#include "curl_setup.h"
 
 #ifndef CURL_DISABLE_HTTP
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
 
 #include "urldata.h" /* it includes http_chunks.h */
 #include "sendf.h"   /* for the client write stuff */
 
 #include "content_encoding.h"
 #include "http.h"
-#include "memory.h"
-#include "easyif.h" /* for Curl_convert_to_network prototype */
+#include "curl_memory.h"
+#include "non-ascii.h" /* for Curl_convert_to_network prototype */
+#include "strtoofft.h"
+#include "warnless.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -81,12 +77,20 @@
 
  */
 
+/* Check for an ASCII hex digit.
+ We avoid the use of isxdigit to accommodate non-ASCII hosts. */
+static bool Curl_isxdigit(char digit)
+{
+  return ( (digit >= 0x30 && digit <= 0x39) /* 0-9 */
+        || (digit >= 0x41 && digit <= 0x46) /* A-F */
+        || (digit >= 0x61 && digit <= 0x66) /* a-f */ ) ? TRUE : FALSE;
+}
 
 void Curl_httpchunk_init(struct connectdata *conn)
 {
-  struct Curl_chunker *chunk = &conn->data->reqdata.proto.http->chunk;
-  chunk->hexindex=0; /* start at 0 */
-  chunk->dataleft=0; /* no data left yet! */
+  struct Curl_chunker *chunk = &conn->chunk;
+  chunk->hexindex=0;        /* start at 0 */
+  chunk->dataleft=0;        /* no data left yet! */
   chunk->state = CHUNK_HEX; /* we get hex first! */
 }
 
@@ -108,22 +112,26 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
 {
   CURLcode result=CURLE_OK;
   struct SessionHandle *data = conn->data;
-  struct Curl_chunker *ch = &data->reqdata.proto.http->chunk;
-  struct Curl_transfer_keeper *k = &data->reqdata.keep;
+  struct Curl_chunker *ch = &conn->chunk;
+  struct SingleRequest *k = &data->req;
   size_t piece;
-  size_t length = (size_t)datalen;
+  curl_off_t length = (curl_off_t)datalen;
   size_t *wrote = (size_t *)wrotep;
 
   *wrote = 0; /* nothing's written yet */
 
+  /* the original data is written to the client, but we go on with the
+     chunk read process, to properly calculate the content length*/
+  if(data->set.http_te_skip && !k->ignorebody) {
+    result = Curl_client_write(conn, CLIENTWRITE_BODY, datap, datalen);
+    if(result)
+      return CHUNKE_WRITE_ERROR;
+  }
+
   while(length) {
     switch(ch->state) {
     case CHUNK_HEX:
-       /* Check for an ASCII hex digit.
-          We avoid the use of isxdigit to accommodate non-ASCII hosts. */
-       if((*datap >= 0x30 && *datap <= 0x39)    /* 0-9 */
-       || (*datap >= 0x41 && *datap <= 0x46)    /* A-F */
-       || (*datap >= 0x61 && *datap <= 0x66)) { /* a-f */
+      if(Curl_isxdigit(*datap)) {
         if(ch->hexindex < MAXNUM_SIZE) {
           ch->hexbuffer[ch->hexindex] = *datap;
           datap++;
@@ -135,107 +143,91 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
         }
       }
       else {
-        if(0 == ch->hexindex) {
+        char *endptr;
+        if(0 == ch->hexindex)
           /* This is illegal data, we received junk where we expected
              a hexadecimal digit. */
           return CHUNKE_ILLEGAL_HEX;
-        }
+
         /* length and datap are unmodified */
         ch->hexbuffer[ch->hexindex]=0;
-#ifdef CURL_DOES_CONVERSIONS
+
         /* convert to host encoding before calling strtoul */
-        result = Curl_convert_from_network(conn->data,
-                                           ch->hexbuffer,
+        result = Curl_convert_from_network(conn->data, ch->hexbuffer,
                                            ch->hexindex);
-        if(result != CURLE_OK) {
+        if(result) {
           /* Curl_convert_from_network calls failf if unsuccessful */
           /* Treat it as a bad hex character */
-          return(CHUNKE_ILLEGAL_HEX);
+          return CHUNKE_ILLEGAL_HEX ;
         }
-#endif /* CURL_DOES_CONVERSIONS */
-        ch->datasize=strtoul(ch->hexbuffer, NULL, 16);
-        ch->state = CHUNK_POSTHEX;
-      }
-      break;
 
-    case CHUNK_POSTHEX:
-      /* In this state, we're waiting for CRLF to arrive. We support
-         this to allow so called chunk-extensions to show up here
-         before the CRLF comes. */
-      if(*datap == 0x0d)
-        ch->state = CHUNK_CR;
-      length--;
-      datap++;
+        ch->datasize=curlx_strtoofft(ch->hexbuffer, &endptr, 16);
+        if((ch->datasize == CURL_OFF_T_MAX) && (errno == ERANGE))
+          /* overflow is an error */
+          return CHUNKE_ILLEGAL_HEX;
+        ch->state = CHUNK_LF; /* now wait for the CRLF */
+      }
       break;
 
-    case CHUNK_CR:
-      /* waiting for the LF */
+    case CHUNK_LF:
+      /* waiting for the LF after a chunk size */
       if(*datap == 0x0a) {
         /* we're now expecting data to come, unless size was zero! */
         if(0 == ch->datasize) {
-          if (conn->bits.trailerHdrPresent!=TRUE) {
-            /* No Trailer: header found - revert to original Curl processing */
-            ch->state = CHUNK_STOP;
-            if (1 == length) {
-               /* This is the final byte, return right now */
-               return CHUNKE_STOP;
-            }
-          }
-          else {
-            ch->state = CHUNK_TRAILER; /* attempt to read trailers */
-            conn->trlPos=0;
-          }
+          ch->state = CHUNK_TRAILER; /* now check for trailers */
+          conn->trlPos=0;
         }
         else
           ch->state = CHUNK_DATA;
       }
-      else
-        /* previously we got a fake CR, go back to CR waiting! */
-        ch->state = CHUNK_CR;
+
       datap++;
       length--;
       break;
 
     case CHUNK_DATA:
-      /* we get pure and fine data
-
-         We expect another 'datasize' of data. We have 'length' right now,
-         it can be more or less than 'datasize'. Get the smallest piece.
+      /* We expect 'datasize' of data. We have 'length' right now, it can be
+         more or less than 'datasize'. Get the smallest piece.
       */
-      piece = (ch->datasize >= length)?length:ch->datasize;
+      piece = curlx_sotouz((ch->datasize >= length)?length:ch->datasize);
 
       /* Write the data portion available */
 #ifdef HAVE_LIBZ
-      switch (data->reqdata.keep.content_encoding) {
-        case IDENTITY:
+      switch (conn->data->set.http_ce_skip?
+              IDENTITY : data->req.auto_decoding) {
+      case IDENTITY:
 #endif
-          if(!k->ignorebody)
+        if(!k->ignorebody) {
+          if(!data->set.http_te_skip)
             result = Curl_client_write(conn, CLIENTWRITE_BODY, datap,
                                        piece);
+          else
+            result = CURLE_OK;
+        }
 #ifdef HAVE_LIBZ
-          break;
-
-        case DEFLATE:
-          /* update data->reqdata.keep.str to point to the chunk data. */
-          data->reqdata.keep.str = datap;
-          result = Curl_unencode_deflate_write(conn, &data->reqdata.keep,
-                                               (ssize_t)piece);
-          break;
-
-        case GZIP:
-          /* update data->reqdata.keep.str to point to the chunk data. */
-          data->reqdata.keep.str = datap;
-          result = Curl_unencode_gzip_write(conn, &data->reqdata.keep,
-                                            (ssize_t)piece);
-          break;
-
-        case COMPRESS:
-        default:
-          failf (conn->data,
-                 "Unrecognized content encoding type. "
-                 "libcurl understands `identity', `deflate' and `gzip' "
-                 "content encodings.");
-          return CHUNKE_BAD_ENCODING;
+        break;
+
+      case DEFLATE:
+        /* update data->req.keep.str to point to the chunk data. */
+        data->req.str = datap;
+        result = Curl_unencode_deflate_write(conn, &data->req,
+                                             (ssize_t)piece);
+        break;
+
+      case GZIP:
+        /* update data->req.keep.str to point to the chunk data. */
+        data->req.str = datap;
+        result = Curl_unencode_gzip_write(conn, &data->req,
+                                          (ssize_t)piece);
+        break;
+
+      case COMPRESS:
+      default:
+        failf (conn->data,
+               "Unrecognized content encoding type. "
+               "libcurl understands `identity', `deflate' and `gzip' "
+               "content encodings.");
+        return CHUNKE_BAD_ENCODING;
       }
 #endif
 
@@ -250,62 +242,84 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
 
       if(0 == ch->datasize)
         /* end of data this round, we now expect a trailing CRLF */
-        ch->state = CHUNK_POSTCR;
-      break;
-
-    case CHUNK_POSTCR:
-      if(*datap == 0x0d) {
         ch->state = CHUNK_POSTLF;
-        datap++;
-        length--;
-      }
-      else
-        return CHUNKE_BAD_CHUNK;
       break;
 
     case CHUNK_POSTLF:
       if(*datap == 0x0a) {
-        /*
-         * The last one before we go back to hex state and start all
-         * over.
-         */
-        Curl_httpchunk_init(conn);
-        datap++;
-        length--;
+        /* The last one before we go back to hex state and start all over. */
+        Curl_httpchunk_init(conn); /* sets state back to CHUNK_HEX */
       }
-      else
+      else if(*datap != 0x0d)
         return CHUNKE_BAD_CHUNK;
+      datap++;
+      length--;
       break;
 
     case CHUNK_TRAILER:
-      /* conn->trailer is assumed to be freed in url.c on a
-         connection basis */
-      if (conn->trlPos >= conn->trlMax) {
-        char *ptr;
-        if(conn->trlMax) {
-          conn->trlMax *= 2;
-          ptr = (char*)realloc(conn->trailer,conn->trlMax);
+      if((*datap == 0x0d) || (*datap == 0x0a)) {
+        /* this is the end of a trailer, but if the trailer was zero bytes
+           there was no trailer and we move on */
+
+        if(conn->trlPos) {
+          /* we allocate trailer with 3 bytes extra room to fit this */
+          conn->trailer[conn->trlPos++]=0x0d;
+          conn->trailer[conn->trlPos++]=0x0a;
+          conn->trailer[conn->trlPos]=0;
+
+          /* Convert to host encoding before calling Curl_client_write */
+          result = Curl_convert_from_network(conn->data, conn->trailer,
+                                             conn->trlPos);
+          if(result)
+            /* Curl_convert_from_network calls failf if unsuccessful */
+            /* Treat it as a bad chunk */
+            return CHUNKE_BAD_CHUNK;
+
+          if(!data->set.http_te_skip) {
+            result = Curl_client_write(conn, CLIENTWRITE_HEADER,
+                                       conn->trailer, conn->trlPos);
+            if(result)
+              return CHUNKE_WRITE_ERROR;
+          }
+          conn->trlPos=0;
+          ch->state = CHUNK_TRAILER_CR;
+          if(*datap == 0x0a)
+            /* already on the LF */
+            break;
         }
         else {
-          conn->trlMax=128;
-          ptr = (char*)malloc(conn->trlMax);
+          /* no trailer, we're on the final CRLF pair */
+          ch->state = CHUNK_TRAILER_POSTCR;
+          break; /* don't advance the pointer */
         }
-        if(!ptr)
-          return CHUNKE_OUT_OF_MEMORY;
-        conn->trailer = ptr;
       }
-      conn->trailer[conn->trlPos++]=*datap;
-
-      if(*datap == 0x0d)
-        ch->state = CHUNK_TRAILER_CR;
       else {
-        datap++;
-        length--;
-     }
+        /* conn->trailer is assumed to be freed in url.c on a
+           connection basis */
+        if(conn->trlPos >= conn->trlMax) {
+          /* we always allocate three extra bytes, just because when the full
+             header has been received we append CRLF\0 */
+          char *ptr;
+          if(conn->trlMax) {
+            conn->trlMax *= 2;
+            ptr = realloc(conn->trailer, conn->trlMax + 3);
+          }
+          else {
+            conn->trlMax=128;
+            ptr = malloc(conn->trlMax + 3);
+          }
+          if(!ptr)
+            return CHUNKE_OUT_OF_MEMORY;
+          conn->trailer = ptr;
+        }
+        conn->trailer[conn->trlPos++]=*datap;
+      }
+      datap++;
+      length--;
       break;
 
     case CHUNK_TRAILER_CR:
-      if(*datap == 0x0d) {
+      if(*datap == 0x0a) {
         ch->state = CHUNK_TRAILER_POSTCR;
         datap++;
         length--;
@@ -315,46 +329,57 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
       break;
 
     case CHUNK_TRAILER_POSTCR:
-      if (*datap == 0x0a) {
-        conn->trailer[conn->trlPos++]=0x0a;
-        conn->trailer[conn->trlPos]=0;
-        if (conn->trlPos==2) {
-          ch->state = CHUNK_STOP;
-          return CHUNKE_STOP;
-        }
-        else {
-#ifdef CURL_DOES_CONVERSIONS
-          /* Convert to host encoding before calling Curl_client_write */
-          result = Curl_convert_from_network(conn->data,
-                                             conn->trailer,
-                                             conn->trlPos);
-          if(result != CURLE_OK) {
-            /* Curl_convert_from_network calls failf if unsuccessful */
-            /* Treat it as a bad chunk */
-            return(CHUNKE_BAD_CHUNK);
-          }
-#endif /* CURL_DOES_CONVERSIONS */
-          Curl_client_write(conn, CLIENTWRITE_HEADER,
-                            conn->trailer, conn->trlPos);
-        }
+      /* We enter this state when a CR should arrive so we expect to
+         have to first pass a CR before we wait for LF */
+      if((*datap != 0x0d) && (*datap != 0x0a)) {
+        /* not a CR then it must be another header in the trailer */
         ch->state = CHUNK_TRAILER;
-        conn->trlPos=0;
+        break;
+      }
+      if(*datap == 0x0d) {
+        /* skip if CR */
         datap++;
         length--;
       }
-      else
-        return CHUNKE_BAD_CHUNK;
+      /* now wait for the final LF */
+      ch->state = CHUNK_STOP;
       break;
 
     case CHUNK_STOP:
-      /* If we arrive here, there is data left in the end of the buffer
-         even if there's no more chunks to read */
-      ch->dataleft = length;
-      return CHUNKE_STOP; /* return stop */
-    default:
-      return CHUNKE_STATE_ERROR;
+      if(*datap == 0x0a) {
+        length--;
+
+        /* Record the length of any data left in the end of the buffer
+           even if there's no more chunks to read */
+        ch->dataleft = curlx_sotouz(length);
+
+        return CHUNKE_STOP; /* return stop */
+      }
+      else
+        return CHUNKE_BAD_CHUNK;
     }
   }
   return CHUNKE_OK;
 }
+
+const char *Curl_chunked_strerror(CHUNKcode code)
+{
+  switch (code) {
+  default:
+    return "OK";
+  case CHUNKE_TOO_LONG_HEX:
+    return "Too long hexadecimal number";
+  case CHUNKE_ILLEGAL_HEX:
+    return "Illegal or missing hexadecimal sequence";
+  case CHUNKE_BAD_CHUNK:
+    return "Malformed encoding found";
+  case CHUNKE_WRITE_ERROR:
+    return "Write error";
+  case CHUNKE_BAD_ENCODING:
+    return "Bad content-encoding found";
+  case CHUNKE_OUT_OF_MEMORY:
+    return "Out of memory";
+  }
+}
+
 #endif /* CURL_DISABLE_HTTP */
diff --git a/Utilities/cmcurl/http_chunks.h b/Utilities/cmcurl/lib/http_chunks.h
index 211818a..0489eb8 100644
--- a/Utilities/cmcurl/http_chunks.h
+++ b/Utilities/cmcurl/lib/http_chunks.h
@@ -1,5 +1,5 @@
-#ifndef __HTTP_CHUNKS_H
-#define __HTTP_CHUNKS_H
+#ifndef HEADER_CURL_HTTP_CHUNKS_H
+#define HEADER_CURL_HTTP_CHUNKS_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 /*
  * The longest possible hexadecimal number we support in a chunked transfer.
@@ -30,36 +29,25 @@
 #define MAXNUM_SIZE 16
 
 typedef enum {
-  CHUNK_FIRST, /* never use */
-
-  /* In this we await and buffer all hexadecimal digits until we get one
-     that isn't a hexadecimal digit. When done, we go POSTHEX */
+  /* await and buffer all hexadecimal digits until we get one that isn't a
+     hexadecimal digit. When done, we go CHUNK_LF */
   CHUNK_HEX,
 
-  /* We have received the hexadecimal digit and we eat all characters until
-     we get a CRLF pair. When we see a CR we go to the CR state. */
-  CHUNK_POSTHEX,
-
-  /* A single CR has been found and we should get a LF right away in this
-     state or we go back to POSTHEX. When LF is received, we go to DATA.
-     If the size given was zero, we set state to STOP and return. */
-  CHUNK_CR,
+  /* wait for LF, ignore all else */
+  CHUNK_LF,
 
   /* We eat the amount of data specified. When done, we move on to the
      POST_CR state. */
   CHUNK_DATA,
 
-  /* POSTCR should get a CR and nothing else, then move to POSTLF */
-  CHUNK_POSTCR,
-
-  /* POSTLF should get a LF and nothing else, then move back to HEX as the
-     CRLF combination marks the end of a chunk */
+  /* POSTLF should get a CR and then a LF and nothing else, then move back to
+     HEX as the CRLF combination marks the end of a chunk. A missing CR is no
+     big deal. */
   CHUNK_POSTLF,
 
-  /* This is mainly used to really mark that we're out of the game.
-     NOTE: that there's a 'dataleft' field in the struct that will tell how
-     many bytes that were not passed to the client in the end of the last
-     buffer! */
+  /* Used to mark that we're out of the game.  NOTE: that there's a 'dataleft'
+     field in the struct that will tell how many bytes that were not passed to
+     the client in the end of the last buffer! */
   CHUNK_STOP,
 
   /* At this point optional trailer headers can be found, unless the next line
@@ -74,10 +62,7 @@ typedef enum {
      signalled If this is an empty trailer CHUNKE_STOP will be signalled.
      Otherwise the trailer will be broadcasted via Curl_client_write() and the
      next state will be CHUNK_TRAILER */
-  CHUNK_TRAILER_POSTCR,
-
-  CHUNK_LAST /* never use */
-
+  CHUNK_TRAILER_POSTCR
 } ChunkyState;
 
 typedef enum {
@@ -87,18 +72,20 @@ typedef enum {
   CHUNKE_ILLEGAL_HEX,
   CHUNKE_BAD_CHUNK,
   CHUNKE_WRITE_ERROR,
-  CHUNKE_STATE_ERROR,
   CHUNKE_BAD_ENCODING,
   CHUNKE_OUT_OF_MEMORY,
   CHUNKE_LAST
 } CHUNKcode;
 
+const char *Curl_chunked_strerror(CHUNKcode code);
+
 struct Curl_chunker {
   char hexbuffer[ MAXNUM_SIZE + 1];
   int hexindex;
   ChunkyState state;
-  size_t datasize;
+  curl_off_t datasize;
   size_t dataleft; /* untouched data amount at the end of the last buffer */
 };
 
-#endif
+#endif /* HEADER_CURL_HTTP_CHUNKS_H */
+
diff --git a/Utilities/cmcurl/http_digest.c b/Utilities/cmcurl/lib/http_digest.c
index c223784..55f5108 100644
--- a/Utilities/cmcurl/http_digest.c
+++ b/Utilities/cmcurl/lib/http_digest.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,28 +18,22 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-#include "setup.h"
+
+#include "curl_setup.h"
 
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
 
 #include "urldata.h"
-#include "sendf.h"
-#include "strequal.h"
-#include "base64.h"
-#include "md5.h"
+#include "rawstr.h"
+#include "curl_base64.h"
+#include "curl_md5.h"
 #include "http_digest.h"
 #include "strtok.h"
-#include "url.h" /* for Curl_safefree() */
-#include "memory.h"
-#include "easyif.h" /* included for Curl_convert_... prototypes */
+#include "curl_memory.h"
+#include "vtls/vtls.h" /* for Curl_rand() */
+#include "non-ascii.h" /* included for Curl_convert_... prototypes */
+#include "warnless.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -47,6 +41,79 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
+#define MAX_VALUE_LENGTH 256
+#define MAX_CONTENT_LENGTH 1024
+
+static void digest_cleanup_one(struct digestdata *dig);
+
+/*
+ * Return 0 on success and then the buffers are filled in fine.
+ *
+ * Non-zero means failure to parse.
+ */
+static int get_pair(const char *str, char *value, char *content,
+                    const char **endptr)
+{
+  int c;
+  bool starts_with_quote = FALSE;
+  bool escape = FALSE;
+
+  for(c=MAX_VALUE_LENGTH-1; (*str && (*str != '=') && c--); )
+    *value++ = *str++;
+  *value=0;
+
+  if('=' != *str++)
+    /* eek, no match */
+    return 1;
+
+  if('\"' == *str) {
+    /* this starts with a quote so it must end with one as well! */
+    str++;
+    starts_with_quote = TRUE;
+  }
+
+  for(c=MAX_CONTENT_LENGTH-1; *str && c--; str++) {
+    switch(*str) {
+    case '\\':
+      if(!escape) {
+        /* possibly the start of an escaped quote */
+        escape = TRUE;
+        *content++ = '\\'; /* even though this is an escape character, we still
+                              store it as-is in the target buffer */
+        continue;
+      }
+      break;
+    case ',':
+      if(!starts_with_quote) {
+        /* this signals the end of the content if we didn't get a starting
+           quote and then we do "sloppy" parsing */
+        c=0; /* the end */
+        continue;
+      }
+      break;
+    case '\r':
+    case '\n':
+      /* end of string */
+      c=0;
+      continue;
+    case '\"':
+      if(!escape && starts_with_quote) {
+        /* end of string */
+        c=0;
+        continue;
+      }
+      break;
+    }
+    escape = FALSE;
+    *content++ = *str;
+  }
+  *content=0;
+
+  *endptr = str;
+
+  return 0; /* all is fine! */
+}
+
 /* Test example headers:
 
 WWW-Authenticate: Digest realm="testrealm", nonce="1053604598"
@@ -56,10 +123,9 @@ Proxy-Authenticate: Digest realm="testrealm", nonce="1053604598"
 
 CURLdigest Curl_input_digest(struct connectdata *conn,
                              bool proxy,
-                             char *header) /* rest of the *-authenticate:
-                                              header */
+                             const char *header) /* rest of the *-authenticate:
+                                                    header */
 {
-  bool more = TRUE;
   char *token = NULL;
   char *tmp = NULL;
   bool foundAuth = FALSE;
@@ -75,10 +141,6 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
     d = &data->state.digest;
   }
 
-  /* skip initial whitespaces */
-  while(*header && ISSPACE(*header))
-    header++;
-
   if(checkprefix("Digest", header)) {
     header += strlen("Digest");
 
@@ -87,45 +149,39 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
       before = TRUE;
 
     /* clear off any former leftovers and init to defaults */
-    Curl_digest_cleanup_one(d);
+    digest_cleanup_one(d);
 
-    while(more) {
-      char value[32];
-      char content[128];
-      size_t totlen=0;
+    for(;;) {
+      char value[MAX_VALUE_LENGTH];
+      char content[MAX_CONTENT_LENGTH];
 
       while(*header && ISSPACE(*header))
         header++;
 
-      /* how big can these strings be? */
-      if((2 == sscanf(header, "%31[^=]=\"%127[^\"]\"",
-                      value, content)) ||
-         /* try the same scan but without quotes around the content but don't
-            include the possibly trailing comma */
-         (2 ==  sscanf(header, "%31[^=]=%127[^,]",
-                       value, content)) ) {
-        if(strequal(value, "nonce")) {
+      /* extract a value=content pair */
+      if(!get_pair(header, value, content, &header)) {
+        if(Curl_raw_equal(value, "nonce")) {
           d->nonce = strdup(content);
           if(!d->nonce)
             return CURLDIGEST_NOMEM;
         }
-        else if(strequal(value, "stale")) {
-          if(strequal(content, "true")) {
+        else if(Curl_raw_equal(value, "stale")) {
+          if(Curl_raw_equal(content, "true")) {
             d->stale = TRUE;
             d->nc = 1; /* we make a new nonce now */
           }
         }
-        else if(strequal(value, "realm")) {
+        else if(Curl_raw_equal(value, "realm")) {
           d->realm = strdup(content);
           if(!d->realm)
             return CURLDIGEST_NOMEM;
         }
-        else if(strequal(value, "opaque")) {
+        else if(Curl_raw_equal(value, "opaque")) {
           d->opaque = strdup(content);
           if(!d->opaque)
             return CURLDIGEST_NOMEM;
         }
-        else if(strequal(value, "qop")) {
+        else if(Curl_raw_equal(value, "qop")) {
           char *tok_buf;
           /* tokenize the list and choose auth if possible, use a temporary
              clone of the buffer since strtok_r() ruins it */
@@ -133,35 +189,35 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
           if(!tmp)
             return CURLDIGEST_NOMEM;
           token = strtok_r(tmp, ",", &tok_buf);
-          while (token != NULL) {
-            if (strequal(token, "auth")) {
+          while(token != NULL) {
+            if(Curl_raw_equal(token, "auth")) {
               foundAuth = TRUE;
             }
-            else if (strequal(token, "auth-int")) {
+            else if(Curl_raw_equal(token, "auth-int")) {
               foundAuthInt = TRUE;
             }
             token = strtok_r(NULL, ",", &tok_buf);
           }
           free(tmp);
           /*select only auth o auth-int. Otherwise, ignore*/
-          if (foundAuth) {
+          if(foundAuth) {
             d->qop = strdup("auth");
             if(!d->qop)
               return CURLDIGEST_NOMEM;
           }
-          else if (foundAuthInt) {
+          else if(foundAuthInt) {
             d->qop = strdup("auth-int");
             if(!d->qop)
               return CURLDIGEST_NOMEM;
           }
         }
-        else if(strequal(value, "algorithm")) {
+        else if(Curl_raw_equal(value, "algorithm")) {
           d->algorithm = strdup(content);
           if(!d->algorithm)
             return CURLDIGEST_NOMEM;
-          if(strequal(content, "MD5-sess"))
+          if(Curl_raw_equal(content, "MD5-sess"))
             d->algo = CURLDIGESTALGO_MD5SESS;
-          else if(strequal(content, "MD5"))
+          else if(Curl_raw_equal(content, "MD5"))
             d->algo = CURLDIGESTALGO_MD5;
           else
             return CURLDIGEST_BADALGO;
@@ -169,17 +225,13 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
         else {
           /* unknown specifier, ignore it! */
         }
-        totlen = strlen(value)+strlen(content)+1;
-
-        if(header[strlen(value)+1] == '\"')
-          /* the contents were within quotes, then add 2 for them to the
-             length */
-          totlen += 2;
       }
       else
         break; /* we're done here */
 
-      header += totlen;
+      /* pass all additional spaces here */
+      while(*header && ISSPACE(*header))
+        header++;
       if(',' == *header)
         /* allow the list to be comma-separated */
         header++;
@@ -210,46 +262,76 @@ static void md5_to_ascii(unsigned char *source, /* 16 bytes */
     snprintf((char *)&dest[i*2], 3, "%02x", source[i]);
 }
 
+/* Perform quoted-string escaping as described in RFC2616 and its errata */
+static char *string_quoted(const char *source)
+{
+  char *dest, *d;
+  const char *s = source;
+  size_t n = 1; /* null terminator */
+
+  /* Calculate size needed */
+  while(*s) {
+    ++n;
+    if(*s == '"' || *s == '\\') {
+      ++n;
+    }
+    ++s;
+  }
+
+  dest = malloc(n);
+  if(dest) {
+    s = source;
+    d = dest;
+    while(*s) {
+      if(*s == '"' || *s == '\\') {
+        *d++ = '\\';
+      }
+      *d++ = *s++;
+    }
+    *d = 0;
+  }
+
+  return dest;
+}
+
 CURLcode Curl_output_digest(struct connectdata *conn,
                             bool proxy,
-                            unsigned char *request,
-                            unsigned char *uripath)
+                            const unsigned char *request,
+                            const unsigned char *uripath)
 {
   /* We have a Digest setup for this, use it!  Now, to get all the details for
      this sorted out, I must urge you dear friend to read up on the RFC2617
      section 3.2.2, */
+  size_t urilen;
   unsigned char md5buf[16]; /* 16 bytes/128 bits */
   unsigned char request_digest[33];
   unsigned char *md5this;
-  unsigned char *ha1;
+  unsigned char ha1[33];/* 32 digits and 1 zero byte */
   unsigned char ha2[33];/* 32 digits and 1 zero byte */
-  char cnoncebuf[7];
-  char *cnonce;
+  char cnoncebuf[33];
+  char *cnonce = NULL;
+  size_t cnonce_sz = 0;
   char *tmp = NULL;
-  struct timeval now;
-
   char **allocuserpwd;
-  char *userp;
-  char *passwdp;
+  size_t userlen;
+  const char *userp;
+  char *userp_quoted;
+  const char *passwdp;
   struct auth *authp;
 
   struct SessionHandle *data = conn->data;
   struct digestdata *d;
-#ifdef CURL_DOES_CONVERSIONS
   CURLcode rc;
 /* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines.
-   It converts digest text to ASCII so the MD5 will be correct for 
+   It converts digest text to ASCII so the MD5 will be correct for
    what ultimately goes over the network.
 */
 #define CURL_OUTPUT_DIGEST_CONV(a, b) \
   rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \
-  if (rc != CURLE_OK) { \
+  if(rc != CURLE_OK) { \
     free(b); \
     return rc; \
   }
-#else
-#define CURL_OUTPUT_DIGEST_CONV(a, b)
-#endif /* CURL_DOES_CONVERSIONS */
 
   if(proxy) {
     d = &data->state.proxydigest;
@@ -266,12 +348,14 @@ CURLcode Curl_output_digest(struct connectdata *conn,
     authp = &data->state.authhost;
   }
 
+  Curl_safefree(*allocuserpwd);
+
   /* not set means empty */
   if(!userp)
-    userp=(char *)"";
+    userp="";
 
   if(!passwdp)
-    passwdp=(char *)"";
+    passwdp="";
 
   if(!d->nonce) {
     authp->done = FALSE;
@@ -283,13 +367,14 @@ CURLcode Curl_output_digest(struct connectdata *conn,
     d->nc = 1;
 
   if(!d->cnonce) {
-    /* Generate a cnonce */
-    now = Curl_tvnow();
-    snprintf(cnoncebuf, sizeof(cnoncebuf), "%06ld", now.tv_sec);
-    if(Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf), &cnonce))
-      d->cnonce = cnonce;
-    else
-      return CURLE_OUT_OF_MEMORY;
+    snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x",
+             Curl_rand(data), Curl_rand(data),
+             Curl_rand(data), Curl_rand(data));
+    rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
+                            &cnonce, &cnonce_sz);
+    if(rc)
+      return rc;
+    d->cnonce = cnonce;
   }
 
   /*
@@ -310,12 +395,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
 
   CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
   Curl_md5it(md5buf, md5this);
-  free(md5this); /* free this again */
-
-  ha1 = (unsigned char *)malloc(33); /* 32 digits and 1 zero byte */
-  if(!ha1)
-    return CURLE_OUT_OF_MEMORY;
-
+  Curl_safefree(md5this);
   md5_to_ascii(md5buf, ha1);
 
   if(d->algo == CURLDIGESTALGO_MD5SESS) {
@@ -325,7 +405,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
       return CURLE_OUT_OF_MEMORY;
     CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */
     Curl_md5it(md5buf, (unsigned char *)tmp);
-    free(tmp); /* free this again */
+    Curl_safefree(tmp);
     md5_to_ascii(md5buf, ha1);
   }
 
@@ -342,23 +422,44 @@ CURLcode Curl_output_digest(struct connectdata *conn,
     5.1.1 of RFC 2616)
   */
 
-  md5this = (unsigned char *)aprintf("%s:%s", request, uripath);
-  if(!md5this) {
-    free(ha1);
-    return CURLE_OUT_OF_MEMORY;
-  }
+  /* So IE browsers < v7 cut off the URI part at the query part when they
+     evaluate the MD5 and some (IIS?) servers work with them so we may need to
+     do the Digest IE-style. Note that the different ways cause different MD5
+     sums to get sent.
+
+     Apache servers can be set to do the Digest IE-style automatically using
+     the BrowserMatch feature:
+     http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
+
+     Further details on Digest implementation differences:
+     http://www.fngtps.com/2006/09/http-authentication
+  */
+
+  if(authp->iestyle && ((tmp = strchr((char *)uripath, '?')) != NULL))
+    urilen = tmp - (char *)uripath;
+  else
+    urilen = strlen((char *)uripath);
 
-  if (d->qop && strequal(d->qop, "auth-int")) {
-    /* We don't support auth-int at the moment. I can't see a easy way to get
-       entity-body here */
-    /* TODO: Append H(entity-body)*/
+  md5this = (unsigned char *)aprintf("%s:%.*s", request, urilen, uripath);
+
+  if(d->qop && Curl_raw_equal(d->qop, "auth-int")) {
+    /* We don't support auth-int for PUT or POST at the moment.
+       TODO: replace md5 of empty string with entity-body for PUT/POST */
+    unsigned char *md5this2 = (unsigned char *)
+      aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e");
+    Curl_safefree(md5this);
+    md5this = md5this2;
   }
+
+  if(!md5this)
+    return CURLE_OUT_OF_MEMORY;
+
   CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
   Curl_md5it(md5buf, md5this);
-  free(md5this); /* free this again */
+  Curl_safefree(md5this);
   md5_to_ascii(md5buf, ha2);
 
-  if (d->qop) {
+  if(d->qop) {
     md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s",
                                        ha1,
                                        d->nonce,
@@ -373,45 +474,53 @@ CURLcode Curl_output_digest(struct connectdata *conn,
                                        d->nonce,
                                        ha2);
   }
-  free(ha1);
   if(!md5this)
     return CURLE_OUT_OF_MEMORY;
 
   CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
   Curl_md5it(md5buf, md5this);
-  free(md5this); /* free this again */
+  Curl_safefree(md5this);
   md5_to_ascii(md5buf, request_digest);
 
   /* for test case 64 (snooped from a Mozilla 1.3a request)
 
     Authorization: Digest username="testuser", realm="testrealm", \
     nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
-  */
 
-  Curl_safefree(*allocuserpwd);
+    Digest parameters are all quoted strings.  Username which is provided by
+    the user will need double quotes and backslashes within it escaped.  For
+    the other fields, this shouldn't be an issue.  realm, nonce, and opaque
+    are copied as is from the server, escapes and all.  cnonce is generated
+    with web-safe characters.  uri is already percent encoded.  nc is 8 hex
+    characters.  algorithm and qop with standard values only contain web-safe
+    chracters.
+  */
+  userp_quoted = string_quoted(userp);
+  if(!userp_quoted)
+    return CURLE_OUT_OF_MEMORY;
 
-  if (d->qop) {
+  if(d->qop) {
     *allocuserpwd =
       aprintf( "%sAuthorization: Digest "
                "username=\"%s\", "
                "realm=\"%s\", "
                "nonce=\"%s\", "
-               "uri=\"%s\", "
+               "uri=\"%.*s\", "
                "cnonce=\"%s\", "
                "nc=%08x, "
-               "qop=\"%s\", "
+               "qop=%s, "
                "response=\"%s\"",
                proxy?"Proxy-":"",
-               userp,
+               userp_quoted,
                d->realm,
                d->nonce,
-               uripath, /* this is the PATH part of the URL */
+               urilen, uripath, /* this is the PATH part of the URL */
                d->cnonce,
                d->nc,
                d->qop,
                request_digest);
 
-    if(strequal(d->qop, "auth"))
+    if(Curl_raw_equal(d->qop, "auth"))
       d->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0 padded
                   which tells to the server how many times you are using the
                   same nonce in the qop=auth mode. */
@@ -422,15 +531,16 @@ CURLcode Curl_output_digest(struct connectdata *conn,
                "username=\"%s\", "
                "realm=\"%s\", "
                "nonce=\"%s\", "
-               "uri=\"%s\", "
+               "uri=\"%.*s\", "
                "response=\"%s\"",
                proxy?"Proxy-":"",
-               userp,
+               userp_quoted,
                d->realm,
                d->nonce,
-               uripath, /* this is the PATH part of the URL */
+               urilen, uripath, /* this is the PATH part of the URL */
                request_digest);
   }
+  Curl_safefree(userp_quoted);
   if(!*allocuserpwd)
     return CURLE_OUT_OF_MEMORY;
 
@@ -453,41 +563,25 @@ CURLcode Curl_output_digest(struct connectdata *conn,
     *allocuserpwd = tmp;
   }
 
-  /* append CRLF to the userpwd header */
-  tmp = (char*) realloc(*allocuserpwd, strlen(*allocuserpwd) + 3 + 1);
+  /* append CRLF + zero (3 bytes) to the userpwd header */
+  userlen = strlen(*allocuserpwd);
+  tmp = realloc(*allocuserpwd, userlen + 3);
   if(!tmp)
     return CURLE_OUT_OF_MEMORY;
-  strcat(tmp, "\r\n");
+  strcpy(&tmp[userlen], "\r\n"); /* append the data */
   *allocuserpwd = tmp;
 
   return CURLE_OK;
 }
 
-void Curl_digest_cleanup_one(struct digestdata *d)
+static void digest_cleanup_one(struct digestdata *d)
 {
-  if(d->nonce)
-    free(d->nonce);
-  d->nonce = NULL;
-
-  if(d->cnonce)
-    free(d->cnonce);
-  d->cnonce = NULL;
-
-  if(d->realm)
-    free(d->realm);
-  d->realm = NULL;
-
-  if(d->opaque)
-    free(d->opaque);
-  d->opaque = NULL;
-
-  if(d->qop)
-    free(d->qop);
-  d->qop = NULL;
-
-  if(d->algorithm)
-    free(d->algorithm);
-  d->algorithm = NULL;
+  Curl_safefree(d->nonce);
+  Curl_safefree(d->cnonce);
+  Curl_safefree(d->realm);
+  Curl_safefree(d->opaque);
+  Curl_safefree(d->qop);
+  Curl_safefree(d->algorithm);
 
   d->nc = 0;
   d->algo = CURLDIGESTALGO_MD5; /* default algorithm */
@@ -497,8 +591,8 @@ void Curl_digest_cleanup_one(struct digestdata *d)
 
 void Curl_digest_cleanup(struct SessionHandle *data)
 {
-  Curl_digest_cleanup_one(&data->state.digest);
-  Curl_digest_cleanup_one(&data->state.proxydigest);
+  digest_cleanup_one(&data->state.digest);
+  digest_cleanup_one(&data->state.proxydigest);
 }
 
 #endif
diff --git a/Utilities/cmcurl/http_digest.h b/Utilities/cmcurl/lib/http_digest.h
index 6cf0259..c6a4e91 100644
--- a/Utilities/cmcurl/http_digest.h
+++ b/Utilities/cmcurl/lib/http_digest.h
@@ -1,5 +1,5 @@
-#ifndef __HTTP_DIGEST_H
-#define __HTTP_DIGEST_H
+#ifndef HEADER_CURL_HTTP_DIGEST_H
+#define HEADER_CURL_HTTP_DIGEST_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,8 +20,8 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
+#include "curl_setup.h"
 
 typedef enum {
   CURLDIGEST_NONE, /* not a digest */
@@ -40,19 +40,18 @@ enum {
 
 /* this is for digest header input */
 CURLdigest Curl_input_digest(struct connectdata *conn,
-                             bool proxy, char *header);
+                             bool proxy, const char *header);
 
 /* this is for creating digest header output */
 CURLcode Curl_output_digest(struct connectdata *conn,
                             bool proxy,
-                            unsigned char *request,
-                            unsigned char *uripath);
-void Curl_digest_cleanup_one(struct digestdata *dig);
+                            const unsigned char *request,
+                            const unsigned char *uripath);
 
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
 void Curl_digest_cleanup(struct SessionHandle *data);
 #else
-#define Curl_digest_cleanup(x) do {} while(0)
+#define Curl_digest_cleanup(x) Curl_nop_stmt
 #endif
 
-#endif
+#endif /* HEADER_CURL_HTTP_DIGEST_H */
diff --git a/Utilities/cmcurl/lib/http_negotiate.c b/Utilities/cmcurl/lib/http_negotiate.c
new file mode 100644
index 0000000..c8bfa29
--- /dev/null
+++ b/Utilities/cmcurl/lib/http_negotiate.c
@@ -0,0 +1,243 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_GSSAPI
+#ifdef HAVE_OLD_GSSMIT
+#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
+#define NCOMPAT 1
+#endif
+
+#ifndef CURL_DISABLE_HTTP
+
+#include "urldata.h"
+#include "sendf.h"
+#include "curl_gssapi.h"
+#include "rawstr.h"
+#include "curl_base64.h"
+#include "http_negotiate.h"
+#include "curl_memory.h"
+#include "url.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+static int
+get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
+{
+  OM_uint32 major_status, minor_status;
+  gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
+  char name[2048];
+  const char* service = "HTTP";
+
+  token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
+                                              conn->host.name) + 1;
+  if(token.length + 1 > sizeof(name))
+    return EMSGSIZE;
+
+  snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name :
+           conn->host.name);
+
+  token.value = (void *) name;
+  major_status = gss_import_name(&minor_status,
+                                 &token,
+                                 GSS_C_NT_HOSTBASED_SERVICE,
+                                 server);
+
+  return GSS_ERROR(major_status) ? -1 : 0;
+}
+
+static void
+log_gss_error(struct connectdata *conn, OM_uint32 error_status,
+              const char *prefix)
+{
+  OM_uint32 maj_stat, min_stat;
+  OM_uint32 msg_ctx = 0;
+  gss_buffer_desc status_string;
+  char buf[1024];
+  size_t len;
+
+  snprintf(buf, sizeof(buf), "%s", prefix);
+  len = strlen(buf);
+  do {
+    maj_stat = gss_display_status(&min_stat,
+                                  error_status,
+                                  GSS_C_MECH_CODE,
+                                  GSS_C_NO_OID,
+                                  &msg_ctx,
+                                  &status_string);
+      if(sizeof(buf) > len + status_string.length + 1) {
+        snprintf(buf + len, sizeof(buf) - len,
+                 ": %s", (char*) status_string.value);
+      len += status_string.length;
+    }
+    gss_release_buffer(&min_stat, &status_string);
+  } while(!GSS_ERROR(maj_stat) && msg_ctx != 0);
+
+  infof(conn->data, "%s\n", buf);
+}
+
+/* returning zero (0) means success, everything else is treated as "failure"
+   with no care exactly what the failure was */
+int Curl_input_negotiate(struct connectdata *conn, bool proxy,
+                         const char *header)
+{
+  struct SessionHandle *data = conn->data;
+  struct negotiatedata *neg_ctx = proxy?&data->state.proxyneg:
+    &data->state.negotiate;
+  OM_uint32 major_status, minor_status, discard_st;
+  gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
+  gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
+  int ret;
+  size_t len;
+  size_t rawlen = 0;
+  CURLcode error;
+
+  if(neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) {
+    /* We finished successfully our part of authentication, but server
+     * rejected it (since we're again here). Exit with an error since we
+     * can't invent anything better */
+    Curl_cleanup_negotiate(data);
+    return -1;
+  }
+
+  if(neg_ctx->server_name == NULL &&
+      (ret = get_gss_name(conn, proxy, &neg_ctx->server_name)))
+    return ret;
+
+  header += strlen("Negotiate");
+  while(*header && ISSPACE(*header))
+    header++;
+
+  len = strlen(header);
+  if(len > 0) {
+    error = Curl_base64_decode(header,
+                               (unsigned char **)&input_token.value, &rawlen);
+    if(error || rawlen == 0)
+      return -1;
+    input_token.length = rawlen;
+
+    DEBUGASSERT(input_token.value != NULL);
+  }
+
+  major_status = Curl_gss_init_sec_context(data,
+                                           &minor_status,
+                                           &neg_ctx->context,
+                                           neg_ctx->server_name,
+                                           &Curl_spnego_mech_oid,
+                                           GSS_C_NO_CHANNEL_BINDINGS,
+                                           &input_token,
+                                           &output_token,
+                                           NULL);
+  Curl_safefree(input_token.value);
+
+  neg_ctx->status = major_status;
+  if(GSS_ERROR(major_status)) {
+    if(output_token.value)
+      gss_release_buffer(&discard_st, &output_token);
+    log_gss_error(conn, minor_status, "gss_init_sec_context() failed: ");
+    return -1;
+  }
+
+  if(!output_token.value || !output_token.length) {
+    if(output_token.value)
+      gss_release_buffer(&discard_st, &output_token);
+    return -1;
+  }
+
+  neg_ctx->output_token = output_token;
+  return 0;
+}
+
+
+CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+{
+  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
+    &conn->data->state.negotiate;
+  char *encoded = NULL;
+  size_t len = 0;
+  char *userp;
+  CURLcode error;
+  OM_uint32 discard_st;
+
+  error = Curl_base64_encode(conn->data,
+                             neg_ctx->output_token.value,
+                             neg_ctx->output_token.length,
+                             &encoded, &len);
+  if(error) {
+    gss_release_buffer(&discard_st, &neg_ctx->output_token);
+    neg_ctx->output_token.value = NULL;
+    neg_ctx->output_token.length = 0;
+    return error;
+  }
+
+  if(!encoded || !len) {
+    gss_release_buffer(&discard_st, &neg_ctx->output_token);
+    neg_ctx->output_token.value = NULL;
+    neg_ctx->output_token.length = 0;
+    return CURLE_REMOTE_ACCESS_DENIED;
+  }
+
+  userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "",
+                  encoded);
+  if(proxy) {
+    Curl_safefree(conn->allocptr.proxyuserpwd);
+    conn->allocptr.proxyuserpwd = userp;
+  }
+  else {
+    Curl_safefree(conn->allocptr.userpwd);
+    conn->allocptr.userpwd = userp;
+  }
+
+  Curl_safefree(encoded);
+
+  return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+}
+
+static void cleanup(struct negotiatedata *neg_ctx)
+{
+  OM_uint32 minor_status;
+  if(neg_ctx->context != GSS_C_NO_CONTEXT)
+    gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);
+
+  if(neg_ctx->output_token.value)
+    gss_release_buffer(&minor_status, &neg_ctx->output_token);
+
+  if(neg_ctx->server_name != GSS_C_NO_NAME)
+    gss_release_name(&minor_status, &neg_ctx->server_name);
+
+  memset(neg_ctx, 0, sizeof(*neg_ctx));
+}
+
+void Curl_cleanup_negotiate(struct SessionHandle *data)
+{
+  cleanup(&data->state.negotiate);
+  cleanup(&data->state.proxyneg);
+}
+
+
+#endif
+#endif
diff --git a/Utilities/cmcurl/lib/http_negotiate.h b/Utilities/cmcurl/lib/http_negotiate.h
new file mode 100644
index 0000000..f7efe8c
--- /dev/null
+++ b/Utilities/cmcurl/lib/http_negotiate.h
@@ -0,0 +1,42 @@
+#ifndef HEADER_CURL_HTTP_NEGOTIATE_H
+#define HEADER_CURL_HTTP_NEGOTIATE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#ifdef USE_SPNEGO
+
+/* this is for Negotiate header input */
+int Curl_input_negotiate(struct connectdata *conn, bool proxy,
+                         const char *header);
+
+/* this is for creating Negotiate header output */
+CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy);
+
+void Curl_cleanup_negotiate(struct SessionHandle *data);
+
+#ifdef USE_WINDOWS_SSPI
+#define GSS_ERROR(status) (status & 0x80000000)
+#endif
+
+#endif /* USE_SPNEGO */
+
+#endif /* HEADER_CURL_HTTP_NEGOTIATE_H */
diff --git a/Utilities/cmcurl/lib/http_negotiate_sspi.c b/Utilities/cmcurl/lib/http_negotiate_sspi.c
new file mode 100644
index 0000000..61581f1
--- /dev/null
+++ b/Utilities/cmcurl/lib/http_negotiate_sspi.c
@@ -0,0 +1,290 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_WINDOWS_SSPI
+
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
+
+#include "urldata.h"
+#include "sendf.h"
+#include "rawstr.h"
+#include "warnless.h"
+#include "curl_base64.h"
+#include "curl_sasl.h"
+#include "http_negotiate.h"
+#include "curl_memory.h"
+#include "curl_multibyte.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* returning zero (0) means success, everything else is treated as "failure"
+   with no care exactly what the failure was */
+int Curl_input_negotiate(struct connectdata *conn, bool proxy,
+                         const char *header)
+{
+  BYTE              *input_token = NULL;
+  SecBufferDesc     out_buff_desc;
+  SecBuffer         out_sec_buff;
+  SecBufferDesc     in_buff_desc;
+  SecBuffer         in_sec_buff;
+  unsigned long     context_attributes;
+  TimeStamp         lifetime;
+  int ret;
+  size_t len = 0, input_token_len = 0;
+  CURLcode error;
+
+  /* Point to the username and password */
+  const char *userp;
+  const char *passwdp;
+
+  /* Point to the correct struct with this */
+  struct negotiatedata *neg_ctx;
+
+  if(proxy) {
+    userp = conn->proxyuser;
+    passwdp = conn->proxypasswd;
+    neg_ctx = &conn->data->state.proxyneg;
+  }
+  else {
+    userp = conn->user;
+    passwdp = conn->passwd;
+    neg_ctx = &conn->data->state.negotiate;
+  }
+
+  /* Not set means empty */
+  if(!userp)
+    userp = "";
+
+  if(!passwdp)
+    passwdp = "";
+
+  if(neg_ctx->context && neg_ctx->status == SEC_E_OK) {
+    /* We finished successfully our part of authentication, but server
+     * rejected it (since we're again here). Exit with an error since we
+     * can't invent anything better */
+    Curl_cleanup_negotiate(conn->data);
+    return -1;
+  }
+
+  if(!neg_ctx->server_name) {
+    /* Check proxy auth requested but no given proxy name */
+    if(proxy && !conn->proxy.name)
+      return -1;
+
+    /* Generate our SPN */
+    neg_ctx->server_name = Curl_sasl_build_spn("HTTP",
+                                                proxy ? conn->proxy.name :
+                                                        conn->host.name);
+    if(!neg_ctx->server_name)
+      return -1;
+  }
+
+  if(!neg_ctx->output_token) {
+    PSecPkgInfo SecurityPackage;
+    ret = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT("Negotiate"),
+                                             &SecurityPackage);
+    if(ret != SEC_E_OK)
+      return -1;
+
+    /* Allocate input and output buffers according to the max token size
+       as indicated by the security package */
+    neg_ctx->max_token_length = SecurityPackage->cbMaxToken;
+    neg_ctx->output_token = malloc(neg_ctx->max_token_length);
+    s_pSecFn->FreeContextBuffer(SecurityPackage);
+  }
+
+  /* Obtain the input token, if any */
+  header += strlen("Negotiate");
+  while(*header && ISSPACE(*header))
+    header++;
+
+  len = strlen(header);
+  if(!len) {
+    /* Is this the first call in a new negotiation? */
+    if(neg_ctx->context) {
+      /* The server rejected our authentication and hasn't suppled any more
+         negotiation mechanisms */
+      return -1;
+    }
+
+    /* We have to acquire credentials and allocate memory for the context */
+    neg_ctx->credentials = malloc(sizeof(CredHandle));
+    neg_ctx->context = malloc(sizeof(CtxtHandle));
+
+    if(!neg_ctx->credentials || !neg_ctx->context)
+      return -1;
+
+    if(userp && *userp) {
+      /* Populate our identity structure */
+      error = Curl_create_sspi_identity(userp, passwdp, &neg_ctx->identity);
+      if(error)
+        return -1;
+
+      /* Allow proper cleanup of the identity structure */
+      neg_ctx->p_identity = &neg_ctx->identity;
+    }
+    else
+      /* Use the current Windows user */
+      neg_ctx->p_identity = NULL;
+
+    /* Acquire our credientials handle */
+    neg_ctx->status =
+      s_pSecFn->AcquireCredentialsHandle(NULL,
+                                         (TCHAR *) TEXT("Negotiate"),
+                                         SECPKG_CRED_OUTBOUND, NULL,
+                                         neg_ctx->p_identity, NULL, NULL,
+                                         neg_ctx->credentials, &lifetime);
+    if(neg_ctx->status != SEC_E_OK)
+      return -1;
+  }
+  else {
+    error = Curl_base64_decode(header,
+                               (unsigned char **)&input_token,
+                               &input_token_len);
+    if(error || !input_token_len)
+      return -1;
+  }
+
+  /* Setup the "output" security buffer */
+  out_buff_desc.ulVersion = SECBUFFER_VERSION;
+  out_buff_desc.cBuffers  = 1;
+  out_buff_desc.pBuffers  = &out_sec_buff;
+  out_sec_buff.BufferType = SECBUFFER_TOKEN;
+  out_sec_buff.pvBuffer   = neg_ctx->output_token;
+  out_sec_buff.cbBuffer   = curlx_uztoul(neg_ctx->max_token_length);
+
+  /* Setup the "input" security buffer if present */
+  if(input_token) {
+    in_buff_desc.ulVersion = SECBUFFER_VERSION;
+    in_buff_desc.cBuffers  = 1;
+    in_buff_desc.pBuffers  = &in_sec_buff;
+    in_sec_buff.BufferType = SECBUFFER_TOKEN;
+    in_sec_buff.pvBuffer   = input_token;
+    in_sec_buff.cbBuffer   = curlx_uztoul(input_token_len);
+  }
+
+  /* Generate our message */
+  neg_ctx->status = s_pSecFn->InitializeSecurityContext(
+    neg_ctx->credentials,
+    input_token ? neg_ctx->context : NULL,
+    neg_ctx->server_name,
+    ISC_REQ_CONFIDENTIALITY,
+    0,
+    SECURITY_NATIVE_DREP,
+    input_token ? &in_buff_desc : NULL,
+    0,
+    neg_ctx->context,
+    &out_buff_desc,
+    &context_attributes,
+    &lifetime);
+
+  Curl_safefree(input_token);
+
+  if(GSS_ERROR(neg_ctx->status))
+    return -1;
+
+  if(neg_ctx->status == SEC_I_COMPLETE_NEEDED ||
+     neg_ctx->status == SEC_I_COMPLETE_AND_CONTINUE) {
+    neg_ctx->status = s_pSecFn->CompleteAuthToken(neg_ctx->context,
+                                                  &out_buff_desc);
+    if(GSS_ERROR(neg_ctx->status))
+      return -1;
+  }
+
+  neg_ctx->output_token_length = out_sec_buff.cbBuffer;
+
+  return 0;
+}
+
+
+CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+{
+  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
+    &conn->data->state.negotiate;
+  char *encoded = NULL;
+  size_t len = 0;
+  char *userp;
+  CURLcode error;
+
+  error = Curl_base64_encode(conn->data,
+                             (const char*)neg_ctx->output_token,
+                             neg_ctx->output_token_length,
+                             &encoded, &len);
+  if(error)
+    return error;
+
+  if(!len)
+    return CURLE_REMOTE_ACCESS_DENIED;
+
+  userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "",
+                  encoded);
+
+  if(proxy) {
+    Curl_safefree(conn->allocptr.proxyuserpwd);
+    conn->allocptr.proxyuserpwd = userp;
+  }
+  else {
+    Curl_safefree(conn->allocptr.userpwd);
+    conn->allocptr.userpwd = userp;
+  }
+  free(encoded);
+  return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+}
+
+static void cleanup(struct negotiatedata *neg_ctx)
+{
+  if(neg_ctx->context) {
+    s_pSecFn->DeleteSecurityContext(neg_ctx->context);
+    free(neg_ctx->context);
+    neg_ctx->context = NULL;
+  }
+
+  if(neg_ctx->credentials) {
+    s_pSecFn->FreeCredentialsHandle(neg_ctx->credentials);
+    free(neg_ctx->credentials);
+    neg_ctx->credentials = NULL;
+  }
+
+  neg_ctx->max_token_length = 0;
+  Curl_safefree(neg_ctx->output_token);
+
+  Curl_safefree(neg_ctx->server_name);
+
+  Curl_sspi_free_identity(neg_ctx->p_identity);
+  neg_ctx->p_identity = NULL;
+}
+
+void Curl_cleanup_negotiate(struct SessionHandle *data)
+{
+  cleanup(&data->state.negotiate);
+  cleanup(&data->state.proxyneg);
+}
+
+#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */
+
+#endif /* USE_WINDOWS_SSPI */
diff --git a/Utilities/cmcurl/lib/http_proxy.c b/Utilities/cmcurl/lib/http_proxy.c
new file mode 100644
index 0000000..5343eb7
--- /dev/null
+++ b/Utilities/cmcurl/lib/http_proxy.c
@@ -0,0 +1,598 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "http_proxy.h"
+#include "sendf.h"
+#include "http.h"
+#include "url.h"
+#include "select.h"
+#include "rawstr.h"
+#include "progress.h"
+#include "non-ascii.h"
+#include "connect.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curlx.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+CURLcode Curl_proxy_connect(struct connectdata *conn)
+{
+  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
+#ifndef CURL_DISABLE_PROXY
+    /* for [protocol] tunneled through HTTP proxy */
+    struct HTTP http_proxy;
+    void *prot_save;
+    CURLcode result;
+
+    /* BLOCKING */
+    /* We want "seamless" operations through HTTP proxy tunnel */
+
+    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
+     * member conn->proto.http; we want [protocol] through HTTP and we have
+     * to change the member temporarily for connecting to the HTTP
+     * proxy. After Curl_proxyCONNECT we have to set back the member to the
+     * original pointer
+     *
+     * This function might be called several times in the multi interface case
+     * if the proxy's CONNTECT response is not instant.
+     */
+    prot_save = conn->data->req.protop;
+    memset(&http_proxy, 0, sizeof(http_proxy));
+    conn->data->req.protop = &http_proxy;
+    connkeep(conn, "HTTP proxy CONNECT");
+    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
+                               conn->host.name, conn->remote_port);
+    conn->data->req.protop = prot_save;
+    if(CURLE_OK != result)
+      return result;
+#else
+    return CURLE_NOT_BUILT_IN;
+#endif
+  }
+  /* no HTTP tunnel proxy, just return */
+  return CURLE_OK;
+}
+
+/*
+ * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
+ * function will issue the necessary commands to get a seamless tunnel through
+ * this proxy. After that, the socket can be used just as a normal socket.
+ */
+
+CURLcode Curl_proxyCONNECT(struct connectdata *conn,
+                           int sockindex,
+                           const char *hostname,
+                           int remote_port)
+{
+  int subversion=0;
+  struct SessionHandle *data=conn->data;
+  struct SingleRequest *k = &data->req;
+  CURLcode result;
+  curl_socket_t tunnelsocket = conn->sock[sockindex];
+  curl_off_t cl=0;
+  bool closeConnection = FALSE;
+  bool chunked_encoding = FALSE;
+  long check;
+
+#define SELECT_OK      0
+#define SELECT_ERROR   1
+#define SELECT_TIMEOUT 2
+  int error = SELECT_OK;
+
+  if(conn->tunnel_state[sockindex] == TUNNEL_COMPLETE)
+    return CURLE_OK; /* CONNECT is already completed */
+
+  conn->bits.proxy_connect_closed = FALSE;
+
+  do {
+    if(TUNNEL_INIT == conn->tunnel_state[sockindex]) {
+      /* BEGIN CONNECT PHASE */
+      char *host_port;
+      Curl_send_buffer *req_buffer;
+
+      infof(data, "Establish HTTP proxy tunnel to %s:%hu\n",
+            hostname, remote_port);
+
+      if(data->req.newurl) {
+        /* This only happens if we've looped here due to authentication
+           reasons, and we don't really use the newly cloned URL here
+           then. Just free() it. */
+        free(data->req.newurl);
+        data->req.newurl = NULL;
+      }
+
+      /* initialize a dynamic send-buffer */
+      req_buffer = Curl_add_buffer_init();
+
+      if(!req_buffer)
+        return CURLE_OUT_OF_MEMORY;
+
+      host_port = aprintf("%s:%hu", hostname, remote_port);
+      if(!host_port) {
+        free(req_buffer);
+        return CURLE_OUT_OF_MEMORY;
+      }
+
+      /* Setup the proxy-authorization header, if any */
+      result = Curl_http_output_auth(conn, "CONNECT", host_port, TRUE);
+
+      free(host_port);
+
+      if(CURLE_OK == result) {
+        char *host=(char *)"";
+        const char *proxyconn="";
+        const char *useragent="";
+        const char *http = (conn->proxytype == CURLPROXY_HTTP_1_0) ?
+          "1.0" : "1.1";
+        char *hostheader= /* host:port with IPv6 support */
+          aprintf("%s%s%s:%hu", conn->bits.ipv6_ip?"[":"",
+                  hostname, conn->bits.ipv6_ip?"]":"",
+                  remote_port);
+        if(!hostheader) {
+          free(req_buffer);
+          return CURLE_OUT_OF_MEMORY;
+        }
+
+        if(!Curl_checkProxyheaders(conn, "Host:")) {
+          host = aprintf("Host: %s\r\n", hostheader);
+          if(!host) {
+            free(hostheader);
+            free(req_buffer);
+            return CURLE_OUT_OF_MEMORY;
+          }
+        }
+        if(!Curl_checkProxyheaders(conn, "Proxy-Connection:"))
+          proxyconn = "Proxy-Connection: Keep-Alive\r\n";
+
+        if(!Curl_checkProxyheaders(conn, "User-Agent:") &&
+           data->set.str[STRING_USERAGENT])
+          useragent = conn->allocptr.uagent;
+
+        result =
+          Curl_add_bufferf(req_buffer,
+                           "CONNECT %s HTTP/%s\r\n"
+                           "%s"  /* Host: */
+                           "%s"  /* Proxy-Authorization */
+                           "%s"  /* User-Agent */
+                           "%s", /* Proxy-Connection */
+                           hostheader,
+                           http,
+                           host,
+                           conn->allocptr.proxyuserpwd?
+                           conn->allocptr.proxyuserpwd:"",
+                           useragent,
+                           proxyconn);
+
+        if(host && *host)
+          free(host);
+        free(hostheader);
+
+        if(CURLE_OK == result)
+          result = Curl_add_custom_headers(conn, TRUE, req_buffer);
+
+        if(CURLE_OK == result)
+          /* CRLF terminate the request */
+          result = Curl_add_bufferf(req_buffer, "\r\n");
+
+        if(CURLE_OK == result) {
+          /* Send the connect request to the proxy */
+          /* BLOCKING */
+          result =
+            Curl_add_buffer_send(req_buffer, conn,
+                                 &data->info.request_size, 0, sockindex);
+        }
+        req_buffer = NULL;
+        if(result)
+          failf(data, "Failed sending CONNECT to proxy");
+      }
+
+      Curl_safefree(req_buffer);
+      if(result)
+        return result;
+
+      conn->tunnel_state[sockindex] = TUNNEL_CONNECT;
+    } /* END CONNECT PHASE */
+
+    check = Curl_timeleft(data, NULL, TRUE);
+    if(check <= 0) {
+      failf(data, "Proxy CONNECT aborted due to timeout");
+      return CURLE_RECV_ERROR;
+    }
+
+    if(0 == Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD, 0))
+      /* return so we'll be called again polling-style */
+      return CURLE_OK;
+    else {
+      DEBUGF(infof(data,
+                   "Read response immediately from proxy CONNECT\n"));
+    }
+
+    /* at this point, the tunnel_connecting phase is over. */
+
+    { /* READING RESPONSE PHASE */
+      size_t nread;   /* total size read */
+      int perline; /* count bytes per line */
+      int keepon=TRUE;
+      ssize_t gotbytes;
+      char *ptr;
+      char *line_start;
+
+      ptr=data->state.buffer;
+      line_start = ptr;
+
+      nread=0;
+      perline=0;
+      keepon=TRUE;
+
+      while((nread<BUFSIZE) && (keepon && !error)) {
+
+        check = Curl_timeleft(data, NULL, TRUE);
+        if(check <= 0) {
+          failf(data, "Proxy CONNECT aborted due to timeout");
+          error = SELECT_TIMEOUT; /* already too little time */
+          break;
+        }
+
+        /* loop every second at least, less if the timeout is near */
+        switch (Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD,
+                                  check<1000L?check:1000)) {
+        case -1: /* select() error, stop reading */
+          error = SELECT_ERROR;
+          failf(data, "Proxy CONNECT aborted due to select/poll error");
+          break;
+        case 0: /* timeout */
+          break;
+        default:
+          DEBUGASSERT(ptr+BUFSIZE-nread <= data->state.buffer+BUFSIZE+1);
+          result = Curl_read(conn, tunnelsocket, ptr, BUFSIZE-nread,
+                             &gotbytes);
+          if(result==CURLE_AGAIN)
+            continue; /* go loop yourself */
+          else if(result)
+            keepon = FALSE;
+          else if(gotbytes <= 0) {
+            keepon = FALSE;
+            if(data->set.proxyauth && data->state.authproxy.avail) {
+              /* proxy auth was requested and there was proxy auth available,
+                 then deem this as "mere" proxy disconnect */
+              conn->bits.proxy_connect_closed = TRUE;
+              infof(data, "Proxy CONNECT connection closed");
+            }
+            else {
+              error = SELECT_ERROR;
+              failf(data, "Proxy CONNECT aborted");
+            }
+          }
+          else {
+            /*
+             * We got a whole chunk of data, which can be anything from one
+             * byte to a set of lines and possibly just a piece of the last
+             * line.
+             */
+            int i;
+
+            nread += gotbytes;
+
+            if(keepon > TRUE) {
+              /* This means we are currently ignoring a response-body */
+
+              nread = 0; /* make next read start over in the read buffer */
+              ptr=data->state.buffer;
+              if(cl) {
+                /* A Content-Length based body: simply count down the counter
+                   and make sure to break out of the loop when we're done! */
+                cl -= gotbytes;
+                if(cl<=0) {
+                  keepon = FALSE;
+                  break;
+                }
+              }
+              else {
+                /* chunked-encoded body, so we need to do the chunked dance
+                   properly to know when the end of the body is reached */
+                CHUNKcode r;
+                ssize_t tookcareof=0;
+
+                /* now parse the chunked piece of data so that we can
+                   properly tell when the stream ends */
+                r = Curl_httpchunk_read(conn, ptr, gotbytes, &tookcareof);
+                if(r == CHUNKE_STOP) {
+                  /* we're done reading chunks! */
+                  infof(data, "chunk reading DONE\n");
+                  keepon = FALSE;
+                  /* we did the full CONNECT treatment, go COMPLETE */
+                  conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
+                }
+                else
+                  infof(data, "Read %zd bytes of chunk, continue\n",
+                        tookcareof);
+              }
+            }
+            else
+              for(i = 0; i < gotbytes; ptr++, i++) {
+                perline++; /* amount of bytes in this line so far */
+                if(*ptr == 0x0a) {
+                  char letter;
+                  int writetype;
+
+                  /* convert from the network encoding */
+                  result = Curl_convert_from_network(data, line_start,
+                                                     perline);
+                  /* Curl_convert_from_network calls failf if unsuccessful */
+                  if(result)
+                    return result;
+
+                  /* output debug if that is requested */
+                  if(data->set.verbose)
+                    Curl_debug(data, CURLINFO_HEADER_IN,
+                               line_start, (size_t)perline, conn);
+
+                  /* send the header to the callback */
+                  writetype = CLIENTWRITE_HEADER;
+                  if(data->set.include_header)
+                    writetype |= CLIENTWRITE_BODY;
+
+                  result = Curl_client_write(conn, writetype, line_start,
+                                             perline);
+
+                  data->info.header_size += (long)perline;
+                  data->req.headerbytecount += (long)perline;
+
+                  if(result)
+                    return result;
+
+                  /* Newlines are CRLF, so the CR is ignored as the line isn't
+                     really terminated until the LF comes. Treat a following CR
+                     as end-of-headers as well.*/
+
+                  if(('\r' == line_start[0]) ||
+                     ('\n' == line_start[0])) {
+                    /* end of response-headers from the proxy */
+                    nread = 0; /* make next read start over in the read
+                                  buffer */
+                    ptr=data->state.buffer;
+                    if((407 == k->httpcode) && !data->state.authproblem) {
+                      /* If we get a 407 response code with content length
+                         when we have no auth problem, we must ignore the
+                         whole response-body */
+                      keepon = 2;
+
+                      if(cl) {
+                        infof(data, "Ignore %" CURL_FORMAT_CURL_OFF_T
+                              " bytes of response-body\n", cl);
+
+                        /* remove the remaining chunk of what we already
+                           read */
+                        cl -= (gotbytes - i);
+
+                        if(cl<=0)
+                          /* if the whole thing was already read, we are done!
+                           */
+                          keepon=FALSE;
+                      }
+                      else if(chunked_encoding) {
+                        CHUNKcode r;
+                        /* We set ignorebody true here since the chunked
+                           decoder function will acknowledge that. Pay
+                           attention so that this is cleared again when this
+                           function returns! */
+                        k->ignorebody = TRUE;
+                        infof(data, "%zd bytes of chunk left\n", gotbytes-i);
+
+                        if(line_start[1] == '\n') {
+                          /* this can only be a LF if the letter at index 0
+                             was a CR */
+                          line_start++;
+                          i++;
+                        }
+
+                        /* now parse the chunked piece of data so that we can
+                           properly tell when the stream ends */
+                        r = Curl_httpchunk_read(conn, line_start+1,
+                                                  gotbytes -i, &gotbytes);
+                        if(r == CHUNKE_STOP) {
+                          /* we're done reading chunks! */
+                          infof(data, "chunk reading DONE\n");
+                          keepon = FALSE;
+                          /* we did the full CONNECT treatment, go to
+                             COMPLETE */
+                          conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
+                        }
+                        else
+                          infof(data, "Read %zd bytes of chunk, continue\n",
+                                gotbytes);
+                      }
+                      else {
+                        /* without content-length or chunked encoding, we
+                           can't keep the connection alive since the close is
+                           the end signal so we bail out at once instead */
+                        keepon=FALSE;
+                      }
+                    }
+                    else {
+                      keepon = FALSE;
+                      if(200 == data->info.httpproxycode) {
+                        if(gotbytes - (i+1))
+                          failf(data, "Proxy CONNECT followed by %zd bytes "
+                                "of opaque data. Data ignored (known bug #39)",
+                                gotbytes - (i+1));
+                      }
+                    }
+                    /* we did the full CONNECT treatment, go to COMPLETE */
+                    conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
+                    break; /* breaks out of for-loop, not switch() */
+                  }
+
+                  /* keep a backup of the position we are about to blank */
+                  letter = line_start[perline];
+                  line_start[perline]=0; /* zero terminate the buffer */
+                  if((checkprefix("WWW-Authenticate:", line_start) &&
+                      (401 == k->httpcode)) ||
+                     (checkprefix("Proxy-authenticate:", line_start) &&
+                      (407 == k->httpcode))) {
+
+                    bool proxy = (k->httpcode == 407) ? TRUE : FALSE;
+                    char *auth = Curl_copy_header_value(line_start);
+                    if(!auth)
+                      return CURLE_OUT_OF_MEMORY;
+
+                    result = Curl_http_input_auth(conn, proxy, auth);
+
+                    Curl_safefree(auth);
+
+                    if(result)
+                      return result;
+                  }
+                  else if(checkprefix("Content-Length:", line_start)) {
+                    cl = curlx_strtoofft(line_start +
+                                         strlen("Content-Length:"), NULL, 10);
+                  }
+                  else if(Curl_compareheader(line_start,
+                                             "Connection:", "close"))
+                    closeConnection = TRUE;
+                  else if(Curl_compareheader(line_start,
+                                             "Transfer-Encoding:",
+                                             "chunked")) {
+                    infof(data, "CONNECT responded chunked\n");
+                    chunked_encoding = TRUE;
+                    /* init our chunky engine */
+                    Curl_httpchunk_init(conn);
+                  }
+                  else if(Curl_compareheader(line_start,
+                                             "Proxy-Connection:", "close"))
+                    closeConnection = TRUE;
+                  else if(2 == sscanf(line_start, "HTTP/1.%d %d",
+                                      &subversion,
+                                      &k->httpcode)) {
+                    /* store the HTTP code from the proxy */
+                    data->info.httpproxycode = k->httpcode;
+                  }
+                  /* put back the letter we blanked out before */
+                  line_start[perline]= letter;
+
+                  perline=0; /* line starts over here */
+                  line_start = ptr+1; /* this skips the zero byte we wrote */
+                }
+              }
+          }
+          break;
+        } /* switch */
+        if(Curl_pgrsUpdate(conn))
+          return CURLE_ABORTED_BY_CALLBACK;
+      } /* while there's buffer left and loop is requested */
+
+      if(error)
+        return CURLE_RECV_ERROR;
+
+      if(data->info.httpproxycode != 200) {
+        /* Deal with the possibly already received authenticate
+           headers. 'newurl' is set to a new URL if we must loop. */
+        result = Curl_http_auth_act(conn);
+        if(result)
+          return result;
+
+        if(conn->bits.close)
+          /* the connection has been marked for closure, most likely in the
+             Curl_http_auth_act() function and thus we can kill it at once
+             below
+          */
+          closeConnection = TRUE;
+      }
+
+      if(closeConnection && data->req.newurl) {
+        /* Connection closed by server. Don't use it anymore */
+        Curl_closesocket(conn, conn->sock[sockindex]);
+        conn->sock[sockindex] = CURL_SOCKET_BAD;
+        break;
+      }
+    } /* END READING RESPONSE PHASE */
+
+    /* If we are supposed to continue and request a new URL, which basically
+     * means the HTTP authentication is still going on so if the tunnel
+     * is complete we start over in INIT state */
+    if(data->req.newurl &&
+       (TUNNEL_COMPLETE == conn->tunnel_state[sockindex])) {
+      conn->tunnel_state[sockindex] = TUNNEL_INIT;
+      infof(data, "TUNNEL_STATE switched to: %d\n",
+            conn->tunnel_state[sockindex]);
+    }
+
+  } while(data->req.newurl);
+
+  if(200 != data->req.httpcode) {
+    if(closeConnection && data->req.newurl) {
+      conn->bits.proxy_connect_closed = TRUE;
+      infof(data, "Connect me again please\n");
+    }
+    else {
+      if(data->req.newurl) {
+        /* this won't be used anymore for the CONNECT so free it now */
+        free(data->req.newurl);
+        data->req.newurl = NULL;
+      }
+      /* failure, close this connection to avoid re-use */
+      connclose(conn, "proxy CONNECT failure");
+      Curl_closesocket(conn, conn->sock[sockindex]);
+      conn->sock[sockindex] = CURL_SOCKET_BAD;
+    }
+
+    /* to back to init state */
+    conn->tunnel_state[sockindex] = TUNNEL_INIT;
+
+    if(conn->bits.proxy_connect_closed)
+      /* this is not an error, just part of the connection negotiation */
+      return CURLE_OK;
+    else {
+      failf(data, "Received HTTP code %d from proxy after CONNECT",
+            data->req.httpcode);
+      return CURLE_RECV_ERROR;
+    }
+  }
+
+  conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
+
+  /* If a proxy-authorization header was used for the proxy, then we should
+     make sure that it isn't accidentally used for the document request
+     after we've connected. So let's free and clear it here. */
+  Curl_safefree(conn->allocptr.proxyuserpwd);
+  conn->allocptr.proxyuserpwd = NULL;
+
+  data->state.authproxy.done = TRUE;
+
+  infof (data, "Proxy replied OK to CONNECT request\n");
+  data->req.ignorebody = FALSE; /* put it (back) to non-ignore state */
+  conn->bits.rewindaftersend = FALSE; /* make sure this isn't set for the
+                                         document request  */
+  return CURLE_OK;
+}
+#endif /* CURL_DISABLE_PROXY */
diff --git a/Utilities/cmcurl/lib/http_proxy.h b/Utilities/cmcurl/lib/http_proxy.h
new file mode 100644
index 0000000..2b5e9c9
--- /dev/null
+++ b/Utilities/cmcurl/lib/http_proxy.h
@@ -0,0 +1,41 @@
+#ifndef HEADER_CURL_HTTP_PROXY_H
+#define HEADER_CURL_HTTP_PROXY_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
+/* ftp can use this as well */
+CURLcode Curl_proxyCONNECT(struct connectdata *conn,
+                           int tunnelsocket,
+                           const char *hostname, int remote_port);
+
+/* Default proxy timeout in milliseconds */
+#define PROXY_TIMEOUT (3600*1000)
+
+CURLcode Curl_proxy_connect(struct connectdata *conn);
+
+#else
+#define Curl_proxyCONNECT(x,y,z,w) CURLE_NOT_BUILT_IN
+#define Curl_proxy_connect(x) CURLE_OK
+#endif
+
+#endif /* HEADER_CURL_HTTP_PROXY_H */
diff --git a/Utilities/cmcurl/lib/idn_win32.c b/Utilities/cmcurl/lib/idn_win32.c
new file mode 100644
index 0000000..464964b
--- /dev/null
+++ b/Utilities/cmcurl/lib/idn_win32.c
@@ -0,0 +1,85 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+ /*
+  * IDN conversions using Windows kernel32 and normaliz libraries.
+  */
+
+#include "curl_setup.h"
+
+#ifdef USE_WIN32_IDN
+
+#include "curl_multibyte.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifdef WANT_IDN_PROTOTYPES
+WINBASEAPI int WINAPI IdnToAscii(DWORD, const WCHAR *, int, WCHAR *, int);
+WINBASEAPI int WINAPI IdnToUnicode(DWORD, const WCHAR *, int, WCHAR *, int);
+#endif
+
+#define IDN_MAX_LENGTH 255
+
+int curl_win32_idn_to_ascii(const char *in, char **out);
+int curl_win32_ascii_to_idn(const char *in, size_t in_len, char **out_utf8);
+
+int curl_win32_idn_to_ascii(const char *in, char **out)
+{
+  wchar_t *in_w = Curl_convert_UTF8_to_wchar(in);
+  if(in_w) {
+    wchar_t punycode[IDN_MAX_LENGTH];
+    if(IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH) == 0) {
+      wprintf(L"ERROR %d converting to Punycode\n", GetLastError());
+      free(in_w);
+      return 0;
+    }
+    free(in_w);
+
+    *out = Curl_convert_wchar_to_UTF8(punycode);
+    if(!*out)
+      return 0;
+  }
+  return 1;
+}
+
+int curl_win32_ascii_to_idn(const char *in, size_t in_len, char **out_utf8)
+{
+  (void)in_len; /* unused */
+  if(in) {
+    WCHAR unicode[IDN_MAX_LENGTH];
+
+    if(IdnToUnicode(0, (wchar_t *)in, -1, unicode, IDN_MAX_LENGTH) == 0) {
+      wprintf(L"ERROR %d converting to Punycode\n", GetLastError());
+      return 0;
+    }
+    else {
+      *out_utf8 = Curl_convert_wchar_to_UTF8(unicode);
+      if(!*out_utf8)
+        return 0;
+    }
+  }
+  return 1;
+}
+
+#endif /* USE_WIN32_IDN */
diff --git a/Utilities/cmcurl/lib/if2ip.c b/Utilities/cmcurl/lib/if2ip.c
new file mode 100644
index 0000000..05ae7d6
--- /dev/null
+++ b/Utilities/cmcurl/lib/if2ip.c
@@ -0,0 +1,218 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#  include <net/if.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#  include <sys/ioctl.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_SYS_SOCKIO_H
+#  include <sys/sockio.h>
+#endif
+#ifdef HAVE_IFADDRS_H
+#  include <ifaddrs.h>
+#endif
+#ifdef HAVE_STROPTS_H
+#  include <stropts.h>
+#endif
+#ifdef __VMS
+#  include <inet.h>
+#endif
+
+#include "inet_ntop.h"
+#include "strequal.h"
+#include "if2ip.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* ------------------------------------------------------------------ */
+
+#if defined(HAVE_GETIFADDRS)
+
+bool Curl_if_is_interface_name(const char *interf)
+{
+  bool result = FALSE;
+
+  struct ifaddrs *iface, *head;
+
+  if(getifaddrs(&head) >= 0) {
+    for(iface=head; iface != NULL; iface=iface->ifa_next) {
+      if(curl_strequal(iface->ifa_name, interf)) {
+        result = TRUE;
+        break;
+      }
+    }
+    freeifaddrs(head);
+  }
+  return result;
+}
+
+if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
+                          const char *interf, char *buf, int buf_size)
+{
+  struct ifaddrs *iface, *head;
+  if2ip_result_t res = IF2IP_NOT_FOUND;
+
+#ifndef ENABLE_IPV6
+  (void) remote_scope;
+#endif
+
+  if(getifaddrs(&head) >= 0) {
+    for(iface=head; iface != NULL; iface=iface->ifa_next) {
+      if(iface->ifa_addr != NULL) {
+        if(iface->ifa_addr->sa_family == af) {
+          if(curl_strequal(iface->ifa_name, interf)) {
+            void *addr;
+            char *ip;
+            char scope[12]="";
+            char ipstr[64];
+#ifdef ENABLE_IPV6
+            if(af == AF_INET6) {
+              unsigned int scopeid = 0;
+              addr = &((struct sockaddr_in6 *)iface->ifa_addr)->sin6_addr;
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+              /* Include the scope of this interface as part of the address */
+              scopeid =
+                ((struct sockaddr_in6 *)iface->ifa_addr)->sin6_scope_id;
+#endif
+              if(scopeid != remote_scope) {
+                /* We are interested only in interface addresses whose
+                   scope ID matches the remote address we want to
+                   connect to: global (0) for global, link-local for
+                   link-local, etc... */
+                if(res == IF2IP_NOT_FOUND) res = IF2IP_AF_NOT_SUPPORTED;
+                continue;
+              }
+              if(scopeid)
+                snprintf(scope, sizeof(scope), "%%%u", scopeid);
+            }
+            else
+#endif
+              addr = &((struct sockaddr_in *)iface->ifa_addr)->sin_addr;
+            res = IF2IP_FOUND;
+            ip = (char *) Curl_inet_ntop(af, addr, ipstr, sizeof(ipstr));
+            snprintf(buf, buf_size, "%s%s", ip, scope);
+            break;
+          }
+        }
+        else if((res == IF2IP_NOT_FOUND) &&
+                curl_strequal(iface->ifa_name, interf)) {
+          res = IF2IP_AF_NOT_SUPPORTED;
+        }
+      }
+    }
+    freeifaddrs(head);
+  }
+  return res;
+}
+
+#elif defined(HAVE_IOCTL_SIOCGIFADDR)
+
+bool Curl_if_is_interface_name(const char *interf)
+{
+  /* This is here just to support the old interfaces */
+  char buf[256];
+
+  return (Curl_if2ip(AF_INET, 0, interf, buf, sizeof(buf)) ==
+          IF2IP_NOT_FOUND) ? FALSE : TRUE;
+}
+
+if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
+                          const char *interf, char *buf, int buf_size)
+{
+  struct ifreq req;
+  struct in_addr in;
+  struct sockaddr_in *s;
+  curl_socket_t dummy;
+  size_t len;
+
+  (void)remote_scope;
+
+  if(!interf || (af != AF_INET))
+    return IF2IP_NOT_FOUND;
+
+  len = strlen(interf);
+  if(len >= sizeof(req.ifr_name))
+    return IF2IP_NOT_FOUND;
+
+  dummy = socket(AF_INET, SOCK_STREAM, 0);
+  if(CURL_SOCKET_BAD == dummy)
+    return IF2IP_NOT_FOUND;
+
+  memset(&req, 0, sizeof(req));
+  memcpy(req.ifr_name, interf, len+1);
+  req.ifr_addr.sa_family = AF_INET;
+
+  if(ioctl(dummy, SIOCGIFADDR, &req) < 0) {
+    sclose(dummy);
+    /* With SIOCGIFADDR, we cannot tell the difference between an interface
+       that does not exist and an interface that has no address of the
+       correct family. Assume the interface does not exist */
+    return IF2IP_NOT_FOUND;
+  }
+
+  s = (struct sockaddr_in *)&req.ifr_addr;
+  memcpy(&in, &s->sin_addr, sizeof(in));
+  Curl_inet_ntop(s->sin_family, &in, buf, buf_size);
+
+  sclose(dummy);
+  return IF2IP_FOUND;
+}
+
+#else
+
+bool Curl_if_is_interface_name(const char *interf)
+{
+  (void) interf;
+
+  return FALSE;
+}
+
+if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
+                          const char *interf, char *buf, int buf_size)
+{
+    (void) af;
+    (void) remote_scope;
+    (void) interf;
+    (void) buf;
+    (void) buf_size;
+    return IF2IP_NOT_FOUND;
+}
+
+#endif
diff --git a/Utilities/cmcurl/if2ip.h b/Utilities/cmcurl/lib/if2ip.h
index 4e86e2b..ac58752 100644
--- a/Utilities/cmcurl/if2ip.h
+++ b/Utilities/cmcurl/lib/if2ip.h
@@ -1,5 +1,5 @@
-#ifndef __IF2IP_H
-#define __IF2IP_H
+#ifndef HEADER_CURL_IF2IP_H
+#define HEADER_CURL_IF2IP_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,14 +20,21 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-#include "setup.h"
+#include "curl_setup.h"
 
-extern char *Curl_if2ip(const char *interf, char *buf, int buf_size);
+bool Curl_if_is_interface_name(const char *interf);
+
+typedef enum {
+  IF2IP_NOT_FOUND = 0, /* Interface not found */
+  IF2IP_AF_NOT_SUPPORTED = 1, /* Int. exists but has no address for this af */
+  IF2IP_FOUND = 2 /* The address has been stored in "buf" */
+} if2ip_result_t;
+
+if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
+                          const char *interf, char *buf, int buf_size);
 
 #ifdef __INTERIX
-#include <sys/socket.h>
 
 /* Nedelcho Stanev's work-around for SFU 3.0 */
 struct ifreq {
@@ -50,7 +57,6 @@ struct ifreq {
 
 /* This define was added by Daniel to avoid an extra #ifdef INTERIX in the
    C code. */
-#define ifr_dstaddr ifr_addr
 
 #define ifr_name ifr_ifrn.ifrn_name /* interface name */
 #define ifr_addr ifr_ifru.ifru_addr /* address */
@@ -62,6 +68,7 @@ struct ifreq {
 #define ifr_mtu ifr_ifru.ifru_mtu /* mtu */
 
 #define SIOCGIFADDR _IOW('s', 102, struct ifreq) /* Get if addr */
-#endif /* interix */
 
-#endif
+#endif /* __INTERIX */
+
+#endif /* HEADER_CURL_IF2IP_H */
diff --git a/Utilities/cmcurl/lib/imap.c b/Utilities/cmcurl/lib/imap.c
new file mode 100644
index 0000000..9fc4728
--- /dev/null
+++ b/Utilities/cmcurl/lib/imap.c
@@ -0,0 +1,2893 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC2195 CRAM-MD5 authentication
+ * RFC2595 Using TLS with IMAP, POP3 and ACAP
+ * RFC2831 DIGEST-MD5 authentication
+ * RFC3501 IMAPv4 protocol
+ * RFC4422 Simple Authentication and Security Layer (SASL)
+ * RFC4616 PLAIN authentication
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
+ * RFC4959 IMAP Extension for SASL Initial Client Response
+ * RFC5092 IMAP URL Scheme
+ * RFC6749 OAuth 2.0 Authorization Framework
+ * Draft   LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_IMAP
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
+#undef in_addr_t
+#define in_addr_t unsigned long
+#endif
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "sendf.h"
+#include "if2ip.h"
+#include "hostip.h"
+#include "progress.h"
+#include "transfer.h"
+#include "escape.h"
+#include "http.h" /* for HTTP proxy tunnel stuff */
+#include "socks.h"
+#include "imap.h"
+
+#include "strtoofft.h"
+#include "strequal.h"
+#include "vtls/vtls.h"
+#include "connect.h"
+#include "strerror.h"
+#include "select.h"
+#include "multiif.h"
+#include "url.h"
+#include "rawstr.h"
+#include "curl_sasl.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* Local API functions */
+static CURLcode imap_regular_transfer(struct connectdata *conn, bool *done);
+static CURLcode imap_do(struct connectdata *conn, bool *done);
+static CURLcode imap_done(struct connectdata *conn, CURLcode status,
+                          bool premature);
+static CURLcode imap_connect(struct connectdata *conn, bool *done);
+static CURLcode imap_disconnect(struct connectdata *conn, bool dead);
+static CURLcode imap_multi_statemach(struct connectdata *conn, bool *done);
+static int imap_getsock(struct connectdata *conn, curl_socket_t *socks,
+                        int numsocks);
+static CURLcode imap_doing(struct connectdata *conn, bool *dophase_done);
+static CURLcode imap_setup_connection(struct connectdata *conn);
+static char *imap_atom(const char *str);
+static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...);
+static CURLcode imap_parse_url_options(struct connectdata *conn);
+static CURLcode imap_parse_url_path(struct connectdata *conn);
+static CURLcode imap_parse_custom_request(struct connectdata *conn);
+static CURLcode imap_calc_sasl_details(struct connectdata *conn,
+                                       const char **mech,
+                                       char **initresp, size_t *len,
+                                       imapstate *state1, imapstate *state2);
+
+/*
+ * IMAP protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_imap = {
+  "IMAP",                           /* scheme */
+  imap_setup_connection,            /* setup_connection */
+  imap_do,                          /* do_it */
+  imap_done,                        /* done */
+  ZERO_NULL,                        /* do_more */
+  imap_connect,                     /* connect_it */
+  imap_multi_statemach,             /* connecting */
+  imap_doing,                       /* doing */
+  imap_getsock,                     /* proto_getsock */
+  imap_getsock,                     /* doing_getsock */
+  ZERO_NULL,                        /* domore_getsock */
+  ZERO_NULL,                        /* perform_getsock */
+  imap_disconnect,                  /* disconnect */
+  ZERO_NULL,                        /* readwrite */
+  PORT_IMAP,                        /* defport */
+  CURLPROTO_IMAP,                   /* protocol */
+  PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD  /* flags */
+};
+
+#ifdef USE_SSL
+/*
+ * IMAPS protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_imaps = {
+  "IMAPS",                          /* scheme */
+  imap_setup_connection,            /* setup_connection */
+  imap_do,                          /* do_it */
+  imap_done,                        /* done */
+  ZERO_NULL,                        /* do_more */
+  imap_connect,                     /* connect_it */
+  imap_multi_statemach,             /* connecting */
+  imap_doing,                       /* doing */
+  imap_getsock,                     /* proto_getsock */
+  imap_getsock,                     /* doing_getsock */
+  ZERO_NULL,                        /* domore_getsock */
+  ZERO_NULL,                        /* perform_getsock */
+  imap_disconnect,                  /* disconnect */
+  ZERO_NULL,                        /* readwrite */
+  PORT_IMAPS,                       /* defport */
+  CURLPROTO_IMAPS,                  /* protocol */
+  PROTOPT_CLOSEACTION | PROTOPT_SSL |
+  PROTOPT_NEEDSPWD                  /* flags */
+};
+#endif
+
+#ifndef CURL_DISABLE_HTTP
+/*
+ * HTTP-proxyed IMAP protocol handler.
+ */
+
+static const struct Curl_handler Curl_handler_imap_proxy = {
+  "IMAP",                               /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_IMAP,                            /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+#ifdef USE_SSL
+/*
+ * HTTP-proxyed IMAPS protocol handler.
+ */
+
+static const struct Curl_handler Curl_handler_imaps_proxy = {
+  "IMAPS",                              /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_IMAPS,                           /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+#endif
+#endif
+
+#ifdef USE_SSL
+static void imap_to_imaps(struct connectdata *conn)
+{
+  conn->handler = &Curl_handler_imaps;
+}
+#else
+#define imap_to_imaps(x) Curl_nop_stmt
+#endif
+
+/***********************************************************************
+ *
+ * imap_matchresp()
+ *
+ * Determines whether the untagged response is related to the specified
+ * command by checking if it is in format "* <command-name> ..." or
+ * "* <number> <command-name> ...".
+ *
+ * The "* " marker is assumed to have already been checked by the caller.
+ */
+static bool imap_matchresp(const char *line, size_t len, const char *cmd)
+{
+  const char *end = line + len;
+  size_t cmd_len = strlen(cmd);
+
+  /* Skip the untagged response marker */
+  line += 2;
+
+  /* Do we have a number after the marker? */
+  if(line < end && ISDIGIT(*line)) {
+    /* Skip the number */
+    do
+      line++;
+    while(line < end && ISDIGIT(*line));
+
+    /* Do we have the space character? */
+    if(line == end || *line != ' ')
+      return FALSE;
+
+    line++;
+  }
+
+  /* Does the command name match and is it followed by a space character or at
+     the end of line? */
+  if(line + cmd_len <= end && Curl_raw_nequal(line, cmd, cmd_len) &&
+     (line[cmd_len] == ' ' || line + cmd_len + 2 == end))
+    return TRUE;
+
+  return FALSE;
+}
+
+/***********************************************************************
+ *
+ * imap_endofresp()
+ *
+ * Checks whether the given string is a valid tagged, untagged or continuation
+ * response which can be processed by the response handler.
+ */
+static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
+                           int *resp)
+{
+  struct IMAP *imap = conn->data->req.protop;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  const char *id = imapc->resptag;
+  size_t id_len = strlen(id);
+
+  /* Do we have a tagged command response? */
+  if(len >= id_len + 1 && !memcmp(id, line, id_len) && line[id_len] == ' ') {
+    line += id_len + 1;
+    len -= id_len + 1;
+
+    if(len >= 2 && !memcmp(line, "OK", 2))
+      *resp = 'O';
+    else if(len >= 2 && !memcmp(line, "NO", 2))
+      *resp = 'N';
+    else if(len >= 3 && !memcmp(line, "BAD", 3))
+      *resp = 'B';
+    else {
+      failf(conn->data, "Bad tagged response");
+      *resp = -1;
+    }
+
+    return TRUE;
+  }
+
+  /* Do we have an untagged command response? */
+  if(len >= 2 && !memcmp("* ", line, 2)) {
+    switch(imapc->state) {
+      /* States which are interested in untagged responses */
+      case IMAP_CAPABILITY:
+        if(!imap_matchresp(line, len, "CAPABILITY"))
+          return FALSE;
+        break;
+
+      case IMAP_LIST:
+        if((!imap->custom && !imap_matchresp(line, len, "LIST")) ||
+          (imap->custom && !imap_matchresp(line, len, imap->custom) &&
+           (strcmp(imap->custom, "STORE") ||
+            !imap_matchresp(line, len, "FETCH")) &&
+           strcmp(imap->custom, "SELECT") &&
+           strcmp(imap->custom, "EXAMINE") &&
+           strcmp(imap->custom, "SEARCH") &&
+           strcmp(imap->custom, "EXPUNGE") &&
+           strcmp(imap->custom, "LSUB") &&
+           strcmp(imap->custom, "UID") &&
+           strcmp(imap->custom, "NOOP")))
+          return FALSE;
+        break;
+
+      case IMAP_SELECT:
+        /* SELECT is special in that its untagged responses do not have a
+           common prefix so accept anything! */
+        break;
+
+      case IMAP_FETCH:
+        if(!imap_matchresp(line, len, "FETCH"))
+          return FALSE;
+        break;
+
+      case IMAP_SEARCH:
+        if(!imap_matchresp(line, len, "SEARCH"))
+          return FALSE;
+        break;
+
+      /* Ignore other untagged responses */
+      default:
+        return FALSE;
+    }
+
+    *resp = '*';
+    return TRUE;
+  }
+
+  /* Do we have a continuation response? This should be a + symbol followed by
+     a space and optionally some text as per RFC-3501 for the AUTHENTICATE and
+     APPEND commands and as outlined in Section 4. Examples of RFC-4959 but
+     some e-mail servers ignore this and only send a single + instead. */
+  if((len == 3 && !memcmp("+", line, 1)) ||
+     (len >= 2 && !memcmp("+ ", line, 2))) {
+    switch(imapc->state) {
+      /* States which are interested in continuation responses */
+      case IMAP_AUTHENTICATE_PLAIN:
+      case IMAP_AUTHENTICATE_LOGIN:
+      case IMAP_AUTHENTICATE_LOGIN_PASSWD:
+      case IMAP_AUTHENTICATE_CRAMMD5:
+      case IMAP_AUTHENTICATE_DIGESTMD5:
+      case IMAP_AUTHENTICATE_DIGESTMD5_RESP:
+      case IMAP_AUTHENTICATE_NTLM:
+      case IMAP_AUTHENTICATE_NTLM_TYPE2MSG:
+      case IMAP_AUTHENTICATE_XOAUTH2:
+      case IMAP_AUTHENTICATE_FINAL:
+      case IMAP_APPEND:
+        *resp = '+';
+        break;
+
+      default:
+        failf(conn->data, "Unexpected continuation response");
+        *resp = -1;
+        break;
+    }
+
+    return TRUE;
+  }
+
+  return FALSE; /* Nothing for us */
+}
+
+/***********************************************************************
+ *
+ * imap_get_message()
+ *
+ * Gets the authentication message from the response buffer.
+ */
+static void imap_get_message(char *buffer, char** outptr)
+{
+  size_t len = 0;
+  char* message = NULL;
+
+  /* Find the start of the message */
+  for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
+    ;
+
+  /* Find the end of the message */
+  for(len = strlen(message); len--;)
+    if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
+        message[len] != '\t')
+      break;
+
+  /* Terminate the message */
+  if(++len) {
+    message[len] = '\0';
+  }
+
+  *outptr = message;
+}
+
+/***********************************************************************
+ *
+ * state()
+ *
+ * This is the ONLY way to change IMAP state!
+ */
+static void state(struct connectdata *conn, imapstate newstate)
+{
+  struct imap_conn *imapc = &conn->proto.imapc;
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+  /* for debug purposes */
+  static const char * const names[]={
+    "STOP",
+    "SERVERGREET",
+    "CAPABILITY",
+    "STARTTLS",
+    "UPGRADETLS",
+    "AUTHENTICATE_PLAIN",
+    "AUTHENTICATE_LOGIN",
+    "AUTHENTICATE_LOGIN_PASSWD",
+    "AUTHENTICATE_CRAMMD5",
+    "AUTHENTICATE_DIGESTMD5",
+    "AUTHENTICATE_DIGESTMD5_RESP",
+    "AUTHENTICATE_NTLM",
+    "AUTHENTICATE_NTLM_TYPE2MSG",
+    "AUTHENTICATE_GSSAPI",
+    "AUTHENTICATE_GSSAPI_TOKEN",
+    "AUTHENTICATE_GSSAPI_NO_DATA",
+    "AUTHENTICATE_XOAUTH2",
+    "AUTHENTICATE_CANCEL",
+    "AUTHENTICATE_FINAL",
+    "LOGIN",
+    "LIST",
+    "SELECT",
+    "FETCH",
+    "FETCH_FINAL",
+    "APPEND",
+    "APPEND_FINAL",
+    "SEARCH",
+    "LOGOUT",
+    /* LAST */
+  };
+
+  if(imapc->state != newstate)
+    infof(conn->data, "IMAP %p state change from %s to %s\n",
+          (void *)imapc, names[imapc->state], names[newstate]);
+#endif
+
+  imapc->state = newstate;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_capability()
+ *
+ * Sends the CAPABILITY command in order to obtain a list of server side
+ * supported capabilities.
+ */
+static CURLcode imap_perform_capability(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct imap_conn *imapc = &conn->proto.imapc;
+
+  imapc->authmechs = 0;         /* No known authentication mechanisms yet */
+  imapc->authused = 0;          /* Clear the authentication mechanism used */
+  imapc->tls_supported = FALSE; /* Clear the TLS capability */
+
+  /* Send the CAPABILITY command */
+  result = imap_sendf(conn, "CAPABILITY");
+
+  if(!result)
+    state(conn, IMAP_CAPABILITY);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_starttls()
+ *
+ * Sends the STARTTLS command to start the upgrade to TLS.
+ */
+static CURLcode imap_perform_starttls(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  /* Send the STARTTLS command */
+  result = imap_sendf(conn, "STARTTLS");
+
+  if(!result)
+    state(conn, IMAP_STARTTLS);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_upgrade_tls()
+ *
+ * Performs the upgrade to TLS.
+ */
+static CURLcode imap_perform_upgrade_tls(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct imap_conn *imapc = &conn->proto.imapc;
+
+  /* Start the SSL connection */
+  result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &imapc->ssldone);
+
+  if(!result) {
+    if(imapc->state != IMAP_UPGRADETLS)
+      state(conn, IMAP_UPGRADETLS);
+
+    if(imapc->ssldone) {
+      imap_to_imaps(conn);
+      result = imap_perform_capability(conn);
+    }
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_login()
+ *
+ * Sends a clear text LOGIN command to authenticate with.
+ */
+static CURLcode imap_perform_login(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  char *user;
+  char *passwd;
+
+  /* Check we have a username and password to authenticate with and end the
+     connect phase if we don't */
+  if(!conn->bits.user_passwd) {
+    state(conn, IMAP_STOP);
+
+    return result;
+  }
+
+  /* Make sure the username and password are in the correct atom format */
+  user = imap_atom(conn->user);
+  passwd = imap_atom(conn->passwd);
+
+  /* Send the LOGIN command */
+  result = imap_sendf(conn, "LOGIN %s %s", user ? user : "",
+                      passwd ? passwd : "");
+
+  Curl_safefree(user);
+  Curl_safefree(passwd);
+
+  if(!result)
+    state(conn, IMAP_LOGIN);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_authenticate()
+ *
+ * Sends an AUTHENTICATE command allowing the client to login with the given
+ * SASL authentication mechanism.
+ */
+static CURLcode imap_perform_authenticate(struct connectdata *conn,
+                                          const char *mech,
+                                          const char *initresp,
+                                          imapstate state1, imapstate state2)
+{
+  CURLcode result = CURLE_OK;
+
+  if(initresp) {
+    /* Send the AUTHENTICATE command with the initial response */
+    result = imap_sendf(conn, "AUTHENTICATE %s %s", mech, initresp);
+
+    if(!result)
+      state(conn, state2);
+  }
+  else {
+    /* Send the AUTHENTICATE command */
+    result = imap_sendf(conn, "AUTHENTICATE %s", mech);
+
+    if(!result)
+      state(conn, state1);
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_authentication()
+ *
+ * Initiates the authentication sequence, with the appropriate SASL
+ * authentication mechanism, falling back to clear text should a common
+ * mechanism not be available between the client and server.
+ */
+static CURLcode imap_perform_authentication(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  const char *mech = NULL;
+  char *initresp = NULL;
+  size_t len = 0;
+  imapstate state1 = IMAP_STOP;
+  imapstate state2 = IMAP_STOP;
+
+  /* Check we have a username and password to authenticate with and end the
+     connect phase if we don't */
+  if(!conn->bits.user_passwd) {
+    state(conn, IMAP_STOP);
+
+    return result;
+  }
+
+  /* Calculate the SASL login details */
+  result = imap_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+                                  &state2);
+
+  if(!result) {
+    if(mech && (imapc->preftype & IMAP_TYPE_SASL)) {
+      /* Perform SASL based authentication */
+      result = imap_perform_authenticate(conn, mech, initresp, state1, state2);
+
+      Curl_safefree(initresp);
+    }
+    else if((!imapc->login_disabled) &&
+            (imapc->preftype & IMAP_TYPE_CLEARTEXT))
+      /* Perform clear text authentication */
+      result = imap_perform_login(conn);
+    else {
+      /* Other mechanisms not supported */
+      infof(conn->data, "No known authentication mechanisms supported!\n");
+      result = CURLE_LOGIN_DENIED;
+    }
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_list()
+ *
+ * Sends a LIST command or an alternative custom request.
+ */
+static CURLcode imap_perform_list(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct IMAP *imap = data->req.protop;
+  char *mailbox;
+
+  if(imap->custom)
+    /* Send the custom request */
+    result = imap_sendf(conn, "%s%s", imap->custom,
+                        imap->custom_params ? imap->custom_params : "");
+  else {
+    /* Make sure the mailbox is in the correct atom format */
+    mailbox = imap_atom(imap->mailbox ? imap->mailbox : "");
+    if(!mailbox)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* Send the LIST command */
+    result = imap_sendf(conn, "LIST \"%s\" *", mailbox);
+
+    Curl_safefree(mailbox);
+  }
+
+  if(!result)
+    state(conn, IMAP_LIST);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_select()
+ *
+ * Sends a SELECT command to ask the server to change the selected mailbox.
+ */
+static CURLcode imap_perform_select(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct IMAP *imap = data->req.protop;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  char *mailbox;
+
+  /* Invalidate old information as we are switching mailboxes */
+  Curl_safefree(imapc->mailbox);
+  Curl_safefree(imapc->mailbox_uidvalidity);
+
+  /* Check we have a mailbox */
+  if(!imap->mailbox) {
+    failf(conn->data, "Cannot SELECT without a mailbox.");
+    return CURLE_URL_MALFORMAT;
+  }
+
+  /* Make sure the mailbox is in the correct atom format */
+  mailbox = imap_atom(imap->mailbox);
+  if(!mailbox)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Send the SELECT command */
+  result = imap_sendf(conn, "SELECT %s", mailbox);
+
+  Curl_safefree(mailbox);
+
+  if(!result)
+    state(conn, IMAP_SELECT);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_fetch()
+ *
+ * Sends a FETCH command to initiate the download of a message.
+ */
+static CURLcode imap_perform_fetch(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct IMAP *imap = conn->data->req.protop;
+
+  /* Check we have a UID */
+  if(!imap->uid) {
+    failf(conn->data, "Cannot FETCH without a UID.");
+    return CURLE_URL_MALFORMAT;
+  }
+
+  /* Send the FETCH command */
+  if(imap->partial)
+    result = imap_sendf(conn, "FETCH %s BODY[%s]<%s>",
+                        imap->uid,
+                        imap->section ? imap->section : "",
+                        imap->partial);
+  else
+    result = imap_sendf(conn, "FETCH %s BODY[%s]",
+                        imap->uid,
+                        imap->section ? imap->section : "");
+
+  if(!result)
+    state(conn, IMAP_FETCH);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_append()
+ *
+ * Sends an APPEND command to initiate the upload of a message.
+ */
+static CURLcode imap_perform_append(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct IMAP *imap = conn->data->req.protop;
+  char *mailbox;
+
+  /* Check we have a mailbox */
+  if(!imap->mailbox) {
+    failf(conn->data, "Cannot APPEND without a mailbox.");
+    return CURLE_URL_MALFORMAT;
+  }
+
+  /* Check we know the size of the upload */
+  if(conn->data->state.infilesize < 0) {
+    failf(conn->data, "Cannot APPEND with unknown input file size\n");
+    return CURLE_UPLOAD_FAILED;
+  }
+
+  /* Make sure the mailbox is in the correct atom format */
+  mailbox = imap_atom(imap->mailbox);
+  if(!mailbox)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Send the APPEND command */
+  result = imap_sendf(conn, "APPEND %s (\\Seen) {%" CURL_FORMAT_CURL_OFF_T "}",
+                      mailbox, conn->data->state.infilesize);
+
+  Curl_safefree(mailbox);
+
+  if(!result)
+    state(conn, IMAP_APPEND);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_search()
+ *
+ * Sends a SEARCH command.
+ */
+static CURLcode imap_perform_search(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct IMAP *imap = conn->data->req.protop;
+
+  /* Check we have a query string */
+  if(!imap->query) {
+    failf(conn->data, "Cannot SEARCH without a query string.");
+    return CURLE_URL_MALFORMAT;
+  }
+
+  /* Send the SEARCH command */
+  result = imap_sendf(conn, "SEARCH %s", imap->query);
+
+  if(!result)
+    state(conn, IMAP_SEARCH);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform_logout()
+ *
+ * Performs the logout action prior to sclose() being called.
+ */
+static CURLcode imap_perform_logout(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  /* Send the LOGOUT command */
+  result = imap_sendf(conn, "LOGOUT");
+
+  if(!result)
+    state(conn, IMAP_LOGOUT);
+
+  return result;
+}
+
+/* For the initial server greeting */
+static CURLcode imap_state_servergreet_resp(struct connectdata *conn,
+                                            int imapcode,
+                                            imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != 'O') {
+    failf(data, "Got unexpected imap-server response");
+    result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: fix this code */
+  }
+  else
+    result = imap_perform_capability(conn);
+
+  return result;
+}
+
+/* For CAPABILITY responses */
+static CURLcode imap_state_capability_resp(struct connectdata *conn,
+                                           int imapcode,
+                                           imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  const char *line = data->state.buffer;
+  size_t wordlen;
+
+  (void)instate; /* no use for this yet */
+
+  /* Do we have a untagged response? */
+  if(imapcode == '*') {
+    line += 2;
+
+    /* Loop through the data line */
+    for(;;) {
+      while(*line &&
+            (*line == ' ' || *line == '\t' ||
+              *line == '\r' || *line == '\n')) {
+
+        line++;
+      }
+
+      if(!*line)
+        break;
+
+      /* Extract the word */
+      for(wordlen = 0; line[wordlen] && line[wordlen] != ' ' &&
+            line[wordlen] != '\t' && line[wordlen] != '\r' &&
+            line[wordlen] != '\n';)
+        wordlen++;
+
+      /* Does the server support the STARTTLS capability? */
+      if(wordlen == 8 && !memcmp(line, "STARTTLS", 8))
+        imapc->tls_supported = TRUE;
+
+      /* Has the server explicitly disabled clear text authentication? */
+      else if(wordlen == 13 && !memcmp(line, "LOGINDISABLED", 13))
+        imapc->login_disabled = TRUE;
+
+      /* Does the server support the SASL-IR capability? */
+      else if(wordlen == 7 && !memcmp(line, "SASL-IR", 7))
+        imapc->ir_supported = TRUE;
+
+      /* Do we have a SASL based authentication mechanism? */
+      else if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) {
+        line += 5;
+        wordlen -= 5;
+
+        /* Test the word for a matching authentication mechanism */
+        if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))
+          imapc->authmechs |= SASL_MECH_LOGIN;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))
+          imapc->authmechs |= SASL_MECH_PLAIN;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))
+          imapc->authmechs |= SASL_MECH_CRAM_MD5;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))
+          imapc->authmechs |= SASL_MECH_DIGEST_MD5;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))
+          imapc->authmechs |= SASL_MECH_GSSAPI;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))
+          imapc->authmechs |= SASL_MECH_EXTERNAL;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))
+          imapc->authmechs |= SASL_MECH_NTLM;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))
+          imapc->authmechs |= SASL_MECH_XOAUTH2;
+      }
+
+      line += wordlen;
+    }
+  }
+  else if(imapcode == 'O') {
+    if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+      /* We don't have a SSL/TLS connection yet, but SSL is requested */
+      if(imapc->tls_supported)
+        /* Switch to TLS connection now */
+        result = imap_perform_starttls(conn);
+      else if(data->set.use_ssl == CURLUSESSL_TRY)
+        /* Fallback and carry on with authentication */
+        result = imap_perform_authentication(conn);
+      else {
+        failf(data, "STARTTLS not supported.");
+        result = CURLE_USE_SSL_FAILED;
+      }
+    }
+    else
+      result = imap_perform_authentication(conn);
+  }
+  else
+    result = imap_perform_authentication(conn);
+
+  return result;
+}
+
+/* For STARTTLS responses */
+static CURLcode imap_state_starttls_resp(struct connectdata *conn,
+                                         int imapcode,
+                                         imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != 'O') {
+    if(data->set.use_ssl != CURLUSESSL_TRY) {
+      failf(data, "STARTTLS denied. %c", imapcode);
+      result = CURLE_USE_SSL_FAILED;
+    }
+    else
+      result = imap_perform_authentication(conn);
+  }
+  else
+    result = imap_perform_upgrade_tls(conn);
+
+  return result;
+}
+
+/* For AUTHENTICATE PLAIN (without initial response) responses */
+static CURLcode imap_state_auth_plain_resp(struct connectdata *conn,
+                                           int imapcode,
+                                           imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *plainauth = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied. %c", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the authorisation message */
+    result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
+                                            &plainauth, &len);
+    if(!result && plainauth) {
+      /* Send the message */
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", plainauth);
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE_FINAL);
+    }
+  }
+
+  Curl_safefree(plainauth);
+
+  return result;
+}
+
+/* For AUTHENTICATE LOGIN (without initial response) responses */
+static CURLcode imap_state_auth_login_resp(struct connectdata *conn,
+                                           int imapcode,
+                                           imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *authuser = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the user message */
+    result = Curl_sasl_create_login_message(data, conn->user,
+                                            &authuser, &len);
+    if(!result && authuser) {
+      /* Send the user */
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", authuser);
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE_LOGIN_PASSWD);
+    }
+  }
+
+  Curl_safefree(authuser);
+
+  return result;
+}
+
+/* For AUTHENTICATE LOGIN user entry responses */
+static CURLcode imap_state_auth_login_password_resp(struct connectdata *conn,
+                                                    int imapcode,
+                                                    imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *authpasswd = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the password message */
+    result = Curl_sasl_create_login_message(data, conn->passwd,
+                                            &authpasswd, &len);
+    if(!result && authpasswd) {
+      /* Send the password */
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", authpasswd);
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE_FINAL);
+    }
+  }
+
+  Curl_safefree(authpasswd);
+
+  return result;
+}
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* For AUTHENTICATE CRAM-MD5 responses */
+static CURLcode imap_state_auth_cram_resp(struct connectdata *conn,
+                                          int imapcode,
+                                          imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlg = NULL;
+  char *chlg64 = NULL;
+  char *rplyb64 = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Get the challenge message */
+  imap_get_message(data->state.buffer, &chlg64);
+
+  /* Decode the challenge message */
+  result = Curl_sasl_decode_cram_md5_message(chlg64, &chlg, &len);
+  if(result) {
+    /* Send the cancellation */
+    result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*");
+
+    if(!result)
+      state(conn, IMAP_AUTHENTICATE_CANCEL);
+  }
+  else {
+    /* Create the response message */
+    result = Curl_sasl_create_cram_md5_message(data, chlg, conn->user,
+                                               conn->passwd, &rplyb64, &len);
+    if(!result && rplyb64) {
+      /* Send the response */
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64);
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE_FINAL);
+    }
+  }
+
+  Curl_safefree(chlg);
+  Curl_safefree(rplyb64);
+
+  return result;
+}
+
+/* For AUTHENTICATE DIGEST-MD5 challenge responses */
+static CURLcode imap_state_auth_digest_resp(struct connectdata *conn,
+                                            int imapcode,
+                                            imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlg64 = NULL;
+  char *rplyb64 = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Get the challenge message */
+  imap_get_message(data->state.buffer, &chlg64);
+
+  /* Create the response message */
+  result = Curl_sasl_create_digest_md5_message(data, chlg64,
+                                               conn->user, conn->passwd,
+                                               "imap", &rplyb64, &len);
+  if(result) {
+    if(result == CURLE_BAD_CONTENT_ENCODING) {
+      /* Send the cancellation */
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*");
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE_CANCEL);
+    }
+  }
+  else {
+    /* Send the response */
+    result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64);
+
+    if(!result)
+      state(conn, IMAP_AUTHENTICATE_DIGESTMD5_RESP);
+  }
+
+  Curl_safefree(rplyb64);
+
+  return result;
+}
+
+/* For AUTHENTICATE DIGEST-MD5 challenge-response responses */
+static CURLcode imap_state_auth_digest_resp_resp(struct connectdata *conn,
+                                                 int imapcode,
+                                                 imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Authentication failed: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Send an empty response */
+    result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "");
+
+    if(!result)
+      state(conn, IMAP_AUTHENTICATE_FINAL);
+  }
+
+  return result;
+}
+#endif
+
+#ifdef USE_NTLM
+/* For AUTHENTICATE NTLM (without initial response) responses */
+static CURLcode imap_state_auth_ntlm_resp(struct connectdata *conn,
+                                          int imapcode,
+                                          imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *type1msg = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the type-1 message */
+    result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
+                                                 &conn->ntlm,
+                                                 &type1msg, &len);
+    if(!result && type1msg) {
+      /* Send the message */
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", type1msg);
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE_NTLM_TYPE2MSG);
+    }
+  }
+
+  Curl_safefree(type1msg);
+
+  return result;
+}
+
+/* For NTLM type-2 responses (sent in reponse to our type-1 message) */
+static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
+                                                   int imapcode,
+                                                   imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *type2msg = NULL;
+  char *type3msg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Get the challenge message */
+    imap_get_message(data->state.buffer, &type2msg);
+
+    /* Decode the type-2 message */
+    result = Curl_sasl_decode_ntlm_type2_message(data, type2msg, &conn->ntlm);
+    if(result) {
+      /* Send the cancellation */
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*");
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE_CANCEL);
+    }
+    else {
+      /* Create the type-3 message */
+      result = Curl_sasl_create_ntlm_type3_message(data, conn->user,
+                                                   conn->passwd, &conn->ntlm,
+                                                   &type3msg, &len);
+      if(!result && type3msg) {
+        /* Send the message */
+        result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", type3msg);
+
+        if(!result)
+          state(conn, IMAP_AUTHENTICATE_FINAL);
+      }
+    }
+  }
+
+  Curl_safefree(type3msg);
+
+  return result;
+}
+#endif
+
+#if defined(USE_WINDOWS_SSPI)
+/* For AUTHENTICATE GSSAPI (without initial response) responses */
+static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn,
+                                            int imapcode,
+                                            imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  size_t len = 0;
+  char *respmsg = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the initial response message */
+    result = Curl_sasl_create_gssapi_user_message(data, conn->user,
+                                                  conn->passwd, "imap",
+                                                  imapc->mutual_auth,
+                                                  NULL, &conn->krb5,
+                                                  &respmsg, &len);
+    if(!result && respmsg) {
+      /* Send the message */
+      result = Curl_pp_sendf(&imapc->pp, "%s", respmsg);
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE_GSSAPI_TOKEN);
+    }
+  }
+
+  Curl_safefree(respmsg);
+
+  return result;
+}
+
+/* For AUTHENTICATE GSSAPI user token responses */
+static CURLcode imap_state_auth_gssapi_token_resp(struct connectdata *conn,
+                                                  int imapcode,
+                                                  imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  char *chlgmsg = NULL;
+  char *respmsg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Get the challenge message */
+    imap_get_message(data->state.buffer, &chlgmsg);
+
+    if(imapc->mutual_auth)
+      /* Decode the user token challenge and create the optional response
+         message */
+      result = Curl_sasl_create_gssapi_user_message(data, NULL, NULL, NULL,
+                                                    imapc->mutual_auth,
+                                                    chlgmsg, &conn->krb5,
+                                                    &respmsg, &len);
+    else
+      /* Decode the security challenge and create the response message */
+      result = Curl_sasl_create_gssapi_security_message(data, chlgmsg,
+                                                        &conn->krb5,
+                                                        &respmsg, &len);
+
+    if(result) {
+      if(result == CURLE_BAD_CONTENT_ENCODING) {
+        /* Send the cancellation */
+        result = Curl_pp_sendf(&imapc->pp, "%s", "*");
+
+        if(!result)
+          state(conn, IMAP_AUTHENTICATE_CANCEL);
+      }
+    }
+    else {
+      /* Send the response */
+      if(respmsg)
+        result = Curl_pp_sendf(&imapc->pp, "%s", respmsg);
+      else
+        result = Curl_pp_sendf(&imapc->pp, "%s", "");
+
+      if(!result)
+        state(conn, (imapc->mutual_auth ? IMAP_AUTHENTICATE_GSSAPI_NO_DATA :
+                                          IMAP_AUTHENTICATE_FINAL));
+    }
+  }
+
+  Curl_safefree(respmsg);
+
+  return result;
+}
+
+/* For AUTHENTICATE GSSAPI no data responses */
+static CURLcode imap_state_auth_gssapi_no_data_resp(struct connectdata *conn,
+                                                    int imapcode,
+                                                    imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlgmsg = NULL;
+  char *respmsg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Get the challenge message */
+    imap_get_message(data->state.buffer, &chlgmsg);
+
+    /* Decode the security challenge and create the response message */
+    result = Curl_sasl_create_gssapi_security_message(data, chlgmsg,
+                                                      &conn->krb5,
+                                                      &respmsg, &len);
+    if(result) {
+      if(result == CURLE_BAD_CONTENT_ENCODING) {
+        /* Send the cancellation */
+        result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*");
+
+        if(!result)
+          state(conn, IMAP_AUTHENTICATE_CANCEL);
+      }
+    }
+    else {
+      /* Send the response */
+      if(respmsg) {
+        result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", respmsg);
+
+        if(!result)
+          state(conn, IMAP_AUTHENTICATE_FINAL);
+      }
+    }
+  }
+
+  Curl_safefree(respmsg);
+
+  return result;
+}
+#endif
+
+/* For AUTHENTICATE XOAUTH2 (without initial response) responses */
+static CURLcode imap_state_auth_xoauth2_resp(struct connectdata *conn,
+                                             int imapcode,
+                                             imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *xoauth = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the authorisation message */
+    result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
+                                              conn->xoauth2_bearer,
+                                              &xoauth, &len);
+    if(!result && xoauth) {
+      /* Send the message */
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", xoauth);
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE_FINAL);
+    }
+  }
+
+  Curl_safefree(xoauth);
+
+  return result;
+}
+
+/* For AUTHENTICATE cancellation responses */
+static CURLcode imap_state_auth_cancel_resp(struct connectdata *conn,
+                                            int imapcode,
+                                            imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  const char *mech = NULL;
+  char *initresp = NULL;
+  size_t len = 0;
+  imapstate state1 = IMAP_STOP;
+  imapstate state2 = IMAP_STOP;
+
+  (void)imapcode;
+  (void)instate; /* no use for this yet */
+
+  /* Remove the offending mechanism from the supported list */
+  imapc->authmechs ^= imapc->authused;
+
+  /* Calculate alternative SASL login details */
+  result = imap_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+                                  &state2);
+
+  if(!result) {
+    /* Do we have any mechanisms left or can we fallback to clear text? */
+    if(mech) {
+      /* Retry SASL based authentication */
+      result = imap_perform_authenticate(conn, mech, initresp, state1, state2);
+
+      Curl_safefree(initresp);
+    }
+    else if((!imapc->login_disabled) &&
+            (imapc->preftype & IMAP_TYPE_CLEARTEXT))
+      /* Perform clear text authentication */
+      result = imap_perform_login(conn);
+    else {
+      failf(data, "Authentication cancelled");
+
+      result = CURLE_LOGIN_DENIED;
+    }
+  }
+
+  return result;
+}
+
+/* For final responses in the AUTHENTICATE sequence */
+static CURLcode imap_state_auth_final_resp(struct connectdata *conn,
+                                           int imapcode,
+                                           imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != 'O') {
+    failf(data, "Authentication failed: %d", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else
+    /* End of connect phase */
+    state(conn, IMAP_STOP);
+
+  return result;
+}
+
+/* For LOGIN responses */
+static CURLcode imap_state_login_resp(struct connectdata *conn,
+                                      int imapcode,
+                                      imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != 'O') {
+    failf(data, "Access denied. %c", imapcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else
+    /* End of connect phase */
+    state(conn, IMAP_STOP);
+
+  return result;
+}
+
+/* For LIST responses */
+static CURLcode imap_state_list_resp(struct connectdata *conn, int imapcode,
+                                     imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  char *line = conn->data->state.buffer;
+  size_t len = strlen(line);
+
+  (void)instate; /* No use for this yet */
+
+  if(imapcode == '*') {
+    /* Temporarily add the LF character back and send as body to the client */
+    line[len] = '\n';
+    result = Curl_client_write(conn, CLIENTWRITE_BODY, line, len + 1);
+    line[len] = '\0';
+  }
+  else if(imapcode != 'O')
+    result = CURLE_QUOTE_ERROR; /* TODO: Fix error code */
+  else
+    /* End of DO phase */
+    state(conn, IMAP_STOP);
+
+  return result;
+}
+
+/* For SELECT responses */
+static CURLcode imap_state_select_resp(struct connectdata *conn, int imapcode,
+                                       imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct IMAP *imap = conn->data->req.protop;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  const char *line = data->state.buffer;
+  char tmp[20];
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode == '*') {
+    /* See if this is an UIDVALIDITY response */
+    if(sscanf(line + 2, "OK [UIDVALIDITY %19[0123456789]]", tmp) == 1) {
+      Curl_safefree(imapc->mailbox_uidvalidity);
+      imapc->mailbox_uidvalidity = strdup(tmp);
+    }
+  }
+  else if(imapcode == 'O') {
+    /* Check if the UIDVALIDITY has been specified and matches */
+    if(imap->uidvalidity && imapc->mailbox_uidvalidity &&
+       strcmp(imap->uidvalidity, imapc->mailbox_uidvalidity)) {
+      failf(conn->data, "Mailbox UIDVALIDITY has changed");
+      result = CURLE_REMOTE_FILE_NOT_FOUND;
+    }
+    else {
+      /* Note the currently opened mailbox on this connection */
+      imapc->mailbox = strdup(imap->mailbox);
+
+      if(imap->custom)
+        result = imap_perform_list(conn);
+      else if(imap->query)
+        result = imap_perform_search(conn);
+      else
+        result = imap_perform_fetch(conn);
+    }
+  }
+  else {
+    failf(data, "Select failed");
+    result = CURLE_LOGIN_DENIED;
+  }
+
+  return result;
+}
+
+/* For the (first line of the) FETCH responses */
+static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
+                                      imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  struct pingpong *pp = &imapc->pp;
+  const char *ptr = data->state.buffer;
+  bool parsed = FALSE;
+  curl_off_t size;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '*') {
+    Curl_pgrsSetDownloadSize(data, -1);
+    state(conn, IMAP_STOP);
+    return CURLE_REMOTE_FILE_NOT_FOUND; /* TODO: Fix error code */
+  }
+
+  /* Something like this is received "* 1 FETCH (BODY[TEXT] {2021}\r" so parse
+     the continuation data contained within the curly brackets */
+  while(*ptr && (*ptr != '{'))
+    ptr++;
+
+  if(*ptr == '{') {
+    char *endptr;
+    size = curlx_strtoofft(ptr + 1, &endptr, 10);
+    if(endptr - ptr > 1 && endptr[0] == '}' &&
+       endptr[1] == '\r' && endptr[2] == '\0')
+      parsed = TRUE;
+  }
+
+  if(parsed) {
+    infof(data, "Found %" CURL_FORMAT_CURL_OFF_TU " bytes to download\n",
+          size);
+    Curl_pgrsSetDownloadSize(data, size);
+
+    if(pp->cache) {
+      /* At this point there is a bunch of data in the header "cache" that is
+         actually body content, send it as body and then skip it. Do note
+         that there may even be additional "headers" after the body. */
+      size_t chunk = pp->cache_size;
+
+      if(chunk > (size_t)size)
+        /* The conversion from curl_off_t to size_t is always fine here */
+        chunk = (size_t)size;
+
+      result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk);
+      if(result)
+        return result;
+
+      data->req.bytecount += chunk;
+
+      infof(data, "Written %" CURL_FORMAT_CURL_OFF_TU
+            " bytes, %" CURL_FORMAT_CURL_OFF_TU
+            " bytes are left for transfer\n", (curl_off_t)chunk,
+            size - chunk);
+
+      /* Have we used the entire cache or just part of it?*/
+      if(pp->cache_size > chunk) {
+        /* Only part of it so shrink the cache to fit the trailing data */
+        memmove(pp->cache, pp->cache + chunk, pp->cache_size - chunk);
+        pp->cache_size -= chunk;
+      }
+      else {
+        /* Free the cache */
+        Curl_safefree(pp->cache);
+
+        /* Reset the cache size */
+        pp->cache_size = 0;
+      }
+    }
+
+    if(data->req.bytecount == size)
+      /* The entire data is already transferred! */
+      Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+    else {
+      /* IMAP download */
+      data->req.maxdownload = size;
+      Curl_setup_transfer(conn, FIRSTSOCKET, size, FALSE, NULL, -1, NULL);
+    }
+  }
+  else {
+    /* We don't know how to parse this line */
+    failf(pp->conn->data, "Failed to parse FETCH response.");
+    result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: fix this code */
+  }
+
+  /* End of DO phase */
+  state(conn, IMAP_STOP);
+
+  return result;
+}
+
+/* For final FETCH responses performed after the download */
+static CURLcode imap_state_fetch_final_resp(struct connectdata *conn,
+                                            int imapcode,
+                                            imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+
+  (void)instate; /* No use for this yet */
+
+  if(imapcode != 'O')
+    result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: Fix error code */
+  else
+    /* End of DONE phase */
+    state(conn, IMAP_STOP);
+
+  return result;
+}
+
+/* For APPEND responses */
+static CURLcode imap_state_append_resp(struct connectdata *conn, int imapcode,
+                                       imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* No use for this yet */
+
+  if(imapcode != '+') {
+    result = CURLE_UPLOAD_FAILED;
+  }
+  else {
+    /* Set the progress upload size */
+    Curl_pgrsSetUploadSize(data, data->state.infilesize);
+
+    /* IMAP upload */
+    Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
+
+    /* End of DO phase */
+    state(conn, IMAP_STOP);
+  }
+
+  return result;
+}
+
+/* For final APPEND responses performed after the upload */
+static CURLcode imap_state_append_final_resp(struct connectdata *conn,
+                                             int imapcode,
+                                             imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+
+  (void)instate; /* No use for this yet */
+
+  if(imapcode != 'O')
+    result = CURLE_UPLOAD_FAILED;
+  else
+    /* End of DONE phase */
+    state(conn, IMAP_STOP);
+
+  return result;
+}
+
+/* For SEARCH responses */
+static CURLcode imap_state_search_resp(struct connectdata *conn, int imapcode,
+                                       imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  char *line = conn->data->state.buffer;
+  size_t len = strlen(line);
+
+  (void)instate; /* No use for this yet */
+
+  if(imapcode == '*') {
+    /* Temporarily add the LF character back and send as body to the client */
+    line[len] = '\n';
+    result = Curl_client_write(conn, CLIENTWRITE_BODY, line, len + 1);
+    line[len] = '\0';
+  }
+  else if(imapcode != 'O')
+    result = CURLE_QUOTE_ERROR; /* TODO: Fix error code */
+  else
+    /* End of DO phase */
+    state(conn, IMAP_STOP);
+
+  return result;
+}
+
+static CURLcode imap_statemach_act(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  curl_socket_t sock = conn->sock[FIRSTSOCKET];
+  int imapcode;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  struct pingpong *pp = &imapc->pp;
+  size_t nread = 0;
+
+  /* Busy upgrading the connection; right now all I/O is SSL/TLS, not IMAP */
+  if(imapc->state == IMAP_UPGRADETLS)
+    return imap_perform_upgrade_tls(conn);
+
+  /* Flush any data that needs to be sent */
+  if(pp->sendleft)
+    return Curl_pp_flushsend(pp);
+
+  do {
+    /* Read the response from the server */
+    result = Curl_pp_readresp(sock, pp, &imapcode, &nread);
+    if(result)
+      return result;
+
+    /* Was there an error parsing the response line? */
+    if(imapcode == -1)
+      return CURLE_FTP_WEIRD_SERVER_REPLY;
+
+    if(!imapcode)
+      break;
+
+    /* We have now received a full IMAP server response */
+    switch(imapc->state) {
+    case IMAP_SERVERGREET:
+      result = imap_state_servergreet_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_CAPABILITY:
+      result = imap_state_capability_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_STARTTLS:
+      result = imap_state_starttls_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_PLAIN:
+      result = imap_state_auth_plain_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_LOGIN:
+      result = imap_state_auth_login_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_LOGIN_PASSWD:
+      result = imap_state_auth_login_password_resp(conn, imapcode,
+                                                   imapc->state);
+      break;
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+    case IMAP_AUTHENTICATE_CRAMMD5:
+      result = imap_state_auth_cram_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_DIGESTMD5:
+      result = imap_state_auth_digest_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_DIGESTMD5_RESP:
+      result = imap_state_auth_digest_resp_resp(conn, imapcode, imapc->state);
+      break;
+#endif
+
+#ifdef USE_NTLM
+    case IMAP_AUTHENTICATE_NTLM:
+      result = imap_state_auth_ntlm_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_NTLM_TYPE2MSG:
+      result = imap_state_auth_ntlm_type2msg_resp(conn, imapcode,
+                                                  imapc->state);
+      break;
+#endif
+
+#if defined(USE_WINDOWS_SSPI)
+    case IMAP_AUTHENTICATE_GSSAPI:
+      result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_GSSAPI_TOKEN:
+      result = imap_state_auth_gssapi_token_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_GSSAPI_NO_DATA:
+      result = imap_state_auth_gssapi_no_data_resp(conn, imapcode,
+                                                   imapc->state);
+      break;
+#endif
+
+    case IMAP_AUTHENTICATE_XOAUTH2:
+      result = imap_state_auth_xoauth2_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_CANCEL:
+      result = imap_state_auth_cancel_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_AUTHENTICATE_FINAL:
+      result = imap_state_auth_final_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_LOGIN:
+      result = imap_state_login_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_LIST:
+      result = imap_state_list_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_SELECT:
+      result = imap_state_select_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_FETCH:
+      result = imap_state_fetch_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_FETCH_FINAL:
+      result = imap_state_fetch_final_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_APPEND:
+      result = imap_state_append_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_APPEND_FINAL:
+      result = imap_state_append_final_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_SEARCH:
+      result = imap_state_search_resp(conn, imapcode, imapc->state);
+      break;
+
+    case IMAP_LOGOUT:
+      /* fallthrough, just stop! */
+    default:
+      /* internal error */
+      state(conn, IMAP_STOP);
+      break;
+    }
+  } while(!result && imapc->state != IMAP_STOP && Curl_pp_moredata(pp));
+
+  return result;
+}
+
+/* Called repeatedly until done from multi.c */
+static CURLcode imap_multi_statemach(struct connectdata *conn, bool *done)
+{
+  CURLcode result = CURLE_OK;
+  struct imap_conn *imapc = &conn->proto.imapc;
+
+  if((conn->handler->flags & PROTOPT_SSL) && !imapc->ssldone) {
+    result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &imapc->ssldone);
+    if(result || !imapc->ssldone)
+      return result;
+  }
+
+  result = Curl_pp_statemach(&imapc->pp, FALSE);
+  *done = (imapc->state == IMAP_STOP) ? TRUE : FALSE;
+
+  return result;
+}
+
+static CURLcode imap_block_statemach(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct imap_conn *imapc = &conn->proto.imapc;
+
+  while(imapc->state != IMAP_STOP && !result)
+    result = Curl_pp_statemach(&imapc->pp, TRUE);
+
+  return result;
+}
+
+/* Allocate and initialize the struct IMAP for the current SessionHandle if
+   required */
+static CURLcode imap_init(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct IMAP *imap;
+
+  imap = data->req.protop = calloc(sizeof(struct IMAP), 1);
+  if(!imap)
+    result = CURLE_OUT_OF_MEMORY;
+
+  return result;
+}
+
+/* For the IMAP "protocol connect" and "doing" phases only */
+static int imap_getsock(struct connectdata *conn, curl_socket_t *socks,
+                        int numsocks)
+{
+  return Curl_pp_getsock(&conn->proto.imapc.pp, socks, numsocks);
+}
+
+/***********************************************************************
+ *
+ * imap_connect()
+ *
+ * This function should do everything that is to be considered a part of the
+ * connection phase.
+ *
+ * The variable 'done' points to will be TRUE if the protocol-layer connect
+ * phase is done when this function returns, or FALSE if not.
+ */
+static CURLcode imap_connect(struct connectdata *conn, bool *done)
+{
+  CURLcode result = CURLE_OK;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  struct pingpong *pp = &imapc->pp;
+
+  *done = FALSE; /* default to not done yet */
+
+  /* We always support persistent connections in IMAP */
+  connkeep(conn, "IMAP default");
+
+  /* Set the default response time-out */
+  pp->response_time = RESP_TIMEOUT;
+  pp->statemach_act = imap_statemach_act;
+  pp->endofresp = imap_endofresp;
+  pp->conn = conn;
+
+  /* Set the default preferred authentication type and mechanism */
+  imapc->preftype = IMAP_TYPE_ANY;
+  imapc->prefmech = SASL_AUTH_ANY;
+
+  /* Initialise the pingpong layer */
+  Curl_pp_init(pp);
+
+  /* Parse the URL options */
+  result = imap_parse_url_options(conn);
+  if(result)
+    return result;
+
+  /* Start off waiting for the server greeting response */
+  state(conn, IMAP_SERVERGREET);
+
+  /* Start off with an response id of '*' */
+  strcpy(imapc->resptag, "*");
+
+  result = imap_multi_statemach(conn, done);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_done()
+ *
+ * The DONE function. This does what needs to be done after a single DO has
+ * performed.
+ *
+ * Input argument is already checked for validity.
+ */
+static CURLcode imap_done(struct connectdata *conn, CURLcode status,
+                          bool premature)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct IMAP *imap = data->req.protop;
+
+  (void)premature;
+
+  if(!imap)
+    /* When the easy handle is removed from the multi interface while libcurl
+       is still trying to resolve the host name, the IMAP struct is not yet
+       initialized. However, the removal action calls Curl_done() which in
+       turn calls this function, so we simply return success. */
+    return CURLE_OK;
+
+  if(status) {
+    connclose(conn, "IMAP done with bad status"); /* marked for closure */
+    result = status;         /* use the already set error code */
+  }
+  else if(!data->set.connect_only && !imap->custom &&
+          (imap->uid || data->set.upload)) {
+    /* Handle responses after FETCH or APPEND transfer has finished */
+    if(!data->set.upload)
+      state(conn, IMAP_FETCH_FINAL);
+    else {
+      /* End the APPEND command first by sending an empty line */
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "");
+      if(!result)
+        state(conn, IMAP_APPEND_FINAL);
+    }
+
+    /* Run the state-machine
+
+       TODO: when the multi interface is used, this _really_ should be using
+       the imap_multi_statemach function but we have no general support for
+       non-blocking DONE operations, not in the multi state machine and with
+       Curl_done() invokes on several places in the code!
+    */
+    if(!result)
+      result = imap_block_statemach(conn);
+  }
+
+  /* Cleanup our per-request based variables */
+  Curl_safefree(imap->mailbox);
+  Curl_safefree(imap->uidvalidity);
+  Curl_safefree(imap->uid);
+  Curl_safefree(imap->section);
+  Curl_safefree(imap->partial);
+  Curl_safefree(imap->query);
+  Curl_safefree(imap->custom);
+  Curl_safefree(imap->custom_params);
+
+  /* Clear the transfer mode for the next request */
+  imap->transfer = FTPTRANSFER_BODY;
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_perform()
+ *
+ * This is the actual DO function for IMAP. Fetch or append a message, or do
+ * other things according to the options previously setup.
+ */
+static CURLcode imap_perform(struct connectdata *conn, bool *connected,
+                             bool *dophase_done)
+{
+  /* This is IMAP and no proxy */
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct IMAP *imap = data->req.protop;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  bool selected = FALSE;
+
+  DEBUGF(infof(conn->data, "DO phase starts\n"));
+
+  if(conn->data->set.opt_no_body) {
+    /* Requested no body means no transfer */
+    imap->transfer = FTPTRANSFER_INFO;
+  }
+
+  *dophase_done = FALSE; /* not done yet */
+
+  /* Determine if the requested mailbox (with the same UIDVALIDITY if set)
+     has already been selected on this connection */
+  if(imap->mailbox && imapc->mailbox &&
+     !strcmp(imap->mailbox, imapc->mailbox) &&
+     (!imap->uidvalidity || !imapc->mailbox_uidvalidity ||
+      !strcmp(imap->uidvalidity, imapc->mailbox_uidvalidity)))
+    selected = TRUE;
+
+  /* Start the first command in the DO phase */
+  if(conn->data->set.upload)
+    /* APPEND can be executed directly */
+    result = imap_perform_append(conn);
+  else if(imap->custom && (selected || !imap->mailbox))
+    /* Custom command using the same mailbox or no mailbox */
+    result = imap_perform_list(conn);
+  else if(!imap->custom && selected && imap->uid)
+    /* FETCH from the same mailbox */
+    result = imap_perform_fetch(conn);
+  else if(!imap->custom && selected && imap->query)
+    /* SEARCH the current mailbox */
+    result = imap_perform_search(conn);
+  else if(imap->mailbox && !selected &&
+         (imap->custom || imap->uid || imap->query))
+    /* SELECT the mailbox */
+    result = imap_perform_select(conn);
+  else
+    /* LIST */
+    result = imap_perform_list(conn);
+
+  if(result)
+    return result;
+
+  /* Run the state-machine */
+  result = imap_multi_statemach(conn, dophase_done);
+
+  *connected = conn->bits.tcpconnect[FIRSTSOCKET];
+
+  if(*dophase_done)
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_do()
+ *
+ * This function is registered as 'curl_do' function. It decodes the path
+ * parts etc as a wrapper to the actual DO function (imap_perform).
+ *
+ * The input argument is already checked for validity.
+ */
+static CURLcode imap_do(struct connectdata *conn, bool *done)
+{
+  CURLcode result = CURLE_OK;
+
+  *done = FALSE; /* default to false */
+
+  /* Parse the URL path */
+  result = imap_parse_url_path(conn);
+  if(result)
+    return result;
+
+  /* Parse the custom request */
+  result = imap_parse_custom_request(conn);
+  if(result)
+    return result;
+
+  result = imap_regular_transfer(conn, done);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_disconnect()
+ *
+ * Disconnect from an IMAP server. Cleanup protocol-specific per-connection
+ * resources. BLOCKING.
+ */
+static CURLcode imap_disconnect(struct connectdata *conn, bool dead_connection)
+{
+  struct imap_conn *imapc = &conn->proto.imapc;
+
+  /* We cannot send quit unconditionally. If this connection is stale or
+     bad in any way, sending quit and waiting around here will make the
+     disconnect wait in vain and cause more problems than we need to. */
+
+  /* The IMAP session may or may not have been allocated/setup at this
+     point! */
+  if(!dead_connection && imapc->pp.conn && imapc->pp.conn->bits.protoconnstart)
+    if(!imap_perform_logout(conn))
+      (void)imap_block_statemach(conn); /* ignore errors on LOGOUT */
+
+  /* Disconnect from the server */
+  Curl_pp_disconnect(&imapc->pp);
+
+  /* Cleanup the SASL module */
+  Curl_sasl_cleanup(conn, imapc->authused);
+
+  /* Cleanup our connection based variables */
+  Curl_safefree(imapc->mailbox);
+  Curl_safefree(imapc->mailbox_uidvalidity);
+
+  return CURLE_OK;
+}
+
+/* Call this when the DO phase has completed */
+static CURLcode imap_dophase_done(struct connectdata *conn, bool connected)
+{
+  struct IMAP *imap = conn->data->req.protop;
+
+  (void)connected;
+
+  if(imap->transfer != FTPTRANSFER_BODY)
+    /* no data to transfer */
+    Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+
+  return CURLE_OK;
+}
+
+/* Called from multi.c while DOing */
+static CURLcode imap_doing(struct connectdata *conn, bool *dophase_done)
+{
+  CURLcode result = imap_multi_statemach(conn, dophase_done);
+
+  if(result)
+    DEBUGF(infof(conn->data, "DO phase failed\n"));
+  else if(*dophase_done) {
+    result = imap_dophase_done(conn, FALSE /* not connected */);
+
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_regular_transfer()
+ *
+ * The input argument is already checked for validity.
+ *
+ * Performs all commands done before a regular transfer between a local and a
+ * remote host.
+ */
+static CURLcode imap_regular_transfer(struct connectdata *conn,
+                                      bool *dophase_done)
+{
+  CURLcode result = CURLE_OK;
+  bool connected = FALSE;
+  struct SessionHandle *data = conn->data;
+
+  /* Make sure size is unknown at this point */
+  data->req.size = -1;
+
+  /* Set the progress data */
+  Curl_pgrsSetUploadCounter(data, 0);
+  Curl_pgrsSetDownloadCounter(data, 0);
+  Curl_pgrsSetUploadSize(data, -1);
+  Curl_pgrsSetDownloadSize(data, -1);
+
+  /* Carry out the perform */
+  result = imap_perform(conn, &connected, dophase_done);
+
+  /* Perform post DO phase operations if necessary */
+  if(!result && *dophase_done)
+    result = imap_dophase_done(conn, connected);
+
+  return result;
+}
+
+static CURLcode imap_setup_connection(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+
+  /* Initialise the IMAP layer */
+  CURLcode result = imap_init(conn);
+  if(result)
+    return result;
+
+  if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) {
+    /* Unless we have asked to tunnel IMAP operations through the proxy, we
+       switch and use HTTP operations only */
+#ifndef CURL_DISABLE_HTTP
+    if(conn->handler == &Curl_handler_imap)
+      conn->handler = &Curl_handler_imap_proxy;
+    else {
+#ifdef USE_SSL
+      conn->handler = &Curl_handler_imaps_proxy;
+#else
+      failf(data, "IMAPS not supported!");
+      return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+    }
+
+    /* set it up as an HTTP connection instead */
+    return conn->handler->setup_connection(conn);
+#else
+    failf(data, "IMAP over http proxy requires HTTP support built-in!");
+    return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+  }
+
+  data->state.path++;   /* don't include the initial slash */
+
+  return CURLE_OK;
+}
+
+/***********************************************************************
+ *
+ * imap_sendf()
+ *
+ * Sends the formated string as an IMAP command to the server.
+ *
+ * Designed to never block.
+ */
+static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...)
+{
+  CURLcode result = CURLE_OK;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  char *taggedfmt;
+  va_list ap;
+
+  DEBUGASSERT(fmt);
+
+  /* Calculate the next command ID wrapping at 3 digits */
+  imapc->cmdid = (imapc->cmdid + 1) % 1000;
+
+  /* Calculate the tag based on the connection ID and command ID */
+  snprintf(imapc->resptag, sizeof(imapc->resptag), "%c%03d",
+           'A' + curlx_sltosi(conn->connection_id % 26), imapc->cmdid);
+
+  /* Prefix the format with the tag */
+  taggedfmt = aprintf("%s %s", imapc->resptag, fmt);
+  if(!taggedfmt)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Send the data with the tag */
+  va_start(ap, fmt);
+  result = Curl_pp_vsendf(&imapc->pp, taggedfmt, ap);
+  va_end(ap);
+
+  Curl_safefree(taggedfmt);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_atom()
+ *
+ * Checks the input string for characters that need escaping and returns an
+ * atom ready for sending to the server.
+ *
+ * The returned string needs to be freed.
+ *
+ */
+static char *imap_atom(const char *str)
+{
+  const char *p1;
+  char *p2;
+  size_t backsp_count = 0;
+  size_t quote_count = 0;
+  bool space_exists = FALSE;
+  size_t newlen = 0;
+  char *newstr = NULL;
+
+  if(!str)
+    return NULL;
+
+  /* Count any unescapped characters */
+  p1 = str;
+  while(*p1) {
+    if(*p1 == '\\')
+      backsp_count++;
+    else if(*p1 == '"')
+      quote_count++;
+    else if(*p1 == ' ')
+      space_exists = TRUE;
+
+    p1++;
+  }
+
+  /* Does the input contain any unescapped characters? */
+  if(!backsp_count && !quote_count && !space_exists)
+    return strdup(str);
+
+  /* Calculate the new string length */
+  newlen = strlen(str) + backsp_count + quote_count + (space_exists ? 2 : 0);
+
+  /* Allocate the new string */
+  newstr = (char *) malloc((newlen + 1) * sizeof(char));
+  if(!newstr)
+    return NULL;
+
+  /* Surround the string in quotes if necessary */
+  p2 = newstr;
+  if(space_exists) {
+    newstr[0] = '"';
+    newstr[newlen - 1] = '"';
+    p2++;
+  }
+
+  /* Copy the string, escaping backslash and quote characters along the way */
+  p1 = str;
+  while(*p1) {
+    if(*p1 == '\\' || *p1 == '"') {
+      *p2 = '\\';
+      p2++;
+    }
+
+   *p2 = *p1;
+
+    p1++;
+    p2++;
+  }
+
+  /* Terminate the string */
+  newstr[newlen] = '\0';
+
+  return newstr;
+}
+
+/***********************************************************************
+ *
+ * imap_is_bchar()
+ *
+ * Portable test of whether the specified char is a "bchar" as defined in the
+ * grammar of RFC-5092.
+ */
+static bool imap_is_bchar(char ch)
+{
+  switch(ch) {
+    /* bchar */
+    case ':': case '@': case '/':
+    /* bchar -> achar */
+    case '&': case '=':
+    /* bchar -> achar -> uchar -> unreserved */
+    case '0': case '1': case '2': case '3': case '4': case '5': case '6':
+    case '7': case '8': case '9':
+    case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'G':
+    case 'H': case 'I': case 'J': case 'K': case 'L': case 'M': case 'N':
+    case 'O': case 'P': case 'Q': case 'R': case 'S': case 'T': case 'U':
+    case 'V': case 'W': case 'X': case 'Y': case 'Z':
+    case 'a': case 'b': case 'c': case 'd': case 'e': case 'f': case 'g':
+    case 'h': case 'i': case 'j': case 'k': case 'l': case 'm': case 'n':
+    case 'o': case 'p': case 'q': case 'r': case 's': case 't': case 'u':
+    case 'v': case 'w': case 'x': case 'y': case 'z':
+    case '-': case '.': case '_': case '~':
+    /* bchar -> achar -> uchar -> sub-delims-sh */
+    case '!': case '$': case '\'': case '(': case ')': case '*':
+    case '+': case ',':
+    /* bchar -> achar -> uchar -> pct-encoded */
+    case '%': /* HEXDIG chars are already included above */
+      return true;
+
+    default:
+      return false;
+  }
+}
+
+/***********************************************************************
+ *
+ * imap_parse_url_options()
+ *
+ * Parse the URL login options.
+ */
+static CURLcode imap_parse_url_options(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct imap_conn *imapc = &conn->proto.imapc;
+  const char *options = conn->options;
+  const char *ptr = options;
+  bool reset = TRUE;
+
+  while(ptr && *ptr) {
+    const char *key = ptr;
+
+    while(*ptr && *ptr != '=')
+        ptr++;
+
+    if(strnequal(key, "AUTH", 4)) {
+      size_t len = 0;
+      const char *value = ++ptr;
+
+      if(reset) {
+        reset = FALSE;
+        imapc->preftype = IMAP_TYPE_NONE;
+        imapc->prefmech = SASL_AUTH_NONE;
+      }
+
+      while(*ptr && *ptr != ';') {
+        ptr++;
+        len++;
+      }
+
+      if(strnequal(value, "*", len)) {
+        imapc->preftype = IMAP_TYPE_ANY;
+        imapc->prefmech = SASL_AUTH_ANY;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_LOGIN, len)) {
+        imapc->preftype = IMAP_TYPE_SASL;
+        imapc->prefmech |= SASL_MECH_LOGIN;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_PLAIN, len)) {
+        imapc->preftype = IMAP_TYPE_SASL;
+        imapc->prefmech |= SASL_MECH_PLAIN;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_CRAM_MD5, len)) {
+        imapc->preftype = IMAP_TYPE_SASL;
+        imapc->prefmech |= SASL_MECH_CRAM_MD5;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_DIGEST_MD5, len)) {
+        imapc->preftype = IMAP_TYPE_SASL;
+        imapc->prefmech |= SASL_MECH_DIGEST_MD5;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_GSSAPI, len)) {
+        imapc->preftype = IMAP_TYPE_SASL;
+        imapc->prefmech |= SASL_MECH_GSSAPI;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_NTLM, len)) {
+        imapc->preftype = IMAP_TYPE_SASL;
+        imapc->prefmech |= SASL_MECH_NTLM;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_XOAUTH2, len)) {
+        imapc->preftype = IMAP_TYPE_SASL;
+        imapc->prefmech |= SASL_MECH_XOAUTH2;
+      }
+
+      if(*ptr == ';')
+        ptr++;
+    }
+    else
+      result = CURLE_URL_MALFORMAT;
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_parse_url_path()
+ *
+ * Parse the URL path into separate path components.
+ *
+ */
+static CURLcode imap_parse_url_path(struct connectdata *conn)
+{
+  /* The imap struct is already initialised in imap_connect() */
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct IMAP *imap = data->req.protop;
+  const char *begin = data->state.path;
+  const char *ptr = begin;
+
+  /* See how much of the URL is a valid path and decode it */
+  while(imap_is_bchar(*ptr))
+    ptr++;
+
+  if(ptr != begin) {
+    /* Remove the trailing slash if present */
+    const char *end = ptr;
+    if(end > begin && end[-1] == '/')
+      end--;
+
+    result = Curl_urldecode(data, begin, end - begin, &imap->mailbox, NULL,
+                            TRUE);
+    if(result)
+      return result;
+  }
+  else
+    imap->mailbox = NULL;
+
+  /* There can be any number of parameters in the form ";NAME=VALUE" */
+  while(*ptr == ';') {
+    char *name;
+    char *value;
+    size_t valuelen;
+
+    /* Find the length of the name parameter */
+    begin = ++ptr;
+    while(*ptr && *ptr != '=')
+      ptr++;
+
+    if(!*ptr)
+      return CURLE_URL_MALFORMAT;
+
+    /* Decode the name parameter */
+    result = Curl_urldecode(data, begin, ptr - begin, &name, NULL, TRUE);
+    if(result)
+      return result;
+
+    /* Find the length of the value parameter */
+    begin = ++ptr;
+    while(imap_is_bchar(*ptr))
+      ptr++;
+
+    /* Decode the value parameter */
+    result = Curl_urldecode(data, begin, ptr - begin, &value, &valuelen, TRUE);
+    if(result) {
+      Curl_safefree(name);
+      return result;
+    }
+
+    DEBUGF(infof(conn->data, "IMAP URL parameter '%s' = '%s'\n", name, value));
+
+    /* Process the known hierarchical parameters (UIDVALIDITY, UID, SECTION and
+       PARTIAL) stripping of the trailing slash character if it is present.
+
+       Note: Unknown parameters trigger a URL_MALFORMAT error. */
+    if(Curl_raw_equal(name, "UIDVALIDITY") && !imap->uidvalidity) {
+      if(valuelen > 0 && value[valuelen - 1] == '/')
+        value[valuelen - 1] = '\0';
+
+      imap->uidvalidity = value;
+      value = NULL;
+    }
+    else if(Curl_raw_equal(name, "UID") && !imap->uid) {
+      if(valuelen > 0 && value[valuelen - 1] == '/')
+        value[valuelen - 1] = '\0';
+
+      imap->uid = value;
+      value = NULL;
+    }
+    else if(Curl_raw_equal(name, "SECTION") && !imap->section) {
+      if(valuelen > 0 && value[valuelen - 1] == '/')
+        value[valuelen - 1] = '\0';
+
+      imap->section = value;
+      value = NULL;
+    }
+    else if(Curl_raw_equal(name, "PARTIAL") && !imap->partial) {
+      if(valuelen > 0 && value[valuelen - 1] == '/')
+        value[valuelen - 1] = '\0';
+
+      imap->partial = value;
+      value = NULL;
+    }
+    else {
+      Curl_safefree(name);
+      Curl_safefree(value);
+
+      return CURLE_URL_MALFORMAT;
+    }
+
+    Curl_safefree(name);
+    Curl_safefree(value);
+  }
+
+  /* Does the URL contain a query parameter? Only valid when we have a mailbox
+     and no UID as per RFC-5092 */
+  if(imap->mailbox && !imap->uid && *ptr == '?') {
+    /* Find the length of the query parameter */
+    begin = ++ptr;
+    while(imap_is_bchar(*ptr))
+      ptr++;
+
+    /* Decode the query parameter */
+    result = Curl_urldecode(data, begin, ptr - begin, &imap->query, NULL,
+                            TRUE);
+    if(result)
+      return result;
+  }
+
+  /* Any extra stuff at the end of the URL is an error */
+  if(*ptr)
+    return CURLE_URL_MALFORMAT;
+
+  return CURLE_OK;
+}
+
+/***********************************************************************
+ *
+ * imap_parse_custom_request()
+ *
+ * Parse the custom request.
+ */
+static CURLcode imap_parse_custom_request(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct IMAP *imap = data->req.protop;
+  const char *custom = data->set.str[STRING_CUSTOMREQUEST];
+
+  if(custom) {
+    /* URL decode the custom request */
+    result = Curl_urldecode(data, custom, 0, &imap->custom, NULL, TRUE);
+
+    /* Extract the parameters if specified */
+    if(!result) {
+      const char *params = imap->custom;
+
+      while(*params && *params != ' ')
+        params++;
+
+      if(*params) {
+        imap->custom_params = strdup(params);
+        imap->custom[params - imap->custom] = '\0';
+
+        if(!imap->custom_params)
+          result = CURLE_OUT_OF_MEMORY;
+      }
+    }
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * imap_calc_sasl_details()
+ *
+ * Calculate the required login details for SASL authentication.
+ */
+static CURLcode imap_calc_sasl_details(struct connectdata *conn,
+                                       const char **mech,
+                                       char **initresp, size_t *len,
+                                       imapstate *state1, imapstate *state2)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct imap_conn *imapc = &conn->proto.imapc;
+
+  /* Calculate the supported authentication mechanism, by decreasing order of
+     security, as well as the initial response where appropriate */
+#if defined(USE_WINDOWS_SSPI)
+    if((imapc->authmechs & SASL_MECH_GSSAPI) &&
+       (imapc->prefmech & SASL_MECH_GSSAPI)) {
+    imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
+
+    *mech = SASL_MECH_STRING_GSSAPI;
+    *state1 = IMAP_AUTHENTICATE_GSSAPI;
+    *state2 = IMAP_AUTHENTICATE_GSSAPI_TOKEN;
+    imapc->authused = SASL_MECH_GSSAPI;
+
+    if(imapc->ir_supported || data->set.sasl_ir)
+      result = Curl_sasl_create_gssapi_user_message(data, conn->user,
+                                                    conn->passwd, "imap",
+                                                    imapc->mutual_auth,
+                                                    NULL, &conn->krb5,
+                                                    initresp, len);
+  }
+  else
+#endif
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+  if((imapc->authmechs & SASL_MECH_DIGEST_MD5) &&
+     (imapc->prefmech & SASL_MECH_DIGEST_MD5)) {
+    *mech = SASL_MECH_STRING_DIGEST_MD5;
+    *state1 = IMAP_AUTHENTICATE_DIGESTMD5;
+    imapc->authused = SASL_MECH_DIGEST_MD5;
+  }
+  else if((imapc->authmechs & SASL_MECH_CRAM_MD5) &&
+          (imapc->prefmech & SASL_MECH_CRAM_MD5)) {
+    *mech = SASL_MECH_STRING_CRAM_MD5;
+    *state1 = IMAP_AUTHENTICATE_CRAMMD5;
+    imapc->authused = SASL_MECH_CRAM_MD5;
+  }
+  else
+#endif
+#ifdef USE_NTLM
+    if((imapc->authmechs & SASL_MECH_NTLM) &&
+       (imapc->prefmech & SASL_MECH_NTLM)) {
+    *mech = SASL_MECH_STRING_NTLM;
+    *state1 = IMAP_AUTHENTICATE_NTLM;
+    *state2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG;
+    imapc->authused = SASL_MECH_NTLM;
+
+    if(imapc->ir_supported || data->set.sasl_ir)
+      result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
+                                                   &conn->ntlm,
+                                                   initresp, len);
+  }
+  else
+#endif
+  if(((imapc->authmechs & SASL_MECH_XOAUTH2) &&
+      (imapc->prefmech & SASL_MECH_XOAUTH2) &&
+      (imapc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
+    *mech = SASL_MECH_STRING_XOAUTH2;
+    *state1 = IMAP_AUTHENTICATE_XOAUTH2;
+    *state2 = IMAP_AUTHENTICATE_FINAL;
+    imapc->authused = SASL_MECH_XOAUTH2;
+
+    if(imapc->ir_supported || data->set.sasl_ir)
+      result = Curl_sasl_create_xoauth2_message(data, conn->user,
+                                                conn->xoauth2_bearer,
+                                                initresp, len);
+  }
+  else if((imapc->authmechs & SASL_MECH_LOGIN) &&
+          (imapc->prefmech & SASL_MECH_LOGIN)) {
+    *mech = SASL_MECH_STRING_LOGIN;
+    *state1 = IMAP_AUTHENTICATE_LOGIN;
+    *state2 = IMAP_AUTHENTICATE_LOGIN_PASSWD;
+    imapc->authused = SASL_MECH_LOGIN;
+
+    if(imapc->ir_supported || data->set.sasl_ir)
+      result = Curl_sasl_create_login_message(data, conn->user, initresp, len);
+  }
+  else if((imapc->authmechs & SASL_MECH_PLAIN) &&
+          (imapc->prefmech & SASL_MECH_PLAIN)) {
+    *mech = SASL_MECH_STRING_PLAIN;
+    *state1 = IMAP_AUTHENTICATE_PLAIN;
+    *state2 = IMAP_AUTHENTICATE_FINAL;
+    imapc->authused = SASL_MECH_PLAIN;
+
+    if(imapc->ir_supported || data->set.sasl_ir)
+      result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
+                                              initresp, len);
+  }
+
+  return result;
+}
+
+#endif /* CURL_DISABLE_IMAP */
diff --git a/Utilities/cmcurl/lib/imap.h b/Utilities/cmcurl/lib/imap.h
new file mode 100644
index 0000000..768fc4b
--- /dev/null
+++ b/Utilities/cmcurl/lib/imap.h
@@ -0,0 +1,111 @@
+#ifndef HEADER_CURL_IMAP_H
+#define HEADER_CURL_IMAP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2009 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "pingpong.h"
+
+/****************************************************************************
+ * IMAP unique setup
+ ***************************************************************************/
+typedef enum {
+  IMAP_STOP,         /* do nothing state, stops the state machine */
+  IMAP_SERVERGREET,  /* waiting for the initial greeting immediately after
+                        a connect */
+  IMAP_CAPABILITY,
+  IMAP_STARTTLS,
+  IMAP_UPGRADETLS,   /* asynchronously upgrade the connection to SSL/TLS
+                       (multi mode only) */
+  IMAP_AUTHENTICATE_PLAIN,
+  IMAP_AUTHENTICATE_LOGIN,
+  IMAP_AUTHENTICATE_LOGIN_PASSWD,
+  IMAP_AUTHENTICATE_CRAMMD5,
+  IMAP_AUTHENTICATE_DIGESTMD5,
+  IMAP_AUTHENTICATE_DIGESTMD5_RESP,
+  IMAP_AUTHENTICATE_NTLM,
+  IMAP_AUTHENTICATE_NTLM_TYPE2MSG,
+  IMAP_AUTHENTICATE_GSSAPI,
+  IMAP_AUTHENTICATE_GSSAPI_TOKEN,
+  IMAP_AUTHENTICATE_GSSAPI_NO_DATA,
+  IMAP_AUTHENTICATE_XOAUTH2,
+  IMAP_AUTHENTICATE_CANCEL,
+  IMAP_AUTHENTICATE_FINAL,
+  IMAP_LOGIN,
+  IMAP_LIST,
+  IMAP_SELECT,
+  IMAP_FETCH,
+  IMAP_FETCH_FINAL,
+  IMAP_APPEND,
+  IMAP_APPEND_FINAL,
+  IMAP_SEARCH,
+  IMAP_LOGOUT,
+  IMAP_LAST          /* never used */
+} imapstate;
+
+/* This IMAP struct is used in the SessionHandle. All IMAP data that is
+   connection-oriented must be in imap_conn to properly deal with the fact that
+   perhaps the SessionHandle is changed between the times the connection is
+   used. */
+struct IMAP {
+  curl_pp_transfer transfer;
+  char *mailbox;          /* Mailbox to select */
+  char *uidvalidity;      /* UIDVALIDITY to check in select */
+  char *uid;              /* Message UID to fetch */
+  char *section;          /* Message SECTION to fetch */
+  char *partial;          /* Message PARTIAL to fetch */
+  char *query;            /* Query to search for */
+  char *custom;           /* Custom request */
+  char *custom_params;    /* Parameters for the custom request */
+};
+
+/* imap_conn is used for struct connection-oriented data in the connectdata
+   struct */
+struct imap_conn {
+  struct pingpong pp;
+  imapstate state;            /* Always use imap.c:state() to change state! */
+  bool ssldone;               /* Is connect() over SSL done? */
+  unsigned int authmechs;     /* Accepted authentication mechanisms */
+  unsigned int preftype;      /* Preferred authentication type */
+  unsigned int prefmech;      /* Preferred authentication mechanism */
+  unsigned int authused;      /* Auth mechanism used for the connection */
+  int cmdid;                  /* Last used command ID */
+  char resptag[5];            /* Response tag to wait for */
+  bool tls_supported;         /* StartTLS capability supported by server */
+  bool login_disabled;        /* LOGIN command disabled by server */
+  bool ir_supported;          /* Initial response supported by server */
+  bool mutual_auth;           /* Mutual authentication enabled (GSSAPI only) */
+  char *mailbox;              /* The last selected mailbox */
+  char *mailbox_uidvalidity;  /* UIDVALIDITY parsed from select response */
+};
+
+extern const struct Curl_handler Curl_handler_imap;
+extern const struct Curl_handler Curl_handler_imaps;
+
+/* Authentication type flags */
+#define IMAP_TYPE_CLEARTEXT (1 << 0)
+#define IMAP_TYPE_SASL      (1 << 1)
+
+/* Authentication type values */
+#define IMAP_TYPE_NONE      0
+#define IMAP_TYPE_ANY       ~0U
+
+#endif /* HEADER_CURL_IMAP_H */
diff --git a/Utilities/cmcurl/inet_ntop.c b/Utilities/cmcurl/lib/inet_ntop.c
index 9381963..c327150 100644
--- a/Utilities/cmcurl/inet_ntop.c
+++ b/Utilities/cmcurl/lib/inet_ntop.c
@@ -18,50 +18,29 @@
  * Original code by Paul Vixie. "curlified" by Gisle Vanem.
  */
 
-#include "setup.h"
+#include "curl_setup.h"
 
 #ifndef HAVE_INET_NTOP
 
 #ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
 #endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#include <string.h>
-#include <errno.h>
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
 #include "inet_ntop.h"
 
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-/* this platform has a inet_ntoa_r() function, but no proto declared anywhere
-   so we include our own proto to make compilers happy */
-#include "inet_ntoa_r.h"
-#endif
-
 #define IN6ADDRSZ       16
 #define INADDRSZ         4
 #define INT16SZ          2
 
-#ifdef USE_WINSOCK
-#define EAFNOSUPPORT    WSAEAFNOSUPPORT
-#define SET_ERRNO(e)    WSASetLastError(errno = (e))
-#else
-#define SET_ERRNO(e)    errno = e
-#endif
-
 /*
  * Format an IPv4 address, more or less like inet_ntoa().
  *
@@ -72,25 +51,25 @@
  */
 static char *inet_ntop4 (const unsigned char *src, char *dst, size_t size)
 {
-#if defined(HAVE_INET_NTOA_R_2_ARGS)
-  const char *ptr;
-  curlassert(size >= 16);
-  ptr = inet_ntoa_r(*(struct in_addr*)src, dst);
-  return (char *)memmove(dst, ptr, strlen(ptr)+1);
+  char tmp[sizeof "255.255.255.255"];
+  size_t len;
 
-#elif defined(HAVE_INET_NTOA_R)
-  return inet_ntoa_r(*(struct in_addr*)src, dst, size);
+  DEBUGASSERT(size >= 16);
 
-#else
-  const char *addr = inet_ntoa(*(struct in_addr*)src);
+  tmp[0] = '\0';
+  (void)snprintf(tmp, sizeof(tmp), "%d.%d.%d.%d",
+          ((int)((unsigned char)src[0])) & 0xff,
+          ((int)((unsigned char)src[1])) & 0xff,
+          ((int)((unsigned char)src[2])) & 0xff,
+          ((int)((unsigned char)src[3])) & 0xff);
 
-  if (strlen(addr) >= size)
-  {
+  len = strlen(tmp);
+  if(len == 0 || len >= size) {
     SET_ERRNO(ENOSPC);
     return (NULL);
   }
-  return strcpy(dst, addr);
-#endif
+  strcpy(dst, tmp);
+  return dst;
 }
 
 #ifdef ENABLE_IPV6
@@ -120,61 +99,51 @@ static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size)
    *  Find the longest run of 0x00's in src[] for :: shorthanding.
    */
   memset(words, '\0', sizeof(words));
-  for (i = 0; i < IN6ADDRSZ; i++)
-      words[i/2] |= (src[i] << ((1 - (i % 2)) << 3));
+  for(i = 0; i < IN6ADDRSZ; i++)
+    words[i/2] |= (src[i] << ((1 - (i % 2)) << 3));
 
   best.base = -1;
   cur.base  = -1;
   best.len = 0;
   cur.len = 0;
 
-  for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++)
-  {
-    if (words[i] == 0)
-    {
-      if (cur.base == -1)
+  for(i = 0; i < (IN6ADDRSZ / INT16SZ); i++) {
+    if(words[i] == 0) {
+      if(cur.base == -1)
         cur.base = i, cur.len = 1;
       else
         cur.len++;
     }
-    else if (cur.base != -1)
-    {
-      if (best.base == -1 || cur.len > best.len)
-         best = cur;
+    else if(cur.base != -1) {
+      if(best.base == -1 || cur.len > best.len)
+        best = cur;
       cur.base = -1;
     }
   }
-  if ((cur.base != -1) && (best.base == -1 || cur.len > best.len))
-     best = cur;
-  if (best.base != -1 && best.len < 2)
-     best.base = -1;
-
-  /* Format the result.
-   */
+  if((cur.base != -1) && (best.base == -1 || cur.len > best.len))
+    best = cur;
+  if(best.base != -1 && best.len < 2)
+    best.base = -1;
+  /* Format the result. */
   tp = tmp;
-  for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++)
-  {
-    /* Are we inside the best run of 0x00's?
-     */
-    if (best.base != -1 && i >= best.base && i < (best.base + best.len))
-    {
-      if (i == best.base)
-         *tp++ = ':';
+  for(i = 0; i < (IN6ADDRSZ / INT16SZ); i++) {
+    /* Are we inside the best run of 0x00's? */
+    if(best.base != -1 && i >= best.base && i < (best.base + best.len)) {
+      if(i == best.base)
+        *tp++ = ':';
       continue;
     }
 
     /* Are we following an initial run of 0x00s or any real hex?
      */
-    if (i != 0)
-       *tp++ = ':';
+    if(i != 0)
+      *tp++ = ':';
 
     /* Is this address an encapsulated IPv4?
      */
-    if (i == 6 && best.base == 0 &&
-        (best.len == 6 || (best.len == 5 && words[5] == 0xffff)))
-    {
-      if (!inet_ntop4(src+12, tp, sizeof(tmp) - (tp - tmp)))
-      {
+    if(i == 6 && best.base == 0 &&
+        (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
+      if(!inet_ntop4(src+12, tp, sizeof(tmp) - (tp - tmp))) {
         SET_ERRNO(ENOSPC);
         return (NULL);
       }
@@ -186,26 +155,32 @@ static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size)
 
   /* Was it a trailing run of 0x00's?
    */
-  if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ))
+  if(best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ))
      *tp++ = ':';
   *tp++ = '\0';
 
   /* Check for overflow, copy, and we're done.
    */
-  if ((size_t)(tp - tmp) > size)
-  {
+  if((size_t)(tp - tmp) > size) {
     SET_ERRNO(ENOSPC);
     return (NULL);
   }
-  return strcpy (dst, tmp);
+  strcpy(dst, tmp);
+  return dst;
 }
 #endif  /* ENABLE_IPV6 */
 
 /*
  * Convert a network format address to presentation format.
  *
- * Returns pointer to presentation format address (`buf'),
- * Returns NULL on error (see errno).
+ * Returns pointer to presentation format address (`buf').
+ * Returns NULL on error and errno set with the specific
+ * error, EAFNOSUPPORT or ENOSPC.
+ *
+ * On Windows we store the error in the thread errno, not
+ * in the winsock error code. This is to avoid losing the
+ * actual last winsock error. So use macro ERRNO to fetch the
+ * errno this function sets when returning NULL, not SOCKERRNO.
  */
 char *Curl_inet_ntop(int af, const void *src, char *buf, size_t size)
 {
diff --git a/Utilities/cmcurl/inet_ntop.h b/Utilities/cmcurl/lib/inet_ntop.h
index 54d64bd..db28ed8 100644
--- a/Utilities/cmcurl/inet_ntop.h
+++ b/Utilities/cmcurl/lib/inet_ntop.h
@@ -1,5 +1,5 @@
-#ifndef __INET_NTOP_H
-#define __INET_NTOP_H
+#ifndef HEADER_CURL_INET_NTOP_H
+#define HEADER_CURL_INET_NTOP_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,10 +20,9 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
 char *Curl_inet_ntop(int af, const void *addr, char *buf, size_t size);
 
@@ -31,7 +30,9 @@ char *Curl_inet_ntop(int af, const void *addr, char *buf, size_t size);
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#define Curl_inet_ntop(af,addr,buf,size) inet_ntop(af,addr,buf,size)
+#define Curl_inet_ntop(af,addr,buf,size) \
+        inet_ntop(af,addr,buf,(curl_socklen_t)size)
 #endif
 
-#endif /* __INET_NTOP_H */
+#endif /* HEADER_CURL_INET_NTOP_H */
+
diff --git a/Utilities/cmcurl/inet_pton.c b/Utilities/cmcurl/lib/inet_pton.c
index 9b9f88b..f50b365 100644
--- a/Utilities/cmcurl/inet_pton.c
+++ b/Utilities/cmcurl/lib/inet_pton.c
@@ -16,27 +16,19 @@
  * SOFTWARE.
  */
 
-#include "setup.h"
+#include "curl_setup.h"
 
 #ifndef HAVE_INET_PTON
 
 #ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
 #endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#include <string.h>
-#include <errno.h>
 
 #include "inet_pton.h"
 
@@ -44,10 +36,6 @@
 #define INADDRSZ         4
 #define INT16SZ          2
 
-#ifdef USE_WINSOCK
-#define EAFNOSUPPORT    WSAEAFNOSUPPORT
-#endif
-
 /*
  * WARNING: Don't even consider trying to compile this on a system where
  * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
@@ -66,6 +54,11 @@ static int      inet_pton6(const char *src, unsigned char *dst);
  *      1 if the address was valid for the specified address family
  *      0 if the address wasn't valid (`dst' is untouched in this case)
  *      -1 if some other error occurred (`dst' is untouched in this case, too)
+ * notice:
+ *      On Windows we store the error in the thread errno, not
+ *      in the winsock error code. This is to avoid losing the
+ *      actual last winsock error. So use macro ERRNO to fetch the
+ *      errno this function sets when returning (-1), not SOCKERRNO.
  * author:
  *      Paul Vixie, 1996.
  */
@@ -76,14 +69,11 @@ Curl_inet_pton(int af, const char *src, void *dst)
   case AF_INET:
     return (inet_pton4(src, (unsigned char *)dst));
 #ifdef ENABLE_IPV6
-#ifndef AF_INET6
-#define AF_INET6        (AF_MAX+1)        /* just to let this compile */
-#endif
   case AF_INET6:
     return (inet_pton6(src, (unsigned char *)dst));
 #endif
   default:
-    errno = EAFNOSUPPORT;
+    SET_ERRNO(EAFNOSUPPORT);
     return (-1);
   }
   /* NOTREACHED */
@@ -110,31 +100,34 @@ inet_pton4(const char *src, unsigned char *dst)
   octets = 0;
   tp = tmp;
   *tp = 0;
-  while ((ch = *src++) != '\0') {
+  while((ch = *src++) != '\0') {
     const char *pch;
 
-    if ((pch = strchr(digits, ch)) != NULL) {
+    if((pch = strchr(digits, ch)) != NULL) {
       unsigned int val = *tp * 10 + (unsigned int)(pch - digits);
 
-      if (val > 255)
+      if(saw_digit && *tp == 0)
+        return (0);
+      if(val > 255)
         return (0);
-      *tp = val;
-      if (! saw_digit) {
-        if (++octets > 4)
+      *tp = (unsigned char)val;
+      if(! saw_digit) {
+        if(++octets > 4)
           return (0);
         saw_digit = 1;
       }
-    } else if (ch == '.' && saw_digit) {
-      if (octets == 4)
+    }
+    else if(ch == '.' && saw_digit) {
+      if(octets == 4)
         return (0);
       *++tp = 0;
       saw_digit = 0;
-    } else
+    }
+    else
       return (0);
   }
-  if (octets < 4)
+  if(octets < 4)
     return (0);
-  /* bcopy(tmp, dst, INADDRSZ); */
   memcpy(dst, tmp, INADDRSZ);
   return (1);
 }
@@ -161,40 +154,39 @@ inet_pton6(const char *src, unsigned char *dst)
   unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
   const char *xdigits, *curtok;
   int ch, saw_xdigit;
-  unsigned int val;
+  size_t val;
 
   memset((tp = tmp), 0, IN6ADDRSZ);
   endp = tp + IN6ADDRSZ;
   colonp = NULL;
   /* Leading :: requires some special handling. */
-  if (*src == ':')
-    if (*++src != ':')
+  if(*src == ':')
+    if(*++src != ':')
       return (0);
   curtok = src;
   saw_xdigit = 0;
   val = 0;
-  while ((ch = *src++) != '\0') {
+  while((ch = *src++) != '\0') {
     const char *pch;
 
-    if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+    if((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
       pch = strchr((xdigits = xdigits_u), ch);
-    if (pch != NULL) {
+    if(pch != NULL) {
       val <<= 4;
       val |= (pch - xdigits);
-      if (val > 0xffff)
+      if(++saw_xdigit > 4)
         return (0);
-      saw_xdigit = 1;
       continue;
     }
-    if (ch == ':') {
+    if(ch == ':') {
       curtok = src;
-      if (!saw_xdigit) {
-        if (colonp)
+      if(!saw_xdigit) {
+        if(colonp)
           return (0);
         colonp = tp;
         continue;
       }
-      if (tp + INT16SZ > endp)
+      if(tp + INT16SZ > endp)
         return (0);
       *tp++ = (unsigned char) (val >> 8) & 0xff;
       *tp++ = (unsigned char) val & 0xff;
@@ -202,7 +194,7 @@ inet_pton6(const char *src, unsigned char *dst)
       val = 0;
       continue;
     }
-    if (ch == '.' && ((tp + INADDRSZ) <= endp) &&
+    if(ch == '.' && ((tp + INADDRSZ) <= endp) &&
         inet_pton4(curtok, tp) > 0) {
       tp += INADDRSZ;
       saw_xdigit = 0;
@@ -210,29 +202,30 @@ inet_pton6(const char *src, unsigned char *dst)
     }
     return (0);
   }
-  if (saw_xdigit) {
-    if (tp + INT16SZ > endp)
+  if(saw_xdigit) {
+    if(tp + INT16SZ > endp)
       return (0);
     *tp++ = (unsigned char) (val >> 8) & 0xff;
     *tp++ = (unsigned char) val & 0xff;
   }
-  if (colonp != NULL) {
+  if(colonp != NULL) {
     /*
      * Since some memmove()'s erroneously fail to handle
      * overlapping regions, we'll do the shift by hand.
      */
-    const int n = tp - colonp;
-    int i;
+    const ssize_t n = tp - colonp;
+    ssize_t i;
 
-    for (i = 1; i <= n; i++) {
-      endp[- i] = colonp[n - i];
-      colonp[n - i] = 0;
+    if(tp == endp)
+      return (0);
+    for(i = 1; i <= n; i++) {
+      *(endp - i) = *(colonp + n - i);
+      *(colonp + n - i) = 0;
     }
     tp = endp;
   }
-  if (tp != endp)
+  if(tp != endp)
     return (0);
-  /* bcopy(tmp, dst, IN6ADDRSZ); */
   memcpy(dst, tmp, IN6ADDRSZ);
   return (1);
 }
diff --git a/Utilities/cmcurl/inet_pton.h b/Utilities/cmcurl/lib/inet_pton.h
index a659a97..43c5491 100644
--- a/Utilities/cmcurl/inet_pton.h
+++ b/Utilities/cmcurl/lib/inet_pton.h
@@ -1,5 +1,5 @@
-#ifndef __INET_PTON_H
-#define __INET_PTON_H
+#ifndef HEADER_CURL_INET_PTON_H
+#define HEADER_CURL_INET_PTON_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -20,23 +20,18 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
 int Curl_inet_pton(int, const char *, void *);
 
 #ifdef HAVE_INET_PTON
-
-#if defined(HAVE_NO_INET_PTON_PROTO)
-int inet_pton(int af, const char *src, void *dst);
-#endif
-
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
 #define Curl_inet_pton(x,y,z) inet_pton(x,y,z)
 #endif
 
-#endif /* __INET_PTON_H */
+#endif /* HEADER_CURL_INET_PTON_H */
+
diff --git a/Utilities/cmcurl/lib/krb5.c b/Utilities/cmcurl/lib/krb5.c
new file mode 100644
index 0000000..7e82a68
--- /dev/null
+++ b/Utilities/cmcurl/lib/krb5.c
@@ -0,0 +1,342 @@
+/* GSSAPI/krb5 support for FTP - loosely based on old krb4.c
+ *
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999, 2013 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * Copyright (c) 2004 - 2012 Daniel Stenberg
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.  */
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_FTP
+#ifdef HAVE_GSSAPI
+
+#ifdef HAVE_OLD_GSSMIT
+#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
+#define NCOMPAT 1
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#include "urldata.h"
+#include "curl_base64.h"
+#include "ftp.h"
+#include "curl_gssapi.h"
+#include "sendf.h"
+#include "curl_sec.h"
+#include "curl_memory.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#define LOCAL_ADDR (&conn->local_addr)
+#define REMOTE_ADDR conn->ip_addr->ai_addr
+
+static int
+krb5_init(void *app_data)
+{
+  gss_ctx_id_t *context = app_data;
+  /* Make sure our context is initialized for krb5_end. */
+  *context = GSS_C_NO_CONTEXT;
+  return 0;
+}
+
+static int
+krb5_check_prot(void *app_data, int level)
+{
+  (void)app_data; /* unused */
+  if(level == PROT_CONFIDENTIAL)
+    return -1;
+  return 0;
+}
+
+static int
+krb5_decode(void *app_data, void *buf, int len,
+            int level UNUSED_PARAM,
+            struct connectdata *conn UNUSED_PARAM)
+{
+  gss_ctx_id_t *context = app_data;
+  OM_uint32 maj, min;
+  gss_buffer_desc enc, dec;
+
+  (void)level;
+  (void)conn;
+
+  enc.value = buf;
+  enc.length = len;
+  maj = gss_unseal(&min, *context, &enc, &dec, NULL, NULL);
+  if(maj != GSS_S_COMPLETE) {
+    if(len >= 4)
+      strcpy(buf, "599 ");
+    return -1;
+  }
+
+  memcpy(buf, dec.value, dec.length);
+  len = curlx_uztosi(dec.length);
+  gss_release_buffer(&min, &dec);
+
+  return len;
+}
+
+static int
+krb5_overhead(void *app_data, int level, int len)
+{
+  /* no arguments are used */
+  (void)app_data;
+  (void)level;
+  (void)len;
+  return 0;
+}
+
+static int
+krb5_encode(void *app_data, const void *from, int length, int level, void **to,
+            struct connectdata *conn UNUSED_PARAM)
+{
+  gss_ctx_id_t *context = app_data;
+  gss_buffer_desc dec, enc;
+  OM_uint32 maj, min;
+  int state;
+  int len;
+
+  /* shut gcc up */
+  conn = NULL;
+
+  /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal
+   * libraries modify the input buffer in gss_seal()
+   */
+  dec.value = (void*)from;
+  dec.length = length;
+  maj = gss_seal(&min, *context,
+                 level == PROT_PRIVATE,
+                 GSS_C_QOP_DEFAULT,
+                 &dec, &state, &enc);
+
+  if(maj != GSS_S_COMPLETE)
+    return -1;
+
+  /* malloc a new buffer, in case gss_release_buffer doesn't work as
+     expected */
+  *to = malloc(enc.length);
+  if(!*to)
+    return -1;
+  memcpy(*to, enc.value, enc.length);
+  len = curlx_uztosi(enc.length);
+  gss_release_buffer(&min, &enc);
+  return len;
+}
+
+static int
+krb5_auth(void *app_data, struct connectdata *conn)
+{
+  int ret = AUTH_OK;
+  char *p;
+  const char *host = conn->host.name;
+  ssize_t nread;
+  curl_socklen_t l = sizeof(conn->local_addr);
+  struct SessionHandle *data = conn->data;
+  CURLcode result;
+  const char *service = "ftp", *srv_host = "host";
+  gss_buffer_desc input_buffer, output_buffer, _gssresp, *gssresp;
+  OM_uint32 maj, min;
+  gss_name_t gssname;
+  gss_ctx_id_t *context = app_data;
+  struct gss_channel_bindings_struct chan;
+  size_t base64_sz = 0;
+
+  if(getsockname(conn->sock[FIRSTSOCKET],
+                 (struct sockaddr *)LOCAL_ADDR, &l) < 0)
+    perror("getsockname()");
+
+  chan.initiator_addrtype = GSS_C_AF_INET;
+  chan.initiator_address.length = l - 4;
+  chan.initiator_address.value =
+    &((struct sockaddr_in *)LOCAL_ADDR)->sin_addr.s_addr;
+  chan.acceptor_addrtype = GSS_C_AF_INET;
+  chan.acceptor_address.length = l - 4;
+  chan.acceptor_address.value =
+    &((struct sockaddr_in *)REMOTE_ADDR)->sin_addr.s_addr;
+  chan.application_data.length = 0;
+  chan.application_data.value = NULL;
+
+  /* this loop will execute twice (once for service, once for host) */
+  for(;;) {
+    /* this really shouldn't be repeated here, but can't help it */
+    if(service == srv_host) {
+      result = Curl_ftpsendf(conn, "AUTH GSSAPI");
+
+      if(result)
+        return -2;
+      if(Curl_GetFTPResponse(&nread, conn, NULL))
+        return -1;
+
+      if(data->state.buffer[0] != '3')
+        return -1;
+    }
+
+    input_buffer.value = data->state.buffer;
+    input_buffer.length = snprintf(input_buffer.value, BUFSIZE, "%s@%s",
+                                   service, host);
+    maj = gss_import_name(&min, &input_buffer, GSS_C_NT_HOSTBASED_SERVICE,
+                          &gssname);
+    if(maj != GSS_S_COMPLETE) {
+      gss_release_name(&min, &gssname);
+      if(service == srv_host) {
+        Curl_failf(data, "Error importing service name %s",
+                   input_buffer.value);
+        return AUTH_ERROR;
+      }
+      service = srv_host;
+      continue;
+    }
+    /* We pass NULL as |output_name_type| to avoid a leak. */
+    gss_display_name(&min, gssname, &output_buffer, NULL);
+    Curl_infof(data, "Trying against %s\n", output_buffer.value);
+    gssresp = GSS_C_NO_BUFFER;
+    *context = GSS_C_NO_CONTEXT;
+
+    do {
+      /* Release the buffer at each iteration to avoid leaking: the first time
+         we are releasing the memory from gss_display_name. The last item is
+         taken care by a final gss_release_buffer. */
+      gss_release_buffer(&min, &output_buffer);
+      ret = AUTH_OK;
+      maj = Curl_gss_init_sec_context(data,
+                                      &min,
+                                      context,
+                                      gssname,
+                                      &Curl_krb5_mech_oid,
+                                      &chan,
+                                      gssresp,
+                                      &output_buffer,
+                                      NULL);
+
+      if(gssresp) {
+        free(_gssresp.value);
+        gssresp = NULL;
+      }
+
+      if(GSS_ERROR(maj)) {
+        Curl_infof(data, "Error creating security context\n");
+        ret = AUTH_ERROR;
+        break;
+      }
+
+      if(output_buffer.length != 0) {
+        result = Curl_base64_encode(data, (char *)output_buffer.value,
+                                    output_buffer.length, &p, &base64_sz);
+        if(result) {
+          Curl_infof(data,"base64-encoding: %s\n", curl_easy_strerror(result));
+          ret = AUTH_CONTINUE;
+          break;
+        }
+
+        result = Curl_ftpsendf(conn, "ADAT %s", p);
+
+        free(p);
+
+        if(result) {
+          ret = -2;
+          break;
+        }
+
+        if(Curl_GetFTPResponse(&nread, conn, NULL)) {
+          ret = -1;
+          break;
+        }
+
+        if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3') {
+          Curl_infof(data, "Server didn't accept auth data\n");
+          ret = AUTH_ERROR;
+          break;
+        }
+
+        p = data->state.buffer + 4;
+        p = strstr(p, "ADAT=");
+        if(p) {
+          result = Curl_base64_decode(p + 5,
+                                      (unsigned char **)&_gssresp.value,
+                                      &_gssresp.length);
+          if(result) {
+            Curl_failf(data,"base64-decoding: %s", curl_easy_strerror(result));
+            ret = AUTH_CONTINUE;
+            break;
+          }
+        }
+
+        gssresp = &_gssresp;
+      }
+    } while(maj == GSS_S_CONTINUE_NEEDED);
+
+    gss_release_name(&min, &gssname);
+    gss_release_buffer(&min, &output_buffer);
+
+    if(gssresp)
+      free(_gssresp.value);
+
+    if(ret == AUTH_OK || service == srv_host)
+      return ret;
+
+    service = srv_host;
+  }
+  return ret;
+}
+
+static void krb5_end(void *app_data)
+{
+    OM_uint32 min;
+    gss_ctx_id_t *context = app_data;
+    if(*context != GSS_C_NO_CONTEXT) {
+#ifdef DEBUGBUILD
+      OM_uint32 maj =
+#endif
+      gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
+      DEBUGASSERT(maj == GSS_S_COMPLETE);
+    }
+}
+
+struct Curl_sec_client_mech Curl_krb5_client_mech = {
+    "GSSAPI",
+    sizeof(gss_ctx_id_t),
+    krb5_init,
+    krb5_auth,
+    krb5_end,
+    krb5_check_prot,
+    krb5_overhead,
+    krb5_encode,
+    krb5_decode
+};
+
+#endif /* HAVE_GSSAPI */
+#endif /* CURL_DISABLE_FTP */
diff --git a/Utilities/cmcurl/lib/ldap.c b/Utilities/cmcurl/lib/ldap.c
new file mode 100644
index 0000000..ae48448
--- /dev/null
+++ b/Utilities/cmcurl/lib/ldap.c
@@ -0,0 +1,709 @@
+/***************************************************************************
+ *                      _   _ ____  _
+ *  Project         ___| | | |  _ \| |
+ *                 / __| | | | |_) | |
+ *                | (__| |_| |  _ <| |___
+ *                 \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_LDAP) && !defined(USE_OPENLDAP)
+
+/*
+ * Notice that USE_OPENLDAP is only a source code selection switch. When
+ * libcurl is built with USE_OPENLDAP defined the libcurl source code that
+ * gets compiled is the code from openldap.c, otherwise the code that gets
+ * compiled is the code from ldap.c.
+ *
+ * When USE_OPENLDAP is defined a recent version of the OpenLDAP library
+ * might be required for compilation and runtime. In order to use ancient
+ * OpenLDAP library versions, USE_OPENLDAP shall not be defined.
+ */
+
+#ifdef CURL_LDAP_WIN            /* Use Windows LDAP implementation. */
+# include <winldap.h>
+# ifndef LDAP_VENDOR_NAME
+#  error Your Platform SDK is NOT sufficient for LDAP support! \
+         Update your Platform SDK, or disable LDAP support!
+# else
+#  include <winber.h>
+# endif
+#else
+# define LDAP_DEPRECATED 1      /* Be sure ldap_init() is defined. */
+# ifdef HAVE_LBER_H
+#  include <lber.h>
+# endif
+# include <ldap.h>
+# if (defined(HAVE_LDAP_SSL) && defined(HAVE_LDAP_SSL_H))
+#  include <ldap_ssl.h>
+# endif /* HAVE_LDAP_SSL && HAVE_LDAP_SSL_H */
+#endif
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "sendf.h"
+#include "escape.h"
+#include "progress.h"
+#include "transfer.h"
+#include "strequal.h"
+#include "strtok.h"
+#include "curl_ldap.h"
+#include "curl_memory.h"
+#include "curl_base64.h"
+#include "rawstr.h"
+#include "connect.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "memdebug.h"
+
+#ifndef HAVE_LDAP_URL_PARSE
+
+/* Use our own implementation. */
+
+typedef struct {
+  char   *lud_host;
+  int     lud_port;
+  char   *lud_dn;
+  char  **lud_attrs;
+  int     lud_scope;
+  char   *lud_filter;
+  char  **lud_exts;
+  size_t    lud_attrs_dups; /* how many were dup'ed, this field is not in the
+                               "real" struct so can only be used in code
+                               without HAVE_LDAP_URL_PARSE defined */
+} CURL_LDAPURLDesc;
+
+#undef LDAPURLDesc
+#define LDAPURLDesc             CURL_LDAPURLDesc
+
+static int  _ldap_url_parse (const struct connectdata *conn,
+                             LDAPURLDesc **ludp);
+static void _ldap_free_urldesc (LDAPURLDesc *ludp);
+
+#undef ldap_free_urldesc
+#define ldap_free_urldesc       _ldap_free_urldesc
+#endif
+
+#ifdef DEBUG_LDAP
+  #define LDAP_TRACE(x)   do { \
+                            _ldap_trace ("%u: ", __LINE__); \
+                            _ldap_trace x; \
+                          } WHILE_FALSE
+
+  static void _ldap_trace (const char *fmt, ...);
+#else
+  #define LDAP_TRACE(x)   Curl_nop_stmt
+#endif
+
+
+static CURLcode Curl_ldap(struct connectdata *conn, bool *done);
+
+/*
+ * LDAP protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_ldap = {
+  "LDAP",                               /* scheme */
+  ZERO_NULL,                            /* setup_connection */
+  Curl_ldap,                            /* do_it */
+  ZERO_NULL,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_LDAP,                            /* defport */
+  CURLPROTO_LDAP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+#ifdef HAVE_LDAP_SSL
+/*
+ * LDAPS protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_ldaps = {
+  "LDAPS",                              /* scheme */
+  ZERO_NULL,                            /* setup_connection */
+  Curl_ldap,                            /* do_it */
+  ZERO_NULL,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_LDAPS,                           /* defport */
+  CURLPROTO_LDAPS,                      /* protocol */
+  PROTOPT_SSL                           /* flags */
+};
+#endif
+
+
+static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
+{
+  CURLcode status = CURLE_OK;
+  int rc = 0;
+  LDAP *server = NULL;
+  LDAPURLDesc *ludp = NULL;
+  LDAPMessage *result = NULL;
+  LDAPMessage *entryIterator;
+  int num = 0;
+  struct SessionHandle *data=conn->data;
+  int ldap_proto = LDAP_VERSION3;
+  int ldap_ssl = 0;
+  char *val_b64 = NULL;
+  size_t val_b64_sz = 0;
+  curl_off_t dlsize = 0;
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+  struct timeval ldap_timeout = {10,0}; /* 10 sec connection/search timeout */
+#endif
+
+  *done = TRUE; /* unconditionally */
+  infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d\n",
+          LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION);
+  infof(data, "LDAP local: %s\n", data->change.url);
+
+#ifdef HAVE_LDAP_URL_PARSE
+  rc = ldap_url_parse(data->change.url, &ludp);
+#else
+  rc = _ldap_url_parse(conn, &ludp);
+#endif
+  if(rc != 0) {
+    failf(data, "LDAP local: %s", ldap_err2string(rc));
+    status = CURLE_LDAP_INVALID_URL;
+    goto quit;
+  }
+
+  /* Get the URL scheme ( either ldap or ldaps ) */
+  if(conn->given->flags & PROTOPT_SSL)
+    ldap_ssl = 1;
+  infof(data, "LDAP local: trying to establish %s connection\n",
+          ldap_ssl ? "encrypted" : "cleartext");
+
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+  ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
+#endif
+  ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
+
+  if(ldap_ssl) {
+#ifdef HAVE_LDAP_SSL
+#ifdef CURL_LDAP_WIN
+    /* Win32 LDAP SDK doesn't support insecure mode without CA! */
+    server = ldap_sslinit(conn->host.name, (int)conn->port, 1);
+    ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
+#else
+    int ldap_option;
+    char* ldap_ca = data->set.str[STRING_SSL_CAFILE];
+#if defined(CURL_HAS_NOVELL_LDAPSDK)
+    rc = ldapssl_client_init(NULL, NULL);
+    if(rc != LDAP_SUCCESS) {
+      failf(data, "LDAP local: ldapssl_client_init %s", ldap_err2string(rc));
+      status = CURLE_SSL_CERTPROBLEM;
+      goto quit;
+    }
+    if(data->set.ssl.verifypeer) {
+      /* Novell SDK supports DER or BASE64 files. */
+      int cert_type = LDAPSSL_CERT_FILETYPE_B64;
+      if((data->set.str[STRING_CERT_TYPE]) &&
+         (Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "DER")))
+        cert_type = LDAPSSL_CERT_FILETYPE_DER;
+      if(!ldap_ca) {
+        failf(data, "LDAP local: ERROR %s CA cert not set!",
+              (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"));
+        status = CURLE_SSL_CERTPROBLEM;
+        goto quit;
+      }
+      infof(data, "LDAP local: using %s CA cert '%s'\n",
+              (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
+              ldap_ca);
+      rc = ldapssl_add_trusted_cert(ldap_ca, cert_type);
+      if(rc != LDAP_SUCCESS) {
+        failf(data, "LDAP local: ERROR setting %s CA cert: %s",
+                (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
+                ldap_err2string(rc));
+        status = CURLE_SSL_CERTPROBLEM;
+        goto quit;
+      }
+      ldap_option = LDAPSSL_VERIFY_SERVER;
+    }
+    else
+      ldap_option = LDAPSSL_VERIFY_NONE;
+    rc = ldapssl_set_verify_mode(ldap_option);
+    if(rc != LDAP_SUCCESS) {
+      failf(data, "LDAP local: ERROR setting cert verify mode: %s",
+              ldap_err2string(rc));
+      status = CURLE_SSL_CERTPROBLEM;
+      goto quit;
+    }
+    server = ldapssl_init(conn->host.name, (int)conn->port, 1);
+    if(server == NULL) {
+      failf(data, "LDAP local: Cannot connect to %s:%ld",
+              conn->host.name, conn->port);
+      status = CURLE_COULDNT_CONNECT;
+      goto quit;
+    }
+#elif defined(LDAP_OPT_X_TLS)
+    if(data->set.ssl.verifypeer) {
+      /* OpenLDAP SDK supports BASE64 files. */
+      if((data->set.str[STRING_CERT_TYPE]) &&
+         (!Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "PEM"))) {
+        failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!");
+        status = CURLE_SSL_CERTPROBLEM;
+        goto quit;
+      }
+      if(!ldap_ca) {
+        failf(data, "LDAP local: ERROR PEM CA cert not set!");
+        status = CURLE_SSL_CERTPROBLEM;
+        goto quit;
+      }
+      infof(data, "LDAP local: using PEM CA cert: %s\n", ldap_ca);
+      rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca);
+      if(rc != LDAP_SUCCESS) {
+        failf(data, "LDAP local: ERROR setting PEM CA cert: %s",
+                ldap_err2string(rc));
+        status = CURLE_SSL_CERTPROBLEM;
+        goto quit;
+      }
+      ldap_option = LDAP_OPT_X_TLS_DEMAND;
+    }
+    else
+      ldap_option = LDAP_OPT_X_TLS_NEVER;
+
+    rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option);
+    if(rc != LDAP_SUCCESS) {
+      failf(data, "LDAP local: ERROR setting cert verify mode: %s",
+              ldap_err2string(rc));
+      status = CURLE_SSL_CERTPROBLEM;
+      goto quit;
+    }
+    server = ldap_init(conn->host.name, (int)conn->port);
+    if(server == NULL) {
+      failf(data, "LDAP local: Cannot connect to %s:%ld",
+              conn->host.name, conn->port);
+      status = CURLE_COULDNT_CONNECT;
+      goto quit;
+    }
+    ldap_option = LDAP_OPT_X_TLS_HARD;
+    rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option);
+    if(rc != LDAP_SUCCESS) {
+      failf(data, "LDAP local: ERROR setting SSL/TLS mode: %s",
+              ldap_err2string(rc));
+      status = CURLE_SSL_CERTPROBLEM;
+      goto quit;
+    }
+/*
+    rc = ldap_start_tls_s(server, NULL, NULL);
+    if(rc != LDAP_SUCCESS) {
+      failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s",
+              ldap_err2string(rc));
+      status = CURLE_SSL_CERTPROBLEM;
+      goto quit;
+    }
+*/
+#else
+    /* we should probably never come up to here since configure
+       should check in first place if we can support LDAP SSL/TLS */
+    failf(data, "LDAP local: SSL/TLS not supported with this version "
+            "of the OpenLDAP toolkit\n");
+    status = CURLE_SSL_CERTPROBLEM;
+    goto quit;
+#endif
+#endif
+#endif /* CURL_LDAP_USE_SSL */
+  }
+  else {
+    server = ldap_init(conn->host.name, (int)conn->port);
+    if(server == NULL) {
+      failf(data, "LDAP local: Cannot connect to %s:%ld",
+              conn->host.name, conn->port);
+      status = CURLE_COULDNT_CONNECT;
+      goto quit;
+    }
+  }
+#ifdef CURL_LDAP_WIN
+  ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
+#endif
+
+  rc = ldap_simple_bind_s(server,
+                          conn->bits.user_passwd ? conn->user : NULL,
+                          conn->bits.user_passwd ? conn->passwd : NULL);
+  if(!ldap_ssl && rc != 0) {
+    ldap_proto = LDAP_VERSION2;
+    ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
+    rc = ldap_simple_bind_s(server,
+                            conn->bits.user_passwd ? conn->user : NULL,
+                            conn->bits.user_passwd ? conn->passwd : NULL);
+  }
+  if(rc != 0) {
+    failf(data, "LDAP local: ldap_simple_bind_s %s", ldap_err2string(rc));
+    status = CURLE_LDAP_CANNOT_BIND;
+    goto quit;
+  }
+
+  rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope,
+                     ludp->lud_filter, ludp->lud_attrs, 0, &result);
+
+  if(rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) {
+    failf(data, "LDAP remote: %s", ldap_err2string(rc));
+    status = CURLE_LDAP_SEARCH_FAILED;
+    goto quit;
+  }
+
+  for(num = 0, entryIterator = ldap_first_entry(server, result);
+      entryIterator;
+      entryIterator = ldap_next_entry(server, entryIterator), num++) {
+    BerElement *ber = NULL;
+    char  *attribute;       /*! suspicious that this isn't 'const' */
+    char  *dn = ldap_get_dn(server, entryIterator);
+    int i;
+
+    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
+    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)dn, 0);
+    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+
+    dlsize += strlen(dn)+5;
+
+    for(attribute = ldap_first_attribute(server, entryIterator, &ber);
+        attribute;
+        attribute = ldap_next_attribute(server, entryIterator, ber)) {
+      BerValue **vals = ldap_get_values_len(server, entryIterator, attribute);
+
+      if(vals != NULL) {
+        for(i = 0; (vals[i] != NULL); i++) {
+          Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
+          Curl_client_write(conn, CLIENTWRITE_BODY, (char *) attribute, 0);
+          Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
+          dlsize += strlen(attribute)+3;
+
+          if((strlen(attribute) > 7) &&
+              (strcmp(";binary",
+                      (char *)attribute +
+                      (strlen((char *)attribute) - 7)) == 0)) {
+            /* Binary attribute, encode to base64. */
+            CURLcode error = Curl_base64_encode(data,
+                                                vals[i]->bv_val,
+                                                vals[i]->bv_len,
+                                                &val_b64,
+                                                &val_b64_sz);
+            if(error) {
+              ldap_value_free_len(vals);
+              ldap_memfree(attribute);
+              ldap_memfree(dn);
+              if(ber)
+                ber_free(ber, 0);
+              status = error;
+              goto quit;
+            }
+            if(val_b64_sz > 0) {
+              Curl_client_write(conn, CLIENTWRITE_BODY, val_b64, val_b64_sz);
+              free(val_b64);
+              dlsize += val_b64_sz;
+            }
+          }
+          else {
+            Curl_client_write(conn, CLIENTWRITE_BODY, vals[i]->bv_val,
+                              vals[i]->bv_len);
+            dlsize += vals[i]->bv_len;
+          }
+          Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+          dlsize++;
+        }
+
+        /* Free memory used to store values */
+        ldap_value_free_len(vals);
+      }
+      Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+      dlsize++;
+      Curl_pgrsSetDownloadCounter(data, dlsize);
+      ldap_memfree(attribute);
+    }
+    ldap_memfree(dn);
+    if(ber)
+       ber_free(ber, 0);
+  }
+
+quit:
+  if(result) {
+    ldap_msgfree(result);
+    LDAP_TRACE (("Received %d entries\n", num));
+  }
+  if(rc == LDAP_SIZELIMIT_EXCEEDED)
+    infof(data, "There are more than %d entries\n", num);
+  if(ludp)
+    ldap_free_urldesc(ludp);
+  if(server)
+    ldap_unbind_s(server);
+#if defined(HAVE_LDAP_SSL) && defined(CURL_HAS_NOVELL_LDAPSDK)
+  if(ldap_ssl)
+    ldapssl_client_deinit();
+#endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */
+
+  /* no data to transfer */
+  Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+  connclose(conn, "LDAP connection always disable re-use");
+
+  return status;
+}
+
+#ifdef DEBUG_LDAP
+static void _ldap_trace (const char *fmt, ...)
+{
+  static int do_trace = -1;
+  va_list args;
+
+  if(do_trace == -1) {
+    const char *env = getenv("CURL_TRACE");
+    do_trace = (env && strtol(env, NULL, 10) > 0);
+  }
+  if(!do_trace)
+    return;
+
+  va_start (args, fmt);
+  vfprintf (stderr, fmt, args);
+  va_end (args);
+}
+#endif
+
+#ifndef HAVE_LDAP_URL_PARSE
+
+/*
+ * Return scope-value for a scope-string.
+ */
+static int str2scope (const char *p)
+{
+  if(strequal(p, "one"))
+     return LDAP_SCOPE_ONELEVEL;
+  if(strequal(p, "onetree"))
+     return LDAP_SCOPE_ONELEVEL;
+  if(strequal(p, "base"))
+     return LDAP_SCOPE_BASE;
+  if(strequal(p, "sub"))
+     return LDAP_SCOPE_SUBTREE;
+  if(strequal( p, "subtree"))
+     return LDAP_SCOPE_SUBTREE;
+  return (-1);
+}
+
+/*
+ * Split 'str' into strings separated by commas.
+ * Note: res[] points into 'str'.
+ */
+static char **split_str (char *str)
+{
+  char **res, *lasts, *s;
+  int  i;
+
+  for(i = 2, s = strchr(str,','); s; i++)
+    s = strchr(++s,',');
+
+  res = calloc(i, sizeof(char*));
+  if(!res)
+    return NULL;
+
+  for(i = 0, s = strtok_r(str, ",", &lasts); s;
+      s = strtok_r(NULL, ",", &lasts), i++)
+    res[i] = s;
+  return res;
+}
+
+/*
+ * Unescape the LDAP-URL components
+ */
+static bool unescape_elements (void *data, LDAPURLDesc *ludp)
+{
+  int i;
+
+  if(ludp->lud_filter) {
+    ludp->lud_filter = curl_easy_unescape(data, ludp->lud_filter, 0, NULL);
+    if(!ludp->lud_filter)
+       return FALSE;
+  }
+
+  for(i = 0; ludp->lud_attrs && ludp->lud_attrs[i]; i++) {
+    ludp->lud_attrs[i] = curl_easy_unescape(data, ludp->lud_attrs[i],
+                                            0, NULL);
+    if(!ludp->lud_attrs[i])
+      return FALSE;
+    ludp->lud_attrs_dups++;
+  }
+
+  if(ludp->lud_dn) {
+    char *dn = ludp->lud_dn;
+    char *new_dn = curl_easy_unescape(data, dn, 0, NULL);
+
+    free(dn);
+    ludp->lud_dn = new_dn;
+    if(!new_dn)
+       return (FALSE);
+  }
+  return (TRUE);
+}
+
+/*
+ * Break apart the pieces of an LDAP URL.
+ * Syntax:
+ *   ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
+ *
+ * <hostname> already known from 'conn->host.name'.
+ * <port>     already known from 'conn->remote_port'.
+ * extract the rest from 'conn->data->state.path+1'. All fields are optional.
+ * e.g.
+ *   ldap://<hostname>:<port>/?<attributes>?<scope>?<filter>
+ * yields ludp->lud_dn = "".
+ *
+ * Defined in RFC4516 section 2.
+ */
+static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
+{
+  char *p, *q;
+  int i;
+
+  if(!conn->data ||
+      !conn->data->state.path ||
+      conn->data->state.path[0] != '/' ||
+      !checkprefix("LDAP", conn->data->change.url))
+    return LDAP_INVALID_SYNTAX;
+
+  ludp->lud_scope = LDAP_SCOPE_BASE;
+  ludp->lud_port  = conn->remote_port;
+  ludp->lud_host  = conn->host.name;
+
+  /* parse DN (Distinguished Name).
+   */
+  ludp->lud_dn = strdup(conn->data->state.path+1);
+  if(!ludp->lud_dn)
+    return LDAP_NO_MEMORY;
+
+  p = strchr(ludp->lud_dn, '?');
+  LDAP_TRACE (("DN '%.*s'\n", p ? (size_t)(p-ludp->lud_dn) :
+               strlen(ludp->lud_dn), ludp->lud_dn));
+
+  if(!p)
+    goto success;
+
+  *p++ = '\0';
+
+  /* parse attributes. skip "??".
+   */
+  q = strchr(p, '?');
+  if(q)
+    *q++ = '\0';
+
+  if(*p && *p != '?') {
+    ludp->lud_attrs = split_str(p);
+    if(!ludp->lud_attrs)
+      return LDAP_NO_MEMORY;
+
+    for(i = 0; ludp->lud_attrs[i]; i++)
+      LDAP_TRACE (("attr[%d] '%s'\n", i, ludp->lud_attrs[i]));
+  }
+
+  p = q;
+  if(!p)
+    goto success;
+
+  /* parse scope. skip "??"
+   */
+  q = strchr(p, '?');
+  if(q)
+    *q++ = '\0';
+
+  if(*p && *p != '?') {
+    ludp->lud_scope = str2scope(p);
+    if(ludp->lud_scope == -1) {
+      return LDAP_INVALID_SYNTAX;
+    }
+    LDAP_TRACE (("scope %d\n", ludp->lud_scope));
+  }
+
+  p = q;
+  if(!p)
+    goto success;
+
+  /* parse filter
+   */
+  q = strchr(p, '?');
+  if(q)
+    *q++ = '\0';
+  if(!*p) {
+    return LDAP_INVALID_SYNTAX;
+  }
+
+  ludp->lud_filter = p;
+  LDAP_TRACE (("filter '%s'\n", ludp->lud_filter));
+
+  success:
+  if(!unescape_elements(conn->data, ludp))
+    return LDAP_NO_MEMORY;
+  return LDAP_SUCCESS;
+}
+
+static int _ldap_url_parse (const struct connectdata *conn,
+                            LDAPURLDesc **ludpp)
+{
+  LDAPURLDesc *ludp = calloc(1, sizeof(*ludp));
+  int rc;
+
+  *ludpp = NULL;
+  if(!ludp)
+     return LDAP_NO_MEMORY;
+
+  rc = _ldap_url_parse2 (conn, ludp);
+  if(rc != LDAP_SUCCESS) {
+    _ldap_free_urldesc(ludp);
+    ludp = NULL;
+  }
+  *ludpp = ludp;
+  return (rc);
+}
+
+static void _ldap_free_urldesc (LDAPURLDesc *ludp)
+{
+  size_t i;
+
+  if(!ludp)
+    return;
+
+  if(ludp->lud_dn)
+    free(ludp->lud_dn);
+
+  if(ludp->lud_filter)
+    free(ludp->lud_filter);
+
+  if(ludp->lud_attrs) {
+    for(i = 0; i < ludp->lud_attrs_dups; i++)
+      free(ludp->lud_attrs[i]);
+    free(ludp->lud_attrs);
+  }
+
+  free (ludp);
+}
+#endif  /* !HAVE_LDAP_URL_PARSE */
+#endif  /* !CURL_DISABLE_LDAP && !USE_OPENLDAP */
diff --git a/Utilities/cmcurl/lib/libcurl.rc b/Utilities/cmcurl/lib/libcurl.rc
new file mode 100644
index 0000000..47b944a
--- /dev/null
+++ b/Utilities/cmcurl/lib/libcurl.rc
@@ -0,0 +1,63 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <winver.h>
+#include "../include/curl/curlver.h"
+
+LANGUAGE  0x09,0x01
+
+#define RC_VERSION  LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR, LIBCURL_VERSION_PATCH, 0
+
+VS_VERSION_INFO VERSIONINFO
+  FILEVERSION     RC_VERSION
+  PRODUCTVERSION  RC_VERSION
+  FILEFLAGSMASK   0x3fL
+#if defined(DEBUGBUILD) || defined(_DEBUG)
+  FILEFLAGS 1
+#else
+  FILEFLAGS 0
+#endif
+  FILEOS      VOS__WINDOWS32
+  FILETYPE    VFT_DLL
+  FILESUBTYPE 0x0L
+
+BEGIN
+  BLOCK "StringFileInfo"
+  BEGIN
+    BLOCK "040904b0"
+    BEGIN
+      VALUE "CompanyName",      "The cURL library, http://curl.haxx.se/\0"
+      VALUE "FileDescription",  "libcurl Shared Library\0"
+      VALUE "FileVersion",      LIBCURL_VERSION "\0"
+      VALUE "InternalName",     "libcurl\0"
+      VALUE "OriginalFilename", "libcurl.dll\0"
+      VALUE "ProductName",      "The cURL library\0"
+      VALUE "ProductVersion",   LIBCURL_VERSION "\0"
+      VALUE "LegalCopyright",   "© " LIBCURL_COPYRIGHT "\0"
+      VALUE "License",          "http://curl.haxx.se/docs/copyright.html\0"
+    END
+  END
+
+  BLOCK "VarFileInfo"
+  BEGIN
+    VALUE "Translation", 0x409, 1200
+  END
+END
diff --git a/Utilities/cmcurl/llist.c b/Utilities/cmcurl/lib/llist.c
index 921d1d1..40bb628 100644
--- a/Utilities/cmcurl/llist.c
+++ b/Utilities/cmcurl/lib/llist.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,22 +18,21 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
-
-#include <string.h>
-#include <stdlib.h>
+#include "curl_setup.h"
 
 #include "llist.h"
-#include "memory.h"
+#include "curl_memory.h"
 
 /* this must be the last include file */
 #include "memdebug.h"
 
-void
-Curl_llist_init(struct curl_llist *l, curl_llist_dtor dtor)
+/*
+ * @unittest: 1300
+ */
+static void
+llist_init(struct curl_llist *l, curl_llist_dtor dtor)
 {
   l->size = 0;
   l->dtor = dtor;
@@ -46,44 +45,57 @@ Curl_llist_alloc(curl_llist_dtor dtor)
 {
   struct curl_llist *list;
 
-  list = (struct curl_llist *)malloc(sizeof(struct curl_llist));
-  if(NULL == list)
+  list = malloc(sizeof(struct curl_llist));
+  if(!list)
     return NULL;
 
-  Curl_llist_init(list, dtor);
+  llist_init(list, dtor);
 
   return list;
 }
 
 /*
- * Curl_llist_insert_next() returns 1 on success and 0 on failure.
+ * Curl_llist_insert_next()
+ *
+ * Inserts a new list element after the given one 'e'. If the given existing
+ * entry is NULL and the list already has elements, the new one will be
+ * inserted first in the list.
+ *
+ * Returns: 1 on success and 0 on failure.
+ *
+ * @unittest: 1300
  */
 int
 Curl_llist_insert_next(struct curl_llist *list, struct curl_llist_element *e,
                        const void *p)
 {
-  struct curl_llist_element *ne =
-    (struct curl_llist_element *) malloc(sizeof(struct curl_llist_element));
+  struct curl_llist_element *ne = malloc(sizeof(struct curl_llist_element));
   if(!ne)
     return 0;
 
   ne->ptr = (void *) p;
-  if (list->size == 0) {
+  if(list->size == 0) {
     list->head = ne;
     list->head->prev = NULL;
     list->head->next = NULL;
     list->tail = ne;
   }
   else {
-    ne->next = e->next;
+    /* if 'e' is NULL here, we insert the new element first in the list */
+    ne->next = e?e->next:list->head;
     ne->prev = e;
-    if (e->next) {
+    if(!e) {
+      list->head->prev = ne;
+      list->head = ne;
+    }
+    else if(e->next) {
       e->next->prev = ne;
     }
     else {
       list->tail = ne;
     }
-    e->next = ne;
+    if(e)
+      e->next = ne;
   }
 
   ++list->size;
@@ -91,29 +103,38 @@ Curl_llist_insert_next(struct curl_llist *list, struct curl_llist_element *e,
   return 1;
 }
 
+/*
+ * @unittest: 1300
+ */
 int
 Curl_llist_remove(struct curl_llist *list, struct curl_llist_element *e,
                   void *user)
 {
-  if (e == NULL || list->size == 0)
+  if(e == NULL || list->size == 0)
     return 1;
 
-  if (e == list->head) {
+  if(e == list->head) {
     list->head = e->next;
 
-    if (list->head == NULL)
+    if(list->head == NULL)
       list->tail = NULL;
     else
       e->next->prev = NULL;
-  } else {
+  }
+  else {
     e->prev->next = e->next;
-    if (!e->next)
+    if(!e->next)
       list->tail = e->prev;
     else
       e->next->prev = e->prev;
   }
 
   list->dtor(user, e->ptr);
+
+  e->ptr  = NULL;
+  e->prev = NULL;
+  e->next = NULL;
+
   free(e);
   --list->size;
 
@@ -124,7 +145,7 @@ void
 Curl_llist_destroy(struct curl_llist *list, void *user)
 {
   if(list) {
-    while (list->size > 0)
+    while(list->size > 0)
       Curl_llist_remove(list, list->tail, user);
 
     free(list);
@@ -136,3 +157,56 @@ Curl_llist_count(struct curl_llist *list)
 {
   return list->size;
 }
+
+/*
+ * @unittest: 1300
+ */
+int Curl_llist_move(struct curl_llist *list, struct curl_llist_element *e,
+                    struct curl_llist *to_list,
+                    struct curl_llist_element *to_e)
+{
+  /* Remove element from list */
+  if(e == NULL || list->size == 0)
+    return 0;
+
+  if(e == list->head) {
+    list->head = e->next;
+
+    if(list->head == NULL)
+      list->tail = NULL;
+    else
+      e->next->prev = NULL;
+  }
+  else {
+    e->prev->next = e->next;
+    if(!e->next)
+      list->tail = e->prev;
+    else
+      e->next->prev = e->prev;
+  }
+
+  --list->size;
+
+  /* Add element to to_list after to_e */
+  if(to_list->size == 0) {
+    to_list->head = e;
+    to_list->head->prev = NULL;
+    to_list->head->next = NULL;
+    to_list->tail = e;
+  }
+  else {
+    e->next = to_e->next;
+    e->prev = to_e;
+    if(to_e->next) {
+      to_e->next->prev = e;
+    }
+    else {
+      to_list->tail = e;
+    }
+    to_e->next = e;
+  }
+
+  ++to_list->size;
+
+  return 1;
+}
diff --git a/Utilities/cmcurl/llist.h b/Utilities/cmcurl/lib/llist.h
index 5c7a8a0..27ddb71 100644
--- a/Utilities/cmcurl/llist.h
+++ b/Utilities/cmcurl/lib/llist.h
@@ -1,5 +1,5 @@
-#ifndef __LLIST_H
-#define __LLIST_H
+#ifndef HEADER_CURL_LLIST_H
+#define HEADER_CURL_LLIST_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,10 +20,9 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 #include <stddef.h>
 
 typedef void (*curl_llist_dtor)(void *, void *);
@@ -44,17 +43,15 @@ struct curl_llist {
   size_t size;
 };
 
-void Curl_llist_init(struct curl_llist *, curl_llist_dtor);
 struct curl_llist *Curl_llist_alloc(curl_llist_dtor);
 int Curl_llist_insert_next(struct curl_llist *, struct curl_llist_element *,
                            const void *);
-int Curl_llist_insert_prev(struct curl_llist *, struct curl_llist_element *,
-                           const void *);
 int Curl_llist_remove(struct curl_llist *, struct curl_llist_element *,
                       void *);
-int Curl_llist_remove_next(struct curl_llist *, struct curl_llist_element *,
-                           void *);
 size_t Curl_llist_count(struct curl_llist *);
 void Curl_llist_destroy(struct curl_llist *, void *);
+int Curl_llist_move(struct curl_llist *, struct curl_llist_element *,
+                    struct curl_llist *, struct curl_llist_element *);
+
+#endif /* HEADER_CURL_LLIST_H */
 
-#endif
diff --git a/Utilities/cmcurl/lib/md4.c b/Utilities/cmcurl/lib/md4.c
new file mode 100644
index 0000000..6930e02
--- /dev/null
+++ b/Utilities/cmcurl/lib/md4.c
@@ -0,0 +1,282 @@
+/*-
+   Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD4 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD4 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+
+#include "curl_setup.h"
+
+/* NSS crypto library does not provide the MD4 hash algorithm, so that we have
+ * a local implementation of it */
+#ifdef USE_NSS
+
+#include "curl_md4.h"
+#include "warnless.h"
+
+typedef unsigned int UINT4;
+
+typedef struct MD4Context {
+  UINT4 state[4];               /* state (ABCD) */
+  UINT4 count[2];               /* number of bits, modulo 2^64 (lsb first) */
+  unsigned char buffer[64];     /* input buffer */
+} MD4_CTX;
+
+/* Constants for MD4Transform routine.
+ */
+#define S11 3
+#define S12 7
+#define S13 11
+#define S14 19
+#define S21 3
+#define S22 5
+#define S23 9
+#define S24 13
+#define S31 3
+#define S32 9
+#define S33 11
+#define S34 15
+
+static void MD4Transform(UINT4 [4], const unsigned char [64]);
+static void Encode(unsigned char *, UINT4 *, unsigned int);
+static void Decode(UINT4 *, const unsigned char *, unsigned int);
+
+static unsigned char PADDING[64] = {
+  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/* F, G and H are basic MD4 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+
+/* ROTATE_LEFT rotates x left n bits.
+ */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG and HH are transformations for rounds 1, 2 and 3 */
+/* Rotation is separate from addition to prevent recomputation */
+#define FF(a, b, c, d, x, s) { \
+    (a) += F ((b), (c), (d)) + (x); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+  }
+#define GG(a, b, c, d, x, s) { \
+    (a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \
+    (a) = ROTATE_LEFT ((a), (s)); \
+  }
+#define HH(a, b, c, d, x, s) { \
+    (a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \
+    (a) = ROTATE_LEFT ((a), (s)); \
+  }
+
+/* MD4 initialization. Begins an MD4 operation, writing a new context.
+ */
+static void MD4Init(MD4_CTX *context)
+{
+  context->count[0] = context->count[1] = 0;
+
+  /* Load magic initialization constants.
+   */
+  context->state[0] = 0x67452301;
+  context->state[1] = 0xefcdab89;
+  context->state[2] = 0x98badcfe;
+  context->state[3] = 0x10325476;
+}
+
+/* MD4 block update operation. Continues an MD4 message-digest
+     operation, processing another message block, and updating the
+     context.
+ */
+static void MD4Update(MD4_CTX *context, const unsigned char *input,
+                      unsigned int inputLen)
+{
+  unsigned int i, bufindex, partLen;
+
+  /* Compute number of bytes mod 64 */
+  bufindex = (unsigned int)((context->count[0] >> 3) & 0x3F);
+  /* Update number of bits */
+  if((context->count[0] += ((UINT4)inputLen << 3))
+     < ((UINT4)inputLen << 3))
+    context->count[1]++;
+  context->count[1] += ((UINT4)inputLen >> 29);
+
+  partLen = 64 - bufindex;
+  /* Transform as many times as possible.
+   */
+  if(inputLen >= partLen) {
+    memcpy(&context->buffer[bufindex], input, partLen);
+    MD4Transform (context->state, context->buffer);
+
+    for(i = partLen; i + 63 < inputLen; i += 64)
+      MD4Transform (context->state, &input[i]);
+
+    bufindex = 0;
+  }
+  else
+    i = 0;
+
+  /* Buffer remaining input */
+  memcpy(&context->buffer[bufindex], &input[i], inputLen-i);
+}
+
+/* MD4 padding. */
+static void MD4Pad(MD4_CTX *context)
+{
+  unsigned char bits[8];
+  unsigned int bufindex, padLen;
+
+  /* Save number of bits */
+  Encode (bits, context->count, 8);
+
+  /* Pad out to 56 mod 64.
+   */
+  bufindex = (unsigned int)((context->count[0] >> 3) & 0x3f);
+  padLen = (bufindex < 56) ? (56 - bufindex) : (120 - bufindex);
+  MD4Update (context, PADDING, padLen);
+
+  /* Append length (before padding) */
+  MD4Update (context, bits, 8);
+}
+
+/* MD4 finalization. Ends an MD4 message-digest operation, writing the
+     the message digest and zeroizing the context.
+ */
+static void MD4Final (unsigned char digest[16], MD4_CTX *context)
+{
+  /* Do padding */
+  MD4Pad (context);
+
+  /* Store state in digest */
+  Encode (digest, context->state, 16);
+
+  /* Zeroize sensitive information.
+   */
+  memset(context, 0, sizeof(*context));
+}
+
+/* MD4 basic transformation. Transforms state based on block.
+ */
+static void MD4Transform (UINT4 state[4], const unsigned char block[64])
+{
+  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
+
+  Decode (x, block, 64);
+
+  /* Round 1 */
+  FF (a, b, c, d, x[ 0], S11); /* 1 */
+  FF (d, a, b, c, x[ 1], S12); /* 2 */
+  FF (c, d, a, b, x[ 2], S13); /* 3 */
+  FF (b, c, d, a, x[ 3], S14); /* 4 */
+  FF (a, b, c, d, x[ 4], S11); /* 5 */
+  FF (d, a, b, c, x[ 5], S12); /* 6 */
+  FF (c, d, a, b, x[ 6], S13); /* 7 */
+  FF (b, c, d, a, x[ 7], S14); /* 8 */
+  FF (a, b, c, d, x[ 8], S11); /* 9 */
+  FF (d, a, b, c, x[ 9], S12); /* 10 */
+  FF (c, d, a, b, x[10], S13); /* 11 */
+  FF (b, c, d, a, x[11], S14); /* 12 */
+  FF (a, b, c, d, x[12], S11); /* 13 */
+  FF (d, a, b, c, x[13], S12); /* 14 */
+  FF (c, d, a, b, x[14], S13); /* 15 */
+  FF (b, c, d, a, x[15], S14); /* 16 */
+
+  /* Round 2 */
+  GG (a, b, c, d, x[ 0], S21); /* 17 */
+  GG (d, a, b, c, x[ 4], S22); /* 18 */
+  GG (c, d, a, b, x[ 8], S23); /* 19 */
+  GG (b, c, d, a, x[12], S24); /* 20 */
+  GG (a, b, c, d, x[ 1], S21); /* 21 */
+  GG (d, a, b, c, x[ 5], S22); /* 22 */
+  GG (c, d, a, b, x[ 9], S23); /* 23 */
+  GG (b, c, d, a, x[13], S24); /* 24 */
+  GG (a, b, c, d, x[ 2], S21); /* 25 */
+  GG (d, a, b, c, x[ 6], S22); /* 26 */
+  GG (c, d, a, b, x[10], S23); /* 27 */
+  GG (b, c, d, a, x[14], S24); /* 28 */
+  GG (a, b, c, d, x[ 3], S21); /* 29 */
+  GG (d, a, b, c, x[ 7], S22); /* 30 */
+  GG (c, d, a, b, x[11], S23); /* 31 */
+  GG (b, c, d, a, x[15], S24); /* 32 */
+
+  /* Round 3 */
+  HH (a, b, c, d, x[ 0], S31); /* 33 */
+  HH (d, a, b, c, x[ 8], S32); /* 34 */
+  HH (c, d, a, b, x[ 4], S33); /* 35 */
+  HH (b, c, d, a, x[12], S34); /* 36 */
+  HH (a, b, c, d, x[ 2], S31); /* 37 */
+  HH (d, a, b, c, x[10], S32); /* 38 */
+  HH (c, d, a, b, x[ 6], S33); /* 39 */
+  HH (b, c, d, a, x[14], S34); /* 40 */
+  HH (a, b, c, d, x[ 1], S31); /* 41 */
+  HH (d, a, b, c, x[ 9], S32); /* 42 */
+  HH (c, d, a, b, x[ 5], S33); /* 43 */
+  HH (b, c, d, a, x[13], S34); /* 44 */
+  HH (a, b, c, d, x[ 3], S31); /* 45 */
+  HH (d, a, b, c, x[11], S32); /* 46 */
+  HH (c, d, a, b, x[ 7], S33); /* 47 */
+  HH (b, c, d, a, x[15], S34); /* 48 */
+
+  state[0] += a;
+  state[1] += b;
+  state[2] += c;
+  state[3] += d;
+
+  /* Zeroize sensitive information.
+   */
+  memset(x, 0, sizeof(x));
+}
+
+/* Encodes input (UINT4) into output (unsigned char). Assumes len is
+     a multiple of 4.
+ */
+static void Encode(unsigned char *output, UINT4 *input, unsigned int len)
+{
+  unsigned int i, j;
+
+  for(i = 0, j = 0; j < len; i++, j += 4) {
+    output[j] = (unsigned char)(input[i] & 0xff);
+    output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
+    output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
+    output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
+  }
+}
+
+/* Decodes input (unsigned char) into output (UINT4). Assumes len is
+     a multiple of 4.
+ */
+static void Decode (UINT4 *output, const unsigned char *input,
+                    unsigned int len)
+{
+  unsigned int i, j;
+
+  for(i = 0, j = 0; j < len; i++, j += 4)
+    output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
+      (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
+}
+
+void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len)
+{
+  MD4_CTX ctx;
+  MD4Init(&ctx);
+  MD4Update(&ctx, input, curlx_uztoui(len));
+  MD4Final(output, &ctx);
+}
+#endif /* USE_NSS */
diff --git a/Utilities/cmcurl/md5.c b/Utilities/cmcurl/lib/md5.c
index 4cfb073..af39fd4 100644
--- a/Utilities/cmcurl/md5.c
+++ b/Utilities/cmcurl/lib/md5.c
@@ -1,16 +1,16 @@
 /***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
+ *
  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  * copies of the Software, and permit persons to whom the Software is
  * furnished to do so, under the terms of the COPYING file.
@@ -18,17 +18,147 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
 #ifndef CURL_DISABLE_CRYPTO_AUTH
 
-#if !defined(USE_SSLEAY) || !defined(USE_OPENSSL)
-/* This code segment is only used if OpenSSL is not provided, as if it is
-   we use the MD5-function provided there instead. No good duplicating
-   code! */
+#include "curl_md5.h"
+#include "curl_hmac.h"
+#include "warnless.h"
+
+#include "curl_memory.h"
+
+#if defined(USE_GNUTLS_NETTLE)
+
+#include <nettle/md5.h>
+/* The last #include file should be: */
+#include "memdebug.h"
+
+typedef struct md5_ctx MD5_CTX;
+
+static void MD5_Init(MD5_CTX * ctx)
+{
+  md5_init(ctx);
+}
+
+static void MD5_Update(MD5_CTX * ctx,
+                       const unsigned char * input,
+                       unsigned int inputLen)
+{
+  md5_update(ctx, inputLen, input);
+}
+
+static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
+{
+  md5_digest(ctx, 16, digest);
+}
+
+#elif defined(USE_GNUTLS)
+
+#include <gcrypt.h>
+/* The last #include file should be: */
+#include "memdebug.h"
+
+typedef gcry_md_hd_t MD5_CTX;
+
+static void MD5_Init(MD5_CTX * ctx)
+{
+  gcry_md_open(ctx, GCRY_MD_MD5, 0);
+}
+
+static void MD5_Update(MD5_CTX * ctx,
+                       const unsigned char * input,
+                       unsigned int inputLen)
+{
+  gcry_md_write(*ctx, input, inputLen);
+}
+
+static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
+{
+  memcpy(digest, gcry_md_read(*ctx, 0), 16);
+  gcry_md_close(*ctx);
+}
+
+#elif defined(USE_SSLEAY)
+/* When OpenSSL is available we use the MD5-function from OpenSSL */
+
+#  ifdef USE_OPENSSL
+#    include <openssl/md5.h>
+#  else
+#    include <md5.h>
+#  endif
+
+#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \
+              (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040)) || \
+      (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \
+              (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000))
+
+/* For Apple operating systems: CommonCrypto has the functions we need.
+   These functions are available on Tiger and later, as well as iOS 2.0
+   and later. If you're building for an older cat, well, sorry.
+
+   Declaring the functions as static like this seems to be a bit more
+   reliable than defining COMMON_DIGEST_FOR_OPENSSL on older cats. */
+#  include <CommonCrypto/CommonDigest.h>
+#  define MD5_CTX CC_MD5_CTX
+
+static void MD5_Init(MD5_CTX *ctx)
+{
+  CC_MD5_Init(ctx);
+}
+
+static void MD5_Update(MD5_CTX *ctx,
+                       const unsigned char *input,
+                       unsigned int inputLen)
+{
+  CC_MD5_Update(ctx, input, inputLen);
+}
+
+static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
+{
+  CC_MD5_Final(digest, ctx);
+}
+
+#elif defined(_WIN32)
+
+#include <wincrypt.h>
+
+typedef struct {
+  HCRYPTPROV hCryptProv;
+  HCRYPTHASH hHash;
+} MD5_CTX;
+
+static void MD5_Init(MD5_CTX *ctx)
+{
+  if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL,
+                         PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+    CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash);
+  }
+}
+
+static void MD5_Update(MD5_CTX *ctx,
+                       const unsigned char *input,
+                       unsigned int inputLen)
+{
+  CryptHashData(ctx->hHash, (unsigned char *)input, inputLen, 0);
+}
+
+static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
+{
+  unsigned long length = 0;
+  CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0);
+  if(length == 16)
+    CryptGetHashParam(ctx->hHash, HP_HASHVAL, digest, &length, 0);
+  if(ctx->hHash)
+    CryptDestroyHash(ctx->hHash);
+  if(ctx->hCryptProv)
+    CryptReleaseContext(ctx->hCryptProv, 0);
+}
+
+#else
+/* When no other crypto library is available we use this code segment */
 
 /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
 rights reserved.
@@ -52,8 +182,6 @@ These notices must be retained in any copies of any part of this
 documentation and/or software.
  */
 
-#include <string.h>
-
 /* UINT4 defines a four byte word */
 typedef unsigned int UINT4;
 
@@ -161,28 +289,28 @@ static void MD5_Update (struct md5_ctx *context,    /* context */
   bufindex = (unsigned int)((context->count[0] >> 3) & 0x3F);
 
   /* Update number of bits */
-  if ((context->count[0] += ((UINT4)inputLen << 3))
+  if((context->count[0] += ((UINT4)inputLen << 3))
       < ((UINT4)inputLen << 3))
     context->count[1]++;
   context->count[1] += ((UINT4)inputLen >> 29);
-  
+
   partLen = 64 - bufindex;
 
   /* Transform as many times as possible. */
-  if (inputLen >= partLen) {
-    memcpy((void *)&context->buffer[bufindex], (void *)input, partLen);
+  if(inputLen >= partLen) {
+    memcpy(&context->buffer[bufindex], input, partLen);
     MD5Transform(context->state, context->buffer);
-    
-    for (i = partLen; i + 63 < inputLen; i += 64)
+
+    for(i = partLen; i + 63 < inputLen; i += 64)
       MD5Transform(context->state, &input[i]);
-    
+
     bufindex = 0;
   }
   else
     i = 0;
 
   /* Buffer remaining input */
-  memcpy((void *)&context->buffer[bufindex], (void *)&input[i], inputLen-i);
+  memcpy(&context->buffer[bufindex], &input[i], inputLen-i);
 }
 
 /* MD5 finalization. Ends an MD5 message-digest operation, writing the
@@ -310,7 +438,7 @@ static void Encode (unsigned char *output,
 {
   unsigned int i, j;
 
-  for (i = 0, j = 0; j < len; i++, j += 4) {
+  for(i = 0, j = 0; j < len; i++, j += 4) {
     output[j] = (unsigned char)(input[i] & 0xff);
     output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
     output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
@@ -327,26 +455,87 @@ static void Decode (UINT4 *output,
 {
   unsigned int i, j;
 
-  for (i = 0, j = 0; j < len; i++, j += 4)
+  for(i = 0, j = 0; j < len; i++, j += 4)
     output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
       (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
 }
 
-#else
-/* If OpenSSL is present */
-#include <openssl/md5.h>
-#include <string.h>
-#endif
+#endif /* CRYPTO LIBS */
 
-#include "md5.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+const HMAC_params Curl_HMAC_MD5[] = {
+  {
+    (HMAC_hinit_func) MD5_Init,           /* Hash initialization function. */
+    (HMAC_hupdate_func) MD5_Update,       /* Hash update function. */
+    (HMAC_hfinal_func) MD5_Final,         /* Hash computation end function. */
+    sizeof(MD5_CTX),                      /* Size of hash context structure. */
+    64,                                   /* Maximum key length. */
+    16                                    /* Result size. */
+  }
+};
+
+const MD5_params Curl_DIGEST_MD5[] = {
+  {
+    (Curl_MD5_init_func) MD5_Init,      /* Digest initialization function */
+    (Curl_MD5_update_func) MD5_Update,  /* Digest update function */
+    (Curl_MD5_final_func) MD5_Final,    /* Digest computation end function */
+    sizeof(MD5_CTX),                    /* Size of digest context struct */
+    16                                  /* Result size */
+  }
+};
 
 void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
                 const unsigned char *input)
 {
   MD5_CTX ctx;
   MD5_Init(&ctx);
-  MD5_Update(&ctx, input, (unsigned int)strlen((char *)input));
+  MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
   MD5_Final(outbuffer, &ctx);
 }
 
-#endif
+MD5_context *Curl_MD5_init(const MD5_params *md5params)
+{
+  MD5_context *ctxt;
+
+  /* Create MD5 context */
+  ctxt = malloc(sizeof *ctxt);
+
+  if(!ctxt)
+    return ctxt;
+
+  ctxt->md5_hashctx = malloc(md5params->md5_ctxtsize);
+
+  if(!ctxt->md5_hashctx) {
+    free(ctxt);
+    return NULL;
+  }
+
+  ctxt->md5_hash = md5params;
+
+  (*md5params->md5_init_func)(ctxt->md5_hashctx);
+
+  return ctxt;
+}
+
+int Curl_MD5_update(MD5_context *context,
+                    const unsigned char *data,
+                    unsigned int len)
+{
+  (*context->md5_hash->md5_update_func)(context->md5_hashctx, data, len);
+
+  return 0;
+}
+
+int Curl_MD5_final(MD5_context *context, unsigned char *result)
+{
+  (*context->md5_hash->md5_final_func)(result, context->md5_hashctx);
+
+  free(context->md5_hashctx);
+  free(context);
+
+  return 0;
+}
+
+#endif /* CURL_DISABLE_CRYPTO_AUTH */
diff --git a/Utilities/cmcurl/lib/memdebug.c b/Utilities/cmcurl/lib/memdebug.c
new file mode 100644
index 0000000..4afa620
--- /dev/null
+++ b/Utilities/cmcurl/lib/memdebug.c
@@ -0,0 +1,490 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef CURLDEBUG
+
+#include <curl/curl.h>
+
+#define _MPRINTF_REPLACE
+#include <curl/mprintf.h>
+#include "urldata.h"
+
+#define MEMDEBUG_NODEFINES /* don't redefine the standard functions */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#ifndef HAVE_ASSERT_H
+#  define assert(x) Curl_nop_stmt
+#endif
+
+/*
+ * Until 2011-08-17 libcurl's Memory Tracking feature also performed
+ * automatic malloc and free filling operations using 0xA5 and 0x13
+ * values. Our own preinitialization of dynamically allocated memory
+ * might be useful when not using third party memory debuggers, but
+ * on the other hand this would fool memory debuggers into thinking
+ * that all dynamically allocated memory is properly initialized.
+ *
+ * As a default setting, libcurl's Memory Tracking feature no longer
+ * performs preinitialization of dynamically allocated memory on its
+ * own. If you know what you are doing, and really want to retain old
+ * behavior, you can achieve this compiling with preprocessor symbols
+ * CURL_MT_MALLOC_FILL and CURL_MT_FREE_FILL defined with appropriate
+ * values.
+ */
+
+#ifdef CURL_MT_MALLOC_FILL
+# if (CURL_MT_MALLOC_FILL < 0) || (CURL_MT_MALLOC_FILL > 0xff)
+#   error "invalid CURL_MT_MALLOC_FILL or out of range"
+# endif
+#endif
+
+#ifdef CURL_MT_FREE_FILL
+# if (CURL_MT_FREE_FILL < 0) || (CURL_MT_FREE_FILL > 0xff)
+#   error "invalid CURL_MT_FREE_FILL or out of range"
+# endif
+#endif
+
+#if defined(CURL_MT_MALLOC_FILL) && defined(CURL_MT_FREE_FILL)
+# if (CURL_MT_MALLOC_FILL == CURL_MT_FREE_FILL)
+#   error "CURL_MT_MALLOC_FILL same as CURL_MT_FREE_FILL"
+# endif
+#endif
+
+#ifdef CURL_MT_MALLOC_FILL
+#  define mt_malloc_fill(buf,len) memset((buf), CURL_MT_MALLOC_FILL, (len))
+#else
+#  define mt_malloc_fill(buf,len) Curl_nop_stmt
+#endif
+
+#ifdef CURL_MT_FREE_FILL
+#  define mt_free_fill(buf,len) memset((buf), CURL_MT_FREE_FILL, (len))
+#else
+#  define mt_free_fill(buf,len) Curl_nop_stmt
+#endif
+
+struct memdebug {
+  size_t size;
+  union {
+    curl_off_t o;
+    double d;
+    void * p;
+  } mem[1];
+  /* I'm hoping this is the thing with the strictest alignment
+   * requirements.  That also means we waste some space :-( */
+};
+
+/*
+ * Note that these debug functions are very simple and they are meant to
+ * remain so. For advanced analysis, record a log file and write perl scripts
+ * to analyze them!
+ *
+ * Don't use these with multithreaded test programs!
+ */
+
+#define logfile curl_debuglogfile
+FILE *curl_debuglogfile = NULL;
+static bool memlimit = FALSE; /* enable memory limit */
+static long memsize = 0;  /* set number of mallocs allowed */
+
+/* this sets the log file name */
+void curl_memdebug(const char *logname)
+{
+  if(!logfile) {
+    if(logname && *logname)
+      logfile = fopen(logname, "w");
+    else
+      logfile = stderr;
+#ifdef MEMDEBUG_LOG_SYNC
+    /* Flush the log file after every line so the log isn't lost in a crash */
+    setvbuf(logfile, (char *)NULL, _IOLBF, 0);
+#endif
+  }
+}
+
+/* This function sets the number of malloc() calls that should return
+   successfully! */
+void curl_memlimit(long limit)
+{
+  if(!memlimit) {
+    memlimit = TRUE;
+    memsize = limit;
+  }
+}
+
+/* returns TRUE if this isn't allowed! */
+static bool countcheck(const char *func, int line, const char *source)
+{
+  /* if source is NULL, then the call is made internally and this check
+     should not be made */
+  if(memlimit && source) {
+    if(!memsize) {
+      if(source) {
+        /* log to file */
+        curl_memlog("LIMIT %s:%d %s reached memlimit\n",
+                    source, line, func);
+        /* log to stderr also */
+        fprintf(stderr, "LIMIT %s:%d %s reached memlimit\n",
+                source, line, func);
+      }
+      SET_ERRNO(ENOMEM);
+      return TRUE; /* RETURN ERROR! */
+    }
+    else
+      memsize--; /* countdown */
+
+    /* log the countdown */
+    if(source)
+      curl_memlog("LIMIT %s:%d %ld ALLOCS left\n",
+                  source, line, memsize);
+
+  }
+
+  return FALSE; /* allow this */
+}
+
+void *curl_domalloc(size_t wantedsize, int line, const char *source)
+{
+  struct memdebug *mem;
+  size_t size;
+
+  assert(wantedsize != 0);
+
+  if(countcheck("malloc", line, source))
+    return NULL;
+
+  /* alloc at least 64 bytes */
+  size = sizeof(struct memdebug)+wantedsize;
+
+  mem = (Curl_cmalloc)(size);
+  if(mem) {
+    /* fill memory with junk */
+    mt_malloc_fill(mem->mem, wantedsize);
+    mem->size = wantedsize;
+  }
+
+  if(source)
+    curl_memlog("MEM %s:%d malloc(%zu) = %p\n",
+                source, line, wantedsize,
+                mem ? (void *)mem->mem : (void *)0);
+
+  return (mem ? mem->mem : NULL);
+}
+
+void *curl_docalloc(size_t wanted_elements, size_t wanted_size,
+                    int line, const char *source)
+{
+  struct memdebug *mem;
+  size_t size, user_size;
+
+  assert(wanted_elements != 0);
+  assert(wanted_size != 0);
+
+  if(countcheck("calloc", line, source))
+    return NULL;
+
+  /* alloc at least 64 bytes */
+  user_size = wanted_size * wanted_elements;
+  size = sizeof(struct memdebug) + user_size;
+
+  mem = (Curl_ccalloc)(1, size);
+  if(mem)
+    mem->size = user_size;
+
+  if(source)
+    curl_memlog("MEM %s:%d calloc(%zu,%zu) = %p\n",
+                source, line, wanted_elements, wanted_size,
+                mem ? (void *)mem->mem : (void *)0);
+
+  return (mem ? mem->mem : NULL);
+}
+
+char *curl_dostrdup(const char *str, int line, const char *source)
+{
+  char *mem;
+  size_t len;
+
+  assert(str != NULL);
+
+  if(countcheck("strdup", line, source))
+    return NULL;
+
+  len=strlen(str)+1;
+
+  mem=curl_domalloc(len, 0, NULL); /* NULL prevents logging */
+  if(mem)
+    memcpy(mem, str, len);
+
+  if(source)
+    curl_memlog("MEM %s:%d strdup(%p) (%zu) = %p\n",
+                source, line, (void *)str, len, (void *)mem);
+
+  return mem;
+}
+
+#if defined(WIN32) && defined(UNICODE)
+wchar_t *curl_dowcsdup(const wchar_t *str, int line, const char *source)
+{
+  wchar_t *mem;
+  size_t wsiz, bsiz;
+
+  assert(str != NULL);
+
+  if(countcheck("wcsdup", line, source))
+    return NULL;
+
+  wsiz = wcslen(str) + 1;
+  bsiz = wsiz * sizeof(wchar_t);
+
+  mem = curl_domalloc(bsiz, 0, NULL); /* NULL prevents logging */
+  if(mem)
+    memcpy(mem, str, bsiz);
+
+  if(source)
+    curl_memlog("MEM %s:%d wcsdup(%p) (%zu) = %p\n",
+                source, line, (void *)str, bsiz, (void *)mem);
+
+  return mem;
+}
+#endif
+
+/* We provide a realloc() that accepts a NULL as pointer, which then
+   performs a malloc(). In order to work with ares. */
+void *curl_dorealloc(void *ptr, size_t wantedsize,
+                     int line, const char *source)
+{
+  struct memdebug *mem=NULL;
+
+  size_t size = sizeof(struct memdebug)+wantedsize;
+
+  assert(wantedsize != 0);
+
+  if(countcheck("realloc", line, source))
+    return NULL;
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:1684)
+   /* 1684: conversion from pointer to same-sized integral type */
+#endif
+
+  if(ptr)
+    mem = (void *)((char *)ptr - offsetof(struct memdebug, mem));
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+
+  mem = (Curl_crealloc)(mem, size);
+  if(source)
+    curl_memlog("MEM %s:%d realloc(%p, %zu) = %p\n",
+                source, line, (void *)ptr, wantedsize,
+                mem ? (void *)mem->mem : (void *)0);
+
+  if(mem) {
+    mem->size = wantedsize;
+    return mem->mem;
+  }
+
+  return NULL;
+}
+
+void curl_dofree(void *ptr, int line, const char *source)
+{
+  struct memdebug *mem;
+
+  if(ptr) {
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:1684)
+   /* 1684: conversion from pointer to same-sized integral type */
+#endif
+
+    mem = (void *)((char *)ptr - offsetof(struct memdebug, mem));
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+
+    /* destroy */
+    mt_free_fill(mem->mem, mem->size);
+
+    /* free for real */
+    (Curl_cfree)(mem);
+  }
+
+  if(source)
+    curl_memlog("MEM %s:%d free(%p)\n", source, line, (void *)ptr);
+}
+
+curl_socket_t curl_socket(int domain, int type, int protocol,
+                          int line, const char *source)
+{
+  const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ?
+                    "FD %s:%d socket() = %d\n" :
+                    (sizeof(curl_socket_t) == sizeof(long)) ?
+                    "FD %s:%d socket() = %ld\n" :
+                    "FD %s:%d socket() = %zd\n" ;
+
+  curl_socket_t sockfd = socket(domain, type, protocol);
+
+  if(source && (sockfd != CURL_SOCKET_BAD))
+    curl_memlog(fmt, source, line, sockfd);
+
+  return sockfd;
+}
+
+#ifdef HAVE_SOCKETPAIR
+int curl_socketpair(int domain, int type, int protocol,
+                    curl_socket_t socket_vector[2],
+                    int line, const char *source)
+{
+  const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ?
+                    "FD %s:%d socketpair() = %d %d\n" :
+                    (sizeof(curl_socket_t) == sizeof(long)) ?
+                    "FD %s:%d socketpair() = %ld %ld\n" :
+                    "FD %s:%d socketpair() = %zd %zd\n" ;
+
+  int res = socketpair(domain, type, protocol, socket_vector);
+
+  if(source && (0 == res))
+    curl_memlog(fmt, source, line, socket_vector[0], socket_vector[1]);
+
+  return res;
+}
+#endif
+
+curl_socket_t curl_accept(curl_socket_t s, void *saddr, void *saddrlen,
+                          int line, const char *source)
+{
+  const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ?
+                    "FD %s:%d accept() = %d\n" :
+                    (sizeof(curl_socket_t) == sizeof(long)) ?
+                    "FD %s:%d accept() = %ld\n" :
+                    "FD %s:%d accept() = %zd\n" ;
+
+  struct sockaddr *addr = (struct sockaddr *)saddr;
+  curl_socklen_t *addrlen = (curl_socklen_t *)saddrlen;
+
+  curl_socket_t sockfd = accept(s, addr, addrlen);
+
+  if(source && (sockfd != CURL_SOCKET_BAD))
+    curl_memlog(fmt, source, line, sockfd);
+
+  return sockfd;
+}
+
+/* separate function to allow libcurl to mark a "faked" close */
+void curl_mark_sclose(curl_socket_t sockfd, int line, const char *source)
+{
+  const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ?
+                    "FD %s:%d sclose(%d)\n" :
+                    (sizeof(curl_socket_t) == sizeof(long)) ?
+                    "FD %s:%d sclose(%ld)\n" :
+                    "FD %s:%d sclose(%zd)\n" ;
+
+  if(source)
+    curl_memlog(fmt, source, line, sockfd);
+}
+
+/* this is our own defined way to close sockets on *ALL* platforms */
+int curl_sclose(curl_socket_t sockfd, int line, const char *source)
+{
+  int res=sclose(sockfd);
+  curl_mark_sclose(sockfd, line, source);
+  return res;
+}
+
+FILE *curl_fopen(const char *file, const char *mode,
+                 int line, const char *source)
+{
+  FILE *res=fopen(file, mode);
+
+  if(source)
+    curl_memlog("FILE %s:%d fopen(\"%s\",\"%s\") = %p\n",
+                source, line, file, mode, (void *)res);
+
+  return res;
+}
+
+#ifdef HAVE_FDOPEN
+FILE *curl_fdopen(int filedes, const char *mode,
+                  int line, const char *source)
+{
+  FILE *res=fdopen(filedes, mode);
+
+  if(source)
+    curl_memlog("FILE %s:%d fdopen(\"%d\",\"%s\") = %p\n",
+                source, line, filedes, mode, (void *)res);
+
+  return res;
+}
+#endif
+
+int curl_fclose(FILE *file, int line, const char *source)
+{
+  int res;
+
+  assert(file != NULL);
+
+  res=fclose(file);
+
+  if(source)
+    curl_memlog("FILE %s:%d fclose(%p)\n",
+                source, line, (void *)file);
+
+  return res;
+}
+
+#define LOGLINE_BUFSIZE  1024
+
+/* this does the writting to the memory tracking log file */
+void curl_memlog(const char *format, ...)
+{
+  char *buf;
+  int nchars;
+  va_list ap;
+
+  if(!logfile)
+    return;
+
+  buf = (Curl_cmalloc)(LOGLINE_BUFSIZE);
+  if(!buf)
+    return;
+
+  va_start(ap, format);
+  nchars = vsnprintf(buf, LOGLINE_BUFSIZE, format, ap);
+  va_end(ap);
+
+  if(nchars > LOGLINE_BUFSIZE - 1)
+    nchars = LOGLINE_BUFSIZE - 1;
+
+  if(nchars > 0)
+    fwrite(buf, 1, nchars, logfile);
+
+  (Curl_cfree)(buf);
+}
+
+#endif /* CURLDEBUG */
diff --git a/Utilities/cmcurl/memdebug.h b/Utilities/cmcurl/lib/memdebug.h
index a4ce7e5..bd565c8 100644
--- a/Utilities/cmcurl/memdebug.h
+++ b/Utilities/cmcurl/lib/memdebug.h
@@ -1,6 +1,6 @@
+#ifndef HEADER_CURL_MEMDEBUG_H
+#define HEADER_CURL_MEMDEBUG_H
 #ifdef CURLDEBUG
-#ifndef _CURL_MEDEBUG_H
-#define _CURL_MEDEBUG_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -8,7 +8,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,7 +21,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 /*
@@ -29,21 +28,11 @@
  * as well as the library. Do not mix with library internals!
  */
 
-#include "setup.h"
+#include "curl_setup.h"
 
 #include <curl/curl.h>
 
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#include <stdio.h>
-#ifdef HAVE_MEMORY_H
-#include <memory.h>
-#endif
+#define CURL_MT_LOGFNAME_BUFSIZE 512
 
 #define logfile curl_debuglogfile
 
@@ -51,22 +40,43 @@ extern FILE *logfile;
 
 /* memory functions */
 CURL_EXTERN void *curl_domalloc(size_t size, int line, const char *source);
-CURL_EXTERN void *curl_docalloc(size_t elements, size_t size, int line, const char *source);
-CURL_EXTERN void *curl_dorealloc(void *ptr, size_t size, int line, const char *source);
+CURL_EXTERN void *curl_docalloc(size_t elements, size_t size, int line,
+                                const char *source);
+CURL_EXTERN void *curl_dorealloc(void *ptr, size_t size, int line,
+                                 const char *source);
 CURL_EXTERN void curl_dofree(void *ptr, int line, const char *source);
 CURL_EXTERN char *curl_dostrdup(const char *str, int line, const char *source);
+#if defined(WIN32) && defined(UNICODE)
+CURL_EXTERN wchar_t *curl_dowcsdup(const wchar_t *str, int line,
+                                   const char *source);
+#endif
+
 CURL_EXTERN void curl_memdebug(const char *logname);
 CURL_EXTERN void curl_memlimit(long limit);
+CURL_EXTERN void curl_memlog(const char *format, ...);
 
 /* file descriptor manipulators */
-CURL_EXTERN int curl_socket(int domain, int type, int protocol, int line , const char *);
-CURL_EXTERN int curl_sclose(int sockfd, int, const char *source);
-CURL_EXTERN int curl_accept(int s, void *addr, void *addrlen,
-                            int line, const char *source);
+CURL_EXTERN curl_socket_t curl_socket(int domain, int type, int protocol,
+                                      int line , const char *source);
+CURL_EXTERN void curl_mark_sclose(curl_socket_t sockfd,
+                                  int line , const char *source);
+CURL_EXTERN int curl_sclose(curl_socket_t sockfd,
+                            int line , const char *source);
+CURL_EXTERN curl_socket_t curl_accept(curl_socket_t s, void *a, void *alen,
+                                      int line, const char *source);
+#ifdef HAVE_SOCKETPAIR
+CURL_EXTERN int curl_socketpair(int domain, int type, int protocol,
+                                curl_socket_t socket_vector[2],
+                                int line , const char *source);
+#endif
 
 /* FILE functions */
 CURL_EXTERN FILE *curl_fopen(const char *file, const char *mode, int line,
                              const char *source);
+#ifdef HAVE_FDOPEN
+CURL_EXTERN FILE *curl_fdopen(int filedes, const char *mode, int line,
+                              const char *source);
+#endif
 CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);
 
 #ifndef MEMDEBUG_NODEFINES
@@ -79,12 +89,31 @@ CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);
 #define realloc(ptr,size) curl_dorealloc(ptr, size, __LINE__, __FILE__)
 #define free(ptr) curl_dofree(ptr, __LINE__, __FILE__)
 
+#ifdef WIN32
+#  ifdef UNICODE
+#    undef wcsdup
+#    define wcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
+#    undef _wcsdup
+#    define _wcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
+#    undef _tcsdup
+#    define _tcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
+#  else
+#    undef _tcsdup
+#    define _tcsdup(ptr) curl_dostrdup(ptr, __LINE__, __FILE__)
+#  endif
+#endif
+
 #define socket(domain,type,protocol)\
  curl_socket(domain,type,protocol,__LINE__,__FILE__)
 #undef accept /* for those with accept as a macro */
 #define accept(sock,addr,len)\
  curl_accept(sock,addr,len,__LINE__,__FILE__)
+#ifdef HAVE_SOCKETPAIR
+#define socketpair(domain,type,protocol,socket_vector)\
+ curl_socketpair(domain,type,protocol,socket_vector,__LINE__,__FILE__)
+#endif
 
+#ifdef HAVE_GETADDRINFO
 #if defined(getaddrinfo) && defined(__osf__)
 /* OSF/1 and Tru64 have getaddrinfo as a define already, so we cannot define
    our macro as for other platforms. Instead, we redefine the new name they
@@ -96,30 +125,52 @@ CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);
 #define getaddrinfo(host,serv,hint,res) \
   curl_dogetaddrinfo(host,serv,hint,res,__LINE__,__FILE__)
 #endif
+#endif /* HAVE_GETADDRINFO */
 
 #ifdef HAVE_GETNAMEINFO
 #undef getnameinfo
 #define getnameinfo(sa,salen,host,hostlen,serv,servlen,flags) \
   curl_dogetnameinfo(sa,salen,host,hostlen,serv,servlen,flags, __LINE__, \
   __FILE__)
-#endif
+#endif /* HAVE_GETNAMEINFO */
 
+#ifdef HAVE_FREEADDRINFO
 #undef freeaddrinfo
 #define freeaddrinfo(data) \
   curl_dofreeaddrinfo(data,__LINE__,__FILE__)
+#endif /* HAVE_FREEADDRINFO */
 
 /* sclose is probably already defined, redefine it! */
 #undef sclose
 #define sclose(sockfd) curl_sclose(sockfd,__LINE__,__FILE__)
-/* ares-adjusted define: */
-#undef closesocket
-#define closesocket(sockfd) curl_sclose(sockfd,__LINE__,__FILE__)
+
+#define fake_sclose(sockfd) curl_mark_sclose(sockfd,__LINE__,__FILE__)
 
 #undef fopen
 #define fopen(file,mode) curl_fopen(file,mode,__LINE__,__FILE__)
+#undef fdopen
+#define fdopen(file,mode) curl_fdopen(file,mode,__LINE__,__FILE__)
 #define fclose(file) curl_fclose(file,__LINE__,__FILE__)
 
 #endif /* MEMDEBUG_NODEFINES */
 
-#endif /* _CURL_MEDEBUG_H */
 #endif /* CURLDEBUG */
+
+/*
+** Following section applies even when CURLDEBUG is not defined.
+*/
+
+#ifndef fake_sclose
+#define fake_sclose(x)  Curl_nop_stmt
+#endif
+
+/*
+ * Curl_safefree defined as a macro to allow MemoryTracking feature
+ * to log free() calls at same location where Curl_safefree is used.
+ * This macro also assigns NULL to given pointer when free'd.
+ */
+
+#define Curl_safefree(ptr) \
+  do {if((ptr)) {free((ptr)); (ptr) = NULL;}} WHILE_FALSE
+
+#endif /* HEADER_CURL_MEMDEBUG_H */
diff --git a/Utilities/cmcurl/mprintf.c b/Utilities/cmcurl/lib/mprintf.c
index 8b2f3d0..7412dc3 100644
--- a/Utilities/cmcurl/mprintf.c
+++ b/Utilities/cmcurl/lib/mprintf.c
@@ -1,17 +1,23 @@
-/****************************************************************************
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
  *
- * $Id$
+ * Copyright (C) 1999 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
- *************************************************************************
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
  *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
  *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHORS AND
- * CONTRIBUTORS ACCEPT NO RESPONSIBILITY IN ANY CONCEIVABLE MANNER.
  *
  * Purpose:
  *  A merge of Bjorn Reese's format() function and Daniel's dsprintf()
@@ -29,14 +35,7 @@
  * page at http://daniel.haxx.se/trio/
  */
 
-
-#include "setup.h"
-#include <sys/types.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <ctype.h>
-#include <string.h>
+#include "curl_setup.h"
 
 #if defined(DJGPP) && (DJGPP_MINOR < 4)
 #undef _MPRINTF_REPLACE /* don't use x_was_used() here */
@@ -44,38 +43,60 @@
 
 #include <curl/mprintf.h>
 
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * If SIZEOF_SIZE_T has not been defined, default to the size of long.
+ */
+
 #ifndef SIZEOF_SIZE_T
-/* default to 4 bytes for size_t unless defined in the config.h */
-#define SIZEOF_SIZE_T 4
+#  define SIZEOF_SIZE_T CURL_SIZEOF_LONG
 #endif
 
-#ifdef DPRINTF_DEBUG
-#define HAVE_LONGLONG
-#define LONG_LONG long long
-#define ENABLE_64BIT
+#ifdef HAVE_LONGLONG
+#  define LONG_LONG_TYPE long long
+#  define HAVE_LONG_LONG_TYPE
+#else
+#  if defined(_MSC_VER) && (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64)
+#    define LONG_LONG_TYPE __int64
+#    define HAVE_LONG_LONG_TYPE
+#  else
+#    undef LONG_LONG_TYPE
+#    undef HAVE_LONG_LONG_TYPE
+#  endif
 #endif
 
-#include "memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
+/*
+ * Non-ANSI integer extensions
+ */
 
-#define BUFFSIZE 256 /* buffer for long-to-str and float-to-str calcs */
-#define MAX_PARAMETERS 128 /* lame static limit */
+#if (defined(__BORLANDC__) && (__BORLANDC__ >= 0x520)) || \
+    (defined(__WATCOMC__) && defined(__386__)) || \
+    (defined(__POCC__) && defined(_MSC_VER)) || \
+    (defined(_WIN32_WCE)) || \
+    (defined(__MINGW32__)) || \
+    (defined(_MSC_VER) && (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64))
+#  define MP_HAVE_INT_EXTENSIONS
+#endif
 
-#undef TRUE
-#undef FALSE
-#undef BOOL
-#ifdef __cplusplus
-# define TRUE true
-# define FALSE false
-# define BOOL bool
+/*
+ * Max integer data types that mprintf.c is capable
+ */
+
+#ifdef HAVE_LONG_LONG_TYPE
+#  define mp_intmax_t LONG_LONG_TYPE
+#  define mp_uintmax_t unsigned LONG_LONG_TYPE
 #else
-# define TRUE  ((char)(1 == 1))
-# define FALSE ((char)(0 == 1))
-# define BOOL char
+#  define mp_intmax_t long
+#  define mp_uintmax_t unsigned long
 #endif
 
-#ifdef _AMIGASF
+#define BUFFSIZE 256 /* buffer for long-to-str and float-to-str calcs */
+#define MAX_PARAMETERS 128 /* lame static limit */
+
+#ifdef __AMIGA__
 # undef FORMAT_INT
 #endif
 
@@ -91,7 +112,7 @@ static const char upper_digits[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
       done++; \
     else \
      return done; /* return immediately on failure */ \
-  } while(0)
+  } WHILE_FALSE
 
 /* Data type to read from the arglist */
 typedef enum  {
@@ -107,7 +128,7 @@ typedef enum  {
   FORMAT_WIDTH /* For internal use */
 } FormatType;
 
-/* convertion and display flags */
+/* conversion and display flags */
 enum {
   FLAGS_NEW        = 0,
   FLAGS_SPACE      = 1<<0,
@@ -140,10 +161,10 @@ typedef struct {
   union {
     char *str;
     void *ptr;
-    long num;
-#ifdef ENABLE_64BIT
-    LONG_LONG lnum;
-#endif
+    union {
+      mp_intmax_t as_signed;
+      mp_uintmax_t as_unsigned;
+    } num;
     double dnum;
   } data;
 } va_stack_t;
@@ -158,12 +179,10 @@ struct asprintf {
   char *buffer; /* allocated buffer */
   size_t len;   /* length of string */
   size_t alloc; /* length of alloc */
-  bool fail;    /* TRUE if an alloc has failed and thus the output is not
-                   the complete data */
+  int fail;     /* (!= 0) if an alloc has failed and thus
+                   the output is not the complete data */
 };
 
-int curl_msprintf(char *buffer, const char *format, ...);
-
 static long dprintf_DollarString(char *input, char **end)
 {
   int number=0;
@@ -179,112 +198,30 @@ static long dprintf_DollarString(char *input, char **end)
   return 0;
 }
 
-static BOOL dprintf_IsQualifierNoDollar(char c)
+static bool dprintf_IsQualifierNoDollar(const char *fmt)
 {
-  switch (c) {
+#if defined(MP_HAVE_INT_EXTENSIONS)
+  if(!strncmp(fmt, "I32", 3) || !strncmp(fmt, "I64", 3)) {
+    return TRUE;
+  }
+#endif
+
+  switch(*fmt) {
   case '-': case '+': case ' ': case '#': case '.':
   case '0': case '1': case '2': case '3': case '4':
   case '5': case '6': case '7': case '8': case '9':
   case 'h': case 'l': case 'L': case 'z': case 'q':
   case '*': case 'O':
+#if defined(MP_HAVE_INT_EXTENSIONS)
+  case 'I':
+#endif
     return TRUE;
+
   default:
     return FALSE;
   }
 }
 
-#ifdef DPRINTF_DEBUG2
-int dprintf_Pass1Report(va_stack_t *vto, int max)
-{
-  int i;
-  char buffer[128];
-  int bit;
-  int flags;
-
-  for(i=0; i<max; i++) {
-    char *type;
-    switch(vto[i].type) {
-    case FORMAT_UNKNOWN:
-      type = "unknown";
-      break;
-    case FORMAT_STRING:
-      type ="string";
-      break;
-    case FORMAT_PTR:
-      type ="pointer";
-      break;
-    case FORMAT_INT:
-      type = "int";
-      break;
-    case FORMAT_LONG:
-      type = "long";
-      break;
-    case FORMAT_LONGLONG:
-      type = "long long";
-      break;
-    case FORMAT_DOUBLE:
-      type = "double";
-      break;
-    case FORMAT_LONGDOUBLE:
-      type = "long double";
-      break;
-    }
-
-
-    buffer[0]=0;
-
-    for(bit=0; bit<31; bit++) {
-      flags = vto[i].flags & (1<<bit);
-
-      if(flags & FLAGS_SPACE)
-        strcat(buffer, "space ");
-      else if(flags & FLAGS_SHOWSIGN)
-        strcat(buffer, "plus ");
-      else if(flags & FLAGS_LEFT)
-        strcat(buffer, "left ");
-      else if(flags & FLAGS_ALT)
-        strcat(buffer, "alt ");
-      else if(flags & FLAGS_SHORT)
-        strcat(buffer, "short ");
-      else if(flags & FLAGS_LONG)
-        strcat(buffer, "long ");
-      else if(flags & FLAGS_LONGLONG)
-        strcat(buffer, "longlong ");
-      else if(flags & FLAGS_LONGDOUBLE)
-        strcat(buffer, "longdouble ");
-      else if(flags & FLAGS_PAD_NIL)
-        strcat(buffer, "padnil ");
-      else if(flags & FLAGS_UNSIGNED)
-        strcat(buffer, "unsigned ");
-      else if(flags & FLAGS_OCTAL)
-        strcat(buffer, "octal ");
-      else if(flags & FLAGS_HEX)
-        strcat(buffer, "hex ");
-      else if(flags & FLAGS_UPPER)
-        strcat(buffer, "upper ");
-      else if(flags & FLAGS_WIDTH)
-        strcat(buffer, "width ");
-      else if(flags & FLAGS_WIDTHPARAM)
-        strcat(buffer, "widthparam ");
-      else if(flags & FLAGS_PREC)
-        strcat(buffer, "precision ");
-      else if(flags & FLAGS_PRECPARAM)
-        strcat(buffer, "precparam ");
-      else if(flags & FLAGS_CHAR)
-        strcat(buffer, "char ");
-      else if(flags & FLAGS_FLOATE)
-        strcat(buffer, "floate ");
-      else if(flags & FLAGS_FLOATG)
-        strcat(buffer, "floatg ");
-    }
-    printf("REPORT: %d. %s [%s]\n", i, type, buffer);
-
-  }
-
-
-}
-#endif
-
 /******************************************************************
  *
  * Pass 1:
@@ -293,10 +230,10 @@ int dprintf_Pass1Report(va_stack_t *vto, int max)
  *
  ******************************************************************/
 
-static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
+static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
                           va_list arglist)
 {
-  char *fmt = format;
+  char *fmt = (char *)format;
   int param_num = 0;
   long this_param;
   long width;
@@ -305,9 +242,9 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
   long max_param=0;
   long i;
 
-  while (*fmt) {
-    if (*fmt++ == '%') {
-      if (*fmt == '%') {
+  while(*fmt) {
+    if(*fmt++ == '%') {
+      if(*fmt == '%') {
         fmt++;
         continue; /* while */
       }
@@ -319,11 +256,11 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
       param_num++;
 
       this_param = dprintf_DollarString(fmt, &fmt);
-      if (0 == this_param)
+      if(0 == this_param)
         /* we got no positional, get the next counter */
         this_param = param_num;
 
-      if (this_param > max_param)
+      if(this_param > max_param)
         max_param = this_param;
 
       /*
@@ -337,8 +274,20 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
 
       /* Handle the flags */
 
-      while (dprintf_IsQualifierNoDollar(*fmt)) {
-        switch (*fmt++) {
+      while(dprintf_IsQualifierNoDollar(fmt)) {
+#if defined(MP_HAVE_INT_EXTENSIONS)
+        if(!strncmp(fmt, "I32", 3)) {
+          flags |= FLAGS_LONG;
+          fmt += 3;
+        }
+        else if(!strncmp(fmt, "I64", 3)) {
+          flags |= FLAGS_LONGLONG;
+          fmt += 3;
+        }
+        else
+#endif
+
+        switch(*fmt++) {
         case ' ':
           flags |= FLAGS_SPACE;
           break;
@@ -354,7 +303,7 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
           break;
         case '.':
           flags |= FLAGS_PREC;
-          if ('*' == *fmt) {
+          if('*' == *fmt) {
             /* The precision is picked from a specified parameter */
 
             flags |= FLAGS_PRECPARAM;
@@ -362,12 +311,12 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
             param_num++;
 
             i = dprintf_DollarString(fmt, &fmt);
-            if (i)
+            if(i)
               precision = i;
             else
               precision = param_num;
 
-            if (precision > max_param)
+            if(precision > max_param)
               max_param = precision;
           }
           else {
@@ -378,8 +327,17 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
         case 'h':
           flags |= FLAGS_SHORT;
           break;
+#if defined(MP_HAVE_INT_EXTENSIONS)
+        case 'I':
+#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG)
+          flags |= FLAGS_LONGLONG;
+#else
+          flags |= FLAGS_LONG;
+#endif
+          break;
+#endif
         case 'l':
-          if (flags & FLAGS_LONG)
+          if(flags & FLAGS_LONG)
             flags |= FLAGS_LONGLONG;
           else
             flags |= FLAGS_LONG;
@@ -393,21 +351,21 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
         case 'z':
           /* the code below generates a warning if -Wunreachable-code is
              used */
-#if SIZEOF_SIZE_T>4
+#if (SIZEOF_SIZE_T > CURL_SIZEOF_LONG)
           flags |= FLAGS_LONGLONG;
 #else
           flags |= FLAGS_LONG;
 #endif
           break;
         case 'O':
-#if SIZEOF_CURL_OFF_T > 4
+#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG)
           flags |= FLAGS_LONGLONG;
 #else
           flags |= FLAGS_LONG;
 #endif
           break;
         case '0':
-          if (!(flags & FLAGS_LEFT))
+          if(!(flags & FLAGS_LEFT))
             flags |= FLAGS_PAD_NIL;
           /* FALLTHROUGH */
         case '1': case '2': case '3': case '4':
@@ -462,11 +420,11 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
         break;
       case 'x':
         vto[i].type = FORMAT_INT;
-        flags |= FLAGS_HEX;
+        flags |= FLAGS_HEX|FLAGS_UNSIGNED;
         break;
       case 'X':
         vto[i].type = FORMAT_INT;
-        flags |= FLAGS_HEX|FLAGS_UPPER;
+        flags |= FLAGS_HEX|FLAGS_UPPER|FLAGS_UNSIGNED;
         break;
       case 'c':
         vto[i].type = FORMAT_INT;
@@ -500,7 +458,7 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
       vto[i].width = width;
       vto[i].precision = precision;
 
-      if (flags & FLAGS_WIDTHPARAM) {
+      if(flags & FLAGS_WIDTHPARAM) {
         /* we have the width specified from a parameter, so we make that
            parameter's info setup properly */
         vto[i].width = width - 1;
@@ -510,7 +468,7 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
         vto[i].precision = vto[i].width = 0; /* can't use width or precision
                                                 of width! */
       }
-      if (flags & FLAGS_PRECPARAM) {
+      if(flags & FLAGS_PRECPARAM) {
         /* we have the precision specified from a parameter, so we make that
            parameter's info setup properly */
         vto[i].precision = precision - 1;
@@ -524,58 +482,66 @@ static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
     }
   }
 
-#ifdef DPRINTF_DEBUG2
-  dprintf_Pass1Report(vto, max_param);
-#endif
-
   /* Read the arg list parameters into our data list */
-  for (i=0; i<max_param; i++) {
-    if ((i + 1 < max_param) && (vto[i + 1].type == FORMAT_WIDTH))
-      {
-        /* Width/precision arguments must be read before the main argument
-         * they are attached to
-         */
-        vto[i + 1].data.num = va_arg(arglist, int);
-      }
+  for(i=0; i<max_param; i++) {
+    if((i + 1 < max_param) && (vto[i + 1].type == FORMAT_WIDTH)) {
+      /* Width/precision arguments must be read before the main argument
+       * they are attached to
+       */
+      vto[i + 1].data.num.as_signed = (mp_intmax_t)va_arg(arglist, int);
+    }
 
-    switch (vto[i].type)
-      {
-      case FORMAT_STRING:
-        vto[i].data.str = va_arg(arglist, char *);
-        break;
+    switch (vto[i].type) {
+    case FORMAT_STRING:
+      vto[i].data.str = va_arg(arglist, char *);
+      break;
 
-      case FORMAT_INTPTR:
-      case FORMAT_UNKNOWN:
-      case FORMAT_PTR:
-        vto[i].data.ptr = va_arg(arglist, void *);
-        break;
+    case FORMAT_INTPTR:
+    case FORMAT_UNKNOWN:
+    case FORMAT_PTR:
+      vto[i].data.ptr = va_arg(arglist, void *);
+      break;
 
-      case FORMAT_INT:
-#ifdef ENABLE_64BIT
-        if(vto[i].flags & FLAGS_LONGLONG)
-          vto[i].data.lnum = va_arg(arglist, LONG_LONG);
-        else
+    case FORMAT_INT:
+#ifdef HAVE_LONG_LONG_TYPE
+      if((vto[i].flags & FLAGS_LONGLONG) && (vto[i].flags & FLAGS_UNSIGNED))
+        vto[i].data.num.as_unsigned =
+          (mp_uintmax_t)va_arg(arglist, mp_uintmax_t);
+      else if(vto[i].flags & FLAGS_LONGLONG)
+        vto[i].data.num.as_signed =
+          (mp_intmax_t)va_arg(arglist, mp_intmax_t);
+      else
 #endif
-          if(vto[i].flags & FLAGS_LONG)
-            vto[i].data.num = va_arg(arglist, long);
+      {
+        if((vto[i].flags & FLAGS_LONG) && (vto[i].flags & FLAGS_UNSIGNED))
+          vto[i].data.num.as_unsigned =
+            (mp_uintmax_t)va_arg(arglist, unsigned long);
+        else if(vto[i].flags & FLAGS_LONG)
+          vto[i].data.num.as_signed =
+            (mp_intmax_t)va_arg(arglist, long);
+        else if(vto[i].flags & FLAGS_UNSIGNED)
+          vto[i].data.num.as_unsigned =
+            (mp_uintmax_t)va_arg(arglist, unsigned int);
         else
-          vto[i].data.num = va_arg(arglist, int);
-        break;
+          vto[i].data.num.as_signed =
+            (mp_intmax_t)va_arg(arglist, int);
+      }
+      break;
 
-      case FORMAT_DOUBLE:
-        vto[i].data.dnum = va_arg(arglist, double);
-        break;
+    case FORMAT_DOUBLE:
+      vto[i].data.dnum = va_arg(arglist, double);
+      break;
 
-      case FORMAT_WIDTH:
-        /* Argument has been read. Silently convert it into an integer
-         * for later use
-         */
-        vto[i].type = FORMAT_INT;
-        break;
+    case FORMAT_WIDTH:
+      /* Argument has been read. Silently convert it into an integer
+       * for later use
+       */
+      vto[i].type = FORMAT_INT;
+      break;
 
-      default:
-        break;
-      }
+    default:
+      break;
+    }
   }
 
   return max_param;
@@ -611,15 +577,15 @@ static int dprintf_formatf(
   va_stack_t *p;
 
   /* Do the actual %-code parsing */
-  dprintf_Pass1((char *)format, vto, endpos, ap_save);
+  dprintf_Pass1(format, vto, endpos, ap_save);
 
   end = &endpos[0]; /* the initial end-position from the list dprintf_Pass1()
                        created for us */
 
   f = (char *)format;
-  while (*f != '\0') {
+  while(*f != '\0') {
     /* Format spec modifiers.  */
-    char alt;
+    int is_alt;
 
     /* Width of a field.  */
     long width;
@@ -628,20 +594,18 @@ static int dprintf_formatf(
     long prec;
 
     /* Decimal integer is negative.  */
-    char is_neg;
+    int is_neg;
 
     /* Base of a number to be written.  */
     long base;
 
     /* Integral values to be written.  */
-#ifdef ENABLE_64BIT
-    unsigned LONG_LONG num;
-#else
-    unsigned long num;
-#endif
-    long signed_num;
+    mp_uintmax_t num;
+
+    /* Used to convert negative in positive.  */
+    mp_intmax_t signed_num;
 
-    if (*f != '%') {
+    if(*f != '%') {
       /* This isn't a format spec, so write everything out until the next one
          OR end of string is reached.  */
       do {
@@ -656,13 +620,13 @@ static int dprintf_formatf(
        '%' as a conversion specifier, it says "The complete format
        specification shall be `%%'," so we can avoid all the width
        and precision processing.  */
-    if (*f == '%') {
+    if(*f == '%') {
       ++f;
       OUTCHAR('%');
       continue;
     }
 
-    /* If this is a positional parameter, the position must follow imediately
+    /* If this is a positional parameter, the position must follow immediately
        after the %, thus create a %<num>$ sequence */
     param=dprintf_DollarString(f, &f);
 
@@ -678,68 +642,67 @@ static int dprintf_formatf(
 
     /* pick up the specified width */
     if(p->flags & FLAGS_WIDTHPARAM)
-      width = vto[p->width].data.num;
+      width = (long)vto[p->width].data.num.as_signed;
     else
       width = p->width;
 
     /* pick up the specified precision */
-    if(p->flags & FLAGS_PRECPARAM)
-      prec = vto[p->precision].data.num;
+    if(p->flags & FLAGS_PRECPARAM) {
+      prec = (long)vto[p->precision].data.num.as_signed;
+      param_num++; /* since the precision is extraced from a parameter, we
+                      must skip that to get to the next one properly */
+    }
     else if(p->flags & FLAGS_PREC)
       prec = p->precision;
     else
       prec = -1;
 
-    alt = (p->flags & FLAGS_ALT)?TRUE:FALSE;
+    is_alt = (p->flags & FLAGS_ALT) ? 1 : 0;
 
     switch (p->type) {
     case FORMAT_INT:
-      num = p->data.num;
+      num = p->data.num.as_unsigned;
       if(p->flags & FLAGS_CHAR) {
         /* Character.  */
-        if (!(p->flags & FLAGS_LEFT))
-          while (--width > 0)
+        if(!(p->flags & FLAGS_LEFT))
+          while(--width > 0)
             OUTCHAR(' ');
         OUTCHAR((char) num);
-        if (p->flags & FLAGS_LEFT)
-          while (--width > 0)
+        if(p->flags & FLAGS_LEFT)
+          while(--width > 0)
             OUTCHAR(' ');
         break;
       }
-      if(p->flags & FLAGS_UNSIGNED) {
-        /* Decimal unsigned integer.  */
-        base = 10;
-        goto unsigned_number;
-      }
       if(p->flags & FLAGS_OCTAL) {
         /* Octal unsigned integer.  */
         base = 8;
         goto unsigned_number;
       }
-      if(p->flags & FLAGS_HEX) {
+      else if(p->flags & FLAGS_HEX) {
         /* Hexadecimal unsigned integer.  */
 
         digits = (p->flags & FLAGS_UPPER)? upper_digits : lower_digits;
         base = 16;
         goto unsigned_number;
       }
+      else if(p->flags & FLAGS_UNSIGNED) {
+        /* Decimal unsigned integer.  */
+        base = 10;
+        goto unsigned_number;
+      }
 
       /* Decimal integer.  */
       base = 10;
 
-#ifdef ENABLE_64BIT
-      if(p->flags & FLAGS_LONGLONG) {
-        /* long long */
-        is_neg = p->data.lnum < 0;
-        num = is_neg ? (- p->data.lnum) : p->data.lnum;
-      }
-      else
-#endif
-      {
-        signed_num = (long) num;
-        is_neg = signed_num < 0;
-        num = is_neg ? (- signed_num) : signed_num;
+      is_neg = (p->data.num.as_signed < (mp_intmax_t)0) ? 1 : 0;
+      if(is_neg) {
+        /* signed_num might fail to hold absolute negative minimum by 1 */
+        signed_num = p->data.num.as_signed + (mp_intmax_t)1;
+        signed_num = -signed_num;
+        num = (mp_uintmax_t)signed_num;
+        num += (mp_uintmax_t)1;
       }
+
       goto number;
 
       unsigned_number:
@@ -753,47 +716,47 @@ static int dprintf_formatf(
         char *w;
 
         /* Supply a default precision if none was given.  */
-        if (prec == -1)
+        if(prec == -1)
           prec = 1;
 
         /* Put the number in WORK.  */
         w = workend;
-        while (num > 0) {
+        while(num > 0) {
           *w-- = digits[num % base];
           num /= base;
         }
         width -= (long)(workend - w);
         prec -= (long)(workend - w);
 
-        if (alt && base == 8 && prec <= 0) {
+        if(is_alt && base == 8 && prec <= 0) {
           *w-- = '0';
           --width;
         }
 
-        if (prec > 0) {
+        if(prec > 0) {
           width -= prec;
-          while (prec-- > 0)
+          while(prec-- > 0)
             *w-- = '0';
         }
 
-        if (alt && base == 16)
+        if(is_alt && base == 16)
           width -= 2;
 
-        if (is_neg || (p->flags & FLAGS_SHOWSIGN) || (p->flags & FLAGS_SPACE))
+        if(is_neg || (p->flags & FLAGS_SHOWSIGN) || (p->flags & FLAGS_SPACE))
           --width;
 
-        if (!(p->flags & FLAGS_LEFT) && !(p->flags & FLAGS_PAD_NIL))
-          while (width-- > 0)
+        if(!(p->flags & FLAGS_LEFT) && !(p->flags & FLAGS_PAD_NIL))
+          while(width-- > 0)
             OUTCHAR(' ');
 
-        if (is_neg)
+        if(is_neg)
           OUTCHAR('-');
-        else if (p->flags & FLAGS_SHOWSIGN)
+        else if(p->flags & FLAGS_SHOWSIGN)
           OUTCHAR('+');
-        else if (p->flags & FLAGS_SPACE)
+        else if(p->flags & FLAGS_SPACE)
           OUTCHAR(' ');
 
-        if (alt && base == 16) {
+        if(is_alt && base == 16) {
           OUTCHAR('0');
           if(p->flags & FLAGS_UPPER)
             OUTCHAR('X');
@@ -801,17 +764,17 @@ static int dprintf_formatf(
             OUTCHAR('x');
         }
 
-        if (!(p->flags & FLAGS_LEFT) && (p->flags & FLAGS_PAD_NIL))
-          while (width-- > 0)
+        if(!(p->flags & FLAGS_LEFT) && (p->flags & FLAGS_PAD_NIL))
+          while(width-- > 0)
             OUTCHAR('0');
 
         /* Write the number.  */
-        while (++w <= workend) {
+        while(++w <= workend) {
           OUTCHAR(*w);
         }
 
-        if (p->flags & FLAGS_LEFT)
-          while (width-- > 0)
+        if(p->flags & FLAGS_LEFT)
+          while(width-- > 0)
             OUTCHAR(' ');
       }
       break;
@@ -824,9 +787,9 @@ static int dprintf_formatf(
         size_t len;
 
         str = (char *) p->data.str;
-        if ( str == NULL) {
+        if(str == NULL) {
           /* Write null[] if there's space.  */
-          if (prec == -1 || prec >= (long) sizeof(null) - 1) {
+          if(prec == -1 || prec >= (long) sizeof(null) - 1) {
             str = null;
             len = sizeof(null) - 1;
             /* Disable quotes around (nil) */
@@ -837,27 +800,27 @@ static int dprintf_formatf(
             len = 0;
           }
         }
+        else if(prec != -1)
+          len = (size_t)prec;
         else
           len = strlen(str);
 
-        if (prec != -1 && (size_t) prec < len)
-          len = prec;
         width -= (long)len;
 
-        if (p->flags & FLAGS_ALT)
+        if(p->flags & FLAGS_ALT)
           OUTCHAR('"');
 
-        if (!(p->flags&FLAGS_LEFT))
-          while (width-- > 0)
+        if(!(p->flags&FLAGS_LEFT))
+          while(width-- > 0)
             OUTCHAR(' ');
 
-        while (len-- > 0)
+        while((len-- > 0) && *str)
           OUTCHAR(*str++);
-        if (p->flags&FLAGS_LEFT)
-          while (width-- > 0)
+        if(p->flags&FLAGS_LEFT)
+          while(width-- > 0)
             OUTCHAR(' ');
 
-        if (p->flags & FLAGS_ALT)
+        if(p->flags & FLAGS_ALT)
           OUTCHAR('"');
       }
       break;
@@ -867,11 +830,11 @@ static int dprintf_formatf(
       {
         void *ptr;
         ptr = (void *) p->data.ptr;
-        if (ptr != NULL) {
+        if(ptr != NULL) {
           /* If the pointer is not NULL, write it as a %#x spec.  */
           base = 16;
           digits = (p->flags & FLAGS_UPPER)? upper_digits : lower_digits;
-          alt = 1;
+          is_alt = 1;
           num = (size_t) ptr;
           is_neg = 0;
           goto number;
@@ -881,14 +844,14 @@ static int dprintf_formatf(
           static const char strnil[] = "(nil)";
           const char *point;
 
-          width -= sizeof(strnil) - 1;
-          if (p->flags & FLAGS_LEFT)
-            while (width-- > 0)
+          width -= (long)(sizeof(strnil) - 1);
+          if(p->flags & FLAGS_LEFT)
+            while(width-- > 0)
               OUTCHAR(' ');
-          for (point = strnil; *point != '\0'; ++point)
+          for(point = strnil; *point != '\0'; ++point)
             OUTCHAR(*point);
-          if (! (p->flags & FLAGS_LEFT))
-            while (width-- > 0)
+          if(! (p->flags & FLAGS_LEFT))
+            while(width-- > 0)
               OUTCHAR(' ');
         }
       }
@@ -897,32 +860,32 @@ static int dprintf_formatf(
     case FORMAT_DOUBLE:
       {
         char formatbuf[32]="%";
-        char *fptr;
+        char *fptr = &formatbuf[1];
         size_t left = sizeof(formatbuf)-strlen(formatbuf);
         int len;
 
         width = -1;
-        if (p->flags & FLAGS_WIDTH)
+        if(p->flags & FLAGS_WIDTH)
           width = p->width;
-        else if (p->flags & FLAGS_WIDTHPARAM)
-          width = vto[p->width].data.num;
+        else if(p->flags & FLAGS_WIDTHPARAM)
+          width = (long)vto[p->width].data.num.as_signed;
 
         prec = -1;
-        if (p->flags & FLAGS_PREC)
+        if(p->flags & FLAGS_PREC)
           prec = p->precision;
-        else if (p->flags & FLAGS_PRECPARAM)
-          prec = vto[p->precision].data.num;
+        else if(p->flags & FLAGS_PRECPARAM)
+          prec = (long)vto[p->precision].data.num.as_signed;
 
-        if (p->flags & FLAGS_LEFT)
-          strcat(formatbuf, "-");
-        if (p->flags & FLAGS_SHOWSIGN)
-          strcat(formatbuf, "+");
-        if (p->flags & FLAGS_SPACE)
-          strcat(formatbuf, " ");
-        if (p->flags & FLAGS_ALT)
-          strcat(formatbuf, "#");
+        if(p->flags & FLAGS_LEFT)
+          *fptr++ = '-';
+        if(p->flags & FLAGS_SHOWSIGN)
+          *fptr++ = '+';
+        if(p->flags & FLAGS_SPACE)
+          *fptr++ = ' ';
+        if(p->flags & FLAGS_ALT)
+          *fptr++ = '#';
 
-        fptr=&formatbuf[strlen(formatbuf)];
+        *fptr = 0;
 
         if(width >= 0) {
           /* RECURSIVE USAGE */
@@ -934,22 +897,21 @@ static int dprintf_formatf(
           /* RECURSIVE USAGE */
           len = curl_msnprintf(fptr, left, ".%ld", prec);
           fptr += len;
-          left -= len;
         }
-        if (p->flags & FLAGS_LONG)
+        if(p->flags & FLAGS_LONG)
           *fptr++ = 'l';
 
-        if (p->flags & FLAGS_FLOATE)
-          *fptr++ = p->flags&FLAGS_UPPER ? 'E':'e';
-        else if (p->flags & FLAGS_FLOATG)
-          *fptr++ = p->flags & FLAGS_UPPER ? 'G' : 'g';
+        if(p->flags & FLAGS_FLOATE)
+          *fptr++ = (char)((p->flags & FLAGS_UPPER) ? 'E':'e');
+        else if(p->flags & FLAGS_FLOATG)
+          *fptr++ = (char)((p->flags & FLAGS_UPPER) ? 'G' : 'g');
         else
           *fptr++ = 'f';
 
         *fptr = 0; /* and a final zero termination */
 
-        /* NOTE NOTE NOTE!! Not all sprintf() implementations returns number
-           of output characters */
+        /* NOTE NOTE NOTE!! Not all sprintf implementations return number of
+           output characters */
         (sprintf)(work, formatbuf, p->data.dnum);
 
         for(fptr=work; *fptr; fptr++)
@@ -959,14 +921,14 @@ static int dprintf_formatf(
 
     case FORMAT_INTPTR:
       /* Answer the count of characters written.  */
-#ifdef ENABLE_64BIT
-      if (p->flags & FLAGS_LONGLONG)
-        *(LONG_LONG *) p->data.ptr = (LONG_LONG)done;
+#ifdef HAVE_LONG_LONG_TYPE
+      if(p->flags & FLAGS_LONGLONG)
+        *(LONG_LONG_TYPE *) p->data.ptr = (LONG_LONG_TYPE)done;
       else
 #endif
-        if (p->flags & FLAGS_LONG)
+        if(p->flags & FLAGS_LONG)
           *(long *) p->data.ptr = (long)done;
-      else if (!(p->flags & FLAGS_SHORT))
+      else if(!(p->flags & FLAGS_SHORT))
         *(int *) p->data.ptr = (int)done;
       else
         *(short *) p->data.ptr = (short)done;
@@ -1036,9 +998,9 @@ static int alloc_addbyter(int output, FILE *data)
   unsigned char outc = (unsigned char)output;
 
   if(!infop->buffer) {
-    infop->buffer=(char *)malloc(32);
+    infop->buffer = malloc(32);
     if(!infop->buffer) {
-      infop->fail = TRUE;
+      infop->fail = 1;
       return -1; /* fail */
     }
     infop->alloc = 32;
@@ -1047,11 +1009,11 @@ static int alloc_addbyter(int output, FILE *data)
   else if(infop->len+1 >= infop->alloc) {
     char *newptr;
 
-    newptr = (char *)realloc(infop->buffer, infop->alloc*2);
+    newptr = realloc(infop->buffer, infop->alloc*2);
 
     if(!newptr) {
-      infop->fail = TRUE;
-      return -1;
+      infop->fail = 1;
+      return -1; /* fail */
     }
     infop->buffer = newptr;
     infop->alloc *= 2;
@@ -1073,7 +1035,7 @@ char *curl_maprintf(const char *format, ...)
   info.buffer = NULL;
   info.len = 0;
   info.alloc = 0;
-  info.fail = FALSE;
+  info.fail = 0;
 
   va_start(ap_save, format);
   retcode = dprintf_formatf(&info, alloc_addbyter, format, ap_save);
@@ -1099,7 +1061,7 @@ char *curl_mvaprintf(const char *format, va_list ap_save)
   info.buffer = NULL;
   info.len = 0;
   info.alloc = 0;
-  info.fail = FALSE;
+  info.fail = 0;
 
   retcode = dprintf_formatf(&info, alloc_addbyter, format, ap_save);
   if((-1 == retcode) || info.fail) {
@@ -1174,45 +1136,3 @@ int curl_mvfprintf(FILE *whereto, const char *format, va_list ap_save)
 {
   return dprintf_formatf(whereto, fputc, format, ap_save);
 }
-
-#ifdef DPRINTF_DEBUG
-int main()
-{
-  char buffer[129];
-  char *ptr;
-#ifdef ENABLE_64BIT
-  long long one=99;
-  long long two=100;
-  long long test = 0x1000000000LL;
-  curl_mprintf("%lld %lld %lld\n", one, two, test);
-#endif
-
-  curl_mprintf("%3d %5d\n", 10, 1998);
-
-  ptr=curl_maprintf("test this then baby %s%s%s%s%s%s %d %d %d loser baby get a hit in yer face now!", "", "pretty long string pretty long string pretty long string pretty long string pretty long string", "/", "/", "/", "pretty long string", 1998, 1999, 2001);
-
-  puts(ptr);
-
-  memset(ptr, 55, strlen(ptr)+1);
-
-  free(ptr);
-
-#if 1
-  curl_mprintf(buffer, "%s %s %d", "daniel", "stenberg", 19988);
-  puts(buffer);
-
-  curl_mfprintf(stderr, "%s %#08x\n", "dummy", 65);
-
-  printf("%s %#08x\n", "dummy", 65);
-  {
-    double tryout = 3.14156592;
-    curl_mprintf(buffer, "%.2g %G %f %e %E", tryout, tryout, tryout, tryout, tryout);
-    puts(buffer);
-    printf("%.2g %G %f %e %E\n", tryout, tryout, tryout, tryout, tryout);
-  }
-#endif
-
-  return 0;
-}
-
-#endif
diff --git a/Utilities/cmcurl/lib/multi.c b/Utilities/cmcurl/lib/multi.c
new file mode 100644
index 0000000..a1dc2c8
--- /dev/null
+++ b/Utilities/cmcurl/lib/multi.c
@@ -0,0 +1,2835 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+
+#include "urldata.h"
+#include "transfer.h"
+#include "url.h"
+#include "connect.h"
+#include "progress.h"
+#include "easyif.h"
+#include "share.h"
+#include "multiif.h"
+#include "sendf.h"
+#include "timeval.h"
+#include "http.h"
+#include "select.h"
+#include "warnless.h"
+#include "speedcheck.h"
+#include "conncache.h"
+#include "bundles.h"
+#include "multihandle.h"
+#include "pipeline.h"
+#include "sigpipe.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+  CURL_SOCKET_HASH_TABLE_SIZE should be a prime number. Increasing it from 97
+  to 911 takes on a 32-bit machine 4 x 804 = 3211 more bytes.  Still, every
+  CURL handle takes 45-50 K memory, therefore this 3K are not significant.
+*/
+#ifndef CURL_SOCKET_HASH_TABLE_SIZE
+#define CURL_SOCKET_HASH_TABLE_SIZE 911
+#endif
+
+#define CURL_CONNECTION_HASH_SIZE 97
+
+#define CURL_MULTI_HANDLE 0x000bab1e
+
+#define GOOD_MULTI_HANDLE(x) \
+  ((x) && (((struct Curl_multi *)(x))->type == CURL_MULTI_HANDLE))
+#define GOOD_EASY_HANDLE(x) \
+  ((x) && (((struct SessionHandle *)(x))->magic == CURLEASY_MAGIC_NUMBER))
+
+static void singlesocket(struct Curl_multi *multi,
+                         struct SessionHandle *data);
+static int update_timer(struct Curl_multi *multi);
+
+static bool isHandleAtHead(struct SessionHandle *handle,
+                           struct curl_llist *pipeline);
+static CURLMcode add_next_timeout(struct timeval now,
+                                  struct Curl_multi *multi,
+                                  struct SessionHandle *d);
+static CURLMcode multi_timeout(struct Curl_multi *multi,
+                               long *timeout_ms);
+
+#ifdef DEBUGBUILD
+static const char * const statename[]={
+  "INIT",
+  "CONNECT_PEND",
+  "CONNECT",
+  "WAITRESOLVE",
+  "WAITCONNECT",
+  "WAITPROXYCONNECT",
+  "PROTOCONNECT",
+  "WAITDO",
+  "DO",
+  "DOING",
+  "DO_MORE",
+  "DO_DONE",
+  "WAITPERFORM",
+  "PERFORM",
+  "TOOFAST",
+  "DONE",
+  "COMPLETED",
+  "MSGSENT",
+};
+#endif
+
+static void multi_freetimeout(void *a, void *b);
+
+/* always use this function to change state, to make debugging easier */
+static void mstate(struct SessionHandle *data, CURLMstate state
+#ifdef DEBUGBUILD
+                   , int lineno
+#endif
+)
+{
+#ifdef DEBUGBUILD
+  long connection_id = -5000;
+#endif
+  CURLMstate oldstate = data->mstate;
+
+  if(oldstate == state)
+    /* don't bother when the new state is the same as the old state */
+    return;
+
+  data->mstate = state;
+
+#ifdef DEBUGBUILD
+  if(data->mstate >= CURLM_STATE_CONNECT_PEND &&
+     data->mstate < CURLM_STATE_COMPLETED) {
+    if(data->easy_conn)
+      connection_id = data->easy_conn->connection_id;
+
+    infof(data,
+          "STATE: %s => %s handle %p; line %d (connection #%ld) \n",
+          statename[oldstate], statename[data->mstate],
+          (void *)data, lineno, connection_id);
+  }
+#endif
+  if(state == CURLM_STATE_COMPLETED)
+    /* changing to COMPLETED means there's one less easy handle 'alive' */
+    data->multi->num_alive--;
+}
+
+#ifndef DEBUGBUILD
+#define multistate(x,y) mstate(x,y)
+#else
+#define multistate(x,y) mstate(x,y, __LINE__)
+#endif
+
+/*
+ * We add one of these structs to the sockhash for a particular socket
+ */
+
+struct Curl_sh_entry {
+  struct SessionHandle *easy;
+  time_t timestamp;
+  int action;  /* what action READ/WRITE this socket waits for */
+  curl_socket_t socket; /* mainly to ease debugging */
+  void *socketp; /* settable by users with curl_multi_assign() */
+};
+/* bits for 'action' having no bits means this socket is not expecting any
+   action */
+#define SH_READ  1
+#define SH_WRITE 2
+
+/* make sure this socket is present in the hash for this handle */
+static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh,
+                                         curl_socket_t s,
+                                         struct SessionHandle *data)
+{
+  struct Curl_sh_entry *there =
+    Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t));
+  struct Curl_sh_entry *check;
+
+  if(there)
+    /* it is present, return fine */
+    return there;
+
+  /* not present, add it */
+  check = calloc(1, sizeof(struct Curl_sh_entry));
+  if(!check)
+    return NULL; /* major failure */
+  check->easy = data;
+  check->socket = s;
+
+  /* make/add new hash entry */
+  if(NULL == Curl_hash_add(sh, (char *)&s, sizeof(curl_socket_t), check)) {
+    free(check);
+    return NULL; /* major failure */
+  }
+
+  return check; /* things are good in sockhash land */
+}
+
+
+/* delete the given socket + handle from the hash */
+static void sh_delentry(struct curl_hash *sh, curl_socket_t s)
+{
+  struct Curl_sh_entry *there =
+    Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t));
+
+  if(there) {
+    /* this socket is in the hash */
+    /* We remove the hash entry. (This'll end up in a call to
+       sh_freeentry().) */
+    Curl_hash_delete(sh, (char *)&s, sizeof(curl_socket_t));
+  }
+}
+
+/*
+ * free a sockhash entry
+ */
+static void sh_freeentry(void *freethis)
+{
+  struct Curl_sh_entry *p = (struct Curl_sh_entry *) freethis;
+
+  if(p)
+    free(p);
+}
+
+static size_t fd_key_compare(void *k1, size_t k1_len, void *k2, size_t k2_len)
+{
+  (void) k1_len; (void) k2_len;
+
+  return (*((int *) k1)) == (*((int *) k2));
+}
+
+static size_t hash_fd(void *key, size_t key_length, size_t slots_num)
+{
+  int fd = *((int *) key);
+  (void) key_length;
+
+  return (fd % (int)slots_num);
+}
+
+/*
+ * sh_init() creates a new socket hash and returns the handle for it.
+ *
+ * Quote from README.multi_socket:
+ *
+ * "Some tests at 7000 and 9000 connections showed that the socket hash lookup
+ * is somewhat of a bottle neck. Its current implementation may be a bit too
+ * limiting. It simply has a fixed-size array, and on each entry in the array
+ * it has a linked list with entries. So the hash only checks which list to
+ * scan through. The code I had used so for used a list with merely 7 slots
+ * (as that is what the DNS hash uses) but with 7000 connections that would
+ * make an average of 1000 nodes in each list to run through. I upped that to
+ * 97 slots (I believe a prime is suitable) and noticed a significant speed
+ * increase.  I need to reconsider the hash implementation or use a rather
+ * large default value like this. At 9000 connections I was still below 10us
+ * per call."
+ *
+ */
+static struct curl_hash *sh_init(int hashsize)
+{
+  return Curl_hash_alloc(hashsize, hash_fd, fd_key_compare,
+                         sh_freeentry);
+}
+
+/*
+ * multi_addmsg()
+ *
+ * Called when a transfer is completed. Adds the given msg pointer to
+ * the list kept in the multi handle.
+ */
+static CURLMcode multi_addmsg(struct Curl_multi *multi,
+                              struct Curl_message *msg)
+{
+  if(!Curl_llist_insert_next(multi->msglist, multi->msglist->tail, msg))
+    return CURLM_OUT_OF_MEMORY;
+
+  return CURLM_OK;
+}
+
+/*
+ * multi_freeamsg()
+ *
+ * Callback used by the llist system when a single list entry is destroyed.
+ */
+static void multi_freeamsg(void *a, void *b)
+{
+  (void)a;
+  (void)b;
+}
+
+struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */
+                                     int chashsize) /* connection hash */
+{
+  struct Curl_multi *multi = calloc(1, sizeof(struct Curl_multi));
+
+  if(!multi)
+    return NULL;
+
+  multi->type = CURL_MULTI_HANDLE;
+
+  multi->hostcache = Curl_mk_dnscache();
+  if(!multi->hostcache)
+    goto error;
+
+  multi->sockhash = sh_init(hashsize);
+  if(!multi->sockhash)
+    goto error;
+
+  multi->conn_cache = Curl_conncache_init(chashsize);
+  if(!multi->conn_cache)
+    goto error;
+
+  multi->msglist = Curl_llist_alloc(multi_freeamsg);
+  if(!multi->msglist)
+    goto error;
+
+  multi->pending = Curl_llist_alloc(multi_freeamsg);
+  if(!multi->pending)
+    goto error;
+
+  /* allocate a new easy handle to use when closing cached connections */
+  multi->closure_handle = curl_easy_init();
+  if(!multi->closure_handle)
+    goto error;
+
+  multi->closure_handle->multi = multi;
+  multi->closure_handle->state.conn_cache = multi->conn_cache;
+
+  multi->max_pipeline_length = 5;
+
+  /* -1 means it not set by user, use the default value */
+  multi->maxconnects = -1;
+  return (CURLM *) multi;
+
+  error:
+
+  Curl_hash_destroy(multi->sockhash);
+  multi->sockhash = NULL;
+  Curl_hash_destroy(multi->hostcache);
+  multi->hostcache = NULL;
+  Curl_conncache_destroy(multi->conn_cache);
+  multi->conn_cache = NULL;
+  Curl_close(multi->closure_handle);
+  multi->closure_handle = NULL;
+  Curl_llist_destroy(multi->msglist, NULL);
+  Curl_llist_destroy(multi->pending, NULL);
+
+  free(multi);
+  return NULL;
+}
+
+CURLM *curl_multi_init(void)
+{
+  return Curl_multi_handle(CURL_SOCKET_HASH_TABLE_SIZE,
+                           CURL_CONNECTION_HASH_SIZE);
+}
+
+CURLMcode curl_multi_add_handle(CURLM *multi_handle,
+                                CURL *easy_handle)
+{
+  struct curl_llist *timeoutlist;
+  struct Curl_multi *multi = (struct Curl_multi *)multi_handle;
+  struct SessionHandle *data = (struct SessionHandle *)easy_handle;
+
+  /* First, make some basic checks that the CURLM handle is a good handle */
+  if(!GOOD_MULTI_HANDLE(multi))
+    return CURLM_BAD_HANDLE;
+
+  /* Verify that we got a somewhat good easy handle too */
+  if(!GOOD_EASY_HANDLE(easy_handle))
+    return CURLM_BAD_EASY_HANDLE;
+
+  /* Prevent users from adding same easy handle more than once and prevent
+     adding to more than one multi stack */
+  if(data->multi)
+    return CURLM_ADDED_ALREADY;
+
+  /* Allocate and initialize timeout list for easy handle */
+  timeoutlist = Curl_llist_alloc(multi_freetimeout);
+  if(!timeoutlist)
+    return CURLM_OUT_OF_MEMORY;
+
+  /*
+   * No failure allowed in this function beyond this point. And no
+   * modification of easy nor multi handle allowed before this except for
+   * potential multi's connection cache growing which won't be undone in this
+   * function no matter what.
+   */
+
+  /* Make easy handle use timeout list initialized above */
+  data->state.timeoutlist = timeoutlist;
+  timeoutlist = NULL;
+
+  /* set the easy handle */
+  multistate(data, CURLM_STATE_INIT);
+
+  if((data->set.global_dns_cache) &&
+     (data->dns.hostcachetype != HCACHE_GLOBAL)) {
+    /* global dns cache was requested but still isn't */
+    struct curl_hash *global = Curl_global_host_cache_init();
+    if(global) {
+      /* only do this if the global cache init works */
+      data->dns.hostcache = global;
+      data->dns.hostcachetype = HCACHE_GLOBAL;
+    }
+  }
+  /* for multi interface connections, we share DNS cache automatically if the
+     easy handle's one is currently not set. */
+  else if(!data->dns.hostcache ||
+     (data->dns.hostcachetype == HCACHE_NONE)) {
+    data->dns.hostcache = multi->hostcache;
+    data->dns.hostcachetype = HCACHE_MULTI;
+  }
+
+  /* Point to the multi's connection cache */
+  data->state.conn_cache = multi->conn_cache;
+
+  data->state.infilesize = data->set.filesize;
+
+  /* This adds the new entry at the 'end' of the doubly-linked circular
+     list of SessionHandle structs to try and maintain a FIFO queue so
+     the pipelined requests are in order. */
+
+  /* We add this new entry last in the list. */
+
+  data->next = NULL; /* end of the line */
+  if(multi->easyp) {
+    struct SessionHandle *last = multi->easylp;
+    last->next = data;
+    data->prev = last;
+    multi->easylp = data; /* the new last node */
+  }
+  else {
+    /* first node, make both prev and next be NULL! */
+    data->next = NULL;
+    data->prev = NULL;
+    multi->easylp = multi->easyp = data; /* both first and last */
+  }
+
+  /* make the SessionHandle refer back to this multi handle */
+  data->multi = multi_handle;
+
+  /* Set the timeout for this handle to expire really soon so that it will
+     be taken care of even when this handle is added in the midst of operation
+     when only the curl_multi_socket() API is used. During that flow, only
+     sockets that time-out or have actions will be dealt with. Since this
+     handle has no action yet, we make sure it times out to get things to
+     happen. */
+  Curl_expire(data, 1);
+
+  /* increase the node-counter */
+  multi->num_easy++;
+
+  /* increase the alive-counter */
+  multi->num_alive++;
+
+  /* A somewhat crude work-around for a little glitch in update_timer() that
+     happens if the lastcall time is set to the same time when the handle is
+     removed as when the next handle is added, as then the check in
+     update_timer() that prevents calling the application multiple times with
+     the same timer infor will not trigger and then the new handle's timeout
+     will not be notified to the app.
+
+     The work-around is thus simply to clear the 'lastcall' variable to force
+     update_timer() to always trigger a callback to the app when a new easy
+     handle is added */
+  memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall));
+
+  update_timer(multi);
+  return CURLM_OK;
+}
+
+#if 0
+/* Debug-function, used like this:
+ *
+ * Curl_hash_print(multi->sockhash, debug_print_sock_hash);
+ *
+ * Enable the hash print function first by editing hash.c
+ */
+static void debug_print_sock_hash(void *p)
+{
+  struct Curl_sh_entry *sh = (struct Curl_sh_entry *)p;
+
+  fprintf(stderr, " [easy %p/magic %x/socket %d]",
+          (void *)sh->data, sh->data->magic, (int)sh->socket);
+}
+#endif
+
+CURLMcode curl_multi_remove_handle(CURLM *multi_handle,
+                                   CURL *curl_handle)
+{
+  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
+  struct SessionHandle *easy = curl_handle;
+  struct SessionHandle *data = easy;
+
+  /* First, make some basic checks that the CURLM handle is a good handle */
+  if(!GOOD_MULTI_HANDLE(multi))
+    return CURLM_BAD_HANDLE;
+
+  /* Verify that we got a somewhat good easy handle too */
+  if(!GOOD_EASY_HANDLE(curl_handle))
+    return CURLM_BAD_EASY_HANDLE;
+
+  /* Prevent users from trying to remove same easy handle more than once */
+  if(!data->multi)
+    return CURLM_OK; /* it is already removed so let's say it is fine! */
+
+  if(easy) {
+    bool premature = (data->mstate < CURLM_STATE_COMPLETED) ? TRUE : FALSE;
+    bool easy_owns_conn = (data->easy_conn &&
+                           (data->easy_conn->data == easy)) ?
+                           TRUE : FALSE;
+
+    /* If the 'state' is not INIT or COMPLETED, we might need to do something
+       nice to put the easy_handle in a good known state when this returns. */
+    if(premature)
+      /* this handle is "alive" so we need to count down the total number of
+         alive connections when this is removed */
+      multi->num_alive--;
+
+    if(data->easy_conn &&
+       (data->easy_conn->send_pipe->size +
+        data->easy_conn->recv_pipe->size > 1) &&
+       data->mstate > CURLM_STATE_WAITDO &&
+       data->mstate < CURLM_STATE_COMPLETED) {
+      /* If the handle is in a pipeline and has started sending off its
+         request but not received its response yet, we need to close
+         connection. */
+      connclose(data->easy_conn, "Removed with partial response");
+      /* Set connection owner so that Curl_done() closes it.
+         We can sefely do this here since connection is killed. */
+      data->easy_conn->data = easy;
+    }
+
+    /* The timer must be shut down before data->multi is set to NULL,
+       else the timenode will remain in the splay tree after
+       curl_easy_cleanup is called. */
+    Curl_expire(data, 0);
+
+    /* destroy the timeout list that is held in the easy handle */
+    if(data->state.timeoutlist) {
+      Curl_llist_destroy(data->state.timeoutlist, NULL);
+      data->state.timeoutlist = NULL;
+    }
+
+    if(data->dns.hostcachetype == HCACHE_MULTI) {
+      /* stop using the multi handle's DNS cache */
+      data->dns.hostcache = NULL;
+      data->dns.hostcachetype = HCACHE_NONE;
+    }
+
+    if(data->easy_conn) {
+
+      /* we must call Curl_done() here (if we still "own it") so that we don't
+         leave a half-baked one around */
+      if(easy_owns_conn) {
+
+        /* Curl_done() clears the conn->data field to lose the association
+           between the easy handle and the connection
+
+           Note that this ignores the return code simply because there's
+           nothing really useful to do with it anyway! */
+        (void)Curl_done(&data->easy_conn, data->result, premature);
+      }
+      else
+        /* Clear connection pipelines, if Curl_done above was not called */
+        Curl_getoff_all_pipelines(data, data->easy_conn);
+    }
+
+    Curl_wildcard_dtor(&data->wildcard);
+
+    /* as this was using a shared connection cache we clear the pointer
+       to that since we're not part of that multi handle anymore */
+    data->state.conn_cache = NULL;
+
+    /* change state without using multistate(), only to make singlesocket() do
+       what we want */
+    data->mstate = CURLM_STATE_COMPLETED;
+    singlesocket(multi, easy); /* to let the application know what sockets
+                                  that vanish with this handle */
+
+    /* Remove the association between the connection and the handle */
+    if(data->easy_conn) {
+      data->easy_conn->data = NULL;
+      data->easy_conn = NULL;
+    }
+
+    data->multi = NULL; /* clear the association to this multi handle */
+
+    {
+      /* make sure there's no pending message in the queue sent from this easy
+         handle */
+      struct curl_llist_element *e;
+
+      for(e = multi->msglist->head; e; e = e->next) {
+        struct Curl_message *msg = e->ptr;
+
+        if(msg->extmsg.easy_handle == easy) {
+          Curl_llist_remove(multi->msglist, e, NULL);
+          /* there can only be one from this specific handle */
+          break;
+        }
+      }
+    }
+
+    /* make the previous node point to our next */
+    if(data->prev)
+      data->prev->next = data->next;
+    else
+      multi->easyp = data->next; /* point to first node */
+
+    /* make our next point to our previous node */
+    if(data->next)
+      data->next->prev = data->prev;
+    else
+      multi->easylp = data->prev; /* point to last node */
+
+    /* NOTE NOTE NOTE
+       We do not touch the easy handle here! */
+
+    multi->num_easy--; /* one less to care about now */
+
+    update_timer(multi);
+    return CURLM_OK;
+  }
+  else
+    return CURLM_BAD_EASY_HANDLE; /* twasn't found */
+}
+
+bool Curl_multi_pipeline_enabled(const struct Curl_multi *multi)
+{
+  return (multi && multi->pipelining_enabled) ? TRUE : FALSE;
+}
+
+void Curl_multi_handlePipeBreak(struct SessionHandle *data)
+{
+  data->easy_conn = NULL;
+}
+
+static int waitconnect_getsock(struct connectdata *conn,
+                               curl_socket_t *sock,
+                               int numsocks)
+{
+  int i;
+  int s=0;
+  int rc=0;
+
+  if(!numsocks)
+    return GETSOCK_BLANK;
+
+  for(i=0; i<2; i++) {
+    if(conn->tempsock[i] != CURL_SOCKET_BAD) {
+      sock[s] = conn->tempsock[i];
+      rc |= GETSOCK_WRITESOCK(s++);
+    }
+  }
+
+  /* when we've sent a CONNECT to a proxy, we should rather wait for the
+     socket to become readable to be able to get the response headers */
+  if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT) {
+    sock[0] = conn->sock[FIRSTSOCKET];
+    rc = GETSOCK_READSOCK(0);
+  }
+
+  return rc;
+}
+
+static int domore_getsock(struct connectdata *conn,
+                          curl_socket_t *socks,
+                          int numsocks)
+{
+  if(conn && conn->handler->domore_getsock)
+    return conn->handler->domore_getsock(conn, socks, numsocks);
+  return GETSOCK_BLANK;
+}
+
+/* returns bitmapped flags for this handle and its sockets */
+static int multi_getsock(struct SessionHandle *data,
+                         curl_socket_t *socks, /* points to numsocks number
+                                                  of sockets */
+                         int numsocks)
+{
+  /* If the pipe broke, or if there's no connection left for this easy handle,
+     then we MUST bail out now with no bitmask set. The no connection case can
+     happen when this is called from curl_multi_remove_handle() =>
+     singlesocket() => multi_getsock().
+  */
+  if(data->state.pipe_broke || !data->easy_conn)
+    return 0;
+
+  if(data->mstate > CURLM_STATE_CONNECT &&
+     data->mstate < CURLM_STATE_COMPLETED) {
+    /* Set up ownership correctly */
+    data->easy_conn->data = data;
+  }
+
+  switch(data->mstate) {
+  default:
+#if 0 /* switch back on these cases to get the compiler to check for all enums
+         to be present */
+  case CURLM_STATE_TOOFAST:  /* returns 0, so will not select. */
+  case CURLM_STATE_COMPLETED:
+  case CURLM_STATE_MSGSENT:
+  case CURLM_STATE_INIT:
+  case CURLM_STATE_CONNECT:
+  case CURLM_STATE_WAITDO:
+  case CURLM_STATE_DONE:
+  case CURLM_STATE_LAST:
+    /* this will get called with CURLM_STATE_COMPLETED when a handle is
+       removed */
+#endif
+    return 0;
+
+  case CURLM_STATE_WAITRESOLVE:
+    return Curl_resolver_getsock(data->easy_conn, socks, numsocks);
+
+  case CURLM_STATE_PROTOCONNECT:
+    return Curl_protocol_getsock(data->easy_conn, socks, numsocks);
+
+  case CURLM_STATE_DO:
+  case CURLM_STATE_DOING:
+    return Curl_doing_getsock(data->easy_conn, socks, numsocks);
+
+  case CURLM_STATE_WAITPROXYCONNECT:
+  case CURLM_STATE_WAITCONNECT:
+    return waitconnect_getsock(data->easy_conn, socks, numsocks);
+
+  case CURLM_STATE_DO_MORE:
+    return domore_getsock(data->easy_conn, socks, numsocks);
+
+  case CURLM_STATE_DO_DONE: /* since is set after DO is completed, we switch
+                               to waiting for the same as the *PERFORM
+                               states */
+  case CURLM_STATE_PERFORM:
+  case CURLM_STATE_WAITPERFORM:
+    return Curl_single_getsock(data->easy_conn, socks, numsocks);
+  }
+
+}
+
+CURLMcode curl_multi_fdset(CURLM *multi_handle,
+                           fd_set *read_fd_set, fd_set *write_fd_set,
+                           fd_set *exc_fd_set, int *max_fd)
+{
+  /* Scan through all the easy handles to get the file descriptors set.
+     Some easy handles may not have connected to the remote host yet,
+     and then we must make sure that is done. */
+  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
+  struct SessionHandle *data;
+  int this_max_fd=-1;
+  curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE];
+  int bitmap;
+  int i;
+  (void)exc_fd_set; /* not used */
+
+  if(!GOOD_MULTI_HANDLE(multi))
+    return CURLM_BAD_HANDLE;
+
+  data=multi->easyp;
+  while(data) {
+    bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE);
+
+    for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) {
+      curl_socket_t s = CURL_SOCKET_BAD;
+
+      if((bitmap & GETSOCK_READSOCK(i)) && VALID_SOCK((sockbunch[i]))) {
+        FD_SET(sockbunch[i], read_fd_set);
+        s = sockbunch[i];
+      }
+      if((bitmap & GETSOCK_WRITESOCK(i)) && VALID_SOCK((sockbunch[i]))) {
+        FD_SET(sockbunch[i], write_fd_set);
+        s = sockbunch[i];
+      }
+      if(s == CURL_SOCKET_BAD)
+        /* this socket is unused, break out of loop */
+        break;
+      else {
+        if((int)s > this_max_fd)
+          this_max_fd = (int)s;
+      }
+    }
+
+    data = data->next; /* check next handle */
+  }
+
+  *max_fd = this_max_fd;
+
+  return CURLM_OK;
+}
+
+CURLMcode curl_multi_wait(CURLM *multi_handle,
+                          struct curl_waitfd extra_fds[],
+                          unsigned int extra_nfds,
+                          int timeout_ms,
+                          int *ret)
+{
+  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
+  struct SessionHandle *data;
+  curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE];
+  int bitmap;
+  unsigned int i;
+  unsigned int nfds = 0;
+  unsigned int curlfds;
+  struct pollfd *ufds = NULL;
+  long timeout_internal;
+
+  if(!GOOD_MULTI_HANDLE(multi))
+    return CURLM_BAD_HANDLE;
+
+  /* If the internally desired timeout is actually shorter than requested from
+     the outside, then use the shorter time! But only if the internal timer
+     is actually larger than -1! */
+  (void)multi_timeout(multi, &timeout_internal);
+  if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
+    timeout_ms = (int)timeout_internal;
+
+  /* Count up how many fds we have from the multi handle */
+  data=multi->easyp;
+  while(data) {
+    bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE);
+
+    for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) {
+      curl_socket_t s = CURL_SOCKET_BAD;
+
+      if(bitmap & GETSOCK_READSOCK(i)) {
+        ++nfds;
+        s = sockbunch[i];
+      }
+      if(bitmap & GETSOCK_WRITESOCK(i)) {
+        ++nfds;
+        s = sockbunch[i];
+      }
+      if(s == CURL_SOCKET_BAD) {
+        break;
+      }
+    }
+
+    data = data->next; /* check next handle */
+  }
+
+  curlfds = nfds; /* number of internal file descriptors */
+  nfds += extra_nfds; /* add the externally provided ones */
+
+  if(nfds || extra_nfds) {
+    ufds = malloc(nfds * sizeof(struct pollfd));
+    if(!ufds)
+      return CURLM_OUT_OF_MEMORY;
+  }
+  nfds = 0;
+
+  /* only do the second loop if we found descriptors in the first stage run
+     above */
+
+  if(curlfds) {
+    /* Add the curl handles to our pollfds first */
+    data=multi->easyp;
+    while(data) {
+      bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE);
+
+      for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) {
+        curl_socket_t s = CURL_SOCKET_BAD;
+
+        if(bitmap & GETSOCK_READSOCK(i)) {
+          ufds[nfds].fd = sockbunch[i];
+          ufds[nfds].events = POLLIN;
+          ++nfds;
+          s = sockbunch[i];
+        }
+        if(bitmap & GETSOCK_WRITESOCK(i)) {
+          ufds[nfds].fd = sockbunch[i];
+          ufds[nfds].events = POLLOUT;
+          ++nfds;
+          s = sockbunch[i];
+        }
+        if(s == CURL_SOCKET_BAD) {
+          break;
+        }
+      }
+
+      data = data->next; /* check next handle */
+    }
+  }
+
+  /* Add external file descriptions from poll-like struct curl_waitfd */
+  for(i = 0; i < extra_nfds; i++) {
+    ufds[nfds].fd = extra_fds[i].fd;
+    ufds[nfds].events = 0;
+    if(extra_fds[i].events & CURL_WAIT_POLLIN)
+      ufds[nfds].events |= POLLIN;
+    if(extra_fds[i].events & CURL_WAIT_POLLPRI)
+      ufds[nfds].events |= POLLPRI;
+    if(extra_fds[i].events & CURL_WAIT_POLLOUT)
+      ufds[nfds].events |= POLLOUT;
+    ++nfds;
+  }
+
+  if(nfds) {
+    /* wait... */
+    infof(data, "Curl_poll(%d ds, %d ms)\n", nfds, timeout_ms);
+    i = Curl_poll(ufds, nfds, timeout_ms);
+
+    if(i) {
+      unsigned int j;
+      /* copy revents results from the poll to the curl_multi_wait poll
+         struct, the bit values of the actual underlying poll() implementation
+         may not be the same as the ones in the public libcurl API! */
+      for(j = 0; j < extra_nfds; j++) {
+        unsigned short mask = 0;
+        unsigned r = ufds[curlfds + j].revents;
+
+        if(r & POLLIN)
+          mask |= CURL_WAIT_POLLIN;
+        if(r & POLLOUT)
+          mask |= CURL_WAIT_POLLOUT;
+        if(r & POLLPRI)
+          mask |= CURL_WAIT_POLLPRI;
+
+        extra_fds[j].revents = mask;
+      }
+    }
+  }
+  else
+    i = 0;
+
+  Curl_safefree(ufds);
+  if(ret)
+    *ret = i;
+  return CURLM_OK;
+}
+
+static CURLMcode multi_runsingle(struct Curl_multi *multi,
+                                 struct timeval now,
+                                 struct SessionHandle *data)
+{
+  struct Curl_message *msg = NULL;
+  bool connected;
+  bool async;
+  bool protocol_connect = FALSE;
+  bool dophase_done = FALSE;
+  bool done = FALSE;
+  CURLMcode result = CURLM_OK;
+  struct SingleRequest *k;
+  long timeout_ms;
+  int control;
+
+  if(!GOOD_EASY_HANDLE(data))
+    return CURLM_BAD_EASY_HANDLE;
+
+  do {
+    /* this is a single-iteration do-while loop just to allow a
+       break to skip to the end of it */
+    bool disconnect_conn = FALSE;
+
+    /* Handle the case when the pipe breaks, i.e., the connection
+       we're using gets cleaned up and we're left with nothing. */
+    if(data->state.pipe_broke) {
+      infof(data, "Pipe broke: handle 0x%p, url = %s\n",
+            (void *)data, data->state.path);
+
+      if(data->mstate < CURLM_STATE_COMPLETED) {
+        /* Head back to the CONNECT state */
+        multistate(data, CURLM_STATE_CONNECT);
+        result = CURLM_CALL_MULTI_PERFORM;
+        data->result = CURLE_OK;
+      }
+
+      data->state.pipe_broke = FALSE;
+      data->easy_conn = NULL;
+      break;
+    }
+
+    if(!data->easy_conn &&
+       data->mstate > CURLM_STATE_CONNECT &&
+       data->mstate < CURLM_STATE_DONE) {
+      /* In all these states, the code will blindly access 'data->easy_conn'
+         so this is precaution that it isn't NULL. And it silences static
+         analyzers. */
+      failf(data, "In state %d with no easy_conn, bail out!\n", data->mstate);
+      return CURLM_INTERNAL_ERROR;
+    }
+
+    if(data->easy_conn && data->mstate > CURLM_STATE_CONNECT &&
+       data->mstate < CURLM_STATE_COMPLETED)
+      /* Make sure we set the connection's current owner */
+      data->easy_conn->data = data;
+
+    if(data->easy_conn &&
+       (data->mstate >= CURLM_STATE_CONNECT) &&
+       (data->mstate < CURLM_STATE_COMPLETED)) {
+      /* we need to wait for the connect state as only then is the start time
+         stored, but we must not check already completed handles */
+
+      timeout_ms = Curl_timeleft(data, &now,
+                                 (data->mstate <= CURLM_STATE_WAITDO)?
+                                 TRUE:FALSE);
+
+      if(timeout_ms < 0) {
+        /* Handle timed out */
+        if(data->mstate == CURLM_STATE_WAITRESOLVE)
+          failf(data, "Resolving timed out after %ld milliseconds",
+                Curl_tvdiff(now, data->progress.t_startsingle));
+        else if(data->mstate == CURLM_STATE_WAITCONNECT)
+          failf(data, "Connection timed out after %ld milliseconds",
+                Curl_tvdiff(now, data->progress.t_startsingle));
+        else {
+          k = &data->req;
+          if(k->size != -1) {
+            failf(data, "Operation timed out after %ld milliseconds with %"
+                  CURL_FORMAT_CURL_OFF_T " out of %"
+                  CURL_FORMAT_CURL_OFF_T " bytes received",
+                  Curl_tvdiff(k->now, data->progress.t_startsingle),
+                  k->bytecount, k->size);
+          }
+          else {
+            failf(data, "Operation timed out after %ld milliseconds with %"
+                  CURL_FORMAT_CURL_OFF_T " bytes received",
+                  Curl_tvdiff(now, data->progress.t_startsingle),
+                  k->bytecount);
+          }
+        }
+
+        /* Force the connection closed because the server could continue to
+           send us stuff at any time. (The disconnect_conn logic used below
+           doesn't work at this point). */
+        connclose(data->easy_conn, "Disconnected with pending data");
+        data->result = CURLE_OPERATION_TIMEDOUT;
+        multistate(data, CURLM_STATE_COMPLETED);
+        break;
+      }
+    }
+
+    switch(data->mstate) {
+    case CURLM_STATE_INIT:
+      /* init this transfer. */
+      data->result=Curl_pretransfer(data);
+
+      if(CURLE_OK == data->result) {
+        /* after init, go CONNECT */
+        multistate(data, CURLM_STATE_CONNECT);
+        Curl_pgrsTime(data, TIMER_STARTOP);
+        result = CURLM_CALL_MULTI_PERFORM;
+      }
+      break;
+
+    case CURLM_STATE_CONNECT_PEND:
+      /* We will stay here until there is a connection available. Then
+         we try again in the CURLM_STATE_CONNECT state. */
+      break;
+
+    case CURLM_STATE_CONNECT:
+      /* Connect. We want to get a connection identifier filled in. */
+      Curl_pgrsTime(data, TIMER_STARTSINGLE);
+      data->result = Curl_connect(data, &data->easy_conn,
+                                  &async, &protocol_connect);
+      if(CURLE_NO_CONNECTION_AVAILABLE == data->result) {
+        /* There was no connection available. We will go to the pending
+           state and wait for an available connection. */
+        multistate(data, CURLM_STATE_CONNECT_PEND);
+
+        /* add this handle to the list of connect-pending handles */
+        if(!Curl_llist_insert_next(multi->pending, multi->pending->tail, data))
+          data->result = CURLE_OUT_OF_MEMORY;
+        else
+          data->result = CURLE_OK;
+        break;
+      }
+
+      if(CURLE_OK == data->result) {
+        /* Add this handle to the send or pend pipeline */
+        data->result = Curl_add_handle_to_pipeline(data, data->easy_conn);
+        if(CURLE_OK != data->result)
+          disconnect_conn = TRUE;
+        else {
+          if(async)
+            /* We're now waiting for an asynchronous name lookup */
+            multistate(data, CURLM_STATE_WAITRESOLVE);
+          else {
+            /* after the connect has been sent off, go WAITCONNECT unless the
+               protocol connect is already done and we can go directly to
+               WAITDO or DO! */
+            result = CURLM_CALL_MULTI_PERFORM;
+
+            if(protocol_connect)
+              multistate(data, multi->pipelining_enabled?
+                         CURLM_STATE_WAITDO:CURLM_STATE_DO);
+            else {
+#ifndef CURL_DISABLE_HTTP
+              if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
+                multistate(data, CURLM_STATE_WAITPROXYCONNECT);
+              else
+#endif
+                multistate(data, CURLM_STATE_WAITCONNECT);
+            }
+          }
+        }
+      }
+      break;
+
+    case CURLM_STATE_WAITRESOLVE:
+      /* awaiting an asynch name resolve to complete */
+    {
+      struct Curl_dns_entry *dns = NULL;
+      struct connectdata *conn = data->easy_conn;
+      int stale;
+
+      /* check if we have the name resolved by now */
+      if(data->share)
+        Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
+
+      dns = Curl_fetch_addr(conn, conn->host.name, (int)conn->port, &stale);
+
+      if(dns) {
+        dns->inuse++; /* we use it! */
+#ifdef CURLRES_ASYNCH
+        conn->async.dns = dns;
+        conn->async.done = TRUE;
+#endif
+        data->result = CURLRESOLV_RESOLVED;
+        infof(data, "Hostname was found in DNS cache\n");
+      }
+      if(stale)
+        infof(data, "Hostname in DNS cache was stale, zapped\n");
+
+      if(data->share)
+        Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+
+      if(!dns)
+        data->result = Curl_resolver_is_resolved(data->easy_conn, &dns);
+
+      /* Update sockets here, because the socket(s) may have been
+         closed and the application thus needs to be told, even if it
+         is likely that the same socket(s) will again be used further
+         down.  If the name has not yet been resolved, it is likely
+         that new sockets have been opened in an attempt to contact
+         another resolver. */
+      singlesocket(multi, data);
+
+      if(dns) {
+        /* Perform the next step in the connection phase, and then move on
+           to the WAITCONNECT state */
+        data->result = Curl_async_resolved(data->easy_conn,
+                                           &protocol_connect);
+
+        if(CURLE_OK != data->result)
+          /* if Curl_async_resolved() returns failure, the connection struct
+             is already freed and gone */
+          data->easy_conn = NULL;           /* no more connection */
+        else {
+          /* call again please so that we get the next socket setup */
+          result = CURLM_CALL_MULTI_PERFORM;
+          if(protocol_connect)
+            multistate(data, multi->pipelining_enabled?
+                       CURLM_STATE_WAITDO:CURLM_STATE_DO);
+          else {
+#ifndef CURL_DISABLE_HTTP
+            if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
+              multistate(data, CURLM_STATE_WAITPROXYCONNECT);
+            else
+#endif
+              multistate(data, CURLM_STATE_WAITCONNECT);
+          }
+        }
+      }
+
+      if(CURLE_OK != data->result) {
+        /* failure detected */
+        disconnect_conn = TRUE;
+        break;
+      }
+    }
+    break;
+
+#ifndef CURL_DISABLE_HTTP
+    case CURLM_STATE_WAITPROXYCONNECT:
+      /* this is HTTP-specific, but sending CONNECT to a proxy is HTTP... */
+      data->result = Curl_http_connect(data->easy_conn, &protocol_connect);
+
+      if(data->easy_conn->bits.proxy_connect_closed) {
+        /* connect back to proxy again */
+        data->result = CURLE_OK;
+        result = CURLM_CALL_MULTI_PERFORM;
+        multistate(data, CURLM_STATE_CONNECT);
+      }
+      else if(CURLE_OK == data->result) {
+        if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_COMPLETE)
+          multistate(data, CURLM_STATE_WAITCONNECT);
+      }
+      break;
+#endif
+
+    case CURLM_STATE_WAITCONNECT:
+      /* awaiting a completion of an asynch connect */
+      data->result = Curl_is_connected(data->easy_conn,
+                                       FIRSTSOCKET,
+                                       &connected);
+      if(connected) {
+
+        if(!data->result)
+          /* if everything is still fine we do the protocol-specific connect
+             setup */
+          data->result = Curl_protocol_connect(data->easy_conn,
+                                               &protocol_connect);
+      }
+
+      if(data->easy_conn->bits.proxy_connect_closed) {
+        /* connect back to proxy again since it was closed in a proxy CONNECT
+           setup */
+        data->result = CURLE_OK;
+        result = CURLM_CALL_MULTI_PERFORM;
+        multistate(data, CURLM_STATE_CONNECT);
+        break;
+      }
+      else if(CURLE_OK != data->result) {
+        /* failure detected */
+        /* Just break, the cleaning up is handled all in one place */
+        disconnect_conn = TRUE;
+        break;
+      }
+
+      if(connected) {
+        if(!protocol_connect) {
+          /* We have a TCP connection, but 'protocol_connect' may be false
+             and then we continue to 'STATE_PROTOCONNECT'. If protocol
+             connect is TRUE, we move on to STATE_DO.
+             BUT if we are using a proxy we must change to WAITPROXYCONNECT
+          */
+#ifndef CURL_DISABLE_HTTP
+          if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
+            multistate(data, CURLM_STATE_WAITPROXYCONNECT);
+          else
+#endif
+            multistate(data, CURLM_STATE_PROTOCONNECT);
+
+        }
+        else
+          /* after the connect has completed, go WAITDO or DO */
+          multistate(data, multi->pipelining_enabled?
+                     CURLM_STATE_WAITDO:CURLM_STATE_DO);
+
+        result = CURLM_CALL_MULTI_PERFORM;
+      }
+      break;
+
+    case CURLM_STATE_PROTOCONNECT:
+      /* protocol-specific connect phase */
+      data->result = Curl_protocol_connecting(data->easy_conn,
+                                              &protocol_connect);
+      if((data->result == CURLE_OK) && protocol_connect) {
+        /* after the connect has completed, go WAITDO or DO */
+        multistate(data, multi->pipelining_enabled?
+                   CURLM_STATE_WAITDO:CURLM_STATE_DO);
+        result = CURLM_CALL_MULTI_PERFORM;
+      }
+      else if(data->result) {
+        /* failure detected */
+        Curl_posttransfer(data);
+        Curl_done(&data->easy_conn, data->result, TRUE);
+        disconnect_conn = TRUE;
+      }
+      break;
+
+    case CURLM_STATE_WAITDO:
+      /* Wait for our turn to DO when we're pipelining requests */
+#ifdef DEBUGBUILD
+      infof(data, "WAITDO: Conn %ld send pipe %zu inuse %s athead %s\n",
+            data->easy_conn->connection_id,
+            data->easy_conn->send_pipe->size,
+            data->easy_conn->writechannel_inuse?"TRUE":"FALSE",
+            isHandleAtHead(data,
+                           data->easy_conn->send_pipe)?"TRUE":"FALSE");
+#endif
+      if(!data->easy_conn->writechannel_inuse &&
+         isHandleAtHead(data,
+                        data->easy_conn->send_pipe)) {
+        /* Grab the channel */
+        data->easy_conn->writechannel_inuse = TRUE;
+        multistate(data, CURLM_STATE_DO);
+        result = CURLM_CALL_MULTI_PERFORM;
+      }
+      break;
+
+    case CURLM_STATE_DO:
+      if(data->set.connect_only) {
+        /* keep connection open for application to use the socket */
+        connkeep(data->easy_conn, "CONNECT_ONLY");
+        multistate(data, CURLM_STATE_DONE);
+        data->result = CURLE_OK;
+        result = CURLM_CALL_MULTI_PERFORM;
+      }
+      else {
+        /* Perform the protocol's DO action */
+        data->result = Curl_do(&data->easy_conn, &dophase_done);
+
+        /* When Curl_do() returns failure, data->easy_conn might be NULL! */
+
+        if(CURLE_OK == data->result) {
+          if(!dophase_done) {
+            /* some steps needed for wildcard matching */
+            if(data->set.wildcardmatch) {
+              struct WildcardData *wc = &data->wildcard;
+              if(wc->state == CURLWC_DONE || wc->state == CURLWC_SKIP) {
+                /* skip some states if it is important */
+                Curl_done(&data->easy_conn, CURLE_OK, FALSE);
+                multistate(data, CURLM_STATE_DONE);
+                result = CURLM_CALL_MULTI_PERFORM;
+                break;
+              }
+            }
+            /* DO was not completed in one function call, we must continue
+               DOING... */
+            multistate(data, CURLM_STATE_DOING);
+            result = CURLM_OK;
+          }
+
+          /* after DO, go DO_DONE... or DO_MORE */
+          else if(data->easy_conn->bits.do_more) {
+            /* we're supposed to do more, but we need to sit down, relax
+               and wait a little while first */
+            multistate(data, CURLM_STATE_DO_MORE);
+            result = CURLM_OK;
+          }
+          else {
+            /* we're done with the DO, now DO_DONE */
+            multistate(data, CURLM_STATE_DO_DONE);
+            result = CURLM_CALL_MULTI_PERFORM;
+          }
+        }
+        else if((CURLE_SEND_ERROR == data->result) &&
+                data->easy_conn->bits.reuse) {
+          /*
+           * In this situation, a connection that we were trying to use
+           * may have unexpectedly died.  If possible, send the connection
+           * back to the CONNECT phase so we can try again.
+           */
+          char *newurl = NULL;
+          followtype follow=FOLLOW_NONE;
+          CURLcode drc;
+          bool retry = FALSE;
+
+          drc = Curl_retry_request(data->easy_conn, &newurl);
+          if(drc) {
+            /* a failure here pretty much implies an out of memory */
+            data->result = drc;
+            disconnect_conn = TRUE;
+          }
+          else
+            retry = (newurl)?TRUE:FALSE;
+
+          Curl_posttransfer(data);
+          drc = Curl_done(&data->easy_conn, data->result, FALSE);
+
+          /* When set to retry the connection, we must to go back to
+           * the CONNECT state */
+          if(retry) {
+            if((drc == CURLE_OK) || (drc == CURLE_SEND_ERROR)) {
+              follow = FOLLOW_RETRY;
+              drc = Curl_follow(data, newurl, follow);
+              if(drc == CURLE_OK) {
+                multistate(data, CURLM_STATE_CONNECT);
+                result = CURLM_CALL_MULTI_PERFORM;
+                data->result = CURLE_OK;
+              }
+              else {
+                /* Follow failed */
+                data->result = drc;
+                free(newurl);
+              }
+            }
+            else {
+              /* done didn't return OK or SEND_ERROR */
+              data->result = drc;
+              free(newurl);
+            }
+          }
+          else {
+            /* Have error handler disconnect conn if we can't retry */
+            disconnect_conn = TRUE;
+          }
+        }
+        else {
+          /* failure detected */
+          Curl_posttransfer(data);
+          if(data->easy_conn)
+            Curl_done(&data->easy_conn, data->result, FALSE);
+          disconnect_conn = TRUE;
+        }
+      }
+      break;
+
+    case CURLM_STATE_DOING:
+      /* we continue DOING until the DO phase is complete */
+      data->result = Curl_protocol_doing(data->easy_conn,
+                                         &dophase_done);
+      if(CURLE_OK == data->result) {
+        if(dophase_done) {
+          /* after DO, go DO_DONE or DO_MORE */
+          multistate(data, data->easy_conn->bits.do_more?
+                     CURLM_STATE_DO_MORE:
+                     CURLM_STATE_DO_DONE);
+          result = CURLM_CALL_MULTI_PERFORM;
+        } /* dophase_done */
+      }
+      else {
+        /* failure detected */
+        Curl_posttransfer(data);
+        Curl_done(&data->easy_conn, data->result, FALSE);
+        disconnect_conn = TRUE;
+      }
+      break;
+
+    case CURLM_STATE_DO_MORE:
+      /*
+       * When we are connected, DO MORE and then go DO_DONE
+       */
+      data->result = Curl_do_more(data->easy_conn, &control);
+
+      /* No need to remove this handle from the send pipeline here since that
+         is done in Curl_done() */
+      if(CURLE_OK == data->result) {
+        if(control) {
+          /* if positive, advance to DO_DONE
+             if negative, go back to DOING */
+          multistate(data, control==1?
+                     CURLM_STATE_DO_DONE:
+                     CURLM_STATE_DOING);
+          result = CURLM_CALL_MULTI_PERFORM;
+        }
+        else
+          /* stay in DO_MORE */
+          result = CURLM_OK;
+      }
+      else {
+        /* failure detected */
+        Curl_posttransfer(data);
+        Curl_done(&data->easy_conn, data->result, FALSE);
+        disconnect_conn = TRUE;
+      }
+      break;
+
+    case CURLM_STATE_DO_DONE:
+      /* Move ourselves from the send to recv pipeline */
+      Curl_move_handle_from_send_to_recv_pipe(data, data->easy_conn);
+      /* Check if we can move pending requests to send pipe */
+      Curl_multi_process_pending_handles(multi);
+
+      /* Only perform the transfer if there's a good socket to work with.
+         Having both BAD is a signal to skip immediately to DONE */
+      if((data->easy_conn->sockfd != CURL_SOCKET_BAD) ||
+         (data->easy_conn->writesockfd != CURL_SOCKET_BAD))
+        multistate(data, CURLM_STATE_WAITPERFORM);
+      else
+        multistate(data, CURLM_STATE_DONE);
+      result = CURLM_CALL_MULTI_PERFORM;
+      break;
+
+    case CURLM_STATE_WAITPERFORM:
+      /* Wait for our turn to PERFORM */
+      if(!data->easy_conn->readchannel_inuse &&
+         isHandleAtHead(data,
+                        data->easy_conn->recv_pipe)) {
+        /* Grab the channel */
+        data->easy_conn->readchannel_inuse = TRUE;
+        multistate(data, CURLM_STATE_PERFORM);
+        result = CURLM_CALL_MULTI_PERFORM;
+      }
+#ifdef DEBUGBUILD
+      else {
+        infof(data, "WAITPERFORM: Conn %ld recv pipe %zu inuse %s athead %s\n",
+              data->easy_conn->connection_id,
+              data->easy_conn->recv_pipe->size,
+              data->easy_conn->readchannel_inuse?"TRUE":"FALSE",
+              isHandleAtHead(data,
+                             data->easy_conn->recv_pipe)?"TRUE":"FALSE");
+      }
+#endif
+      break;
+
+    case CURLM_STATE_TOOFAST: /* limit-rate exceeded in either direction */
+      /* if both rates are within spec, resume transfer */
+      if(Curl_pgrsUpdate(data->easy_conn))
+        data->result = CURLE_ABORTED_BY_CALLBACK;
+      else
+        data->result = Curl_speedcheck(data, now);
+
+      if(( (data->set.max_send_speed == 0) ||
+           (data->progress.ulspeed < data->set.max_send_speed ))  &&
+         ( (data->set.max_recv_speed == 0) ||
+           (data->progress.dlspeed < data->set.max_recv_speed)))
+        multistate(data, CURLM_STATE_PERFORM);
+      break;
+
+    case CURLM_STATE_PERFORM:
+      {
+      char *newurl = NULL;
+      bool retry = FALSE;
+
+      /* check if over send speed */
+      if((data->set.max_send_speed > 0) &&
+         (data->progress.ulspeed > data->set.max_send_speed)) {
+        int buffersize;
+
+        multistate(data, CURLM_STATE_TOOFAST);
+
+        /* calculate upload rate-limitation timeout. */
+        buffersize = (int)(data->set.buffer_size ?
+                           data->set.buffer_size : BUFSIZE);
+        timeout_ms = Curl_sleep_time(data->set.max_send_speed,
+                                     data->progress.ulspeed, buffersize);
+        Curl_expire_latest(data, timeout_ms);
+        break;
+      }
+
+      /* check if over recv speed */
+      if((data->set.max_recv_speed > 0) &&
+         (data->progress.dlspeed > data->set.max_recv_speed)) {
+        int buffersize;
+
+        multistate(data, CURLM_STATE_TOOFAST);
+
+         /* Calculate download rate-limitation timeout. */
+        buffersize = (int)(data->set.buffer_size ?
+                           data->set.buffer_size : BUFSIZE);
+        timeout_ms = Curl_sleep_time(data->set.max_recv_speed,
+                                     data->progress.dlspeed, buffersize);
+        Curl_expire_latest(data, timeout_ms);
+        break;
+      }
+
+      /* read/write data if it is ready to do so */
+      data->result = Curl_readwrite(data->easy_conn, &done);
+
+      k = &data->req;
+
+      if(!(k->keepon & KEEP_RECV)) {
+        /* We're done receiving */
+        data->easy_conn->readchannel_inuse = FALSE;
+      }
+
+      if(!(k->keepon & KEEP_SEND)) {
+        /* We're done sending */
+        data->easy_conn->writechannel_inuse = FALSE;
+      }
+
+      if(done || (data->result == CURLE_RECV_ERROR)) {
+        /* If CURLE_RECV_ERROR happens early enough, we assume it was a race
+         * condition and the server closed the re-used connection exactly when
+         * we wanted to use it, so figure out if that is indeed the case.
+         */
+        CURLcode ret = Curl_retry_request(data->easy_conn, &newurl);
+        if(!ret)
+          retry = (newurl)?TRUE:FALSE;
+
+        if(retry) {
+          /* if we are to retry, set the result to OK and consider the
+             request as done */
+          data->result = CURLE_OK;
+          done = TRUE;
+        }
+      }
+
+      if(data->result) {
+        /*
+         * The transfer phase returned error, we mark the connection to get
+         * closed to prevent being re-used. This is because we can't possibly
+         * know if the connection is in a good shape or not now.  Unless it is
+         * a protocol which uses two "channels" like FTP, as then the error
+         * happened in the data connection.
+         */
+
+        if(!(data->easy_conn->handler->flags & PROTOPT_DUAL))
+          connclose(data->easy_conn, "Transfer returned error");
+
+        Curl_posttransfer(data);
+        Curl_done(&data->easy_conn, data->result, FALSE);
+      }
+      else if(done) {
+        followtype follow=FOLLOW_NONE;
+
+        /* call this even if the readwrite function returned error */
+        Curl_posttransfer(data);
+
+        /* we're no longer receiving */
+        Curl_removeHandleFromPipeline(data, data->easy_conn->recv_pipe);
+
+        /* expire the new receiving pipeline head */
+        if(data->easy_conn->recv_pipe->head)
+          Curl_expire_latest(data->easy_conn->recv_pipe->head->ptr, 1);
+
+        /* Check if we can move pending requests to send pipe */
+        Curl_multi_process_pending_handles(multi);
+
+        /* When we follow redirects or is set to retry the connection, we must
+           to go back to the CONNECT state */
+        if(data->req.newurl || retry) {
+          if(!retry) {
+            /* if the URL is a follow-location and not just a retried request
+               then figure out the URL here */
+            newurl = data->req.newurl;
+            data->req.newurl = NULL;
+            follow = FOLLOW_REDIR;
+          }
+          else
+            follow = FOLLOW_RETRY;
+          data->result = Curl_done(&data->easy_conn, CURLE_OK, FALSE);
+          if(CURLE_OK == data->result) {
+            data->result = Curl_follow(data, newurl, follow);
+            if(CURLE_OK == data->result) {
+              multistate(data, CURLM_STATE_CONNECT);
+              result = CURLM_CALL_MULTI_PERFORM;
+              newurl = NULL; /* handed over the memory ownership to
+                                Curl_follow(), make sure we don't free() it
+                                here */
+            }
+          }
+        }
+        else {
+          /* after the transfer is done, go DONE */
+
+          /* but first check to see if we got a location info even though we're
+             not following redirects */
+          if(data->req.location) {
+            if(newurl)
+              free(newurl);
+            newurl = data->req.location;
+            data->req.location = NULL;
+            data->result = Curl_follow(data, newurl, FOLLOW_FAKE);
+            if(CURLE_OK == data->result)
+              newurl = NULL; /* allocation was handed over Curl_follow() */
+            else
+              disconnect_conn = TRUE;
+          }
+
+          multistate(data, CURLM_STATE_DONE);
+          result = CURLM_CALL_MULTI_PERFORM;
+        }
+      }
+
+      if(newurl)
+        free(newurl);
+      break;
+      }
+
+    case CURLM_STATE_DONE:
+      /* this state is highly transient, so run another loop after this */
+      result = CURLM_CALL_MULTI_PERFORM;
+
+      if(data->easy_conn) {
+        CURLcode res;
+
+        /* Remove ourselves from the receive pipeline, if we are there. */
+        Curl_removeHandleFromPipeline(data, data->easy_conn->recv_pipe);
+        /* Check if we can move pending requests to send pipe */
+        Curl_multi_process_pending_handles(multi);
+
+        /* post-transfer command */
+        res = Curl_done(&data->easy_conn, data->result, FALSE);
+
+        /* allow a previously set error code take precedence */
+        if(!data->result)
+          data->result = res;
+
+        /*
+         * If there are other handles on the pipeline, Curl_done won't set
+         * easy_conn to NULL.  In such a case, curl_multi_remove_handle() can
+         * access free'd data, if the connection is free'd and the handle
+         * removed before we perform the processing in CURLM_STATE_COMPLETED
+         */
+        if(data->easy_conn)
+          data->easy_conn = NULL;
+      }
+
+      if(data->set.wildcardmatch) {
+        if(data->wildcard.state != CURLWC_DONE) {
+          /* if a wildcard is set and we are not ending -> lets start again
+             with CURLM_STATE_INIT */
+          multistate(data, CURLM_STATE_INIT);
+          break;
+        }
+      }
+
+      /* after we have DONE what we're supposed to do, go COMPLETED, and
+         it doesn't matter what the Curl_done() returned! */
+      multistate(data, CURLM_STATE_COMPLETED);
+      break;
+
+    case CURLM_STATE_COMPLETED:
+      /* this is a completed transfer, it is likely to still be connected */
+
+      /* This node should be delinked from the list now and we should post
+         an information message that we are complete. */
+
+      /* Important: reset the conn pointer so that we don't point to memory
+         that could be freed anytime */
+      data->easy_conn = NULL;
+
+      Curl_expire(data, 0); /* stop all timers */
+      break;
+
+    case CURLM_STATE_MSGSENT:
+      return CURLM_OK; /* do nothing */
+
+    default:
+      return CURLM_INTERNAL_ERROR;
+    }
+
+    if(data->mstate < CURLM_STATE_COMPLETED) {
+      if(CURLE_OK != data->result) {
+        /*
+         * If an error was returned, and we aren't in completed state now,
+         * then we go to completed and consider this transfer aborted.
+         */
+
+        /* NOTE: no attempt to disconnect connections must be made
+           in the case blocks above - cleanup happens only here */
+
+        data->state.pipe_broke = FALSE;
+
+        if(data->easy_conn) {
+          /* if this has a connection, unsubscribe from the pipelines */
+          data->easy_conn->writechannel_inuse = FALSE;
+          data->easy_conn->readchannel_inuse = FALSE;
+          Curl_removeHandleFromPipeline(data,
+                                        data->easy_conn->send_pipe);
+          Curl_removeHandleFromPipeline(data,
+                                        data->easy_conn->recv_pipe);
+          /* Check if we can move pending requests to send pipe */
+          Curl_multi_process_pending_handles(multi);
+
+          if(disconnect_conn) {
+            /* disconnect properly */
+            Curl_disconnect(data->easy_conn, /* dead_connection */ FALSE);
+
+            /* This is where we make sure that the easy_conn pointer is reset.
+               We don't have to do this in every case block above where a
+               failure is detected */
+            data->easy_conn = NULL;
+          }
+        }
+        else if(data->mstate == CURLM_STATE_CONNECT) {
+          /* Curl_connect() failed */
+          (void)Curl_posttransfer(data);
+        }
+
+        multistate(data, CURLM_STATE_COMPLETED);
+      }
+      /* if there's still a connection to use, call the progress function */
+      else if(data->easy_conn && Curl_pgrsUpdate(data->easy_conn)) {
+        /* aborted due to progress callback return code must close the
+           connection */
+        data->result = CURLE_ABORTED_BY_CALLBACK;
+        connclose(data->easy_conn, "Aborted by callback");
+
+        /* if not yet in DONE state, go there, otherwise COMPLETED */
+        multistate(data, (data->mstate < CURLM_STATE_DONE)?
+                   CURLM_STATE_DONE: CURLM_STATE_COMPLETED);
+        result = CURLM_CALL_MULTI_PERFORM;
+      }
+    }
+  } WHILE_FALSE; /* just to break out from! */
+
+  if(CURLM_STATE_COMPLETED == data->mstate) {
+    /* now fill in the Curl_message with this info */
+    msg = &data->msg;
+
+    msg->extmsg.msg = CURLMSG_DONE;
+    msg->extmsg.easy_handle = data;
+    msg->extmsg.data.result = data->result;
+
+    result = multi_addmsg(multi, msg);
+
+    multistate(data, CURLM_STATE_MSGSENT);
+  }
+
+  return result;
+}
+
+
+CURLMcode curl_multi_perform(CURLM *multi_handle, int *running_handles)
+{
+  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
+  struct SessionHandle *data;
+  CURLMcode returncode=CURLM_OK;
+  struct Curl_tree *t;
+  struct timeval now = Curl_tvnow();
+
+  if(!GOOD_MULTI_HANDLE(multi))
+    return CURLM_BAD_HANDLE;
+
+  data=multi->easyp;
+  while(data) {
+    CURLMcode result;
+    struct WildcardData *wc = &data->wildcard;
+    SIGPIPE_VARIABLE(pipe_st);
+
+    if(data->set.wildcardmatch) {
+      if(!wc->filelist) {
+        CURLcode ret = Curl_wildcard_init(wc); /* init wildcard structures */
+        if(ret)
+          return CURLM_OUT_OF_MEMORY;
+      }
+    }
+
+    sigpipe_ignore(data, &pipe_st);
+    do
+      result = multi_runsingle(multi, now, data);
+    while(CURLM_CALL_MULTI_PERFORM == result);
+    sigpipe_restore(&pipe_st);
+
+    if(data->set.wildcardmatch) {
+      /* destruct wildcard structures if it is needed */
+      if(wc->state == CURLWC_DONE || result)
+        Curl_wildcard_dtor(wc);
+    }
+
+    if(result)
+      returncode = result;
+
+    data = data->next; /* operate on next handle */
+  }
+
+  /*
+   * Simply remove all expired timers from the splay since handles are dealt
+   * with unconditionally by this function and curl_multi_timeout() requires
+   * that already passed/handled expire times are removed from the splay.
+   *
+   * It is important that the 'now' value is set at the entry of this function
+   * and not for the current time as it may have ticked a little while since
+   * then and then we risk this loop to remove timers that actually have not
+   * been handled!
+   */
+  do {
+    multi->timetree = Curl_splaygetbest(now, multi->timetree, &t);
+    if(t)
+      /* the removed may have another timeout in queue */
+      (void)add_next_timeout(now, multi, t->payload);
+
+  } while(t);
+
+  *running_handles = multi->num_alive;
+
+  if(CURLM_OK >= returncode)
+    update_timer(multi);
+
+  return returncode;
+}
+
+static void close_all_connections(struct Curl_multi *multi)
+{
+  struct connectdata *conn;
+
+  conn = Curl_conncache_find_first_connection(multi->conn_cache);
+  while(conn) {
+    SIGPIPE_VARIABLE(pipe_st);
+    conn->data = multi->closure_handle;
+
+    sigpipe_ignore(conn->data, &pipe_st);
+    /* This will remove the connection from the cache */
+    (void)Curl_disconnect(conn, FALSE);
+    sigpipe_restore(&pipe_st);
+
+    conn = Curl_conncache_find_first_connection(multi->conn_cache);
+  }
+}
+
+CURLMcode curl_multi_cleanup(CURLM *multi_handle)
+{
+  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
+  struct SessionHandle *data;
+  struct SessionHandle *nextdata;
+
+  if(GOOD_MULTI_HANDLE(multi)) {
+    bool restore_pipe = FALSE;
+    SIGPIPE_VARIABLE(pipe_st);
+
+    multi->type = 0; /* not good anymore */
+
+    /* Close all the connections in the connection cache */
+    close_all_connections(multi);
+
+    if(multi->closure_handle) {
+      sigpipe_ignore(multi->closure_handle, &pipe_st);
+      restore_pipe = TRUE;
+
+      multi->closure_handle->dns.hostcache = multi->hostcache;
+      Curl_hostcache_clean(multi->closure_handle,
+                           multi->closure_handle->dns.hostcache);
+
+      Curl_close(multi->closure_handle);
+    }
+
+    Curl_hash_destroy(multi->sockhash);
+    Curl_conncache_destroy(multi->conn_cache);
+    Curl_llist_destroy(multi->msglist, NULL);
+    Curl_llist_destroy(multi->pending, NULL);
+
+    /* remove all easy handles */
+    data = multi->easyp;
+    while(data) {
+      nextdata=data->next;
+      if(data->dns.hostcachetype == HCACHE_MULTI) {
+        /* clear out the usage of the shared DNS cache */
+        Curl_hostcache_clean(data, data->dns.hostcache);
+        data->dns.hostcache = NULL;
+        data->dns.hostcachetype = HCACHE_NONE;
+      }
+
+      /* Clear the pointer to the connection cache */
+      data->state.conn_cache = NULL;
+      data->multi = NULL; /* clear the association */
+
+      data = nextdata;
+    }
+
+    Curl_hash_destroy(multi->hostcache);
+
+    /* Free the blacklists by setting them to NULL */
+    Curl_pipeline_set_site_blacklist(NULL, &multi->pipelining_site_bl);
+    Curl_pipeline_set_server_blacklist(NULL, &multi->pipelining_server_bl);
+
+    free(multi);
+    if(restore_pipe)
+      sigpipe_restore(&pipe_st);
+
+    return CURLM_OK;
+  }
+  else
+    return CURLM_BAD_HANDLE;
+}
+
+/*
+ * curl_multi_info_read()
+ *
+ * This function is the primary way for a multi/multi_socket application to
+ * figure out if a transfer has ended. We MUST make this function as fast as
+ * possible as it will be polled frequently and we MUST NOT scan any lists in
+ * here to figure out things. We must scale fine to thousands of handles and
+ * beyond. The current design is fully O(1).
+ */
+
+CURLMsg *curl_multi_info_read(CURLM *multi_handle, int *msgs_in_queue)
+{
+  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
+  struct Curl_message *msg;
+
+  *msgs_in_queue = 0; /* default to none */
+
+  if(GOOD_MULTI_HANDLE(multi) && Curl_llist_count(multi->msglist)) {
+    /* there is one or more messages in the list */
+    struct curl_llist_element *e;
+
+    /* extract the head of the list to return */
+    e = multi->msglist->head;
+
+    msg = e->ptr;
+
+    /* remove the extracted entry */
+    Curl_llist_remove(multi->msglist, e, NULL);
+
+    *msgs_in_queue = curlx_uztosi(Curl_llist_count(multi->msglist));
+
+    return &msg->extmsg;
+  }
+  else
+    return NULL;
+}
+
+/*
+ * singlesocket() checks what sockets we deal with and their "action state"
+ * and if we have a different state in any of those sockets from last time we
+ * call the callback accordingly.
+ */
+static void singlesocket(struct Curl_multi *multi,
+                         struct SessionHandle *data)
+{
+  curl_socket_t socks[MAX_SOCKSPEREASYHANDLE];
+  int i;
+  struct Curl_sh_entry *entry;
+  curl_socket_t s;
+  int num;
+  unsigned int curraction;
+  bool remove_sock_from_hash;
+
+  for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++)
+    socks[i] = CURL_SOCKET_BAD;
+
+  /* Fill in the 'current' struct with the state as it is now: what sockets to
+     supervise and for what actions */
+  curraction = multi_getsock(data, socks, MAX_SOCKSPEREASYHANDLE);
+
+  /* We have 0 .. N sockets already and we get to know about the 0 .. M
+     sockets we should have from now on. Detect the differences, remove no
+     longer supervised ones and add new ones */
+
+  /* walk over the sockets we got right now */
+  for(i=0; (i< MAX_SOCKSPEREASYHANDLE) &&
+        (curraction & (GETSOCK_READSOCK(i) | GETSOCK_WRITESOCK(i)));
+      i++) {
+    int action = CURL_POLL_NONE;
+
+    s = socks[i];
+
+    /* get it from the hash */
+    entry = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
+
+    if(curraction & GETSOCK_READSOCK(i))
+      action |= CURL_POLL_IN;
+    if(curraction & GETSOCK_WRITESOCK(i))
+      action |= CURL_POLL_OUT;
+
+    if(entry) {
+      /* yeps, already present so check if it has the same action set */
+      if(entry->action == action)
+        /* same, continue */
+        continue;
+    }
+    else {
+      /* this is a socket we didn't have before, add it! */
+      entry = sh_addentry(multi->sockhash, s, data);
+      if(!entry)
+        /* fatal */
+        return;
+    }
+
+    /* we know (entry != NULL) at this point, see the logic above */
+    if(multi->socket_cb)
+      multi->socket_cb(data,
+                       s,
+                       action,
+                       multi->socket_userp,
+                       entry->socketp);
+
+    entry->action = action; /* store the current action state */
+  }
+
+  num = i; /* number of sockets */
+
+  /* when we've walked over all the sockets we should have right now, we must
+     make sure to detect sockets that are removed */
+  for(i=0; i< data->numsocks; i++) {
+    int j;
+    s = data->sockets[i];
+    for(j=0; j<num; j++) {
+      if(s == socks[j]) {
+        /* this is still supervised */
+        s = CURL_SOCKET_BAD;
+        break;
+      }
+    }
+    if(s != CURL_SOCKET_BAD) {
+
+      /* this socket has been removed. Tell the app to remove it */
+      remove_sock_from_hash = TRUE;
+
+      entry = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
+      if(entry) {
+        /* check if the socket to be removed serves a connection which has
+           other easy-s in a pipeline. In this case the socket should not be
+           removed. */
+        struct connectdata *easy_conn = data->easy_conn;
+        if(easy_conn) {
+          if(easy_conn->recv_pipe && easy_conn->recv_pipe->size > 1) {
+            /* the handle should not be removed from the pipe yet */
+            remove_sock_from_hash = FALSE;
+
+            /* Update the sockhash entry to instead point to the next in line
+               for the recv_pipe, or the first (in case this particular easy
+               isn't already) */
+            if(entry->easy == data) {
+              if(isHandleAtHead(data, easy_conn->recv_pipe))
+                entry->easy = easy_conn->recv_pipe->head->next->ptr;
+              else
+                entry->easy = easy_conn->recv_pipe->head->ptr;
+            }
+          }
+          if(easy_conn->send_pipe  && easy_conn->send_pipe->size > 1) {
+            /* the handle should not be removed from the pipe yet */
+            remove_sock_from_hash = FALSE;
+
+            /* Update the sockhash entry to instead point to the next in line
+               for the send_pipe, or the first (in case this particular easy
+               isn't already) */
+            if(entry->easy == data) {
+              if(isHandleAtHead(data, easy_conn->send_pipe))
+                entry->easy = easy_conn->send_pipe->head->next->ptr;
+              else
+                entry->easy = easy_conn->send_pipe->head->ptr;
+            }
+          }
+          /* Don't worry about overwriting recv_pipe head with send_pipe_head,
+             when action will be asked on the socket (see multi_socket()), the
+             head of the correct pipe will be taken according to the
+             action. */
+        }
+      }
+      else
+        /* just a precaution, this socket really SHOULD be in the hash already
+           but in case it isn't, we don't have to tell the app to remove it
+           either since it never got to know about it */
+        remove_sock_from_hash = FALSE;
+
+      if(remove_sock_from_hash) {
+        /* in this case 'entry' is always non-NULL */
+        if(multi->socket_cb)
+          multi->socket_cb(data,
+                           s,
+                           CURL_POLL_REMOVE,
+                           multi->socket_userp,
+                           entry->socketp);
+        sh_delentry(multi->sockhash, s);
+      }
+
+    }
+  }
+
+  memcpy(data->sockets, socks, num*sizeof(curl_socket_t));
+  data->numsocks = num;
+}
+
+/*
+ * Curl_multi_closed()
+ *
+ * Used by the connect code to tell the multi_socket code that one of the
+ * sockets we were using have just been closed.  This function will then
+ * remove it from the sockethash for this handle to make the multi_socket API
+ * behave properly, especially for the case when libcurl will create another
+ * socket again and it gets the same file descriptor number.
+ */
+
+void Curl_multi_closed(struct connectdata *conn, curl_socket_t s)
+{
+  struct Curl_multi *multi = conn->data->multi;
+  if(multi) {
+    /* this is set if this connection is part of a handle that is added to
+       a multi handle, and only then this is necessary */
+    struct Curl_sh_entry *entry =
+      Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
+
+    if(entry) {
+      if(multi->socket_cb)
+        multi->socket_cb(conn->data, s, CURL_POLL_REMOVE,
+                         multi->socket_userp,
+                         entry->socketp);
+
+      /* now remove it from the socket hash */
+      sh_delentry(multi->sockhash, s);
+    }
+  }
+}
+
+
+
+/*
+ * add_next_timeout()
+ *
+ * Each SessionHandle has a list of timeouts. The add_next_timeout() is called
+ * when it has just been removed from the splay tree because the timeout has
+ * expired. This function is then to advance in the list to pick the next
+ * timeout to use (skip the already expired ones) and add this node back to
+ * the splay tree again.
+ *
+ * The splay tree only has each sessionhandle as a single node and the nearest
+ * timeout is used to sort it on.
+ */
+static CURLMcode add_next_timeout(struct timeval now,
+                                  struct Curl_multi *multi,
+                                  struct SessionHandle *d)
+{
+  struct timeval *tv = &d->state.expiretime;
+  struct curl_llist *list = d->state.timeoutlist;
+  struct curl_llist_element *e;
+
+  /* move over the timeout list for this specific handle and remove all
+     timeouts that are now passed tense and store the next pending
+     timeout in *tv */
+  for(e = list->head; e; ) {
+    struct curl_llist_element *n = e->next;
+    long diff = curlx_tvdiff(*(struct timeval *)e->ptr, now);
+    if(diff <= 0)
+      /* remove outdated entry */
+      Curl_llist_remove(list, e, NULL);
+    else
+      /* the list is sorted so get out on the first mismatch */
+      break;
+    e = n;
+  }
+  e = list->head;
+  if(!e) {
+    /* clear the expire times within the handles that we remove from the
+       splay tree */
+    tv->tv_sec = 0;
+    tv->tv_usec = 0;
+  }
+  else {
+    /* copy the first entry to 'tv' */
+    memcpy(tv, e->ptr, sizeof(*tv));
+
+    /* remove first entry from list */
+    Curl_llist_remove(list, e, NULL);
+
+    /* insert this node again into the splay */
+    multi->timetree = Curl_splayinsert(*tv, multi->timetree,
+                                       &d->state.timenode);
+  }
+  return CURLM_OK;
+}
+
+static CURLMcode multi_socket(struct Curl_multi *multi,
+                              bool checkall,
+                              curl_socket_t s,
+                              int ev_bitmask,
+                              int *running_handles)
+{
+  CURLMcode result = CURLM_OK;
+  struct SessionHandle *data = NULL;
+  struct Curl_tree *t;
+  struct timeval now = Curl_tvnow();
+
+  if(checkall) {
+    /* *perform() deals with running_handles on its own */
+    result = curl_multi_perform(multi, running_handles);
+
+    /* walk through each easy handle and do the socket state change magic
+       and callbacks */
+    if(result != CURLM_BAD_HANDLE) {
+      data=multi->easyp;
+      while(data) {
+        singlesocket(multi, data);
+        data = data->next;
+      }
+    }
+
+    /* or should we fall-through and do the timer-based stuff? */
+    return result;
+  }
+  else if(s != CURL_SOCKET_TIMEOUT) {
+
+    struct Curl_sh_entry *entry =
+      Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
+
+    if(!entry)
+      /* Unmatched socket, we can't act on it but we ignore this fact.  In
+         real-world tests it has been proved that libevent can in fact give
+         the application actions even though the socket was just previously
+         asked to get removed, so thus we better survive stray socket actions
+         and just move on. */
+      ;
+    else {
+      SIGPIPE_VARIABLE(pipe_st);
+
+      data = entry->easy;
+
+      if(data->magic != CURLEASY_MAGIC_NUMBER)
+        /* bad bad bad bad bad bad bad */
+        return CURLM_INTERNAL_ERROR;
+
+      /* If the pipeline is enabled, take the handle which is in the head of
+         the pipeline. If we should write into the socket, take the send_pipe
+         head.  If we should read from the socket, take the recv_pipe head. */
+      if(data->easy_conn) {
+        if((ev_bitmask & CURL_POLL_OUT) &&
+           data->easy_conn->send_pipe &&
+           data->easy_conn->send_pipe->head)
+          data = data->easy_conn->send_pipe->head->ptr;
+        else if((ev_bitmask & CURL_POLL_IN) &&
+                data->easy_conn->recv_pipe &&
+                data->easy_conn->recv_pipe->head)
+          data = data->easy_conn->recv_pipe->head->ptr;
+      }
+
+      if(data->easy_conn &&
+         !(data->easy_conn->handler->flags & PROTOPT_DIRLOCK))
+        /* set socket event bitmask if they're not locked */
+        data->easy_conn->cselect_bits = ev_bitmask;
+
+      sigpipe_ignore(data, &pipe_st);
+      do
+        result = multi_runsingle(multi, now, data);
+      while(CURLM_CALL_MULTI_PERFORM == result);
+      sigpipe_restore(&pipe_st);
+
+      if(data->easy_conn &&
+         !(data->easy_conn->handler->flags & PROTOPT_DIRLOCK))
+        /* clear the bitmask only if not locked */
+        data->easy_conn->cselect_bits = 0;
+
+      if(CURLM_OK >= result)
+        /* get the socket(s) and check if the state has been changed since
+           last */
+        singlesocket(multi, data);
+
+      /* Now we fall-through and do the timer-based stuff, since we don't want
+         to force the user to have to deal with timeouts as long as at least
+         one connection in fact has traffic. */
+
+      data = NULL; /* set data to NULL again to avoid calling
+                      multi_runsingle() in case there's no need to */
+      now = Curl_tvnow(); /* get a newer time since the multi_runsingle() loop
+                             may have taken some time */
+    }
+  }
+  else {
+    /* Asked to run due to time-out. Clear the 'lastcall' variable to force
+       update_timer() to trigger a callback to the app again even if the same
+       timeout is still the one to run after this call. That handles the case
+       when the application asks libcurl to run the timeout prematurely. */
+    memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall));
+  }
+
+  /*
+   * The loop following here will go on as long as there are expire-times left
+   * to process in the splay and 'data' will be re-assigned for every expired
+   * handle we deal with.
+   */
+  do {
+    /* the first loop lap 'data' can be NULL */
+    if(data) {
+      SIGPIPE_VARIABLE(pipe_st);
+
+      sigpipe_ignore(data, &pipe_st);
+      do
+        result = multi_runsingle(multi, now, data);
+      while(CURLM_CALL_MULTI_PERFORM == result);
+      sigpipe_restore(&pipe_st);
+
+      if(CURLM_OK >= result)
+        /* get the socket(s) and check if the state has been changed since
+           last */
+        singlesocket(multi, data);
+    }
+
+    /* Check if there's one (more) expired timer to deal with! This function
+       extracts a matching node if there is one */
+
+    multi->timetree = Curl_splaygetbest(now, multi->timetree, &t);
+    if(t) {
+      data = t->payload; /* assign this for next loop */
+      (void)add_next_timeout(now, multi, t->payload);
+    }
+
+  } while(t);
+
+  *running_handles = multi->num_alive;
+  return result;
+}
+
+#undef curl_multi_setopt
+CURLMcode curl_multi_setopt(CURLM *multi_handle,
+                            CURLMoption option, ...)
+{
+  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
+  CURLMcode res = CURLM_OK;
+  va_list param;
+
+  if(!GOOD_MULTI_HANDLE(multi))
+    return CURLM_BAD_HANDLE;
+
+  va_start(param, option);
+
+  switch(option) {
+  case CURLMOPT_SOCKETFUNCTION:
+    multi->socket_cb = va_arg(param, curl_socket_callback);
+    break;
+  case CURLMOPT_SOCKETDATA:
+    multi->socket_userp = va_arg(param, void *);
+    break;
+  case CURLMOPT_PIPELINING:
+    multi->pipelining_enabled = (0 != va_arg(param, long)) ? TRUE : FALSE;
+    break;
+  case CURLMOPT_TIMERFUNCTION:
+    multi->timer_cb = va_arg(param, curl_multi_timer_callback);
+    break;
+  case CURLMOPT_TIMERDATA:
+    multi->timer_userp = va_arg(param, void *);
+    break;
+  case CURLMOPT_MAXCONNECTS:
+    multi->maxconnects = va_arg(param, long);
+    break;
+  case CURLMOPT_MAX_HOST_CONNECTIONS:
+    multi->max_host_connections = va_arg(param, long);
+    break;
+  case CURLMOPT_MAX_PIPELINE_LENGTH:
+    multi->max_pipeline_length = va_arg(param, long);
+    break;
+  case CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE:
+    multi->content_length_penalty_size = va_arg(param, long);
+    break;
+  case CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE:
+    multi->chunk_length_penalty_size = va_arg(param, long);
+    break;
+  case CURLMOPT_PIPELINING_SITE_BL:
+    res = Curl_pipeline_set_site_blacklist(va_arg(param, char **),
+                                           &multi->pipelining_site_bl);
+    break;
+  case CURLMOPT_PIPELINING_SERVER_BL:
+    res = Curl_pipeline_set_server_blacklist(va_arg(param, char **),
+                                             &multi->pipelining_server_bl);
+    break;
+  case CURLMOPT_MAX_TOTAL_CONNECTIONS:
+    multi->max_total_connections = va_arg(param, long);
+    break;
+  default:
+    res = CURLM_UNKNOWN_OPTION;
+    break;
+  }
+  va_end(param);
+  return res;
+}
+
+/* we define curl_multi_socket() in the public multi.h header */
+#undef curl_multi_socket
+
+CURLMcode curl_multi_socket(CURLM *multi_handle, curl_socket_t s,
+                            int *running_handles)
+{
+  CURLMcode result = multi_socket((struct Curl_multi *)multi_handle, FALSE, s,
+                                  0, running_handles);
+  if(CURLM_OK >= result)
+    update_timer((struct Curl_multi *)multi_handle);
+  return result;
+}
+
+CURLMcode curl_multi_socket_action(CURLM *multi_handle, curl_socket_t s,
+                                   int ev_bitmask, int *running_handles)
+{
+  CURLMcode result = multi_socket((struct Curl_multi *)multi_handle, FALSE, s,
+                                  ev_bitmask, running_handles);
+  if(CURLM_OK >= result)
+    update_timer((struct Curl_multi *)multi_handle);
+  return result;
+}
+
+CURLMcode curl_multi_socket_all(CURLM *multi_handle, int *running_handles)
+
+{
+  CURLMcode result = multi_socket((struct Curl_multi *)multi_handle,
+                                  TRUE, CURL_SOCKET_BAD, 0, running_handles);
+  if(CURLM_OK >= result)
+    update_timer((struct Curl_multi *)multi_handle);
+  return result;
+}
+
+static CURLMcode multi_timeout(struct Curl_multi *multi,
+                               long *timeout_ms)
+{
+  static struct timeval tv_zero = {0,0};
+
+  if(multi->timetree) {
+    /* we have a tree of expire times */
+    struct timeval now = Curl_tvnow();
+
+    /* splay the lowest to the bottom */
+    multi->timetree = Curl_splay(tv_zero, multi->timetree);
+
+    if(Curl_splaycomparekeys(multi->timetree->key, now) > 0) {
+      /* some time left before expiration */
+      *timeout_ms = curlx_tvdiff(multi->timetree->key, now);
+      if(!*timeout_ms)
+        /*
+         * Since we only provide millisecond resolution on the returned value
+         * and the diff might be less than one millisecond here, we don't
+         * return zero as that may cause short bursts of busyloops on fast
+         * processors while the diff is still present but less than one
+         * millisecond! instead we return 1 until the time is ripe.
+         */
+        *timeout_ms=1;
+    }
+    else
+      /* 0 means immediately */
+      *timeout_ms = 0;
+  }
+  else
+    *timeout_ms = -1;
+
+  return CURLM_OK;
+}
+
+CURLMcode curl_multi_timeout(CURLM *multi_handle,
+                             long *timeout_ms)
+{
+  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
+
+  /* First, make some basic checks that the CURLM handle is a good handle */
+  if(!GOOD_MULTI_HANDLE(multi))
+    return CURLM_BAD_HANDLE;
+
+  return multi_timeout(multi, timeout_ms);
+}
+
+/*
+ * Tell the application it should update its timers, if it subscribes to the
+ * update timer callback.
+ */
+static int update_timer(struct Curl_multi *multi)
+{
+  long timeout_ms;
+
+  if(!multi->timer_cb)
+    return 0;
+  if(multi_timeout(multi, &timeout_ms)) {
+    return -1;
+  }
+  if(timeout_ms < 0) {
+    static const struct timeval none={0,0};
+    if(Curl_splaycomparekeys(none, multi->timer_lastcall)) {
+      multi->timer_lastcall = none;
+      /* there's no timeout now but there was one previously, tell the app to
+         disable it */
+      return multi->timer_cb((CURLM*)multi, -1, multi->timer_userp);
+    }
+    return 0;
+  }
+
+  /* When multi_timeout() is done, multi->timetree points to the node with the
+   * timeout we got the (relative) time-out time for. We can thus easily check
+   * if this is the same (fixed) time as we got in a previous call and then
+   * avoid calling the callback again. */
+  if(Curl_splaycomparekeys(multi->timetree->key, multi->timer_lastcall) == 0)
+    return 0;
+
+  multi->timer_lastcall = multi->timetree->key;
+
+  return multi->timer_cb((CURLM*)multi, timeout_ms, multi->timer_userp);
+}
+
+void Curl_multi_set_easy_connection(struct SessionHandle *handle,
+                                    struct connectdata *conn)
+{
+  handle->easy_conn = conn;
+}
+
+static bool isHandleAtHead(struct SessionHandle *handle,
+                           struct curl_llist *pipeline)
+{
+  struct curl_llist_element *curr = pipeline->head;
+  if(curr)
+    return (curr->ptr == handle) ? TRUE : FALSE;
+
+  return FALSE;
+}
+
+/*
+ * multi_freetimeout()
+ *
+ * Callback used by the llist system when a single timeout list entry is
+ * destroyed.
+ */
+static void multi_freetimeout(void *user, void *entryptr)
+{
+  (void)user;
+
+  /* the entry was plain malloc()'ed */
+  free(entryptr);
+}
+
+/*
+ * multi_addtimeout()
+ *
+ * Add a timestamp to the list of timeouts. Keep the list sorted so that head
+ * of list is always the timeout nearest in time.
+ *
+ */
+static CURLMcode
+multi_addtimeout(struct curl_llist *timeoutlist,
+                 struct timeval *stamp)
+{
+  struct curl_llist_element *e;
+  struct timeval *timedup;
+  struct curl_llist_element *prev = NULL;
+
+  timedup = malloc(sizeof(*timedup));
+  if(!timedup)
+    return CURLM_OUT_OF_MEMORY;
+
+  /* copy the timestamp */
+  memcpy(timedup, stamp, sizeof(*timedup));
+
+  if(Curl_llist_count(timeoutlist)) {
+    /* find the correct spot in the list */
+    for(e = timeoutlist->head; e; e = e->next) {
+      struct timeval *checktime = e->ptr;
+      long diff = curlx_tvdiff(*checktime, *timedup);
+      if(diff > 0)
+        break;
+      prev = e;
+    }
+
+  }
+  /* else
+     this is the first timeout on the list */
+
+  if(!Curl_llist_insert_next(timeoutlist, prev, timedup)) {
+    free(timedup);
+    return CURLM_OUT_OF_MEMORY;
+  }
+
+  return CURLM_OK;
+}
+
+/*
+ * Curl_expire()
+ *
+ * given a number of milliseconds from now to use to set the 'act before
+ * this'-time for the transfer, to be extracted by curl_multi_timeout()
+ *
+ * Note that the timeout will be added to a queue of timeouts if it defines a
+ * moment in time that is later than the current head of queue.
+ *
+ * Pass zero to clear all timeout values for this handle.
+*/
+void Curl_expire(struct SessionHandle *data, long milli)
+{
+  struct Curl_multi *multi = data->multi;
+  struct timeval *nowp = &data->state.expiretime;
+  int rc;
+
+  /* this is only interesting while there is still an associated multi struct
+     remaining! */
+  if(!multi)
+    return;
+
+  if(!milli) {
+    /* No timeout, clear the time data. */
+    if(nowp->tv_sec || nowp->tv_usec) {
+      /* Since this is an cleared time, we must remove the previous entry from
+         the splay tree */
+      struct curl_llist *list = data->state.timeoutlist;
+
+      rc = Curl_splayremovebyaddr(multi->timetree,
+                                  &data->state.timenode,
+                                  &multi->timetree);
+      if(rc)
+        infof(data, "Internal error clearing splay node = %d\n", rc);
+
+      /* flush the timeout list too */
+      while(list->size > 0)
+        Curl_llist_remove(list, list->tail, NULL);
+
+#ifdef DEBUGBUILD
+      infof(data, "Expire cleared\n");
+#endif
+      nowp->tv_sec = 0;
+      nowp->tv_usec = 0;
+    }
+  }
+  else {
+    struct timeval set;
+
+    set = Curl_tvnow();
+    set.tv_sec += milli/1000;
+    set.tv_usec += (milli%1000)*1000;
+
+    if(set.tv_usec >= 1000000) {
+      set.tv_sec++;
+      set.tv_usec -= 1000000;
+    }
+
+    if(nowp->tv_sec || nowp->tv_usec) {
+      /* This means that the struct is added as a node in the splay tree.
+         Compare if the new time is earlier, and only remove-old/add-new if it
+         is. */
+      long diff = curlx_tvdiff(set, *nowp);
+      if(diff > 0) {
+        /* the new expire time was later so just add it to the queue
+           and get out */
+        multi_addtimeout(data->state.timeoutlist, &set);
+        return;
+      }
+
+      /* the new time is newer than the presently set one, so add the current
+         to the queue and update the head */
+      multi_addtimeout(data->state.timeoutlist, nowp);
+
+      /* Since this is an updated time, we must remove the previous entry from
+         the splay tree first and then re-add the new value */
+      rc = Curl_splayremovebyaddr(multi->timetree,
+                                  &data->state.timenode,
+                                  &multi->timetree);
+      if(rc)
+        infof(data, "Internal error removing splay node = %d\n", rc);
+    }
+
+    *nowp = set;
+    data->state.timenode.payload = data;
+    multi->timetree = Curl_splayinsert(*nowp,
+                                       multi->timetree,
+                                       &data->state.timenode);
+  }
+#if 0
+  Curl_splayprint(multi->timetree, 0, TRUE);
+#endif
+}
+
+/*
+ * Curl_expire_latest()
+ *
+ * This is like Curl_expire() but will only add a timeout node to the list of
+ * timers if there is no timeout that will expire before the given time.
+ *
+ * Use this function if the code logic risks calling this function many times
+ * or if there's no particular conditional wait in the code for this specific
+ * time-out period to expire.
+ *
+ */
+void Curl_expire_latest(struct SessionHandle *data, long milli)
+{
+  struct timeval *exp = &data->state.expiretime;
+
+  struct timeval set;
+
+  set = Curl_tvnow();
+  set.tv_sec += milli/1000;
+  set.tv_usec += (milli%1000)*1000;
+
+  if(set.tv_usec >= 1000000) {
+    set.tv_sec++;
+    set.tv_usec -= 1000000;
+  }
+
+  if(exp->tv_sec || exp->tv_usec) {
+    /* This means that the struct is added as a node in the splay tree.
+       Compare if the new time is earlier, and only remove-old/add-new if it
+         is. */
+    long diff = curlx_tvdiff(set, *exp);
+    if(diff > 0)
+      /* the new expire time was later than the top time, so just skip this */
+      return;
+  }
+
+  /* Just add the timeout like normal */
+  Curl_expire(data, milli);
+}
+
+CURLMcode curl_multi_assign(CURLM *multi_handle,
+                            curl_socket_t s, void *hashp)
+{
+  struct Curl_sh_entry *there = NULL;
+  struct Curl_multi *multi = (struct Curl_multi *)multi_handle;
+
+  if(s != CURL_SOCKET_BAD)
+    there = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(curl_socket_t));
+
+  if(!there)
+    return CURLM_BAD_SOCKET;
+
+  there->socketp = hashp;
+
+  return CURLM_OK;
+}
+
+size_t Curl_multi_max_host_connections(struct Curl_multi *multi)
+{
+  return multi ? multi->max_host_connections : 0;
+}
+
+size_t Curl_multi_max_total_connections(struct Curl_multi *multi)
+{
+  return multi ? multi->max_total_connections : 0;
+}
+
+size_t Curl_multi_max_pipeline_length(struct Curl_multi *multi)
+{
+  return multi ? multi->max_pipeline_length : 0;
+}
+
+curl_off_t Curl_multi_content_length_penalty_size(struct Curl_multi *multi)
+{
+  return multi ? multi->content_length_penalty_size : 0;
+}
+
+curl_off_t Curl_multi_chunk_length_penalty_size(struct Curl_multi *multi)
+{
+  return multi ? multi->chunk_length_penalty_size : 0;
+}
+
+struct curl_llist *Curl_multi_pipelining_site_bl(struct Curl_multi *multi)
+{
+  return multi->pipelining_site_bl;
+}
+
+struct curl_llist *Curl_multi_pipelining_server_bl(struct Curl_multi *multi)
+{
+  return multi->pipelining_server_bl;
+}
+
+void Curl_multi_process_pending_handles(struct Curl_multi *multi)
+{
+  struct curl_llist_element *e = multi->pending->head;
+
+  while(e) {
+    struct SessionHandle *data = e->ptr;
+    struct curl_llist_element *next = e->next;
+
+    if(data->mstate == CURLM_STATE_CONNECT_PEND) {
+      multistate(data, CURLM_STATE_CONNECT);
+
+      /* Remove this node from the list */
+      Curl_llist_remove(multi->pending, e, NULL);
+
+      /* Make sure that the handle will be processed soonish. */
+      Curl_expire_latest(data, 1);
+    }
+
+    e = next; /* operate on next handle */
+  }
+}
+
+#ifdef DEBUGBUILD
+void Curl_multi_dump(const struct Curl_multi *multi_handle)
+{
+  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
+  struct SessionHandle *data;
+  int i;
+  fprintf(stderr, "* Multi status: %d handles, %d alive\n",
+          multi->num_easy, multi->num_alive);
+  for(data=multi->easyp; data; data = data->next) {
+    if(data->mstate < CURLM_STATE_COMPLETED) {
+      /* only display handles that are not completed */
+      fprintf(stderr, "handle %p, state %s, %d sockets\n",
+              (void *)data,
+              statename[data->mstate], data->numsocks);
+      for(i=0; i < data->numsocks; i++) {
+        curl_socket_t s = data->sockets[i];
+        struct Curl_sh_entry *entry =
+          Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
+
+        fprintf(stderr, "%d ", (int)s);
+        if(!entry) {
+          fprintf(stderr, "INTERNAL CONFUSION\n");
+          continue;
+        }
+        fprintf(stderr, "[%s %s] ",
+                entry->action&CURL_POLL_IN?"RECVING":"",
+                entry->action&CURL_POLL_OUT?"SENDING":"");
+      }
+      if(data->numsocks)
+        fprintf(stderr, "\n");
+    }
+  }
+}
+#endif
diff --git a/Utilities/cmcurl/lib/multihandle.h b/Utilities/cmcurl/lib/multihandle.h
new file mode 100644
index 0000000..1a4b1d9
--- /dev/null
+++ b/Utilities/cmcurl/lib/multihandle.h
@@ -0,0 +1,142 @@
+#ifndef HEADER_CURL_MULTIHANDLE_H
+#define HEADER_CURL_MULTIHANDLE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+struct Curl_message {
+  /* the 'CURLMsg' is the part that is visible to the external user */
+  struct CURLMsg extmsg;
+};
+
+/* NOTE: if you add a state here, add the name to the statename[] array as
+   well!
+*/
+typedef enum {
+  CURLM_STATE_INIT,         /* 0 - start in this state */
+  CURLM_STATE_CONNECT_PEND, /* 1 - no connections, waiting for one */
+  CURLM_STATE_CONNECT,      /* 2 - resolve/connect has been sent off */
+  CURLM_STATE_WAITRESOLVE,  /* 3 - awaiting the resolve to finalize */
+  CURLM_STATE_WAITCONNECT,  /* 4 - awaiting the connect to finalize */
+  CURLM_STATE_WAITPROXYCONNECT, /* 5 - awaiting proxy CONNECT to finalize */
+  CURLM_STATE_PROTOCONNECT, /* 6 - completing the protocol-specific connect
+                                   phase */
+  CURLM_STATE_WAITDO,       /* 7 - wait for our turn to send the request */
+  CURLM_STATE_DO,           /* 8 - start send off the request (part 1) */
+  CURLM_STATE_DOING,        /* 9 - sending off the request (part 1) */
+  CURLM_STATE_DO_MORE,      /* 10 - send off the request (part 2) */
+  CURLM_STATE_DO_DONE,      /* 11 - done sending off request */
+  CURLM_STATE_WAITPERFORM,  /* 12 - wait for our turn to read the response */
+  CURLM_STATE_PERFORM,      /* 13 - transfer data */
+  CURLM_STATE_TOOFAST,      /* 14 - wait because limit-rate exceeded */
+  CURLM_STATE_DONE,         /* 15 - post data transfer operation */
+  CURLM_STATE_COMPLETED,    /* 16 - operation complete */
+  CURLM_STATE_MSGSENT,      /* 17 - the operation complete message is sent */
+  CURLM_STATE_LAST          /* 18 - not a true state, never use this */
+} CURLMstate;
+
+/* we support N sockets per easy handle. Set the corresponding bit to what
+   action we should wait for */
+#define MAX_SOCKSPEREASYHANDLE 5
+#define GETSOCK_READABLE (0x00ff)
+#define GETSOCK_WRITABLE (0xff00)
+
+/* This is the struct known as CURLM on the outside */
+struct Curl_multi {
+  /* First a simple identifier to easier detect if a user mix up
+     this multi handle with an easy handle. Set this to CURL_MULTI_HANDLE. */
+  long type;
+
+  /* We have a doubly-linked circular list with easy handles */
+  struct SessionHandle *easyp;
+  struct SessionHandle *easylp; /* last node */
+
+  int num_easy; /* amount of entries in the linked list above. */
+  int num_alive; /* amount of easy handles that are added but have not yet
+                    reached COMPLETE state */
+
+  struct curl_llist *msglist; /* a list of messages from completed transfers */
+
+  struct curl_llist *pending; /* SessionHandles that are in the
+                                 CURLM_STATE_CONNECT_PEND state */
+
+  /* callback function and user data pointer for the *socket() API */
+  curl_socket_callback socket_cb;
+  void *socket_userp;
+
+  /* Hostname cache */
+  struct curl_hash *hostcache;
+
+  /* timetree points to the splay-tree of time nodes to figure out expire
+     times of all currently set timers */
+  struct Curl_tree *timetree;
+
+  /* 'sockhash' is the lookup hash for socket descriptor => easy handles (note
+     the pluralis form, there can be more than one easy handle waiting on the
+     same actual socket) */
+  struct curl_hash *sockhash;
+
+  /* Whether pipelining is enabled for this multi handle */
+  bool pipelining_enabled;
+
+  /* Shared connection cache (bundles)*/
+  struct conncache *conn_cache;
+
+  /* This handle will be used for closing the cached connections in
+     curl_multi_cleanup() */
+  struct SessionHandle *closure_handle;
+
+  long maxconnects; /* if >0, a fixed limit of the maximum number of entries
+                       we're allowed to grow the connection cache to */
+
+  long max_host_connections; /* if >0, a fixed limit of the maximum number
+                                of connections per host */
+
+  long max_total_connections; /* if >0, a fixed limit of the maximum number
+                                 of connections in total */
+
+  long max_pipeline_length; /* if >0, maximum number of requests in a
+                               pipeline */
+
+  long content_length_penalty_size; /* a connection with a
+                                       content-length bigger than
+                                       this is not considered
+                                       for pipelining */
+
+  long chunk_length_penalty_size; /* a connection with a chunk length
+                                     bigger than this is not
+                                     considered for pipelining */
+
+  struct curl_llist *pipelining_site_bl; /* List of sites that are blacklisted
+                                            from pipelining */
+
+  struct curl_llist *pipelining_server_bl; /* List of server types that are
+                                              blacklisted from pipelining */
+
+  /* timer callback and user data pointer for the *socket() API */
+  curl_multi_timer_callback timer_cb;
+  void *timer_userp;
+  struct timeval timer_lastcall; /* the fixed time for the timeout for the
+                                    previous callback */
+};
+
+#endif /* HEADER_CURL_MULTIHANDLE_H */
+
diff --git a/Utilities/cmcurl/lib/multiif.h b/Utilities/cmcurl/lib/multiif.h
new file mode 100644
index 0000000..c77b3ca
--- /dev/null
+++ b/Utilities/cmcurl/lib/multiif.h
@@ -0,0 +1,97 @@
+#ifndef HEADER_CURL_MULTIIF_H
+#define HEADER_CURL_MULTIIF_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Prototypes for library-wide functions provided by multi.c
+ */
+void Curl_expire(struct SessionHandle *data, long milli);
+void Curl_expire_latest(struct SessionHandle *data, long milli);
+
+bool Curl_multi_pipeline_enabled(const struct Curl_multi* multi);
+void Curl_multi_handlePipeBreak(struct SessionHandle *data);
+
+/* Internal version of curl_multi_init() accepts size parameters for the
+   socket and connection hashes */
+struct Curl_multi *Curl_multi_handle(int hashsize, int chashsize);
+
+/* the write bits start at bit 16 for the *getsock() bitmap */
+#define GETSOCK_WRITEBITSTART 16
+
+#define GETSOCK_BLANK 0 /* no bits set */
+
+/* set the bit for the given sock number to make the bitmap for writable */
+#define GETSOCK_WRITESOCK(x) (1 << (GETSOCK_WRITEBITSTART + (x)))
+
+/* set the bit for the given sock number to make the bitmap for readable */
+#define GETSOCK_READSOCK(x) (1 << (x))
+
+#ifdef DEBUGBUILD
+ /*
+  * Curl_multi_dump is not a stable public function, this is only meant to
+  * allow easier tracking of the internal handle's state and what sockets
+  * they use. Only for research and development DEBUGBUILD enabled builds.
+  */
+void Curl_multi_dump(const struct Curl_multi *multi_handle);
+#endif
+
+/* Update the current connection of a One_Easy handle */
+void Curl_multi_set_easy_connection(struct SessionHandle *handle,
+                                    struct connectdata *conn);
+
+void Curl_multi_process_pending_handles(struct Curl_multi *multi);
+
+/* Return the value of the CURLMOPT_MAX_HOST_CONNECTIONS option */
+size_t Curl_multi_max_host_connections(struct Curl_multi *multi);
+
+/* Return the value of the CURLMOPT_MAX_PIPELINE_LENGTH option */
+size_t Curl_multi_max_pipeline_length(struct Curl_multi *multi);
+
+/* Return the value of the CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE option */
+curl_off_t Curl_multi_content_length_penalty_size(struct Curl_multi *multi);
+
+/* Return the value of the CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE option */
+curl_off_t Curl_multi_chunk_length_penalty_size(struct Curl_multi *multi);
+
+/* Return the value of the CURLMOPT_PIPELINING_SITE_BL option */
+struct curl_llist *Curl_multi_pipelining_site_bl(struct Curl_multi *multi);
+
+/* Return the value of the CURLMOPT_PIPELINING_SERVER_BL option */
+struct curl_llist *Curl_multi_pipelining_server_bl(struct Curl_multi *multi);
+
+/* Return the value of the CURLMOPT_MAX_TOTAL_CONNECTIONS option */
+size_t Curl_multi_max_total_connections(struct Curl_multi *multi);
+
+/*
+ * Curl_multi_closed()
+ *
+ * Used by the connect code to tell the multi_socket code that one of the
+ * sockets we were using have just been closed.  This function will then
+ * remove it from the sockethash for this handle to make the multi_socket API
+ * behave properly, especially for the case when libcurl will create another
+ * socket again and it gets the same file descriptor number.
+ */
+
+void Curl_multi_closed(struct connectdata *conn, curl_socket_t s);
+
+#endif /* HEADER_CURL_MULTIIF_H */
diff --git a/Utilities/cmcurl/netrc.c b/Utilities/cmcurl/lib/netrc.c
index 54d1759..7435d94 100644
--- a/Utilities/cmcurl/netrc.c
+++ b/Utilities/cmcurl/lib/netrc.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,34 +18,21 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
 #ifdef HAVE_PWD_H
 #include <pwd.h>
 #endif
-#ifdef VMS
-#include <unixlib.h>
-#endif
 
 #include <curl/curl.h>
 #include "netrc.h"
 
 #include "strequal.h"
 #include "strtok.h"
-#include "memory.h"
+#include "curl_memory.h"
+#include "rawstr.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -53,40 +40,30 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
-/* Debug this single source file with:
-   'make netrc' then run './netrc'!
-
-   Oh, make sure you have a .netrc file too ;-)
- */
-
 /* Get user and password from .netrc when given a machine name */
 
-enum {
+enum host_lookup_state {
   NOTHING,
   HOSTFOUND,    /* the 'machine' keyword was found */
-  HOSTCOMPLETE, /* the machine name following the keyword was found too */
-  HOSTVALID,    /* this is "our" machine! */
-
-  HOSTEND /* LAST enum */
+  HOSTVALID     /* this is "our" machine! */
 };
 
-/* make sure we have room for at least this size: */
-#define LOGINSIZE 64
-#define PASSWORDSIZE 64
-
-/* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
-int Curl_parsenetrc(char *host,
-                    char *login,
-                    char *password,
+/*
+ * @unittest: 1304
+ *
+ * *loginp and *passwordp MUST be allocated if they aren't NULL when passed
+ * in.
+ */
+int Curl_parsenetrc(const char *host,
+                    char **loginp,
+                    char **passwordp,
                     char *netrcfile)
 {
   FILE *file;
   int retcode=1;
-  int specific_login = (login[0] != 0);
-  char *home = NULL;
-  bool home_alloc = FALSE;
+  int specific_login = (*loginp && **loginp != 0);
   bool netrc_alloc = FALSE;
-  int state=NOTHING;
+  enum host_lookup_state state=NOTHING;
 
   char state_login=0;      /* Found a login keyword */
   char state_password=0;   /* Found a password keyword */
@@ -94,71 +71,68 @@ int Curl_parsenetrc(char *host,
 
 #define NETRC DOT_CHAR "netrc"
 
-#ifdef CURLDEBUG
-  {
-    /* This is a hack to allow testing.
-     * If compiled with --enable-debug and CURL_DEBUG_NETRC is defined,
-     * then it's the path to a substitute .netrc for testing purposes *only* */
-
-    char *override = curl_getenv("CURL_DEBUG_NETRC");
-
-    if (override) {
-      fprintf(stderr, "NETRC: overridden " NETRC " file: %s\n", override);
-      netrcfile = override;
-      netrc_alloc = TRUE;
-    }
-  }
-#endif /* CURLDEBUG */
   if(!netrcfile) {
-    home = curl_getenv("HOME"); /* portable environment reader */
+    bool home_alloc = FALSE;
+    char *home = curl_getenv("HOME"); /* portable environment reader */
     if(home) {
       home_alloc = TRUE;
-#if defined(HAVE_GETPWUID) && defined(HAVE_GETEUID)
+#if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID)
+    }
+    else {
+      struct passwd pw, *pw_res;
+      char pwbuf[1024];
+      if(!getpwuid_r(geteuid(), &pw, pwbuf, sizeof(pwbuf), &pw_res)
+         && pw_res) {
+        home = strdup(pw.pw_dir);
+        if(!home)
+          return CURLE_OUT_OF_MEMORY;
+        home_alloc = TRUE;
+      }
+#elif defined(HAVE_GETPWUID) && defined(HAVE_GETEUID)
     }
     else {
       struct passwd *pw;
       pw= getpwuid(geteuid());
-      if (pw) {
-#ifdef  VMS
-        home = decc$translate_vms(pw->pw_dir);
-#else
+      if(pw) {
         home = pw->pw_dir;
-#endif
       }
 #endif
     }
 
     if(!home)
-      return -1;
+      return retcode; /* no home directory found (or possibly out of memory) */
 
     netrcfile = curl_maprintf("%s%s%s", home, DIR_CHAR, NETRC);
+    if(home_alloc)
+      Curl_safefree(home);
     if(!netrcfile) {
-      if(home_alloc)
-        free(home);
       return -1;
     }
     netrc_alloc = TRUE;
   }
 
   file = fopen(netrcfile, "r");
+  if(netrc_alloc)
+    Curl_safefree(netrcfile);
   if(file) {
     char *tok;
     char *tok_buf;
     bool done=FALSE;
     char netrcbuffer[256];
+    int  netrcbuffsize = (int)sizeof(netrcbuffer);
 
-    while(!done && fgets(netrcbuffer, sizeof(netrcbuffer), file)) {
+    while(!done && fgets(netrcbuffer, netrcbuffsize, file)) {
       tok=strtok_r(netrcbuffer, " \t\n", &tok_buf);
       while(!done && tok) {
 
-        if (login[0] && password[0]) {
+        if((*loginp && **loginp) && (*passwordp && **passwordp)) {
           done=TRUE;
           break;
         }
 
         switch(state) {
         case NOTHING:
-          if(strequal("machine", tok)) {
+          if(Curl_raw_equal("machine", tok)) {
             /* the next tok is the machine name, this is in itself the
                delimiter that starts the stuff entered for this machine,
                after this we need to search for 'login' and
@@ -167,12 +141,9 @@ int Curl_parsenetrc(char *host,
           }
           break;
         case HOSTFOUND:
-          if(strequal(host, tok)) {
+          if(Curl_raw_equal(host, tok)) {
             /* and yes, this is our host! */
             state=HOSTVALID;
-#ifdef _NETRC_DEBUG
-            fprintf(stderr, "HOST: %s\n", tok);
-#endif
             retcode=0; /* we did find our host */
           }
           else
@@ -182,31 +153,35 @@ int Curl_parsenetrc(char *host,
         case HOSTVALID:
           /* we are now parsing sub-keywords concerning "our" host */
           if(state_login) {
-            if (specific_login) {
-              state_our_login = strequal(login, tok);
+            if(specific_login) {
+              state_our_login = Curl_raw_equal(*loginp, tok);
             }
             else {
-              strncpy(login, tok, LOGINSIZE-1);
-#ifdef _NETRC_DEBUG
-              fprintf(stderr, "LOGIN: %s\n", login);
-#endif
+              free(*loginp);
+              *loginp = strdup(tok);
+              if(!*loginp) {
+                retcode = -1; /* allocation failed */
+                goto out;
+              }
             }
             state_login=0;
           }
           else if(state_password) {
-            if (state_our_login || !specific_login) {
-              strncpy(password, tok, PASSWORDSIZE-1);
-#ifdef _NETRC_DEBUG
-              fprintf(stderr, "PASSWORD: %s\n", password);
-#endif
+            if(state_our_login || !specific_login) {
+              free(*passwordp);
+              *passwordp = strdup(tok);
+              if(!*passwordp) {
+                retcode = -1; /* allocation failed */
+                goto out;
+              }
             }
             state_password=0;
           }
-          else if(strequal("login", tok))
+          else if(Curl_raw_equal("login", tok))
             state_login=1;
-          else if(strequal("password", tok))
+          else if(Curl_raw_equal("password", tok))
             state_password=1;
-          else if(strequal("machine", tok)) {
+          else if(Curl_raw_equal("machine", tok)) {
             /* ok, there's machine here go => */
             state = HOSTFOUND;
             state_our_login = FALSE;
@@ -215,33 +190,12 @@ int Curl_parsenetrc(char *host,
         } /* switch (state) */
 
         tok = strtok_r(NULL, " \t\n", &tok_buf);
-      } /* while (tok) */
+      } /* while(tok) */
     } /* while fgets() */
 
+    out:
     fclose(file);
   }
 
-  if(home_alloc)
-    free(home);
-  if(netrc_alloc)
-    free(netrcfile);
-
   return retcode;
 }
-
-#ifdef _NETRC_DEBUG
-int main(int argc, char **argv)
-{
-  char login[64]="";
-  char password[64]="";
-
-  if(argc<2)
-    return -1;
-
-  if(0 == ParseNetrc(argv[1], login, password)) {
-    printf("HOST: %s LOGIN: %s PASSWORD: %s\n",
-           argv[1], login, password);
-  }
-}
-
-#endif
diff --git a/Utilities/cmcurl/lib/netrc.h b/Utilities/cmcurl/lib/netrc.h
new file mode 100644
index 0000000..a145601
--- /dev/null
+++ b/Utilities/cmcurl/lib/netrc.h
@@ -0,0 +1,36 @@
+#ifndef HEADER_CURL_NETRC_H
+#define HEADER_CURL_NETRC_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
+int Curl_parsenetrc(const char *host,
+                    char **loginp,
+                    char **passwordp,
+                    char *filename);
+  /* Assume: (*passwordp)[0]=0, host[0] != 0.
+   * If (*loginp)[0] = 0, search for login and password within a machine
+   * section in the netrc.
+   * If (*loginp)[0] != 0, search for password within machine and login.
+   */
+
+#endif /* HEADER_CURL_NETRC_H */
diff --git a/Utilities/cmcurl/lib/non-ascii.c b/Utilities/cmcurl/lib/non-ascii.c
new file mode 100644
index 0000000..91d6a54
--- /dev/null
+++ b/Utilities/cmcurl/lib/non-ascii.c
@@ -0,0 +1,343 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef CURL_DOES_CONVERSIONS
+
+#include <curl/curl.h>
+
+#include "non-ascii.h"
+#include "formdata.h"
+#include "sendf.h"
+#include "urldata.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifdef HAVE_ICONV
+#include <iconv.h>
+/* set default codesets for iconv */
+#ifndef CURL_ICONV_CODESET_OF_NETWORK
+#define CURL_ICONV_CODESET_OF_NETWORK "ISO8859-1"
+#endif
+#ifndef CURL_ICONV_CODESET_FOR_UTF8
+#define CURL_ICONV_CODESET_FOR_UTF8   "UTF-8"
+#endif
+#define ICONV_ERROR  (size_t)-1
+#endif /* HAVE_ICONV */
+
+/*
+ * Curl_convert_clone() returns a malloced copy of the source string (if
+ * returning CURLE_OK), with the data converted to network format.
+ */
+CURLcode Curl_convert_clone(struct SessionHandle *data,
+                           const char *indata,
+                           size_t insize,
+                           char **outbuf)
+{
+  char *convbuf;
+  CURLcode result;
+
+  convbuf = malloc(insize);
+  if(!convbuf)
+    return CURLE_OUT_OF_MEMORY;
+
+  memcpy(convbuf, indata, insize);
+  result = Curl_convert_to_network(data, convbuf, insize);
+  if(result) {
+    free(convbuf);
+    return result;
+  }
+
+  *outbuf = convbuf; /* return the converted buffer */
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_convert_to_network() is an internal function for performing ASCII
+ * conversions on non-ASCII platforms. It convers the buffer _in place_.
+ */
+CURLcode Curl_convert_to_network(struct SessionHandle *data,
+                                 char *buffer, size_t length)
+{
+  CURLcode rc;
+
+  if(data->set.convtonetwork) {
+    /* use translation callback */
+    rc = data->set.convtonetwork(buffer, length);
+    if(rc != CURLE_OK) {
+      failf(data,
+            "CURLOPT_CONV_TO_NETWORK_FUNCTION callback returned %d: %s",
+            (int)rc, curl_easy_strerror(rc));
+    }
+    return rc;
+  }
+  else {
+#ifdef HAVE_ICONV
+    /* do the translation ourselves */
+    char *input_ptr, *output_ptr;
+    size_t in_bytes, out_bytes, rc;
+    int error;
+
+    /* open an iconv conversion descriptor if necessary */
+    if(data->outbound_cd == (iconv_t)-1) {
+      data->outbound_cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK,
+                                     CURL_ICONV_CODESET_OF_HOST);
+      if(data->outbound_cd == (iconv_t)-1) {
+        error = ERRNO;
+        failf(data,
+              "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s",
+              CURL_ICONV_CODESET_OF_NETWORK,
+              CURL_ICONV_CODESET_OF_HOST,
+              error, strerror(error));
+        return CURLE_CONV_FAILED;
+      }
+    }
+    /* call iconv */
+    input_ptr = output_ptr = buffer;
+    in_bytes = out_bytes = length;
+    rc = iconv(data->outbound_cd, (const char**)&input_ptr, &in_bytes,
+               &output_ptr, &out_bytes);
+    if((rc == ICONV_ERROR) || (in_bytes != 0)) {
+      error = ERRNO;
+      failf(data,
+            "The Curl_convert_to_network iconv call failed with errno %i: %s",
+            error, strerror(error));
+      return CURLE_CONV_FAILED;
+    }
+#else
+    failf(data, "CURLOPT_CONV_TO_NETWORK_FUNCTION callback required");
+    return CURLE_CONV_REQD;
+#endif /* HAVE_ICONV */
+  }
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_convert_from_network() is an internal function for performing ASCII
+ * conversions on non-ASCII platforms. It convers the buffer _in place_.
+ */
+CURLcode Curl_convert_from_network(struct SessionHandle *data,
+                                   char *buffer, size_t length)
+{
+  CURLcode rc;
+
+  if(data->set.convfromnetwork) {
+    /* use translation callback */
+    rc = data->set.convfromnetwork(buffer, length);
+    if(rc != CURLE_OK) {
+      failf(data,
+            "CURLOPT_CONV_FROM_NETWORK_FUNCTION callback returned %d: %s",
+            (int)rc, curl_easy_strerror(rc));
+    }
+    return rc;
+  }
+  else {
+#ifdef HAVE_ICONV
+    /* do the translation ourselves */
+    char *input_ptr, *output_ptr;
+    size_t in_bytes, out_bytes, rc;
+    int error;
+
+    /* open an iconv conversion descriptor if necessary */
+    if(data->inbound_cd == (iconv_t)-1) {
+      data->inbound_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
+                                    CURL_ICONV_CODESET_OF_NETWORK);
+      if(data->inbound_cd == (iconv_t)-1) {
+        error = ERRNO;
+        failf(data,
+              "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s",
+              CURL_ICONV_CODESET_OF_HOST,
+              CURL_ICONV_CODESET_OF_NETWORK,
+              error, strerror(error));
+        return CURLE_CONV_FAILED;
+      }
+    }
+    /* call iconv */
+    input_ptr = output_ptr = buffer;
+    in_bytes = out_bytes = length;
+    rc = iconv(data->inbound_cd, (const char **)&input_ptr, &in_bytes,
+               &output_ptr, &out_bytes);
+    if((rc == ICONV_ERROR) || (in_bytes != 0)) {
+      error = ERRNO;
+      failf(data,
+            "Curl_convert_from_network iconv call failed with errno %i: %s",
+            error, strerror(error));
+      return CURLE_CONV_FAILED;
+    }
+#else
+    failf(data, "CURLOPT_CONV_FROM_NETWORK_FUNCTION callback required");
+    return CURLE_CONV_REQD;
+#endif /* HAVE_ICONV */
+  }
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_convert_from_utf8() is an internal function for performing UTF-8
+ * conversions on non-ASCII platforms.
+ */
+CURLcode Curl_convert_from_utf8(struct SessionHandle *data,
+                                char *buffer, size_t length)
+{
+  CURLcode rc;
+
+  if(data->set.convfromutf8) {
+    /* use translation callback */
+    rc = data->set.convfromutf8(buffer, length);
+    if(rc != CURLE_OK) {
+      failf(data,
+            "CURLOPT_CONV_FROM_UTF8_FUNCTION callback returned %d: %s",
+            (int)rc, curl_easy_strerror(rc));
+    }
+    return rc;
+  }
+  else {
+#ifdef HAVE_ICONV
+    /* do the translation ourselves */
+    const char *input_ptr;
+    char *output_ptr;
+    size_t in_bytes, out_bytes, rc;
+    int error;
+
+    /* open an iconv conversion descriptor if necessary */
+    if(data->utf8_cd == (iconv_t)-1) {
+      data->utf8_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
+                                 CURL_ICONV_CODESET_FOR_UTF8);
+      if(data->utf8_cd == (iconv_t)-1) {
+        error = ERRNO;
+        failf(data,
+              "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s",
+              CURL_ICONV_CODESET_OF_HOST,
+              CURL_ICONV_CODESET_FOR_UTF8,
+              error, strerror(error));
+        return CURLE_CONV_FAILED;
+      }
+    }
+    /* call iconv */
+    input_ptr = output_ptr = buffer;
+    in_bytes = out_bytes = length;
+    rc = iconv(data->utf8_cd, &input_ptr, &in_bytes,
+               &output_ptr, &out_bytes);
+    if((rc == ICONV_ERROR) || (in_bytes != 0)) {
+      error = ERRNO;
+      failf(data,
+            "The Curl_convert_from_utf8 iconv call failed with errno %i: %s",
+            error, strerror(error));
+      return CURLE_CONV_FAILED;
+    }
+    if(output_ptr < input_ptr) {
+      /* null terminate the now shorter output string */
+      *output_ptr = 0x00;
+    }
+#else
+    failf(data, "CURLOPT_CONV_FROM_UTF8_FUNCTION callback required");
+    return CURLE_CONV_REQD;
+#endif /* HAVE_ICONV */
+  }
+
+  return CURLE_OK;
+}
+
+/*
+ * Init conversion stuff for a SessionHandle
+ */
+void Curl_convert_init(struct SessionHandle *data)
+{
+#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
+  /* conversion descriptors for iconv calls */
+  data->outbound_cd = (iconv_t)-1;
+  data->inbound_cd  = (iconv_t)-1;
+  data->utf8_cd     = (iconv_t)-1;
+#else
+  (void)data;
+#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */
+}
+
+/*
+ * Setup conversion stuff for a SessionHandle
+ */
+void Curl_convert_setup(struct SessionHandle *data)
+{
+  data->inbound_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
+                                CURL_ICONV_CODESET_OF_NETWORK);
+  data->outbound_cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK,
+                                 CURL_ICONV_CODESET_OF_HOST);
+  data->utf8_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
+                             CURL_ICONV_CODESET_FOR_UTF8);
+}
+
+/*
+ * Close conversion stuff for a SessionHandle
+ */
+
+void Curl_convert_close(struct SessionHandle *data)
+{
+#ifdef HAVE_ICONV
+  /* close iconv conversion descriptors */
+  if(data->inbound_cd != (iconv_t)-1) {
+    iconv_close(data->inbound_cd);
+  }
+  if(data->outbound_cd != (iconv_t)-1) {
+    iconv_close(data->outbound_cd);
+  }
+  if(data->utf8_cd != (iconv_t)-1) {
+    iconv_close(data->utf8_cd);
+  }
+#else
+  (void)data;
+#endif /* HAVE_ICONV */
+}
+
+/*
+ * Curl_convert_form() is used from http.c, this converts any form items that
+   need to be sent in the network encoding.  Returns CURLE_OK on success.
+ */
+CURLcode Curl_convert_form(struct SessionHandle *data, struct FormData *form)
+{
+  struct FormData *next;
+  CURLcode rc;
+
+  if(!form)
+    return CURLE_OK;
+
+  if(!data)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+
+  do {
+    next=form->next;  /* the following form line */
+    if(form->type == FORM_DATA) {
+      rc = Curl_convert_to_network(data, form->line, form->length);
+      /* Curl_convert_to_network calls failf if unsuccessful */
+      if(rc != CURLE_OK)
+        return rc;
+    }
+  } while((form = next) != NULL); /* continue */
+  return CURLE_OK;
+}
+
+#endif /* CURL_DOES_CONVERSIONS */
diff --git a/Utilities/cmcurl/lib/non-ascii.h b/Utilities/cmcurl/lib/non-ascii.h
new file mode 100644
index 0000000..8b4b7c2
--- /dev/null
+++ b/Utilities/cmcurl/lib/non-ascii.h
@@ -0,0 +1,63 @@
+#ifndef HEADER_CURL_NON_ASCII_H
+#define HEADER_CURL_NON_ASCII_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef CURL_DOES_CONVERSIONS
+
+#include "urldata.h"
+
+/*
+ * Curl_convert_clone() returns a malloced copy of the source string (if
+ * returning CURLE_OK), with the data converted to network format.
+ *
+ * If no conversion was needed *outbuf may be NULL.
+ */
+CURLcode Curl_convert_clone(struct SessionHandle *data,
+                            const char *indata,
+                            size_t insize,
+                            char **outbuf);
+
+void Curl_convert_init(struct SessionHandle *data);
+void Curl_convert_setup(struct SessionHandle *data);
+void Curl_convert_close(struct SessionHandle *data);
+
+CURLcode Curl_convert_to_network(struct SessionHandle *data,
+                                 char *buffer, size_t length);
+CURLcode Curl_convert_from_network(struct SessionHandle *data,
+                                 char *buffer, size_t length);
+CURLcode Curl_convert_from_utf8(struct SessionHandle *data,
+                                 char *buffer, size_t length);
+CURLcode Curl_convert_form(struct SessionHandle *data, struct FormData *form);
+#else
+#define Curl_convert_clone(a,b,c,d) ((void)a, CURLE_OK)
+#define Curl_convert_init(x) Curl_nop_stmt
+#define Curl_convert_setup(x) Curl_nop_stmt
+#define Curl_convert_close(x) Curl_nop_stmt
+#define Curl_convert_to_network(a,b,c) ((void)a, CURLE_OK)
+#define Curl_convert_from_network(a,b,c) ((void)a, CURLE_OK)
+#define Curl_convert_from_utf8(a,b,c) ((void)a, CURLE_OK)
+#define Curl_convert_form(a,b) CURLE_OK
+#endif
+
+#endif /* HEADER_CURL_NON_ASCII_H */
diff --git a/Utilities/cmcurl/lib/nonblock.c b/Utilities/cmcurl/lib/nonblock.c
new file mode 100644
index 0000000..1447c87
--- /dev/null
+++ b/Utilities/cmcurl/lib/nonblock.c
@@ -0,0 +1,91 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#if (defined(HAVE_IOCTL_FIONBIO) && defined(NETWARE))
+#include <sys/filio.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#include "nonblock.h"
+
+/*
+ * curlx_nonblock() set the given socket to either blocking or non-blocking
+ * mode based on the 'nonblock' boolean argument. This function is highly
+ * portable.
+ */
+int curlx_nonblock(curl_socket_t sockfd,    /* operate on this */
+                   int nonblock   /* TRUE or FALSE */)
+{
+#if defined(USE_BLOCKING_SOCKETS)
+
+  return 0; /* returns success */
+
+#elif defined(HAVE_FCNTL_O_NONBLOCK)
+
+  /* most recent unix versions */
+  int flags;
+  flags = sfcntl(sockfd, F_GETFL, 0);
+  if(nonblock)
+    return sfcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
+  else
+    return sfcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));
+
+#elif defined(HAVE_IOCTL_FIONBIO)
+
+  /* older unix versions */
+  int flags = nonblock ? 1 : 0;
+  return ioctl(sockfd, FIONBIO, &flags);
+
+#elif defined(HAVE_IOCTLSOCKET_FIONBIO)
+
+  /* Windows */
+  unsigned long flags = nonblock ? 1UL : 0UL;
+  return ioctlsocket(sockfd, FIONBIO, &flags);
+
+#elif defined(HAVE_IOCTLSOCKET_CAMEL_FIONBIO)
+
+  /* Amiga */
+  long flags = nonblock ? 1L : 0L;
+  return IoctlSocket(sockfd, FIONBIO, flags);
+
+#elif defined(HAVE_SETSOCKOPT_SO_NONBLOCK)
+
+  /* BeOS */
+  long b = nonblock ? 1L : 0L;
+  return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
+
+#else
+#  error "no non-blocking method was found/used/set"
+#endif
+}
diff --git a/Utilities/cmcurl/file.h b/Utilities/cmcurl/lib/nonblock.h
index 20a1c4c..b540ae4 100644
--- a/Utilities/cmcurl/file.h
+++ b/Utilities/cmcurl/lib/nonblock.h
@@ -1,6 +1,5 @@
-#ifndef __FILE_H
-#define __FILE_H
-
+#ifndef HEADER_CURL_NONBLOCK_H
+#define HEADER_CURL_NONBLOCK_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -8,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,11 +20,12 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-#ifndef CURL_DISABLE_FILE
-CURLcode Curl_file(struct connectdata *, bool *done);
-CURLcode Curl_file_done(struct connectdata *, CURLcode, bool premature);
-CURLcode Curl_file_connect(struct connectdata *);
-#endif
-#endif
+
+#include <curl/curl.h> /* for curl_socket_t */
+
+int curlx_nonblock(curl_socket_t sockfd,    /* operate on this */
+                   int nonblock   /* TRUE or FALSE */);
+
+#endif /* HEADER_CURL_NONBLOCK_H */
+
diff --git a/Utilities/cmcurl/nwlib.c b/Utilities/cmcurl/lib/nwlib.c
index b0eea56..252bf11 100644
--- a/Utilities/cmcurl/nwlib.c
+++ b/Utilities/cmcurl/lib/nwlib.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,19 +18,22 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include <errno.h>
-#include <string.h>
-#include <stdlib.h>
+#include "curl_setup.h"
+
+#ifdef NETWARE /* Novell NetWare */
+
+#ifdef __NOVELL_LIBC__
+/* For native LibC-based NLM we need to register as a real lib. */
 #include <library.h>
 #include <netware.h>
 #include <screen.h>
 #include <nks/thread.h>
 #include <nks/synch.h>
 
-#include "memory.h"
+#include "curl_memory.h"
+/* The last #include file should be: */
 #include "memdebug.h"
 
 typedef struct
@@ -55,9 +58,9 @@ rtag_t      gAllocTag   = (rtag_t) NULL;
 NXMutex_t   *gLibLock   = (NXMutex_t *) NULL;
 
 /* internal library function prototypes... */
-int     DisposeLibraryData ( void * );
-void    DisposeThreadData ( void * );
-int     GetOrSetUpData ( int id, libdata_t **data, libthreaddata_t **threaddata );
+int  DisposeLibraryData( void * );
+void DisposeThreadData( void * );
+int  GetOrSetUpData( int id, libdata_t **data, libthreaddata_t **threaddata );
 
 
 int _NonAppStart( void        *NLMHandle,
@@ -77,7 +80,7 @@ int _NonAppStart( void        *NLMHandle,
                   const char  **messages )
 {
   NX_LOCK_INFO_ALLOC(liblock, "Per-Application Data Lock", 0);
-  
+
 #ifndef __GNUC__
 #pragma unused(cmdLine)
 #pragma unused(loadDirPath)
@@ -90,17 +93,17 @@ int _NonAppStart( void        *NLMHandle,
 #pragma unused(messages)
 #endif
 
-/*
-** Here we process our command line, post errors (to the error screen),
-** perform initializations and anything else we need to do before being able
-** to accept calls into us. If we succeed, we return non-zero and the NetWare
-** Loader will leave us up, otherwise we fail to load and get dumped.
-*/
+  /*
+   * Here we process our command line, post errors (to the error screen),
+   * perform initializations and anything else we need to do before being able
+   * to accept calls into us. If we succeed, we return non-zero and the NetWare
+   * Loader will leave us up, otherwise we fail to load and get dumped.
+   */
   gAllocTag = AllocateResourceTag(NLMHandle,
                                   "<library-name> memory allocations",
                                   AllocSignature);
 
-  if (!gAllocTag) {
+  if(!gAllocTag) {
     OutputToScreen(errorScreen, "Unable to allocate resource tag for "
                    "library memory allocations.\n");
     return -1;
@@ -108,7 +111,7 @@ int _NonAppStart( void        *NLMHandle,
 
   gLibId = register_library(DisposeLibraryData);
 
-  if (gLibId < -1) {
+  if(gLibId < -1) {
     OutputToScreen(errorScreen, "Unable to register library with kernel.\n");
     return -1;
   }
@@ -116,8 +119,8 @@ int _NonAppStart( void        *NLMHandle,
   gLibHandle = NLMHandle;
 
   gLibLock = NXMutexAlloc(0, 0, &liblock);
-  
-  if (!gLibLock) {
+
+  if(!gLibLock) {
     OutputToScreen(errorScreen, "Unable to allocate library data lock.\n");
     return -1;
   }
@@ -126,9 +129,9 @@ int _NonAppStart( void        *NLMHandle,
 }
 
 /*
-** Here we clean up any resources we allocated. Resource tags is a big part
-** of what we created, but NetWare doesn't ask us to free those.
-*/
+ * Here we clean up any resources we allocated. Resource tags is a big part
+ * of what we created, but NetWare doesn't ask us to free those.
+ */
 void _NonAppStop( void )
 {
   (void) unregister_library(gLibId);
@@ -136,17 +139,17 @@ void _NonAppStop( void )
 }
 
 /*
-** This function cannot be the first in the file for if the file is linked
-** first, then the check-unload function's offset will be nlmname.nlm+0
-** which is how to tell that there isn't one. When the check function is
-** first in the linked objects, it is ambiguous. For this reason, we will
-** put it inside this file after the stop function.
-**
-** Here we check to see if it's alright to ourselves to be unloaded. If not,
-** we return a non-zero value. Right now, there isn't any reason not to allow
-** it.
-*/
-int  _NonAppCheckUnload( void )
+ * This function cannot be the first in the file for if the file is linked
+ * first, then the check-unload function's offset will be nlmname.nlm+0
+ * which is how to tell that there isn't one. When the check function is
+ * first in the linked objects, it is ambiguous. For this reason, we will
+ * put it inside this file after the stop function.
+ *
+ * Here we check to see if it's alright to ourselves to be unloaded. If not,
+ * we return a non-zero value. Right now, there isn't any reason not to allow
+ * it.
+ */
+int _NonAppCheckUnload( void )
 {
     return 0;
 }
@@ -163,53 +166,54 @@ int GetOrSetUpData(int id, libdata_t **appData,
   err         = 0;
   thread_data = (libthreaddata_t *) NULL;
 
-/*
-** Attempt to get our data for the application calling us. This is where we
-** store whatever application-specific information we need to carry in support
-** of calling applications.
-*/
+  /*
+   * Attempt to get our data for the application calling us. This is where we
+   * store whatever application-specific information we need to carry in
+   * support of calling applications.
+   */
   app_data = (libdata_t *) get_app_data(id);
 
-  if (!app_data) {
-/*
-** This application hasn't called us before; set up application AND per-thread
-** data. Of course, just in case a thread from this same application is calling
-** us simultaneously, we better lock our application data-creation mutex. We
-** also need to recheck for data after we acquire the lock because WE might be
-** that other thread that was too late to create the data and the first thread
-** in will have created it.
-*/
+  if(!app_data) {
+    /*
+     * This application hasn't called us before; set up application AND
+     * per-thread data. Of course, just in case a thread from this same
+     * application is calling us simultaneously, we better lock our application
+     * data-creation mutex. We also need to recheck for data after we acquire
+     * the lock because WE might be that other thread that was too late to
+     * create the data and the first thread in will have created it.
+     */
     NXLock(gLibLock);
 
-    if (!(app_data = (libdata_t *) get_app_data(id))) {
-      app_data = (libdata_t *) malloc(sizeof(libdata_t));
+    if(!(app_data = (libdata_t *) get_app_data(id))) {
+      app_data = malloc(sizeof(libdata_t));
 
-      if (app_data) {
+      if(app_data) {
         memset(app_data, 0, sizeof(libdata_t));
-        
+
         app_data->tenbytes = malloc(10);
         app_data->lock     = NXMutexAlloc(0, 0, &liblock);
-        
-        if (!app_data->tenbytes || !app_data->lock) {
-          if (app_data->lock)
+
+        if(!app_data->tenbytes || !app_data->lock) {
+          if(app_data->lock)
             NXMutexFree(app_data->lock);
-          
+
           free(app_data);
           app_data = (libdata_t *) NULL;
           err      = ENOMEM;
         }
-        
-        if (app_data) {
-/*
-** Here we burn in the application data that we were trying to get by calling
-** get_app_data(). Next time we call the first function, we'll get this data
-** we're just now setting. We also go on here to establish the per-thread data
-** for the calling thread, something we'll have to do on each application
-** thread the first time it calls us.
-*/
+
+        if(app_data) {
+          /*
+           * Here we burn in the application data that we were trying to get
+           * by calling get_app_data(). Next time we call the first function,
+           * we'll get this data we're just now setting. We also go on here to
+           * establish the per-thread data for the calling thread, something
+           * we'll have to do on each application thread the first time
+           * it calls us.
+           */
           err = set_app_data(gLibId, app_data);
-          
-          if (err) {
+
+          if(err) {
             free(app_data);
             app_data = (libdata_t *) NULL;
             err      = ENOMEM;
@@ -217,45 +221,45 @@ int GetOrSetUpData(int id, libdata_t **appData,
           else {
             /* create key for thread-specific data... */
             err = NXKeyCreate(DisposeThreadData, (void *) NULL, &key);
-            
-            if (err)                /* (no more keys left?) */
+
+            if(err)                /* (no more keys left?) */
               key = -1;
-            
+
             app_data->perthreadkey = key;
           }
         }
       }
     }
-    
+
     NXUnlock(gLibLock);
   }
 
-  if (app_data) {
+  if(app_data) {
     key = app_data->perthreadkey;
-    
-    if (key != -1 /* couldn't create a key? no thread data */
+
+    if(key != -1 /* couldn't create a key? no thread data */
         && !(err = NXKeyGetValue(key, (void **) &thread_data))
         && !thread_data) {
-/*
-** Allocate the per-thread data for the calling thread. Regardless of whether
-** there was already application data or not, this may be the first call by a
-** a new thread. The fact that we allocation 20 bytes on a pointer is not very
-** important, this just helps to demonstrate that we can have arbitrarily
-** complex per-thread data.
-*/
-      thread_data = (libthreaddata_t *) malloc(sizeof(libthreaddata_t));
-      
-      if (thread_data) {
+      /*
+       * Allocate the per-thread data for the calling thread. Regardless of
+       * whether there was already application data or not, this may be the
+       * first call by a new thread. The fact that we allocation 20 bytes on
+       * a pointer is not very important, this just helps to demonstrate that
+       * we can have arbitrarily complex per-thread data.
+       */
+      thread_data = malloc(sizeof(libthreaddata_t));
+
+      if(thread_data) {
         thread_data->_errno      = 0;
         thread_data->twentybytes = malloc(20);
-          
-        if (!thread_data->twentybytes) {
+
+        if(!thread_data->twentybytes) {
           free(thread_data);
           thread_data = (libthreaddata_t *) NULL;
           err         = ENOMEM;
         }
-        
-        if ((err = NXKeySetValue(key, thread_data))) {
+
+        if((err = NXKeySetValue(key, thread_data))) {
           free(thread_data->twentybytes);
           free(thread_data);
           thread_data = (libthreaddata_t *) NULL;
@@ -264,37 +268,62 @@ int GetOrSetUpData(int id, libdata_t **appData,
     }
   }
 
-  if (appData)
+  if(appData)
     *appData = app_data;
 
-  if (threadData)
+  if(threadData)
     *threadData = thread_data;
 
   return err;
 }
 
-int DisposeLibraryData( void    *data)
+int DisposeLibraryData( void *data )
 {
-  if (data) {
-    void    *tenbytes = ((libdata_t *) data)->tenbytes;
-    
-    if (tenbytes)
+  if(data) {
+    void *tenbytes = ((libdata_t *) data)->tenbytes;
+
+    if(tenbytes)
       free(tenbytes);
-    
+
     free(data);
   }
 
   return 0;
 }
 
-void DisposeThreadData(void    *data)
+void DisposeThreadData( void *data )
 {
-  if (data) {
-    void    *twentybytes = ((libthreaddata_t *) data)->twentybytes;
-    
-    if (twentybytes)
+  if(data) {
+    void *twentybytes = ((libthreaddata_t *) data)->twentybytes;
+
+    if(twentybytes)
       free(twentybytes);
-    
+
     free(data);
   }
 }
+
+#else /* __NOVELL_LIBC__ */
+/* For native CLib-based NLM seems we can do a bit more simple. */
+#include <nwthread.h>
+
+int main ( void )
+{
+  /* initialize any globals here... */
+
+  /* do this if any global initializing was done
+  SynchronizeStart();
+  */
+  ExitThread (TSR_THREAD, 0);
+  return 0;
+}
+
+#endif /* __NOVELL_LIBC__ */
+
+#else /* NETWARE */
+
+#ifdef __POCC__
+#  pragma warn(disable:2024)  /* Disable warning #2024: Empty input file */
+#endif
+
+#endif /* NETWARE */
diff --git a/Utilities/cmcurl/lib/nwos.c b/Utilities/cmcurl/lib/nwos.c
new file mode 100644
index 0000000..23ff2a7
--- /dev/null
+++ b/Utilities/cmcurl/lib/nwos.c
@@ -0,0 +1,88 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef NETWARE /* Novell NetWare */
+
+#ifdef __NOVELL_LIBC__
+/* For native LibC-based NLM we need to do nothing. */
+int netware_init ( void )
+{
+  return 0;
+}
+
+#else /* __NOVELL_LIBC__ */
+
+/* For native CLib-based NLM we need to initialize the LONG namespace. */
+#include <nwnspace.h>
+#include <nwthread.h>
+#include <nwadv.h>
+/* Make the CLIB Ctx stuff link */
+#include <netdb.h>
+NETDB_DEFINE_CONTEXT
+/* Make the CLIB Inet stuff link */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+NETINET_DEFINE_CONTEXT
+
+int netware_init ( void )
+{
+  int rc = 0;
+  unsigned int myHandle = GetNLMHandle();
+  /* import UnAugmentAsterisk dynamically for NW4.x compatibility */
+  void (*pUnAugmentAsterisk)(int) = (void(*)(int))
+          ImportSymbol(myHandle, "UnAugmentAsterisk");
+  /* import UseAccurateCaseForPaths dynamically for NW3.x compatibility */
+  void (*pUseAccurateCaseForPaths)(int) = (void(*)(int))
+          ImportSymbol(myHandle, "UseAccurateCaseForPaths");
+  if(pUnAugmentAsterisk)
+    pUnAugmentAsterisk(1);
+  if(pUseAccurateCaseForPaths)
+    pUseAccurateCaseForPaths(1);
+  UnimportSymbol(myHandle, "UnAugmentAsterisk");
+  UnimportSymbol(myHandle, "UseAccurateCaseForPaths");
+  /* set long name space */
+  if((SetCurrentNameSpace(4) == 255)) {
+    rc = 1;
+  }
+  if((SetTargetNameSpace(4) == 255)) {
+    rc = rc + 2;
+  }
+  return rc;
+}
+
+/* dummy function to satisfy newer prelude */
+int __init_environment ( void )
+{
+  return 0;
+}
+
+/* dummy function to satisfy newer prelude */
+int __deinit_environment ( void )
+{
+  return 0;
+}
+
+#endif /* __NOVELL_LIBC__ */
+
+#endif /* NETWARE */
diff --git a/Utilities/cmcurl/lib/openldap.c b/Utilities/cmcurl/lib/openldap.c
new file mode 100644
index 0000000..df8d938
--- /dev/null
+++ b/Utilities/cmcurl/lib/openldap.c
@@ -0,0 +1,640 @@
+/***************************************************************************
+ *                      _   _ ____  _
+ *  Project         ___| | | |  _ \| |
+ *                 / __| | | | |_) | |
+ *                | (__| |_| |  _ <| |___
+ *                 \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010, 2013, Howard Chu, <hyc@openldap.org>
+ * Copyright (C) 2011 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP)
+
+/*
+ * Notice that USE_OPENLDAP is only a source code selection switch. When
+ * libcurl is built with USE_OPENLDAP defined the libcurl source code that
+ * gets compiled is the code from openldap.c, otherwise the code that gets
+ * compiled is the code from ldap.c.
+ *
+ * When USE_OPENLDAP is defined a recent version of the OpenLDAP library
+ * might be required for compilation and runtime. In order to use ancient
+ * OpenLDAP library versions, USE_OPENLDAP shall not be defined.
+ */
+
+#include <ldap.h>
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "sendf.h"
+#include "vtls/vtls.h"
+#include "transfer.h"
+#include "curl_ldap.h"
+#include "curl_memory.h"
+#include "curl_base64.h"
+#include "connect.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "memdebug.h"
+
+#ifndef _LDAP_PVT_H
+extern int ldap_pvt_url_scheme2proto(const char *);
+extern int ldap_init_fd(ber_socket_t fd, int proto, const char *url,
+                        LDAP **ld);
+#endif
+
+static CURLcode ldap_setup(struct connectdata *conn);
+static CURLcode ldap_do(struct connectdata *conn, bool *done);
+static CURLcode ldap_done(struct connectdata *conn, CURLcode, bool);
+static CURLcode ldap_connect(struct connectdata *conn, bool *done);
+static CURLcode ldap_connecting(struct connectdata *conn, bool *done);
+static CURLcode ldap_disconnect(struct connectdata *conn, bool dead);
+
+static Curl_recv ldap_recv;
+
+/*
+ * LDAP protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_ldap = {
+  "LDAP",                               /* scheme */
+  ldap_setup,                           /* setup_connection */
+  ldap_do,                              /* do_it */
+  ldap_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ldap_connect,                         /* connect_it */
+  ldap_connecting,                      /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ldap_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_LDAP,                            /* defport */
+  CURLPROTO_LDAP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+#ifdef USE_SSL
+/*
+ * LDAPS protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_ldaps = {
+  "LDAPS",                              /* scheme */
+  ldap_setup,                           /* setup_connection */
+  ldap_do,                              /* do_it */
+  ldap_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ldap_connect,                         /* connect_it */
+  ldap_connecting,                      /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ldap_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_LDAPS,                           /* defport */
+  CURLPROTO_LDAP,                       /* protocol */
+  PROTOPT_SSL                           /* flags */
+};
+#endif
+
+static const char *url_errs[] = {
+  "success",
+  "out of memory",
+  "bad parameter",
+  "unrecognized scheme",
+  "unbalanced delimiter",
+  "bad URL",
+  "bad host or port",
+  "bad or missing attributes",
+  "bad or missing scope",
+  "bad or missing filter",
+  "bad or missing extensions"
+};
+
+typedef struct ldapconninfo {
+  LDAP *ld;
+  Curl_recv *recv;  /* for stacking SSL handler */
+  Curl_send *send;
+  int proto;
+  int msgid;
+  bool ssldone;
+  bool sslinst;
+  bool didbind;
+} ldapconninfo;
+
+typedef struct ldapreqinfo {
+  int msgid;
+  int nument;
+} ldapreqinfo;
+
+static CURLcode ldap_setup(struct connectdata *conn)
+{
+  ldapconninfo *li;
+  LDAPURLDesc *lud;
+  struct SessionHandle *data=conn->data;
+  int rc, proto;
+  CURLcode status;
+
+  rc = ldap_url_parse(data->change.url, &lud);
+  if(rc != LDAP_URL_SUCCESS) {
+    const char *msg = "url parsing problem";
+    status = CURLE_URL_MALFORMAT;
+    if(rc > LDAP_URL_SUCCESS && rc <= LDAP_URL_ERR_BADEXTS) {
+      if(rc == LDAP_URL_ERR_MEM)
+        status = CURLE_OUT_OF_MEMORY;
+      msg = url_errs[rc];
+    }
+    failf(conn->data, "LDAP local: %s", msg);
+    return status;
+  }
+  proto = ldap_pvt_url_scheme2proto(lud->lud_scheme);
+  ldap_free_urldesc(lud);
+
+  li = calloc(1, sizeof(ldapconninfo));
+  if(!li)
+    return CURLE_OUT_OF_MEMORY;
+  li->proto = proto;
+  conn->proto.generic = li;
+  connkeep(conn, "OpenLDAP default");
+  /* TODO:
+   * - provide option to choose SASL Binds instead of Simple
+   */
+  return CURLE_OK;
+}
+
+#ifdef USE_SSL
+static Sockbuf_IO ldapsb_tls;
+#endif
+
+static CURLcode ldap_connect(struct connectdata *conn, bool *done)
+{
+  ldapconninfo *li = conn->proto.generic;
+  struct SessionHandle *data=conn->data;
+  int rc, proto = LDAP_VERSION3;
+  char hosturl[1024], *ptr;
+  (void)done;
+
+  strcpy(hosturl, "ldap");
+  ptr = hosturl+4;
+  if(conn->handler->flags & PROTOPT_SSL)
+    *ptr++ = 's';
+  snprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s:%d",
+    conn->host.name, conn->remote_port);
+
+  rc = ldap_init_fd(conn->sock[FIRSTSOCKET], li->proto, hosturl, &li->ld);
+  if(rc) {
+    failf(data, "LDAP local: Cannot connect to %s, %s",
+          hosturl, ldap_err2string(rc));
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);
+
+#ifdef USE_SSL
+  if(conn->handler->flags & PROTOPT_SSL) {
+    CURLcode res;
+    res = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &li->ssldone);
+    if(res)
+      return res;
+  }
+#endif
+
+  return CURLE_OK;
+}
+
+static CURLcode ldap_connecting(struct connectdata *conn, bool *done)
+{
+  ldapconninfo *li = conn->proto.generic;
+  struct SessionHandle *data=conn->data;
+  LDAPMessage *result = NULL;
+  struct timeval tv = {0,1}, *tvp;
+  int rc, err;
+  char *info = NULL;
+
+#ifdef USE_SSL
+  if(conn->handler->flags & PROTOPT_SSL) {
+    /* Is the SSL handshake complete yet? */
+    if(!li->ssldone) {
+      CURLcode res = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET,
+                                                  &li->ssldone);
+      if(res || !li->ssldone)
+        return res;
+    }
+    /* Have we installed the libcurl SSL handlers into the sockbuf yet? */
+    if(!li->sslinst) {
+      Sockbuf *sb;
+      ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb);
+      ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, conn);
+      li->sslinst = TRUE;
+      li->recv = conn->recv[FIRSTSOCKET];
+      li->send = conn->send[FIRSTSOCKET];
+    }
+  }
+#endif
+
+  tvp = &tv;
+
+retry:
+  if(!li->didbind) {
+    char *binddn;
+    struct berval passwd;
+
+    if(conn->bits.user_passwd) {
+      binddn = conn->user;
+      passwd.bv_val = conn->passwd;
+      passwd.bv_len = strlen(passwd.bv_val);
+    }
+    else {
+      binddn = NULL;
+      passwd.bv_val = NULL;
+      passwd.bv_len = 0;
+    }
+    rc = ldap_sasl_bind(li->ld, binddn, LDAP_SASL_SIMPLE, &passwd,
+                        NULL, NULL, &li->msgid);
+    if(rc)
+      return CURLE_LDAP_CANNOT_BIND;
+    li->didbind = TRUE;
+    if(tvp)
+      return CURLE_OK;
+  }
+
+  rc = ldap_result(li->ld, li->msgid, LDAP_MSG_ONE, tvp, &result);
+  if(rc < 0) {
+    failf(data, "LDAP local: bind ldap_result %s", ldap_err2string(rc));
+    return CURLE_LDAP_CANNOT_BIND;
+  }
+  if(rc == 0) {
+    /* timed out */
+    return CURLE_OK;
+  }
+  rc = ldap_parse_result(li->ld, result, &err, NULL, &info, NULL, NULL, 1);
+  if(rc) {
+    failf(data, "LDAP local: bind ldap_parse_result %s", ldap_err2string(rc));
+    return CURLE_LDAP_CANNOT_BIND;
+  }
+  /* Try to fallback to LDAPv2? */
+  if(err == LDAP_PROTOCOL_ERROR) {
+    int proto;
+    ldap_get_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);
+    if(proto == LDAP_VERSION3) {
+      if(info) {
+        ldap_memfree(info);
+        info = NULL;
+      }
+      proto = LDAP_VERSION2;
+      ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);
+      li->didbind = FALSE;
+      goto retry;
+    }
+  }
+
+  if(err) {
+    failf(data, "LDAP remote: bind failed %s %s", ldap_err2string(rc),
+          info ? info : "");
+    if(info)
+      ldap_memfree(info);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  if(info)
+    ldap_memfree(info);
+  conn->recv[FIRSTSOCKET] = ldap_recv;
+  *done = TRUE;
+  return CURLE_OK;
+}
+
+static CURLcode ldap_disconnect(struct connectdata *conn, bool dead_connection)
+{
+  ldapconninfo *li = conn->proto.generic;
+  (void) dead_connection;
+
+  if(li) {
+    if(li->ld) {
+      ldap_unbind_ext(li->ld, NULL, NULL);
+      li->ld = NULL;
+    }
+    conn->proto.generic = NULL;
+    free(li);
+  }
+  return CURLE_OK;
+}
+
+static CURLcode ldap_do(struct connectdata *conn, bool *done)
+{
+  ldapconninfo *li = conn->proto.generic;
+  ldapreqinfo *lr;
+  CURLcode status = CURLE_OK;
+  int rc = 0;
+  LDAPURLDesc *ludp = NULL;
+  int msgid;
+  struct SessionHandle *data=conn->data;
+
+  connkeep(conn, "OpenLDAP do");
+
+  infof(data, "LDAP local: %s\n", data->change.url);
+
+  rc = ldap_url_parse(data->change.url, &ludp);
+  if(rc != LDAP_URL_SUCCESS) {
+    const char *msg = "url parsing problem";
+    status = CURLE_URL_MALFORMAT;
+    if(rc > LDAP_URL_SUCCESS && rc <= LDAP_URL_ERR_BADEXTS) {
+      if(rc == LDAP_URL_ERR_MEM)
+        status = CURLE_OUT_OF_MEMORY;
+      msg = url_errs[rc];
+    }
+    failf(conn->data, "LDAP local: %s", msg);
+    return status;
+  }
+
+  rc = ldap_search_ext(li->ld, ludp->lud_dn, ludp->lud_scope,
+                       ludp->lud_filter, ludp->lud_attrs, 0,
+                       NULL, NULL, NULL, 0, &msgid);
+  ldap_free_urldesc(ludp);
+  if(rc != LDAP_SUCCESS) {
+    failf(data, "LDAP local: ldap_search_ext %s", ldap_err2string(rc));
+    return CURLE_LDAP_SEARCH_FAILED;
+  }
+  lr = calloc(1,sizeof(ldapreqinfo));
+  if(!lr)
+    return CURLE_OUT_OF_MEMORY;
+  lr->msgid = msgid;
+  data->req.protop = lr;
+  Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, NULL, -1, NULL);
+  *done = TRUE;
+  return CURLE_OK;
+}
+
+static CURLcode ldap_done(struct connectdata *conn, CURLcode res,
+                          bool premature)
+{
+  ldapreqinfo *lr = conn->data->req.protop;
+  (void)res;
+  (void)premature;
+
+  if(lr) {
+    /* if there was a search in progress, abandon it */
+    if(lr->msgid) {
+      ldapconninfo *li = conn->proto.generic;
+      ldap_abandon_ext(li->ld, lr->msgid, NULL, NULL);
+      lr->msgid = 0;
+    }
+    conn->data->req.protop = NULL;
+    free(lr);
+  }
+  return CURLE_OK;
+}
+
+static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
+                         size_t len, CURLcode *err)
+{
+  ldapconninfo *li = conn->proto.generic;
+  struct SessionHandle *data=conn->data;
+  ldapreqinfo *lr = data->req.protop;
+  int rc, ret;
+  LDAPMessage *result = NULL;
+  LDAPMessage *ent;
+  BerElement *ber = NULL;
+  struct timeval tv = {0,1};
+  (void)len;
+  (void)buf;
+  (void)sockindex;
+
+  rc = ldap_result(li->ld, lr->msgid, LDAP_MSG_RECEIVED, &tv, &result);
+  if(rc < 0) {
+    failf(data, "LDAP local: search ldap_result %s", ldap_err2string(rc));
+    *err = CURLE_RECV_ERROR;
+    return -1;
+  }
+
+  *err = CURLE_AGAIN;
+  ret = -1;
+
+  /* timed out */
+  if(result == NULL)
+    return ret;
+
+  for(ent = ldap_first_message(li->ld, result); ent;
+    ent = ldap_next_message(li->ld, ent)) {
+    struct berval bv, *bvals, **bvp = &bvals;
+    int binary = 0, msgtype;
+
+    msgtype = ldap_msgtype(ent);
+    if(msgtype == LDAP_RES_SEARCH_RESULT) {
+      int code;
+      char *info = NULL;
+      rc = ldap_parse_result(li->ld, ent, &code, NULL, &info, NULL, NULL, 0);
+      if(rc) {
+        failf(data, "LDAP local: search ldap_parse_result %s",
+              ldap_err2string(rc));
+        *err = CURLE_LDAP_SEARCH_FAILED;
+      }
+      else if(code && code != LDAP_SIZELIMIT_EXCEEDED) {
+        failf(data, "LDAP remote: search failed %s %s", ldap_err2string(rc),
+              info ? info : "");
+        *err = CURLE_LDAP_SEARCH_FAILED;
+      }
+      else {
+        /* successful */
+        if(code == LDAP_SIZELIMIT_EXCEEDED)
+          infof(data, "There are more than %d entries\n", lr->nument);
+        data->req.size = data->req.bytecount;
+        *err = CURLE_OK;
+        ret = 0;
+      }
+      lr->msgid = 0;
+      ldap_memfree(info);
+      break;
+    }
+    else if(msgtype != LDAP_RES_SEARCH_ENTRY)
+      continue;
+
+    lr->nument++;
+    rc = ldap_get_dn_ber(li->ld, ent, &ber, &bv);
+    if(rc < 0) {
+      /* TODO: verify that this is really how this return code should be
+         handled */
+      *err = CURLE_RECV_ERROR;
+      return -1;
+    }
+    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
+    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val, bv.bv_len);
+    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+    data->req.bytecount += bv.bv_len + 5;
+
+    for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp);
+      rc == LDAP_SUCCESS;
+      rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) {
+      int i;
+
+      if(bv.bv_val == NULL) break;
+
+      if(bv.bv_len > 7 && !strncmp(bv.bv_val + bv.bv_len - 7, ";binary", 7))
+        binary = 1;
+      else
+        binary = 0;
+
+      for(i=0; bvals[i].bv_val != NULL; i++) {
+        int binval = 0;
+        Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
+        Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val,
+                          bv.bv_len);
+        Curl_client_write(conn, CLIENTWRITE_BODY, (char *)":", 1);
+        data->req.bytecount += bv.bv_len + 2;
+
+        if(!binary) {
+          /* check for leading or trailing whitespace */
+          if(ISSPACE(bvals[i].bv_val[0]) ||
+              ISSPACE(bvals[i].bv_val[bvals[i].bv_len-1]))
+            binval = 1;
+          else {
+            /* check for unprintable characters */
+            unsigned int j;
+            for(j=0; j<bvals[i].bv_len; j++)
+              if(!ISPRINT(bvals[i].bv_val[j])) {
+                binval = 1;
+                break;
+              }
+          }
+        }
+        if(binary || binval) {
+          char *val_b64 = NULL;
+          size_t val_b64_sz = 0;
+          /* Binary value, encode to base64. */
+          CURLcode error = Curl_base64_encode(data,
+                                              bvals[i].bv_val,
+                                              bvals[i].bv_len,
+                                              &val_b64,
+                                              &val_b64_sz);
+          if(error) {
+            ber_memfree(bvals);
+            ber_free(ber, 0);
+            ldap_msgfree(result);
+            *err = error;
+            return -1;
+          }
+          Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
+          data->req.bytecount += 2;
+          if(val_b64_sz > 0) {
+            Curl_client_write(conn, CLIENTWRITE_BODY, val_b64, val_b64_sz);
+            free(val_b64);
+            data->req.bytecount += val_b64_sz;
+          }
+        }
+        else {
+          Curl_client_write(conn, CLIENTWRITE_BODY, (char *)" ", 1);
+          Curl_client_write(conn, CLIENTWRITE_BODY, bvals[i].bv_val,
+                            bvals[i].bv_len);
+          data->req.bytecount += bvals[i].bv_len + 1;
+        }
+        Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+        data->req.bytecount++;
+      }
+      ber_memfree(bvals);
+      Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+      data->req.bytecount++;
+    }
+    Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+    data->req.bytecount++;
+    ber_free(ber, 0);
+  }
+  ldap_msgfree(result);
+  return ret;
+}
+
+#ifdef USE_SSL
+static int
+ldapsb_tls_setup(Sockbuf_IO_Desc *sbiod, void *arg)
+{
+  sbiod->sbiod_pvt = arg;
+  return 0;
+}
+
+static int
+ldapsb_tls_remove(Sockbuf_IO_Desc *sbiod)
+{
+  sbiod->sbiod_pvt = NULL;
+  return 0;
+}
+
+/* We don't need to do anything because libcurl does it already */
+static int
+ldapsb_tls_close(Sockbuf_IO_Desc *sbiod)
+{
+  (void)sbiod;
+  return 0;
+}
+
+static int
+ldapsb_tls_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg)
+{
+  (void)arg;
+  if(opt == LBER_SB_OPT_DATA_READY) {
+    struct connectdata *conn = sbiod->sbiod_pvt;
+    return Curl_ssl_data_pending(conn, FIRSTSOCKET);
+  }
+  return 0;
+}
+
+static ber_slen_t
+ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+  struct connectdata *conn = sbiod->sbiod_pvt;
+  ldapconninfo *li = conn->proto.generic;
+  ber_slen_t ret;
+  CURLcode err = CURLE_RECV_ERROR;
+
+  ret = li->recv(conn, FIRSTSOCKET, buf, len, &err);
+  if(ret < 0 && err == CURLE_AGAIN) {
+    SET_SOCKERRNO(EWOULDBLOCK);
+  }
+  return ret;
+}
+
+static ber_slen_t
+ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+  struct connectdata *conn = sbiod->sbiod_pvt;
+  ldapconninfo *li = conn->proto.generic;
+  ber_slen_t ret;
+  CURLcode err = CURLE_SEND_ERROR;
+
+  ret = li->send(conn, FIRSTSOCKET, buf, len, &err);
+  if(ret < 0 && err == CURLE_AGAIN) {
+    SET_SOCKERRNO(EWOULDBLOCK);
+  }
+  return ret;
+}
+
+static Sockbuf_IO ldapsb_tls =
+{
+  ldapsb_tls_setup,
+  ldapsb_tls_remove,
+  ldapsb_tls_ctrl,
+  ldapsb_tls_read,
+  ldapsb_tls_write,
+  ldapsb_tls_close
+};
+#endif /* USE_SSL */
+
+#endif /* !CURL_DISABLE_LDAP && USE_OPENLDAP */
diff --git a/Utilities/cmcurl/parsedate.c b/Utilities/cmcurl/lib/parsedate.c
index ef91585..ecb8dfb 100644
--- a/Utilities/cmcurl/parsedate.c
+++ b/Utilities/cmcurl/lib/parsedate.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,7 +18,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 /*
   A brief summary of the date string formats this parser groks:
@@ -73,18 +72,17 @@
   20040911 +0200
 
 */
-#include "setup.h"
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
 
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h> /* for strtol() */
+#include "curl_setup.h"
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
 #endif
 
 #include <curl/curl.h>
-
-static time_t Curl_parsedate(const char *date);
+#include "rawstr.h"
+#include "warnless.h"
+#include "parsedate.h"
 
 const char * const Curl_wkday[] =
 {"Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"};
@@ -96,10 +94,28 @@ const char * const Curl_month[]=
   "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
 
 struct tzinfo {
-  const char *name;
+  char name[5];
   int offset; /* +/- in minutes */
 };
 
+/*
+ * parsedate()
+ *
+ * Returns:
+ *
+ * PARSEDATE_OK     - a fine conversion
+ * PARSEDATE_FAIL   - failed to convert
+ * PARSEDATE_LATER  - time overflow at the far end of time_t
+ * PARSEDATE_SOONER - time underflow at the low end of time_t
+ */
+
+static int parsedate(const char *date, time_t *output);
+
+#define PARSEDATE_OK     0
+#define PARSEDATE_FAIL   -1
+#define PARSEDATE_LATER  1
+#define PARSEDATE_SOONER 2
+
 /* Here's a bunch of frequently used time zone names. These were supported
    by the old getdate parser. */
 #define tDAYZONE -60       /* offset for daylight savings time */
@@ -147,6 +163,37 @@ static const struct tzinfo tz[]= {
   {"NZST", -720},          /* New Zealand Standard */
   {"NZDT", -720 tDAYZONE}, /* New Zealand Daylight */
   {"IDLE", -720},          /* International Date Line East */
+  /* Next up: Military timezone names. RFC822 allowed these, but (as noted in
+     RFC 1123) had their signs wrong. Here we use the correct signs to match
+     actual military usage.
+   */
+  {"A",  +1 * 60},         /* Alpha */
+  {"B",  +2 * 60},         /* Bravo */
+  {"C",  +3 * 60},         /* Charlie */
+  {"D",  +4 * 60},         /* Delta */
+  {"E",  +5 * 60},         /* Echo */
+  {"F",  +6 * 60},         /* Foxtrot */
+  {"G",  +7 * 60},         /* Golf */
+  {"H",  +8 * 60},         /* Hotel */
+  {"I",  +9 * 60},         /* India */
+  /* "J", Juliet is not used as a timezone, to indicate the observer's local
+     time */
+  {"K", +10 * 60},         /* Kilo */
+  {"L", +11 * 60},         /* Lima */
+  {"M", +12 * 60},         /* Mike */
+  {"N",  -1 * 60},         /* November */
+  {"O",  -2 * 60},         /* Oscar */
+  {"P",  -3 * 60},         /* Papa */
+  {"Q",  -4 * 60},         /* Quebec */
+  {"R",  -5 * 60},         /* Romeo */
+  {"S",  -6 * 60},         /* Sierra */
+  {"T",  -7 * 60},         /* Tango */
+  {"U",  -8 * 60},         /* Uniform */
+  {"V",  -9 * 60},         /* Victor */
+  {"W", -10 * 60},         /* Whiskey */
+  {"X", -11 * 60},         /* X-ray */
+  {"Y", -12 * 60},         /* Yankee */
+  {"Z", 0},                /* Zulu, zero meridian, a.k.a. UTC */
 };
 
 /* returns:
@@ -154,7 +201,7 @@ static const struct tzinfo tz[]= {
    0 monday - 6 sunday
 */
 
-static int checkday(char *check, size_t len)
+static int checkday(const char *check, size_t len)
 {
   int i;
   const char * const *what;
@@ -164,7 +211,7 @@ static int checkday(char *check, size_t len)
   else
     what = &Curl_wkday[0];
   for(i=0; i<7; i++) {
-    if(curl_strequal(check, what[0])) {
+    if(Curl_raw_equal(check, what[0])) {
       found=TRUE;
       break;
     }
@@ -173,7 +220,7 @@ static int checkday(char *check, size_t len)
   return found?i:-1;
 }
 
-static int checkmonth(char *check)
+static int checkmonth(const char *check)
 {
   int i;
   const char * const *what;
@@ -181,7 +228,7 @@ static int checkmonth(char *check)
 
   what = &Curl_month[0];
   for(i=0; i<12; i++) {
-    if(curl_strequal(check, what[0])) {
+    if(Curl_raw_equal(check, what[0])) {
       found=TRUE;
       break;
     }
@@ -193,7 +240,7 @@ static int checkmonth(char *check)
 /* return the time zone offset between GMT and the input one, in number
    of seconds or -1 if the timezone wasn't found/legal */
 
-static int checktz(char *check)
+static int checktz(const char *check)
 {
   unsigned int i;
   const struct tzinfo *what;
@@ -201,7 +248,7 @@ static int checktz(char *check)
 
   what = tz;
   for(i=0; i< sizeof(tz)/sizeof(tz[0]); i++) {
-    if(curl_strequal(check, what->name)) {
+    if(Curl_raw_equal(check, what->name)) {
       found=TRUE;
       break;
     }
@@ -223,7 +270,65 @@ enum assume {
   DATE_TIME
 };
 
-static time_t Curl_parsedate(const char *date)
+/* this is a clone of 'struct tm' but with all fields we don't need or use
+   cut out */
+struct my_tm {
+  int tm_sec;
+  int tm_min;
+  int tm_hour;
+  int tm_mday;
+  int tm_mon;
+  int tm_year;
+};
+
+/* struct tm to time since epoch in GMT time zone.
+ * This is similar to the standard mktime function but for GMT only, and
+ * doesn't suffer from the various bugs and portability problems that
+ * some systems' implementations have.
+ */
+static time_t my_timegm(struct my_tm *tm)
+{
+  static const int month_days_cumulative [12] =
+    { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 };
+  int month, year, leap_days;
+
+  if(tm->tm_year < 70)
+    /* we don't support years before 1970 as they will cause this function
+       to return a negative value */
+    return -1;
+
+  year = tm->tm_year + 1900;
+  month = tm->tm_mon;
+  if(month < 0) {
+    year += (11 - month) / 12;
+    month = 11 - (11 - month) % 12;
+  }
+  else if(month >= 12) {
+    year -= month / 12;
+    month = month % 12;
+  }
+
+  leap_days = year - (tm->tm_mon <= 1);
+  leap_days = ((leap_days / 4) - (leap_days / 100) + (leap_days / 400)
+               - (1969 / 4) + (1969 / 100) - (1969 / 400));
+
+  return ((((time_t) (year - 1970) * 365
+            + leap_days + month_days_cumulative [month] + tm->tm_mday - 1) * 24
+           + tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;
+}
+
+/*
+ * parsedate()
+ *
+ * Returns:
+ *
+ * PARSEDATE_OK     - a fine conversion
+ * PARSEDATE_FAIL   - failed to convert
+ * PARSEDATE_LATER  - time overflow at the far end of time_t
+ * PARSEDATE_SOONER - time underflow at the low end of time_t
+ */
+
+static int parsedate(const char *date, time_t *output)
 {
   time_t t = 0;
   int wdaynum=-1;  /* day of the week number, 0-6 (mon-sun) */
@@ -234,7 +339,7 @@ static time_t Curl_parsedate(const char *date)
   int secnum=-1;
   int yearnum=-1;
   int tzoff=-1;
-  struct tm tm;
+  struct my_tm tm;
   enum assume dignext = DATE_MDAY;
   const char *indate = date; /* save the original pointer */
   int part = 0; /* max 6 parts */
@@ -248,8 +353,11 @@ static time_t Curl_parsedate(const char *date)
       /* a name coming up */
       char buf[32]="";
       size_t len;
-      sscanf(date, "%31[A-Za-z]", buf);
-      len = strlen(buf);
+      if(sscanf(date, "%31[ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                          "abcdefghijklmnopqrstuvwxyz]", buf))
+        len = strlen(buf);
+      else
+        len = 0;
 
       if(wdaynum == -1) {
         wdaynum = checkday(buf, len);
@@ -270,7 +378,7 @@ static time_t Curl_parsedate(const char *date)
       }
 
       if(!found)
-        return -1; /* bad string */
+        return PARSEDATE_FAIL; /* bad string */
 
       date += len;
     }
@@ -282,18 +390,48 @@ static time_t Curl_parsedate(const char *date)
          (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) {
         /* time stamp! */
         date += 8;
-        found = TRUE;
+      }
+      else if((secnum == -1) &&
+              (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) {
+        /* time stamp without seconds */
+        date += 5;
+        secnum = 0;
       }
       else {
-        val = (int)strtol(date, &end, 10);
+        long lval;
+        int error;
+        int old_errno;
+
+        old_errno = ERRNO;
+        SET_ERRNO(0);
+        lval = strtol(date, &end, 10);
+        error = ERRNO;
+        if(error != old_errno)
+          SET_ERRNO(old_errno);
+
+        if(error)
+          return PARSEDATE_FAIL;
+
+#if LONG_MAX != INT_MAX
+        if((lval > (long)INT_MAX) || (lval < (long)INT_MIN))
+          return PARSEDATE_FAIL;
+#endif
+
+        val = curlx_sltosi(lval);
 
         if((tzoff == -1) &&
            ((end - date) == 4) &&
-           (val < 1300) &&
+           (val <= 1400) &&
            (indate< date) &&
            ((date[-1] == '+' || date[-1] == '-'))) {
-          /* four digits and a value less than 1300 and it is preceeded with
-             a plus or minus. This is a time zone indication. */
+          /* four digits and a value less than or equal to 1400 (to take into
+             account all sorts of funny time zone diffs) and it is preceded
+             with a plus or minus. This is a time zone indication.  1400 is
+             picked since +1300 is frequently used and +1400 is mentioned as
+             an edge number in the document "ISO C 200X Proposal: Timezone
+             Functions" at http://david.tribble.com/text/c0xtimezone.html If
+             anyone has a more authoritative source for the exact maximum time
+             zone offsets, please speak up! */
           found = TRUE;
           tzoff = (val/100 * 60 + val%100)*60;
 
@@ -325,7 +463,7 @@ static time_t Curl_parsedate(const char *date)
           yearnum = val;
           found = TRUE;
           if(yearnum < 1900) {
-            if (yearnum > 70)
+            if(yearnum > 70)
               yearnum += 1900;
             else
               yearnum += 2000;
@@ -335,7 +473,7 @@ static time_t Curl_parsedate(const char *date)
         }
 
         if(!found)
-          return -1;
+          return PARSEDATE_FAIL;
 
         date = end;
       }
@@ -351,75 +489,95 @@ static time_t Curl_parsedate(const char *date)
      (-1 == monnum) ||
      (-1 == yearnum))
     /* lacks vital info, fail */
-    return -1;
+    return PARSEDATE_FAIL;
 
 #if SIZEOF_TIME_T < 5
   /* 32 bit time_t can only hold dates to the beginning of 2038 */
-  if(yearnum > 2037)
-    return 0x7fffffff;
+  if(yearnum > 2037) {
+    *output = 0x7fffffff;
+    return PARSEDATE_LATER;
+  }
 #endif
 
+  if(yearnum < 1970) {
+    *output = 0;
+    return PARSEDATE_SOONER;
+  }
+
+  if((mdaynum > 31) || (monnum > 11) ||
+     (hournum > 23) || (minnum > 59) || (secnum > 60))
+    return PARSEDATE_FAIL; /* clearly an illegal date */
+
   tm.tm_sec = secnum;
   tm.tm_min = minnum;
   tm.tm_hour = hournum;
   tm.tm_mday = mdaynum;
   tm.tm_mon = monnum;
   tm.tm_year = yearnum - 1900;
-  tm.tm_wday = 0;
-  tm.tm_yday = 0;
-  tm.tm_isdst = 0;
 
-  /* mktime() returns a time_t. time_t is often 32 bits, even on many
+  /* my_timegm() returns a time_t. time_t is often 32 bits, even on many
      architectures that feature 64 bit 'long'.
 
      Some systems have 64 bit time_t and deal with years beyond 2038. However,
-     even some of the systems with 64 bit time_t returns -1 for dates beyond
-     03:14:07 UTC, January 19, 2038. (Such as AIX 5100-06)
+     even on some of the systems with 64 bit time_t mktime() returns -1 for
+     dates beyond 03:14:07 UTC, January 19, 2038. (Such as AIX 5100-06)
   */
-  t = mktime(&tm);
+  t = my_timegm(&tm);
 
   /* time zone adjust (cast t to int to compare to negative one) */
   if(-1 != (int)t) {
-    struct tm *gmt;
-    long delta;
-    time_t t2;
-
-#ifdef HAVE_GMTIME_R
-    /* thread-safe version */
-    struct tm keeptime2;
-    gmt = (struct tm *)gmtime_r(&t, &keeptime2);
-    if(!gmt)
-      return -1; /* illegal date/time */
-    t2 = mktime(gmt);
-#else
-    /* It seems that at least the MSVC version of mktime() doesn't work
-       properly if it gets the 'gmt' pointer passed in (which is a pointer
-       returned from gmtime() pointing to static memory), so instead we copy
-       the tm struct to a local struct and pass a pointer to that struct as
-       input to mktime(). */
-    struct tm gmt2;
-    gmt = gmtime(&t); /* use gmtime_r() if available */
-    if(!gmt)
-      return -1; /* illegal date/time */
-    gmt2 = *gmt;
-    t2 = mktime(&gmt2);
-#endif
 
-    /* Add the time zone diff (between the given timezone and GMT) and the
-       diff between the local time zone and GMT. */
-    delta = (long)((tzoff!=-1?tzoff:0) + (t - t2));
+    /* Add the time zone diff between local time zone and GMT. */
+    long delta = (long)(tzoff!=-1?tzoff:0);
 
-    if((delta>0) && (t + delta < t))
-      return -1; /* time_t overflow */
+    if((delta>0) && (t > LONG_MAX - delta)) {
+      *output = 0x7fffffff;
+      return PARSEDATE_LATER; /* time_t overflow */
+    }
 
     t += delta;
   }
 
-  return t;
+  *output = t;
+
+  return PARSEDATE_OK;
 }
 
 time_t curl_getdate(const char *p, const time_t *now)
 {
-  (void)now;
-  return Curl_parsedate(p);
+  time_t parsed;
+  int rc = parsedate(p, &parsed);
+  (void)now; /* legacy argument from the past that we ignore */
+
+  switch(rc) {
+  case PARSEDATE_OK:
+  case PARSEDATE_LATER:
+  case PARSEDATE_SOONER:
+    return parsed;
+  }
+  /* everything else is fail */
+  return -1;
+}
+
+/*
+ * Curl_gmtime() is a gmtime() replacement for portability. Do not use the
+ * gmtime_r() or gmtime() functions anywhere else but here.
+ *
+ */
+
+CURLcode Curl_gmtime(time_t intime, struct tm *store)
+{
+  const struct tm *tm;
+#ifdef HAVE_GMTIME_R
+  /* thread-safe version */
+  tm = (struct tm *)gmtime_r(&intime, store);
+#else
+  tm = gmtime(&intime);
+  if(tm)
+    *store = *tm; /* copy the pointed struct to the local copy */
+#endif
+
+  if(!tm)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  return CURLE_OK;
 }
diff --git a/Utilities/cmcurl/lib/parsedate.h b/Utilities/cmcurl/lib/parsedate.h
new file mode 100644
index 0000000..ade0f4f
--- /dev/null
+++ b/Utilities/cmcurl/lib/parsedate.h
@@ -0,0 +1,31 @@
+#ifndef HEADER_CURL_PARSEDATE_H
+#define HEADER_CURL_PARSEDATE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+extern const char * const Curl_wkday[7];
+extern const char * const Curl_month[12];
+
+CURLcode Curl_gmtime(time_t intime, struct tm *store);
+
+#endif /* HEADER_CURL_PARSEDATE_H */
+
diff --git a/Utilities/cmcurl/lib/pingpong.c b/Utilities/cmcurl/lib/pingpong.c
new file mode 100644
index 0000000..c7e89d0
--- /dev/null
+++ b/Utilities/cmcurl/lib/pingpong.c
@@ -0,0 +1,517 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ *   'pingpong' is for generic back-and-forth support functions used by FTP,
+ *   IMAP, POP3, SMTP and whatever more that likes them.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "urldata.h"
+#include "sendf.h"
+#include "select.h"
+#include "progress.h"
+#include "speedcheck.h"
+#include "pingpong.h"
+#include "multiif.h"
+#include "non-ascii.h"
+#include "vtls/vtls.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifdef USE_PINGPONG
+
+/* Returns timeout in ms. 0 or negative number means the timeout has already
+   triggered */
+long Curl_pp_state_timeout(struct pingpong *pp)
+{
+  struct connectdata *conn = pp->conn;
+  struct SessionHandle *data=conn->data;
+  long timeout_ms; /* in milliseconds */
+  long timeout2_ms; /* in milliseconds */
+  long response_time= (data->set.server_response_timeout)?
+    data->set.server_response_timeout: pp->response_time;
+
+  /* if CURLOPT_SERVER_RESPONSE_TIMEOUT is set, use that to determine
+     remaining time, or use pp->response because SERVER_RESPONSE_TIMEOUT is
+     supposed to govern the response for any given server response, not for
+     the time from connect to the given server response. */
+
+  /* Without a requested timeout, we only wait 'response_time' seconds for the
+     full response to arrive before we bail out */
+  timeout_ms = response_time -
+    Curl_tvdiff(Curl_tvnow(), pp->response); /* spent time */
+
+  if(data->set.timeout) {
+    /* if timeout is requested, find out how much remaining time we have */
+    timeout2_ms = data->set.timeout - /* timeout time */
+      Curl_tvdiff(Curl_tvnow(), conn->now); /* spent time */
+
+    /* pick the lowest number */
+    timeout_ms = CURLMIN(timeout_ms, timeout2_ms);
+  }
+
+  return timeout_ms;
+}
+
+/*
+ * Curl_pp_statemach()
+ */
+CURLcode Curl_pp_statemach(struct pingpong *pp, bool block)
+{
+  struct connectdata *conn = pp->conn;
+  curl_socket_t sock = conn->sock[FIRSTSOCKET];
+  int rc;
+  long interval_ms;
+  long timeout_ms = Curl_pp_state_timeout(pp);
+  struct SessionHandle *data=conn->data;
+  CURLcode result = CURLE_OK;
+
+  if(timeout_ms <=0 ) {
+    failf(data, "server response timeout");
+    return CURLE_OPERATION_TIMEDOUT; /* already too little time */
+  }
+
+  if(block) {
+    interval_ms = 1000;  /* use 1 second timeout intervals */
+    if(timeout_ms < interval_ms)
+      interval_ms = timeout_ms;
+  }
+  else
+    interval_ms = 0; /* immediate */
+
+  if(Curl_pp_moredata(pp))
+    /* We are receiving and there is data in the cache so just read it */
+    rc = 1;
+  else if(!pp->sendleft && Curl_ssl_data_pending(conn, FIRSTSOCKET))
+    /* We are receiving and there is data ready in the SSL library */
+    rc = 1;
+  else
+    rc = Curl_socket_ready(pp->sendleft?CURL_SOCKET_BAD:sock, /* reading */
+                           pp->sendleft?sock:CURL_SOCKET_BAD, /* writing */
+                           interval_ms);
+
+  if(block) {
+    /* if we didn't wait, we don't have to spend time on this now */
+    if(Curl_pgrsUpdate(conn))
+      result = CURLE_ABORTED_BY_CALLBACK;
+    else
+      result = Curl_speedcheck(data, Curl_tvnow());
+
+    if(result)
+      return result;
+  }
+
+  if(rc == -1) {
+    failf(data, "select/poll error");
+    result = CURLE_OUT_OF_MEMORY;
+  }
+  else if(rc)
+    result = pp->statemach_act(conn);
+
+  return result;
+}
+
+/* initialize stuff to prepare for reading a fresh new response */
+void Curl_pp_init(struct pingpong *pp)
+{
+  struct connectdata *conn = pp->conn;
+  pp->nread_resp = 0;
+  pp->linestart_resp = conn->data->state.buffer;
+  pp->pending_resp = TRUE;
+  pp->response = Curl_tvnow(); /* start response time-out now! */
+}
+
+
+
+/***********************************************************************
+ *
+ * Curl_pp_vsendf()
+ *
+ * Send the formated string as a command to a pingpong server. Note that
+ * the string should not have any CRLF appended, as this function will
+ * append the necessary things itself.
+ *
+ * made to never block
+ */
+CURLcode Curl_pp_vsendf(struct pingpong *pp,
+                        const char *fmt,
+                        va_list args)
+{
+  ssize_t bytes_written;
+  size_t write_len;
+  char *fmt_crlf;
+  char *s;
+  CURLcode error;
+  struct connectdata *conn = pp->conn;
+  struct SessionHandle *data = conn->data;
+
+#ifdef HAVE_GSSAPI
+  enum protection_level data_sec = conn->data_prot;
+#endif
+
+  DEBUGASSERT(pp->sendleft == 0);
+  DEBUGASSERT(pp->sendsize == 0);
+  DEBUGASSERT(pp->sendthis == NULL);
+
+  fmt_crlf = aprintf("%s\r\n", fmt); /* append a trailing CRLF */
+  if(!fmt_crlf)
+    return CURLE_OUT_OF_MEMORY;
+
+  s = vaprintf(fmt_crlf, args); /* trailing CRLF appended */
+  free(fmt_crlf);
+  if(!s)
+    return CURLE_OUT_OF_MEMORY;
+
+  bytes_written = 0;
+  write_len = strlen(s);
+
+  Curl_pp_init(pp);
+
+  error = Curl_convert_to_network(data, s, write_len);
+  /* Curl_convert_to_network calls failf if unsuccessful */
+  if(error) {
+    free(s);
+    return error;
+  }
+
+#ifdef HAVE_GSSAPI
+  conn->data_prot = PROT_CMD;
+#endif
+  error = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len,
+                     &bytes_written);
+#ifdef HAVE_GSSAPI
+  DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST);
+  conn->data_prot = data_sec;
+#endif
+
+  if(error) {
+    free(s);
+    return error;
+  }
+
+  if(conn->data->set.verbose)
+    Curl_debug(conn->data, CURLINFO_HEADER_OUT,
+               s, (size_t)bytes_written, conn);
+
+  if(bytes_written != (ssize_t)write_len) {
+    /* the whole chunk was not sent, keep it around and adjust sizes */
+    pp->sendthis = s;
+    pp->sendsize = write_len;
+    pp->sendleft = write_len - bytes_written;
+  }
+  else {
+    free(s);
+    pp->sendthis = NULL;
+    pp->sendleft = pp->sendsize = 0;
+    pp->response = Curl_tvnow();
+  }
+
+  return CURLE_OK;
+}
+
+
+/***********************************************************************
+ *
+ * Curl_pp_sendf()
+ *
+ * Send the formated string as a command to a pingpong server. Note that
+ * the string should not have any CRLF appended, as this function will
+ * append the necessary things itself.
+ *
+ * made to never block
+ */
+CURLcode Curl_pp_sendf(struct pingpong *pp,
+                       const char *fmt, ...)
+{
+  CURLcode res;
+  va_list ap;
+  va_start(ap, fmt);
+
+  res = Curl_pp_vsendf(pp, fmt, ap);
+
+  va_end(ap);
+
+  return res;
+}
+
+/*
+ * Curl_pp_readresp()
+ *
+ * Reads a piece of a server response.
+ */
+CURLcode Curl_pp_readresp(curl_socket_t sockfd,
+                          struct pingpong *pp,
+                          int *code, /* return the server code if done */
+                          size_t *size) /* size of the response */
+{
+  ssize_t perline; /* count bytes per line */
+  bool keepon=TRUE;
+  ssize_t gotbytes;
+  char *ptr;
+  struct connectdata *conn = pp->conn;
+  struct SessionHandle *data = conn->data;
+  char * const buf = data->state.buffer;
+  CURLcode result = CURLE_OK;
+
+  *code = 0; /* 0 for errors or not done */
+  *size = 0;
+
+  ptr=buf + pp->nread_resp;
+
+  /* number of bytes in the current line, so far */
+  perline = (ssize_t)(ptr-pp->linestart_resp);
+
+  keepon=TRUE;
+
+  while((pp->nread_resp<BUFSIZE) && (keepon && !result)) {
+
+    if(pp->cache) {
+      /* we had data in the "cache", copy that instead of doing an actual
+       * read
+       *
+       * pp->cache_size is cast to ssize_t here.  This should be safe, because
+       * it would have been populated with something of size int to begin
+       * with, even though its datatype may be larger than an int.
+       */
+      DEBUGASSERT((ptr+pp->cache_size) <= (buf+BUFSIZE+1));
+      memcpy(ptr, pp->cache, pp->cache_size);
+      gotbytes = (ssize_t)pp->cache_size;
+      free(pp->cache);    /* free the cache */
+      pp->cache = NULL;   /* clear the pointer */
+      pp->cache_size = 0; /* zero the size just in case */
+    }
+    else {
+      int res;
+#ifdef HAVE_GSSAPI
+      enum protection_level prot = conn->data_prot;
+      conn->data_prot = PROT_CLEAR;
+#endif
+      DEBUGASSERT((ptr+BUFSIZE-pp->nread_resp) <= (buf+BUFSIZE+1));
+      res = Curl_read(conn, sockfd, ptr, BUFSIZE-pp->nread_resp,
+                      &gotbytes);
+#ifdef HAVE_GSSAPI
+      DEBUGASSERT(prot  > PROT_NONE && prot < PROT_LAST);
+      conn->data_prot = prot;
+#endif
+      if(res == CURLE_AGAIN)
+        return CURLE_OK; /* return */
+
+      if((res == CURLE_OK) && (gotbytes > 0))
+        /* convert from the network encoding */
+        res = Curl_convert_from_network(data, ptr, gotbytes);
+      /* Curl_convert_from_network calls failf if unsuccessful */
+
+      if(CURLE_OK != res) {
+        result = (CURLcode)res; /* Set outer result variable to this error. */
+        keepon = FALSE;
+      }
+    }
+
+    if(!keepon)
+      ;
+    else if(gotbytes <= 0) {
+      keepon = FALSE;
+      result = CURLE_RECV_ERROR;
+      failf(data, "response reading failed");
+    }
+    else {
+      /* we got a whole chunk of data, which can be anything from one
+       * byte to a set of lines and possible just a piece of the last
+       * line */
+      ssize_t i;
+      ssize_t clipamount = 0;
+      bool restart = FALSE;
+
+      data->req.headerbytecount += (long)gotbytes;
+
+      pp->nread_resp += gotbytes;
+      for(i = 0; i < gotbytes; ptr++, i++) {
+        perline++;
+        if(*ptr=='\n') {
+          /* a newline is CRLF in pp-talk, so the CR is ignored as
+             the line isn't really terminated until the LF comes */
+
+          /* output debug output if that is requested */
+#ifdef HAVE_GSSAPI
+          if(!conn->sec_complete)
+#endif
+            if(data->set.verbose)
+              Curl_debug(data, CURLINFO_HEADER_IN,
+                         pp->linestart_resp, (size_t)perline, conn);
+
+          /*
+           * We pass all response-lines to the callback function registered
+           * for "headers". The response lines can be seen as a kind of
+           * headers.
+           */
+          result = Curl_client_write(conn, CLIENTWRITE_HEADER,
+                                     pp->linestart_resp, perline);
+          if(result)
+            return result;
+
+          if(pp->endofresp(conn, pp->linestart_resp, perline, code)) {
+            /* This is the end of the last line, copy the last line to the
+               start of the buffer and zero terminate, for old times sake */
+            size_t n = ptr - pp->linestart_resp;
+            memmove(buf, pp->linestart_resp, n);
+            buf[n]=0; /* zero terminate */
+            keepon=FALSE;
+            pp->linestart_resp = ptr+1; /* advance pointer */
+            i++; /* skip this before getting out */
+
+            *size = pp->nread_resp; /* size of the response */
+            pp->nread_resp = 0; /* restart */
+            break;
+          }
+          perline=0; /* line starts over here */
+          pp->linestart_resp = ptr+1;
+        }
+      }
+
+      if(!keepon && (i != gotbytes)) {
+        /* We found the end of the response lines, but we didn't parse the
+           full chunk of data we have read from the server. We therefore need
+           to store the rest of the data to be checked on the next invoke as
+           it may actually contain another end of response already! */
+        clipamount = gotbytes - i;
+        restart = TRUE;
+        DEBUGF(infof(data, "Curl_pp_readresp_ %d bytes of trailing "
+                     "server response left\n",
+                     (int)clipamount));
+      }
+      else if(keepon) {
+
+        if((perline == gotbytes) && (gotbytes > BUFSIZE/2)) {
+          /* We got an excessive line without newlines and we need to deal
+             with it. We keep the first bytes of the line then we throw
+             away the rest. */
+          infof(data, "Excessive server response line length received, "
+                "%zd bytes. Stripping\n", gotbytes);
+          restart = TRUE;
+
+          /* we keep 40 bytes since all our pingpong protocols are only
+             interested in the first piece */
+          clipamount = 40;
+        }
+        else if(pp->nread_resp > BUFSIZE/2) {
+          /* We got a large chunk of data and there's potentially still
+             trailing data to take care of, so we put any such part in the
+             "cache", clear the buffer to make space and restart. */
+          clipamount = perline;
+          restart = TRUE;
+        }
+      }
+      else if(i == gotbytes)
+        restart = TRUE;
+
+      if(clipamount) {
+        pp->cache_size = clipamount;
+        pp->cache = malloc(pp->cache_size);
+        if(pp->cache)
+          memcpy(pp->cache, pp->linestart_resp, pp->cache_size);
+        else
+          return CURLE_OUT_OF_MEMORY;
+      }
+      if(restart) {
+        /* now reset a few variables to start over nicely from the start of
+           the big buffer */
+        pp->nread_resp = 0; /* start over from scratch in the buffer */
+        ptr = pp->linestart_resp = buf;
+        perline = 0;
+      }
+
+    } /* there was data */
+
+  } /* while there's buffer left and loop is requested */
+
+  pp->pending_resp = FALSE;
+
+  return result;
+}
+
+int Curl_pp_getsock(struct pingpong *pp,
+                    curl_socket_t *socks,
+                    int numsocks)
+{
+  struct connectdata *conn = pp->conn;
+
+  if(!numsocks)
+    return GETSOCK_BLANK;
+
+  socks[0] = conn->sock[FIRSTSOCKET];
+
+  if(pp->sendleft) {
+    /* write mode */
+    return GETSOCK_WRITESOCK(0);
+  }
+
+  /* read mode */
+  return GETSOCK_READSOCK(0);
+}
+
+CURLcode Curl_pp_flushsend(struct pingpong *pp)
+{
+  /* we have a piece of a command still left to send */
+  struct connectdata *conn = pp->conn;
+  ssize_t written;
+  CURLcode result = CURLE_OK;
+  curl_socket_t sock = conn->sock[FIRSTSOCKET];
+
+  result = Curl_write(conn, sock, pp->sendthis + pp->sendsize -
+                      pp->sendleft, pp->sendleft, &written);
+  if(result)
+    return result;
+
+  if(written != (ssize_t)pp->sendleft) {
+    /* only a fraction was sent */
+    pp->sendleft -= written;
+  }
+  else {
+    free(pp->sendthis);
+    pp->sendthis=NULL;
+    pp->sendleft = pp->sendsize = 0;
+    pp->response = Curl_tvnow();
+  }
+  return CURLE_OK;
+}
+
+CURLcode Curl_pp_disconnect(struct pingpong *pp)
+{
+  if(pp->cache) {
+    free(pp->cache);
+    pp->cache = NULL;
+  }
+  return CURLE_OK;
+}
+
+bool Curl_pp_moredata(struct pingpong *pp)
+{
+  return (!pp->sendleft && pp->cache && pp->nread_resp < pp->cache_size) ?
+         TRUE : FALSE;
+}
+
+#endif
diff --git a/Utilities/cmcurl/lib/pingpong.h b/Utilities/cmcurl/lib/pingpong.h
new file mode 100644
index 0000000..b925ab9
--- /dev/null
+++ b/Utilities/cmcurl/lib/pingpong.h
@@ -0,0 +1,150 @@
+#ifndef HEADER_CURL_PINGPONG_H
+#define HEADER_CURL_PINGPONG_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_FTP) || \
+  !defined(CURL_DISABLE_POP3) || !defined(CURL_DISABLE_SMTP)
+#define USE_PINGPONG
+#endif
+
+/* forward-declaration, this is defined in urldata.h */
+struct connectdata;
+
+typedef enum {
+  FTPTRANSFER_BODY, /* yes do transfer a body */
+  FTPTRANSFER_INFO, /* do still go through to get info/headers */
+  FTPTRANSFER_NONE, /* don't get anything and don't get info */
+  FTPTRANSFER_LAST  /* end of list marker, never used */
+} curl_pp_transfer;
+
+/*
+ * 'pingpong' is the generic struct used for protocols doing server<->client
+ * conversations in a back-and-forth style such as FTP, IMAP, POP3, SMTP etc.
+ *
+ * It holds response cache and non-blocking sending data.
+ */
+struct pingpong {
+  char *cache;     /* data cache between getresponse()-calls */
+  size_t cache_size;  /* size of cache in bytes */
+  size_t nread_resp;  /* number of bytes currently read of a server response */
+  char *linestart_resp; /* line start pointer for the server response
+                           reader function */
+  bool pending_resp;  /* set TRUE when a server response is pending or in
+                         progress, and is cleared once the last response is
+                         read */
+  char *sendthis; /* allocated pointer to a buffer that is to be sent to the
+                     server */
+  size_t sendleft; /* number of bytes left to send from the sendthis buffer */
+  size_t sendsize; /* total size of the sendthis buffer */
+  struct timeval response; /* set to Curl_tvnow() when a command has been sent
+                              off, used to time-out response reading */
+  long response_time; /* When no timeout is given, this is the amount of
+                         milliseconds we await for a server response. */
+
+  struct connectdata *conn; /* points to the connectdata struct that this
+                               belongs to */
+
+  /* Function pointers the protocols MUST implement and provide for the
+     pingpong layer to function */
+
+  CURLcode (*statemach_act)(struct connectdata *conn);
+
+  bool (*endofresp)(struct connectdata *conn, char *ptr, size_t len,
+                    int *code);
+};
+
+/*
+ * Curl_pp_statemach()
+ *
+ * called repeatedly until done. Set 'wait' to make it wait a while on the
+ * socket if there's no traffic.
+ */
+CURLcode Curl_pp_statemach(struct pingpong *pp, bool block);
+
+/* initialize stuff to prepare for reading a fresh new response */
+void Curl_pp_init(struct pingpong *pp);
+
+/* Returns timeout in ms. 0 or negative number means the timeout has already
+   triggered */
+long Curl_pp_state_timeout(struct pingpong *pp);
+
+
+/***********************************************************************
+ *
+ * Curl_pp_sendf()
+ *
+ * Send the formated string as a command to a pingpong server. Note that
+ * the string should not have any CRLF appended, as this function will
+ * append the necessary things itself.
+ *
+ * made to never block
+ */
+CURLcode Curl_pp_sendf(struct pingpong *pp,
+                       const char *fmt, ...);
+
+/***********************************************************************
+ *
+ * Curl_pp_vsendf()
+ *
+ * Send the formated string as a command to a pingpong server. Note that
+ * the string should not have any CRLF appended, as this function will
+ * append the necessary things itself.
+ *
+ * made to never block
+ */
+CURLcode Curl_pp_vsendf(struct pingpong *pp,
+                        const char *fmt,
+                        va_list args);
+
+/*
+ * Curl_pp_readresp()
+ *
+ * Reads a piece of a server response.
+ */
+CURLcode Curl_pp_readresp(curl_socket_t sockfd,
+                          struct pingpong *pp,
+                          int *code, /* return the server code if done */
+                          size_t *size); /* size of the response */
+
+
+CURLcode Curl_pp_flushsend(struct pingpong *pp);
+
+/* call this when a pingpong connection is disconnected */
+CURLcode Curl_pp_disconnect(struct pingpong *pp);
+
+int Curl_pp_getsock(struct pingpong *pp, curl_socket_t *socks,
+                    int numsocks);
+
+
+/***********************************************************************
+ *
+ * Curl_pp_moredata()
+ *
+ * Returns whether there are still more data in the cache and so a call
+ * to Curl_pp_readresp() will not block.
+ */
+bool Curl_pp_moredata(struct pingpong *pp);
+
+#endif /* HEADER_CURL_PINGPONG_H */
diff --git a/Utilities/cmcurl/lib/pipeline.c b/Utilities/cmcurl/lib/pipeline.c
new file mode 100644
index 0000000..8d2544b
--- /dev/null
+++ b/Utilities/cmcurl/lib/pipeline.c
@@ -0,0 +1,340 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2013, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) 2013-2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+
+#include "urldata.h"
+#include "url.h"
+#include "progress.h"
+#include "multiif.h"
+#include "pipeline.h"
+#include "sendf.h"
+#include "rawstr.h"
+#include "bundles.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+struct site_blacklist_entry {
+  char *hostname;
+  unsigned short port;
+};
+
+static void site_blacklist_llist_dtor(void *user, void *element)
+{
+  struct site_blacklist_entry *entry = element;
+  (void)user;
+
+  Curl_safefree(entry->hostname);
+  Curl_safefree(entry);
+}
+
+static void server_blacklist_llist_dtor(void *user, void *element)
+{
+  char *server_name = element;
+  (void)user;
+
+  Curl_safefree(server_name);
+}
+
+bool Curl_pipeline_penalized(struct SessionHandle *data,
+                             struct connectdata *conn)
+{
+  if(data) {
+    bool penalized = FALSE;
+    curl_off_t penalty_size =
+      Curl_multi_content_length_penalty_size(data->multi);
+    curl_off_t chunk_penalty_size =
+      Curl_multi_chunk_length_penalty_size(data->multi);
+    curl_off_t recv_size = -2; /* Make it easy to spot in the log */
+
+    /* Find the head of the recv pipe, if any */
+    if(conn->recv_pipe && conn->recv_pipe->head) {
+      struct SessionHandle *recv_handle = conn->recv_pipe->head->ptr;
+
+      recv_size = recv_handle->req.size;
+
+      if(penalty_size > 0 && recv_size > penalty_size)
+        penalized = TRUE;
+    }
+
+    if(chunk_penalty_size > 0 &&
+       (curl_off_t)conn->chunk.datasize > chunk_penalty_size)
+      penalized = TRUE;
+
+    infof(data, "Conn: %ld (%p) Receive pipe weight: (%"
+          CURL_FORMAT_CURL_OFF_T "/%zu), penalized: %s\n",
+          conn->connection_id, (void *)conn, recv_size,
+          conn->chunk.datasize, penalized?"TRUE":"FALSE");
+    return penalized;
+  }
+  return FALSE;
+}
+
+CURLcode Curl_add_handle_to_pipeline(struct SessionHandle *handle,
+                                     struct connectdata *conn)
+{
+  struct curl_llist_element *sendhead = conn->send_pipe->head;
+  struct curl_llist *pipeline;
+  CURLcode rc;
+
+  pipeline = conn->send_pipe;
+
+  rc = Curl_addHandleToPipeline(handle, pipeline);
+
+  if(pipeline == conn->send_pipe && sendhead != conn->send_pipe->head) {
+    /* this is a new one as head, expire it */
+    conn->writechannel_inuse = FALSE; /* not in use yet */
+    Curl_expire(conn->send_pipe->head->ptr, 1);
+  }
+
+#if 0 /* enable for pipeline debugging */
+  print_pipeline(conn);
+#endif
+
+  return rc;
+}
+
+/* Move this transfer from the sending list to the receiving list.
+
+   Pay special attention to the new sending list "leader" as it needs to get
+   checked to update what sockets it acts on.
+
+*/
+void Curl_move_handle_from_send_to_recv_pipe(struct SessionHandle *handle,
+                                             struct connectdata *conn)
+{
+  struct curl_llist_element *curr;
+
+  curr = conn->send_pipe->head;
+  while(curr) {
+    if(curr->ptr == handle) {
+      Curl_llist_move(conn->send_pipe, curr,
+                      conn->recv_pipe, conn->recv_pipe->tail);
+
+      if(conn->send_pipe->head) {
+        /* Since there's a new easy handle at the start of the send pipeline,
+           set its timeout value to 1ms to make it trigger instantly */
+        conn->writechannel_inuse = FALSE; /* not used now */
+#ifdef DEBUGBUILD
+        infof(conn->data, "%p is at send pipe head B!\n",
+              (void *)conn->send_pipe->head->ptr);
+#endif
+        Curl_expire(conn->send_pipe->head->ptr, 1);
+      }
+
+      /* The receiver's list is not really interesting here since either this
+         handle is now first in the list and we'll deal with it soon, or
+         another handle is already first and thus is already taken care of */
+
+      break; /* we're done! */
+    }
+    curr = curr->next;
+  }
+}
+
+bool Curl_pipeline_site_blacklisted(struct SessionHandle *handle,
+                                    struct connectdata *conn)
+{
+  if(handle->multi) {
+    struct curl_llist *blacklist =
+      Curl_multi_pipelining_site_bl(handle->multi);
+
+    if(blacklist) {
+      struct curl_llist_element *curr;
+
+      curr = blacklist->head;
+      while(curr) {
+        struct site_blacklist_entry *site;
+
+        site = curr->ptr;
+        if(Curl_raw_equal(site->hostname, conn->host.name) &&
+           site->port == conn->remote_port) {
+          infof(handle, "Site %s:%d is pipeline blacklisted\n",
+                conn->host.name, conn->remote_port);
+          return TRUE;
+        }
+        curr = curr->next;
+      }
+    }
+  }
+  return FALSE;
+}
+
+CURLMcode Curl_pipeline_set_site_blacklist(char **sites,
+                                           struct curl_llist **list_ptr)
+{
+  struct curl_llist *old_list = *list_ptr;
+  struct curl_llist *new_list = NULL;
+
+  if(sites) {
+    new_list = Curl_llist_alloc((curl_llist_dtor) site_blacklist_llist_dtor);
+    if(!new_list)
+      return CURLM_OUT_OF_MEMORY;
+
+    /* Parse the URLs and populate the list */
+    while(*sites) {
+      char *hostname;
+      char *port;
+      struct site_blacklist_entry *entry;
+
+      hostname = strdup(*sites);
+      if(!hostname) {
+        Curl_llist_destroy(new_list, NULL);
+        return CURLM_OUT_OF_MEMORY;
+      }
+
+      entry = malloc(sizeof(struct site_blacklist_entry));
+      if(!entry) {
+        free(hostname);
+        Curl_llist_destroy(new_list, NULL);
+        return CURLM_OUT_OF_MEMORY;
+      }
+
+      port = strchr(hostname, ':');
+      if(port) {
+        *port = '\0';
+        port++;
+        entry->port = (unsigned short)strtol(port, NULL, 10);
+      }
+      else {
+        /* Default port number for HTTP */
+        entry->port = 80;
+      }
+
+      entry->hostname = hostname;
+
+      if(!Curl_llist_insert_next(new_list, new_list->tail, entry)) {
+        site_blacklist_llist_dtor(NULL, entry);
+        Curl_llist_destroy(new_list, NULL);
+        return CURLM_OUT_OF_MEMORY;
+      }
+
+      sites++;
+    }
+  }
+
+  /* Free the old list */
+  if(old_list) {
+    Curl_llist_destroy(old_list, NULL);
+  }
+
+  /* This might be NULL if sites == NULL, i.e the blacklist is cleared */
+  *list_ptr = new_list;
+
+  return CURLM_OK;
+}
+
+bool Curl_pipeline_server_blacklisted(struct SessionHandle *handle,
+                                      char *server_name)
+{
+  if(handle->multi) {
+    struct curl_llist *blacklist =
+      Curl_multi_pipelining_server_bl(handle->multi);
+
+    if(blacklist) {
+      struct curl_llist_element *curr;
+
+      curr = blacklist->head;
+      while(curr) {
+        char *bl_server_name;
+
+        bl_server_name = curr->ptr;
+        if(Curl_raw_nequal(bl_server_name, server_name,
+                           strlen(bl_server_name))) {
+          infof(handle, "Server %s is blacklisted\n", server_name);
+          return TRUE;
+        }
+        curr = curr->next;
+      }
+    }
+
+    infof(handle, "Server %s is not blacklisted\n", server_name);
+  }
+  return FALSE;
+}
+
+CURLMcode Curl_pipeline_set_server_blacklist(char **servers,
+                                             struct curl_llist **list_ptr)
+{
+  struct curl_llist *old_list = *list_ptr;
+  struct curl_llist *new_list = NULL;
+
+  if(servers) {
+    new_list = Curl_llist_alloc((curl_llist_dtor) server_blacklist_llist_dtor);
+    if(!new_list)
+      return CURLM_OUT_OF_MEMORY;
+
+    /* Parse the URLs and populate the list */
+    while(*servers) {
+      char *server_name;
+
+      server_name = strdup(*servers);
+      if(!server_name)
+        return CURLM_OUT_OF_MEMORY;
+
+      if(!Curl_llist_insert_next(new_list, new_list->tail, server_name))
+        return CURLM_OUT_OF_MEMORY;
+
+      servers++;
+    }
+  }
+
+  /* Free the old list */
+  if(old_list) {
+    Curl_llist_destroy(old_list, NULL);
+  }
+
+  /* This might be NULL if sites == NULL, i.e the blacklist is cleared */
+  *list_ptr = new_list;
+
+  return CURLM_OK;
+}
+
+#if 0
+void print_pipeline(struct connectdata *conn)
+{
+  struct curl_llist_element *curr;
+  struct connectbundle *cb_ptr;
+  struct SessionHandle *data = conn->data;
+
+  cb_ptr = conn->bundle;
+
+  if(cb_ptr) {
+    curr = cb_ptr->conn_list->head;
+    while(curr) {
+      conn = curr->ptr;
+      infof(data, "- Conn %ld (%p) send_pipe: %zu, recv_pipe: %zu\n",
+            conn->connection_id,
+            (void *)conn,
+            conn->send_pipe->size,
+            conn->recv_pipe->size);
+      curr = curr->next;
+    }
+  }
+}
+
+#endif
diff --git a/Utilities/cmcurl/lib/pipeline.h b/Utilities/cmcurl/lib/pipeline.h
new file mode 100644
index 0000000..96c4c33
--- /dev/null
+++ b/Utilities/cmcurl/lib/pipeline.h
@@ -0,0 +1,44 @@
+#ifndef HEADER_CURL_PIPELINE_H
+#define HEADER_CURL_PIPELINE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2013 - 2014, Linus Nielsen Feltzing, <linus@haxx.se>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+CURLcode Curl_add_handle_to_pipeline(struct SessionHandle *handle,
+                                     struct connectdata *conn);
+void Curl_move_handle_from_send_to_recv_pipe(struct SessionHandle *handle,
+                                             struct connectdata *conn);
+bool Curl_pipeline_penalized(struct SessionHandle *data,
+                             struct connectdata *conn);
+
+bool Curl_pipeline_site_blacklisted(struct SessionHandle *handle,
+                                    struct connectdata *conn);
+
+CURLMcode Curl_pipeline_set_site_blacklist(char **sites,
+                                           struct curl_llist **list_ptr);
+
+bool Curl_pipeline_server_blacklisted(struct SessionHandle *handle,
+                                      char *server_name);
+
+CURLMcode Curl_pipeline_set_server_blacklist(char **servers,
+                                             struct curl_llist **list_ptr);
+
+#endif /* HEADER_CURL_PIPELINE_H */
diff --git a/Utilities/cmcurl/lib/pop3.c b/Utilities/cmcurl/lib/pop3.c
new file mode 100644
index 0000000..dc64f81
--- /dev/null
+++ b/Utilities/cmcurl/lib/pop3.c
@@ -0,0 +1,2339 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC1734 POP3 Authentication
+ * RFC1939 POP3 protocol
+ * RFC2195 CRAM-MD5 authentication
+ * RFC2384 POP URL Scheme
+ * RFC2449 POP3 Extension Mechanism
+ * RFC2595 Using TLS with IMAP, POP3 and ACAP
+ * RFC2831 DIGEST-MD5 authentication
+ * RFC4422 Simple Authentication and Security Layer (SASL)
+ * RFC4616 PLAIN authentication
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
+ * RFC5034 POP3 SASL Authentication Mechanism
+ * RFC6749 OAuth 2.0 Authorization Framework
+ * Draft   LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_POP3
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
+#undef in_addr_t
+#define in_addr_t unsigned long
+#endif
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "sendf.h"
+#include "if2ip.h"
+#include "hostip.h"
+#include "progress.h"
+#include "transfer.h"
+#include "escape.h"
+#include "http.h" /* for HTTP proxy tunnel stuff */
+#include "socks.h"
+#include "pop3.h"
+
+#include "strtoofft.h"
+#include "strequal.h"
+#include "vtls/vtls.h"
+#include "connect.h"
+#include "strerror.h"
+#include "select.h"
+#include "multiif.h"
+#include "url.h"
+#include "rawstr.h"
+#include "curl_sasl.h"
+#include "curl_md5.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* Local API functions */
+static CURLcode pop3_regular_transfer(struct connectdata *conn, bool *done);
+static CURLcode pop3_do(struct connectdata *conn, bool *done);
+static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
+                          bool premature);
+static CURLcode pop3_connect(struct connectdata *conn, bool *done);
+static CURLcode pop3_disconnect(struct connectdata *conn, bool dead);
+static CURLcode pop3_multi_statemach(struct connectdata *conn, bool *done);
+static int pop3_getsock(struct connectdata *conn, curl_socket_t *socks,
+                        int numsocks);
+static CURLcode pop3_doing(struct connectdata *conn, bool *dophase_done);
+static CURLcode pop3_setup_connection(struct connectdata *conn);
+static CURLcode pop3_parse_url_options(struct connectdata *conn);
+static CURLcode pop3_parse_url_path(struct connectdata *conn);
+static CURLcode pop3_parse_custom_request(struct connectdata *conn);
+static CURLcode pop3_calc_sasl_details(struct connectdata *conn,
+                                       const char **mech,
+                                       char **initresp, size_t *len,
+                                       pop3state *state1, pop3state *state2);
+
+/*
+ * POP3 protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_pop3 = {
+  "POP3",                           /* scheme */
+  pop3_setup_connection,            /* setup_connection */
+  pop3_do,                          /* do_it */
+  pop3_done,                        /* done */
+  ZERO_NULL,                        /* do_more */
+  pop3_connect,                     /* connect_it */
+  pop3_multi_statemach,             /* connecting */
+  pop3_doing,                       /* doing */
+  pop3_getsock,                     /* proto_getsock */
+  pop3_getsock,                     /* doing_getsock */
+  ZERO_NULL,                        /* domore_getsock */
+  ZERO_NULL,                        /* perform_getsock */
+  pop3_disconnect,                  /* disconnect */
+  ZERO_NULL,                        /* readwrite */
+  PORT_POP3,                        /* defport */
+  CURLPROTO_POP3,                   /* protocol */
+  PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */
+};
+
+#ifdef USE_SSL
+/*
+ * POP3S protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_pop3s = {
+  "POP3S",                          /* scheme */
+  pop3_setup_connection,            /* setup_connection */
+  pop3_do,                          /* do_it */
+  pop3_done,                        /* done */
+  ZERO_NULL,                        /* do_more */
+  pop3_connect,                     /* connect_it */
+  pop3_multi_statemach,             /* connecting */
+  pop3_doing,                       /* doing */
+  pop3_getsock,                     /* proto_getsock */
+  pop3_getsock,                     /* doing_getsock */
+  ZERO_NULL,                        /* domore_getsock */
+  ZERO_NULL,                        /* perform_getsock */
+  pop3_disconnect,                  /* disconnect */
+  ZERO_NULL,                        /* readwrite */
+  PORT_POP3S,                       /* defport */
+  CURLPROTO_POP3S,                  /* protocol */
+  PROTOPT_CLOSEACTION | PROTOPT_SSL
+  | PROTOPT_NOURLQUERY              /* flags */
+};
+#endif
+
+#ifndef CURL_DISABLE_HTTP
+/*
+ * HTTP-proxyed POP3 protocol handler.
+ */
+
+static const struct Curl_handler Curl_handler_pop3_proxy = {
+  "POP3",                               /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_POP3,                            /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+#ifdef USE_SSL
+/*
+ * HTTP-proxyed POP3S protocol handler.
+ */
+
+static const struct Curl_handler Curl_handler_pop3s_proxy = {
+  "POP3S",                              /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_POP3S,                           /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+#endif
+#endif
+
+#ifdef USE_SSL
+static void pop3_to_pop3s(struct connectdata *conn)
+{
+  conn->handler = &Curl_handler_pop3s;
+}
+#else
+#define pop3_to_pop3s(x) Curl_nop_stmt
+#endif
+
+/***********************************************************************
+ *
+ * pop3_endofresp()
+ *
+ * Checks for an ending POP3 status code at the start of the given string, but
+ * also detects the APOP timestamp from the server greeting and various
+ * capabilities from the CAPA response including the supported authentication
+ * types and allowed SASL mechanisms.
+ */
+static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len,
+                           int *resp)
+{
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+  /* Do we have an error response? */
+  if(len >= 4 && !memcmp("-ERR", line, 4)) {
+    *resp = '-';
+
+    return TRUE;
+  }
+
+  /* Are we processing CAPA command responses? */
+  if(pop3c->state == POP3_CAPA) {
+    /* Do we have the terminating line? */
+    if(len >= 1 && !memcmp(line, ".", 1))
+      *resp = '+';
+    else
+      *resp = '*';
+
+    return TRUE;
+  }
+
+  /* Do we have a command or continuation response? */
+  if((len >= 3 && !memcmp("+OK", line, 3)) ||
+     (len >= 1 && !memcmp("+", line, 1))) {
+    *resp = '+';
+
+    return TRUE;
+  }
+
+  return FALSE; /* Nothing for us */
+}
+
+/***********************************************************************
+ *
+ * pop3_get_message()
+ *
+ * Gets the authentication message from the response buffer.
+ */
+static void pop3_get_message(char *buffer, char** outptr)
+{
+  size_t len = 0;
+  char* message = NULL;
+
+  /* Find the start of the message */
+  for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
+    ;
+
+  /* Find the end of the message */
+  for(len = strlen(message); len--;)
+    if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
+        message[len] != '\t')
+      break;
+
+  /* Terminate the message */
+  if(++len) {
+    message[len] = '\0';
+  }
+
+  *outptr = message;
+}
+
+/***********************************************************************
+ *
+ * state()
+ *
+ * This is the ONLY way to change POP3 state!
+ */
+static void state(struct connectdata *conn, pop3state newstate)
+{
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+  /* for debug purposes */
+  static const char * const names[] = {
+    "STOP",
+    "SERVERGREET",
+    "CAPA",
+    "STARTTLS",
+    "UPGRADETLS",
+    "AUTH_PLAIN",
+    "AUTH_LOGIN",
+    "AUTH_LOGIN_PASSWD",
+    "AUTH_CRAMMD5",
+    "AUTH_DIGESTMD5",
+    "AUTH_DIGESTMD5_RESP",
+    "AUTH_NTLM",
+    "AUTH_NTLM_TYPE2MSG",
+    "AUTH_GSSAPI",
+    "AUTH_GSSAPI_TOKEN",
+    "AUTH_GSSAPI_NO_DATA",
+    "AUTH_XOAUTH2",
+    "AUTH_CANCEL",
+    "AUTH_FINAL",
+    "APOP",
+    "USER",
+    "PASS",
+    "COMMAND",
+    "QUIT",
+    /* LAST */
+  };
+
+  if(pop3c->state != newstate)
+    infof(conn->data, "POP3 %p state change from %s to %s\n",
+          (void *)pop3c, names[pop3c->state], names[newstate]);
+#endif
+
+  pop3c->state = newstate;
+}
+
+/***********************************************************************
+ *
+ * pop3_perform_capa()
+ *
+ * Sends the CAPA command in order to obtain a list of server side supported
+ * capabilities.
+ */
+static CURLcode pop3_perform_capa(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+  pop3c->authmechs = 0;         /* No known authentication mechanisms yet */
+  pop3c->authused = 0;          /* Clear the authentication mechanism used */
+  pop3c->tls_supported = FALSE; /* Clear the TLS capability */
+
+  /* Send the CAPA command */
+  result = Curl_pp_sendf(&pop3c->pp, "%s", "CAPA");
+
+  if(!result)
+    state(conn, POP3_CAPA);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_perform_starttls()
+ *
+ * Sends the STLS command to start the upgrade to TLS.
+ */
+static CURLcode pop3_perform_starttls(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  /* Send the STLS command */
+  result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "STLS");
+
+  if(!result)
+    state(conn, POP3_STARTTLS);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_perform_upgrade_tls()
+ *
+ * Performs the upgrade to TLS.
+ */
+static CURLcode pop3_perform_upgrade_tls(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+  /* Start the SSL connection */
+  result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &pop3c->ssldone);
+
+  if(!result) {
+    if(pop3c->state != POP3_UPGRADETLS)
+      state(conn, POP3_UPGRADETLS);
+
+    if(pop3c->ssldone) {
+      pop3_to_pop3s(conn);
+      result = pop3_perform_capa(conn);
+    }
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_perform_user()
+ *
+ * Sends a clear text USER command to authenticate with.
+ */
+static CURLcode pop3_perform_user(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  /* Check we have a username and password to authenticate with and end the
+     connect phase if we don't */
+  if(!conn->bits.user_passwd) {
+    state(conn, POP3_STOP);
+
+    return result;
+  }
+
+  /* Send the USER command */
+  result = Curl_pp_sendf(&conn->proto.pop3c.pp, "USER %s",
+                         conn->user ? conn->user : "");
+  if(!result)
+    state(conn, POP3_USER);
+
+  return result;
+}
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/***********************************************************************
+ *
+ * pop3_perform_apop()
+ *
+ * Sends an APOP command to authenticate with.
+ */
+static CURLcode pop3_perform_apop(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  size_t i;
+  MD5_context *ctxt;
+  unsigned char digest[MD5_DIGEST_LEN];
+  char secret[2 * MD5_DIGEST_LEN + 1];
+
+  /* Check we have a username and password to authenticate with and end the
+     connect phase if we don't */
+  if(!conn->bits.user_passwd) {
+    state(conn, POP3_STOP);
+
+    return result;
+  }
+
+  /* Create the digest */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) pop3c->apoptimestamp,
+                  curlx_uztoui(strlen(pop3c->apoptimestamp)));
+
+  Curl_MD5_update(ctxt, (const unsigned char *) conn->passwd,
+                  curlx_uztoui(strlen(conn->passwd)));
+
+  /* Finalise the digest */
+  Curl_MD5_final(ctxt, digest);
+
+  /* Convert the calculated 16 octet digest into a 32 byte hex string */
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&secret[2 * i], 3, "%02x", digest[i]);
+
+  result = Curl_pp_sendf(&pop3c->pp, "APOP %s %s", conn->user, secret);
+
+  if(!result)
+    state(conn, POP3_APOP);
+
+  return result;
+}
+#endif
+
+/***********************************************************************
+ *
+ * pop3_perform_auth()
+ *
+ * Sends an AUTH command allowing the client to login with the given SASL
+ * authentication mechanism.
+ */
+static CURLcode pop3_perform_auth(struct connectdata *conn,
+                                  const char *mech,
+                                  const char *initresp, size_t len,
+                                  pop3state state1, pop3state state2)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+  if(initresp && 8 + strlen(mech) + len <= 255) { /* AUTH <mech> ...<crlf> */
+    /* Send the AUTH command with the initial response */
+    result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
+
+    if(!result)
+      state(conn, state2);
+  }
+  else {
+    /* Send the AUTH command */
+    result = Curl_pp_sendf(&pop3c->pp, "AUTH %s", mech);
+
+    if(!result)
+      state(conn, state1);
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_perform_authentication()
+ *
+ * Initiates the authentication sequence, with the appropriate SASL
+ * authentication mechanism, falling back to APOP and clear text should a
+ * common mechanism not be available between the client and server.
+ */
+static CURLcode pop3_perform_authentication(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  const char *mech = NULL;
+  char *initresp = NULL;
+  size_t len = 0;
+  pop3state state1 = POP3_STOP;
+  pop3state state2 = POP3_STOP;
+
+  /* Check we have a username and password to authenticate with and end the
+     connect phase if we don't */
+  if(!conn->bits.user_passwd) {
+    state(conn, POP3_STOP);
+
+    return result;
+  }
+
+  /* Calculate the SASL login details */
+  if(pop3c->authtypes & POP3_TYPE_SASL)
+    result = pop3_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+                                    &state2);
+
+  if(!result) {
+    if(mech && (pop3c->preftype & POP3_TYPE_SASL)) {
+      /* Perform SASL based authentication */
+      result = pop3_perform_auth(conn, mech, initresp, len, state1, state2);
+
+      Curl_safefree(initresp);
+    }
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+    else if((pop3c->authtypes & POP3_TYPE_APOP) &&
+            (pop3c->preftype & POP3_TYPE_APOP))
+      /* Perform APOP authentication */
+      result = pop3_perform_apop(conn);
+#endif
+    else if((pop3c->authtypes & POP3_TYPE_CLEARTEXT) &&
+            (pop3c->preftype & POP3_TYPE_CLEARTEXT))
+      /* Perform clear text authentication */
+      result = pop3_perform_user(conn);
+    else {
+      /* Other mechanisms not supported */
+      infof(conn->data, "No known authentication mechanisms supported!\n");
+      result = CURLE_LOGIN_DENIED;
+    }
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_perform_command()
+ *
+ * Sends a POP3 based command.
+ */
+static CURLcode pop3_perform_command(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct POP3 *pop3 = data->req.protop;
+  const char *command = NULL;
+
+  /* Calculate the default command */
+  if(pop3->id[0] == '\0' || conn->data->set.ftp_list_only) {
+    command = "LIST";
+
+    if(pop3->id[0] != '\0')
+      /* Message specific LIST so skip the BODY transfer */
+      pop3->transfer = FTPTRANSFER_INFO;
+  }
+  else
+    command = "RETR";
+
+  /* Send the command */
+  if(pop3->id[0] != '\0')
+    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s %s",
+                           (pop3->custom && pop3->custom[0] != '\0' ?
+                            pop3->custom : command), pop3->id);
+  else
+    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s",
+                           (pop3->custom && pop3->custom[0] != '\0' ?
+                            pop3->custom : command));
+
+  if(!result)
+    state(conn, POP3_COMMAND);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_perform_quit()
+ *
+ * Performs the quit action prior to sclose() be called.
+ */
+static CURLcode pop3_perform_quit(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  /* Send the QUIT command */
+  result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "QUIT");
+
+  if(!result)
+    state(conn, POP3_QUIT);
+
+  return result;
+}
+
+/* For the initial server greeting */
+static CURLcode pop3_state_servergreet_resp(struct connectdata *conn,
+                                            int pop3code,
+                                            pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  const char *line = data->state.buffer;
+  size_t len = strlen(line);
+  size_t i;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Got unexpected pop3-server response");
+    result = CURLE_FTP_WEIRD_SERVER_REPLY;
+  }
+  else {
+    /* Does the server support APOP authentication? */
+    if(len >= 4 && line[len - 2] == '>') {
+      /* Look for the APOP timestamp */
+      for(i = 3; i < len - 2; ++i) {
+        if(line[i] == '<') {
+          /* Calculate the length of the timestamp */
+          size_t timestamplen = len - 1 - i;
+          if(!timestamplen)
+            break;
+
+          /* Allocate some memory for the timestamp */
+          pop3c->apoptimestamp = (char *)calloc(1, timestamplen + 1);
+
+          if(!pop3c->apoptimestamp)
+            break;
+
+          /* Copy the timestamp */
+          memcpy(pop3c->apoptimestamp, line + i, timestamplen);
+          pop3c->apoptimestamp[timestamplen] = '\0';
+
+          /* Store the APOP capability */
+          pop3c->authtypes |= POP3_TYPE_APOP;
+          break;
+        }
+      }
+    }
+
+    result = pop3_perform_capa(conn);
+  }
+
+  return result;
+}
+
+/* For CAPA responses */
+static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code,
+                                     pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  const char *line = data->state.buffer;
+  size_t len = strlen(line);
+  size_t wordlen;
+
+  (void)instate; /* no use for this yet */
+
+  /* Do we have a untagged response? */
+  if(pop3code == '*') {
+    /* Does the server support the STLS capability? */
+    if(len >= 4 && !memcmp(line, "STLS", 4))
+      pop3c->tls_supported = TRUE;
+
+    /* Does the server support clear text authentication? */
+    else if(len >= 4 && !memcmp(line, "USER", 4))
+      pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
+
+    /* Does the server support SASL based authentication? */
+    else if(len >= 5 && !memcmp(line, "SASL ", 5)) {
+      pop3c->authtypes |= POP3_TYPE_SASL;
+
+      /* Advance past the SASL keyword */
+      line += 5;
+      len -= 5;
+
+      /* Loop through the data line */
+      for(;;) {
+        while(len &&
+              (*line == ' ' || *line == '\t' ||
+               *line == '\r' || *line == '\n')) {
+
+          line++;
+          len--;
+        }
+
+        if(!len)
+          break;
+
+        /* Extract the word */
+        for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
+              line[wordlen] != '\t' && line[wordlen] != '\r' &&
+              line[wordlen] != '\n';)
+          wordlen++;
+
+        /* Test the word for a matching authentication mechanism */
+        if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))
+          pop3c->authmechs |= SASL_MECH_LOGIN;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))
+          pop3c->authmechs |= SASL_MECH_PLAIN;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))
+          pop3c->authmechs |= SASL_MECH_CRAM_MD5;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))
+          pop3c->authmechs |= SASL_MECH_DIGEST_MD5;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))
+          pop3c->authmechs |= SASL_MECH_GSSAPI;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))
+          pop3c->authmechs |= SASL_MECH_EXTERNAL;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))
+          pop3c->authmechs |= SASL_MECH_NTLM;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))
+          pop3c->authmechs |= SASL_MECH_XOAUTH2;
+
+        line += wordlen;
+        len -= wordlen;
+      }
+    }
+  }
+  else if(pop3code == '+') {
+    if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+      /* We don't have a SSL/TLS connection yet, but SSL is requested */
+      if(pop3c->tls_supported)
+        /* Switch to TLS connection now */
+        result = pop3_perform_starttls(conn);
+      else if(data->set.use_ssl == CURLUSESSL_TRY)
+        /* Fallback and carry on with authentication */
+        result = pop3_perform_authentication(conn);
+      else {
+        failf(data, "STLS not supported.");
+        result = CURLE_USE_SSL_FAILED;
+      }
+    }
+    else
+      result = pop3_perform_authentication(conn);
+  }
+  else {
+    /* Clear text is supported when CAPA isn't recognised */
+    pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
+
+    result = pop3_perform_authentication(conn);
+  }
+
+  return result;
+}
+
+/* For STARTTLS responses */
+static CURLcode pop3_state_starttls_resp(struct connectdata *conn,
+                                         int pop3code,
+                                         pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    if(data->set.use_ssl != CURLUSESSL_TRY) {
+      failf(data, "STARTTLS denied. %c", pop3code);
+      result = CURLE_USE_SSL_FAILED;
+    }
+    else
+      result = pop3_perform_authentication(conn);
+  }
+  else
+    result = pop3_perform_upgrade_tls(conn);
+
+  return result;
+}
+
+/* For AUTH PLAIN (without initial response) responses */
+static CURLcode pop3_state_auth_plain_resp(struct connectdata *conn,
+                                           int pop3code,
+                                           pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *plainauth = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied. %c", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the authorisation message */
+    result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
+                                            &plainauth, &len);
+    if(!result && plainauth) {
+      /* Send the message */
+      result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", plainauth);
+
+      if(!result)
+        state(conn, POP3_AUTH_FINAL);
+    }
+  }
+
+  Curl_safefree(plainauth);
+
+  return result;
+}
+
+/* For AUTH LOGIN (without initial response) responses */
+static CURLcode pop3_state_auth_login_resp(struct connectdata *conn,
+                                           int pop3code,
+                                           pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *authuser = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the user message */
+    result = Curl_sasl_create_login_message(data, conn->user,
+                                            &authuser, &len);
+    if(!result && authuser) {
+      /* Send the user */
+      result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", authuser);
+
+      if(!result)
+        state(conn, POP3_AUTH_LOGIN_PASSWD);
+    }
+  }
+
+  Curl_safefree(authuser);
+
+  return result;
+}
+
+/* For AUTH LOGIN user entry responses */
+static CURLcode pop3_state_auth_login_password_resp(struct connectdata *conn,
+                                                    int pop3code,
+                                                    pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *authpasswd = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the password message */
+    result = Curl_sasl_create_login_message(data, conn->passwd,
+                                            &authpasswd, &len);
+    if(!result && authpasswd) {
+      /* Send the password */
+      result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", authpasswd);
+
+      if(!result)
+        state(conn, POP3_AUTH_FINAL);
+    }
+  }
+
+  Curl_safefree(authpasswd);
+
+  return result;
+}
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* For AUTH CRAM-MD5 responses */
+static CURLcode pop3_state_auth_cram_resp(struct connectdata *conn,
+                                          int pop3code,
+                                          pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlg = NULL;
+  char *chlg64 = NULL;
+  char *rplyb64 = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Get the challenge message */
+  pop3_get_message(data->state.buffer, &chlg64);
+
+  /* Decode the challenge message */
+  result = Curl_sasl_decode_cram_md5_message(chlg64, &chlg, &len);
+  if(result) {
+    /* Send the cancellation */
+    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "*");
+
+    if(!result)
+      state(conn, POP3_AUTH_CANCEL);
+  }
+  else {
+    /* Create the response message */
+    result = Curl_sasl_create_cram_md5_message(data, chlg, conn->user,
+                                               conn->passwd, &rplyb64, &len);
+    if(!result && rplyb64) {
+      /* Send the response */
+      result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", rplyb64);
+
+      if(!result)
+        state(conn, POP3_AUTH_FINAL);
+    }
+  }
+
+  Curl_safefree(chlg);
+  Curl_safefree(rplyb64);
+
+  return result;
+}
+
+/* For AUTH DIGEST-MD5 challenge responses */
+static CURLcode pop3_state_auth_digest_resp(struct connectdata *conn,
+                                            int pop3code,
+                                            pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlg64 = NULL;
+  char *rplyb64 = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Get the challenge message */
+  pop3_get_message(data->state.buffer, &chlg64);
+
+  /* Create the response message */
+  result = Curl_sasl_create_digest_md5_message(data, chlg64,
+                                               conn->user, conn->passwd,
+                                               "pop", &rplyb64, &len);
+  if(result) {
+    if(result == CURLE_BAD_CONTENT_ENCODING) {
+      /* Send the cancellation */
+      result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "*");
+
+      if(!result)
+        state(conn, POP3_AUTH_CANCEL);
+    }
+  }
+  else {
+    /* Send the response */
+    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", rplyb64);
+
+    if(!result)
+      state(conn, POP3_AUTH_DIGESTMD5_RESP);
+  }
+
+  Curl_safefree(rplyb64);
+
+  return result;
+}
+
+/* For AUTH DIGEST-MD5 challenge-response responses */
+static CURLcode pop3_state_auth_digest_resp_resp(struct connectdata *conn,
+                                                 int pop3code,
+                                                 pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Authentication failed: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Send an empty response */
+    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "");
+
+    if(!result)
+      state(conn, POP3_AUTH_FINAL);
+  }
+
+  return result;
+}
+#endif
+
+#ifdef USE_NTLM
+/* For AUTH NTLM (without initial response) responses */
+static CURLcode pop3_state_auth_ntlm_resp(struct connectdata *conn,
+                                          int pop3code,
+                                          pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *type1msg = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the type-1 message */
+    result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
+                                                 &conn->ntlm,
+                                                 &type1msg, &len);
+    if(!result && type1msg) {
+      /* Send the message */
+      result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", type1msg);
+
+      if(!result)
+        state(conn, POP3_AUTH_NTLM_TYPE2MSG);
+    }
+  }
+
+  Curl_safefree(type1msg);
+
+  return result;
+}
+
+/* For NTLM type-2 responses (sent in reponse to our type-1 message) */
+static CURLcode pop3_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
+                                                   int pop3code,
+                                                   pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *type2msg = NULL;
+  char *type3msg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Get the type-2 message */
+    pop3_get_message(data->state.buffer, &type2msg);
+
+    /* Decode the type-2 message */
+    result = Curl_sasl_decode_ntlm_type2_message(data, type2msg, &conn->ntlm);
+    if(result) {
+      /* Send the cancellation */
+      result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "*");
+
+      if(!result)
+        state(conn, POP3_AUTH_CANCEL);
+    }
+    else {
+      /* Create the type-3 message */
+      result = Curl_sasl_create_ntlm_type3_message(data, conn->user,
+                                                   conn->passwd, &conn->ntlm,
+                                                   &type3msg, &len);
+      if(!result && type3msg) {
+        /* Send the message */
+        result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", type3msg);
+
+        if(!result)
+          state(conn, POP3_AUTH_FINAL);
+      }
+    }
+  }
+
+  Curl_safefree(type3msg);
+
+  return result;
+}
+#endif
+
+#if defined(USE_WINDOWS_SSPI)
+/* For AUTH GSSAPI (without initial response) responses */
+static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn,
+                                            int pop3code,
+                                            pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  size_t len = 0;
+  char *respmsg = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the initial response message */
+    result = Curl_sasl_create_gssapi_user_message(data, conn->user,
+                                                  conn->passwd, "pop",
+                                                  pop3c->mutual_auth,
+                                                  NULL, &conn->krb5,
+                                                  &respmsg, &len);
+    if(!result && respmsg) {
+      /* Send the message */
+      result = Curl_pp_sendf(&pop3c->pp, "%s", respmsg);
+
+      if(!result)
+        state(conn, POP3_AUTH_GSSAPI_TOKEN);
+    }
+  }
+
+  Curl_safefree(respmsg);
+
+  return result;
+}
+
+/* For AUTH GSSAPI user token responses */
+static CURLcode pop3_state_auth_gssapi_token_resp(struct connectdata *conn,
+                                                  int pop3code,
+                                                  pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  char *chlgmsg = NULL;
+  char *respmsg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Get the challenge message */
+    pop3_get_message(data->state.buffer, &chlgmsg);
+
+    if(pop3c->mutual_auth)
+      /* Decode the user token challenge and create the optional response
+         message */
+      result = Curl_sasl_create_gssapi_user_message(data, NULL, NULL, NULL,
+                                                    pop3c->mutual_auth,
+                                                    chlgmsg, &conn->krb5,
+                                                    &respmsg, &len);
+    else
+      /* Decode the security challenge and create the response message */
+      result = Curl_sasl_create_gssapi_security_message(data, chlgmsg,
+                                                        &conn->krb5,
+                                                        &respmsg, &len);
+
+    if(result) {
+      if(result == CURLE_BAD_CONTENT_ENCODING) {
+        /* Send the cancellation */
+        result = Curl_pp_sendf(&pop3c->pp, "%s", "*");
+
+        if(!result)
+          state(conn, POP3_AUTH_CANCEL);
+      }
+    }
+    else {
+      /* Send the response */
+      if(respmsg)
+        result = Curl_pp_sendf(&pop3c->pp, "%s", respmsg);
+      else
+        result = Curl_pp_sendf(&pop3c->pp, "%s", "");
+
+      if(!result)
+        state(conn, (pop3c->mutual_auth ? POP3_AUTH_GSSAPI_NO_DATA :
+                                          POP3_AUTH_FINAL));
+    }
+  }
+
+  Curl_safefree(respmsg);
+
+  return result;
+}
+
+/* For AUTH GSSAPI no data responses */
+static CURLcode pop3_state_auth_gssapi_no_data_resp(struct connectdata *conn,
+                                                    int pop3code,
+                                                    pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlgmsg = NULL;
+  char *respmsg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Get the challenge message */
+    pop3_get_message(data->state.buffer, &chlgmsg);
+
+    /* Decode the security challenge and create the security message */
+    result = Curl_sasl_create_gssapi_security_message(data, chlgmsg,
+                                                      &conn->krb5,
+                                                      &respmsg, &len);
+    if(result) {
+      if(result == CURLE_BAD_CONTENT_ENCODING) {
+        /* Send the cancellation */
+        result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "*");
+
+        if(!result)
+          state(conn, POP3_AUTH_CANCEL);
+      }
+    }
+    else {
+      /* Send the response */
+      if(respmsg) {
+        result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", respmsg);
+
+        if(!result)
+          state(conn, POP3_AUTH_FINAL);
+      }
+    }
+  }
+
+  Curl_safefree(respmsg);
+
+  return result;
+}
+#endif
+
+/* For AUTH XOAUTH2 (without initial response) responses */
+static CURLcode pop3_state_auth_xoauth2_resp(struct connectdata *conn,
+                                             int pop3code, pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *xoauth = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the authorisation message */
+    result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
+                                              conn->xoauth2_bearer,
+                                              &xoauth, &len);
+    if(!result && xoauth) {
+      /* Send the message */
+      result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", xoauth);
+
+      if(!result)
+        state(conn, POP3_AUTH_FINAL);
+    }
+  }
+
+  Curl_safefree(xoauth);
+
+  return result;
+}
+
+/* For AUTH cancellation responses */
+static CURLcode pop3_state_auth_cancel_resp(struct connectdata *conn,
+                                            int pop3code,
+                                            pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  const char *mech = NULL;
+  char *initresp = NULL;
+  size_t len = 0;
+  pop3state state1 = POP3_STOP;
+  pop3state state2 = POP3_STOP;
+
+  (void)pop3code;
+  (void)instate; /* no use for this yet */
+
+  /* Remove the offending mechanism from the supported list */
+  pop3c->authmechs ^= pop3c->authused;
+
+  /* Calculate alternative SASL login details */
+  result = pop3_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+                                  &state2);
+
+  if(!result) {
+    /* Do we have any mechanisms left or can we fallback to another
+       authentication type? */
+    if(mech) {
+      /* Retry SASL based authentication */
+      result = pop3_perform_auth(conn, mech, initresp, len, state1, state2);
+
+      Curl_safefree(initresp);
+    }
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+    else if((pop3c->authtypes & POP3_TYPE_APOP) &&
+            (pop3c->preftype & POP3_TYPE_APOP))
+      /* Perform APOP authentication */
+      result = pop3_perform_apop(conn);
+#endif
+    else if((pop3c->authtypes & POP3_TYPE_CLEARTEXT) &&
+            (pop3c->preftype & POP3_TYPE_CLEARTEXT))
+      /* Perform clear text authentication */
+      result = pop3_perform_user(conn);
+    else {
+      failf(data, "Authentication cancelled");
+
+      result = CURLE_LOGIN_DENIED;
+    }
+  }
+
+  return result;
+}
+
+/* For final responses in the AUTH sequence */
+static CURLcode pop3_state_auth_final_resp(struct connectdata *conn,
+                                           int pop3code,
+                                           pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Authentication failed: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else
+    /* End of connect phase */
+    state(conn, POP3_STOP);
+
+  return result;
+}
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* For APOP responses */
+static CURLcode pop3_state_apop_resp(struct connectdata *conn, int pop3code,
+                                     pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Authentication failed: %d", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else
+    /* End of connect phase */
+    state(conn, POP3_STOP);
+
+  return result;
+}
+#endif
+
+/* For USER responses */
+static CURLcode pop3_state_user_resp(struct connectdata *conn, int pop3code,
+                                     pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied. %c", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else
+    /* Send the PASS command */
+    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "PASS %s",
+                           conn->passwd ? conn->passwd : "");
+  if(!result)
+    state(conn, POP3_PASS);
+
+  return result;
+}
+
+/* For PASS responses */
+static CURLcode pop3_state_pass_resp(struct connectdata *conn, int pop3code,
+                                     pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    failf(data, "Access denied. %c", pop3code);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else
+    /* End of connect phase */
+    state(conn, POP3_STOP);
+
+  return result;
+}
+
+/* For command responses */
+static CURLcode pop3_state_command_resp(struct connectdata *conn,
+                                        int pop3code,
+                                        pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct POP3 *pop3 = data->req.protop;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  struct pingpong *pp = &pop3c->pp;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != '+') {
+    state(conn, POP3_STOP);
+    return CURLE_RECV_ERROR;
+  }
+
+  /* This 'OK' line ends with a CR LF pair which is the two first bytes of the
+     EOB string so count this is two matching bytes. This is necessary to make
+     the code detect the EOB if the only data than comes now is %2e CR LF like
+     when there is no body to return. */
+  pop3c->eob = 2;
+
+  /* But since this initial CR LF pair is not part of the actual body, we set
+     the strip counter here so that these bytes won't be delivered. */
+  pop3c->strip = 2;
+
+  if(pop3->transfer == FTPTRANSFER_BODY) {
+    /* POP3 download */
+    Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, NULL, -1, NULL);
+
+    if(pp->cache) {
+      /* The header "cache" contains a bunch of data that is actually body
+         content so send it as such. Note that there may even be additional
+         "headers" after the body */
+
+      if(!data->set.opt_no_body) {
+        result = Curl_pop3_write(conn, pp->cache, pp->cache_size);
+        if(result)
+          return result;
+      }
+
+      /* Free the cache */
+      Curl_safefree(pp->cache);
+
+      /* Reset the cache size */
+      pp->cache_size = 0;
+    }
+  }
+
+  /* End of DO phase */
+  state(conn, POP3_STOP);
+
+  return result;
+}
+
+static CURLcode pop3_statemach_act(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  curl_socket_t sock = conn->sock[FIRSTSOCKET];
+  int pop3code;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  struct pingpong *pp = &pop3c->pp;
+  size_t nread = 0;
+
+  /* Busy upgrading the connection; right now all I/O is SSL/TLS, not POP3 */
+  if(pop3c->state == POP3_UPGRADETLS)
+    return pop3_perform_upgrade_tls(conn);
+
+  /* Flush any data that needs to be sent */
+  if(pp->sendleft)
+    return Curl_pp_flushsend(pp);
+
+ do {
+    /* Read the response from the server */
+    result = Curl_pp_readresp(sock, pp, &pop3code, &nread);
+    if(result)
+      return result;
+
+    if(!pop3code)
+      break;
+
+    /* We have now received a full POP3 server response */
+    switch(pop3c->state) {
+    case POP3_SERVERGREET:
+      result = pop3_state_servergreet_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_CAPA:
+      result = pop3_state_capa_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_STARTTLS:
+      result = pop3_state_starttls_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_PLAIN:
+      result = pop3_state_auth_plain_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_LOGIN:
+      result = pop3_state_auth_login_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_LOGIN_PASSWD:
+      result = pop3_state_auth_login_password_resp(conn, pop3code,
+                                                   pop3c->state);
+      break;
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+    case POP3_AUTH_CRAMMD5:
+      result = pop3_state_auth_cram_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_DIGESTMD5:
+      result = pop3_state_auth_digest_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_DIGESTMD5_RESP:
+      result = pop3_state_auth_digest_resp_resp(conn, pop3code, pop3c->state);
+      break;
+#endif
+
+#ifdef USE_NTLM
+    case POP3_AUTH_NTLM:
+      result = pop3_state_auth_ntlm_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_NTLM_TYPE2MSG:
+      result = pop3_state_auth_ntlm_type2msg_resp(conn, pop3code,
+                                                  pop3c->state);
+      break;
+#endif
+
+#if defined(USE_WINDOWS_SSPI)
+    case POP3_AUTH_GSSAPI:
+      result = pop3_state_auth_gssapi_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_GSSAPI_TOKEN:
+      result = pop3_state_auth_gssapi_token_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_GSSAPI_NO_DATA:
+      result = pop3_state_auth_gssapi_no_data_resp(conn, pop3code,
+                                                   pop3c->state);
+      break;
+#endif
+
+    case POP3_AUTH_XOAUTH2:
+      result = pop3_state_auth_xoauth2_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_CANCEL:
+      result = pop3_state_auth_cancel_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_AUTH_FINAL:
+      result = pop3_state_auth_final_resp(conn, pop3code, pop3c->state);
+      break;
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+    case POP3_APOP:
+      result = pop3_state_apop_resp(conn, pop3code, pop3c->state);
+      break;
+#endif
+
+    case POP3_USER:
+      result = pop3_state_user_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_PASS:
+      result = pop3_state_pass_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_COMMAND:
+      result = pop3_state_command_resp(conn, pop3code, pop3c->state);
+      break;
+
+    case POP3_QUIT:
+      /* fallthrough, just stop! */
+    default:
+      /* internal error */
+      state(conn, POP3_STOP);
+      break;
+    }
+  } while(!result && pop3c->state != POP3_STOP && Curl_pp_moredata(pp));
+
+  return result;
+}
+
+/* Called repeatedly until done from multi.c */
+static CURLcode pop3_multi_statemach(struct connectdata *conn, bool *done)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+  if((conn->handler->flags & PROTOPT_SSL) && !pop3c->ssldone) {
+    result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &pop3c->ssldone);
+    if(result || !pop3c->ssldone)
+      return result;
+  }
+
+  result = Curl_pp_statemach(&pop3c->pp, FALSE);
+  *done = (pop3c->state == POP3_STOP) ? TRUE : FALSE;
+
+  return result;
+}
+
+static CURLcode pop3_block_statemach(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+  while(pop3c->state != POP3_STOP && !result)
+    result = Curl_pp_statemach(&pop3c->pp, TRUE);
+
+  return result;
+}
+
+/* Allocate and initialize the POP3 struct for the current SessionHandle if
+   required */
+static CURLcode pop3_init(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct POP3 *pop3;
+
+  pop3 = data->req.protop = calloc(sizeof(struct POP3), 1);
+  if(!pop3)
+    result = CURLE_OUT_OF_MEMORY;
+
+  return result;
+}
+
+/* For the POP3 "protocol connect" and "doing" phases only */
+static int pop3_getsock(struct connectdata *conn, curl_socket_t *socks,
+                        int numsocks)
+{
+  return Curl_pp_getsock(&conn->proto.pop3c.pp, socks, numsocks);
+}
+
+/***********************************************************************
+ *
+ * pop3_connect()
+ *
+ * This function should do everything that is to be considered a part of the
+ * connection phase.
+ *
+ * The variable 'done' points to will be TRUE if the protocol-layer connect
+ * phase is done when this function returns, or FALSE if not.
+ */
+static CURLcode pop3_connect(struct connectdata *conn, bool *done)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  struct pingpong *pp = &pop3c->pp;
+
+  *done = FALSE; /* default to not done yet */
+
+  /* We always support persistent connections in POP3 */
+  connkeep(conn, "POP3 default");
+
+  /* Set the default response time-out */
+  pp->response_time = RESP_TIMEOUT;
+  pp->statemach_act = pop3_statemach_act;
+  pp->endofresp = pop3_endofresp;
+  pp->conn = conn;
+
+  /* Set the default preferred authentication type and mechanism */
+  pop3c->preftype = POP3_TYPE_ANY;
+  pop3c->prefmech = SASL_AUTH_ANY;
+
+  /* Initialise the pingpong layer */
+  Curl_pp_init(pp);
+
+  /* Parse the URL options */
+  result = pop3_parse_url_options(conn);
+  if(result)
+    return result;
+
+  /* Start off waiting for the server greeting response */
+  state(conn, POP3_SERVERGREET);
+
+  result = pop3_multi_statemach(conn, done);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_done()
+ *
+ * The DONE function. This does what needs to be done after a single DO has
+ * performed.
+ *
+ * Input argument is already checked for validity.
+ */
+static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
+                          bool premature)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct POP3 *pop3 = data->req.protop;
+
+  (void)premature;
+
+  if(!pop3)
+    /* When the easy handle is removed from the multi interface while libcurl
+       is still trying to resolve the host name, the POP3 struct is not yet
+       initialized. However, the removal action calls Curl_done() which in
+       turn calls this function, so we simply return success. */
+    return CURLE_OK;
+
+  if(status) {
+    connclose(conn, "POP3 done with bad status");
+    result = status;         /* use the already set error code */
+  }
+
+  /* Cleanup our per-request based variables */
+  Curl_safefree(pop3->id);
+  Curl_safefree(pop3->custom);
+
+  /* Clear the transfer mode for the next request */
+  pop3->transfer = FTPTRANSFER_BODY;
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_perform()
+ *
+ * This is the actual DO function for POP3. Get a message/listing according to
+ * the options previously setup.
+ */
+static CURLcode pop3_perform(struct connectdata *conn, bool *connected,
+                             bool *dophase_done)
+{
+  /* This is POP3 and no proxy */
+  CURLcode result = CURLE_OK;
+  struct POP3 *pop3 = conn->data->req.protop;
+
+  DEBUGF(infof(conn->data, "DO phase starts\n"));
+
+  if(conn->data->set.opt_no_body) {
+    /* Requested no body means no transfer */
+    pop3->transfer = FTPTRANSFER_INFO;
+  }
+
+  *dophase_done = FALSE; /* not done yet */
+
+  /* Start the first command in the DO phase */
+  result = pop3_perform_command(conn);
+  if(result)
+    return result;
+
+  /* Run the state-machine */
+  result = pop3_multi_statemach(conn, dophase_done);
+
+  *connected = conn->bits.tcpconnect[FIRSTSOCKET];
+
+  if(*dophase_done)
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_do()
+ *
+ * This function is registered as 'curl_do' function. It decodes the path
+ * parts etc as a wrapper to the actual DO function (pop3_perform).
+ *
+ * The input argument is already checked for validity.
+ */
+static CURLcode pop3_do(struct connectdata *conn, bool *done)
+{
+  CURLcode result = CURLE_OK;
+
+  *done = FALSE; /* default to false */
+
+  /* Parse the URL path */
+  result = pop3_parse_url_path(conn);
+  if(result)
+    return result;
+
+  /* Parse the custom request */
+  result = pop3_parse_custom_request(conn);
+  if(result)
+    return result;
+
+  result = pop3_regular_transfer(conn, done);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_disconnect()
+ *
+ * Disconnect from an POP3 server. Cleanup protocol-specific per-connection
+ * resources. BLOCKING.
+ */
+static CURLcode pop3_disconnect(struct connectdata *conn, bool dead_connection)
+{
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+  /* We cannot send quit unconditionally. If this connection is stale or
+     bad in any way, sending quit and waiting around here will make the
+     disconnect wait in vain and cause more problems than we need to. */
+
+  /* The POP3 session may or may not have been allocated/setup at this
+     point! */
+  if(!dead_connection && pop3c->pp.conn && pop3c->pp.conn->bits.protoconnstart)
+    if(!pop3_perform_quit(conn))
+      (void)pop3_block_statemach(conn); /* ignore errors on QUIT */
+
+  /* Disconnect from the server */
+  Curl_pp_disconnect(&pop3c->pp);
+
+  /* Cleanup the SASL module */
+  Curl_sasl_cleanup(conn, pop3c->authused);
+
+  /* Cleanup our connection based variables */
+  Curl_safefree(pop3c->apoptimestamp);
+
+  return CURLE_OK;
+}
+
+/* Call this when the DO phase has completed */
+static CURLcode pop3_dophase_done(struct connectdata *conn, bool connected)
+{
+  (void)conn;
+  (void)connected;
+
+  return CURLE_OK;
+}
+
+/* Called from multi.c while DOing */
+static CURLcode pop3_doing(struct connectdata *conn, bool *dophase_done)
+{
+  CURLcode result = pop3_multi_statemach(conn, dophase_done);
+
+  if(result)
+    DEBUGF(infof(conn->data, "DO phase failed\n"));
+  else if(*dophase_done) {
+    result = pop3_dophase_done(conn, FALSE /* not connected */);
+
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_regular_transfer()
+ *
+ * The input argument is already checked for validity.
+ *
+ * Performs all commands done before a regular transfer between a local and a
+ * remote host.
+ */
+static CURLcode pop3_regular_transfer(struct connectdata *conn,
+                                      bool *dophase_done)
+{
+  CURLcode result = CURLE_OK;
+  bool connected = FALSE;
+  struct SessionHandle *data = conn->data;
+
+  /* Make sure size is unknown at this point */
+  data->req.size = -1;
+
+  /* Set the progress data */
+  Curl_pgrsSetUploadCounter(data, 0);
+  Curl_pgrsSetDownloadCounter(data, 0);
+  Curl_pgrsSetUploadSize(data, -1);
+  Curl_pgrsSetDownloadSize(data, -1);
+
+  /* Carry out the perform */
+  result = pop3_perform(conn, &connected, dophase_done);
+
+  /* Perform post DO phase operations if necessary */
+  if(!result && *dophase_done)
+    result = pop3_dophase_done(conn, connected);
+
+  return result;
+}
+
+static CURLcode pop3_setup_connection(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+
+  /* Initialise the POP3 layer */
+  CURLcode result = pop3_init(conn);
+  if(result)
+    return result;
+
+  if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) {
+    /* Unless we have asked to tunnel POP3 operations through the proxy, we
+       switch and use HTTP operations only */
+#ifndef CURL_DISABLE_HTTP
+    if(conn->handler == &Curl_handler_pop3)
+      conn->handler = &Curl_handler_pop3_proxy;
+    else {
+#ifdef USE_SSL
+      conn->handler = &Curl_handler_pop3s_proxy;
+#else
+      failf(data, "POP3S not supported!");
+      return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+    }
+
+    /* set it up as an HTTP connection instead */
+    return conn->handler->setup_connection(conn);
+#else
+    failf(data, "POP3 over http proxy requires HTTP support built-in!");
+    return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+  }
+
+  data->state.path++;   /* don't include the initial slash */
+
+  return CURLE_OK;
+}
+
+/***********************************************************************
+ *
+ * pop3_parse_url_options()
+ *
+ * Parse the URL login options.
+ */
+static CURLcode pop3_parse_url_options(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  const char *options = conn->options;
+  const char *ptr = options;
+  bool reset = TRUE;
+
+  while(ptr && *ptr) {
+    const char *key = ptr;
+
+    while(*ptr && *ptr != '=')
+        ptr++;
+
+    if(strnequal(key, "AUTH", 4)) {
+      size_t len = 0;
+      const char *value = ++ptr;
+
+      if(reset) {
+        reset = FALSE;
+        pop3c->preftype = POP3_TYPE_NONE;
+        pop3c->prefmech = SASL_AUTH_NONE;
+      }
+
+      while(*ptr && *ptr != ';') {
+        ptr++;
+        len++;
+      }
+
+      if(strnequal(value, "*", len)) {
+        pop3c->preftype = POP3_TYPE_ANY;
+        pop3c->prefmech = SASL_AUTH_ANY;
+      }
+      else if(strnequal(value, "+APOP", len)) {
+        pop3c->preftype = POP3_TYPE_APOP;
+        pop3c->prefmech = SASL_AUTH_NONE;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_LOGIN, len)) {
+        pop3c->preftype = POP3_TYPE_SASL;
+        pop3c->prefmech |= SASL_MECH_LOGIN;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_PLAIN, len)) {
+        pop3c->preftype = POP3_TYPE_SASL;
+        pop3c->prefmech |= SASL_MECH_PLAIN;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_CRAM_MD5, len)) {
+        pop3c->preftype = POP3_TYPE_SASL;
+        pop3c->prefmech |= SASL_MECH_CRAM_MD5;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_DIGEST_MD5, len)) {
+        pop3c->preftype = POP3_TYPE_SASL;
+        pop3c->prefmech |= SASL_MECH_DIGEST_MD5;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_GSSAPI, len)) {
+        pop3c->preftype = POP3_TYPE_SASL;
+        pop3c->prefmech |= SASL_MECH_GSSAPI;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_NTLM, len)) {
+        pop3c->preftype = POP3_TYPE_SASL;
+        pop3c->prefmech |= SASL_MECH_NTLM;
+      }
+      else if(strnequal(value, SASL_MECH_STRING_XOAUTH2, len)) {
+        pop3c->preftype = POP3_TYPE_SASL;
+        pop3c->prefmech |= SASL_MECH_XOAUTH2;
+      }
+
+      if(*ptr == ';')
+        ptr++;
+    }
+    else
+      result = CURLE_URL_MALFORMAT;
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_parse_url_path()
+ *
+ * Parse the URL path into separate path components.
+ */
+static CURLcode pop3_parse_url_path(struct connectdata *conn)
+{
+  /* The POP3 struct is already initialised in pop3_connect() */
+  struct SessionHandle *data = conn->data;
+  struct POP3 *pop3 = data->req.protop;
+  const char *path = data->state.path;
+
+  /* URL decode the path for the message ID */
+  return Curl_urldecode(data, path, 0, &pop3->id, NULL, TRUE);
+}
+
+/***********************************************************************
+ *
+ * pop3_parse_custom_request()
+ *
+ * Parse the custom request.
+ */
+static CURLcode pop3_parse_custom_request(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct POP3 *pop3 = data->req.protop;
+  const char *custom = data->set.str[STRING_CUSTOMREQUEST];
+
+  /* URL decode the custom request */
+  if(custom)
+    result = Curl_urldecode(data, custom, 0, &pop3->custom, NULL, TRUE);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * pop3_calc_sasl_details()
+ *
+ * Calculate the required login details for SASL authentication.
+ */
+static CURLcode pop3_calc_sasl_details(struct connectdata *conn,
+                                       const char **mech,
+                                       char **initresp, size_t *len,
+                                       pop3state *state1, pop3state *state2)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+  /* Calculate the supported authentication mechanism, by decreasing order of
+     security, as well as the initial response where appropriate */
+#if defined(USE_WINDOWS_SSPI)
+  if((pop3c->authmechs & SASL_MECH_GSSAPI) &&
+      (pop3c->prefmech & SASL_MECH_GSSAPI)) {
+    pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
+
+    *mech = SASL_MECH_STRING_GSSAPI;
+    *state1 = POP3_AUTH_GSSAPI;
+    *state2 = POP3_AUTH_GSSAPI_TOKEN;
+    pop3c->authused = SASL_MECH_GSSAPI;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_gssapi_user_message(data, conn->user,
+                                                    conn->passwd, "pop",
+                                                    pop3c->mutual_auth,
+                                                    NULL, &conn->krb5,
+                                                    initresp, len);
+  }
+  else
+#endif
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+  if((pop3c->authmechs & SASL_MECH_DIGEST_MD5) &&
+      (pop3c->prefmech & SASL_MECH_DIGEST_MD5)) {
+    *mech = SASL_MECH_STRING_DIGEST_MD5;
+    *state1 = POP3_AUTH_DIGESTMD5;
+    pop3c->authused = SASL_MECH_DIGEST_MD5;
+  }
+  else if((pop3c->authmechs & SASL_MECH_CRAM_MD5) &&
+          (pop3c->prefmech & SASL_MECH_CRAM_MD5)) {
+    *mech = SASL_MECH_STRING_CRAM_MD5;
+    *state1 = POP3_AUTH_CRAMMD5;
+    pop3c->authused = SASL_MECH_CRAM_MD5;
+  }
+  else
+#endif
+#ifdef USE_NTLM
+  if((pop3c->authmechs & SASL_MECH_NTLM) &&
+      (pop3c->prefmech & SASL_MECH_NTLM)) {
+    *mech = SASL_MECH_STRING_NTLM;
+    *state1 = POP3_AUTH_NTLM;
+    *state2 = POP3_AUTH_NTLM_TYPE2MSG;
+    pop3c->authused = SASL_MECH_NTLM;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
+                                                    &conn->ntlm,
+                                                    initresp, len);
+  }
+  else
+#endif
+  if(((pop3c->authmechs & SASL_MECH_XOAUTH2) &&
+      (pop3c->prefmech & SASL_MECH_XOAUTH2) &&
+      (pop3c->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
+    *mech = SASL_MECH_STRING_XOAUTH2;
+    *state1 = POP3_AUTH_XOAUTH2;
+    *state2 = POP3_AUTH_FINAL;
+    pop3c->authused = SASL_MECH_XOAUTH2;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_xoauth2_message(data, conn->user,
+                                                conn->xoauth2_bearer,
+                                                initresp, len);
+  }
+  else if((pop3c->authmechs & SASL_MECH_LOGIN) &&
+          (pop3c->prefmech & SASL_MECH_LOGIN)) {
+    *mech = SASL_MECH_STRING_LOGIN;
+    *state1 = POP3_AUTH_LOGIN;
+    *state2 = POP3_AUTH_LOGIN_PASSWD;
+    pop3c->authused = SASL_MECH_LOGIN;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_login_message(data, conn->user, initresp, len);
+  }
+  else if((pop3c->authmechs & SASL_MECH_PLAIN) &&
+          (pop3c->prefmech & SASL_MECH_PLAIN)) {
+    *mech = SASL_MECH_STRING_PLAIN;
+    *state1 = POP3_AUTH_PLAIN;
+    *state2 = POP3_AUTH_FINAL;
+    pop3c->authused = SASL_MECH_PLAIN;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
+                                              initresp, len);
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * Curl_pop3_write()
+ *
+ * This function scans the body after the end-of-body and writes everything
+ * until the end is found.
+ */
+CURLcode Curl_pop3_write(struct connectdata *conn, char *str, size_t nread)
+{
+  /* This code could be made into a special function in the handler struct */
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SingleRequest *k = &data->req;
+
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  bool strip_dot = FALSE;
+  size_t last = 0;
+  size_t i;
+
+  /* Search through the buffer looking for the end-of-body marker which is
+     5 bytes (0d 0a 2e 0d 0a). Note that a line starting with a dot matches
+     the eob so the server will have prefixed it with an extra dot which we
+     need to strip out. Additionally the marker could of course be spread out
+     over 5 different data chunks. */
+  for(i = 0; i < nread; i++) {
+    size_t prev = pop3c->eob;
+
+    switch(str[i]) {
+    case 0x0d:
+      if(pop3c->eob == 0) {
+        pop3c->eob++;
+
+        if(i) {
+          /* Write out the body part that didn't match */
+          result = Curl_client_write(conn, CLIENTWRITE_BODY, &str[last],
+                                     i - last);
+
+          if(result)
+            return result;
+
+          last = i;
+        }
+      }
+      else if(pop3c->eob == 3)
+        pop3c->eob++;
+      else
+        /* If the character match wasn't at position 0 or 3 then restart the
+           pattern matching */
+        pop3c->eob = 1;
+      break;
+
+    case 0x0a:
+      if(pop3c->eob == 1 || pop3c->eob == 4)
+        pop3c->eob++;
+      else
+        /* If the character match wasn't at position 1 or 4 then start the
+           search again */
+        pop3c->eob = 0;
+      break;
+
+    case 0x2e:
+      if(pop3c->eob == 2)
+        pop3c->eob++;
+      else if(pop3c->eob == 3) {
+        /* We have an extra dot after the CRLF which we need to strip off */
+        strip_dot = TRUE;
+        pop3c->eob = 0;
+      }
+      else
+        /* If the character match wasn't at position 2 then start the search
+           again */
+        pop3c->eob = 0;
+      break;
+
+    default:
+      pop3c->eob = 0;
+      break;
+    }
+
+    /* Did we have a partial match which has subsequently failed? */
+    if(prev && prev >= pop3c->eob) {
+      /* Strip can only be non-zero for the very first mismatch after CRLF
+         and then both prev and strip are equal and nothing will be output
+         below */
+      while(prev && pop3c->strip) {
+        prev--;
+        pop3c->strip--;
+      }
+
+      if(prev) {
+        /* If the partial match was the CRLF and dot then only write the CRLF
+           as the server would have inserted the dot */
+        result = Curl_client_write(conn, CLIENTWRITE_BODY, (char*)POP3_EOB,
+                                   strip_dot ? prev - 1 : prev);
+
+        if(result)
+          return result;
+
+        last = i;
+        strip_dot = FALSE;
+      }
+    }
+  }
+
+  if(pop3c->eob == POP3_EOB_LEN) {
+    /* We have a full match so the transfer is done, however we must transfer
+    the CRLF at the start of the EOB as this is considered to be part of the
+    message as per RFC-1939, sect. 3 */
+    result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)POP3_EOB, 2);
+
+    k->keepon &= ~KEEP_RECV;
+    pop3c->eob = 0;
+
+    return result;
+  }
+
+  if(pop3c->eob)
+    /* While EOB is matching nothing should be output */
+    return CURLE_OK;
+
+  if(nread - last) {
+    result = Curl_client_write(conn, CLIENTWRITE_BODY, &str[last],
+                               nread - last);
+  }
+
+  return result;
+}
+
+#endif /* CURL_DISABLE_POP3 */
diff --git a/Utilities/cmcurl/lib/pop3.h b/Utilities/cmcurl/lib/pop3.h
new file mode 100644
index 0000000..729a55a
--- /dev/null
+++ b/Utilities/cmcurl/lib/pop3.h
@@ -0,0 +1,110 @@
+#ifndef HEADER_CURL_POP3_H
+#define HEADER_CURL_POP3_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2009 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "pingpong.h"
+
+/****************************************************************************
+ * POP3 unique setup
+ ***************************************************************************/
+typedef enum {
+  POP3_STOP,         /* do nothing state, stops the state machine */
+  POP3_SERVERGREET,  /* waiting for the initial greeting immediately after
+                        a connect */
+  POP3_CAPA,
+  POP3_STARTTLS,
+  POP3_UPGRADETLS,   /* asynchronously upgrade the connection to SSL/TLS
+                       (multi mode only) */
+  POP3_AUTH_PLAIN,
+  POP3_AUTH_LOGIN,
+  POP3_AUTH_LOGIN_PASSWD,
+  POP3_AUTH_CRAMMD5,
+  POP3_AUTH_DIGESTMD5,
+  POP3_AUTH_DIGESTMD5_RESP,
+  POP3_AUTH_NTLM,
+  POP3_AUTH_NTLM_TYPE2MSG,
+  POP3_AUTH_GSSAPI,
+  POP3_AUTH_GSSAPI_TOKEN,
+  POP3_AUTH_GSSAPI_NO_DATA,
+  POP3_AUTH_XOAUTH2,
+  POP3_AUTH_CANCEL,
+  POP3_AUTH_FINAL,
+  POP3_APOP,
+  POP3_USER,
+  POP3_PASS,
+  POP3_COMMAND,
+  POP3_QUIT,
+  POP3_LAST          /* never used */
+} pop3state;
+
+/* This POP3 struct is used in the SessionHandle. All POP3 data that is
+   connection-oriented must be in pop3_conn to properly deal with the fact that
+   perhaps the SessionHandle is changed between the times the connection is
+   used. */
+struct POP3 {
+  curl_pp_transfer transfer;
+  char *id;               /* Message ID */
+  char *custom;           /* Custom Request */
+};
+
+/* pop3_conn is used for struct connection-oriented data in the connectdata
+   struct */
+struct pop3_conn {
+  struct pingpong pp;
+  pop3state state;        /* Always use pop3.c:state() to change state! */
+  bool ssldone;           /* Is connect() over SSL done? */
+  size_t eob;             /* Number of bytes of the EOB (End Of Body) that
+                             have been received so far */
+  size_t strip;           /* Number of bytes from the start to ignore as
+                             non-body */
+  unsigned int authtypes; /* Accepted authentication types */
+  unsigned int authmechs; /* Accepted SASL authentication mechanisms */
+  unsigned int preftype;  /* Preferred authentication type */
+  unsigned int prefmech;  /* Preferred SASL authentication mechanism */
+  unsigned int authused;  /* SASL auth mechanism used for the connection */
+  char *apoptimestamp;    /* APOP timestamp from the server greeting */
+  bool tls_supported;     /* StartTLS capability supported by server */
+  bool mutual_auth;       /* Mutual authentication enabled (GSSAPI only) */
+};
+
+extern const struct Curl_handler Curl_handler_pop3;
+extern const struct Curl_handler Curl_handler_pop3s;
+
+/* Authentication type flags */
+#define POP3_TYPE_CLEARTEXT (1 << 0)
+#define POP3_TYPE_APOP      (1 << 1)
+#define POP3_TYPE_SASL      (1 << 2)
+
+/* Authentication type values */
+#define POP3_TYPE_NONE      0
+#define POP3_TYPE_ANY       ~0U
+
+/* This is the 5-bytes End-Of-Body marker for POP3 */
+#define POP3_EOB "\x0d\x0a\x2e\x0d\x0a"
+#define POP3_EOB_LEN 5
+
+/* This function scans the body after the end-of-body and writes everything
+ * until the end is found */
+CURLcode Curl_pop3_write(struct connectdata *conn, char *str, size_t nread);
+
+#endif /* HEADER_CURL_POP3_H */
diff --git a/Utilities/cmcurl/lib/progress.c b/Utilities/cmcurl/lib/progress.c
new file mode 100644
index 0000000..f147ce7
--- /dev/null
+++ b/Utilities/cmcurl/lib/progress.c
@@ -0,0 +1,494 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "urldata.h"
+#include "sendf.h"
+#include "progress.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* Provide a string that is 2 + 1 + 2 + 1 + 2 = 8 letters long (plus the zero
+   byte) */
+static void time2str(char *r, curl_off_t seconds)
+{
+  curl_off_t d, h, m, s;
+  if(seconds <= 0) {
+    strcpy(r, "--:--:--");
+    return;
+  }
+  h = seconds / CURL_OFF_T_C(3600);
+  if(h <= CURL_OFF_T_C(99)) {
+    m = (seconds - (h*CURL_OFF_T_C(3600))) / CURL_OFF_T_C(60);
+    s = (seconds - (h*CURL_OFF_T_C(3600))) - (m*CURL_OFF_T_C(60));
+    snprintf(r, 9, "%2" CURL_FORMAT_CURL_OFF_T ":%02" CURL_FORMAT_CURL_OFF_T
+             ":%02" CURL_FORMAT_CURL_OFF_T, h, m, s);
+  }
+  else {
+    /* this equals to more than 99 hours, switch to a more suitable output
+       format to fit within the limits. */
+    d = seconds / CURL_OFF_T_C(86400);
+    h = (seconds - (d*CURL_OFF_T_C(86400))) / CURL_OFF_T_C(3600);
+    if(d <= CURL_OFF_T_C(999))
+      snprintf(r, 9, "%3" CURL_FORMAT_CURL_OFF_T
+               "d %02" CURL_FORMAT_CURL_OFF_T "h", d, h);
+    else
+      snprintf(r, 9, "%7" CURL_FORMAT_CURL_OFF_T "d", d);
+  }
+}
+
+/* The point of this function would be to return a string of the input data,
+   but never longer than 5 columns (+ one zero byte).
+   Add suffix k, M, G when suitable... */
+static char *max5data(curl_off_t bytes, char *max5)
+{
+#define ONE_KILOBYTE  CURL_OFF_T_C(1024)
+#define ONE_MEGABYTE (CURL_OFF_T_C(1024) * ONE_KILOBYTE)
+#define ONE_GIGABYTE (CURL_OFF_T_C(1024) * ONE_MEGABYTE)
+#define ONE_TERABYTE (CURL_OFF_T_C(1024) * ONE_GIGABYTE)
+#define ONE_PETABYTE (CURL_OFF_T_C(1024) * ONE_TERABYTE)
+
+  if(bytes < CURL_OFF_T_C(100000))
+    snprintf(max5, 6, "%5" CURL_FORMAT_CURL_OFF_T, bytes);
+
+  else if(bytes < CURL_OFF_T_C(10000) * ONE_KILOBYTE)
+    snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "k", bytes/ONE_KILOBYTE);
+
+  else if(bytes < CURL_OFF_T_C(100) * ONE_MEGABYTE)
+    /* 'XX.XM' is good as long as we're less than 100 megs */
+    snprintf(max5, 6, "%2" CURL_FORMAT_CURL_OFF_T ".%0"
+             CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE,
+             (bytes%ONE_MEGABYTE) / (ONE_MEGABYTE/CURL_OFF_T_C(10)) );
+
+#if (CURL_SIZEOF_CURL_OFF_T > 4)
+
+  else if(bytes < CURL_OFF_T_C(10000) * ONE_MEGABYTE)
+    /* 'XXXXM' is good until we're at 10000MB or above */
+    snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
+
+  else if(bytes < CURL_OFF_T_C(100) * ONE_GIGABYTE)
+    /* 10000 MB - 100 GB, we show it as XX.XG */
+    snprintf(max5, 6, "%2" CURL_FORMAT_CURL_OFF_T ".%0"
+             CURL_FORMAT_CURL_OFF_T "G", bytes/ONE_GIGABYTE,
+             (bytes%ONE_GIGABYTE) / (ONE_GIGABYTE/CURL_OFF_T_C(10)) );
+
+  else if(bytes < CURL_OFF_T_C(10000) * ONE_GIGABYTE)
+    /* up to 10000GB, display without decimal: XXXXG */
+    snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "G", bytes/ONE_GIGABYTE);
+
+  else if(bytes < CURL_OFF_T_C(10000) * ONE_TERABYTE)
+    /* up to 10000TB, display without decimal: XXXXT */
+    snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "T", bytes/ONE_TERABYTE);
+
+  else
+    /* up to 10000PB, display without decimal: XXXXP */
+    snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "P", bytes/ONE_PETABYTE);
+
+    /* 16384 petabytes (16 exabytes) is the maximum a 64 bit unsigned number
+       can hold, but our data type is signed so 8192PB will be the maximum. */
+
+#else
+
+  else
+    snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
+
+#endif
+
+  return max5;
+}
+
+/*
+
+   New proposed interface, 9th of February 2000:
+
+   pgrsStartNow() - sets start time
+   pgrsSetDownloadSize(x) - known expected download size
+   pgrsSetUploadSize(x) - known expected upload size
+   pgrsSetDownloadCounter() - amount of data currently downloaded
+   pgrsSetUploadCounter() - amount of data currently uploaded
+   pgrsUpdate() - show progress
+   pgrsDone() - transfer complete
+
+*/
+
+int Curl_pgrsDone(struct connectdata *conn)
+{
+  int rc;
+  struct SessionHandle *data = conn->data;
+  data->progress.lastshow=0;
+  rc = Curl_pgrsUpdate(conn); /* the final (forced) update */
+  if(rc)
+    return rc;
+
+  if(!(data->progress.flags & PGRS_HIDE) &&
+     !data->progress.callback)
+    /* only output if we don't use a progress callback and we're not
+     * hidden */
+    fprintf(data->set.err, "\n");
+
+  data->progress.speeder_c = 0; /* reset the progress meter display */
+  return 0;
+}
+
+/* reset all times except redirect, and reset the known transfer sizes */
+void Curl_pgrsResetTimesSizes(struct SessionHandle *data)
+{
+  data->progress.t_nslookup = 0.0;
+  data->progress.t_connect = 0.0;
+  data->progress.t_pretransfer = 0.0;
+  data->progress.t_starttransfer = 0.0;
+
+  Curl_pgrsSetDownloadSize(data, -1);
+  Curl_pgrsSetUploadSize(data, -1);
+}
+
+void Curl_pgrsTime(struct SessionHandle *data, timerid timer)
+{
+  struct timeval now = Curl_tvnow();
+
+  switch(timer) {
+  default:
+  case TIMER_NONE:
+    /* mistake filter */
+    break;
+  case TIMER_STARTOP:
+    /* This is set at the start of a transfer */
+    data->progress.t_startop = now;
+    break;
+  case TIMER_STARTSINGLE:
+    /* This is set at the start of each single fetch */
+    data->progress.t_startsingle = now;
+    break;
+
+  case TIMER_STARTACCEPT:
+    data->progress.t_acceptdata = Curl_tvnow();
+    break;
+
+  case TIMER_NAMELOOKUP:
+    data->progress.t_nslookup =
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
+    break;
+  case TIMER_CONNECT:
+    data->progress.t_connect =
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
+    break;
+  case TIMER_APPCONNECT:
+    data->progress.t_appconnect =
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
+    break;
+  case TIMER_PRETRANSFER:
+    data->progress.t_pretransfer =
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
+    break;
+  case TIMER_STARTTRANSFER:
+    data->progress.t_starttransfer =
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
+    break;
+  case TIMER_POSTRANSFER:
+    /* this is the normal end-of-transfer thing */
+    break;
+  case TIMER_REDIRECT:
+    data->progress.t_redirect = Curl_tvdiff_secs(now, data->progress.start);
+    break;
+  }
+}
+
+void Curl_pgrsStartNow(struct SessionHandle *data)
+{
+  data->progress.speeder_c = 0; /* reset the progress meter display */
+  data->progress.start = Curl_tvnow();
+  /* clear all bits except HIDE and HEADERS_OUT */
+  data->progress.flags &= PGRS_HIDE|PGRS_HEADERS_OUT;
+}
+
+void Curl_pgrsSetDownloadCounter(struct SessionHandle *data, curl_off_t size)
+{
+  data->progress.downloaded = size;
+}
+
+void Curl_pgrsSetUploadCounter(struct SessionHandle *data, curl_off_t size)
+{
+  data->progress.uploaded = size;
+}
+
+void Curl_pgrsSetDownloadSize(struct SessionHandle *data, curl_off_t size)
+{
+  if(size >= 0) {
+    data->progress.size_dl = size;
+    data->progress.flags |= PGRS_DL_SIZE_KNOWN;
+  }
+  else {
+    data->progress.size_dl = 0;
+    data->progress.flags &= ~PGRS_DL_SIZE_KNOWN;
+  }
+}
+
+void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size)
+{
+  if(size >= 0) {
+    data->progress.size_ul = size;
+    data->progress.flags |= PGRS_UL_SIZE_KNOWN;
+  }
+  else {
+    data->progress.size_ul = 0;
+    data->progress.flags &= ~PGRS_UL_SIZE_KNOWN;
+  }
+}
+
+/*
+ * Curl_pgrsUpdate() returns 0 for success or the value returned by the
+ * progress callback!
+ */
+int Curl_pgrsUpdate(struct connectdata *conn)
+{
+  struct timeval now;
+  int result;
+  char max5[6][10];
+  curl_off_t dlpercen=0;
+  curl_off_t ulpercen=0;
+  curl_off_t total_percen=0;
+  curl_off_t total_transfer;
+  curl_off_t total_expected_transfer;
+  curl_off_t timespent;
+  struct SessionHandle *data = conn->data;
+  int nowindex = data->progress.speeder_c% CURR_TIME;
+  int checkindex;
+  int countindex; /* amount of seconds stored in the speeder array */
+  char time_left[10];
+  char time_total[10];
+  char time_spent[10];
+  curl_off_t ulestimate=0;
+  curl_off_t dlestimate=0;
+  curl_off_t total_estimate;
+  bool shownow=FALSE;
+
+  now = Curl_tvnow(); /* what time is it */
+
+  /* The time spent so far (from the start) */
+  data->progress.timespent =
+    (double)(now.tv_sec - data->progress.start.tv_sec) +
+    (double)(now.tv_usec - data->progress.start.tv_usec)/1000000.0;
+  timespent = (curl_off_t)data->progress.timespent;
+
+  /* The average download speed this far */
+  data->progress.dlspeed = (curl_off_t)
+    ((double)data->progress.downloaded/
+     (data->progress.timespent>0?data->progress.timespent:1));
+
+  /* The average upload speed this far */
+  data->progress.ulspeed = (curl_off_t)
+    ((double)data->progress.uploaded/
+     (data->progress.timespent>0?data->progress.timespent:1));
+
+  /* Calculations done at most once a second, unless end is reached */
+  if(data->progress.lastshow != (long)now.tv_sec) {
+    shownow = TRUE;
+
+    data->progress.lastshow = now.tv_sec;
+
+    /* Let's do the "current speed" thing, which should use the fastest
+       of the dl/ul speeds. Store the faster speed at entry 'nowindex'. */
+    data->progress.speeder[ nowindex ] =
+      data->progress.downloaded>data->progress.uploaded?
+      data->progress.downloaded:data->progress.uploaded;
+
+    /* remember the exact time for this moment */
+    data->progress.speeder_time [ nowindex ] = now;
+
+    /* advance our speeder_c counter, which is increased every time we get
+       here and we expect it to never wrap as 2^32 is a lot of seconds! */
+    data->progress.speeder_c++;
+
+    /* figure out how many index entries of data we have stored in our speeder
+       array. With N_ENTRIES filled in, we have about N_ENTRIES-1 seconds of
+       transfer. Imagine, after one second we have filled in two entries,
+       after two seconds we've filled in three entries etc. */
+    countindex = ((data->progress.speeder_c>=CURR_TIME)?
+                  CURR_TIME:data->progress.speeder_c) - 1;
+
+    /* first of all, we don't do this if there's no counted seconds yet */
+    if(countindex) {
+      long span_ms;
+
+      /* Get the index position to compare with the 'nowindex' position.
+         Get the oldest entry possible. While we have less than CURR_TIME
+         entries, the first entry will remain the oldest. */
+      checkindex = (data->progress.speeder_c>=CURR_TIME)?
+        data->progress.speeder_c%CURR_TIME:0;
+
+      /* Figure out the exact time for the time span */
+      span_ms = Curl_tvdiff(now,
+                            data->progress.speeder_time[checkindex]);
+      if(0 == span_ms)
+        span_ms=1; /* at least one millisecond MUST have passed */
+
+      /* Calculate the average speed the last 'span_ms' milliseconds */
+      {
+        curl_off_t amount = data->progress.speeder[nowindex]-
+          data->progress.speeder[checkindex];
+
+        if(amount > CURL_OFF_T_C(4294967) /* 0xffffffff/1000 */)
+          /* the 'amount' value is bigger than would fit in 32 bits if
+             multiplied with 1000, so we use the double math for this */
+          data->progress.current_speed = (curl_off_t)
+            ((double)amount/((double)span_ms/1000.0));
+        else
+          /* the 'amount' value is small enough to fit within 32 bits even
+             when multiplied with 1000 */
+          data->progress.current_speed = amount*CURL_OFF_T_C(1000)/span_ms;
+      }
+    }
+    else
+      /* the first second we use the main average */
+      data->progress.current_speed =
+        (data->progress.ulspeed>data->progress.dlspeed)?
+        data->progress.ulspeed:data->progress.dlspeed;
+
+  } /* Calculations end */
+
+  if(!(data->progress.flags & PGRS_HIDE)) {
+    /* progress meter has not been shut off */
+
+    if(data->set.fxferinfo) {
+      /* There's a callback set, call that */
+      result= data->set.fxferinfo(data->set.progress_client,
+                                  data->progress.size_dl,
+                                  data->progress.downloaded,
+                                  data->progress.size_ul,
+                                  data->progress.uploaded);
+      if(result)
+        failf(data, "Callback aborted");
+      return result;
+    }
+    else if(data->set.fprogress) {
+      /* The older deprecated callback is set, call that */
+      result= data->set.fprogress(data->set.progress_client,
+                                  (double)data->progress.size_dl,
+                                  (double)data->progress.downloaded,
+                                  (double)data->progress.size_ul,
+                                  (double)data->progress.uploaded);
+      if(result)
+        failf(data, "Callback aborted");
+      return result;
+    }
+
+    if(!shownow)
+      /* only show the internal progress meter once per second */
+      return 0;
+
+    /* If there's no external callback set, use internal code to show
+       progress */
+
+    if(!(data->progress.flags & PGRS_HEADERS_OUT)) {
+      if(data->state.resume_from) {
+        fprintf(data->set.err,
+                "** Resuming transfer from byte position %"
+                CURL_FORMAT_CURL_OFF_T "\n", data->state.resume_from);
+      }
+      fprintf(data->set.err,
+              "  %% Total    %% Received %% Xferd  Average Speed   "
+              "Time    Time     Time  Current\n"
+              "                                 Dload  Upload   "
+              "Total   Spent    Left  Speed\n");
+      data->progress.flags |= PGRS_HEADERS_OUT; /* headers are shown */
+    }
+
+    /* Figure out the estimated time of arrival for the upload */
+    if((data->progress.flags & PGRS_UL_SIZE_KNOWN) &&
+       (data->progress.ulspeed > CURL_OFF_T_C(0))) {
+      ulestimate = data->progress.size_ul / data->progress.ulspeed;
+
+      if(data->progress.size_ul > CURL_OFF_T_C(10000))
+        ulpercen = data->progress.uploaded /
+          (data->progress.size_ul/CURL_OFF_T_C(100));
+      else if(data->progress.size_ul > CURL_OFF_T_C(0))
+        ulpercen = (data->progress.uploaded*100) /
+          data->progress.size_ul;
+    }
+
+    /* ... and the download */
+    if((data->progress.flags & PGRS_DL_SIZE_KNOWN) &&
+       (data->progress.dlspeed > CURL_OFF_T_C(0))) {
+      dlestimate = data->progress.size_dl / data->progress.dlspeed;
+
+      if(data->progress.size_dl > CURL_OFF_T_C(10000))
+        dlpercen = data->progress.downloaded /
+          (data->progress.size_dl/CURL_OFF_T_C(100));
+      else if(data->progress.size_dl > CURL_OFF_T_C(0))
+        dlpercen = (data->progress.downloaded*100) /
+          data->progress.size_dl;
+    }
+
+    /* Now figure out which of them is slower and use that one for the
+       total estimate! */
+    total_estimate = ulestimate>dlestimate?ulestimate:dlestimate;
+
+    /* create the three time strings */
+    time2str(time_left, total_estimate > 0?(total_estimate - timespent):0);
+    time2str(time_total, total_estimate);
+    time2str(time_spent, timespent);
+
+    /* Get the total amount of data expected to get transferred */
+    total_expected_transfer =
+      (data->progress.flags & PGRS_UL_SIZE_KNOWN?
+       data->progress.size_ul:data->progress.uploaded)+
+      (data->progress.flags & PGRS_DL_SIZE_KNOWN?
+       data->progress.size_dl:data->progress.downloaded);
+
+    /* We have transferred this much so far */
+    total_transfer = data->progress.downloaded + data->progress.uploaded;
+
+    /* Get the percentage of data transferred so far */
+    if(total_expected_transfer > CURL_OFF_T_C(10000))
+      total_percen = total_transfer /
+        (total_expected_transfer/CURL_OFF_T_C(100));
+    else if(total_expected_transfer > CURL_OFF_T_C(0))
+      total_percen = (total_transfer*100) / total_expected_transfer;
+
+    fprintf(data->set.err,
+            "\r"
+            "%3" CURL_FORMAT_CURL_OFF_T " %s  "
+            "%3" CURL_FORMAT_CURL_OFF_T " %s  "
+            "%3" CURL_FORMAT_CURL_OFF_T " %s  %s  %s %s %s %s %s",
+            total_percen,  /* 3 letters */                /* total % */
+            max5data(total_expected_transfer, max5[2]),   /* total size */
+            dlpercen,      /* 3 letters */                /* rcvd % */
+            max5data(data->progress.downloaded, max5[0]), /* rcvd size */
+            ulpercen,      /* 3 letters */                /* xfer % */
+            max5data(data->progress.uploaded, max5[1]),   /* xfer size */
+            max5data(data->progress.dlspeed, max5[3]),    /* avrg dl speed */
+            max5data(data->progress.ulspeed, max5[4]),    /* avrg ul speed */
+            time_total,    /* 8 letters */                /* total time */
+            time_spent,    /* 8 letters */                /* time spent */
+            time_left,     /* 8 letters */                /* time left */
+            max5data(data->progress.current_speed, max5[5]) /* current speed */
+            );
+
+    /* we flush the output stream to make it appear as soon as possible */
+    fflush(data->set.err);
+
+  } /* !(data->progress.flags & PGRS_HIDE) */
+
+  return 0;
+}
diff --git a/Utilities/cmcurl/progress.h b/Utilities/cmcurl/lib/progress.h
index ad9d662..a1e6f1a 100644
--- a/Utilities/cmcurl/progress.h
+++ b/Utilities/cmcurl/lib/progress.h
@@ -1,5 +1,5 @@
-#ifndef __PROGRESS_H
-#define __PROGRESS_H
+#ifndef HEADER_CURL_PROGRESS_H
+#define HEADER_CURL_PROGRESS_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 #include "timeval.h"
@@ -28,24 +27,27 @@
 
 typedef enum {
   TIMER_NONE,
+  TIMER_STARTOP,
+  TIMER_STARTSINGLE,
   TIMER_NAMELOOKUP,
   TIMER_CONNECT,
+  TIMER_APPCONNECT,
   TIMER_PRETRANSFER,
   TIMER_STARTTRANSFER,
   TIMER_POSTRANSFER,
-  TIMER_STARTSINGLE,
+  TIMER_STARTACCEPT,
   TIMER_REDIRECT,
   TIMER_LAST /* must be last */
 } timerid;
 
-void Curl_pgrsDone(struct connectdata *);
+int Curl_pgrsDone(struct connectdata *);
 void Curl_pgrsStartNow(struct SessionHandle *data);
 void Curl_pgrsSetDownloadSize(struct SessionHandle *data, curl_off_t size);
 void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size);
 void Curl_pgrsSetDownloadCounter(struct SessionHandle *data, curl_off_t size);
 void Curl_pgrsSetUploadCounter(struct SessionHandle *data, curl_off_t size);
 int Curl_pgrsUpdate(struct connectdata *);
-void Curl_pgrsResetTimes(struct SessionHandle *data);
+void Curl_pgrsResetTimesSizes(struct SessionHandle *data);
 void Curl_pgrsTime(struct SessionHandle *data, timerid timer);
 
 
@@ -67,4 +69,5 @@ void Curl_pgrsTime(struct SessionHandle *data, timerid timer);
 #define PGRS_HEADERS_OUT (1<<7) /* set when the headers have been written */
 
 
-#endif /* __PROGRESS_H */
+#endif /* HEADER_CURL_PROGRESS_H */
+
diff --git a/Utilities/cmcurl/lib/rawstr.c b/Utilities/cmcurl/lib/rawstr.c
new file mode 100644
index 0000000..e27dac4
--- /dev/null
+++ b/Utilities/cmcurl/lib/rawstr.c
@@ -0,0 +1,142 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "rawstr.h"
+
+/* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because
+   its behavior is altered by the current locale. */
+char Curl_raw_toupper(char in)
+{
+  switch (in) {
+  case 'a':
+    return 'A';
+  case 'b':
+    return 'B';
+  case 'c':
+    return 'C';
+  case 'd':
+    return 'D';
+  case 'e':
+    return 'E';
+  case 'f':
+    return 'F';
+  case 'g':
+    return 'G';
+  case 'h':
+    return 'H';
+  case 'i':
+    return 'I';
+  case 'j':
+    return 'J';
+  case 'k':
+    return 'K';
+  case 'l':
+    return 'L';
+  case 'm':
+    return 'M';
+  case 'n':
+    return 'N';
+  case 'o':
+    return 'O';
+  case 'p':
+    return 'P';
+  case 'q':
+    return 'Q';
+  case 'r':
+    return 'R';
+  case 's':
+    return 'S';
+  case 't':
+    return 'T';
+  case 'u':
+    return 'U';
+  case 'v':
+    return 'V';
+  case 'w':
+    return 'W';
+  case 'x':
+    return 'X';
+  case 'y':
+    return 'Y';
+  case 'z':
+    return 'Z';
+  }
+  return in;
+}
+
+/*
+ * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant
+ * to be locale independent and only compare strings we know are safe for
+ * this.  See http://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for
+ * some further explanation to why this function is necessary.
+ *
+ * The function is capable of comparing a-z case insensitively even for
+ * non-ascii.
+ */
+
+int Curl_raw_equal(const char *first, const char *second)
+{
+  while(*first && *second) {
+    if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second))
+      /* get out of the loop as soon as they don't match */
+      break;
+    first++;
+    second++;
+  }
+  /* we do the comparison here (possibly again), just to make sure that if the
+     loop above is skipped because one of the strings reached zero, we must not
+     return this as a successful match */
+  return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second));
+}
+
+int Curl_raw_nequal(const char *first, const char *second, size_t max)
+{
+  while(*first && *second && max) {
+    if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) {
+      break;
+    }
+    max--;
+    first++;
+    second++;
+  }
+  if(0 == max)
+    return 1; /* they are equal this far */
+
+  return Curl_raw_toupper(*first) == Curl_raw_toupper(*second);
+}
+
+/* Copy an upper case version of the string from src to dest.  The
+ * strings may overlap.  No more than n characters of the string are copied
+ * (including any NUL) and the destination string will NOT be
+ * NUL-terminated if that limit is reached.
+ */
+void Curl_strntoupper(char *dest, const char *src, size_t n)
+{
+  if(n < 1)
+    return;
+
+  do {
+    *dest++ = Curl_raw_toupper(*src);
+  } while(*src++ && --n);
+}
diff --git a/Utilities/cmcurl/multiif.h b/Utilities/cmcurl/lib/rawstr.h
index 800aa0f..b491460 100644
--- a/Utilities/cmcurl/multiif.h
+++ b/Utilities/cmcurl/lib/rawstr.h
@@ -1,5 +1,5 @@
-#ifndef __MULTIIF_H
-#define __MULTIIF_H
+#ifndef HEADER_CURL_RAWSTR_H
+#define HEADER_CURL_RAWSTR_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,27 +20,28 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
+#include <curl/curl.h>
+
 /*
- * Prototypes for library-wide functions provided by multi.c
+ * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant
+ * to be locale independent and only compare strings we know are safe for
+ * this.
+ *
+ * The function is capable of comparing a-z case insensitively even for
+ * non-ascii.
  */
-void Curl_expire(struct SessionHandle *data, long milli);
-
-void Curl_multi_rmeasy(void *multi, CURL *data);
-
-bool Curl_multi_canPipeline(struct Curl_multi* multi);
+int Curl_raw_equal(const char *first, const char *second);
+int Curl_raw_nequal(const char *first, const char *second, size_t max);
 
-/* the write bits start at bit 16 for the *getsock() bitmap */
-#define GETSOCK_WRITEBITSTART 16
+char Curl_raw_toupper(char in);
 
-#define GETSOCK_BLANK 0 /* no bits set */
+/* checkprefix() is a shorter version of the above, used when the first
+   argument is zero-byte terminated */
+#define checkprefix(a,b)    Curl_raw_nequal(a,b,strlen(a))
 
-/* set the bit for the given sock number to make the bitmap for writable */
-#define GETSOCK_WRITESOCK(x) (1 << (GETSOCK_WRITEBITSTART + (x)))
+void Curl_strntoupper(char *dest, const char *src, size_t n);
 
-/* set the bit for the given sock number to make the bitmap for readable */
-#define GETSOCK_READSOCK(x) (1 << (x))
+#endif /* HEADER_CURL_RAWSTR_H */
 
-#endif /* __MULTIIF_H */
diff --git a/Utilities/cmcurl/lib/rtsp.c b/Utilities/cmcurl/lib/rtsp.c
new file mode 100644
index 0000000..029738d
--- /dev/null
+++ b/Utilities/cmcurl/lib/rtsp.c
@@ -0,0 +1,809 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_RTSP
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "transfer.h"
+#include "sendf.h"
+#include "multiif.h"
+#include "http.h"
+#include "url.h"
+#include "progress.h"
+#include "rtsp.h"
+#include "rawstr.h"
+#include "curl_memory.h"
+#include "select.h"
+#include "connect.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * TODO (general)
+ *  -incoming server requests
+ *      -server CSeq counter
+ *  -digest authentication
+ *  -connect thru proxy
+ *  -pipelining?
+ */
+
+
+#define RTP_PKT_CHANNEL(p)   ((int)((unsigned char)((p)[1])))
+
+#define RTP_PKT_LENGTH(p)  ((((int)((unsigned char)((p)[2]))) << 8) | \
+                             ((int)((unsigned char)((p)[3]))))
+
+/* protocol-specific functions set up to be called by the main engine */
+static CURLcode rtsp_do(struct connectdata *conn, bool *done);
+static CURLcode rtsp_done(struct connectdata *conn, CURLcode, bool premature);
+static CURLcode rtsp_connect(struct connectdata *conn, bool *done);
+static CURLcode rtsp_disconnect(struct connectdata *conn, bool dead);
+
+static int rtsp_getsock_do(struct connectdata *conn,
+                           curl_socket_t *socks,
+                           int numsocks);
+
+/*
+ * Parse and write out any available RTP data.
+ *
+ * nread: amount of data left after k->str. will be modified if RTP
+ *        data is parsed and k->str is moved up
+ * readmore: whether or not the RTP parser needs more data right away
+ */
+static CURLcode rtsp_rtp_readwrite(struct SessionHandle *data,
+                                   struct connectdata *conn,
+                                   ssize_t *nread,
+                                   bool *readmore);
+
+static CURLcode rtsp_setup_connection(struct connectdata *conn);
+
+
+/* this returns the socket to wait for in the DO and DOING state for the multi
+   interface and then we're always _sending_ a request and thus we wait for
+   the single socket to become writable only */
+static int rtsp_getsock_do(struct connectdata *conn,
+                           curl_socket_t *socks,
+                           int numsocks)
+{
+  /* write mode */
+  (void)numsocks; /* unused, we trust it to be at least 1 */
+  socks[0] = conn->sock[FIRSTSOCKET];
+  return GETSOCK_WRITESOCK(0);
+}
+
+static
+CURLcode rtp_client_write(struct connectdata *conn, char *ptr, size_t len);
+
+
+/*
+ * RTSP handler interface.
+ */
+const struct Curl_handler Curl_handler_rtsp = {
+  "RTSP",                               /* scheme */
+  rtsp_setup_connection,                /* setup_connection */
+  rtsp_do,                              /* do_it */
+  rtsp_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  rtsp_connect,                         /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  rtsp_getsock_do,                      /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  rtsp_disconnect,                      /* disconnect */
+  rtsp_rtp_readwrite,                   /* readwrite */
+  PORT_RTSP,                            /* defport */
+  CURLPROTO_RTSP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+
+static CURLcode rtsp_setup_connection(struct connectdata *conn)
+{
+  struct RTSP *rtsp;
+
+  conn->data->req.protop = rtsp = calloc(1, sizeof(struct RTSP));
+  if(!rtsp)
+    return CURLE_OUT_OF_MEMORY;
+
+  return CURLE_OK;
+}
+
+
+/*
+ * The server may send us RTP data at any point, and RTSPREQ_RECEIVE does not
+ * want to block the application forever while receiving a stream. Therefore,
+ * we cannot assume that an RTSP socket is dead just because it is readable.
+ *
+ * Instead, if it is readable, run Curl_getconnectinfo() to peek at the socket
+ * and distinguish between closed and data.
+ */
+bool Curl_rtsp_connisdead(struct connectdata *check)
+{
+  int sval;
+  bool ret_val = TRUE;
+
+  sval = Curl_socket_ready(check->sock[FIRSTSOCKET], CURL_SOCKET_BAD, 0);
+  if(sval == 0) {
+    /* timeout */
+    ret_val = FALSE;
+  }
+  else if(sval & CURL_CSELECT_ERR) {
+    /* socket is in an error state */
+    ret_val = TRUE;
+  }
+  else if((sval & CURL_CSELECT_IN) && check->data) {
+    /* readable with no error. could be closed or could be alive but we can
+       only check if we have a proper SessionHandle for the connection */
+    curl_socket_t connectinfo = Curl_getconnectinfo(check->data, &check);
+    if(connectinfo != CURL_SOCKET_BAD)
+      ret_val = FALSE;
+  }
+
+  return ret_val;
+}
+
+static CURLcode rtsp_connect(struct connectdata *conn, bool *done)
+{
+  CURLcode httpStatus;
+  struct SessionHandle *data = conn->data;
+
+  httpStatus = Curl_http_connect(conn, done);
+
+  /* Initialize the CSeq if not already done */
+  if(data->state.rtsp_next_client_CSeq == 0)
+    data->state.rtsp_next_client_CSeq = 1;
+  if(data->state.rtsp_next_server_CSeq == 0)
+    data->state.rtsp_next_server_CSeq = 1;
+
+  conn->proto.rtspc.rtp_channel = -1;
+
+  return httpStatus;
+}
+
+static CURLcode rtsp_disconnect(struct connectdata *conn, bool dead)
+{
+  (void) dead;
+  Curl_safefree(conn->proto.rtspc.rtp_buf);
+  return CURLE_OK;
+}
+
+
+static CURLcode rtsp_done(struct connectdata *conn,
+                          CURLcode status, bool premature)
+{
+  struct SessionHandle *data = conn->data;
+  struct RTSP *rtsp = data->req.protop;
+  CURLcode httpStatus;
+  long CSeq_sent;
+  long CSeq_recv;
+
+  /* Bypass HTTP empty-reply checks on receive */
+  if(data->set.rtspreq == RTSPREQ_RECEIVE)
+    premature = TRUE;
+
+  httpStatus = Curl_http_done(conn, status, premature);
+
+  if(rtsp) {
+    /* Check the sequence numbers */
+    CSeq_sent = rtsp->CSeq_sent;
+    CSeq_recv = rtsp->CSeq_recv;
+    if((data->set.rtspreq != RTSPREQ_RECEIVE) && (CSeq_sent != CSeq_recv)) {
+      failf(data,
+            "The CSeq of this request %ld did not match the response %ld",
+            CSeq_sent, CSeq_recv);
+      return CURLE_RTSP_CSEQ_ERROR;
+    }
+    else if(data->set.rtspreq == RTSPREQ_RECEIVE &&
+            (conn->proto.rtspc.rtp_channel == -1)) {
+      infof(data, "Got an RTP Receive with a CSeq of %ld\n", CSeq_recv);
+      /* TODO CPC: Server -> Client logic here */
+    }
+  }
+
+  return httpStatus;
+}
+
+static CURLcode rtsp_do(struct connectdata *conn, bool *done)
+{
+  struct SessionHandle *data = conn->data;
+  CURLcode result=CURLE_OK;
+  Curl_RtspReq rtspreq = data->set.rtspreq;
+  struct RTSP *rtsp = data->req.protop;
+  struct HTTP *http;
+  Curl_send_buffer *req_buffer;
+  curl_off_t postsize = 0; /* for ANNOUNCE and SET_PARAMETER */
+  curl_off_t putsize = 0; /* for ANNOUNCE and SET_PARAMETER */
+
+  const char *p_request = NULL;
+  const char *p_session_id = NULL;
+  const char *p_accept = NULL;
+  const char *p_accept_encoding = NULL;
+  const char *p_range = NULL;
+  const char *p_referrer = NULL;
+  const char *p_stream_uri = NULL;
+  const char *p_transport = NULL;
+  const char *p_uagent = NULL;
+
+  *done = TRUE;
+
+  http = &(rtsp->http_wrapper);
+  /* Assert that no one has changed the RTSP struct in an evil way */
+  DEBUGASSERT((void *)http == (void *)rtsp);
+
+  rtsp->CSeq_sent = data->state.rtsp_next_client_CSeq;
+  rtsp->CSeq_recv = 0;
+
+  /* Setup the 'p_request' pointer to the proper p_request string
+   * Since all RTSP requests are included here, there is no need to
+   * support custom requests like HTTP.
+   **/
+  DEBUGASSERT((rtspreq > RTSPREQ_NONE && rtspreq < RTSPREQ_LAST));
+  data->set.opt_no_body = TRUE; /* most requests don't contain a body */
+  switch(rtspreq) {
+  case RTSPREQ_NONE:
+    failf(data, "Got invalid RTSP request: RTSPREQ_NONE");
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  case RTSPREQ_OPTIONS:
+    p_request = "OPTIONS";
+    break;
+  case RTSPREQ_DESCRIBE:
+    p_request = "DESCRIBE";
+    data->set.opt_no_body = FALSE;
+    break;
+  case RTSPREQ_ANNOUNCE:
+    p_request = "ANNOUNCE";
+    break;
+  case RTSPREQ_SETUP:
+    p_request = "SETUP";
+    break;
+  case RTSPREQ_PLAY:
+    p_request = "PLAY";
+    break;
+  case RTSPREQ_PAUSE:
+    p_request = "PAUSE";
+    break;
+  case RTSPREQ_TEARDOWN:
+    p_request = "TEARDOWN";
+    break;
+  case RTSPREQ_GET_PARAMETER:
+    /* GET_PARAMETER's no_body status is determined later */
+    p_request = "GET_PARAMETER";
+    data->set.opt_no_body = FALSE;
+    break;
+  case RTSPREQ_SET_PARAMETER:
+    p_request = "SET_PARAMETER";
+    break;
+  case RTSPREQ_RECORD:
+    p_request = "RECORD";
+    break;
+  case RTSPREQ_RECEIVE:
+    p_request = "";
+    /* Treat interleaved RTP as body*/
+    data->set.opt_no_body = FALSE;
+    break;
+  case RTSPREQ_LAST:
+    failf(data, "Got invalid RTSP request: RTSPREQ_LAST");
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  }
+
+  if(rtspreq == RTSPREQ_RECEIVE) {
+    Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
+                        &http->readbytecount, -1, NULL);
+
+    return result;
+  }
+
+  p_session_id = data->set.str[STRING_RTSP_SESSION_ID];
+  if(!p_session_id &&
+     (rtspreq & ~(RTSPREQ_OPTIONS | RTSPREQ_DESCRIBE | RTSPREQ_SETUP))) {
+    failf(data, "Refusing to issue an RTSP request [%s] without a session ID.",
+          p_request ? p_request : "");
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  }
+
+  /* TODO: auth? */
+  /* TODO: proxy? */
+
+  /* Stream URI. Default to server '*' if not specified */
+  if(data->set.str[STRING_RTSP_STREAM_URI]) {
+    p_stream_uri = data->set.str[STRING_RTSP_STREAM_URI];
+  }
+  else {
+    p_stream_uri = "*";
+  }
+
+  /* Transport Header for SETUP requests */
+  p_transport = Curl_checkheaders(conn, "Transport:");
+  if(rtspreq == RTSPREQ_SETUP && !p_transport) {
+    /* New Transport: setting? */
+    if(data->set.str[STRING_RTSP_TRANSPORT]) {
+      Curl_safefree(conn->allocptr.rtsp_transport);
+
+      conn->allocptr.rtsp_transport =
+        aprintf("Transport: %s\r\n",
+                data->set.str[STRING_RTSP_TRANSPORT]);
+      if(!conn->allocptr.rtsp_transport)
+        return CURLE_OUT_OF_MEMORY;
+    }
+    else {
+      failf(data,
+            "Refusing to issue an RTSP SETUP without a Transport: header.");
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    }
+
+    p_transport = conn->allocptr.rtsp_transport;
+  }
+
+  /* Accept Headers for DESCRIBE requests */
+  if(rtspreq == RTSPREQ_DESCRIBE) {
+    /* Accept Header */
+    p_accept = Curl_checkheaders(conn, "Accept:")?
+      NULL:"Accept: application/sdp\r\n";
+
+    /* Accept-Encoding header */
+    if(!Curl_checkheaders(conn, "Accept-Encoding:") &&
+       data->set.str[STRING_ENCODING]) {
+      Curl_safefree(conn->allocptr.accept_encoding);
+      conn->allocptr.accept_encoding =
+        aprintf("Accept-Encoding: %s\r\n", data->set.str[STRING_ENCODING]);
+
+      if(!conn->allocptr.accept_encoding)
+        return CURLE_OUT_OF_MEMORY;
+
+      p_accept_encoding = conn->allocptr.accept_encoding;
+    }
+  }
+
+  /* The User-Agent string might have been allocated in url.c already, because
+     it might have been used in the proxy connect, but if we have got a header
+     with the user-agent string specified, we erase the previously made string
+     here. */
+  if(Curl_checkheaders(conn, "User-Agent:") && conn->allocptr.uagent) {
+    Curl_safefree(conn->allocptr.uagent);
+    conn->allocptr.uagent = NULL;
+  }
+  else if(!Curl_checkheaders(conn, "User-Agent:") &&
+          data->set.str[STRING_USERAGENT]) {
+    p_uagent = conn->allocptr.uagent;
+  }
+
+  /* Referrer */
+  Curl_safefree(conn->allocptr.ref);
+  if(data->change.referer && !Curl_checkheaders(conn, "Referer:"))
+    conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer);
+  else
+    conn->allocptr.ref = NULL;
+
+  p_referrer = conn->allocptr.ref;
+
+  /*
+   * Range Header
+   * Only applies to PLAY, PAUSE, RECORD
+   *
+   * Go ahead and use the Range stuff supplied for HTTP
+   */
+  if(data->state.use_range &&
+     (rtspreq  & (RTSPREQ_PLAY | RTSPREQ_PAUSE | RTSPREQ_RECORD))) {
+
+    /* Check to see if there is a range set in the custom headers */
+    if(!Curl_checkheaders(conn, "Range:") && data->state.range) {
+      Curl_safefree(conn->allocptr.rangeline);
+      conn->allocptr.rangeline = aprintf("Range: %s\r\n", data->state.range);
+      p_range = conn->allocptr.rangeline;
+    }
+  }
+
+  /*
+   * Sanity check the custom headers
+   */
+  if(Curl_checkheaders(conn, "CSeq:")) {
+    failf(data, "CSeq cannot be set as a custom header.");
+    return CURLE_RTSP_CSEQ_ERROR;
+  }
+  if(Curl_checkheaders(conn, "Session:")) {
+    failf(data, "Session ID cannot be set as a custom header.");
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  }
+
+  /* Initialize a dynamic send buffer */
+  req_buffer = Curl_add_buffer_init();
+
+  if(!req_buffer)
+    return CURLE_OUT_OF_MEMORY;
+
+  result =
+    Curl_add_bufferf(req_buffer,
+                     "%s %s RTSP/1.0\r\n" /* Request Stream-URI RTSP/1.0 */
+                     "CSeq: %ld\r\n", /* CSeq */
+                     (p_request ? p_request : ""), p_stream_uri,
+                     rtsp->CSeq_sent);
+  if(result)
+    return result;
+
+  /*
+   * Rather than do a normal alloc line, keep the session_id unformatted
+   * to make comparison easier
+   */
+  if(p_session_id) {
+    result = Curl_add_bufferf(req_buffer, "Session: %s\r\n", p_session_id);
+    if(result)
+      return result;
+  }
+
+  /*
+   * Shared HTTP-like options
+   */
+  result = Curl_add_bufferf(req_buffer,
+                            "%s" /* transport */
+                            "%s" /* accept */
+                            "%s" /* accept-encoding */
+                            "%s" /* range */
+                            "%s" /* referrer */
+                            "%s" /* user-agent */
+                            ,
+                            p_transport ? p_transport : "",
+                            p_accept ? p_accept : "",
+                            p_accept_encoding ? p_accept_encoding : "",
+                            p_range ? p_range : "",
+                            p_referrer ? p_referrer : "",
+                            p_uagent ? p_uagent : "");
+  if(result)
+    return result;
+
+  if((rtspreq == RTSPREQ_SETUP) || (rtspreq == RTSPREQ_DESCRIBE)) {
+    result = Curl_add_timecondition(data, req_buffer);
+    if(result)
+      return result;
+  }
+
+  result = Curl_add_custom_headers(conn, FALSE, req_buffer);
+  if(result)
+    return result;
+
+  if(rtspreq == RTSPREQ_ANNOUNCE ||
+     rtspreq == RTSPREQ_SET_PARAMETER ||
+     rtspreq == RTSPREQ_GET_PARAMETER) {
+
+    if(data->set.upload) {
+      putsize = data->state.infilesize;
+      data->set.httpreq = HTTPREQ_PUT;
+
+    }
+    else {
+      postsize = (data->set.postfieldsize != -1)?
+        data->set.postfieldsize:
+        (data->set.postfields? (curl_off_t)strlen(data->set.postfields):0);
+      data->set.httpreq = HTTPREQ_POST;
+    }
+
+    if(putsize > 0 || postsize > 0) {
+      /* As stated in the http comments, it is probably not wise to
+       * actually set a custom Content-Length in the headers */
+      if(!Curl_checkheaders(conn, "Content-Length:")) {
+        result = Curl_add_bufferf(req_buffer,
+            "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n",
+            (data->set.upload ? putsize : postsize));
+        if(result)
+          return result;
+      }
+
+      if(rtspreq == RTSPREQ_SET_PARAMETER ||
+         rtspreq == RTSPREQ_GET_PARAMETER) {
+        if(!Curl_checkheaders(conn, "Content-Type:")) {
+          result = Curl_add_bufferf(req_buffer,
+              "Content-Type: text/parameters\r\n");
+          if(result)
+            return result;
+        }
+      }
+
+      if(rtspreq == RTSPREQ_ANNOUNCE) {
+        if(!Curl_checkheaders(conn, "Content-Type:")) {
+          result = Curl_add_bufferf(req_buffer,
+              "Content-Type: application/sdp\r\n");
+          if(result)
+            return result;
+        }
+      }
+
+      data->state.expect100header = FALSE; /* RTSP posts are simple/small */
+    }
+    else if(rtspreq == RTSPREQ_GET_PARAMETER) {
+      /* Check for an empty GET_PARAMETER (heartbeat) request */
+      data->set.httpreq = HTTPREQ_HEAD;
+      data->set.opt_no_body = TRUE;
+    }
+  }
+
+  /* RTSP never allows chunked transfer */
+  data->req.forbidchunk = TRUE;
+  /* Finish the request buffer */
+  result = Curl_add_buffer(req_buffer, "\r\n", 2);
+  if(result)
+    return result;
+
+  if(postsize > 0) {
+    result = Curl_add_buffer(req_buffer, data->set.postfields,
+                             (size_t)postsize);
+    if(result)
+      return result;
+  }
+
+  /* issue the request */
+  result = Curl_add_buffer_send(req_buffer, conn,
+                                &data->info.request_size, 0, FIRSTSOCKET);
+  if(result) {
+    failf(data, "Failed sending RTSP request");
+    return result;
+  }
+
+  Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE, &http->readbytecount,
+                      putsize?FIRSTSOCKET:-1,
+                      putsize?&http->writebytecount:NULL);
+
+  /* Increment the CSeq on success */
+  data->state.rtsp_next_client_CSeq++;
+
+  if(http->writebytecount) {
+    /* if a request-body has been sent off, we make sure this progress is
+       noted properly */
+    Curl_pgrsSetUploadCounter(data, http->writebytecount);
+    if(Curl_pgrsUpdate(conn))
+      result = CURLE_ABORTED_BY_CALLBACK;
+  }
+
+  return result;
+}
+
+
+static CURLcode rtsp_rtp_readwrite(struct SessionHandle *data,
+                                   struct connectdata *conn,
+                                   ssize_t *nread,
+                                   bool *readmore) {
+  struct SingleRequest *k = &data->req;
+  struct rtsp_conn *rtspc = &(conn->proto.rtspc);
+
+  char *rtp; /* moving pointer to rtp data */
+  ssize_t rtp_dataleft; /* how much data left to parse in this round */
+  char *scratch;
+  CURLcode result;
+
+  if(rtspc->rtp_buf) {
+    /* There was some leftover data the last time. Merge buffers */
+    char *newptr = realloc(rtspc->rtp_buf, rtspc->rtp_bufsize + *nread);
+    if(!newptr) {
+      Curl_safefree(rtspc->rtp_buf);
+      rtspc->rtp_buf = NULL;
+      rtspc->rtp_bufsize = 0;
+      return CURLE_OUT_OF_MEMORY;
+    }
+    rtspc->rtp_buf = newptr;
+    memcpy(rtspc->rtp_buf + rtspc->rtp_bufsize, k->str, *nread);
+    rtspc->rtp_bufsize += *nread;
+    rtp = rtspc->rtp_buf;
+    rtp_dataleft = rtspc->rtp_bufsize;
+  }
+  else {
+    /* Just parse the request buffer directly */
+    rtp = k->str;
+    rtp_dataleft = *nread;
+  }
+
+  while((rtp_dataleft > 0) &&
+        (rtp[0] == '$')) {
+    if(rtp_dataleft > 4) {
+      int rtp_length;
+
+      /* Parse the header */
+      /* The channel identifier immediately follows and is 1 byte */
+      rtspc->rtp_channel = RTP_PKT_CHANNEL(rtp);
+
+      /* The length is two bytes */
+      rtp_length = RTP_PKT_LENGTH(rtp);
+
+      if(rtp_dataleft < rtp_length + 4) {
+        /* Need more - incomplete payload*/
+        *readmore = TRUE;
+        break;
+      }
+      else {
+        /* We have the full RTP interleaved packet
+         * Write out the header including the leading '$' */
+        DEBUGF(infof(data, "RTP write channel %d rtp_length %d\n",
+              rtspc->rtp_channel, rtp_length));
+        result = rtp_client_write(conn, &rtp[0], rtp_length + 4);
+        if(result) {
+          failf(data, "Got an error writing an RTP packet");
+          *readmore = FALSE;
+          Curl_safefree(rtspc->rtp_buf);
+          rtspc->rtp_buf = NULL;
+          rtspc->rtp_bufsize = 0;
+          return result;
+        }
+
+        /* Move forward in the buffer */
+        rtp_dataleft -= rtp_length + 4;
+        rtp += rtp_length + 4;
+
+        if(data->set.rtspreq == RTSPREQ_RECEIVE) {
+          /* If we are in a passive receive, give control back
+           * to the app as often as we can.
+           */
+          k->keepon &= ~KEEP_RECV;
+        }
+      }
+    }
+    else {
+      /* Need more - incomplete header */
+      *readmore = TRUE;
+      break;
+    }
+  }
+
+  if(rtp_dataleft != 0 && rtp[0] == '$') {
+    DEBUGF(infof(data, "RTP Rewinding %zd %s\n", rtp_dataleft,
+          *readmore ? "(READMORE)" : ""));
+
+    /* Store the incomplete RTP packet for a "rewind" */
+    scratch = malloc(rtp_dataleft);
+    if(!scratch) {
+      Curl_safefree(rtspc->rtp_buf);
+      rtspc->rtp_buf = NULL;
+      rtspc->rtp_bufsize = 0;
+      return CURLE_OUT_OF_MEMORY;
+    }
+    memcpy(scratch, rtp, rtp_dataleft);
+    Curl_safefree(rtspc->rtp_buf);
+    rtspc->rtp_buf = scratch;
+    rtspc->rtp_bufsize = rtp_dataleft;
+
+    /* As far as the transfer is concerned, this data is consumed */
+    *nread = 0;
+    return CURLE_OK;
+  }
+  else {
+    /* Fix up k->str to point just after the last RTP packet */
+    k->str += *nread - rtp_dataleft;
+
+    /* either all of the data has been read or...
+     * rtp now points at the next byte to parse
+     */
+    if(rtp_dataleft > 0)
+      DEBUGASSERT(k->str[0] == rtp[0]);
+
+    DEBUGASSERT(rtp_dataleft <= *nread); /* sanity check */
+
+    *nread = rtp_dataleft;
+  }
+
+  /* If we get here, we have finished with the leftover/merge buffer */
+  Curl_safefree(rtspc->rtp_buf);
+  rtspc->rtp_buf = NULL;
+  rtspc->rtp_bufsize = 0;
+
+  return CURLE_OK;
+}
+
+static
+CURLcode rtp_client_write(struct connectdata *conn, char *ptr, size_t len)
+{
+  struct SessionHandle *data = conn->data;
+  size_t wrote;
+  curl_write_callback writeit;
+
+  if(len == 0) {
+    failf (data, "Cannot write a 0 size RTP packet.");
+    return CURLE_WRITE_ERROR;
+  }
+
+  writeit = data->set.fwrite_rtp?data->set.fwrite_rtp:data->set.fwrite_func;
+  wrote = writeit(ptr, 1, len, data->set.rtp_out);
+
+  if(CURL_WRITEFUNC_PAUSE == wrote) {
+    failf (data, "Cannot pause RTP");
+    return CURLE_WRITE_ERROR;
+  }
+
+  if(wrote != len) {
+    failf (data, "Failed writing RTP data");
+    return CURLE_WRITE_ERROR;
+  }
+
+  return CURLE_OK;
+}
+
+CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
+                               char *header)
+{
+  struct SessionHandle *data = conn->data;
+  long CSeq = 0;
+
+  if(checkprefix("CSeq:", header)) {
+    /* Store the received CSeq. Match is verified in rtsp_done */
+    int nc = sscanf(&header[4], ": %ld", &CSeq);
+    if(nc == 1) {
+      struct RTSP *rtsp = data->req.protop;
+      rtsp->CSeq_recv = CSeq; /* mark the request */
+      data->state.rtsp_CSeq_recv = CSeq; /* update the handle */
+    }
+    else {
+      failf(data, "Unable to read the CSeq header: [%s]", header);
+      return CURLE_RTSP_CSEQ_ERROR;
+    }
+  }
+  else if(checkprefix("Session:", header)) {
+    char *start;
+
+    /* Find the first non-space letter */
+    start = header + 8;
+    while(*start && ISSPACE(*start))
+      start++;
+
+    if(!*start) {
+      failf(data, "Got a blank Session ID");
+    }
+    else if(data->set.str[STRING_RTSP_SESSION_ID]) {
+      /* If the Session ID is set, then compare */
+      if(strncmp(start, data->set.str[STRING_RTSP_SESSION_ID],
+                 strlen(data->set.str[STRING_RTSP_SESSION_ID]))  != 0) {
+        failf(data, "Got RTSP Session ID Line [%s], but wanted ID [%s]",
+              start, data->set.str[STRING_RTSP_SESSION_ID]);
+        return CURLE_RTSP_SESSION_ERROR;
+      }
+    }
+    else {
+      /* If the Session ID is not set, and we find it in a response, then
+         set it */
+
+      /* The session ID can be an alphanumeric or a 'safe' character
+       *
+       * RFC 2326 15.1 Base Syntax:
+       * safe =  "\$" | "-" | "_" | "." | "+"
+       * */
+      char *end = start;
+      while(*end &&
+            (ISALNUM(*end) || *end == '-' || *end == '_' || *end == '.' ||
+             *end == '+' ||
+             (*end == '\\' && *(end + 1) && *(end + 1) == '$' && (++end, 1))))
+        end++;
+
+      /* Copy the id substring into a new buffer */
+      data->set.str[STRING_RTSP_SESSION_ID] = malloc(end - start + 1);
+      if(data->set.str[STRING_RTSP_SESSION_ID] == NULL)
+        return CURLE_OUT_OF_MEMORY;
+      memcpy(data->set.str[STRING_RTSP_SESSION_ID], start, end - start);
+      (data->set.str[STRING_RTSP_SESSION_ID])[end - start] = '\0';
+    }
+  }
+  return CURLE_OK;
+}
+
+#endif /* CURL_DISABLE_RTSP */
diff --git a/Utilities/cmcurl/lib/rtsp.h b/Utilities/cmcurl/lib/rtsp.h
new file mode 100644
index 0000000..3ffa70c
--- /dev/null
+++ b/Utilities/cmcurl/lib/rtsp.h
@@ -0,0 +1,69 @@
+#ifndef HEADER_CURL_RTSP_H
+#define HEADER_CURL_RTSP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#ifndef CURL_DISABLE_RTSP
+
+extern const struct Curl_handler Curl_handler_rtsp;
+
+bool Curl_rtsp_connisdead(struct connectdata *check);
+CURLcode Curl_rtsp_parseheader(struct connectdata *conn, char *header);
+
+#else
+/* disabled */
+#define Curl_rtsp_parseheader(x,y) CURLE_NOT_BUILT_IN
+#define Curl_rtsp_connisdead(x) TRUE
+
+#endif /* CURL_DISABLE_RTSP */
+
+/*
+ * RTSP Connection data
+ *
+ * Currently, only used for tracking incomplete RTP data reads
+ */
+struct rtsp_conn {
+  char *rtp_buf;
+  ssize_t rtp_bufsize;
+  int rtp_channel;
+};
+
+/****************************************************************************
+ * RTSP unique setup
+ ***************************************************************************/
+struct RTSP {
+  /*
+   * http_wrapper MUST be the first element of this structure for the wrap
+   * logic to work. In this way, we get a cheap polymorphism because
+   * &(data->state.proto.rtsp) == &(data->state.proto.http) per the C spec
+   *
+   * HTTP functions can safely treat this as an HTTP struct, but RTSP aware
+   * functions can also index into the later elements.
+   */
+  struct HTTP http_wrapper; /*wrap HTTP to do the heavy lifting */
+
+  long CSeq_sent; /* CSeq of this request */
+  long CSeq_recv; /* CSeq received */
+};
+
+
+#endif /* HEADER_CURL_RTSP_H */
+
diff --git a/Utilities/cmcurl/lib/security.c b/Utilities/cmcurl/lib/security.c
new file mode 100644
index 0000000..508c7b4
--- /dev/null
+++ b/Utilities/cmcurl/lib/security.c
@@ -0,0 +1,601 @@
+/* This source code was modified by Martin Hedenfalk <mhe@stacken.kth.se> for
+ * use in Curl. His latest changes were done 2000-09-18.
+ *
+ * It has since been patched and modified a lot by Daniel Stenberg
+ * <daniel@haxx.se> to make it better applied to curl conditions, and to make
+ * it not use globals, pollute name space and more. This source code awaits a
+ * rewrite to work around the paragraph 2 in the BSD licenses as explained
+ * below.
+ *
+ * Copyright (c) 1998, 1999, 2013 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ *
+ * Copyright (C) 2001 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.  */
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_FTP
+#ifdef HAVE_GSSAPI
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "urldata.h"
+#include "curl_base64.h"
+#include "curl_memory.h"
+#include "curl_sec.h"
+#include "ftp.h"
+#include "sendf.h"
+#include "rawstr.h"
+#include "warnless.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+static const struct {
+  enum protection_level level;
+  const char *name;
+} level_names[] = {
+  { PROT_CLEAR, "clear" },
+  { PROT_SAFE, "safe" },
+  { PROT_CONFIDENTIAL, "confidential" },
+  { PROT_PRIVATE, "private" }
+};
+
+static enum protection_level
+name_to_level(const char *name)
+{
+  int i;
+  for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++)
+    if(checkprefix(name, level_names[i].name))
+      return level_names[i].level;
+  return PROT_NONE;
+}
+
+/* Convert a protocol |level| to its char representation.
+   We take an int to catch programming mistakes. */
+static char level_to_char(int level) {
+  switch(level) {
+  case PROT_CLEAR:
+    return 'C';
+  case PROT_SAFE:
+    return 'S';
+  case PROT_CONFIDENTIAL:
+    return 'E';
+  case PROT_PRIVATE:
+    return 'P';
+  case PROT_CMD:
+    /* Fall through */
+  default:
+    /* Those 2 cases should not be reached! */
+    break;
+  }
+  DEBUGASSERT(0);
+  /* Default to the most secure alternative. */
+  return 'P';
+}
+
+static const struct Curl_sec_client_mech * const mechs[] = {
+#ifdef HAVE_GSSAPI
+  &Curl_krb5_client_mech,
+#endif
+  NULL
+};
+
+/* Send an FTP command defined by |message| and the optional arguments. The
+   function returns the ftp_code. If an error occurs, -1 is returned. */
+static int ftp_send_command(struct connectdata *conn, const char *message, ...)
+{
+  int ftp_code;
+  ssize_t nread;
+  va_list args;
+  char print_buffer[50];
+
+  va_start(args, message);
+  vsnprintf(print_buffer, sizeof(print_buffer), message, args);
+  va_end(args);
+
+  if(Curl_ftpsendf(conn, print_buffer) != CURLE_OK) {
+    ftp_code = -1;
+  }
+  else {
+    if(Curl_GetFTPResponse(&nread, conn, &ftp_code) != CURLE_OK)
+      ftp_code = -1;
+  }
+
+  (void)nread; /* Unused */
+  return ftp_code;
+}
+
+/* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode
+   saying whether an error occurred or CURLE_OK if |len| was read. */
+static CURLcode
+socket_read(curl_socket_t fd, void *to, size_t len)
+{
+  char *to_p = to;
+  CURLcode code;
+  ssize_t nread;
+
+  while(len > 0) {
+    code = Curl_read_plain(fd, to_p, len, &nread);
+    if(code == CURLE_OK) {
+      len -= nread;
+      to_p += nread;
+    }
+    else {
+      /* FIXME: We are doing a busy wait */
+      if(code == CURLE_AGAIN)
+        continue;
+      return code;
+    }
+  }
+  return CURLE_OK;
+}
+
+
+/* Write |len| bytes from the buffer |to| to the socket |fd|. Return a
+   CURLcode saying whether an error occurred or CURLE_OK if |len| was
+   written. */
+static CURLcode
+socket_write(struct connectdata *conn, curl_socket_t fd, const void *to,
+             size_t len)
+{
+  const char *to_p = to;
+  CURLcode code;
+  ssize_t written;
+
+  while(len > 0) {
+    code = Curl_write_plain(conn, fd, to_p, len, &written);
+    if(code == CURLE_OK) {
+      len -= written;
+      to_p += written;
+    }
+    else {
+      /* FIXME: We are doing a busy wait */
+      if(code == CURLE_AGAIN)
+        continue;
+      return code;
+    }
+  }
+  return CURLE_OK;
+}
+
+static CURLcode read_data(struct connectdata *conn,
+                          curl_socket_t fd,
+                          struct krb5buffer *buf)
+{
+  int len;
+  void* tmp;
+  CURLcode ret;
+
+  ret = socket_read(fd, &len, sizeof(len));
+  if(ret != CURLE_OK)
+    return ret;
+
+  len = ntohl(len);
+  tmp = realloc(buf->data, len);
+  if(tmp == NULL)
+    return CURLE_OUT_OF_MEMORY;
+
+  buf->data = tmp;
+  ret = socket_read(fd, buf->data, len);
+  if(ret != CURLE_OK)
+    return ret;
+  buf->size = conn->mech->decode(conn->app_data, buf->data, len,
+                                 conn->data_prot, conn);
+  buf->index = 0;
+  return CURLE_OK;
+}
+
+static size_t
+buffer_read(struct krb5buffer *buf, void *data, size_t len)
+{
+  if(buf->size - buf->index < len)
+    len = buf->size - buf->index;
+  memcpy(data, (char*)buf->data + buf->index, len);
+  buf->index += len;
+  return len;
+}
+
+/* Matches Curl_recv signature */
+static ssize_t sec_recv(struct connectdata *conn, int sockindex,
+                        char *buffer, size_t len, CURLcode *err)
+{
+  size_t bytes_read;
+  size_t total_read = 0;
+  curl_socket_t fd = conn->sock[sockindex];
+
+  *err = CURLE_OK;
+
+  /* Handle clear text response. */
+  if(conn->sec_complete == 0 || conn->data_prot == PROT_CLEAR)
+      return read(fd, buffer, len);
+
+  if(conn->in_buffer.eof_flag) {
+    conn->in_buffer.eof_flag = 0;
+    return 0;
+  }
+
+  bytes_read = buffer_read(&conn->in_buffer, buffer, len);
+  len -= bytes_read;
+  total_read += bytes_read;
+  buffer += bytes_read;
+
+  while(len > 0) {
+    if(read_data(conn, fd, &conn->in_buffer) != CURLE_OK)
+      return -1;
+    if(conn->in_buffer.size == 0) {
+      if(bytes_read > 0)
+        conn->in_buffer.eof_flag = 1;
+      return bytes_read;
+    }
+    bytes_read = buffer_read(&conn->in_buffer, buffer, len);
+    len -= bytes_read;
+    total_read += bytes_read;
+    buffer += bytes_read;
+  }
+  /* FIXME: Check for overflow */
+  return total_read;
+}
+
+/* Send |length| bytes from |from| to the |fd| socket taking care of encoding
+   and negociating with the server. |from| can be NULL. */
+/* FIXME: We don't check for errors nor report any! */
+static void do_sec_send(struct connectdata *conn, curl_socket_t fd,
+                        const char *from, int length)
+{
+  int bytes, htonl_bytes; /* 32-bit integers for htonl */
+  char *buffer = NULL;
+  char *cmd_buffer;
+  size_t cmd_size = 0;
+  CURLcode error;
+  enum protection_level prot_level = conn->data_prot;
+  bool iscmd = (prot_level == PROT_CMD)?TRUE:FALSE;
+
+  DEBUGASSERT(prot_level > PROT_NONE && prot_level < PROT_LAST);
+
+  if(iscmd) {
+    if(!strncmp(from, "PASS ", 5) || !strncmp(from, "ACCT ", 5))
+      prot_level = PROT_PRIVATE;
+    else
+      prot_level = conn->command_prot;
+  }
+  bytes = conn->mech->encode(conn->app_data, from, length, prot_level,
+                             (void**)&buffer, conn);
+  if(!buffer || bytes <= 0)
+    return; /* error */
+
+  if(iscmd) {
+    error = Curl_base64_encode(conn->data, buffer, curlx_sitouz(bytes),
+                               &cmd_buffer, &cmd_size);
+    if(error) {
+      free(buffer);
+      return; /* error */
+    }
+    if(cmd_size > 0) {
+      static const char *enc = "ENC ";
+      static const char *mic = "MIC ";
+      if(prot_level == PROT_PRIVATE)
+        socket_write(conn, fd, enc, 4);
+      else
+        socket_write(conn, fd, mic, 4);
+
+      socket_write(conn, fd, cmd_buffer, cmd_size);
+      socket_write(conn, fd, "\r\n", 2);
+      infof(conn->data, "Send: %s%s\n", prot_level == PROT_PRIVATE?enc:mic,
+            cmd_buffer);
+      free(cmd_buffer);
+    }
+  }
+  else {
+    htonl_bytes = htonl(bytes);
+    socket_write(conn, fd, &htonl_bytes, sizeof(htonl_bytes));
+    socket_write(conn, fd, buffer, curlx_sitouz(bytes));
+  }
+  free(buffer);
+}
+
+static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd,
+                         const char *buffer, size_t length)
+{
+  /* FIXME: Check for overflow */
+  ssize_t tx = 0, len = conn->buffer_size;
+
+  len -= conn->mech->overhead(conn->app_data, conn->data_prot,
+                              curlx_sztosi(len));
+  if(len <= 0)
+    len = length;
+  while(length) {
+    if(len >= 0 || length < (size_t)len) {
+      /* FIXME: Check for overflow. */
+      len = length;
+    }
+    do_sec_send(conn, fd, buffer, curlx_sztosi(len));
+    length -= len;
+    buffer += len;
+    tx += len;
+  }
+  return tx;
+}
+
+/* Matches Curl_send signature */
+static ssize_t sec_send(struct connectdata *conn, int sockindex,
+                        const void *buffer, size_t len, CURLcode *err)
+{
+  curl_socket_t fd = conn->sock[sockindex];
+  *err = CURLE_OK;
+  return sec_write(conn, fd, buffer, len);
+}
+
+int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
+                      enum protection_level level)
+{
+  /* decoded_len should be size_t or ssize_t but conn->mech->decode returns an
+     int */
+  int decoded_len;
+  char *buf;
+  int ret_code;
+  size_t decoded_sz = 0;
+  CURLcode error;
+
+  DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
+
+  error = Curl_base64_decode(buffer + 4, (unsigned char **)&buf, &decoded_sz);
+  if(error || decoded_sz == 0)
+    return -1;
+
+  if(decoded_sz > (size_t)INT_MAX) {
+    free(buf);
+    return -1;
+  }
+  decoded_len = curlx_uztosi(decoded_sz);
+
+  decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len,
+                                   level, conn);
+  if(decoded_len <= 0) {
+    free(buf);
+    return -1;
+  }
+
+  if(conn->data->set.verbose) {
+    buf[decoded_len] = '\n';
+    Curl_debug(conn->data, CURLINFO_HEADER_IN, buf, decoded_len + 1, conn);
+  }
+
+  buf[decoded_len] = '\0';
+  DEBUGASSERT(decoded_len > 3);
+  if(buf[3] == '-')
+    ret_code = 0;
+  else {
+    /* Check for error? */
+    sscanf(buf, "%d", &ret_code);
+  }
+
+  if(buf[decoded_len - 1] == '\n')
+    buf[decoded_len - 1] = '\0';
+  /* FIXME: Is |buffer| length always greater than |decoded_len|? */
+  strcpy(buffer, buf);
+  free(buf);
+  return ret_code;
+}
+
+/* FIXME: The error code returned here is never checked. */
+static int sec_set_protection_level(struct connectdata *conn)
+{
+  int code;
+  char* pbsz;
+  static unsigned int buffer_size = 1 << 20; /* 1048576 */
+  enum protection_level level = conn->request_data_prot;
+
+  DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
+
+  if(!conn->sec_complete) {
+    infof(conn->data, "Trying to change the protection level after the"
+                      "completion of the data exchange.\n");
+    return -1;
+  }
+
+  /* Bail out if we try to set up the same level */
+  if(conn->data_prot == level)
+    return 0;
+
+  if(level) {
+    code = ftp_send_command(conn, "PBSZ %u", buffer_size);
+    if(code < 0)
+      return -1;
+
+    if(code/100 != 2) {
+      failf(conn->data, "Failed to set the protection's buffer size.");
+      return -1;
+    }
+    conn->buffer_size = buffer_size;
+
+    pbsz = strstr(conn->data->state.buffer, "PBSZ=");
+    if(pbsz) {
+      /* FIXME: Checks for errors in sscanf? */
+      sscanf(pbsz, "PBSZ=%u", &buffer_size);
+      if(buffer_size < conn->buffer_size)
+        conn->buffer_size = buffer_size;
+    }
+  }
+
+  /* Now try to negiociate the protection level. */
+  code = ftp_send_command(conn, "PROT %c", level_to_char(level));
+
+  if(code < 0)
+    return -1;
+
+  if(code/100 != 2) {
+    failf(conn->data, "Failed to set the protection level.");
+    return -1;
+  }
+
+  conn->data_prot = level;
+  if(level == PROT_PRIVATE)
+    conn->command_prot = level;
+
+  return 0;
+}
+
+int
+Curl_sec_request_prot(struct connectdata *conn, const char *level)
+{
+  enum protection_level l = name_to_level(level);
+  if(l == PROT_NONE)
+    return -1;
+  DEBUGASSERT(l > PROT_NONE && l < PROT_LAST);
+  conn->request_data_prot = l;
+  return 0;
+}
+
+static CURLcode choose_mech(struct connectdata *conn)
+{
+  int ret;
+  struct SessionHandle *data = conn->data;
+  const struct Curl_sec_client_mech * const *mech;
+  void *tmp_allocation;
+  const char *mech_name;
+
+  for(mech = mechs; (*mech); ++mech) {
+    mech_name = (*mech)->name;
+    /* We have no mechanism with a NULL name but keep this check */
+    DEBUGASSERT(mech_name != NULL);
+    if(mech_name == NULL) {
+      infof(data, "Skipping mechanism with empty name (%p)\n", (void *)mech);
+      continue;
+    }
+    tmp_allocation = realloc(conn->app_data, (*mech)->size);
+    if(tmp_allocation == NULL) {
+      failf(data, "Failed realloc of size %u", (*mech)->size);
+      mech = NULL;
+      return CURLE_OUT_OF_MEMORY;
+    }
+    conn->app_data = tmp_allocation;
+
+    if((*mech)->init) {
+      ret = (*mech)->init(conn->app_data);
+      if(ret != 0) {
+        infof(data, "Failed initialization for %s. Skipping it.\n", mech_name);
+        continue;
+      }
+    }
+
+    infof(data, "Trying mechanism %s...\n", mech_name);
+    ret = ftp_send_command(conn, "AUTH %s", mech_name);
+    if(ret < 0)
+      /* FIXME: This error is too generic but it is OK for now. */
+      return CURLE_COULDNT_CONNECT;
+
+    if(ret/100 != 3) {
+      switch(ret) {
+      case 504:
+        infof(data, "Mechanism %s is not supported by the server (server "
+                    "returned ftp code: 504).\n", mech_name);
+        break;
+      case 534:
+        infof(data, "Mechanism %s was rejected by the server (server returned "
+                    "ftp code: 534).\n", mech_name);
+        break;
+      default:
+        if(ret/100 == 5) {
+          infof(data, "server does not support the security extensions\n");
+          return CURLE_USE_SSL_FAILED;
+        }
+        break;
+      }
+      continue;
+    }
+
+    /* Authenticate */
+    ret = (*mech)->auth(conn->app_data, conn);
+
+    if(ret == AUTH_CONTINUE)
+      continue;
+    else if(ret != AUTH_OK) {
+      /* Mechanism has dumped the error to stderr, don't error here. */
+      return -1;
+    }
+    DEBUGASSERT(ret == AUTH_OK);
+
+    conn->mech = *mech;
+    conn->sec_complete = 1;
+    conn->recv[FIRSTSOCKET] = sec_recv;
+    conn->send[FIRSTSOCKET] = sec_send;
+    conn->recv[SECONDARYSOCKET] = sec_recv;
+    conn->send[SECONDARYSOCKET] = sec_send;
+    conn->command_prot = PROT_SAFE;
+    /* Set the requested protection level */
+    /* BLOCKING */
+    (void)sec_set_protection_level(conn);
+    break;
+  }
+
+  return mech != NULL ? CURLE_OK : CURLE_FAILED_INIT;
+}
+
+CURLcode
+Curl_sec_login(struct connectdata *conn)
+{
+  return choose_mech(conn);
+}
+
+
+void
+Curl_sec_end(struct connectdata *conn)
+{
+  if(conn->mech != NULL && conn->mech->end)
+    conn->mech->end(conn->app_data);
+  if(conn->app_data) {
+    free(conn->app_data);
+    conn->app_data = NULL;
+  }
+  if(conn->in_buffer.data) {
+    free(conn->in_buffer.data);
+    conn->in_buffer.data = NULL;
+    conn->in_buffer.size = 0;
+    conn->in_buffer.index = 0;
+    /* FIXME: Is this really needed? */
+    conn->in_buffer.eof_flag = 0;
+  }
+  conn->sec_complete = 0;
+  conn->data_prot = PROT_CLEAR;
+  conn->mech = NULL;
+}
+
+#endif /* HAVE_GSSAPI */
+
+#endif /* CURL_DISABLE_FTP */
diff --git a/Utilities/cmcurl/lib/select.c b/Utilities/cmcurl/lib/select.c
new file mode 100644
index 0000000..03c93f3
--- /dev/null
+++ b/Utilities/cmcurl/lib/select.c
@@ -0,0 +1,574 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#if !defined(HAVE_SELECT) && !defined(HAVE_POLL_FINE)
+#error "We can't compile without select() or poll() support."
+#endif
+
+#if defined(__BEOS__)
+/* BeOS has FD_SET defined in socket.h */
+#include <socket.h>
+#endif
+
+#ifdef MSDOS
+#include <dos.h>  /* delay() */
+#endif
+
+#include <curl/curl.h>
+
+#include "urldata.h"
+#include "connect.h"
+#include "select.h"
+#include "warnless.h"
+
+/* Convenience local macros */
+
+#define elapsed_ms  (int)curlx_tvdiff(curlx_tvnow(), initial_tv)
+
+int Curl_ack_eintr = 0;
+#define error_not_EINTR (Curl_ack_eintr || error != EINTR)
+
+/*
+ * Internal function used for waiting a specific amount of ms
+ * in Curl_socket_ready() and Curl_poll() when no file descriptor
+ * is provided to wait on, just being used to delay execution.
+ * WinSock select() and poll() timeout mechanisms need a valid
+ * socket descriptor in a not null file descriptor set to work.
+ * Waiting indefinitely with this function is not allowed, a
+ * zero or negative timeout value will return immediately.
+ * Timeout resolution, accuracy, as well as maximum supported
+ * value is system dependent, neither factor is a citical issue
+ * for the intended use of this function in the library.
+ *
+ * Return values:
+ *   -1 = system call error, invalid timeout value, or interrupted
+ *    0 = specified timeout has elapsed
+ */
+int Curl_wait_ms(int timeout_ms)
+{
+#if !defined(MSDOS) && !defined(USE_WINSOCK)
+#ifndef HAVE_POLL_FINE
+  struct timeval pending_tv;
+#endif
+  struct timeval initial_tv;
+  int pending_ms;
+  int error;
+#endif
+  int r = 0;
+
+  if(!timeout_ms)
+    return 0;
+  if(timeout_ms < 0) {
+    SET_SOCKERRNO(EINVAL);
+    return -1;
+  }
+#if defined(MSDOS)
+  delay(timeout_ms);
+#elif defined(USE_WINSOCK)
+  Sleep(timeout_ms);
+#else
+  pending_ms = timeout_ms;
+  initial_tv = curlx_tvnow();
+  do {
+#if defined(HAVE_POLL_FINE)
+    r = poll(NULL, 0, pending_ms);
+#else
+    pending_tv.tv_sec = pending_ms / 1000;
+    pending_tv.tv_usec = (pending_ms % 1000) * 1000;
+    r = select(0, NULL, NULL, NULL, &pending_tv);
+#endif /* HAVE_POLL_FINE */
+    if(r != -1)
+      break;
+    error = SOCKERRNO;
+    if(error && error_not_EINTR)
+      break;
+    pending_ms = timeout_ms - elapsed_ms;
+    if(pending_ms <= 0) {
+      r = 0;  /* Simulate a "call timed out" case */
+      break;
+    }
+  } while(r == -1);
+#endif /* USE_WINSOCK */
+  if(r)
+    r = -1;
+  return r;
+}
+
+/*
+ * Wait for read or write events on a set of file descriptors. It uses poll()
+ * when a fine poll() is available, in order to avoid limits with FD_SETSIZE,
+ * otherwise select() is used.  An error is returned if select() is being used
+ * and a file descriptor is too large for FD_SETSIZE.
+ *
+ * A negative timeout value makes this function wait indefinitely,
+ * unles no valid file descriptor is given, when this happens the
+ * negative timeout is ignored and the function times out immediately.
+ *
+ * Return values:
+ *   -1 = system call error or fd >= FD_SETSIZE
+ *    0 = timeout
+ *    [bitmask] = action as described below
+ *
+ * CURL_CSELECT_IN - first socket is readable
+ * CURL_CSELECT_IN2 - second socket is readable
+ * CURL_CSELECT_OUT - write socket is writable
+ * CURL_CSELECT_ERR - an error condition occurred
+ */
+int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
+                      curl_socket_t readfd1,
+                      curl_socket_t writefd, /* socket to write to */
+                      long timeout_ms)       /* milliseconds to wait */
+{
+#ifdef HAVE_POLL_FINE
+  struct pollfd pfd[3];
+  int num;
+#else
+  struct timeval pending_tv;
+  struct timeval *ptimeout;
+  fd_set fds_read;
+  fd_set fds_write;
+  fd_set fds_err;
+  curl_socket_t maxfd;
+#endif
+  struct timeval initial_tv = {0,0};
+  int pending_ms = 0;
+  int error;
+  int r;
+  int ret;
+
+  if((readfd0 == CURL_SOCKET_BAD) && (readfd1 == CURL_SOCKET_BAD) &&
+     (writefd == CURL_SOCKET_BAD)) {
+    /* no sockets, just wait */
+    r = Curl_wait_ms((int)timeout_ms);
+    return r;
+  }
+
+  /* Avoid initial timestamp, avoid curlx_tvnow() call, when elapsed
+     time in this function does not need to be measured. This happens
+     when function is called with a zero timeout or a negative timeout
+     value indicating a blocking call should be performed. */
+
+  if(timeout_ms > 0) {
+    pending_ms = (int)timeout_ms;
+    initial_tv = curlx_tvnow();
+  }
+
+#ifdef HAVE_POLL_FINE
+
+  num = 0;
+  if(readfd0 != CURL_SOCKET_BAD) {
+    pfd[num].fd = readfd0;
+    pfd[num].events = POLLRDNORM|POLLIN|POLLRDBAND|POLLPRI;
+    pfd[num].revents = 0;
+    num++;
+  }
+  if(readfd1 != CURL_SOCKET_BAD) {
+    pfd[num].fd = readfd1;
+    pfd[num].events = POLLRDNORM|POLLIN|POLLRDBAND|POLLPRI;
+    pfd[num].revents = 0;
+    num++;
+  }
+  if(writefd != CURL_SOCKET_BAD) {
+    pfd[num].fd = writefd;
+    pfd[num].events = POLLWRNORM|POLLOUT;
+    pfd[num].revents = 0;
+    num++;
+  }
+
+  do {
+    if(timeout_ms < 0)
+      pending_ms = -1;
+    else if(!timeout_ms)
+      pending_ms = 0;
+    r = poll(pfd, num, pending_ms);
+    if(r != -1)
+      break;
+    error = SOCKERRNO;
+    if(error && error_not_EINTR)
+      break;
+    if(timeout_ms > 0) {
+      pending_ms = (int)(timeout_ms - elapsed_ms);
+      if(pending_ms <= 0) {
+        r = 0;  /* Simulate a "call timed out" case */
+        break;
+      }
+    }
+  } while(r == -1);
+
+  if(r < 0)
+    return -1;
+  if(r == 0)
+    return 0;
+
+  ret = 0;
+  num = 0;
+  if(readfd0 != CURL_SOCKET_BAD) {
+    if(pfd[num].revents & (POLLRDNORM|POLLIN|POLLERR|POLLHUP))
+      ret |= CURL_CSELECT_IN;
+    if(pfd[num].revents & (POLLRDBAND|POLLPRI|POLLNVAL))
+      ret |= CURL_CSELECT_ERR;
+    num++;
+  }
+  if(readfd1 != CURL_SOCKET_BAD) {
+    if(pfd[num].revents & (POLLRDNORM|POLLIN|POLLERR|POLLHUP))
+      ret |= CURL_CSELECT_IN2;
+    if(pfd[num].revents & (POLLRDBAND|POLLPRI|POLLNVAL))
+      ret |= CURL_CSELECT_ERR;
+    num++;
+  }
+  if(writefd != CURL_SOCKET_BAD) {
+    if(pfd[num].revents & (POLLWRNORM|POLLOUT))
+      ret |= CURL_CSELECT_OUT;
+    if(pfd[num].revents & (POLLERR|POLLHUP|POLLNVAL))
+      ret |= CURL_CSELECT_ERR;
+  }
+
+  return ret;
+
+#else  /* HAVE_POLL_FINE */
+
+  FD_ZERO(&fds_err);
+  maxfd = (curl_socket_t)-1;
+
+  FD_ZERO(&fds_read);
+  if(readfd0 != CURL_SOCKET_BAD) {
+    VERIFY_SOCK(readfd0);
+    FD_SET(readfd0, &fds_read);
+    FD_SET(readfd0, &fds_err);
+    maxfd = readfd0;
+  }
+  if(readfd1 != CURL_SOCKET_BAD) {
+    VERIFY_SOCK(readfd1);
+    FD_SET(readfd1, &fds_read);
+    FD_SET(readfd1, &fds_err);
+    if(readfd1 > maxfd)
+      maxfd = readfd1;
+  }
+
+  FD_ZERO(&fds_write);
+  if(writefd != CURL_SOCKET_BAD) {
+    VERIFY_SOCK(writefd);
+    FD_SET(writefd, &fds_write);
+    FD_SET(writefd, &fds_err);
+    if(writefd > maxfd)
+      maxfd = writefd;
+  }
+
+  ptimeout = (timeout_ms < 0) ? NULL : &pending_tv;
+
+  do {
+    if(timeout_ms > 0) {
+      pending_tv.tv_sec = pending_ms / 1000;
+      pending_tv.tv_usec = (pending_ms % 1000) * 1000;
+    }
+    else if(!timeout_ms) {
+      pending_tv.tv_sec = 0;
+      pending_tv.tv_usec = 0;
+    }
+
+    /* WinSock select() must not be called with an fd_set that contains zero
+       fd flags, or it will return WSAEINVAL.  But, it also can't be called
+       with no fd_sets at all!  From the documentation:
+
+         Any two of the parameters, readfds, writefds, or exceptfds, can be
+         given as null. At least one must be non-null, and any non-null
+         descriptor set must contain at least one handle to a socket.
+
+       We know that we have at least one bit set in at least two fd_sets in
+       this case, but we may have no bits set in either fds_read or fd_write,
+       so check for that and handle it.  Luckily, with WinSock, we can _also_
+       ask how many bits are set on an fd_set.
+
+       It is unclear why WinSock doesn't just handle this for us instead of
+       calling this an error.
+
+       Note also that WinSock ignores the first argument, so we don't worry
+       about the fact that maxfd is computed incorrectly with WinSock (since
+       curl_socket_t is unsigned in such cases and thus -1 is the largest
+       value).
+    */
+    r = select((int)maxfd + 1,
+#ifndef USE_WINSOCK
+               &fds_read,
+               &fds_write,
+#else
+               fds_read.fd_count ? &fds_read : NULL,
+               fds_write.fd_count ? &fds_write : NULL,
+#endif
+               &fds_err, ptimeout);
+    if(r != -1)
+      break;
+    error = SOCKERRNO;
+    if(error && error_not_EINTR)
+      break;
+    if(timeout_ms > 0) {
+      pending_ms = timeout_ms - elapsed_ms;
+      if(pending_ms <= 0) {
+        r = 0;  /* Simulate a "call timed out" case */
+        break;
+      }
+    }
+  } while(r == -1);
+
+  if(r < 0)
+    return -1;
+  if(r == 0)
+    return 0;
+
+  ret = 0;
+  if(readfd0 != CURL_SOCKET_BAD) {
+    if(FD_ISSET(readfd0, &fds_read))
+      ret |= CURL_CSELECT_IN;
+    if(FD_ISSET(readfd0, &fds_err))
+      ret |= CURL_CSELECT_ERR;
+  }
+  if(readfd1 != CURL_SOCKET_BAD) {
+    if(FD_ISSET(readfd1, &fds_read))
+      ret |= CURL_CSELECT_IN2;
+    if(FD_ISSET(readfd1, &fds_err))
+      ret |= CURL_CSELECT_ERR;
+  }
+  if(writefd != CURL_SOCKET_BAD) {
+    if(FD_ISSET(writefd, &fds_write))
+      ret |= CURL_CSELECT_OUT;
+    if(FD_ISSET(writefd, &fds_err))
+      ret |= CURL_CSELECT_ERR;
+  }
+
+  return ret;
+
+#endif  /* HAVE_POLL_FINE */
+
+}
+
+/*
+ * This is a wrapper around poll().  If poll() does not exist, then
+ * select() is used instead.  An error is returned if select() is
+ * being used and a file descriptor is too large for FD_SETSIZE.
+ * A negative timeout value makes this function wait indefinitely,
+ * unles no valid file descriptor is given, when this happens the
+ * negative timeout is ignored and the function times out immediately.
+ *
+ * Return values:
+ *   -1 = system call error or fd >= FD_SETSIZE
+ *    0 = timeout
+ *    N = number of structures with non zero revent fields
+ */
+int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms)
+{
+#ifndef HAVE_POLL_FINE
+  struct timeval pending_tv;
+  struct timeval *ptimeout;
+  fd_set fds_read;
+  fd_set fds_write;
+  fd_set fds_err;
+  curl_socket_t maxfd;
+#endif
+  struct timeval initial_tv = {0,0};
+  bool fds_none = TRUE;
+  unsigned int i;
+  int pending_ms = 0;
+  int error;
+  int r;
+
+  if(ufds) {
+    for(i = 0; i < nfds; i++) {
+      if(ufds[i].fd != CURL_SOCKET_BAD) {
+        fds_none = FALSE;
+        break;
+      }
+    }
+  }
+  if(fds_none) {
+    r = Curl_wait_ms(timeout_ms);
+    return r;
+  }
+
+  /* Avoid initial timestamp, avoid curlx_tvnow() call, when elapsed
+     time in this function does not need to be measured. This happens
+     when function is called with a zero timeout or a negative timeout
+     value indicating a blocking call should be performed. */
+
+  if(timeout_ms > 0) {
+    pending_ms = timeout_ms;
+    initial_tv = curlx_tvnow();
+  }
+
+#ifdef HAVE_POLL_FINE
+
+  do {
+    if(timeout_ms < 0)
+      pending_ms = -1;
+    else if(!timeout_ms)
+      pending_ms = 0;
+    r = poll(ufds, nfds, pending_ms);
+    if(r != -1)
+      break;
+    error = SOCKERRNO;
+    if(error && error_not_EINTR)
+      break;
+    if(timeout_ms > 0) {
+      pending_ms = timeout_ms - elapsed_ms;
+      if(pending_ms <= 0) {
+        r = 0;  /* Simulate a "call timed out" case */
+        break;
+      }
+    }
+  } while(r == -1);
+
+  if(r < 0)
+    return -1;
+  if(r == 0)
+    return 0;
+
+  for(i = 0; i < nfds; i++) {
+    if(ufds[i].fd == CURL_SOCKET_BAD)
+      continue;
+    if(ufds[i].revents & POLLHUP)
+      ufds[i].revents |= POLLIN;
+    if(ufds[i].revents & POLLERR)
+      ufds[i].revents |= (POLLIN|POLLOUT);
+  }
+
+#else  /* HAVE_POLL_FINE */
+
+  FD_ZERO(&fds_read);
+  FD_ZERO(&fds_write);
+  FD_ZERO(&fds_err);
+  maxfd = (curl_socket_t)-1;
+
+  for(i = 0; i < nfds; i++) {
+    ufds[i].revents = 0;
+    if(ufds[i].fd == CURL_SOCKET_BAD)
+      continue;
+    VERIFY_SOCK(ufds[i].fd);
+    if(ufds[i].events & (POLLIN|POLLOUT|POLLPRI|
+                          POLLRDNORM|POLLWRNORM|POLLRDBAND)) {
+      if(ufds[i].fd > maxfd)
+        maxfd = ufds[i].fd;
+      if(ufds[i].events & (POLLRDNORM|POLLIN))
+        FD_SET(ufds[i].fd, &fds_read);
+      if(ufds[i].events & (POLLWRNORM|POLLOUT))
+        FD_SET(ufds[i].fd, &fds_write);
+      if(ufds[i].events & (POLLRDBAND|POLLPRI))
+        FD_SET(ufds[i].fd, &fds_err);
+    }
+  }
+
+#ifdef USE_WINSOCK
+  /* WinSock select() can't handle zero events.  See the comment about this in
+     Curl_check_socket(). */
+  if(fds_read.fd_count == 0 && fds_write.fd_count == 0
+     && fds_err.fd_count == 0) {
+    r = Curl_wait_ms(timeout_ms);
+    return r;
+  }
+#endif
+
+  ptimeout = (timeout_ms < 0) ? NULL : &pending_tv;
+
+  do {
+    if(timeout_ms > 0) {
+      pending_tv.tv_sec = pending_ms / 1000;
+      pending_tv.tv_usec = (pending_ms % 1000) * 1000;
+    }
+    else if(!timeout_ms) {
+      pending_tv.tv_sec = 0;
+      pending_tv.tv_usec = 0;
+    }
+    r = select((int)maxfd + 1,
+#ifndef USE_WINSOCK
+               &fds_read, &fds_write, &fds_err,
+#else
+               /* WinSock select() can't handle fd_sets with zero bits set, so
+                  don't give it such arguments.  See the comment about this in
+                  Curl_check_socket().
+               */
+               fds_read.fd_count ? &fds_read : NULL,
+               fds_write.fd_count ? &fds_write : NULL,
+               fds_err.fd_count ? &fds_err : NULL,
+#endif
+               ptimeout);
+    if(r != -1)
+      break;
+    error = SOCKERRNO;
+    if(error && error_not_EINTR)
+      break;
+    if(timeout_ms > 0) {
+      pending_ms = timeout_ms - elapsed_ms;
+      if(pending_ms <= 0) {
+        r = 0;  /* Simulate a "call timed out" case */
+        break;
+      }
+    }
+  } while(r == -1);
+
+  if(r < 0)
+    return -1;
+  if(r == 0)
+    return 0;
+
+  r = 0;
+  for(i = 0; i < nfds; i++) {
+    ufds[i].revents = 0;
+    if(ufds[i].fd == CURL_SOCKET_BAD)
+      continue;
+    if(FD_ISSET(ufds[i].fd, &fds_read))
+      ufds[i].revents |= POLLIN;
+    if(FD_ISSET(ufds[i].fd, &fds_write))
+      ufds[i].revents |= POLLOUT;
+    if(FD_ISSET(ufds[i].fd, &fds_err))
+      ufds[i].revents |= POLLPRI;
+    if(ufds[i].revents != 0)
+      r++;
+  }
+
+#endif  /* HAVE_POLL_FINE */
+
+  return r;
+}
+
+#ifdef TPF
+/*
+ * This is a replacement for select() on the TPF platform.
+ * It is used whenever libcurl calls select().
+ * The call below to tpf_process_signals() is required because
+ * TPF's select calls are not signal interruptible.
+ *
+ * Return values are the same as select's.
+ */
+int tpf_select_libcurl(int maxfds, fd_set* reads, fd_set* writes,
+                       fd_set* excepts, struct timeval* tv)
+{
+   int rc;
+
+   rc = tpf_select_bsd(maxfds, reads, writes, excepts, tv);
+   tpf_process_signals();
+   return(rc);
+}
+#endif /* TPF */
diff --git a/Utilities/cmcurl/lib/select.h b/Utilities/cmcurl/lib/select.h
new file mode 100644
index 0000000..c00afe1
--- /dev/null
+++ b/Utilities/cmcurl/lib/select.h
@@ -0,0 +1,114 @@
+#ifndef HEADER_CURL_SELECT_H
+#define HEADER_CURL_SELECT_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_SYS_POLL_H
+#include <sys/poll.h>
+#elif defined(HAVE_POLL_H)
+#include <poll.h>
+#endif
+
+/*
+ * Definition of pollfd struct and constants for platforms lacking them.
+ */
+
+#if !defined(HAVE_STRUCT_POLLFD) && \
+    !defined(HAVE_SYS_POLL_H) && \
+    !defined(HAVE_POLL_H)
+
+#define POLLIN      0x01
+#define POLLPRI     0x02
+#define POLLOUT     0x04
+#define POLLERR     0x08
+#define POLLHUP     0x10
+#define POLLNVAL    0x20
+
+struct pollfd
+{
+    curl_socket_t fd;
+    short   events;
+    short   revents;
+};
+
+#endif
+
+#ifndef POLLRDNORM
+#define POLLRDNORM POLLIN
+#endif
+
+#ifndef POLLWRNORM
+#define POLLWRNORM POLLOUT
+#endif
+
+#ifndef POLLRDBAND
+#define POLLRDBAND POLLPRI
+#endif
+
+/* there are three CSELECT defines that are defined in the public header that
+   are exposed to users, but this *IN2 bit is only ever used internally and
+   therefore defined here */
+#define CURL_CSELECT_IN2 (CURL_CSELECT_ERR << 1)
+
+int Curl_socket_check(curl_socket_t readfd, curl_socket_t readfd2,
+                      curl_socket_t writefd,
+                      long timeout_ms);
+
+/* provide the former API internally */
+#define Curl_socket_ready(x,y,z) \
+  Curl_socket_check(x, CURL_SOCKET_BAD, y, z)
+
+int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms);
+
+/* On non-DOS and non-Winsock platforms, when Curl_ack_eintr is set,
+ * EINTR condition is honored and function might exit early without
+ * awaiting full timeout.  Otherwise EINTR will be ignored and full
+ * timeout will elapse. */
+extern int Curl_ack_eintr;
+
+int Curl_wait_ms(int timeout_ms);
+
+#ifdef TPF
+int tpf_select_libcurl(int maxfds, fd_set* reads, fd_set* writes,
+                       fd_set* excepts, struct timeval* tv);
+#endif
+
+/* Winsock and TPF sockets are not in range [0..FD_SETSIZE-1], which
+   unfortunately makes it impossible for us to easily check if they're valid
+*/
+#if defined(USE_WINSOCK) || defined(TPF)
+#define VALID_SOCK(x) 1
+#define VERIFY_SOCK(x) Curl_nop_stmt
+#else
+#define VALID_SOCK(s) (((s) >= 0) && ((s) < FD_SETSIZE))
+#define VERIFY_SOCK(x) do { \
+  if(!VALID_SOCK(x)) { \
+    SET_SOCKERRNO(EINVAL); \
+    return -1; \
+  } \
+} WHILE_FALSE
+#endif
+
+#endif /* HEADER_CURL_SELECT_H */
+
diff --git a/Utilities/cmcurl/sendf.c b/Utilities/cmcurl/lib/sendf.c
index 500bf66..4a87c79 100644
--- a/Utilities/cmcurl/sendf.c
+++ b/Utilities/cmcurl/lib/sendf.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,129 +18,29 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <errno.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h> /* required for send() & recv() prototypes */
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
+#include "curl_setup.h"
 
 #include <curl/curl.h>
+
 #include "urldata.h"
 #include "sendf.h"
-#include "connect.h" /* for the Curl_sockerrno() proto */
-#include "sslgen.h"
+#include "connect.h"
+#include "vtls/vtls.h"
 #include "ssh.h"
 #include "multiif.h"
+#include "non-ascii.h"
 
 #define _MPRINTF_REPLACE /* use the internal *printf() functions */
 #include <curl/mprintf.h>
 
-#ifdef HAVE_KRB4
-#include "krb4.h"
-#else
-#define Curl_sec_send(a,b,c,d) -1
-#define Curl_sec_read(a,b,c,d) -1
-#endif
-
-#include <string.h>
-#include "memory.h"
+#include "curl_memory.h"
 #include "strerror.h"
-#include "easyif.h" /* for the Curl_convert_from_network prototype */
+
 /* The last #include file should be: */
 #include "memdebug.h"
 
-/* returns last node in linked list */
-static struct curl_slist *slist_get_last(struct curl_slist *list)
-{
-  struct curl_slist     *item;
-
-  /* if caller passed us a NULL, return now */
-  if (!list)
-    return NULL;
-
-  /* loop through to find the last item */
-  item = list;
-  while (item->next) {
-    item = item->next;
-  }
-  return item;
-}
-
-/*
- * curl_slist_append() appends a string to the linked list. It always retunrs
- * the address of the first record, so that you can sure this function as an
- * initialization function as well as an append function. If you find this
- * bothersome, then simply create a separate _init function and call it
- * appropriately from within the proram.
- */
-struct curl_slist *curl_slist_append(struct curl_slist *list,
-                                     const char *data)
-{
-  struct curl_slist     *last;
-  struct curl_slist     *new_item;
-
-  new_item = (struct curl_slist *) malloc(sizeof(struct curl_slist));
-  if (new_item) {
-    char *dup = strdup(data);
-    if(dup) {
-      new_item->next = NULL;
-      new_item->data = dup;
-    }
-    else {
-      free(new_item);
-      return NULL;
-    }
-  }
-  else
-    return NULL;
-
-  if (list) {
-    last = slist_get_last(list);
-    last->next = new_item;
-    return list;
-  }
-
-  /* if this is the first item, then new_item *is* the list */
-  return new_item;
-}
-
-/* be nice and clean up resources */
-void curl_slist_free_all(struct curl_slist *list)
-{
-  struct curl_slist     *next;
-  struct curl_slist     *item;
-
-  if (!list)
-    return;
-
-  item = list;
-  do {
-    next = item->next;
-
-    if (item->data) {
-      free(item->data);
-    }
-    free(item);
-    item = next;
-  } while (next);
-}
-
 #ifdef CURL_DO_LINEEND_CONV
 /*
  * convert_lineends() changes CRLF (\r\n) end-of-line markers to a single LF
@@ -154,17 +54,17 @@ static size_t convert_lineends(struct SessionHandle *data,
   char *inPtr, *outPtr;
 
   /* sanity check */
-  if ((startPtr == NULL) || (size < 1)) {
+  if((startPtr == NULL) || (size < 1)) {
     return(size);
   }
 
-  if (data->state.prev_block_had_trailing_cr == TRUE) {
+  if(data->state.prev_block_had_trailing_cr) {
     /* The previous block of incoming data
        had a trailing CR, which was turned into a LF. */
-    if (*startPtr == '\n') {
+    if(*startPtr == '\n') {
       /* This block of incoming data starts with the
          previous block's LF so get rid of it */
-      memcpy(startPtr, startPtr+1, size-1);
+      memmove(startPtr, startPtr+1, size-1);
       size--;
       /* and it wasn't a bare CR but a CRLF conversion instead */
       data->state.crlf_conversions++;
@@ -174,11 +74,11 @@ static size_t convert_lineends(struct SessionHandle *data,
 
   /* find 1st CR, if any */
   inPtr = outPtr = memchr(startPtr, '\r', size);
-  if (inPtr) {
+  if(inPtr) {
     /* at least one CR, now look for CRLF */
-    while (inPtr < (startPtr+size-1)) {
+    while(inPtr < (startPtr+size-1)) {
       /* note that it's size-1, so we'll never look past the last byte */
-      if (memcmp(inPtr, "\r\n", 2) == 0) {
+      if(memcmp(inPtr, "\r\n", 2) == 0) {
         /* CRLF found, bump past the CR and copy the NL */
         inPtr++;
         *outPtr = *inPtr;
@@ -186,7 +86,7 @@ static size_t convert_lineends(struct SessionHandle *data,
         data->state.crlf_conversions++;
       }
       else {
-        if (*inPtr == '\r') {
+        if(*inPtr == '\r') {
           /* lone CR, move LF instead */
           *outPtr = '\n';
         }
@@ -199,9 +99,9 @@ static size_t convert_lineends(struct SessionHandle *data,
       inPtr++;
     } /* end of while loop */
 
-    if (inPtr < startPtr+size) {
+    if(inPtr < startPtr+size) {
       /* handle last byte */
-      if (*inPtr == '\r') {
+      if(*inPtr == '\r') {
         /* deal with a CR at the end of the buffer */
         *outPtr = '\n'; /* copy a NL instead */
         /* note that a CRLF might be split across two blocks */
@@ -212,12 +112,11 @@ static size_t convert_lineends(struct SessionHandle *data,
         *outPtr = *inPtr;
       }
       outPtr++;
-      inPtr++;
     }
-    if (outPtr < startPtr+size) {
+    if(outPtr < startPtr+size)
       /* tidy up by null terminating the now shorter data */
       *outPtr = '\0';
-    }
+
     return(outPtr - startPtr);
   }
   return(size);
@@ -231,9 +130,9 @@ void Curl_infof(struct SessionHandle *data, const char *fmt, ...)
   if(data && data->set.verbose) {
     va_list ap;
     size_t len;
-    char print_buffer[1024 + 1];
+    char print_buffer[2048 + 1];
     va_start(ap, fmt);
-    vsnprintf(print_buffer, 1024, fmt, ap);
+    vsnprintf(print_buffer, sizeof(print_buffer), fmt, ap);
     va_end(ap);
     len = strlen(print_buffer);
     Curl_debug(data, CURLINFO_TEXT, print_buffer, len, NULL);
@@ -289,7 +188,7 @@ CURLcode Curl_sendf(curl_socket_t sockfd, struct connectdata *conn,
   write_len = strlen(s);
   sptr = s;
 
-  while (1) {
+  for(;;) {
     /* Write the buffer to the socket */
     res = Curl_write(conn, sockfd, sptr, write_len, &bytes_written);
 
@@ -314,16 +213,55 @@ CURLcode Curl_sendf(curl_socket_t sockfd, struct connectdata *conn,
   return res;
 }
 
-static ssize_t Curl_plain_send(struct connectdata *conn,
-                               int num,
-                               void *mem,
-                               size_t len)
+/*
+ * Curl_write() is an internal write function that sends data to the
+ * server. Works with plain sockets, SCP, SSL or kerberos.
+ *
+ * If the write would block (CURLE_AGAIN), we return CURLE_OK and
+ * (*written == 0). Otherwise we return regular CURLcode value.
+ */
+CURLcode Curl_write(struct connectdata *conn,
+                    curl_socket_t sockfd,
+                    const void *mem,
+                    size_t len,
+                    ssize_t *written)
+{
+  ssize_t bytes_written;
+  CURLcode curlcode = CURLE_OK;
+  int num = (sockfd == conn->sock[SECONDARYSOCKET]);
+
+  bytes_written = conn->send[num](conn, num, mem, len, &curlcode);
+
+  *written = bytes_written;
+  if(bytes_written >= 0)
+    /* we completely ignore the curlcode value when subzero is not returned */
+    return CURLE_OK;
+
+  /* handle CURLE_AGAIN or a send failure */
+  switch(curlcode) {
+  case CURLE_AGAIN:
+    *written = 0;
+    return CURLE_OK;
+
+  case CURLE_OK:
+    /* general send failure */
+    return CURLE_SEND_ERROR;
+
+  default:
+    /* we got a specific curlcode, forward it */
+    return curlcode;
+  }
+}
+
+ssize_t Curl_send_plain(struct connectdata *conn, int num,
+                        const void *mem, size_t len, CURLcode *code)
 {
   curl_socket_t sockfd = conn->sock[num];
   ssize_t bytes_written = swrite(sockfd, mem, len);
 
+  *code = CURLE_OK;
   if(-1 == bytes_written) {
-    int err = Curl_sockerrno();
+    int err = SOCKERRNO;
 
     if(
 #ifdef WSAEWOULDBLOCK
@@ -335,55 +273,115 @@ static ssize_t Curl_plain_send(struct connectdata *conn,
          treat both error codes the same here */
       (EWOULDBLOCK == err) || (EAGAIN == err) || (EINTR == err)
 #endif
-      )
+      ) {
       /* this is just a case of EWOULDBLOCK */
       bytes_written=0;
-    else
+      *code = CURLE_AGAIN;
+    }
+    else {
       failf(conn->data, "Send failure: %s",
             Curl_strerror(conn, err));
+      conn->data->state.os_errno = err;
+      *code = CURLE_SEND_ERROR;
+    }
   }
   return bytes_written;
 }
 
 /*
- * Curl_write() is an internal write function that sends data to the
- * server. Works with plain sockets, SCP, SSL or kerberos.
+ * Curl_write_plain() is an internal write function that sends data to the
+ * server using plain sockets only. Otherwise meant to have the exact same
+ * proto as Curl_write()
  */
-CURLcode Curl_write(struct connectdata *conn,
-                    curl_socket_t sockfd,
-                    void *mem,
-                    size_t len,
-                    ssize_t *written)
+CURLcode Curl_write_plain(struct connectdata *conn,
+                          curl_socket_t sockfd,
+                          const void *mem,
+                          size_t len,
+                          ssize_t *written)
 {
   ssize_t bytes_written;
   CURLcode retcode;
   int num = (sockfd == conn->sock[SECONDARYSOCKET]);
 
-  if (conn->ssl[num].use)
-    /* only TRUE if SSL enabled */
-    bytes_written = Curl_ssl_send(conn, num, mem, len);
-#ifdef USE_LIBSSH2
-  else if (conn->protocol & PROT_SCP)
-    bytes_written = Curl_scp_send(conn, num, mem, len);
-  else if (conn->protocol & PROT_SFTP)
-    bytes_written = Curl_sftp_send(conn, num, mem, len);
-#endif /* !USE_LIBSSH2 */
-  else if(conn->sec_complete)
-    /* only TRUE if krb4 enabled */
-    bytes_written = Curl_sec_send(conn, num, mem, len);
-  else
-    bytes_written = Curl_plain_send(conn, num, mem, len);
+  bytes_written = Curl_send_plain(conn, num, mem, len, &retcode);
 
   *written = bytes_written;
-  retcode = (-1 != bytes_written)?CURLE_OK:CURLE_SEND_ERROR;
 
   return retcode;
 }
 
-/* client_write() sends data to the write callback(s)
+ssize_t Curl_recv_plain(struct connectdata *conn, int num, char *buf,
+                        size_t len, CURLcode *code)
+{
+  curl_socket_t sockfd = conn->sock[num];
+  ssize_t nread = sread(sockfd, buf, len);
+
+  *code = CURLE_OK;
+  if(-1 == nread) {
+    int err = SOCKERRNO;
+
+    if(
+#ifdef WSAEWOULDBLOCK
+      /* This is how Windows does it */
+      (WSAEWOULDBLOCK == err)
+#else
+      /* errno may be EWOULDBLOCK or on some systems EAGAIN when it returned
+         due to its inability to send off data without blocking. We therefor
+         treat both error codes the same here */
+      (EWOULDBLOCK == err) || (EAGAIN == err) || (EINTR == err)
+#endif
+      ) {
+      /* this is just a case of EWOULDBLOCK */
+      *code = CURLE_AGAIN;
+    }
+    else {
+      failf(conn->data, "Recv failure: %s",
+            Curl_strerror(conn, err));
+      conn->data->state.os_errno = err;
+      *code = CURLE_RECV_ERROR;
+    }
+  }
+  return nread;
+}
+
+static CURLcode pausewrite(struct SessionHandle *data,
+                           int type, /* what type of data */
+                           const char *ptr,
+                           size_t len)
+{
+  /* signalled to pause sending on this connection, but since we have data
+     we want to send we need to dup it to save a copy for when the sending
+     is again enabled */
+  struct SingleRequest *k = &data->req;
+  char *dupl = malloc(len);
+  if(!dupl)
+    return CURLE_OUT_OF_MEMORY;
+
+  memcpy(dupl, ptr, len);
+
+  /* store this information in the state struct for later use */
+  data->state.tempwrite = dupl;
+  data->state.tempwritesize = len;
+  data->state.tempwritetype = type;
+
+  /* mark the connection as RECV paused */
+  k->keepon |= KEEP_RECV_PAUSE;
+
+  DEBUGF(infof(data, "Pausing with %zu bytes in buffer for type %02x\n",
+               len, type));
+
+  return CURLE_OK;
+}
+
+
+/* Curl_client_write() sends data to the write callback(s)
 
    The bit pattern defines to what "streams" to write to. Body and/or header.
    The defines are in sendf.h of course.
+
+   If CURL_DO_LINEEND_CONV is enabled, data is converted IN PLACE to the
+   local character encoding.  This is a problem and should be changed in
+   the future to leave the original data alone.
  */
 CURLcode Curl_client_write(struct connectdata *conn,
                            int type,
@@ -393,24 +391,44 @@ CURLcode Curl_client_write(struct connectdata *conn,
   struct SessionHandle *data = conn->data;
   size_t wrote;
 
-  if (data->state.cancelled) {
-      /* We just suck everything into a black hole */
-      return CURLE_OK;
-  }
-
   if(0 == len)
     len = strlen(ptr);
 
+  /* If reading is actually paused, we're forced to append this chunk of data
+     to the already held data, but only if it is the same type as otherwise it
+     can't work and it'll return error instead. */
+  if(data->req.keepon & KEEP_RECV_PAUSE) {
+    size_t newlen;
+    char *newptr;
+    if(type != data->state.tempwritetype)
+      /* major internal confusion */
+      return CURLE_RECV_ERROR;
+
+    DEBUGASSERT(data->state.tempwrite);
+
+    /* figure out the new size of the data to save */
+    newlen = len + data->state.tempwritesize;
+    /* allocate the new memory area */
+    newptr = realloc(data->state.tempwrite, newlen);
+    if(!newptr)
+      return CURLE_OUT_OF_MEMORY;
+    /* copy the new data to the end of the new area */
+    memcpy(newptr + data->state.tempwritesize, ptr, len);
+    /* update the pointer and the size */
+    data->state.tempwrite = newptr;
+    data->state.tempwritesize = newlen;
+
+    return CURLE_OK;
+  }
+
   if(type & CLIENTWRITE_BODY) {
-    if((conn->protocol&PROT_FTP) && conn->proto.ftpc.transfertype == 'A') {
-#ifdef CURL_DOES_CONVERSIONS
+    if((conn->handler->protocol&PROTO_FAMILY_FTP) &&
+       conn->proto.ftpc.transfertype == 'A') {
       /* convert from the network encoding */
-      size_t rc;
-      rc = Curl_convert_from_network(data, ptr, len);
+      CURLcode rc = Curl_convert_from_network(data, ptr, len);
       /* Curl_convert_from_network calls failf if unsuccessful */
-      if(rc != CURLE_OK)
+      if(rc)
         return rc;
-#endif /* CURL_DOES_CONVERSIONS */
 
 #ifdef CURL_DO_LINEEND_CONV
       /* convert end-of-line markers */
@@ -419,15 +437,26 @@ CURLcode Curl_client_write(struct connectdata *conn,
     }
     /* If the previous block of data ended with CR and this block of data is
        just a NL, then the length might be zero */
-    if (len) {
-      wrote = data->set.fwrite(ptr, 1, len, data->set.out);
+    if(len) {
+      wrote = data->set.fwrite_func(ptr, 1, len, data->set.out);
     }
     else {
       wrote = len;
     }
 
-    if(wrote != len) {
-      failf (data, "Failed writing body");
+    if(CURL_WRITEFUNC_PAUSE == wrote) {
+      if(conn->handler->flags & PROTOPT_NONETWORK) {
+        /* Protocols that work without network cannot be paused. This is
+           actually only FILE:// just now, and it can't pause since the
+           transfer isn't done using the "normal" procedure. */
+        failf(data, "Write callback asked for PAUSE when not supported!");
+        return CURLE_WRITE_ERROR;
+      }
+      else
+        return pausewrite(data, type, ptr, len);
+    }
+    else if(wrote != len) {
+      failf(data, "Failed writing body (%zu != %zu)", wrote, len);
       return CURLE_WRITE_ERROR;
     }
   }
@@ -439,12 +468,18 @@ CURLcode Curl_client_write(struct connectdata *conn,
      * header callback function (added after version 7.7.1).
      */
     curl_write_callback writeit=
-      data->set.fwrite_header?data->set.fwrite_header:data->set.fwrite;
+      data->set.fwrite_header?data->set.fwrite_header:data->set.fwrite_func;
 
     /* Note: The header is in the host encoding
        regardless of the ftp transfer mode (ASCII/Image) */
 
     wrote = writeit(ptr, 1, len, data->set.writeheader);
+    if(CURL_WRITEFUNC_PAUSE == wrote)
+      /* here we pass in the HEADER bit only since if this was body as well
+         then it was passed already and clearly that didn't trigger the pause,
+         so this is saved for later with the HEADER bit only */
+      return pausewrite(data, CLIENTWRITE_HEADER, ptr, len);
+
     if(wrote != len) {
       failf (data, "Failed writing header");
       return CURLE_WRITE_ERROR;
@@ -454,28 +489,47 @@ CURLcode Curl_client_write(struct connectdata *conn,
   return CURLE_OK;
 }
 
-#ifndef MIN
-#define MIN(a,b) ((a) < (b) ? (a) : (b))
+CURLcode Curl_read_plain(curl_socket_t sockfd,
+                         char *buf,
+                         size_t bytesfromsocket,
+                         ssize_t *n)
+{
+  ssize_t nread = sread(sockfd, buf, bytesfromsocket);
+
+  if(-1 == nread) {
+    int err = SOCKERRNO;
+#ifdef USE_WINSOCK
+    if(WSAEWOULDBLOCK == err)
+#else
+    if((EWOULDBLOCK == err) || (EAGAIN == err) || (EINTR == err))
 #endif
+      return CURLE_AGAIN;
+    else
+      return CURLE_RECV_ERROR;
+  }
+
+  /* we only return number of bytes read when we return OK */
+  *n = nread;
+  return CURLE_OK;
+}
 
 /*
  * Internal read-from-socket function. This is meant to deal with plain
  * sockets, SSL sockets and kerberos sockets.
  *
- * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
- * a regular CURLcode value.
+ * Returns a regular CURLcode value.
  */
-int Curl_read(struct connectdata *conn, /* connection data */
-              curl_socket_t sockfd,     /* read from this socket */
-              char *buf,                /* store read data here */
-              size_t sizerequested,     /* max amount to read */
-              ssize_t *n)               /* amount bytes read */
+CURLcode Curl_read(struct connectdata *conn, /* connection data */
+                   curl_socket_t sockfd,     /* read from this socket */
+                   char *buf,                /* store read data here */
+                   size_t sizerequested,     /* max amount to read */
+                   ssize_t *n)               /* amount bytes read */
 {
-  ssize_t nread;
+  CURLcode curlcode = CURLE_RECV_ERROR;
+  ssize_t nread = 0;
   size_t bytesfromsocket = 0;
   char *buffertofill = NULL;
-  bool pipelining = (bool)(conn->data->multi &&
-                     Curl_multi_canPipeline(conn->data->multi));
+  bool pipelining = Curl_multi_pipeline_enabled(conn->data->multi);
 
   /* Set 'num' to 0 or 1, depending on which socket that has been sent here.
      If it is the second socket, we set num to 1. Otherwise to 0. This lets
@@ -486,10 +540,11 @@ int Curl_read(struct connectdata *conn, /* connection data */
 
   /* If session can pipeline, check connection buffer  */
   if(pipelining) {
-    size_t bytestocopy = MIN(conn->buf_len - conn->read_pos, sizerequested);
+    size_t bytestocopy = CURLMIN(conn->buf_len - conn->read_pos,
+                                 sizerequested);
 
     /* Copy from our master buffer first if we have some unread data there*/
-    if (bytestocopy > 0) {
+    if(bytestocopy > 0) {
       memcpy(buf, conn->master_buffer + conn->read_pos, bytestocopy);
       conn->read_pos += bytestocopy;
       conn->bits.stream_was_rewound = FALSE;
@@ -499,59 +554,27 @@ int Curl_read(struct connectdata *conn, /* connection data */
     }
     /* If we come here, it means that there is no data to read from the buffer,
      * so we read from the socket */
-    bytesfromsocket = MIN(sizerequested, sizeof(conn->master_buffer));
+    bytesfromsocket = CURLMIN(sizerequested, BUFSIZE * sizeof (char));
     buffertofill = conn->master_buffer;
   }
   else {
-    bytesfromsocket = MIN((long)sizerequested, conn->data->set.buffer_size ?
-                          conn->data->set.buffer_size : BUFSIZE);
+    bytesfromsocket = CURLMIN((long)sizerequested,
+                              conn->data->set.buffer_size ?
+                              conn->data->set.buffer_size : BUFSIZE);
     buffertofill = buf;
   }
 
-  if(conn->ssl[num].use) {
-    nread = Curl_ssl_recv(conn, num, buffertofill, bytesfromsocket);
-
-    if(nread == -1) {
-      return -1; /* -1 from Curl_ssl_recv() means EWOULDBLOCK */
-    }
-  }
-#ifdef USE_LIBSSH2
-  else if (conn->protocol & PROT_SCP) {
-    nread = Curl_scp_recv(conn, num, buffertofill, bytesfromsocket);
-    /* TODO: return CURLE_OK also for nread <= 0
-             read failures and timeouts ? */
-  }
-  else if (conn->protocol & PROT_SFTP) {
-    nread = Curl_sftp_recv(conn, num, buffertofill, bytesfromsocket);
-  }
-#endif /* !USE_LIBSSH2 */
-  else {
-    if(conn->sec_complete)
-      nread = Curl_sec_read(conn, sockfd, buffertofill,
-                            bytesfromsocket);
-    else
-      nread = sread(sockfd, buffertofill, bytesfromsocket);
+  nread = conn->recv[num](conn, num, buffertofill, bytesfromsocket, &curlcode);
+  if(nread < 0)
+    return curlcode;
 
-    if(-1 == nread) {
-      int err = Curl_sockerrno();
-#ifdef USE_WINSOCK
-      if(WSAEWOULDBLOCK == err)
-#else
-      if((EWOULDBLOCK == err) || (EAGAIN == err) || (EINTR == err))
-#endif
-        return -1;
-    }
+  if(pipelining) {
+    memcpy(buf, conn->master_buffer, nread);
+    conn->buf_len = nread;
+    conn->read_pos = nread;
   }
 
-  if (nread >= 0) {
-    if(pipelining) {
-      memcpy(buf, conn->master_buffer, nread);
-      conn->buf_len = nread;
-      conn->read_pos = nread;
-    }
-
-    *n += nread;
-  }
+  *n += nread;
 
   return CURLE_OK;
 }
@@ -560,7 +583,7 @@ int Curl_read(struct connectdata *conn, /* connection data */
 static int showit(struct SessionHandle *data, curl_infotype type,
                   char *ptr, size_t size)
 {
-  static const char * const s_infotype[CURLINFO_END] = {
+  static const char s_infotype[CURLINFO_END][3] = {
     "* ", "< ", "> ", "{ ", "} ", "{ ", "} " };
 
 #ifdef CURL_DOES_CONVERSIONS
@@ -571,7 +594,7 @@ static int showit(struct SessionHandle *data, curl_infotype type,
   case CURLINFO_HEADER_OUT:
     /* assume output headers are ASCII */
     /* copy the data into my buffer so the original is unchanged */
-    if (size > BUFSIZE) {
+    if(size > BUFSIZE) {
       size = BUFSIZE; /* truncate if necessary */
       buf[BUFSIZE] = '\0';
     }
@@ -585,7 +608,7 @@ static int showit(struct SessionHandle *data, curl_infotype type,
       size_t i;
       for(i = 0; i < size-4; i++) {
         if(memcmp(&buf[i], "\x0d\x0a\x0d\x0a", 4) == 0) {
-          /* convert everthing through this CRLFCRLF but no further */
+          /* convert everything through this CRLFCRLF but no further */
           conv_size = i + 4;
           break;
         }
diff --git a/Utilities/cmcurl/sendf.h b/Utilities/cmcurl/lib/sendf.h
index 7877df8..39489e4 100644
--- a/Utilities/cmcurl/sendf.h
+++ b/Utilities/cmcurl/lib/sendf.h
@@ -1,5 +1,5 @@
-#ifndef __SENDF_H
-#define __SENDF_H
+#ifndef HEADER_CURL_SENDF_H
+#define HEADER_CURL_SENDF_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,53 +20,71 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
+#include "curl_setup.h"
+
 CURLcode Curl_sendf(curl_socket_t sockfd, struct connectdata *,
                     const char *fmt, ...);
 void Curl_infof(struct SessionHandle *, const char *fmt, ...);
 void Curl_failf(struct SessionHandle *, const char *fmt, ...);
 
 #if defined(CURL_DISABLE_VERBOSE_STRINGS)
-#if defined(__GNUC__)
-/* This style of variable argument macros is a gcc extension */
-#define infof(x...) /*ignore*/
+
+#if defined(HAVE_VARIADIC_MACROS_C99)
+#define infof(...)  Curl_nop_stmt
+#elif defined(HAVE_VARIADIC_MACROS_GCC)
+#define infof(x...)  Curl_nop_stmt
 #else
-/* C99 compilers could use this if we could detect them */
-/*#define infof(...) */
-/* Cast the args to void to make them a noop, side effects notwithstanding */
 #define infof (void)
 #endif
-#else
+
+#else /* CURL_DISABLE_VERBOSE_STRINGS */
+
 #define infof Curl_infof
-#endif
+
+#endif /* CURL_DISABLE_VERBOSE_STRINGS */
+
 #define failf Curl_failf
 
-#define CLIENTWRITE_BODY   1
-#define CLIENTWRITE_HEADER 2
+#define CLIENTWRITE_BODY   (1<<0)
+#define CLIENTWRITE_HEADER (1<<1)
 #define CLIENTWRITE_BOTH   (CLIENTWRITE_BODY|CLIENTWRITE_HEADER)
 
 CURLcode Curl_client_write(struct connectdata *conn, int type, char *ptr,
                            size_t len);
 
-void Curl_read_rewind(struct connectdata *conn,
-                      size_t extraBytesRead);
+/* internal read-function, does plain socket only */
+CURLcode Curl_read_plain(curl_socket_t sockfd,
+                         char *buf,
+                         size_t bytesfromsocket,
+                         ssize_t *n);
+
+ssize_t Curl_recv_plain(struct connectdata *conn, int num, char *buf,
+                        size_t len, CURLcode *code);
+ssize_t Curl_send_plain(struct connectdata *conn, int num,
+                        const void *mem, size_t len, CURLcode *code);
 
 /* internal read-function, does plain socket, SSL and krb4 */
-int Curl_read(struct connectdata *conn, curl_socket_t sockfd,
-              char *buf, size_t buffersize,
-              ssize_t *n);
-/* internal write-function, does plain socket, SSL and krb4 */
+CURLcode Curl_read(struct connectdata *conn, curl_socket_t sockfd,
+                   char *buf, size_t buffersize,
+                   ssize_t *n);
+/* internal write-function, does plain socket, SSL, SCP, SFTP and krb4 */
 CURLcode Curl_write(struct connectdata *conn,
                     curl_socket_t sockfd,
-                    void *mem, size_t len,
+                    const void *mem, size_t len,
                     ssize_t *written);
 
+/* internal write-function, does plain sockets ONLY */
+CURLcode Curl_write_plain(struct connectdata *conn,
+                          curl_socket_t sockfd,
+                          const void *mem, size_t len,
+                          ssize_t *written);
+
 /* the function used to output verbose information */
 int Curl_debug(struct SessionHandle *handle, curl_infotype type,
                char *data, size_t size,
                struct connectdata *conn);
 
 
-#endif
+#endif /* HEADER_CURL_SENDF_H */
diff --git a/Utilities/cmcurl/lib/setup-os400.h b/Utilities/cmcurl/lib/setup-os400.h
new file mode 100644
index 0000000..0331464
--- /dev/null
+++ b/Utilities/cmcurl/lib/setup-os400.h
@@ -0,0 +1,239 @@
+#ifndef HEADER_CURL_SETUP_OS400_H
+#define HEADER_CURL_SETUP_OS400_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+
+/* OS/400 netdb.h does not define NI_MAXHOST. */
+#define NI_MAXHOST      1025
+
+/* OS/400 netdb.h does not define NI_MAXSERV. */
+#define NI_MAXSERV      32
+
+/* No OS/400 header file defines u_int32_t. */
+typedef unsigned long   u_int32_t;
+
+
+/* System API wrapper prototypes & definitions to support ASCII parameters. */
+
+#include <sys/socket.h>
+#include <netdb.h>
+#include <qsossl.h>
+#include <gskssl.h>
+#include <qsoasync.h>
+#include <gssapi.h>
+
+extern int      Curl_getaddrinfo_a(const char * nodename,
+                                   const char * servname,
+                                   const struct addrinfo * hints,
+                                   struct addrinfo * * res);
+#define getaddrinfo             Curl_getaddrinfo_a
+
+
+extern int      Curl_getnameinfo_a(const struct sockaddr * sa,
+                                   curl_socklen_t salen,
+                                   char * nodename, curl_socklen_t nodenamelen,
+                                   char * servname, curl_socklen_t servnamelen,
+                                   int flags);
+#define getnameinfo             Curl_getnameinfo_a
+
+
+/* SSL wrappers. */
+
+extern int      Curl_SSL_Init_Application_a(SSLInitApp * init_app);
+#define SSL_Init_Application    Curl_SSL_Init_Application_a
+
+
+extern int      Curl_SSL_Init_a(SSLInit * init);
+#define SSL_Init                Curl_SSL_Init_a
+
+
+extern char *   Curl_SSL_Strerror_a(int sslreturnvalue,
+                                    SSLErrorMsg * serrmsgp);
+#define SSL_Strerror            Curl_SSL_Strerror_a
+
+
+/* GSKit wrappers. */
+
+extern int      Curl_gsk_environment_open(gsk_handle * my_env_handle);
+#define gsk_environment_open    Curl_gsk_environment_open
+
+extern int      Curl_gsk_secure_soc_open(gsk_handle my_env_handle,
+                                         gsk_handle * my_session_handle);
+#define gsk_secure_soc_open     Curl_gsk_secure_soc_open
+
+extern int      Curl_gsk_environment_close(gsk_handle * my_env_handle);
+#define gsk_environment_close   Curl_gsk_environment_close
+
+extern int      Curl_gsk_secure_soc_close(gsk_handle * my_session_handle);
+#define gsk_secure_soc_close    Curl_gsk_secure_soc_close
+
+extern int      Curl_gsk_environment_init(gsk_handle my_env_handle);
+#define gsk_environment_init    Curl_gsk_environment_init
+
+extern int      Curl_gsk_secure_soc_init(gsk_handle my_session_handle);
+#define gsk_secure_soc_init     Curl_gsk_secure_soc_init
+
+extern int      Curl_gsk_attribute_set_buffer_a(gsk_handle my_gsk_handle,
+                                                GSK_BUF_ID bufID,
+                                                const char * buffer,
+                                                int bufSize);
+#define gsk_attribute_set_buffer        Curl_gsk_attribute_set_buffer_a
+
+extern int      Curl_gsk_attribute_set_enum(gsk_handle my_gsk_handle,
+                                            GSK_ENUM_ID enumID,
+                                            GSK_ENUM_VALUE enumValue);
+#define gsk_attribute_set_enum  Curl_gsk_attribute_set_enum
+
+extern int      Curl_gsk_attribute_set_numeric_value(gsk_handle my_gsk_handle,
+                                                     GSK_NUM_ID numID,
+                                                     int numValue);
+#define gsk_attribute_set_numeric_value Curl_gsk_attribute_set_numeric_value
+
+extern int      Curl_gsk_attribute_set_callback(gsk_handle my_gsk_handle,
+                                                GSK_CALLBACK_ID callBackID,
+                                                void * callBackAreaPtr);
+#define gsk_attribute_set_callback      Curl_gsk_attribute_set_callback
+
+extern int      Curl_gsk_attribute_get_buffer_a(gsk_handle my_gsk_handle,
+                                                GSK_BUF_ID bufID,
+                                                const char * * buffer,
+                                                int * bufSize);
+#define gsk_attribute_get_buffer        Curl_gsk_attribute_get_buffer_a
+
+extern int      Curl_gsk_attribute_get_enum(gsk_handle my_gsk_handle,
+                                            GSK_ENUM_ID enumID,
+                                            GSK_ENUM_VALUE * enumValue);
+#define gsk_attribute_get_enum  Curl_gsk_attribute_get_enum
+
+extern int      Curl_gsk_attribute_get_numeric_value(gsk_handle my_gsk_handle,
+                                                     GSK_NUM_ID numID,
+                                                     int * numValue);
+#define gsk_attribute_get_numeric_value Curl_gsk_attribute_get_numeric_value
+
+extern int      Curl_gsk_attribute_get_cert_info(gsk_handle my_gsk_handle,
+                                 GSK_CERT_ID certID,
+                                 const gsk_cert_data_elem * * certDataElem,
+                                 int * certDataElementCount);
+#define gsk_attribute_get_cert_info     Curl_gsk_attribute_get_cert_info
+
+extern int      Curl_gsk_secure_soc_misc(gsk_handle my_session_handle,
+                                         GSK_MISC_ID miscID);
+#define gsk_secure_soc_misc     Curl_gsk_secure_soc_misc
+
+extern int      Curl_gsk_secure_soc_read(gsk_handle my_session_handle,
+                                         char * readBuffer,
+                                         int readBufSize, int * amtRead);
+#define gsk_secure_soc_read     Curl_gsk_secure_soc_read
+
+extern int      Curl_gsk_secure_soc_write(gsk_handle my_session_handle,
+                                          char * writeBuffer,
+                                          int writeBufSize, int * amtWritten);
+#define gsk_secure_soc_write    Curl_gsk_secure_soc_write
+
+extern const char *     Curl_gsk_strerror_a(int gsk_return_value);
+#define gsk_strerror    Curl_gsk_strerror_a
+
+extern int      Curl_gsk_secure_soc_startInit(gsk_handle my_session_handle,
+                                      int IOCompletionPort,
+                                      Qso_OverlappedIO_t * communicationsArea);
+#define gsk_secure_soc_startInit        Curl_gsk_secure_soc_startInit
+
+
+/* GSSAPI wrappers. */
+
+extern OM_uint32 Curl_gss_import_name_a(OM_uint32 * minor_status,
+                                        gss_buffer_t in_name,
+                                        gss_OID in_name_type,
+                                        gss_name_t * out_name);
+#define gss_import_name         Curl_gss_import_name_a
+
+
+extern OM_uint32 Curl_gss_display_status_a(OM_uint32 * minor_status,
+                                           OM_uint32 status_value,
+                                           int status_type, gss_OID mech_type,
+                                           gss_msg_ctx_t * message_context,
+                                           gss_buffer_t status_string);
+#define gss_display_status      Curl_gss_display_status_a
+
+
+extern OM_uint32 Curl_gss_init_sec_context_a(OM_uint32 * minor_status,
+                                             gss_cred_id_t cred_handle,
+                                             gss_ctx_id_t * context_handle,
+                                             gss_name_t target_name,
+                                             gss_OID mech_type,
+                                             gss_flags_t req_flags,
+                                             OM_uint32 time_req,
+                                             gss_channel_bindings_t
+                                             input_chan_bindings,
+                                             gss_buffer_t input_token,
+                                             gss_OID * actual_mech_type,
+                                             gss_buffer_t output_token,
+                                             gss_flags_t * ret_flags,
+                                             OM_uint32 * time_rec);
+#define gss_init_sec_context    Curl_gss_init_sec_context_a
+
+
+extern OM_uint32 Curl_gss_delete_sec_context_a(OM_uint32 * minor_status,
+                                               gss_ctx_id_t * context_handle,
+                                               gss_buffer_t output_token);
+#define gss_delete_sec_context  Curl_gss_delete_sec_context_a
+
+
+/* LDAP wrappers. */
+
+#define BerValue                struct berval
+
+#define ldap_url_parse          ldap_url_parse_utf8
+#define ldap_init               Curl_ldap_init_a
+#define ldap_simple_bind_s      Curl_ldap_simple_bind_s_a
+#define ldap_search_s           Curl_ldap_search_s_a
+#define ldap_get_values_len     Curl_ldap_get_values_len_a
+#define ldap_err2string         Curl_ldap_err2string_a
+#define ldap_get_dn             Curl_ldap_get_dn_a
+#define ldap_first_attribute    Curl_ldap_first_attribute_a
+#define ldap_next_attribute     Curl_ldap_next_attribute_a
+
+/* Some socket functions must be wrapped to process textual addresses
+   like AF_UNIX. */
+
+extern int Curl_os400_connect(int sd, struct sockaddr * destaddr, int addrlen);
+extern int Curl_os400_bind(int sd, struct sockaddr * localaddr, int addrlen);
+extern int Curl_os400_sendto(int sd, char * buffer, int buflen, int flags,
+            struct sockaddr * dstaddr, int addrlen);
+extern int Curl_os400_recvfrom(int sd, char * buffer, int buflen, int flags,
+                                struct sockaddr * fromaddr, int * addrlen);
+
+#define connect                 Curl_os400_connect
+#define bind                    Curl_os400_bind
+#define sendto                  Curl_os400_sendto
+#define recvfrom                Curl_os400_recvfrom
+
+#ifdef HAVE_LIBZ
+#define zlibVersion             Curl_os400_zlibVersion
+#define inflateInit_            Curl_os400_inflateInit_
+#define inflateInit2_           Curl_os400_inflateInit2_
+#define inflate                 Curl_os400_inflate
+#define inflateEnd              Curl_os400_inflateEnd
+#endif
+
+#endif /* HEADER_CURL_SETUP_OS400_H */
diff --git a/Utilities/cmcurl/lib/setup-vms.h b/Utilities/cmcurl/lib/setup-vms.h
new file mode 100644
index 0000000..f5eedf7
--- /dev/null
+++ b/Utilities/cmcurl/lib/setup-vms.h
@@ -0,0 +1,399 @@
+#ifndef HEADER_CURL_SETUP_VMS_H
+#define HEADER_CURL_SETUP_VMS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*                                                                         */
+/* JEM, 12/30/12, VMS now generates config.h, so only define wrappers for  */
+/*                getenv(), getpwuid() and provide is_vms_shell()          */
+/*                Also need upper case symbols for system services, and    */
+/*                OpenSSL, and some Kerberos image                         */
+
+#ifdef __DECC
+#pragma message save
+#pragma message disable dollarid
+#endif
+
+/* Hide the stuff we are overriding */
+#define getenv decc_getenv
+#ifdef __DECC
+#   if __INITIAL_POINTER_SIZE != 64
+#       define getpwuid decc_getpwuid
+#   endif
+#endif
+#include <stdlib.h>
+    char * decc$getenv(const char * __name);
+#include <pwd.h>
+
+#include <string.h>
+#include <unixlib.h>
+
+#undef getenv
+#undef getpwuid
+#define getenv vms_getenv
+#define getpwuid vms_getpwuid
+
+/* VAX needs these in upper case when compiling exact case */
+#define sys$assign SYS$ASSIGN
+#define sys$dassgn SYS$DASSGN
+#define sys$qiow SYS$QIOW
+
+#ifdef __DECC
+#   if __INITIAL_POINTER_SIZE
+#       pragma __pointer_size __save
+#   endif
+#endif
+
+#if __USE_LONG_GID_T
+#   define decc_getpwuid DECC$__LONG_GID_GETPWUID
+#else
+#   if __INITIAL_POINTER_SIZE
+#       define decc_getpwuid decc$__32_getpwuid
+#   else
+#       define decc_getpwuid decc$getpwuid
+#   endif
+#endif
+
+    struct passwd * decc_getpwuid(uid_t uid);
+
+#ifdef __DECC
+#   if __INITIAL_POINTER_SIZE == 32
+/* Translate the path, but only if the path is a VMS file specification */
+/* The translation is usually only needed for older versions of VMS */
+static char * vms_translate_path(const char * path) {
+char * unix_path;
+char * test_str;
+
+    /* See if the result is in VMS format, if not, we are done */
+    /* Assume that this is a PATH, not just some data */
+    test_str = strpbrk(path, ":[<^");
+    if(test_str == NULL) {
+      return (char *)path;
+    }
+
+    unix_path = decc$translate_vms(path);
+
+    if((int)unix_path <= 0) {
+      /* We can not translate it, so return the original string */
+      return (char *)path;
+    }
+}
+#   else
+    /* VMS translate path is actually not needed on the current 64 bit */
+    /* VMS platforms, so instead of figuring out the pointer settings */
+    /* Change it to a noop */
+#   define vms_translate_path(__path) __path
+#   endif
+#endif
+
+#ifdef __DECC
+#   if __INITIAL_POINTER_SIZE
+#       pragma __pointer_size __restore
+#   endif
+#endif
+
+static char * vms_getenv(const char * envvar) {
+
+char * result;
+char * vms_path;
+
+    /* first use the DECC getenv() function */
+    result = decc$getenv(envvar);
+    if(result == NULL) {
+      return result;
+    }
+
+    vms_path = result;
+    result = vms_translate_path(vms_path);
+
+    /* note that if you backport this to use VAX C RTL, that the VAX C RTL */
+    /* may do a malloc(2048) for each call to getenv(), so you will need   */
+    /* to add a free(vms_path) */
+    /* Do not do a free() for DEC C RTL builds, which should be used for */
+    /* VMS 5.5-2 and later, even if using GCC */
+
+    return result;
+}
+
+
+static struct passwd vms_passwd_cache;
+
+static struct passwd * vms_getpwuid(uid_t uid) {
+
+struct passwd * my_passwd;
+
+/* Hack needed to support 64 bit builds, decc_getpwnam is 32 bit only */
+#ifdef __DECC
+#   if __INITIAL_POINTER_SIZE
+__char_ptr32 unix_path;
+#   else
+char * unix_path;
+#   endif
+#else
+char * unix_path;
+#endif
+
+    my_passwd = decc_getpwuid(uid);
+    if(my_passwd == NULL) {
+      return my_passwd;
+    }
+
+    unix_path = vms_translate_path(my_passwd->pw_dir);
+
+    if((long)unix_path <= 0) {
+      /* We can not translate it, so return the original string */
+      return my_passwd;
+    }
+
+    /* If no changes needed just return it */
+    if(unix_path == my_passwd->pw_dir) {
+      return my_passwd;
+    }
+
+    /* Need to copy the structure returned */
+    /* Since curl is only using pw_dir, no need to fix up *
+    /* the pw_shell when running under Bash */
+    vms_passwd_cache.pw_name = my_passwd->pw_name;
+    vms_passwd_cache.pw_uid = my_passwd->pw_uid;
+    vms_passwd_cache.pw_gid = my_passwd->pw_uid;
+    vms_passwd_cache.pw_dir = unix_path;
+    vms_passwd_cache.pw_shell = my_passwd->pw_shell;
+
+    return &vms_passwd_cache;
+}
+
+#ifdef __DECC
+#pragma message restore
+#endif
+
+/* Bug - VMS OpenSSL and Kerberos universal symbols are in uppercase only */
+/* VMS libraries should have universal symbols in exact and uppercase */
+
+#define ASN1_INTEGER_get ASN1_INTEGER_GET
+#define ASN1_STRING_data ASN1_STRING_DATA
+#define ASN1_STRING_length ASN1_STRING_LENGTH
+#define ASN1_STRING_print ASN1_STRING_PRINT
+#define ASN1_STRING_to_UTF8 ASN1_STRING_TO_UTF8
+#define ASN1_STRING_type ASN1_STRING_TYPE
+#define BIO_ctrl BIO_CTRL
+#define BIO_free BIO_FREE
+#define BIO_new BIO_NEW
+#define BIO_s_mem BIO_S_MEM
+#define BN_bn2bin BN_BN2BIN
+#define BN_num_bits BN_NUM_BITS
+#define CRYPTO_cleanup_all_ex_data CRYPTO_CLEANUP_ALL_EX_DATA
+#define CRYPTO_free CRYPTO_FREE
+#define CRYPTO_malloc CRYPTO_MALLOC
+#define DES_ecb_encrypt DES_ECB_ENCRYPT
+#define DES_set_key DES_SET_KEY
+#define DES_set_odd_parity DES_SET_ODD_PARITY
+#define ENGINE_ctrl ENGINE_CTRL
+#define ENGINE_ctrl_cmd ENGINE_CTRL_CMD
+#define ENGINE_finish ENGINE_FINISH
+#define ENGINE_free ENGINE_FREE
+#define ENGINE_get_first ENGINE_GET_FIRST
+#define ENGINE_get_id ENGINE_GET_ID
+#define ENGINE_get_next ENGINE_GET_NEXT
+#define ENGINE_init ENGINE_INIT
+#define ENGINE_load_builtin_engines ENGINE_LOAD_BUILTIN_ENGINES
+#define ENGINE_load_private_key ENGINE_LOAD_PRIVATE_KEY
+#define ENGINE_set_default ENGINE_SET_DEFAULT
+#define ERR_clear_error ERR_CLEAR_ERROR
+#define ERR_error_string ERR_ERROR_STRING
+#define ERR_error_string_n ERR_ERROR_STRING_N
+#define ERR_free_strings ERR_FREE_STRINGS
+#define ERR_get_error ERR_GET_ERROR
+#define ERR_peek_error ERR_PEEK_ERROR
+#define ERR_remove_state ERR_REMOVE_STATE
+#define EVP_PKEY_copy_parameters EVP_PKEY_COPY_PARAMETERS
+#define EVP_PKEY_free EVP_PKEY_FREE
+#define EVP_cleanup EVP_CLEANUP
+#define GENERAL_NAMES_free GENERAL_NAMES_FREE
+#define MD4_Final MD4_FINAL
+#define MD4_Init MD4_INIT
+#define MD4_Update MD4_UPDATE
+#define MD5_Final MD5_FINAL
+#define MD5_Init MD5_INIT
+#define MD5_Update MD5_UPDATE
+#define OPENSSL_add_all_algo_noconf OPENSSL_ADD_ALL_ALGO_NOCONF
+#define PEM_read_X509 PEM_READ_X509
+#define PEM_write_bio_X509 PEM_WRITE_BIO_X509
+#define PKCS12_PBE_add PKCS12_PBE_ADD
+#define PKCS12_free PKCS12_FREE
+#define PKCS12_parse PKCS12_PARSE
+#define RAND_add RAND_ADD
+#define RAND_bytes RAND_BYTES
+#define RAND_egd RAND_EGD
+#define RAND_file_name RAND_FILE_NAME
+#define RAND_load_file RAND_LOAD_FILE
+#define RAND_status RAND_STATUS
+#define SSL_CIPHER_get_name SSL_CIPHER_GET_NAME
+#define SSL_CTX_add_client_CA SSL_CTX_ADD_CLIENT_CA
+#define SSL_CTX_callback_ctrl SSL_CTX_CALLBACK_CTRL
+#define SSL_CTX_check_private_key SSL_CTX_CHECK_PRIVATE_KEY
+#define SSL_CTX_ctrl SSL_CTX_CTRL
+#define SSL_CTX_free SSL_CTX_FREE
+#define SSL_CTX_get_cert_store SSL_CTX_GET_CERT_STORE
+#define SSL_CTX_load_verify_locations SSL_CTX_LOAD_VERIFY_LOCATIONS
+#define SSL_CTX_new SSL_CTX_NEW
+#define SSL_CTX_set_cipher_list SSL_CTX_SET_CIPHER_LIST
+#define SSL_CTX_set_def_passwd_cb_ud SSL_CTX_SET_DEF_PASSWD_CB_UD
+#define SSL_CTX_set_default_passwd_cb SSL_CTX_SET_DEFAULT_PASSWD_CB
+#define SSL_CTX_set_verify SSL_CTX_SET_VERIFY
+#define SSL_CTX_use_PrivateKey SSL_CTX_USE_PRIVATEKEY
+#define SSL_CTX_use_PrivateKey_file SSL_CTX_USE_PRIVATEKEY_FILE
+#define SSL_CTX_use_cert_chain_file SSL_CTX_USE_CERT_CHAIN_FILE
+#define SSL_CTX_use_certificate SSL_CTX_USE_CERTIFICATE
+#define SSL_CTX_use_certificate_file SSL_CTX_USE_CERTIFICATE_FILE
+#define SSL_SESSION_free SSL_SESSION_FREE
+#define SSL_connect SSL_CONNECT
+#define SSL_free SSL_FREE
+#define SSL_get1_session SSL_GET1_SESSION
+#define SSL_get_certificate SSL_GET_CERTIFICATE
+#define SSL_get_current_cipher SSL_GET_CURRENT_CIPHER
+#define SSL_get_error SSL_GET_ERROR
+#define SSL_get_peer_cert_chain SSL_GET_PEER_CERT_CHAIN
+#define SSL_get_peer_certificate SSL_GET_PEER_CERTIFICATE
+#define SSL_get_privatekey SSL_GET_PRIVATEKEY
+#define SSL_get_shutdown SSL_GET_SHUTDOWN
+#define SSL_get_verify_result SSL_GET_VERIFY_RESULT
+#define SSL_library_init SSL_LIBRARY_INIT
+#define SSL_load_error_strings SSL_LOAD_ERROR_STRINGS
+#define SSL_new SSL_NEW
+#define SSL_peek SSL_PEEK
+#define SSL_pending SSL_PENDING
+#define SSL_read SSL_READ
+#define SSL_set_connect_state SSL_SET_CONNECT_STATE
+#define SSL_set_fd SSL_SET_FD
+#define SSL_set_session SSL_SET_SESSION
+#define SSL_shutdown SSL_SHUTDOWN
+#define SSL_write SSL_WRITE
+#define SSLeay SSLEAY
+#define SSLv23_client_method SSLV23_CLIENT_METHOD
+#define SSLv3_client_method SSLV3_CLIENT_METHOD
+#define TLSv1_client_method TLSV1_CLIENT_METHOD
+#define UI_OpenSSL UI_OPENSSL
+#define X509V3_EXT_print X509V3_EXT_PRINT
+#define X509_EXTENSION_get_critical X509_EXTENSION_GET_CRITICAL
+#define X509_EXTENSION_get_object X509_EXTENSION_GET_OBJECT
+#define X509_LOOKUP_file X509_LOOKUP_FILE
+#define X509_NAME_ENTRY_get_data X509_NAME_ENTRY_GET_DATA
+#define X509_NAME_get_entry X509_NAME_GET_ENTRY
+#define X509_NAME_get_index_by_NID X509_NAME_GET_INDEX_BY_NID
+#define X509_NAME_print_ex X509_NAME_PRINT_EX
+#define X509_STORE_CTX_get_current_cert X509_STORE_CTX_GET_CURRENT_CERT
+#define X509_STORE_add_lookup X509_STORE_ADD_LOOKUP
+#define X509_STORE_set_flags X509_STORE_SET_FLAGS
+#define X509_check_issued X509_CHECK_ISSUED
+#define X509_free X509_FREE
+#define X509_get_ext_d2i X509_GET_EXT_D2I
+#define X509_get_issuer_name X509_GET_ISSUER_NAME
+#define X509_get_pubkey X509_GET_PUBKEY
+#define X509_get_serialNumber X509_GET_SERIALNUMBER
+#define X509_get_subject_name X509_GET_SUBJECT_NAME
+#define X509_load_crl_file X509_LOAD_CRL_FILE
+#define X509_verify_cert_error_string X509_VERIFY_CERT_ERROR_STRING
+#define d2i_PKCS12_fp D2I_PKCS12_FP
+#define i2t_ASN1_OBJECT I2T_ASN1_OBJECT
+#define sk_num SK_NUM
+#define sk_pop SK_POP
+#define sk_pop_free SK_POP_FREE
+#define sk_value SK_VALUE
+
+#define USE_UPPERCASE_GSSAPI 1
+#define gss_seal GSS_SEAL
+#define gss_unseal GSS_UNSEAL
+
+#define USE_UPPERCASE_KRBAPI 1
+
+/* AI_NUMERICHOST needed for IP V6 support in Curl */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#ifndef AI_NUMERICHOST
+#ifdef ENABLE_IPV6
+#undef ENABLE_IPV6
+#endif
+#endif
+#endif
+
+/* VAX symbols are always in uppercase */
+#ifdef __VAX
+#define inflate INFLATE
+#define inflateEnd INFLATEEND
+#define inflateInit2_ INFLATEINIT2_
+#define inflateInit_ INFLATEINIT_
+#define zlibVersion ZLIBVERSION
+#endif
+
+/* Older VAX OpenSSL port defines these as Macros */
+/* Need to include the headers first and then redefine */
+/* that way a newer port will also work if some one has one */
+#ifdef __VAX
+
+#   if (OPENSSL_VERSION_NUMBER < 0x00907001L)
+#       define des_set_odd_parity DES_SET_ODD_PARITY
+#       define des_set_key DES_SET_KEY
+#       define des_ecb_encrypt DES_ECB_ENCRYPT
+
+#   endif
+#   include <openssl/evp.h>
+#   ifndef OpenSSL_add_all_algorithms
+#       define OpenSSL_add_all_algorithms OPENSSL_ADD_ALL_ALGORITHMS
+        void OPENSSL_ADD_ALL_ALGORITHMS(void);
+#   endif
+
+    /* Curl defines these to lower case and VAX needs them in upper case */
+    /* So we need static routines */
+#   if (OPENSSL_VERSION_NUMBER < 0x00907001L)
+
+#       undef des_set_odd_parity
+#       undef DES_set_odd_parity
+#       undef des_set_key
+#       undef DES_set_key
+#       undef des_ecb_encrypt
+#       undef DES_ecb_encrypt
+
+        static void des_set_odd_parity(des_cblock *key) {
+            DES_SET_ODD_PARITY(key);
+        }
+
+        static int des_set_key(const_des_cblock *key,
+                               des_key_schedule schedule) {
+            return DES_SET_KEY(key, schedule);
+        }
+
+        static void des_ecb_encrypt(const_des_cblock *input,
+                                    des_cblock *output,
+                                    des_key_schedule ks,int enc) {
+            DES_ECB_ENCRYPT(input, output, ks, enc);
+        }
+#endif
+/* Need this to stop a macro redefinition error */
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+#   ifdef X509_STORE_set_flags
+#       undef X509_STORE_set_flags
+#       define X509_STORE_set_flags(x,y) Curl_nop_stmt
+#   endif
+#endif
+#endif
+
+#endif /* HEADER_CURL_SETUP_VMS_H */
diff --git a/Utilities/cmcurl/share.c b/Utilities/cmcurl/lib/share.c
index de13b60..b8b6bee 100644
--- a/Utilities/cmcurl/share.c
+++ b/Utilities/cmcurl/lib/share.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,17 +18,15 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
+#include "curl_setup.h"
+
 #include <curl/curl.h>
 #include "urldata.h"
 #include "share.h"
-#include "memory.h"
+#include "vtls/vtls.h"
+#include "curl_memory.h"
 
 /* The last #include file should be: */
 #include "memdebug.h"
@@ -36,16 +34,14 @@
 CURLSH *
 curl_share_init(void)
 {
-  struct Curl_share *share =
-    (struct Curl_share *)malloc(sizeof(struct Curl_share));
-  if (share) {
-    memset (share, 0, sizeof(struct Curl_share));
+  struct Curl_share *share = calloc(1, sizeof(struct Curl_share));
+  if(share)
     share->specifier |= (1<<CURL_LOCK_DATA_SHARE);
-  }
 
   return share;
 }
 
+#undef curl_share_setopt
 CURLSHcode
 curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
 {
@@ -55,8 +51,9 @@ curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
   curl_lock_function lockfunc;
   curl_unlock_function unlockfunc;
   void *ptr;
+  CURLSHcode res = CURLSHE_OK;
 
-  if (share->dirty)
+  if(share->dirty)
     /* don't allow setting options while one or more handles are already
        using this share */
     return CURLSHE_IN_USE;
@@ -70,28 +67,45 @@ curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
     share->specifier |= (1<<type);
     switch( type ) {
     case CURL_LOCK_DATA_DNS:
-      if (!share->hostcache) {
+      if(!share->hostcache) {
         share->hostcache = Curl_mk_dnscache();
         if(!share->hostcache)
-          return CURLSHE_NOMEM;
+          res = CURLSHE_NOMEM;
       }
       break;
 
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
     case CURL_LOCK_DATA_COOKIE:
-      if (!share->cookies) {
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
+      if(!share->cookies) {
         share->cookies = Curl_cookie_init(NULL, NULL, NULL, TRUE );
         if(!share->cookies)
-          return CURLSHE_NOMEM;
+          res = CURLSHE_NOMEM;
+      }
+#else   /* CURL_DISABLE_HTTP */
+      res = CURLSHE_NOT_BUILT_IN;
+#endif
+      break;
+
+    case CURL_LOCK_DATA_SSL_SESSION:
+#ifdef USE_SSL
+      if(!share->sslsession) {
+        share->max_ssl_sessions = 8;
+        share->sslsession = calloc(share->max_ssl_sessions,
+                                   sizeof(struct curl_ssl_session));
+        share->sessionage = 0;
+        if(!share->sslsession)
+          res = CURLSHE_NOMEM;
       }
+#else
+      res = CURLSHE_NOT_BUILT_IN;
+#endif
       break;
-#endif   /* CURL_DISABLE_HTTP */
 
-    case CURL_LOCK_DATA_SSL_SESSION: /* not supported (yet) */
     case CURL_LOCK_DATA_CONNECT:     /* not supported (yet) */
+      break;
 
     default:
-      return CURLSHE_BAD_OPTION;
+      res = CURLSHE_BAD_OPTION;
     }
     break;
 
@@ -99,32 +113,39 @@ curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
     /* this is a type this share will no longer share */
     type = va_arg(param, int);
     share->specifier &= ~(1<<type);
-    switch( type )
-    {
-      case CURL_LOCK_DATA_DNS:
-        if (share->hostcache) {
-          Curl_hash_destroy(share->hostcache);
-          share->hostcache = NULL;
-        }
-        break;
+    switch( type ) {
+    case CURL_LOCK_DATA_DNS:
+      if(share->hostcache) {
+        Curl_hash_destroy(share->hostcache);
+        share->hostcache = NULL;
+      }
+      break;
 
+    case CURL_LOCK_DATA_COOKIE:
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
-      case CURL_LOCK_DATA_COOKIE:
-        if (share->cookies) {
-          Curl_cookie_cleanup(share->cookies);
-          share->cookies = NULL;
-        }
-        break;
-#endif   /* CURL_DISABLE_HTTP */
-
-      case CURL_LOCK_DATA_SSL_SESSION:
-        break;
-
-      case CURL_LOCK_DATA_CONNECT:
-        break;
-
-      default:
-        return CURLSHE_BAD_OPTION;
+      if(share->cookies) {
+        Curl_cookie_cleanup(share->cookies);
+        share->cookies = NULL;
+      }
+#else   /* CURL_DISABLE_HTTP */
+      res = CURLSHE_NOT_BUILT_IN;
+#endif
+      break;
+
+    case CURL_LOCK_DATA_SSL_SESSION:
+#ifdef USE_SSL
+      Curl_safefree(share->sslsession);
+#else
+      res = CURLSHE_NOT_BUILT_IN;
+#endif
+      break;
+
+    case CURL_LOCK_DATA_CONNECT:
+      break;
+
+    default:
+      res = CURLSHE_BAD_OPTION;
+      break;
     }
     break;
 
@@ -144,10 +165,13 @@ curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
     break;
 
   default:
-    return CURLSHE_BAD_OPTION;
+    res = CURLSHE_BAD_OPTION;
+    break;
   }
 
-  return CURLSHE_OK;
+  va_end(param);
+
+  return res;
 }
 
 CURLSHcode
@@ -155,26 +179,37 @@ curl_share_cleanup(CURLSH *sh)
 {
   struct Curl_share *share = (struct Curl_share *)sh;
 
-  if (share == NULL)
+  if(share == NULL)
     return CURLSHE_INVALID;
 
   if(share->lockfunc)
     share->lockfunc(NULL, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE,
                     share->clientdata);
 
-  if (share->dirty) {
+  if(share->dirty) {
     if(share->unlockfunc)
       share->unlockfunc(NULL, CURL_LOCK_DATA_SHARE, share->clientdata);
     return CURLSHE_IN_USE;
   }
 
-  if(share->hostcache)
+  if(share->hostcache) {
     Curl_hash_destroy(share->hostcache);
+    share->hostcache = NULL;
+  }
 
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
   if(share->cookies)
     Curl_cookie_cleanup(share->cookies);
-#endif   /* CURL_DISABLE_HTTP */
+#endif
+
+#ifdef USE_SSL
+  if(share->sslsession) {
+    size_t i;
+    for(i = 0; i < share->max_ssl_sessions; i++)
+      Curl_ssl_kill_session(&(share->sslsession[i]));
+    free(share->sslsession);
+  }
+#endif
 
   if(share->unlockfunc)
     share->unlockfunc(NULL, CURL_LOCK_DATA_SHARE, share->clientdata);
@@ -190,7 +225,7 @@ Curl_share_lock(struct SessionHandle *data, curl_lock_data type,
 {
   struct Curl_share *share = data->share;
 
-  if (share == NULL)
+  if(share == NULL)
     return CURLSHE_INVALID;
 
   if(share->specifier & (1<<type)) {
@@ -207,7 +242,7 @@ Curl_share_unlock(struct SessionHandle *data, curl_lock_data type)
 {
   struct Curl_share *share = data->share;
 
-  if (share == NULL)
+  if(share == NULL)
     return CURLSHE_INVALID;
 
   if(share->specifier & (1<<type)) {
diff --git a/Utilities/cmcurl/share.h b/Utilities/cmcurl/lib/share.h
index 5cfe8c7..9a5128e 100644
--- a/Utilities/cmcurl/share.h
+++ b/Utilities/cmcurl/lib/share.h
@@ -1,6 +1,5 @@
-#ifndef __CURL_SHARE_H
-#define __CURL_SHARE_H
-
+#ifndef HEADER_CURL_SHARE_H
+#define HEADER_CURL_SHARE_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -8,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,12 +20,12 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 #include <curl/curl.h>
 #include "cookie.h"
+#include "urldata.h"
 
 /* SalfordC says "A structure member may not be volatile". Hence:
  */
@@ -46,11 +45,17 @@ struct Curl_share {
   void *clientdata;
 
   struct curl_hash *hostcache;
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
   struct CookieInfo *cookies;
+#endif
+
+  struct curl_ssl_session *sslsession;
+  size_t max_ssl_sessions;
+  long sessionage;
 };
 
 CURLSHcode Curl_share_lock (struct SessionHandle *, curl_lock_data,
                             curl_lock_access);
 CURLSHcode Curl_share_unlock (struct SessionHandle *, curl_lock_data);
 
-#endif /* __CURL_SHARE_H */
+#endif /* HEADER_CURL_SHARE_H */
diff --git a/Utilities/cmcurl/lib/sigpipe.h b/Utilities/cmcurl/lib/sigpipe.h
new file mode 100644
index 0000000..e8d2acd
--- /dev/null
+++ b/Utilities/cmcurl/lib/sigpipe.h
@@ -0,0 +1,78 @@
+#ifndef HEADER_CURL_SIGPIPE_H
+#define HEADER_CURL_SIGPIPE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#if defined(HAVE_SIGNAL_H) && defined(HAVE_SIGACTION) && defined(USE_OPENSSL)
+#include <signal.h>
+
+struct sigpipe_ignore {
+  struct sigaction old_pipe_act;
+  bool no_signal;
+};
+
+#define SIGPIPE_VARIABLE(x) struct sigpipe_ignore x
+
+/*
+ * sigpipe_ignore() makes sure we ignore SIGPIPE while running libcurl
+ * internals, and then sigpipe_restore() will restore the situation when we
+ * return from libcurl again.
+ */
+static void sigpipe_ignore(struct SessionHandle *data,
+                           struct sigpipe_ignore *ig)
+{
+  /* get a local copy of no_signal because the SessionHandle might not be
+     around when we restore */
+  ig->no_signal = data->set.no_signal;
+  if(!data->set.no_signal) {
+    struct sigaction action;
+    /* first, extract the existing situation */
+    memset(&ig->old_pipe_act, 0, sizeof(struct sigaction));
+    sigaction(SIGPIPE, NULL, &ig->old_pipe_act);
+    action = ig->old_pipe_act;
+    /* ignore this signal */
+    action.sa_handler = SIG_IGN;
+    sigaction(SIGPIPE, &action, NULL);
+  }
+}
+
+/*
+ * sigpipe_restore() puts back the outside world's opinion of signal handler
+ * and SIGPIPE handling. It MUST only be called after a corresponding
+ * sigpipe_ignore() was used.
+ */
+static void sigpipe_restore(struct sigpipe_ignore *ig)
+{
+  if(!ig->no_signal)
+    /* restore the outside state */
+    sigaction(SIGPIPE, &ig->old_pipe_act, NULL);
+}
+
+#else
+/* for systems without sigaction */
+#define sigpipe_ignore(x,y) Curl_nop_stmt
+#define sigpipe_restore(x)  Curl_nop_stmt
+#define SIGPIPE_VARIABLE(x)
+#endif
+
+#endif /* HEADER_CURL_SIGPIPE_H */
diff --git a/Utilities/cmcurl/lib/slist.c b/Utilities/cmcurl/lib/slist.c
new file mode 100644
index 0000000..3cac6ca
--- /dev/null
+++ b/Utilities/cmcurl/lib/slist.c
@@ -0,0 +1,143 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "curl_memory.h"
+#include "slist.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* returns last node in linked list */
+static struct curl_slist *slist_get_last(struct curl_slist *list)
+{
+  struct curl_slist     *item;
+
+  /* if caller passed us a NULL, return now */
+  if(!list)
+    return NULL;
+
+  /* loop through to find the last item */
+  item = list;
+  while(item->next) {
+    item = item->next;
+  }
+  return item;
+}
+
+/*
+ * Curl_slist_append_nodup() appends a string to the linked list. Rather than
+ * copying the string in dynamic storage, it takes its ownership. The string
+ * should have been malloc()ated. Curl_slist_append_nodup always returns
+ * the address of the first record, so that you can use this function as an
+ * initialization function as well as an append function.
+ * If an error occurs, NULL is returned and the string argument is NOT
+ * released.
+ */
+struct curl_slist *Curl_slist_append_nodup(struct curl_slist *list, char *data)
+{
+  struct curl_slist     *last;
+  struct curl_slist     *new_item;
+
+  DEBUGASSERT(data);
+
+  new_item = malloc(sizeof(struct curl_slist));
+  if(!new_item)
+    return NULL;
+
+  new_item->next = NULL;
+  new_item->data = data;
+
+  /* if this is the first item, then new_item *is* the list */
+  if(!list)
+    return new_item;
+
+  last = slist_get_last(list);
+  last->next = new_item;
+  return list;
+}
+
+/*
+ * curl_slist_append() appends a string to the linked list. It always returns
+ * the address of the first record, so that you can use this function as an
+ * initialization function as well as an append function. If you find this
+ * bothersome, then simply create a separate _init function and call it
+ * appropriately from within the program.
+ */
+struct curl_slist *curl_slist_append(struct curl_slist *list,
+                                     const char *data)
+{
+  char *dupdata = strdup(data);
+
+  if(!dupdata)
+    return NULL;
+
+  list = Curl_slist_append_nodup(list, dupdata);
+  if(!list)
+    free(dupdata);
+
+  return list;
+}
+
+/*
+ * Curl_slist_duplicate() duplicates a linked list. It always returns the
+ * address of the first record of the cloned list or NULL in case of an
+ * error (or if the input list was NULL).
+ */
+struct curl_slist *Curl_slist_duplicate(struct curl_slist *inlist)
+{
+  struct curl_slist *outlist = NULL;
+  struct curl_slist *tmp;
+
+  while(inlist) {
+    tmp = curl_slist_append(outlist, inlist->data);
+
+    if(!tmp) {
+      curl_slist_free_all(outlist);
+      return NULL;
+    }
+
+    outlist = tmp;
+    inlist = inlist->next;
+  }
+  return outlist;
+}
+
+/* be nice and clean up resources */
+void curl_slist_free_all(struct curl_slist *list)
+{
+  struct curl_slist     *next;
+  struct curl_slist     *item;
+
+  if(!list)
+    return;
+
+  item = list;
+  do {
+    next = item->next;
+    Curl_safefree(item->data);
+    free(item);
+    item = next;
+  } while(next);
+}
+
diff --git a/Utilities/cmcurl/socks.h b/Utilities/cmcurl/lib/slist.h
index 0da9879..ea7dcc4 100644
--- a/Utilities/cmcurl/socks.h
+++ b/Utilities/cmcurl/lib/slist.h
@@ -1,5 +1,5 @@
-#ifndef __SOCKS_H
-#define __SOCKS_H
+#ifndef HEADER_CURL_SLIST_H
+#define HEADER_CURL_SLIST_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,22 +20,21 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 /*
- * This function logs in to a SOCKS4 proxy and sends the specifics to the
- * final destination server.
+ * Curl_slist_duplicate() duplicates a linked list. It always returns the
+ * address of the first record of the cloned list or NULL in case of an
+ * error (or if the input list was NULL).
  */
-CURLcode Curl_SOCKS4(const char *proxy_name,
-                     struct connectdata *conn);
+struct curl_slist *Curl_slist_duplicate(struct curl_slist *inlist);
 
 /*
- * This function logs in to a SOCKS5 proxy and sends the specifics to the
- * final destination server.
+ * Curl_slist_append_nodup() takes ownership of the given string and appends
+ * it to the list.
  */
-CURLcode Curl_SOCKS5(const char *proxy_name,
-                     const char *proxy_password,
-                     struct connectdata *conn);
+struct curl_slist *Curl_slist_append_nodup(struct curl_slist *list,
+                                           char *data);
+
+#endif /* HEADER_CURL_SLIST_H */
 
-#endif
diff --git a/Utilities/cmcurl/lib/smtp.c b/Utilities/cmcurl/lib/smtp.c
new file mode 100644
index 0000000..9aa8b15
--- /dev/null
+++ b/Utilities/cmcurl/lib/smtp.c
@@ -0,0 +1,2378 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC1870 SMTP Service Extension for Message Size
+ * RFC2195 CRAM-MD5 authentication
+ * RFC2831 DIGEST-MD5 authentication
+ * RFC3207 SMTP over TLS
+ * RFC4422 Simple Authentication and Security Layer (SASL)
+ * RFC4616 PLAIN authentication
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
+ * RFC4954 SMTP Authentication
+ * RFC5321 SMTP protocol
+ * RFC6749 OAuth 2.0 Authorization Framework
+ * Draft   SMTP URL Interface   <draft-earhart-url-smtp-00.txt>
+ * Draft   LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_SMTP
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
+#undef in_addr_t
+#define in_addr_t unsigned long
+#endif
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "sendf.h"
+#include "if2ip.h"
+#include "hostip.h"
+#include "progress.h"
+#include "transfer.h"
+#include "escape.h"
+#include "http.h" /* for HTTP proxy tunnel stuff */
+#include "socks.h"
+#include "smtp.h"
+
+#include "strtoofft.h"
+#include "strequal.h"
+#include "vtls/vtls.h"
+#include "connect.h"
+#include "strerror.h"
+#include "select.h"
+#include "multiif.h"
+#include "url.h"
+#include "rawstr.h"
+#include "curl_gethostname.h"
+#include "curl_sasl.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* Local API functions */
+static CURLcode smtp_regular_transfer(struct connectdata *conn, bool *done);
+static CURLcode smtp_do(struct connectdata *conn, bool *done);
+static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
+                          bool premature);
+static CURLcode smtp_connect(struct connectdata *conn, bool *done);
+static CURLcode smtp_disconnect(struct connectdata *conn, bool dead);
+static CURLcode smtp_multi_statemach(struct connectdata *conn, bool *done);
+static int smtp_getsock(struct connectdata *conn, curl_socket_t *socks,
+                        int numsocks);
+static CURLcode smtp_doing(struct connectdata *conn, bool *dophase_done);
+static CURLcode smtp_setup_connection(struct connectdata *conn);
+static CURLcode smtp_parse_url_options(struct connectdata *conn);
+static CURLcode smtp_parse_url_path(struct connectdata *conn);
+static CURLcode smtp_parse_custom_request(struct connectdata *conn);
+static CURLcode smtp_calc_sasl_details(struct connectdata *conn,
+                                       const char **mech,
+                                       char **initresp, size_t *len,
+                                       smtpstate *state1, smtpstate *state2);
+
+/*
+ * SMTP protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_smtp = {
+  "SMTP",                           /* scheme */
+  smtp_setup_connection,            /* setup_connection */
+  smtp_do,                          /* do_it */
+  smtp_done,                        /* done */
+  ZERO_NULL,                        /* do_more */
+  smtp_connect,                     /* connect_it */
+  smtp_multi_statemach,             /* connecting */
+  smtp_doing,                       /* doing */
+  smtp_getsock,                     /* proto_getsock */
+  smtp_getsock,                     /* doing_getsock */
+  ZERO_NULL,                        /* domore_getsock */
+  ZERO_NULL,                        /* perform_getsock */
+  smtp_disconnect,                  /* disconnect */
+  ZERO_NULL,                        /* readwrite */
+  PORT_SMTP,                        /* defport */
+  CURLPROTO_SMTP,                   /* protocol */
+  PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */
+};
+
+#ifdef USE_SSL
+/*
+ * SMTPS protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_smtps = {
+  "SMTPS",                          /* scheme */
+  smtp_setup_connection,            /* setup_connection */
+  smtp_do,                          /* do_it */
+  smtp_done,                        /* done */
+  ZERO_NULL,                        /* do_more */
+  smtp_connect,                     /* connect_it */
+  smtp_multi_statemach,             /* connecting */
+  smtp_doing,                       /* doing */
+  smtp_getsock,                     /* proto_getsock */
+  smtp_getsock,                     /* doing_getsock */
+  ZERO_NULL,                        /* domore_getsock */
+  ZERO_NULL,                        /* perform_getsock */
+  smtp_disconnect,                  /* disconnect */
+  ZERO_NULL,                        /* readwrite */
+  PORT_SMTPS,                       /* defport */
+  CURLPROTO_SMTPS,                  /* protocol */
+  PROTOPT_CLOSEACTION | PROTOPT_SSL
+  | PROTOPT_NOURLQUERY              /* flags */
+};
+#endif
+
+#ifndef CURL_DISABLE_HTTP
+/*
+ * HTTP-proxyed SMTP protocol handler.
+ */
+
+static const struct Curl_handler Curl_handler_smtp_proxy = {
+  "SMTP",                               /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_SMTP,                            /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+#ifdef USE_SSL
+/*
+ * HTTP-proxyed SMTPS protocol handler.
+ */
+
+static const struct Curl_handler Curl_handler_smtps_proxy = {
+  "SMTPS",                              /* scheme */
+  Curl_http_setup_conn,                 /* setup_connection */
+  Curl_http,                            /* do_it */
+  Curl_http_done,                       /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_SMTPS,                           /* defport */
+  CURLPROTO_HTTP,                       /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+#endif
+#endif
+
+#ifdef USE_SSL
+static void smtp_to_smtps(struct connectdata *conn)
+{
+  conn->handler = &Curl_handler_smtps;
+}
+#else
+#define smtp_to_smtps(x) Curl_nop_stmt
+#endif
+
+/***********************************************************************
+ *
+ * smtp_endofresp()
+ *
+ * Checks for an ending SMTP status code at the start of the given string, but
+ * also detects various capabilities from the EHLO response including the
+ * supported authentication mechanisms.
+ */
+static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len,
+                           int *resp)
+{
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  bool result = FALSE;
+
+  /* Nothing for us */
+  if(len < 4 || !ISDIGIT(line[0]) || !ISDIGIT(line[1]) || !ISDIGIT(line[2]))
+    return FALSE;
+
+  /* Do we have a command response? This should be the response code followed
+     by a space and optionally some text as per RFC-5321 and as outlined in
+     Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
+     only send the response code instead as per Section 4.2. */
+  if(line[3] == ' ' || len == 5) {
+    result = TRUE;
+    *resp = curlx_sltosi(strtol(line, NULL, 10));
+
+    /* Make sure real server never sends internal value */
+    if(*resp == 1)
+      *resp = 0;
+  }
+  /* Do we have a multiline (continuation) response? */
+  else if(line[3] == '-' &&
+          (smtpc->state == SMTP_EHLO || smtpc->state == SMTP_COMMAND)) {
+    result = TRUE;
+    *resp = 1;  /* Internal response code */
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_get_message()
+ *
+ * Gets the authentication message from the response buffer.
+ */
+static void smtp_get_message(char *buffer, char** outptr)
+{
+  size_t len = 0;
+  char* message = NULL;
+
+  /* Find the start of the message */
+  for(message = buffer + 4; *message == ' ' || *message == '\t'; message++)
+    ;
+
+  /* Find the end of the message */
+  for(len = strlen(message); len--;)
+    if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
+        message[len] != '\t')
+      break;
+
+  /* Terminate the message */
+  if(++len) {
+    message[len] = '\0';
+  }
+
+  *outptr = message;
+}
+
+/***********************************************************************
+ *
+ * state()
+ *
+ * This is the ONLY way to change SMTP state!
+ */
+static void state(struct connectdata *conn, smtpstate newstate)
+{
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+  /* for debug purposes */
+  static const char * const names[] = {
+    "STOP",
+    "SERVERGREET",
+    "EHLO",
+    "HELO",
+    "STARTTLS",
+    "UPGRADETLS",
+    "AUTH_PLAIN",
+    "AUTH_LOGIN",
+    "AUTH_LOGIN_PASSWD",
+    "AUTH_CRAMMD5",
+    "AUTH_DIGESTMD5",
+    "AUTH_DIGESTMD5_RESP",
+    "AUTH_NTLM",
+    "AUTH_NTLM_TYPE2MSG",
+    "AUTH_GSSAPI",
+    "AUTH_GSSAPI_TOKEN",
+    "AUTH_GSSAPI_NO_DATA",
+    "AUTH_XOAUTH2",
+    "AUTH_CANCEL",
+    "AUTH_FINAL",
+    "COMMAND",
+    "MAIL",
+    "RCPT",
+    "DATA",
+    "POSTDATA",
+    "QUIT",
+    /* LAST */
+  };
+
+  if(smtpc->state != newstate)
+    infof(conn->data, "SMTP %p state change from %s to %s\n",
+          (void *)smtpc, names[smtpc->state], names[newstate]);
+#endif
+
+  smtpc->state = newstate;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_ehlo()
+ *
+ * Sends the EHLO command to not only initialise communication with the ESMTP
+ * server but to also obtain a list of server side supported capabilities.
+ */
+static CURLcode smtp_perform_ehlo(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+  smtpc->authmechs = 0;           /* No known authentication mechanisms yet */
+  smtpc->authused = 0;            /* Clear the authentication mechanism used
+                                     for esmtp connections */
+  smtpc->tls_supported = FALSE;   /* Clear the TLS capability */
+  smtpc->auth_supported = FALSE;  /* Clear the AUTH capability */
+
+  /* Send the EHLO command */
+  result = Curl_pp_sendf(&smtpc->pp, "EHLO %s", smtpc->domain);
+
+  if(!result)
+    state(conn, SMTP_EHLO);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_helo()
+ *
+ * Sends the HELO command to initialise communication with the SMTP server.
+ */
+static CURLcode smtp_perform_helo(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+  smtpc->authused = 0;          /* No authentication mechanism used in smtp
+                                   connections */
+
+  /* Send the HELO command */
+  result = Curl_pp_sendf(&smtpc->pp, "HELO %s", smtpc->domain);
+
+  if(!result)
+    state(conn, SMTP_HELO);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_starttls()
+ *
+ * Sends the STLS command to start the upgrade to TLS.
+ */
+static CURLcode smtp_perform_starttls(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  /* Send the STARTTLS command */
+  result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "STARTTLS");
+
+  if(!result)
+    state(conn, SMTP_STARTTLS);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_upgrade_tls()
+ *
+ * Performs the upgrade to TLS.
+ */
+static CURLcode smtp_perform_upgrade_tls(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+  /* Start the SSL connection */
+  result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &smtpc->ssldone);
+
+  if(!result) {
+    if(smtpc->state != SMTP_UPGRADETLS)
+      state(conn, SMTP_UPGRADETLS);
+
+    if(smtpc->ssldone) {
+      smtp_to_smtps(conn);
+      result = smtp_perform_ehlo(conn);
+    }
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_auth()
+ *
+ * Sends an AUTH command allowing the client to login with the given SASL
+ * authentication mechanism.
+ */
+static CURLcode smtp_perform_auth(struct connectdata *conn,
+                                  const char *mech,
+                                  const char *initresp, size_t len,
+                                  smtpstate state1, smtpstate state2)
+{
+  CURLcode result = CURLE_OK;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+  if(initresp && 8 + strlen(mech) + len <= 512) { /* AUTH <mech> ...<crlf> */
+    /* Send the AUTH command with the initial response */
+    result = Curl_pp_sendf(&smtpc->pp, "AUTH %s %s", mech, initresp);
+
+    if(!result)
+      state(conn, state2);
+  }
+  else {
+    /* Send the AUTH command */
+    result = Curl_pp_sendf(&smtpc->pp, "AUTH %s", mech);
+
+    if(!result)
+      state(conn, state1);
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_authentication()
+ *
+ * Initiates the authentication sequence, with the appropriate SASL
+ * authentication mechanism.
+ */
+static CURLcode smtp_perform_authentication(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  const char *mech = NULL;
+  char *initresp = NULL;
+  size_t len = 0;
+  smtpstate state1 = SMTP_STOP;
+  smtpstate state2 = SMTP_STOP;
+
+  /* Check we have a username and password to authenticate with, and the
+     server supports authentiation, and end the connect phase if not */
+  if(!conn->bits.user_passwd || !smtpc->auth_supported) {
+    state(conn, SMTP_STOP);
+
+    return result;
+  }
+
+  /* Calculate the SASL login details */
+  result = smtp_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+                                  &state2);
+
+  if(!result) {
+    if(mech) {
+      /* Perform SASL based authentication */
+      result = smtp_perform_auth(conn, mech, initresp, len, state1, state2);
+
+      Curl_safefree(initresp);
+    }
+    else {
+      /* Other mechanisms not supported */
+      infof(conn->data, "No known authentication mechanisms supported!\n");
+      result = CURLE_LOGIN_DENIED;
+    }
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_command()
+ *
+ * Sends a SMTP based command.
+ */
+static CURLcode smtp_perform_command(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SMTP *smtp = data->req.protop;
+
+  /* Send the command */
+  if(smtp->rcpt)
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s %s",
+                            smtp->custom && smtp->custom[0] != '\0' ?
+                            smtp->custom : "VRFY",
+                            smtp->rcpt->data);
+  else
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s",
+                           smtp->custom && smtp->custom[0] != '\0' ?
+                           smtp->custom : "HELP");
+
+  if(!result)
+    state(conn, SMTP_COMMAND);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_mail()
+ *
+ * Sends an MAIL command to initiate the upload of a message.
+ */
+static CURLcode smtp_perform_mail(struct connectdata *conn)
+{
+  char *from = NULL;
+  char *auth = NULL;
+  char *size = NULL;
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  /* Calculate the FROM parameter */
+  if(!data->set.str[STRING_MAIL_FROM])
+    /* Null reverse-path, RFC-5321, sect. 3.6.3 */
+    from = strdup("<>");
+  else if(data->set.str[STRING_MAIL_FROM][0] == '<')
+    from = aprintf("%s", data->set.str[STRING_MAIL_FROM]);
+  else
+    from = aprintf("<%s>", data->set.str[STRING_MAIL_FROM]);
+
+  if(!from)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Calculate the optional AUTH parameter */
+  if(data->set.str[STRING_MAIL_AUTH] && conn->proto.smtpc.authused) {
+    if(data->set.str[STRING_MAIL_AUTH][0] != '\0')
+      auth = aprintf("%s", data->set.str[STRING_MAIL_AUTH]);
+    else
+      /* Empty AUTH, RFC-2554, sect. 5 */
+      auth = strdup("<>");
+
+    if(!auth) {
+      Curl_safefree(from);
+
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+
+  /* Calculate the optional SIZE parameter */
+  if(conn->proto.smtpc.size_supported && conn->data->state.infilesize > 0) {
+    size = aprintf("%" CURL_FORMAT_CURL_OFF_T, data->state.infilesize);
+
+    if(!size) {
+      Curl_safefree(from);
+      Curl_safefree(auth);
+
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+
+  /* Send the MAIL command */
+  if(!auth && !size)
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp,
+                           "MAIL FROM:%s", from);
+  else if(auth && !size)
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp,
+                           "MAIL FROM:%s AUTH=%s", from, auth);
+  else if(auth && size)
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp,
+                           "MAIL FROM:%s AUTH=%s SIZE=%s", from, auth, size);
+  else
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp,
+                           "MAIL FROM:%s SIZE=%s", from, size);
+
+  Curl_safefree(from);
+  Curl_safefree(auth);
+  Curl_safefree(size);
+
+  if(!result)
+    state(conn, SMTP_MAIL);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_rcpt_to()
+ *
+ * Sends a RCPT TO command for a given recipient as part of the message upload
+ * process.
+ */
+static CURLcode smtp_perform_rcpt_to(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SMTP *smtp = data->req.protop;
+
+  /* Send the RCPT TO command */
+  if(smtp->rcpt->data[0] == '<')
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:%s",
+                            smtp->rcpt->data);
+  else
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:<%s>",
+                            smtp->rcpt->data);
+  if(!result)
+    state(conn, SMTP_RCPT);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_quit()
+ *
+ * Performs the quit action prior to sclose() being called.
+ */
+static CURLcode smtp_perform_quit(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+  /* Send the QUIT command */
+  result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "QUIT");
+
+  if(!result)
+    state(conn, SMTP_QUIT);
+
+  return result;
+}
+
+/* For the initial server greeting */
+static CURLcode smtp_state_servergreet_resp(struct connectdata *conn,
+                                            int smtpcode,
+                                            smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode/100 != 2) {
+    failf(data, "Got unexpected smtp-server response: %d", smtpcode);
+    result = CURLE_FTP_WEIRD_SERVER_REPLY;
+  }
+  else
+    result = smtp_perform_ehlo(conn);
+
+  return result;
+}
+
+/* For STARTTLS responses */
+static CURLcode smtp_state_starttls_resp(struct connectdata *conn,
+                                         int smtpcode,
+                                         smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 220) {
+    if(data->set.use_ssl != CURLUSESSL_TRY) {
+      failf(data, "STARTTLS denied. %c", smtpcode);
+      result = CURLE_USE_SSL_FAILED;
+    }
+    else
+      result = smtp_perform_authentication(conn);
+  }
+  else
+    result = smtp_perform_upgrade_tls(conn);
+
+  return result;
+}
+
+/* For EHLO responses */
+static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode,
+                                     smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  const char *line = data->state.buffer;
+  size_t len = strlen(line);
+  size_t wordlen;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode/100 != 2 && smtpcode != 1) {
+    if(data->set.use_ssl <= CURLUSESSL_TRY || conn->ssl[FIRSTSOCKET].use)
+      result = smtp_perform_helo(conn);
+    else {
+      failf(data, "Remote access denied: %d", smtpcode);
+      result = CURLE_REMOTE_ACCESS_DENIED;
+    }
+  }
+  else {
+    line += 4;
+    len -= 4;
+
+    /* Does the server support the STARTTLS capability? */
+    if(len >= 8 && !memcmp(line, "STARTTLS", 8))
+      smtpc->tls_supported = TRUE;
+
+    /* Does the server support the SIZE capability? */
+    else if(len >= 4 && !memcmp(line, "SIZE", 4))
+      smtpc->size_supported = TRUE;
+
+    /* Does the server support authentication? */
+    else if(len >= 5 && !memcmp(line, "AUTH ", 5)) {
+      smtpc->auth_supported = TRUE;
+
+      /* Advance past the AUTH keyword */
+      line += 5;
+      len -= 5;
+
+      /* Loop through the data line */
+      for(;;) {
+        while(len &&
+              (*line == ' ' || *line == '\t' ||
+               *line == '\r' || *line == '\n')) {
+
+          line++;
+          len--;
+        }
+
+        if(!len)
+          break;
+
+        /* Extract the word */
+        for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
+              line[wordlen] != '\t' && line[wordlen] != '\r' &&
+              line[wordlen] != '\n';)
+          wordlen++;
+
+        /* Test the word for a matching authentication mechanism */
+        if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))
+          smtpc->authmechs |= SASL_MECH_LOGIN;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))
+          smtpc->authmechs |= SASL_MECH_PLAIN;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))
+          smtpc->authmechs |= SASL_MECH_CRAM_MD5;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))
+          smtpc->authmechs |= SASL_MECH_DIGEST_MD5;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))
+          smtpc->authmechs |= SASL_MECH_GSSAPI;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))
+          smtpc->authmechs |= SASL_MECH_EXTERNAL;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))
+          smtpc->authmechs |= SASL_MECH_NTLM;
+        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))
+          smtpc->authmechs |= SASL_MECH_XOAUTH2;
+
+        line += wordlen;
+        len -= wordlen;
+      }
+    }
+
+    if(smtpcode != 1) {
+      if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+        /* We don't have a SSL/TLS connection yet, but SSL is requested */
+        if(smtpc->tls_supported)
+          /* Switch to TLS connection now */
+          result = smtp_perform_starttls(conn);
+        else if(data->set.use_ssl == CURLUSESSL_TRY)
+          /* Fallback and carry on with authentication */
+          result = smtp_perform_authentication(conn);
+        else {
+          failf(data, "STARTTLS not supported.");
+          result = CURLE_USE_SSL_FAILED;
+        }
+      }
+      else
+        result = smtp_perform_authentication(conn);
+    }
+  }
+
+  return result;
+}
+
+/* For HELO responses */
+static CURLcode smtp_state_helo_resp(struct connectdata *conn, int smtpcode,
+                                     smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode/100 != 2) {
+    failf(data, "Remote access denied: %d", smtpcode);
+    result = CURLE_REMOTE_ACCESS_DENIED;
+  }
+  else
+    /* End of connect phase */
+    state(conn, SMTP_STOP);
+
+  return result;
+}
+
+/* For AUTH PLAIN (without initial response) responses */
+static CURLcode smtp_state_auth_plain_resp(struct connectdata *conn,
+                                           int smtpcode,
+                                           smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *plainauth = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the authorisation message */
+    result = Curl_sasl_create_plain_message(conn->data, conn->user,
+                                            conn->passwd, &plainauth, &len);
+    if(!result && plainauth) {
+      /* Send the message */
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", plainauth);
+
+      if(!result)
+        state(conn, SMTP_AUTH_FINAL);
+    }
+  }
+
+  Curl_safefree(plainauth);
+
+  return result;
+}
+
+/* For AUTH LOGIN (without initial response) responses */
+static CURLcode smtp_state_auth_login_resp(struct connectdata *conn,
+                                           int smtpcode,
+                                           smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *authuser = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the user message */
+    result = Curl_sasl_create_login_message(conn->data, conn->user,
+                                            &authuser, &len);
+    if(!result && authuser) {
+      /* Send the user */
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", authuser);
+
+      if(!result)
+        state(conn, SMTP_AUTH_LOGIN_PASSWD);
+    }
+  }
+
+  Curl_safefree(authuser);
+
+  return result;
+}
+
+/* For AUTH LOGIN user entry responses */
+static CURLcode smtp_state_auth_login_password_resp(struct connectdata *conn,
+                                                    int smtpcode,
+                                                    smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *authpasswd = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the password message */
+    result = Curl_sasl_create_login_message(conn->data, conn->passwd,
+                                            &authpasswd, &len);
+    if(!result && authpasswd) {
+      /* Send the password */
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", authpasswd);
+
+      if(!result)
+        state(conn, SMTP_AUTH_FINAL);
+    }
+  }
+
+  Curl_safefree(authpasswd);
+
+  return result;
+}
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* For AUTH CRAM-MD5 responses */
+static CURLcode smtp_state_auth_cram_resp(struct connectdata *conn,
+                                          int smtpcode,
+                                          smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlg = NULL;
+  char *chlg64 = NULL;
+  char *rplyb64 = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Get the challenge message */
+  smtp_get_message(data->state.buffer, &chlg64);
+
+  /* Decode the challenge message */
+  result = Curl_sasl_decode_cram_md5_message(chlg64, &chlg, &len);
+  if(result) {
+    /* Send the cancellation */
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "*");
+
+    if(!result)
+      state(conn, SMTP_AUTH_CANCEL);
+  }
+  else {
+    /* Create the response message */
+    result = Curl_sasl_create_cram_md5_message(data, chlg, conn->user,
+                                               conn->passwd, &rplyb64, &len);
+    if(!result && rplyb64) {
+      /* Send the response */
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", rplyb64);
+
+      if(!result)
+        state(conn, SMTP_AUTH_FINAL);
+    }
+  }
+
+  Curl_safefree(chlg);
+  Curl_safefree(rplyb64);
+
+  return result;
+}
+
+/* For AUTH DIGEST-MD5 challenge responses */
+static CURLcode smtp_state_auth_digest_resp(struct connectdata *conn,
+                                            int smtpcode,
+                                            smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlg64 = NULL;
+  char *rplyb64 = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Get the challenge message */
+  smtp_get_message(data->state.buffer, &chlg64);
+
+  /* Create the response message */
+  result = Curl_sasl_create_digest_md5_message(data, chlg64,
+                                               conn->user, conn->passwd,
+                                               "smtp", &rplyb64, &len);
+  if(result) {
+    if(result == CURLE_BAD_CONTENT_ENCODING) {
+      /* Send the cancellation */
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "*");
+
+      if(!result)
+        state(conn, SMTP_AUTH_CANCEL);
+    }
+  }
+  else {
+    /* Send the response */
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", rplyb64);
+
+    if(!result)
+      state(conn, SMTP_AUTH_DIGESTMD5_RESP);
+  }
+
+  Curl_safefree(rplyb64);
+
+  return result;
+}
+
+/* For AUTH DIGEST-MD5 challenge-response responses */
+static CURLcode smtp_state_auth_digest_resp_resp(struct connectdata *conn,
+                                                 int smtpcode,
+                                                 smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Authentication failed: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Send an empty response */
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "");
+
+    if(!result)
+      state(conn, SMTP_AUTH_FINAL);
+  }
+
+  return result;
+}
+
+#endif
+
+#ifdef USE_NTLM
+/* For AUTH NTLM (without initial response) responses */
+static CURLcode smtp_state_auth_ntlm_resp(struct connectdata *conn,
+                                          int smtpcode,
+                                          smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *type1msg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the type-1 message */
+    result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
+                                                 &conn->ntlm,
+                                                 &type1msg, &len);
+    if(!result && type1msg) {
+      /* Send the message */
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", type1msg);
+
+      if(!result)
+        state(conn, SMTP_AUTH_NTLM_TYPE2MSG);
+    }
+  }
+
+  Curl_safefree(type1msg);
+
+  return result;
+}
+
+/* For NTLM type-2 responses (sent in reponse to our type-1 message) */
+static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
+                                                   int smtpcode,
+                                                   smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *type2msg = NULL;
+  char *type3msg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Get the type-2 message */
+    smtp_get_message(data->state.buffer, &type2msg);
+
+    /* Decode the type-2 message */
+    result = Curl_sasl_decode_ntlm_type2_message(data, type2msg, &conn->ntlm);
+    if(result) {
+      /* Send the cancellation */
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "*");
+
+      if(!result)
+        state(conn, SMTP_AUTH_CANCEL);
+    }
+    else {
+      /* Create the type-3 message */
+      result = Curl_sasl_create_ntlm_type3_message(data, conn->user,
+                                                   conn->passwd, &conn->ntlm,
+                                                   &type3msg, &len);
+      if(!result && type3msg) {
+        /* Send the message */
+        result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", type3msg);
+
+        if(!result)
+          state(conn, SMTP_AUTH_FINAL);
+      }
+    }
+  }
+
+  Curl_safefree(type3msg);
+
+  return result;
+}
+#endif
+
+#if defined(USE_WINDOWS_SSPI)
+/* For AUTH GSSAPI (without initial response) responses */
+static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn,
+                                            int smtpcode,
+                                            smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  char *respmsg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the initial response message */
+    result = Curl_sasl_create_gssapi_user_message(data, conn->user,
+                                                  conn->passwd, "smtp",
+                                                  smtpc->mutual_auth, NULL,
+                                                  &conn->krb5,
+                                                  &respmsg, &len);
+    if(!result && respmsg) {
+      /* Send the message */
+      result = Curl_pp_sendf(&smtpc->pp, "%s", respmsg);
+
+      if(!result)
+        state(conn, SMTP_AUTH_GSSAPI_TOKEN);
+    }
+  }
+
+  Curl_safefree(respmsg);
+
+  return result;
+}
+
+/* For AUTH GSSAPI user token responses */
+static CURLcode smtp_state_auth_gssapi_token_resp(struct connectdata *conn,
+                                                  int smtpcode,
+                                                  smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  char *chlgmsg = NULL;
+  char *respmsg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Get the challenge message */
+    smtp_get_message(data->state.buffer, &chlgmsg);
+
+    if(smtpc->mutual_auth)
+      /* Decode the user token challenge and create the optional response
+         message */
+      result = Curl_sasl_create_gssapi_user_message(data, NULL, NULL, NULL,
+                                                    smtpc->mutual_auth,
+                                                    chlgmsg, &conn->krb5,
+                                                    &respmsg, &len);
+    else
+      /* Decode the security challenge and create the response message */
+      result = Curl_sasl_create_gssapi_security_message(data, chlgmsg,
+                                                        &conn->krb5,
+                                                        &respmsg, &len);
+
+    if(result) {
+      if(result == CURLE_BAD_CONTENT_ENCODING) {
+        /* Send the cancellation */
+        result = Curl_pp_sendf(&smtpc->pp, "%s", "*");
+
+        if(!result)
+          state(conn, SMTP_AUTH_CANCEL);
+      }
+    }
+    else {
+      /* Send the response */
+      if(respmsg)
+        result = Curl_pp_sendf(&smtpc->pp, "%s", respmsg);
+      else
+        result = Curl_pp_sendf(&smtpc->pp, "%s", "");
+
+      if(!result)
+        state(conn, (smtpc->mutual_auth ? SMTP_AUTH_GSSAPI_NO_DATA :
+                                          SMTP_AUTH_FINAL));
+    }
+  }
+
+  Curl_safefree(respmsg);
+
+  return result;
+}
+
+/* For AUTH GSSAPI no data responses */
+static CURLcode smtp_state_auth_gssapi_no_data_resp(struct connectdata *conn,
+                                                    int smtpcode,
+                                                    smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlgmsg = NULL;
+  char *respmsg = NULL;
+  size_t len = 0;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Get the challenge message */
+    smtp_get_message(data->state.buffer, &chlgmsg);
+
+    /* Decode the security challenge and create the response message */
+    result = Curl_sasl_create_gssapi_security_message(data, chlgmsg,
+                                                      &conn->krb5,
+                                                      &respmsg, &len);
+    if(result) {
+      if(result == CURLE_BAD_CONTENT_ENCODING) {
+        /* Send the cancellation */
+        result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "*");
+
+        if(!result)
+          state(conn, SMTP_AUTH_CANCEL);
+      }
+    }
+    else {
+      /* Send the response */
+      if(respmsg) {
+        result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", respmsg);
+
+        if(!result)
+          state(conn, SMTP_AUTH_FINAL);
+      }
+    }
+  }
+
+  Curl_safefree(respmsg);
+
+  return result;
+}
+#endif
+
+/* For AUTH XOAUTH2 (without initial response) responses */
+static CURLcode smtp_state_auth_xoauth2_resp(struct connectdata *conn,
+                                             int smtpcode, smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  size_t len = 0;
+  char *xoauth = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    /* Create the authorisation message */
+    result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
+                                              conn->xoauth2_bearer,
+                                              &xoauth, &len);
+    if(!result && xoauth) {
+      /* Send the message */
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", xoauth);
+
+      if(!result)
+        state(conn, SMTP_AUTH_FINAL);
+    }
+  }
+
+  Curl_safefree(xoauth);
+
+  return result;
+}
+
+/* For AUTH cancellation responses */
+static CURLcode smtp_state_auth_cancel_resp(struct connectdata *conn,
+                                            int smtpcode,
+                                            smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  const char *mech = NULL;
+  char *initresp = NULL;
+  size_t len = 0;
+  smtpstate state1 = SMTP_STOP;
+  smtpstate state2 = SMTP_STOP;
+
+  (void)smtpcode;
+  (void)instate; /* no use for this yet */
+
+  /* Remove the offending mechanism from the supported list */
+  smtpc->authmechs ^= smtpc->authused;
+
+  /* Calculate alternative SASL login details */
+  result = smtp_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+                                  &state2);
+
+  if(!result) {
+    /* Do we have any mechanisms left? */
+    if(mech) {
+      /* Retry SASL based authentication */
+      result = smtp_perform_auth(conn, mech, initresp, len, state1, state2);
+
+      Curl_safefree(initresp);
+    }
+    else {
+      failf(data, "Authentication cancelled");
+
+      result = CURLE_LOGIN_DENIED;
+    }
+  }
+
+  return result;
+}
+
+/* For final responses in the AUTH sequence */
+static CURLcode smtp_state_auth_final_resp(struct connectdata *conn,
+                                           int smtpcode,
+                                           smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 235) {
+    failf(data, "Authentication failed: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else
+    /* End of connect phase */
+    state(conn, SMTP_STOP);
+
+  return result;
+}
+
+/* For command responses */
+static CURLcode smtp_state_command_resp(struct connectdata *conn, int smtpcode,
+                                        smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SMTP *smtp = data->req.protop;
+  char *line = data->state.buffer;
+  size_t len = strlen(line);
+
+  (void)instate; /* no use for this yet */
+
+  if((smtp->rcpt && smtpcode/100 != 2 && smtpcode != 553 && smtpcode != 1) ||
+     (!smtp->rcpt && smtpcode/100 != 2 && smtpcode != 1)) {
+    failf(data, "Command failed: %d", smtpcode);
+    result = CURLE_RECV_ERROR;
+  }
+  else {
+    /* Temporarily add the LF character back and send as body to the client */
+    if(!data->set.opt_no_body) {
+      line[len] = '\n';
+      result = Curl_client_write(conn, CLIENTWRITE_BODY, line, len + 1);
+      line[len] = '\0';
+    }
+
+    if(smtpcode != 1) {
+      if(smtp->rcpt) {
+        smtp->rcpt = smtp->rcpt->next;
+
+        if(smtp->rcpt) {
+          /* Send the next command */
+          result = smtp_perform_command(conn);
+        }
+        else
+          /* End of DO phase */
+          state(conn, SMTP_STOP);
+      }
+      else
+        /* End of DO phase */
+        state(conn, SMTP_STOP);
+    }
+  }
+
+  return result;
+}
+
+/* For MAIL responses */
+static CURLcode smtp_state_mail_resp(struct connectdata *conn, int smtpcode,
+                                     smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode/100 != 2) {
+    failf(data, "MAIL failed: %d", smtpcode);
+    result = CURLE_SEND_ERROR;
+  }
+  else
+    /* Start the RCPT TO command */
+    result = smtp_perform_rcpt_to(conn);
+
+  return result;
+}
+
+/* For RCPT responses */
+static CURLcode smtp_state_rcpt_resp(struct connectdata *conn, int smtpcode,
+                                     smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SMTP *smtp = data->req.protop;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode/100 != 2) {
+    failf(data, "RCPT failed: %d", smtpcode);
+    result = CURLE_SEND_ERROR;
+  }
+  else {
+    smtp->rcpt = smtp->rcpt->next;
+
+    if(smtp->rcpt)
+      /* Send the next RCPT TO command */
+      result = smtp_perform_rcpt_to(conn);
+    else {
+      /* Send the DATA command */
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "DATA");
+
+      if(!result)
+        state(conn, SMTP_DATA);
+    }
+  }
+
+  return result;
+}
+
+/* For DATA response */
+static CURLcode smtp_state_data_resp(struct connectdata *conn, int smtpcode,
+                                     smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 354) {
+    failf(data, "DATA failed: %d", smtpcode);
+    result = CURLE_SEND_ERROR;
+  }
+  else {
+    /* Set the progress upload size */
+    Curl_pgrsSetUploadSize(data, data->state.infilesize);
+
+    /* SMTP upload */
+    Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
+
+    /* End of DO phase */
+    state(conn, SMTP_STOP);
+  }
+
+  return result;
+}
+
+/* For POSTDATA responses, which are received after the entire DATA
+   part has been sent to the server */
+static CURLcode smtp_state_postdata_resp(struct connectdata *conn,
+                                         int smtpcode,
+                                         smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 250)
+    result = CURLE_RECV_ERROR;
+
+  /* End of DONE phase */
+  state(conn, SMTP_STOP);
+
+  return result;
+}
+
+static CURLcode smtp_statemach_act(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  curl_socket_t sock = conn->sock[FIRSTSOCKET];
+  struct SessionHandle *data = conn->data;
+  int smtpcode;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  struct pingpong *pp = &smtpc->pp;
+  size_t nread = 0;
+
+  /* Busy upgrading the connection; right now all I/O is SSL/TLS, not SMTP */
+  if(smtpc->state == SMTP_UPGRADETLS)
+    return smtp_perform_upgrade_tls(conn);
+
+  /* Flush any data that needs to be sent */
+  if(pp->sendleft)
+    return Curl_pp_flushsend(pp);
+
+  do {
+    /* Read the response from the server */
+    result = Curl_pp_readresp(sock, pp, &smtpcode, &nread);
+    if(result)
+      return result;
+
+    /* Store the latest response for later retrieval if necessary */
+    if(smtpc->state != SMTP_QUIT && smtpcode != 1)
+      data->info.httpcode = smtpcode;
+
+    if(!smtpcode)
+      break;
+
+    /* We have now received a full SMTP server response */
+    switch(smtpc->state) {
+    case SMTP_SERVERGREET:
+      result = smtp_state_servergreet_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_EHLO:
+      result = smtp_state_ehlo_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_HELO:
+      result = smtp_state_helo_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_STARTTLS:
+      result = smtp_state_starttls_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_PLAIN:
+      result = smtp_state_auth_plain_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_LOGIN:
+      result = smtp_state_auth_login_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_LOGIN_PASSWD:
+      result = smtp_state_auth_login_password_resp(conn, smtpcode,
+                                                   smtpc->state);
+      break;
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+    case SMTP_AUTH_CRAMMD5:
+      result = smtp_state_auth_cram_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_DIGESTMD5:
+      result = smtp_state_auth_digest_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_DIGESTMD5_RESP:
+      result = smtp_state_auth_digest_resp_resp(conn, smtpcode, smtpc->state);
+      break;
+#endif
+
+#ifdef USE_NTLM
+    case SMTP_AUTH_NTLM:
+      result = smtp_state_auth_ntlm_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_NTLM_TYPE2MSG:
+      result = smtp_state_auth_ntlm_type2msg_resp(conn, smtpcode,
+                                                  smtpc->state);
+      break;
+#endif
+
+#if defined(USE_WINDOWS_SSPI)
+    case SMTP_AUTH_GSSAPI:
+      result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_GSSAPI_TOKEN:
+      result = smtp_state_auth_gssapi_token_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_GSSAPI_NO_DATA:
+      result = smtp_state_auth_gssapi_no_data_resp(conn, smtpcode,
+                                                   smtpc->state);
+      break;
+#endif
+
+    case SMTP_AUTH_XOAUTH2:
+      result = smtp_state_auth_xoauth2_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_CANCEL:
+      result = smtp_state_auth_cancel_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTH_FINAL:
+      result = smtp_state_auth_final_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_COMMAND:
+      result = smtp_state_command_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_MAIL:
+      result = smtp_state_mail_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_RCPT:
+      result = smtp_state_rcpt_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_DATA:
+      result = smtp_state_data_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_POSTDATA:
+      result = smtp_state_postdata_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_QUIT:
+      /* fallthrough, just stop! */
+    default:
+      /* internal error */
+      state(conn, SMTP_STOP);
+      break;
+    }
+  } while(!result && smtpc->state != SMTP_STOP && Curl_pp_moredata(pp));
+
+  return result;
+}
+
+/* Called repeatedly until done from multi.c */
+static CURLcode smtp_multi_statemach(struct connectdata *conn, bool *done)
+{
+  CURLcode result = CURLE_OK;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+  if((conn->handler->flags & PROTOPT_SSL) && !smtpc->ssldone) {
+    result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &smtpc->ssldone);
+    if(result || !smtpc->ssldone)
+      return result;
+  }
+
+  result = Curl_pp_statemach(&smtpc->pp, FALSE);
+  *done = (smtpc->state == SMTP_STOP) ? TRUE : FALSE;
+
+  return result;
+}
+
+static CURLcode smtp_block_statemach(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+  while(smtpc->state != SMTP_STOP && !result)
+    result = Curl_pp_statemach(&smtpc->pp, TRUE);
+
+  return result;
+}
+
+/* Allocate and initialize the SMTP struct for the current SessionHandle if
+   required */
+static CURLcode smtp_init(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SMTP *smtp;
+
+  smtp = data->req.protop = calloc(sizeof(struct SMTP), 1);
+  if(!smtp)
+    result = CURLE_OUT_OF_MEMORY;
+
+  return result;
+}
+
+/* For the SMTP "protocol connect" and "doing" phases only */
+static int smtp_getsock(struct connectdata *conn, curl_socket_t *socks,
+                        int numsocks)
+{
+  return Curl_pp_getsock(&conn->proto.smtpc.pp, socks, numsocks);
+}
+
+/***********************************************************************
+ *
+ * smtp_connect()
+ *
+ * This function should do everything that is to be considered a part of
+ * the connection phase.
+ *
+ * The variable pointed to by 'done' will be TRUE if the protocol-layer
+ * connect phase is done when this function returns, or FALSE if not.
+ */
+static CURLcode smtp_connect(struct connectdata *conn, bool *done)
+{
+  CURLcode result = CURLE_OK;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  struct pingpong *pp = &smtpc->pp;
+
+  *done = FALSE; /* default to not done yet */
+
+  /* We always support persistent connections in SMTP */
+  connkeep(conn, "SMTP default");
+
+  /* Set the default response time-out */
+  pp->response_time = RESP_TIMEOUT;
+  pp->statemach_act = smtp_statemach_act;
+  pp->endofresp = smtp_endofresp;
+  pp->conn = conn;
+
+  /* Set the default preferred authentication mechanism */
+  smtpc->prefmech = SASL_AUTH_ANY;
+
+  /* Initialise the pingpong layer */
+  Curl_pp_init(pp);
+
+  /* Parse the URL options */
+  result = smtp_parse_url_options(conn);
+  if(result)
+    return result;
+
+  /* Parse the URL path */
+  result = smtp_parse_url_path(conn);
+  if(result)
+    return result;
+
+  /* Start off waiting for the server greeting response */
+  state(conn, SMTP_SERVERGREET);
+
+  result = smtp_multi_statemach(conn, done);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_done()
+ *
+ * The DONE function. This does what needs to be done after a single DO has
+ * performed.
+ *
+ * Input argument is already checked for validity.
+ */
+static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
+                          bool premature)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SMTP *smtp = data->req.protop;
+  struct pingpong *pp = &conn->proto.smtpc.pp;
+  const char *eob;
+  ssize_t len;
+  ssize_t bytes_written;
+
+  (void)premature;
+
+  if(!smtp || !pp->conn)
+    /* When the easy handle is removed from the multi interface while libcurl
+       is still trying to resolve the host name, the SMTP struct is not yet
+       initialized. However, the removal action calls Curl_done() which in
+       turn calls this function, so we simply return success. */
+    return CURLE_OK;
+
+  if(status) {
+    connclose(conn, "SMTP done with bad status"); /* marked for closure */
+    result = status;         /* use the already set error code */
+  }
+  else if(!data->set.connect_only && data->set.upload && data->set.mail_rcpt) {
+    /* Calculate the EOB taking into account any terminating CRLF from the
+       previous line of the email or the CRLF of the DATA command when there
+       is "no mail data". RFC-5321, sect. 4.1.1.4. */
+    eob = SMTP_EOB;
+    len = SMTP_EOB_LEN;
+    if(smtp->trailing_crlf || !conn->data->state.infilesize) {
+      eob += 2;
+      len -= 2;
+    }
+
+    /* Send the end of block data */
+    result = Curl_write(conn, conn->writesockfd, eob, len, &bytes_written);
+    if(result)
+      return result;
+
+    if(bytes_written != len) {
+      /* The whole chunk was not sent so keep it around and adjust the
+         pingpong structure accordingly */
+      pp->sendthis = strdup(eob);
+      pp->sendsize = len;
+      pp->sendleft = len - bytes_written;
+    }
+    else
+      /* Successfully sent so adjust the response timeout relative to now */
+      pp->response = Curl_tvnow();
+
+    state(conn, SMTP_POSTDATA);
+
+    /* Run the state-machine
+
+       TODO: when the multi interface is used, this _really_ should be using
+       the smtp_multi_statemach function but we have no general support for
+       non-blocking DONE operations, not in the multi state machine and with
+       Curl_done() invokes on several places in the code!
+    */
+    result = smtp_block_statemach(conn);
+  }
+
+  /* Cleanup our per-request based variables */
+  Curl_safefree(smtp->custom);
+
+  /* Clear the transfer mode for the next request */
+  smtp->transfer = FTPTRANSFER_BODY;
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform()
+ *
+ * This is the actual DO function for SMTP. Transfer a mail, send a command
+ * or get some data according to the options previously setup.
+ */
+static CURLcode smtp_perform(struct connectdata *conn, bool *connected,
+                             bool *dophase_done)
+{
+  /* This is SMTP and no proxy */
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SMTP *smtp = data->req.protop;
+
+  DEBUGF(infof(conn->data, "DO phase starts\n"));
+
+  if(data->set.opt_no_body) {
+    /* Requested no body means no transfer */
+    smtp->transfer = FTPTRANSFER_INFO;
+  }
+
+  *dophase_done = FALSE; /* not done yet */
+
+  /* Store the first recipient (or NULL if not specified) */
+  smtp->rcpt = data->set.mail_rcpt;
+
+  /* Start the first command in the DO phase */
+  if(data->set.upload && data->set.mail_rcpt)
+    /* MAIL transfer */
+    result = smtp_perform_mail(conn);
+  else
+    /* SMTP based command (VRFY, EXPN, NOOP, RSET or HELP) */
+    result = smtp_perform_command(conn);
+
+  if(result)
+    return result;
+
+  /* Run the state-machine */
+  result = smtp_multi_statemach(conn, dophase_done);
+
+  *connected = conn->bits.tcpconnect[FIRSTSOCKET];
+
+  if(*dophase_done)
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_do()
+ *
+ * This function is registered as 'curl_do' function. It decodes the path
+ * parts etc as a wrapper to the actual DO function (smtp_perform).
+ *
+ * The input argument is already checked for validity.
+ */
+static CURLcode smtp_do(struct connectdata *conn, bool *done)
+{
+  CURLcode result = CURLE_OK;
+
+  *done = FALSE; /* default to false */
+
+  /* Parse the custom request */
+  result = smtp_parse_custom_request(conn);
+  if(result)
+    return result;
+
+  result = smtp_regular_transfer(conn, done);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_disconnect()
+ *
+ * Disconnect from an SMTP server. Cleanup protocol-specific per-connection
+ * resources. BLOCKING.
+ */
+static CURLcode smtp_disconnect(struct connectdata *conn, bool dead_connection)
+{
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+  /* We cannot send quit unconditionally. If this connection is stale or
+     bad in any way, sending quit and waiting around here will make the
+     disconnect wait in vain and cause more problems than we need to. */
+
+  /* The SMTP session may or may not have been allocated/setup at this
+     point! */
+  if(!dead_connection && smtpc->pp.conn && smtpc->pp.conn->bits.protoconnstart)
+    if(!smtp_perform_quit(conn))
+      (void)smtp_block_statemach(conn); /* ignore errors on QUIT */
+
+  /* Disconnect from the server */
+  Curl_pp_disconnect(&smtpc->pp);
+
+  /* Cleanup the SASL module */
+  Curl_sasl_cleanup(conn, smtpc->authused);
+
+  /* Cleanup our connection based variables */
+  Curl_safefree(smtpc->domain);
+
+  return CURLE_OK;
+}
+
+/* Call this when the DO phase has completed */
+static CURLcode smtp_dophase_done(struct connectdata *conn, bool connected)
+{
+  struct SMTP *smtp = conn->data->req.protop;
+
+  (void)connected;
+
+  if(smtp->transfer != FTPTRANSFER_BODY)
+    /* no data to transfer */
+    Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+
+  return CURLE_OK;
+}
+
+/* Called from multi.c while DOing */
+static CURLcode smtp_doing(struct connectdata *conn, bool *dophase_done)
+{
+  CURLcode result = smtp_multi_statemach(conn, dophase_done);
+
+  if(result)
+    DEBUGF(infof(conn->data, "DO phase failed\n"));
+  else if(*dophase_done) {
+    result = smtp_dophase_done(conn, FALSE /* not connected */);
+
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_regular_transfer()
+ *
+ * The input argument is already checked for validity.
+ *
+ * Performs all commands done before a regular transfer between a local and a
+ * remote host.
+ */
+static CURLcode smtp_regular_transfer(struct connectdata *conn,
+                                      bool *dophase_done)
+{
+  CURLcode result = CURLE_OK;
+  bool connected = FALSE;
+  struct SessionHandle *data = conn->data;
+
+  /* Make sure size is unknown at this point */
+  data->req.size = -1;
+
+  /* Set the progress data */
+  Curl_pgrsSetUploadCounter(data, 0);
+  Curl_pgrsSetDownloadCounter(data, 0);
+  Curl_pgrsSetUploadSize(data, -1);
+  Curl_pgrsSetDownloadSize(data, -1);
+
+  /* Carry out the perform */
+  result = smtp_perform(conn, &connected, dophase_done);
+
+  /* Perform post DO phase operations if necessary */
+  if(!result && *dophase_done)
+    result = smtp_dophase_done(conn, connected);
+
+  return result;
+}
+
+static CURLcode smtp_setup_connection(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  CURLcode result;
+
+  if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) {
+    /* Unless we have asked to tunnel SMTP operations through the proxy, we
+       switch and use HTTP operations only */
+#ifndef CURL_DISABLE_HTTP
+    if(conn->handler == &Curl_handler_smtp)
+      conn->handler = &Curl_handler_smtp_proxy;
+    else {
+#ifdef USE_SSL
+      conn->handler = &Curl_handler_smtps_proxy;
+#else
+      failf(data, "SMTPS not supported!");
+      return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+    }
+    /* set it up as a HTTP connection instead */
+    return conn->handler->setup_connection(conn);
+
+#else
+    failf(data, "SMTP over http proxy requires HTTP support built-in!");
+    return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+  }
+
+  /* Initialise the SMTP layer */
+  result = smtp_init(conn);
+  if(result)
+    return result;
+
+  data->state.path++;   /* don't include the initial slash */
+
+  return CURLE_OK;
+}
+
+/***********************************************************************
+ *
+ * smtp_parse_url_options()
+ *
+ * Parse the URL login options.
+ */
+static CURLcode smtp_parse_url_options(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  const char *options = conn->options;
+  const char *ptr = options;
+  bool reset = TRUE;
+
+  while(ptr && *ptr) {
+    const char *key = ptr;
+
+    while(*ptr && *ptr != '=')
+        ptr++;
+
+    if(strnequal(key, "AUTH", 4)) {
+      size_t len = 0;
+      const char *value = ++ptr;
+
+      if(reset) {
+        reset = FALSE;
+        smtpc->prefmech = SASL_AUTH_NONE;
+      }
+
+      while(*ptr && *ptr != ';') {
+        ptr++;
+        len++;
+      }
+
+      if(strnequal(value, "*", len))
+        smtpc->prefmech = SASL_AUTH_ANY;
+      else if(strnequal(value, SASL_MECH_STRING_LOGIN, len))
+        smtpc->prefmech |= SASL_MECH_LOGIN;
+      else if(strnequal(value, SASL_MECH_STRING_PLAIN, len))
+        smtpc->prefmech |= SASL_MECH_PLAIN;
+      else if(strnequal(value, SASL_MECH_STRING_CRAM_MD5, len))
+        smtpc->prefmech |= SASL_MECH_CRAM_MD5;
+      else if(strnequal(value, SASL_MECH_STRING_DIGEST_MD5, len))
+        smtpc->prefmech |= SASL_MECH_DIGEST_MD5;
+      else if(strnequal(value, SASL_MECH_STRING_GSSAPI, len))
+        smtpc->prefmech |= SASL_MECH_GSSAPI;
+      else if(strnequal(value, SASL_MECH_STRING_NTLM, len))
+        smtpc->prefmech |= SASL_MECH_NTLM;
+      else if(strnequal(value, SASL_MECH_STRING_XOAUTH2, len))
+        smtpc->prefmech |= SASL_MECH_XOAUTH2;
+
+      if(*ptr == ';')
+        ptr++;
+    }
+    else
+      result = CURLE_URL_MALFORMAT;
+  }
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_parse_url_path()
+ *
+ * Parse the URL path into separate path components.
+ */
+static CURLcode smtp_parse_url_path(struct connectdata *conn)
+{
+  /* The SMTP struct is already initialised in smtp_connect() */
+  struct SessionHandle *data = conn->data;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+  const char *path = data->state.path;
+  char localhost[HOSTNAME_MAX + 1];
+
+  /* Calculate the path if necessary */
+  if(!*path) {
+    if(!Curl_gethostname(localhost, sizeof(localhost)))
+      path = localhost;
+    else
+      path = "localhost";
+  }
+
+  /* URL decode the path and use it as the domain in our EHLO */
+  return Curl_urldecode(conn->data, path, 0, &smtpc->domain, NULL, TRUE);
+}
+
+/***********************************************************************
+ *
+ * smtp_parse_custom_request()
+ *
+ * Parse the custom request.
+ */
+static CURLcode smtp_parse_custom_request(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SMTP *smtp = data->req.protop;
+  const char *custom = data->set.str[STRING_CUSTOMREQUEST];
+
+  /* URL decode the custom request */
+  if(custom)
+    result = Curl_urldecode(data, custom, 0, &smtp->custom, NULL, TRUE);
+
+  return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_calc_sasl_details()
+ *
+ * Calculate the required login details for SASL authentication.
+ */
+static CURLcode smtp_calc_sasl_details(struct connectdata *conn,
+                                       const char **mech,
+                                       char **initresp, size_t *len,
+                                       smtpstate *state1, smtpstate *state2)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+  /* Calculate the supported authentication mechanism, by decreasing order of
+     security, as well as the initial response where appropriate */
+#if defined(USE_WINDOWS_SSPI)
+  if((smtpc->authmechs & SASL_MECH_GSSAPI) &&
+     (smtpc->prefmech & SASL_MECH_GSSAPI)) {
+    smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
+
+    *mech = SASL_MECH_STRING_GSSAPI;
+    *state1 = SMTP_AUTH_GSSAPI;
+    *state2 = SMTP_AUTH_GSSAPI_TOKEN;
+    smtpc->authused = SASL_MECH_GSSAPI;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_gssapi_user_message(data, conn->user,
+                                                    conn->passwd, "smtp",
+                                                    smtpc->mutual_auth,
+                                                    NULL, &conn->krb5,
+                                                    initresp, len);
+    }
+  else
+#endif
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+  if((smtpc->authmechs & SASL_MECH_DIGEST_MD5) &&
+     (smtpc->prefmech & SASL_MECH_DIGEST_MD5)) {
+    *mech = SASL_MECH_STRING_DIGEST_MD5;
+    *state1 = SMTP_AUTH_DIGESTMD5;
+    smtpc->authused = SASL_MECH_DIGEST_MD5;
+  }
+  else if((smtpc->authmechs & SASL_MECH_CRAM_MD5) &&
+          (smtpc->prefmech & SASL_MECH_CRAM_MD5)) {
+    *mech = SASL_MECH_STRING_CRAM_MD5;
+    *state1 = SMTP_AUTH_CRAMMD5;
+    smtpc->authused = SASL_MECH_CRAM_MD5;
+  }
+  else
+#endif
+#ifdef USE_NTLM
+  if((smtpc->authmechs & SASL_MECH_NTLM) &&
+     (smtpc->prefmech & SASL_MECH_NTLM)) {
+    *mech = SASL_MECH_STRING_NTLM;
+    *state1 = SMTP_AUTH_NTLM;
+    *state2 = SMTP_AUTH_NTLM_TYPE2MSG;
+    smtpc->authused = SASL_MECH_NTLM;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
+                                                   &conn->ntlm,
+                                                   initresp, len);
+    }
+  else
+#endif
+  if(((smtpc->authmechs & SASL_MECH_XOAUTH2) &&
+      (smtpc->prefmech & SASL_MECH_XOAUTH2) &&
+      (smtpc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
+    *mech = SASL_MECH_STRING_XOAUTH2;
+    *state1 = SMTP_AUTH_XOAUTH2;
+    *state2 = SMTP_AUTH_FINAL;
+    smtpc->authused = SASL_MECH_XOAUTH2;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_xoauth2_message(data, conn->user,
+                                                conn->xoauth2_bearer,
+                                                initresp, len);
+  }
+  else if((smtpc->authmechs & SASL_MECH_LOGIN) &&
+          (smtpc->prefmech & SASL_MECH_LOGIN)) {
+    *mech = SASL_MECH_STRING_LOGIN;
+    *state1 = SMTP_AUTH_LOGIN;
+    *state2 = SMTP_AUTH_LOGIN_PASSWD;
+    smtpc->authused = SASL_MECH_LOGIN;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_login_message(data, conn->user, initresp, len);
+  }
+  else if((smtpc->authmechs & SASL_MECH_PLAIN) &&
+          (smtpc->prefmech & SASL_MECH_PLAIN)) {
+    *mech = SASL_MECH_STRING_PLAIN;
+    *state1 = SMTP_AUTH_PLAIN;
+    *state2 = SMTP_AUTH_FINAL;
+    smtpc->authused = SASL_MECH_PLAIN;
+
+    if(data->set.sasl_ir)
+      result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
+                                              initresp, len);
+  }
+
+  return result;
+}
+
+CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
+{
+  /* When sending a SMTP payload we must detect CRLF. sequences making sure
+     they are sent as CRLF.. instead, as a . on the beginning of a line will
+     be deleted by the server when not part of an EOB terminator and a
+     genuine CRLF.CRLF which isn't escaped will wrongly be detected as end of
+     data by the server
+  */
+  ssize_t i;
+  ssize_t si;
+  struct SessionHandle *data = conn->data;
+  struct SMTP *smtp = data->req.protop;
+
+  /* Do we need to allocate the scatch buffer? */
+  if(!data->state.scratch) {
+    data->state.scratch = malloc(2 * BUFSIZE);
+
+    if(!data->state.scratch) {
+      failf (data, "Failed to alloc scratch buffer!");
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+
+  /* This loop can be improved by some kind of Boyer-Moore style of
+     approach but that is saved for later... */
+  for(i = 0, si = 0; i < nread; i++) {
+    if(SMTP_EOB[smtp->eob] == data->req.upload_fromhere[i]) {
+      smtp->eob++;
+
+      /* Is the EOB potentially the terminating CRLF? */
+      if(2 == smtp->eob || SMTP_EOB_LEN == smtp->eob)
+        smtp->trailing_crlf = TRUE;
+      else
+        smtp->trailing_crlf = FALSE;
+    }
+    else if(smtp->eob) {
+      /* A previous substring matched so output that first */
+      memcpy(&data->state.scratch[si], SMTP_EOB, smtp->eob);
+      si += smtp->eob;
+
+      /* Then compare the first byte */
+      if(SMTP_EOB[0] == data->req.upload_fromhere[i])
+        smtp->eob = 1;
+      else
+        smtp->eob = 0;
+
+      /* Reset the trailing CRLF flag as there was more data */
+      smtp->trailing_crlf = FALSE;
+    }
+
+    /* Do we have a match for CRLF. as per RFC-5321, sect. 4.5.2 */
+    if(SMTP_EOB_FIND_LEN == smtp->eob) {
+      /* Copy the replacement data to the target buffer */
+      memcpy(&data->state.scratch[si], SMTP_EOB_REPL, SMTP_EOB_REPL_LEN);
+      si += SMTP_EOB_REPL_LEN;
+      smtp->eob = 0;
+    }
+    else if(!smtp->eob)
+      data->state.scratch[si++] = data->req.upload_fromhere[i];
+  }
+
+  if(smtp->eob) {
+    /* A substring matched before processing ended so output that now */
+    memcpy(&data->state.scratch[si], SMTP_EOB, smtp->eob);
+    si += smtp->eob;
+    smtp->eob = 0;
+  }
+
+  if(si != nread) {
+    /* Only use the new buffer if we replaced something */
+    nread = si;
+
+    /* Upload from the new (replaced) buffer instead */
+    data->req.upload_fromhere = data->state.scratch;
+
+    /* Set the new amount too */
+    data->req.upload_present = nread;
+  }
+
+  return CURLE_OK;
+}
+
+#endif /* CURL_DISABLE_SMTP */
diff --git a/Utilities/cmcurl/lib/smtp.h b/Utilities/cmcurl/lib/smtp.h
new file mode 100644
index 0000000..db1b1e6
--- /dev/null
+++ b/Utilities/cmcurl/lib/smtp.h
@@ -0,0 +1,106 @@
+#ifndef HEADER_CURL_SMTP_H
+#define HEADER_CURL_SMTP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2009 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "pingpong.h"
+
+/****************************************************************************
+ * SMTP unique setup
+ ***************************************************************************/
+typedef enum {
+  SMTP_STOP,        /* do nothing state, stops the state machine */
+  SMTP_SERVERGREET, /* waiting for the initial greeting immediately after
+                       a connect */
+  SMTP_EHLO,
+  SMTP_HELO,
+  SMTP_STARTTLS,
+  SMTP_UPGRADETLS,  /* asynchronously upgrade the connection to SSL/TLS
+                       (multi mode only) */
+  SMTP_AUTH_PLAIN,
+  SMTP_AUTH_LOGIN,
+  SMTP_AUTH_LOGIN_PASSWD,
+  SMTP_AUTH_CRAMMD5,
+  SMTP_AUTH_DIGESTMD5,
+  SMTP_AUTH_DIGESTMD5_RESP,
+  SMTP_AUTH_NTLM,
+  SMTP_AUTH_NTLM_TYPE2MSG,
+  SMTP_AUTH_GSSAPI,
+  SMTP_AUTH_GSSAPI_TOKEN,
+  SMTP_AUTH_GSSAPI_NO_DATA,
+  SMTP_AUTH_XOAUTH2,
+  SMTP_AUTH_CANCEL,
+  SMTP_AUTH_FINAL,
+  SMTP_COMMAND,     /* VRFY, EXPN, NOOP, RSET and HELP */
+  SMTP_MAIL,        /* MAIL FROM */
+  SMTP_RCPT,        /* RCPT TO */
+  SMTP_DATA,
+  SMTP_POSTDATA,
+  SMTP_QUIT,
+  SMTP_LAST         /* never used */
+} smtpstate;
+
+/* This SMTP struct is used in the SessionHandle. All SMTP data that is
+   connection-oriented must be in smtp_conn to properly deal with the fact that
+   perhaps the SessionHandle is changed between the times the connection is
+   used. */
+struct SMTP {
+  curl_pp_transfer transfer;
+  char *custom;            /* Custom Request */
+  struct curl_slist *rcpt; /* Recipient list */
+  size_t eob;              /* Number of bytes of the EOB (End Of Body) that
+                              have been received so far */
+  bool trailing_crlf;      /* Specifies if the tailing CRLF is present */
+};
+
+/* smtp_conn is used for struct connection-oriented data in the connectdata
+   struct */
+struct smtp_conn {
+  struct pingpong pp;
+  smtpstate state;         /* Always use smtp.c:state() to change state! */
+  bool ssldone;            /* Is connect() over SSL done? */
+  char *domain;            /* Client address/name to send in the EHLO */
+  unsigned int authmechs;  /* Accepted authentication mechanisms */
+  unsigned int prefmech;   /* Preferred authentication mechanism */
+  unsigned int authused;   /* Auth mechanism used for the connection */
+  bool tls_supported;      /* StartTLS capability supported by server */
+  bool size_supported;     /* If server supports SIZE extension according to
+                              RFC 1870 */
+  bool auth_supported;     /* AUTH capability supported by server */
+  bool mutual_auth;        /* Mutual authentication enabled (GSSAPI only) */
+};
+
+extern const struct Curl_handler Curl_handler_smtp;
+extern const struct Curl_handler Curl_handler_smtps;
+
+/* this is the 5-bytes End-Of-Body marker for SMTP */
+#define SMTP_EOB "\x0d\x0a\x2e\x0d\x0a"
+#define SMTP_EOB_LEN 5
+#define SMTP_EOB_FIND_LEN 3
+
+/* if found in data, replace it with this string instead */
+#define SMTP_EOB_REPL "\x0d\x0a\x2e\x2e"
+#define SMTP_EOB_REPL_LEN 4
+
+CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread);
+
+#endif /* HEADER_CURL_SMTP_H */
diff --git a/Utilities/cmcurl/lib/sockaddr.h b/Utilities/cmcurl/lib/sockaddr.h
new file mode 100644
index 0000000..6a2151c
--- /dev/null
+++ b/Utilities/cmcurl/lib/sockaddr.h
@@ -0,0 +1,43 @@
+#ifndef HEADER_CURL_SOCKADDR_H
+#define HEADER_CURL_SOCKADDR_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+struct Curl_sockaddr_storage {
+  union {
+    struct sockaddr sa;
+    struct sockaddr_in sa_in;
+#ifdef ENABLE_IPV6
+    struct sockaddr_in6 sa_in6;
+#endif
+#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
+    struct sockaddr_storage sa_stor;
+#else
+    char cbuf[256];   /* this should be big enough to fit a lot */
+#endif
+  } buffer;
+};
+
+#endif /* HEADER_CURL_SOCKADDR_H */
+
diff --git a/Utilities/cmcurl/lib/socks.c b/Utilities/cmcurl/lib/socks.c
new file mode 100644
index 0000000..028475c
--- /dev/null
+++ b/Utilities/cmcurl/lib/socks.c
@@ -0,0 +1,755 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_PROXY)
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "strequal.h"
+#include "select.h"
+#include "connect.h"
+#include "timeval.h"
+#include "socks.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * Helper read-from-socket functions. Does the same as Curl_read() but it
+ * blocks until all bytes amount of buffersize will be read. No more, no less.
+ *
+ * This is STUPID BLOCKING behaviour which we frown upon, but right now this
+ * is what we have...
+ */
+int Curl_blockread_all(struct connectdata *conn, /* connection data */
+                       curl_socket_t sockfd,     /* read from this socket */
+                       char *buf,                /* store read data here */
+                       ssize_t buffersize,       /* max amount to read */
+                       ssize_t *n)               /* amount bytes read */
+{
+  ssize_t nread;
+  ssize_t allread = 0;
+  int result;
+  long timeleft;
+  *n = 0;
+  for(;;) {
+    timeleft = Curl_timeleft(conn->data, NULL, TRUE);
+    if(timeleft < 0) {
+      /* we already got the timeout */
+      result = CURLE_OPERATION_TIMEDOUT;
+      break;
+    }
+    if(Curl_socket_ready(sockfd, CURL_SOCKET_BAD, timeleft) <= 0) {
+      result = ~CURLE_OK;
+      break;
+    }
+    result = Curl_read_plain(sockfd, buf, buffersize, &nread);
+    if(CURLE_AGAIN == result)
+      continue;
+    else if(result)
+      break;
+
+    if(buffersize == nread) {
+      allread += nread;
+      *n = allread;
+      result = CURLE_OK;
+      break;
+    }
+    if(!nread) {
+      result = ~CURLE_OK;
+      break;
+    }
+
+    buffersize -= nread;
+    buf += nread;
+    allread += nread;
+  }
+  return result;
+}
+
+/*
+* This function logs in to a SOCKS4 proxy and sends the specifics to the final
+* destination server.
+*
+* Reference :
+*   http://socks.permeo.com/protocol/socks4.protocol
+*
+* Note :
+*   Set protocol4a=true for  "SOCKS 4A (Simple Extension to SOCKS 4 Protocol)"
+*   Nonsupport "Identification Protocol (RFC1413)"
+*/
+CURLcode Curl_SOCKS4(const char *proxy_name,
+                     const char *hostname,
+                     int remote_port,
+                     int sockindex,
+                     struct connectdata *conn,
+                     bool protocol4a)
+{
+#define SOCKS4REQLEN 262
+  unsigned char socksreq[SOCKS4REQLEN]; /* room for SOCKS4 request incl. user
+                                           id */
+  int result;
+  CURLcode code;
+  curl_socket_t sock = conn->sock[sockindex];
+  struct SessionHandle *data = conn->data;
+
+  if(Curl_timeleft(data, NULL, TRUE) < 0) {
+    /* time-out, bail out, go home */
+    failf(data, "Connection time-out");
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  curlx_nonblock(sock, FALSE);
+
+  infof(data, "SOCKS4 communication to %s:%d\n", hostname, remote_port);
+
+  /*
+   * Compose socks4 request
+   *
+   * Request format
+   *
+   *     +----+----+----+----+----+----+----+----+----+----+....+----+
+   *     | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL|
+   *     +----+----+----+----+----+----+----+----+----+----+....+----+
+   * # of bytes:  1    1      2              4           variable       1
+   */
+
+  socksreq[0] = 4; /* version (SOCKS4) */
+  socksreq[1] = 1; /* connect */
+  socksreq[2] = (unsigned char)((remote_port >> 8) & 0xff); /* PORT MSB */
+  socksreq[3] = (unsigned char)(remote_port & 0xff);        /* PORT LSB */
+
+  /* DNS resolve only for SOCKS4, not SOCKS4a */
+  if(!protocol4a) {
+    struct Curl_dns_entry *dns;
+    Curl_addrinfo *hp=NULL;
+    int rc;
+
+    rc = Curl_resolv(conn, hostname, remote_port, &dns);
+
+    if(rc == CURLRESOLV_ERROR)
+      return CURLE_COULDNT_RESOLVE_PROXY;
+
+    if(rc == CURLRESOLV_PENDING)
+      /* ignores the return code, but 'dns' remains NULL on failure */
+      (void)Curl_resolver_wait_resolv(conn, &dns);
+
+    /*
+     * We cannot use 'hostent' as a struct that Curl_resolv() returns.  It
+     * returns a Curl_addrinfo pointer that may not always look the same.
+     */
+    if(dns)
+      hp=dns->addr;
+    if(hp) {
+      char buf[64];
+      unsigned short ip[4];
+      Curl_printable_address(hp, buf, sizeof(buf));
+
+      if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
+                      &ip[0], &ip[1], &ip[2], &ip[3])) {
+        /* Set DSTIP */
+        socksreq[4] = (unsigned char)ip[0];
+        socksreq[5] = (unsigned char)ip[1];
+        socksreq[6] = (unsigned char)ip[2];
+        socksreq[7] = (unsigned char)ip[3];
+      }
+      else
+        hp = NULL; /* fail! */
+
+      infof(data, "SOCKS4 connect to %s (locally resolved)\n", buf);
+
+      Curl_resolv_unlock(data, dns); /* not used anymore from now on */
+
+    }
+    if(!hp) {
+      failf(data, "Failed to resolve \"%s\" for SOCKS4 connect.",
+            hostname);
+      return CURLE_COULDNT_RESOLVE_HOST;
+    }
+  }
+
+  /*
+   * This is currently not supporting "Identification Protocol (RFC1413)".
+   */
+  socksreq[8] = 0; /* ensure empty userid is NUL-terminated */
+  if(proxy_name) {
+    size_t plen = strlen(proxy_name);
+    if(plen >= sizeof(socksreq) - 8) {
+      failf(data, "Too long SOCKS proxy name, can't use!\n");
+      return CURLE_COULDNT_CONNECT;
+    }
+    /* copy the proxy name WITH trailing zero */
+    memcpy(socksreq + 8, proxy_name, plen+1);
+  }
+
+  /*
+   * Make connection
+   */
+  {
+    ssize_t actualread;
+    ssize_t written;
+    ssize_t hostnamelen = 0;
+    int packetsize = 9 +
+      (int)strlen((char*)socksreq + 8); /* size including NUL */
+
+    /* If SOCKS4a, set special invalid IP address 0.0.0.x */
+    if(protocol4a) {
+      socksreq[4] = 0;
+      socksreq[5] = 0;
+      socksreq[6] = 0;
+      socksreq[7] = 1;
+      /* If still enough room in buffer, also append hostname */
+      hostnamelen = (ssize_t)strlen(hostname) + 1; /* length including NUL */
+      if(packetsize + hostnamelen <= SOCKS4REQLEN)
+        strcpy((char*)socksreq + packetsize, hostname);
+      else
+        hostnamelen = 0; /* Flag: hostname did not fit in buffer */
+    }
+
+    /* Send request */
+    code = Curl_write_plain(conn, sock, (char *)socksreq,
+                            packetsize + hostnamelen,
+                            &written);
+    if((code != CURLE_OK) || (written != packetsize + hostnamelen)) {
+      failf(data, "Failed to send SOCKS4 connect request.");
+      return CURLE_COULDNT_CONNECT;
+    }
+    if(protocol4a && hostnamelen == 0) {
+      /* SOCKS4a with very long hostname - send that name separately */
+      hostnamelen = (ssize_t)strlen(hostname) + 1;
+      code = Curl_write_plain(conn, sock, (char *)hostname, hostnamelen,
+                              &written);
+      if((code != CURLE_OK) || (written != hostnamelen)) {
+        failf(data, "Failed to send SOCKS4 connect request.");
+        return CURLE_COULDNT_CONNECT;
+      }
+    }
+
+    packetsize = 8; /* receive data size */
+
+    /* Receive response */
+    result = Curl_blockread_all(conn, sock, (char *)socksreq, packetsize,
+                                &actualread);
+    if((result != CURLE_OK) || (actualread != packetsize)) {
+      failf(data, "Failed to receive SOCKS4 connect request ack.");
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    /*
+     * Response format
+     *
+     *     +----+----+----+----+----+----+----+----+
+     *     | VN | CD | DSTPORT |      DSTIP        |
+     *     +----+----+----+----+----+----+----+----+
+     * # of bytes:  1    1      2              4
+     *
+     * VN is the version of the reply code and should be 0. CD is the result
+     * code with one of the following values:
+     *
+     * 90: request granted
+     * 91: request rejected or failed
+     * 92: request rejected because SOCKS server cannot connect to
+     *     identd on the client
+     * 93: request rejected because the client program and identd
+     *     report different user-ids
+     */
+
+    /* wrong version ? */
+    if(socksreq[0] != 0) {
+      failf(data,
+            "SOCKS4 reply has wrong version, version should be 4.");
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    /* Result */
+    switch(socksreq[1]) {
+    case 90:
+      infof(data, "SOCKS4%s request granted.\n", protocol4a?"a":"");
+      break;
+    case 91:
+      failf(data,
+            "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
+            ", request rejected or failed.",
+            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+            ((socksreq[8] << 8) | socksreq[9]),
+            socksreq[1]);
+      return CURLE_COULDNT_CONNECT;
+    case 92:
+      failf(data,
+            "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
+            ", request rejected because SOCKS server cannot connect to "
+            "identd on the client.",
+            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+            ((socksreq[8] << 8) | socksreq[9]),
+            socksreq[1]);
+      return CURLE_COULDNT_CONNECT;
+    case 93:
+      failf(data,
+            "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
+            ", request rejected because the client program and identd "
+            "report different user-ids.",
+            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+            ((socksreq[8] << 8) | socksreq[9]),
+            socksreq[1]);
+      return CURLE_COULDNT_CONNECT;
+    default:
+      failf(data,
+            "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
+            ", Unknown.",
+            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+            ((socksreq[8] << 8) | socksreq[9]),
+            socksreq[1]);
+      return CURLE_COULDNT_CONNECT;
+    }
+  }
+
+  curlx_nonblock(sock, TRUE);
+
+  return CURLE_OK; /* Proxy was successful! */
+}
+
+/*
+ * This function logs in to a SOCKS5 proxy and sends the specifics to the final
+ * destination server.
+ */
+CURLcode Curl_SOCKS5(const char *proxy_name,
+                     const char *proxy_password,
+                     const char *hostname,
+                     int remote_port,
+                     int sockindex,
+                     struct connectdata *conn)
+{
+  /*
+    According to the RFC1928, section "6.  Replies". This is what a SOCK5
+    replies:
+
+        +----+-----+-------+------+----------+----------+
+        |VER | REP |  RSV  | ATYP | BND.ADDR | BND.PORT |
+        +----+-----+-------+------+----------+----------+
+        | 1  |  1  | X'00' |  1   | Variable |    2     |
+        +----+-----+-------+------+----------+----------+
+
+    Where:
+
+    o  VER    protocol version: X'05'
+    o  REP    Reply field:
+    o  X'00' succeeded
+  */
+
+  unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
+  ssize_t actualread;
+  ssize_t written;
+  int result;
+  CURLcode code;
+  curl_socket_t sock = conn->sock[sockindex];
+  struct SessionHandle *data = conn->data;
+  long timeout;
+  bool socks5_resolve_local = (conn->proxytype == CURLPROXY_SOCKS5)?TRUE:FALSE;
+  const size_t hostname_len = strlen(hostname);
+  ssize_t len = 0;
+
+  /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
+  if(!socks5_resolve_local && hostname_len > 255) {
+    infof(conn->data,"SOCKS5: server resolving disabled for hostnames of "
+          "length > 255 [actual len=%zu]\n", hostname_len);
+    socks5_resolve_local = TRUE;
+  }
+
+  /* get timeout */
+  timeout = Curl_timeleft(data, NULL, TRUE);
+
+  if(timeout < 0) {
+    /* time-out, bail out, go home */
+    failf(data, "Connection time-out");
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  curlx_nonblock(sock, TRUE);
+
+  /* wait until socket gets connected */
+  result = Curl_socket_ready(CURL_SOCKET_BAD, sock, timeout);
+
+  if(-1 == result) {
+    failf(conn->data, "SOCKS5: no connection here");
+    return CURLE_COULDNT_CONNECT;
+  }
+  else if(0 == result) {
+    failf(conn->data, "SOCKS5: connection timeout");
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  if(result & CURL_CSELECT_ERR) {
+    failf(conn->data, "SOCKS5: error occurred during connection");
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  socksreq[0] = 5; /* version */
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  socksreq[1] = (char)(proxy_name ? 3 : 2); /* number of methods (below) */
+  socksreq[2] = 0; /* no authentication */
+  socksreq[3] = 1; /* GSS-API */
+  socksreq[4] = 2; /* username/password */
+#else
+  socksreq[1] = (char)(proxy_name ? 2 : 1); /* number of methods (below) */
+  socksreq[2] = 0; /* no authentication */
+  socksreq[3] = 2; /* username/password */
+#endif
+
+  curlx_nonblock(sock, FALSE);
+
+  code = Curl_write_plain(conn, sock, (char *)socksreq, (2 + (int)socksreq[1]),
+                          &written);
+  if((code != CURLE_OK) || (written != (2 + (int)socksreq[1]))) {
+    failf(data, "Unable to send initial SOCKS5 request.");
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  curlx_nonblock(sock, TRUE);
+
+  result = Curl_socket_ready(sock, CURL_SOCKET_BAD, timeout);
+
+  if(-1 == result) {
+    failf(conn->data, "SOCKS5 nothing to read");
+    return CURLE_COULDNT_CONNECT;
+  }
+  else if(0 == result) {
+    failf(conn->data, "SOCKS5 read timeout");
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  if(result & CURL_CSELECT_ERR) {
+    failf(conn->data, "SOCKS5 read error occurred");
+    return CURLE_RECV_ERROR;
+  }
+
+  curlx_nonblock(sock, FALSE);
+
+  result=Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread);
+  if((result != CURLE_OK) || (actualread != 2)) {
+    failf(data, "Unable to receive initial SOCKS5 response.");
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  if(socksreq[0] != 5) {
+    failf(data, "Received invalid version in initial SOCKS5 response.");
+    return CURLE_COULDNT_CONNECT;
+  }
+  if(socksreq[1] == 0) {
+    /* Nothing to do, no authentication needed */
+    ;
+  }
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  else if(socksreq[1] == 1) {
+    code = Curl_SOCKS5_gssapi_negotiate(sockindex, conn);
+    if(code != CURLE_OK) {
+      failf(data, "Unable to negotiate SOCKS5 GSS-API context.");
+      return CURLE_COULDNT_CONNECT;
+    }
+  }
+#endif
+  else if(socksreq[1] == 2) {
+    /* Needs user name and password */
+    size_t proxy_name_len, proxy_password_len;
+    if(proxy_name && proxy_password) {
+      proxy_name_len = strlen(proxy_name);
+      proxy_password_len = strlen(proxy_password);
+    }
+    else {
+      proxy_name_len = 0;
+      proxy_password_len = 0;
+    }
+
+    /*   username/password request looks like
+     * +----+------+----------+------+----------+
+     * |VER | ULEN |  UNAME   | PLEN |  PASSWD  |
+     * +----+------+----------+------+----------+
+     * | 1  |  1   | 1 to 255 |  1   | 1 to 255 |
+     * +----+------+----------+------+----------+
+     */
+    len = 0;
+    socksreq[len++] = 1;    /* username/pw subnegotiation version */
+    socksreq[len++] = (unsigned char) proxy_name_len;
+    if(proxy_name && proxy_name_len)
+      memcpy(socksreq + len, proxy_name, proxy_name_len);
+    len += proxy_name_len;
+    socksreq[len++] = (unsigned char) proxy_password_len;
+    if(proxy_password && proxy_password_len)
+      memcpy(socksreq + len, proxy_password, proxy_password_len);
+    len += proxy_password_len;
+
+    code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written);
+    if((code != CURLE_OK) || (len != written)) {
+      failf(data, "Failed to send SOCKS5 sub-negotiation request.");
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    result=Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread);
+    if((result != CURLE_OK) || (actualread != 2)) {
+      failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    /* ignore the first (VER) byte */
+    if(socksreq[1] != 0) { /* status */
+      failf(data, "User was rejected by the SOCKS5 server (%d %d).",
+            socksreq[0], socksreq[1]);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    /* Everything is good so far, user was authenticated! */
+  }
+  else {
+    /* error */
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+    if(socksreq[1] == 255) {
+#else
+    if(socksreq[1] == 1) {
+      failf(data,
+            "SOCKS5 GSSAPI per-message authentication is not supported.");
+      return CURLE_COULDNT_CONNECT;
+    }
+    else if(socksreq[1] == 255) {
+#endif
+      if(!proxy_name || !*proxy_name) {
+        failf(data,
+              "No authentication method was acceptable. (It is quite likely"
+              " that the SOCKS5 server wanted a username/password, since none"
+              " was supplied to the server on this connection.)");
+      }
+      else {
+        failf(data, "No authentication method was acceptable.");
+      }
+      return CURLE_COULDNT_CONNECT;
+    }
+    else {
+      failf(data,
+            "Undocumented SOCKS5 mode attempted to be used by server.");
+      return CURLE_COULDNT_CONNECT;
+    }
+  }
+
+  /* Authentication is complete, now specify destination to the proxy */
+  len = 0;
+  socksreq[len++] = 5; /* version (SOCKS5) */
+  socksreq[len++] = 1; /* connect */
+  socksreq[len++] = 0; /* must be zero */
+
+  if(!socks5_resolve_local) {
+    socksreq[len++] = 3; /* ATYP: domain name = 3 */
+    socksreq[len++] = (char) hostname_len; /* address length */
+    memcpy(&socksreq[len], hostname, hostname_len); /* address str w/o NULL */
+    len += hostname_len;
+  }
+  else {
+    struct Curl_dns_entry *dns;
+    Curl_addrinfo *hp = NULL;
+    int rc = Curl_resolv(conn, hostname, remote_port, &dns);
+
+    if(rc == CURLRESOLV_ERROR)
+      return CURLE_COULDNT_RESOLVE_HOST;
+
+    if(rc == CURLRESOLV_PENDING) {
+      /* this requires that we're in "wait for resolve" state */
+      code = Curl_resolver_wait_resolv(conn, &dns);
+      if(code != CURLE_OK)
+        return code;
+    }
+
+    /*
+     * We cannot use 'hostent' as a struct that Curl_resolv() returns.  It
+     * returns a Curl_addrinfo pointer that may not always look the same.
+     */
+    if(dns)
+      hp=dns->addr;
+    if(hp) {
+      struct sockaddr_in *saddr_in;
+#ifdef ENABLE_IPV6
+      struct sockaddr_in6 *saddr_in6;
+#endif
+      int i;
+
+      if(hp->ai_family == AF_INET) {
+        socksreq[len++] = 1; /* ATYP: IPv4 = 1 */
+
+        saddr_in = (struct sockaddr_in*)hp->ai_addr;
+        for(i = 0; i < 4; i++) {
+          socksreq[len++] = ((unsigned char*)&saddr_in->sin_addr.s_addr)[i];
+          infof(data, "%d\n", socksreq[len-1]);
+        }
+      }
+#ifdef ENABLE_IPV6
+      else if(hp->ai_family == AF_INET6) {
+        socksreq[len++] = 4; /* ATYP: IPv6 = 4 */
+
+        saddr_in6 = (struct sockaddr_in6*)hp->ai_addr;
+        for(i = 0; i < 16; i++) {
+          socksreq[len++] = ((unsigned char*)&saddr_in6->sin6_addr.s6_addr)[i];
+        }
+      }
+#endif
+      else
+        hp = NULL; /* fail! */
+
+      Curl_resolv_unlock(data, dns); /* not used anymore from now on */
+    }
+    if(!hp) {
+      failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.",
+            hostname);
+      return CURLE_COULDNT_RESOLVE_HOST;
+    }
+  }
+
+  socksreq[len++] = (unsigned char)((remote_port >> 8) & 0xff); /* PORT MSB */
+  socksreq[len++] = (unsigned char)(remote_port & 0xff);        /* PORT LSB */
+
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  if(conn->socks5_gssapi_enctype) {
+    failf(data, "SOCKS5 GSS-API protection not yet implemented.");
+  }
+  else
+#endif
+    code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written);
+
+  if((code != CURLE_OK) || (len != written)) {
+    failf(data, "Failed to send SOCKS5 connect request.");
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  len = 10; /* minimum packet size is 10 */
+
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  if(conn->socks5_gssapi_enctype) {
+    failf(data, "SOCKS5 GSS-API protection not yet implemented.");
+  }
+  else
+#endif
+    result = Curl_blockread_all(conn, sock, (char *)socksreq,
+                                len, &actualread);
+
+  if((result != CURLE_OK) || (len != actualread)) {
+    failf(data, "Failed to receive SOCKS5 connect request ack.");
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  if(socksreq[0] != 5) { /* version */
+    failf(data,
+          "SOCKS5 reply has wrong version, version should be 5.");
+    return CURLE_COULDNT_CONNECT;
+  }
+  if(socksreq[1] != 0) { /* Anything besides 0 is an error */
+    if(socksreq[3] == 1) {
+      failf(data,
+            "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
+            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+            ((socksreq[8] << 8) | socksreq[9]),
+            socksreq[1]);
+    }
+    else if(socksreq[3] == 3) {
+      failf(data,
+            "Can't complete SOCKS5 connection to %s:%d. (%d)",
+            hostname,
+            ((socksreq[8] << 8) | socksreq[9]),
+            socksreq[1]);
+    }
+    else if(socksreq[3] == 4) {
+      failf(data,
+            "Can't complete SOCKS5 connection to %02x%02x:%02x%02x:"
+            "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%d. (%d)",
+            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+            (unsigned char)socksreq[8], (unsigned char)socksreq[9],
+            (unsigned char)socksreq[10], (unsigned char)socksreq[11],
+            (unsigned char)socksreq[12], (unsigned char)socksreq[13],
+            (unsigned char)socksreq[14], (unsigned char)socksreq[15],
+            (unsigned char)socksreq[16], (unsigned char)socksreq[17],
+            (unsigned char)socksreq[18], (unsigned char)socksreq[19],
+            ((socksreq[8] << 8) | socksreq[9]),
+            socksreq[1]);
+    }
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  /* Fix: in general, returned BND.ADDR is variable length parameter by RFC
+     1928, so the reply packet should be read until the end to avoid errors at
+     subsequent protocol level.
+
+    +----+-----+-------+------+----------+----------+
+    |VER | REP |  RSV  | ATYP | BND.ADDR | BND.PORT |
+    +----+-----+-------+------+----------+----------+
+    | 1  |  1  | X'00' |  1   | Variable |    2     |
+    +----+-----+-------+------+----------+----------+
+
+     ATYP:
+     o  IP v4 address: X'01', BND.ADDR = 4 byte
+     o  domain name:  X'03', BND.ADDR = [ 1 byte length, string ]
+     o  IP v6 address: X'04', BND.ADDR = 16 byte
+     */
+
+  /* Calculate real packet size */
+  if(socksreq[3] == 3) {
+    /* domain name */
+    int addrlen = (int) socksreq[4];
+    len = 5 + addrlen + 2;
+  }
+  else if(socksreq[3] == 4) {
+    /* IPv6 */
+    len = 4 + 16 + 2;
+  }
+
+  /* At this point we already read first 10 bytes */
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  if(!conn->socks5_gssapi_enctype) {
+    /* decrypt_gssapi_blockread already read the whole packet */
+#endif
+    if(len > 10) {
+      len -= 10;
+      result = Curl_blockread_all(conn, sock, (char *)&socksreq[10],
+                                  len, &actualread);
+      if((result != CURLE_OK) || (len != actualread)) {
+        failf(data, "Failed to receive SOCKS5 connect request ack.");
+        return CURLE_COULDNT_CONNECT;
+      }
+    }
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  }
+#endif
+
+  curlx_nonblock(sock, TRUE);
+  return CURLE_OK; /* Proxy was successful! */
+}
+
+#endif /* CURL_DISABLE_PROXY */
+
diff --git a/Utilities/cmcurl/lib/socks.h b/Utilities/cmcurl/lib/socks.h
new file mode 100644
index 0000000..29e3bf0
--- /dev/null
+++ b/Utilities/cmcurl/lib/socks.h
@@ -0,0 +1,77 @@
+#ifndef HEADER_CURL_SOCKS_H
+#define HEADER_CURL_SOCKS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef CURL_DISABLE_PROXY
+#define Curl_SOCKS4(a,b,c,d,e,f) CURLE_NOT_BUILT_IN
+#define Curl_SOCKS5(a,b,c,d,e,f) CURLE_NOT_BUILT_IN
+#else
+/*
+ * Helper read-from-socket functions. Does the same as Curl_read() but it
+ * blocks until all bytes amount of buffersize will be read. No more, no less.
+ *
+ * This is STUPID BLOCKING behaviour which we frown upon, but right now this
+ * is what we have...
+ */
+int Curl_blockread_all(struct connectdata *conn,
+                       curl_socket_t sockfd,
+                       char *buf,
+                       ssize_t buffersize,
+                       ssize_t *n);
+
+/*
+ * This function logs in to a SOCKS4(a) proxy and sends the specifics to the
+ * final destination server.
+ */
+CURLcode Curl_SOCKS4(const char *proxy_name,
+                     const char *hostname,
+                     int remote_port,
+                     int sockindex,
+                     struct connectdata *conn,
+                     bool protocol4a);
+
+/*
+ * This function logs in to a SOCKS5 proxy and sends the specifics to the
+ * final destination server.
+ */
+CURLcode Curl_SOCKS5(const char *proxy_name,
+                     const char *proxy_password,
+                     const char *hostname,
+                     int remote_port,
+                     int sockindex,
+                     struct connectdata *conn);
+
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+/*
+ * This function handles the SOCKS5 GSS-API negotiation and initialisation
+ */
+CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
+                                      struct connectdata *conn);
+#endif
+
+#endif /* CURL_DISABLE_PROXY */
+
+#endif  /* HEADER_CURL_SOCKS_H */
+
diff --git a/Utilities/cmcurl/lib/socks_gssapi.c b/Utilities/cmcurl/lib/socks_gssapi.c
new file mode 100644
index 0000000..0eaa74c
--- /dev/null
+++ b/Utilities/cmcurl/lib/socks_gssapi.c
@@ -0,0 +1,534 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2009, 2011, Markus Moeller, <markus_moeller@compuserve.com>
+ * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_PROXY
+
+#ifdef HAVE_GSSAPI
+#ifdef HAVE_OLD_GSSMIT
+#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
+#define NCOMPAT 1
+#endif
+#ifndef gss_nt_service_name
+#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
+#endif
+
+#include "curl_gssapi.h"
+#include "urldata.h"
+#include "sendf.h"
+#include "connect.h"
+#include "timeval.h"
+#include "socks.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+static gss_ctx_id_t gss_context = GSS_C_NO_CONTEXT;
+
+/*
+ * Helper GSS-API error functions.
+ */
+static int check_gss_err(struct SessionHandle *data,
+                         OM_uint32 major_status,
+                         OM_uint32 minor_status,
+                         const char* function)
+{
+  if(GSS_ERROR(major_status)) {
+    OM_uint32 maj_stat,min_stat;
+    OM_uint32 msg_ctx = 0;
+    gss_buffer_desc status_string;
+    char buf[1024];
+    size_t len;
+
+    len = 0;
+    msg_ctx = 0;
+    while(!msg_ctx) {
+      /* convert major status code (GSS-API error) to text */
+      maj_stat = gss_display_status(&min_stat, major_status,
+                                    GSS_C_GSS_CODE,
+                                    GSS_C_NULL_OID,
+                                    &msg_ctx, &status_string);
+      if(maj_stat == GSS_S_COMPLETE) {
+        if(sizeof(buf) > len + status_string.length + 1) {
+          strcpy(buf+len, (char*) status_string.value);
+          len += status_string.length;
+        }
+        gss_release_buffer(&min_stat, &status_string);
+        break;
+      }
+      gss_release_buffer(&min_stat, &status_string);
+    }
+    if(sizeof(buf) > len + 3) {
+      strcpy(buf+len, ".\n");
+      len += 2;
+    }
+    msg_ctx = 0;
+    while(!msg_ctx) {
+      /* convert minor status code (underlying routine error) to text */
+      maj_stat = gss_display_status(&min_stat, minor_status,
+                                    GSS_C_MECH_CODE,
+                                    GSS_C_NULL_OID,
+                                    &msg_ctx, &status_string);
+      if(maj_stat == GSS_S_COMPLETE) {
+        if(sizeof(buf) > len + status_string.length)
+          strcpy(buf+len, (char*) status_string.value);
+        gss_release_buffer(&min_stat, &status_string);
+        break;
+      }
+      gss_release_buffer(&min_stat, &status_string);
+    }
+    failf(data, "GSS-API error: %s failed:\n%s", function, buf);
+    return(1);
+  }
+
+  return(0);
+}
+
+CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
+                                      struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  curl_socket_t sock = conn->sock[sockindex];
+  CURLcode code;
+  ssize_t actualread;
+  ssize_t written;
+  int result;
+  OM_uint32 gss_major_status, gss_minor_status, gss_status;
+  OM_uint32 gss_ret_flags;
+  int gss_conf_state, gss_enc;
+  gss_buffer_desc  service = GSS_C_EMPTY_BUFFER;
+  gss_buffer_desc  gss_send_token = GSS_C_EMPTY_BUFFER;
+  gss_buffer_desc  gss_recv_token = GSS_C_EMPTY_BUFFER;
+  gss_buffer_desc  gss_w_token = GSS_C_EMPTY_BUFFER;
+  gss_buffer_desc* gss_token = GSS_C_NO_BUFFER;
+  gss_name_t       server = GSS_C_NO_NAME;
+  gss_name_t       gss_client_name = GSS_C_NO_NAME;
+  unsigned short   us_length;
+  char             *user=NULL;
+  unsigned char socksreq[4]; /* room for GSS-API exchange header only */
+  char *serviceptr = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+
+  /*   GSS-API request looks like
+   * +----+------+-----+----------------+
+   * |VER | MTYP | LEN |     TOKEN      |
+   * +----+------+----------------------+
+   * | 1  |  1   |  2  | up to 2^16 - 1 |
+   * +----+------+-----+----------------+
+   */
+
+  /* prepare service name */
+  if(strchr(serviceptr,'/')) {
+    service.value = malloc(strlen(serviceptr));
+    if(!service.value)
+      return CURLE_OUT_OF_MEMORY;
+    service.length = strlen(serviceptr);
+    memcpy(service.value, serviceptr, service.length);
+
+    gss_major_status = gss_import_name(&gss_minor_status, &service,
+                                       (gss_OID) GSS_C_NULL_OID, &server);
+  }
+  else {
+    service.value = malloc(strlen(serviceptr) +strlen(conn->proxy.name)+2);
+    if(!service.value)
+      return CURLE_OUT_OF_MEMORY;
+    service.length = strlen(serviceptr) +strlen(conn->proxy.name)+1;
+    snprintf(service.value, service.length+1, "%s@%s",
+             serviceptr, conn->proxy.name);
+
+    gss_major_status = gss_import_name(&gss_minor_status, &service,
+                                       gss_nt_service_name, &server);
+  }
+
+  gss_release_buffer(&gss_status, &service); /* clear allocated memory */
+
+  if(check_gss_err(data,gss_major_status,
+                   gss_minor_status,"gss_import_name()")) {
+    failf(data, "Failed to create service name.");
+    gss_release_name(&gss_status, &server);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  /* As long as we need to keep sending some context info, and there's no  */
+  /* errors, keep sending it...                                            */
+  for(;;) {
+    gss_major_status = Curl_gss_init_sec_context(data,
+                                                 &gss_minor_status,
+                                                 &gss_context,
+                                                 server,
+                                                 &Curl_krb5_mech_oid,
+                                                 NULL,
+                                                 gss_token,
+                                                 &gss_send_token,
+                                                 &gss_ret_flags);
+
+    if(gss_token != GSS_C_NO_BUFFER)
+      gss_release_buffer(&gss_status, &gss_recv_token);
+    if(check_gss_err(data,gss_major_status,
+                     gss_minor_status,"gss_init_sec_context")) {
+      gss_release_name(&gss_status, &server);
+      gss_release_buffer(&gss_status, &gss_recv_token);
+      gss_release_buffer(&gss_status, &gss_send_token);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      failf(data, "Failed to initial GSS-API token.");
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    if(gss_send_token.length != 0) {
+      socksreq[0] = 1;    /* GSS-API subnegotiation version */
+      socksreq[1] = 1;    /* authentication message type */
+      us_length = htons((short)gss_send_token.length);
+      memcpy(socksreq+2,&us_length,sizeof(short));
+
+      code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
+      if((code != CURLE_OK) || (4 != written)) {
+        failf(data, "Failed to send GSS-API authentication request.");
+        gss_release_name(&gss_status, &server);
+        gss_release_buffer(&gss_status, &gss_recv_token);
+        gss_release_buffer(&gss_status, &gss_send_token);
+        gss_delete_sec_context(&gss_status, &gss_context, NULL);
+        return CURLE_COULDNT_CONNECT;
+      }
+
+      code = Curl_write_plain(conn, sock, (char *)gss_send_token.value,
+                              gss_send_token.length, &written);
+
+      if((code != CURLE_OK) || ((ssize_t)gss_send_token.length != written)) {
+        failf(data, "Failed to send GSS-API authentication token.");
+        gss_release_name(&gss_status, &server);
+        gss_release_buffer(&gss_status, &gss_recv_token);
+        gss_release_buffer(&gss_status, &gss_send_token);
+        gss_delete_sec_context(&gss_status, &gss_context, NULL);
+        return CURLE_COULDNT_CONNECT;
+      }
+
+    }
+
+    gss_release_buffer(&gss_status, &gss_send_token);
+    gss_release_buffer(&gss_status, &gss_recv_token);
+    if(gss_major_status != GSS_S_CONTINUE_NEEDED) break;
+
+    /* analyse response */
+
+    /*   GSS-API response looks like
+     * +----+------+-----+----------------+
+     * |VER | MTYP | LEN |     TOKEN      |
+     * +----+------+----------------------+
+     * | 1  |  1   |  2  | up to 2^16 - 1 |
+     * +----+------+-----+----------------+
+     */
+
+    result=Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
+    if(result != CURLE_OK || actualread != 4) {
+      failf(data, "Failed to receive GSS-API authentication response.");
+      gss_release_name(&gss_status, &server);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    /* ignore the first (VER) byte */
+    if(socksreq[1] == 255) { /* status / message type */
+      failf(data, "User was rejected by the SOCKS5 server (%d %d).",
+            socksreq[0], socksreq[1]);
+      gss_release_name(&gss_status, &server);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    if(socksreq[1] != 1) { /* status / messgae type */
+      failf(data, "Invalid GSS-API authentication response type (%d %d).",
+            socksreq[0], socksreq[1]);
+      gss_release_name(&gss_status, &server);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    memcpy(&us_length, socksreq+2, sizeof(short));
+    us_length = ntohs(us_length);
+
+    gss_recv_token.length=us_length;
+    gss_recv_token.value=malloc(us_length);
+    if(!gss_recv_token.value) {
+      failf(data,
+            "Could not allocate memory for GSS-API authentication "
+            "response token.");
+      gss_release_name(&gss_status, &server);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    result=Curl_blockread_all(conn, sock, (char *)gss_recv_token.value,
+                              gss_recv_token.length, &actualread);
+
+    if(result != CURLE_OK || actualread != us_length) {
+      failf(data, "Failed to receive GSS-API authentication token.");
+      gss_release_name(&gss_status, &server);
+      gss_release_buffer(&gss_status, &gss_recv_token);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    gss_token = &gss_recv_token;
+  }
+
+  gss_release_name(&gss_status, &server);
+
+  /* Everything is good so far, user was authenticated! */
+  gss_major_status = gss_inquire_context (&gss_minor_status, gss_context,
+                                          &gss_client_name, NULL, NULL, NULL,
+                                          NULL, NULL, NULL);
+  if(check_gss_err(data,gss_major_status,
+                   gss_minor_status,"gss_inquire_context")) {
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+    gss_release_name(&gss_status, &gss_client_name);
+    failf(data, "Failed to determine user name.");
+    return CURLE_COULDNT_CONNECT;
+  }
+  gss_major_status = gss_display_name(&gss_minor_status, gss_client_name,
+                                      &gss_send_token, NULL);
+  if(check_gss_err(data,gss_major_status,
+                   gss_minor_status,"gss_display_name")) {
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+    gss_release_name(&gss_status, &gss_client_name);
+    gss_release_buffer(&gss_status, &gss_send_token);
+    failf(data, "Failed to determine user name.");
+    return CURLE_COULDNT_CONNECT;
+  }
+  user=malloc(gss_send_token.length+1);
+  if(!user) {
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+    gss_release_name(&gss_status, &gss_client_name);
+    gss_release_buffer(&gss_status, &gss_send_token);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  memcpy(user, gss_send_token.value, gss_send_token.length);
+  user[gss_send_token.length] = '\0';
+  gss_release_name(&gss_status, &gss_client_name);
+  gss_release_buffer(&gss_status, &gss_send_token);
+  infof(data, "SOCKS5 server authencticated user %s with GSS-API.\n",user);
+  free(user);
+  user=NULL;
+
+  /* Do encryption */
+  socksreq[0] = 1;    /* GSS-API subnegotiation version */
+  socksreq[1] = 2;    /* encryption message type */
+
+  gss_enc = 0; /* no data protection */
+  /* do confidentiality protection if supported */
+  if(gss_ret_flags & GSS_C_CONF_FLAG)
+    gss_enc = 2;
+  /* else do integrity protection */
+  else if(gss_ret_flags & GSS_C_INTEG_FLAG)
+    gss_enc = 1;
+
+  infof(data, "SOCKS5 server supports GSS-API %s data protection.\n",
+        (gss_enc==0)?"no":((gss_enc==1)?"integrity":"confidentiality"));
+  /* force for the moment to no data protection */
+  gss_enc = 0;
+  /*
+   * Sending the encryption type in clear seems wrong. It should be
+   * protected with gss_seal()/gss_wrap(). See RFC1961 extract below
+   * The NEC reference implementations on which this is based is
+   * therefore at fault
+   *
+   *  +------+------+------+.......................+
+   *  + ver  | mtyp | len  |   token               |
+   *  +------+------+------+.......................+
+   *  + 0x01 | 0x02 | 0x02 | up to 2^16 - 1 octets |
+   *  +------+------+------+.......................+
+   *
+   *   Where:
+   *
+   *  - "ver" is the protocol version number, here 1 to represent the
+   *    first version of the SOCKS/GSS-API protocol
+   *
+   *  - "mtyp" is the message type, here 2 to represent a protection
+   *    -level negotiation message
+   *
+   *  - "len" is the length of the "token" field in octets
+   *
+   *  - "token" is the GSS-API encapsulated protection level
+   *
+   * The token is produced by encapsulating an octet containing the
+   * required protection level using gss_seal()/gss_wrap() with conf_req
+   * set to FALSE.  The token is verified using gss_unseal()/
+   * gss_unwrap().
+   *
+   */
+  if(data->set.socks5_gssapi_nec) {
+    us_length = htons((short)1);
+    memcpy(socksreq+2,&us_length,sizeof(short));
+  }
+  else {
+    gss_send_token.length = 1;
+    gss_send_token.value = malloc(1);
+    if(!gss_send_token.value) {
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    memcpy(gss_send_token.value, &gss_enc, 1);
+
+    gss_major_status = gss_wrap(&gss_minor_status, gss_context, 0,
+                                GSS_C_QOP_DEFAULT, &gss_send_token,
+                                &gss_conf_state, &gss_w_token);
+
+    if(check_gss_err(data,gss_major_status,gss_minor_status,"gss_wrap")) {
+      gss_release_buffer(&gss_status, &gss_send_token);
+      gss_release_buffer(&gss_status, &gss_w_token);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      failf(data, "Failed to wrap GSS-API encryption value into token.");
+      return CURLE_COULDNT_CONNECT;
+    }
+    gss_release_buffer(&gss_status, &gss_send_token);
+
+    us_length = htons((short)gss_w_token.length);
+    memcpy(socksreq+2,&us_length,sizeof(short));
+  }
+
+  code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
+  if((code != CURLE_OK) || (4 != written)) {
+    failf(data, "Failed to send GSS-API encryption request.");
+    gss_release_buffer(&gss_status, &gss_w_token);
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  if(data->set.socks5_gssapi_nec) {
+    memcpy(socksreq, &gss_enc, 1);
+    code = Curl_write_plain(conn, sock, socksreq, 1, &written);
+    if((code != CURLE_OK) || ( 1 != written)) {
+      failf(data, "Failed to send GSS-API encryption type.");
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_COULDNT_CONNECT;
+    }
+  }
+  else {
+    code = Curl_write_plain(conn, sock, (char *)gss_w_token.value,
+                            gss_w_token.length, &written);
+    if((code != CURLE_OK) || ((ssize_t)gss_w_token.length != written)) {
+      failf(data, "Failed to send GSS-API encryption type.");
+      gss_release_buffer(&gss_status, &gss_w_token);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_COULDNT_CONNECT;
+    }
+    gss_release_buffer(&gss_status, &gss_w_token);
+  }
+
+  result=Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
+  if(result != CURLE_OK || actualread != 4) {
+    failf(data, "Failed to receive GSS-API encryption response.");
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  /* ignore the first (VER) byte */
+  if(socksreq[1] == 255) { /* status / message type */
+    failf(data, "User was rejected by the SOCKS5 server (%d %d).",
+          socksreq[0], socksreq[1]);
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  if(socksreq[1] != 2) { /* status / messgae type */
+    failf(data, "Invalid GSS-API encryption response type (%d %d).",
+          socksreq[0], socksreq[1]);
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  memcpy(&us_length, socksreq+2, sizeof(short));
+  us_length = ntohs(us_length);
+
+  gss_recv_token.length= us_length;
+  gss_recv_token.value=malloc(gss_recv_token.length);
+  if(!gss_recv_token.value) {
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  result=Curl_blockread_all(conn, sock, (char *)gss_recv_token.value,
+                            gss_recv_token.length, &actualread);
+
+  if(result != CURLE_OK || actualread != us_length) {
+    failf(data, "Failed to receive GSS-API encryptrion type.");
+    gss_release_buffer(&gss_status, &gss_recv_token);
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  if(!data->set.socks5_gssapi_nec) {
+    gss_major_status = gss_unwrap(&gss_minor_status, gss_context,
+                                  &gss_recv_token, &gss_w_token,
+                                  0, GSS_C_QOP_DEFAULT);
+
+    if(check_gss_err(data,gss_major_status,gss_minor_status,"gss_unwrap")) {
+      gss_release_buffer(&gss_status, &gss_recv_token);
+      gss_release_buffer(&gss_status, &gss_w_token);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      failf(data, "Failed to unwrap GSS-API encryption value into token.");
+      return CURLE_COULDNT_CONNECT;
+    }
+    gss_release_buffer(&gss_status, &gss_recv_token);
+
+    if(gss_w_token.length != 1) {
+      failf(data, "Invalid GSS-API encryption response length (%d).",
+            gss_w_token.length);
+      gss_release_buffer(&gss_status, &gss_w_token);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    memcpy(socksreq,gss_w_token.value,gss_w_token.length);
+    gss_release_buffer(&gss_status, &gss_w_token);
+  }
+  else {
+    if(gss_recv_token.length != 1) {
+      failf(data, "Invalid GSS-API encryption response length (%d).",
+            gss_recv_token.length);
+      gss_release_buffer(&gss_status, &gss_recv_token);
+      gss_delete_sec_context(&gss_status, &gss_context, NULL);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    memcpy(socksreq,gss_recv_token.value,gss_recv_token.length);
+    gss_release_buffer(&gss_status, &gss_recv_token);
+  }
+
+  infof(data, "SOCKS5 access with%s protection granted.\n",
+        (socksreq[0]==0)?"out GSS-API data":
+        ((socksreq[0]==1)?" GSS-API integrity":" GSS-API confidentiality"));
+
+  conn->socks5_gssapi_enctype = socksreq[0];
+  if(socksreq[0] == 0)
+    gss_delete_sec_context(&gss_status, &gss_context, NULL);
+
+  return CURLE_OK;
+}
+#endif
+
+#endif /* CURL_DISABLE_PROXY */
diff --git a/Utilities/cmcurl/lib/socks_sspi.c b/Utilities/cmcurl/lib/socks_sspi.c
new file mode 100644
index 0000000..82684e0
--- /dev/null
+++ b/Utilities/cmcurl/lib/socks_sspi.c
@@ -0,0 +1,604 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2009, 2011, Markus Moeller, <markus_moeller@compuserve.com>
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_WINDOWS_SSPI) && !defined(CURL_DISABLE_PROXY)
+
+#include "urldata.h"
+#include "sendf.h"
+#include "connect.h"
+#include "strerror.h"
+#include "timeval.h"
+#include "socks.h"
+#include "curl_sspi.h"
+#include "curl_multibyte.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use the internal *printf() functions */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * Helper sspi error functions.
+ */
+static int check_sspi_err(struct connectdata *conn,
+                          SECURITY_STATUS status,
+                          const char* function)
+{
+  if(status != SEC_E_OK &&
+     status != SEC_I_COMPLETE_AND_CONTINUE &&
+     status != SEC_I_COMPLETE_NEEDED &&
+     status != SEC_I_CONTINUE_NEEDED) {
+    failf(conn->data, "SSPI error: %s failed: %s", function,
+          Curl_sspi_strerror(conn, status));
+    return 1;
+  }
+  return 0;
+}
+
+/* This is the SSPI-using version of this function */
+CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
+                                      struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  curl_socket_t sock = conn->sock[sockindex];
+  CURLcode code;
+  ssize_t actualread;
+  ssize_t written;
+  int result;
+  /* Needs GSS-API authentication */
+  SECURITY_STATUS status;
+  unsigned long sspi_ret_flags = 0;
+  int gss_enc;
+  SecBuffer sspi_send_token, sspi_recv_token, sspi_w_token[3];
+  SecBufferDesc input_desc, output_desc, wrap_desc;
+  SecPkgContext_Sizes sspi_sizes;
+  CredHandle cred_handle;
+  CtxtHandle sspi_context;
+  PCtxtHandle context_handle = NULL;
+  SecPkgCredentials_Names names;
+  TimeStamp expiry;
+  char *service_name = NULL;
+  unsigned short us_length;
+  unsigned long qop;
+  unsigned char socksreq[4]; /* room for GSS-API exchange header only */
+  char *service = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+
+  /*   GSS-API request looks like
+   * +----+------+-----+----------------+
+   * |VER | MTYP | LEN |     TOKEN      |
+   * +----+------+----------------------+
+   * | 1  |  1   |  2  | up to 2^16 - 1 |
+   * +----+------+-----+----------------+
+   */
+
+  /* prepare service name */
+  if(strchr(service, '/')) {
+    service_name = malloc(strlen(service));
+    if(!service_name)
+      return CURLE_OUT_OF_MEMORY;
+    memcpy(service_name, service, strlen(service));
+  }
+  else {
+    service_name = malloc(strlen(service) + strlen(conn->proxy.name) + 2);
+    if(!service_name)
+      return CURLE_OUT_OF_MEMORY;
+    snprintf(service_name,strlen(service) +strlen(conn->proxy.name)+2,"%s/%s",
+             service,conn->proxy.name);
+  }
+
+  input_desc.cBuffers = 1;
+  input_desc.pBuffers = &sspi_recv_token;
+  input_desc.ulVersion = SECBUFFER_VERSION;
+
+  sspi_recv_token.BufferType = SECBUFFER_TOKEN;
+  sspi_recv_token.cbBuffer = 0;
+  sspi_recv_token.pvBuffer = NULL;
+
+  output_desc.cBuffers = 1;
+  output_desc.pBuffers = &sspi_send_token;
+  output_desc.ulVersion = SECBUFFER_VERSION;
+
+  sspi_send_token.BufferType = SECBUFFER_TOKEN;
+  sspi_send_token.cbBuffer = 0;
+  sspi_send_token.pvBuffer = NULL;
+
+  wrap_desc.cBuffers = 3;
+  wrap_desc.pBuffers = sspi_w_token;
+  wrap_desc.ulVersion = SECBUFFER_VERSION;
+
+  cred_handle.dwLower = 0;
+  cred_handle.dwUpper = 0;
+
+  status = s_pSecFn->AcquireCredentialsHandle(NULL,
+                                              (TCHAR *) TEXT("Kerberos"),
+                                              SECPKG_CRED_OUTBOUND,
+                                              NULL,
+                                              NULL,
+                                              NULL,
+                                              NULL,
+                                              &cred_handle,
+                                              &expiry);
+
+  if(check_sspi_err(conn, status, "AcquireCredentialsHandle")) {
+    failf(data, "Failed to acquire credentials.");
+    Curl_safefree(service_name);
+    s_pSecFn->FreeCredentialsHandle(&cred_handle);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  /* As long as we need to keep sending some context info, and there's no  */
+  /* errors, keep sending it...                                            */
+  for(;;) {
+    TCHAR *sname;
+
+    sname = Curl_convert_UTF8_to_tchar(service_name);
+    if(!sname)
+      return CURLE_OUT_OF_MEMORY;
+
+    status = s_pSecFn->InitializeSecurityContext(&cred_handle,
+                                                 context_handle,
+                                                 sname,
+                                                 ISC_REQ_MUTUAL_AUTH |
+                                                 ISC_REQ_ALLOCATE_MEMORY |
+                                                 ISC_REQ_CONFIDENTIALITY |
+                                                 ISC_REQ_REPLAY_DETECT,
+                                                 0,
+                                                 SECURITY_NATIVE_DREP,
+                                                 &input_desc,
+                                                 0,
+                                                 &sspi_context,
+                                                 &output_desc,
+                                                 &sspi_ret_flags,
+                                                 &expiry);
+
+    Curl_unicodefree(sname);
+
+    if(sspi_recv_token.pvBuffer) {
+      s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+      sspi_recv_token.pvBuffer = NULL;
+      sspi_recv_token.cbBuffer = 0;
+    }
+
+    if(check_sspi_err(conn, status, "InitializeSecurityContext")) {
+      Curl_safefree(service_name);
+      s_pSecFn->FreeCredentialsHandle(&cred_handle);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      if(sspi_recv_token.pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+      failf(data, "Failed to initialise security context.");
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    if(sspi_send_token.cbBuffer != 0) {
+      socksreq[0] = 1;    /* GSS-API subnegotiation version */
+      socksreq[1] = 1;    /* authentication message type */
+      us_length = htons((short)sspi_send_token.cbBuffer);
+      memcpy(socksreq+2, &us_length, sizeof(short));
+
+      code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
+      if((code != CURLE_OK) || (4 != written)) {
+        failf(data, "Failed to send SSPI authentication request.");
+        Curl_safefree(service_name);
+        if(sspi_send_token.pvBuffer)
+          s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+        if(sspi_recv_token.pvBuffer)
+          s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+        s_pSecFn->FreeCredentialsHandle(&cred_handle);
+        s_pSecFn->DeleteSecurityContext(&sspi_context);
+        return CURLE_COULDNT_CONNECT;
+      }
+
+      code = Curl_write_plain(conn, sock, (char *)sspi_send_token.pvBuffer,
+                              sspi_send_token.cbBuffer, &written);
+      if((code != CURLE_OK) || (sspi_send_token.cbBuffer != (size_t)written)) {
+        failf(data, "Failed to send SSPI authentication token.");
+        Curl_safefree(service_name);
+        if(sspi_send_token.pvBuffer)
+          s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+        if(sspi_recv_token.pvBuffer)
+          s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+        s_pSecFn->FreeCredentialsHandle(&cred_handle);
+        s_pSecFn->DeleteSecurityContext(&sspi_context);
+        return CURLE_COULDNT_CONNECT;
+      }
+
+    }
+
+    if(sspi_send_token.pvBuffer) {
+      s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+      sspi_send_token.pvBuffer = NULL;
+    }
+    sspi_send_token.cbBuffer = 0;
+
+    if(sspi_recv_token.pvBuffer) {
+      s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+      sspi_recv_token.pvBuffer = NULL;
+    }
+    sspi_recv_token.cbBuffer = 0;
+
+    if(status != SEC_I_CONTINUE_NEEDED)
+      break;
+
+    /* analyse response */
+
+    /*   GSS-API response looks like
+     * +----+------+-----+----------------+
+     * |VER | MTYP | LEN |     TOKEN      |
+     * +----+------+----------------------+
+     * | 1  |  1   |  2  | up to 2^16 - 1 |
+     * +----+------+-----+----------------+
+     */
+
+    result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
+    if(result != CURLE_OK || actualread != 4) {
+      failf(data, "Failed to receive SSPI authentication response.");
+      Curl_safefree(service_name);
+      s_pSecFn->FreeCredentialsHandle(&cred_handle);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    /* ignore the first (VER) byte */
+    if(socksreq[1] == 255) { /* status / message type */
+      failf(data, "User was rejected by the SOCKS5 server (%u %u).",
+            (unsigned int)socksreq[0], (unsigned int)socksreq[1]);
+      Curl_safefree(service_name);
+      s_pSecFn->FreeCredentialsHandle(&cred_handle);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    if(socksreq[1] != 1) { /* status / messgae type */
+      failf(data, "Invalid SSPI authentication response type (%u %u).",
+            (unsigned int)socksreq[0], (unsigned int)socksreq[1]);
+      Curl_safefree(service_name);
+      s_pSecFn->FreeCredentialsHandle(&cred_handle);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    memcpy(&us_length, socksreq+2, sizeof(short));
+    us_length = ntohs(us_length);
+
+    sspi_recv_token.cbBuffer = us_length;
+    sspi_recv_token.pvBuffer = malloc(us_length);
+
+    if(!sspi_recv_token.pvBuffer) {
+      Curl_safefree(service_name);
+      s_pSecFn->FreeCredentialsHandle(&cred_handle);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    result = Curl_blockread_all(conn, sock, (char *)sspi_recv_token.pvBuffer,
+                                sspi_recv_token.cbBuffer, &actualread);
+
+    if(result != CURLE_OK || actualread != us_length) {
+      failf(data, "Failed to receive SSPI authentication token.");
+      Curl_safefree(service_name);
+      if(sspi_recv_token.pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+      s_pSecFn->FreeCredentialsHandle(&cred_handle);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    context_handle = &sspi_context;
+  }
+
+  Curl_safefree(service_name);
+
+  /* Everything is good so far, user was authenticated! */
+  status = s_pSecFn->QueryCredentialsAttributes(&cred_handle,
+                                                SECPKG_CRED_ATTR_NAMES,
+                                                &names);
+  s_pSecFn->FreeCredentialsHandle(&cred_handle);
+  if(check_sspi_err(conn, status, "QueryCredentialAttributes")) {
+    s_pSecFn->DeleteSecurityContext(&sspi_context);
+    s_pSecFn->FreeContextBuffer(names.sUserName);
+    failf(data, "Failed to determine user name.");
+    return CURLE_COULDNT_CONNECT;
+  }
+  infof(data, "SOCKS5 server authencticated user %s with GSS-API.\n",
+        names.sUserName);
+  s_pSecFn->FreeContextBuffer(names.sUserName);
+
+  /* Do encryption */
+  socksreq[0] = 1;    /* GSS-API subnegotiation version */
+  socksreq[1] = 2;    /* encryption message type */
+
+  gss_enc = 0; /* no data protection */
+  /* do confidentiality protection if supported */
+  if(sspi_ret_flags & ISC_REQ_CONFIDENTIALITY)
+    gss_enc = 2;
+  /* else do integrity protection */
+  else if(sspi_ret_flags & ISC_REQ_INTEGRITY)
+    gss_enc = 1;
+
+  infof(data, "SOCKS5 server supports GSS-API %s data protection.\n",
+        (gss_enc==0)?"no":((gss_enc==1)?"integrity":"confidentiality") );
+  /* force to no data protection, avoid encryption/decryption for now */
+  gss_enc = 0;
+  /*
+   * Sending the encryption type in clear seems wrong. It should be
+   * protected with gss_seal()/gss_wrap(). See RFC1961 extract below
+   * The NEC reference implementations on which this is based is
+   * therefore at fault
+   *
+   *  +------+------+------+.......................+
+   *  + ver  | mtyp | len  |   token               |
+   *  +------+------+------+.......................+
+   *  + 0x01 | 0x02 | 0x02 | up to 2^16 - 1 octets |
+   *  +------+------+------+.......................+
+   *
+   *   Where:
+   *
+   *  - "ver" is the protocol version number, here 1 to represent the
+   *    first version of the SOCKS/GSS-API protocol
+   *
+   *  - "mtyp" is the message type, here 2 to represent a protection
+   *    -level negotiation message
+   *
+   *  - "len" is the length of the "token" field in octets
+   *
+   *  - "token" is the GSS-API encapsulated protection level
+   *
+   * The token is produced by encapsulating an octet containing the
+   * required protection level using gss_seal()/gss_wrap() with conf_req
+   * set to FALSE.  The token is verified using gss_unseal()/
+   * gss_unwrap().
+   *
+   */
+
+  if(data->set.socks5_gssapi_nec) {
+    us_length = htons((short)1);
+    memcpy(socksreq+2, &us_length, sizeof(short));
+  }
+  else {
+    status = s_pSecFn->QueryContextAttributes(&sspi_context,
+                                              SECPKG_ATTR_SIZES,
+                                              &sspi_sizes);
+    if(check_sspi_err(conn, status, "QueryContextAttributes")) {
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      failf(data, "Failed to query security context attributes.");
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    sspi_w_token[0].cbBuffer = sspi_sizes.cbSecurityTrailer;
+    sspi_w_token[0].BufferType = SECBUFFER_TOKEN;
+    sspi_w_token[0].pvBuffer = malloc(sspi_sizes.cbSecurityTrailer);
+
+    if(!sspi_w_token[0].pvBuffer) {
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    sspi_w_token[1].cbBuffer = 1;
+    sspi_w_token[1].pvBuffer = malloc(1);
+    if(!sspi_w_token[1].pvBuffer) {
+      s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    memcpy(sspi_w_token[1].pvBuffer,&gss_enc,1);
+    sspi_w_token[2].BufferType = SECBUFFER_PADDING;
+    sspi_w_token[2].cbBuffer = sspi_sizes.cbBlockSize;
+    sspi_w_token[2].pvBuffer = malloc(sspi_sizes.cbBlockSize);
+    if(!sspi_w_token[2].pvBuffer) {
+      s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+      s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    status = s_pSecFn->EncryptMessage(&sspi_context,
+                                      KERB_WRAP_NO_ENCRYPT,
+                                      &wrap_desc,
+                                      0);
+    if(check_sspi_err(conn, status, "EncryptMessage")) {
+      s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+      s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+      s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      failf(data, "Failed to query security context attributes.");
+      return CURLE_COULDNT_CONNECT;
+    }
+    sspi_send_token.cbBuffer = sspi_w_token[0].cbBuffer
+      + sspi_w_token[1].cbBuffer
+      + sspi_w_token[2].cbBuffer;
+    sspi_send_token.pvBuffer = malloc(sspi_send_token.cbBuffer);
+    if(!sspi_send_token.pvBuffer) {
+      s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+      s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+      s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    memcpy(sspi_send_token.pvBuffer, sspi_w_token[0].pvBuffer,
+           sspi_w_token[0].cbBuffer);
+    memcpy((PUCHAR) sspi_send_token.pvBuffer +(int)sspi_w_token[0].cbBuffer,
+           sspi_w_token[1].pvBuffer, sspi_w_token[1].cbBuffer);
+    memcpy((PUCHAR) sspi_send_token.pvBuffer
+           +sspi_w_token[0].cbBuffer
+           +sspi_w_token[1].cbBuffer,
+           sspi_w_token[2].pvBuffer, sspi_w_token[2].cbBuffer);
+
+    s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+    sspi_w_token[0].pvBuffer = NULL;
+    sspi_w_token[0].cbBuffer = 0;
+    s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+    sspi_w_token[1].pvBuffer = NULL;
+    sspi_w_token[1].cbBuffer = 0;
+    s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer);
+    sspi_w_token[2].pvBuffer = NULL;
+    sspi_w_token[2].cbBuffer = 0;
+
+    us_length = htons((short)sspi_send_token.cbBuffer);
+    memcpy(socksreq+2,&us_length,sizeof(short));
+  }
+
+  code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
+  if((code != CURLE_OK) || (4 != written)) {
+    failf(data, "Failed to send SSPI encryption request.");
+    if(sspi_send_token.pvBuffer)
+      s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+    s_pSecFn->DeleteSecurityContext(&sspi_context);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  if(data->set.socks5_gssapi_nec) {
+    memcpy(socksreq,&gss_enc,1);
+    code = Curl_write_plain(conn, sock, (char *)socksreq, 1, &written);
+    if((code != CURLE_OK) || (1 != written)) {
+      failf(data, "Failed to send SSPI encryption type.");
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_COULDNT_CONNECT;
+    }
+  }
+  else {
+    code = Curl_write_plain(conn, sock, (char *)sspi_send_token.pvBuffer,
+                            sspi_send_token.cbBuffer, &written);
+    if((code != CURLE_OK) || (sspi_send_token.cbBuffer != (size_t)written)) {
+      failf(data, "Failed to send SSPI encryption type.");
+      if(sspi_send_token.pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_COULDNT_CONNECT;
+    }
+    if(sspi_send_token.pvBuffer)
+      s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+  }
+
+  result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
+  if(result != CURLE_OK || actualread != 4) {
+    failf(data, "Failed to receive SSPI encryption response.");
+    s_pSecFn->DeleteSecurityContext(&sspi_context);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  /* ignore the first (VER) byte */
+  if(socksreq[1] == 255) { /* status / message type */
+    failf(data, "User was rejected by the SOCKS5 server (%u %u).",
+          (unsigned int)socksreq[0], (unsigned int)socksreq[1]);
+    s_pSecFn->DeleteSecurityContext(&sspi_context);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  if(socksreq[1] != 2) { /* status / message type */
+    failf(data, "Invalid SSPI encryption response type (%u %u).",
+          (unsigned int)socksreq[0], (unsigned int)socksreq[1]);
+    s_pSecFn->DeleteSecurityContext(&sspi_context);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+  memcpy(&us_length, socksreq+2, sizeof(short));
+  us_length = ntohs(us_length);
+
+  sspi_w_token[0].cbBuffer = us_length;
+  sspi_w_token[0].pvBuffer = malloc(us_length);
+  if(!sspi_w_token[0].pvBuffer) {
+    s_pSecFn->DeleteSecurityContext(&sspi_context);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  result = Curl_blockread_all(conn, sock, (char *)sspi_w_token[0].pvBuffer,
+                              sspi_w_token[0].cbBuffer, &actualread);
+
+  if(result != CURLE_OK || actualread != us_length) {
+    failf(data, "Failed to receive SSPI encryption type.");
+    s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+    s_pSecFn->DeleteSecurityContext(&sspi_context);
+    return CURLE_COULDNT_CONNECT;
+  }
+
+
+  if(!data->set.socks5_gssapi_nec) {
+    wrap_desc.cBuffers = 2;
+    sspi_w_token[0].BufferType = SECBUFFER_STREAM;
+    sspi_w_token[1].BufferType = SECBUFFER_DATA;
+    sspi_w_token[1].cbBuffer = 0;
+    sspi_w_token[1].pvBuffer = NULL;
+
+    status = s_pSecFn->DecryptMessage(&sspi_context,
+                                      &wrap_desc,
+                                      0,
+                                      &qop);
+
+    if(check_sspi_err(conn, status, "DecryptMessage")) {
+      if(sspi_w_token[0].pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+      if(sspi_w_token[1].pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      failf(data, "Failed to query security context attributes.");
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    if(sspi_w_token[1].cbBuffer != 1) {
+      failf(data, "Invalid SSPI encryption response length (%lu).",
+            (unsigned long)sspi_w_token[1].cbBuffer);
+      if(sspi_w_token[0].pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+      if(sspi_w_token[1].pvBuffer)
+        s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_COULDNT_CONNECT;
+    }
+
+    memcpy(socksreq,sspi_w_token[1].pvBuffer,sspi_w_token[1].cbBuffer);
+    s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+    s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+  }
+  else {
+    if(sspi_w_token[0].cbBuffer != 1) {
+      failf(data, "Invalid SSPI encryption response length (%lu).",
+            (unsigned long)sspi_w_token[0].cbBuffer);
+      s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+      s_pSecFn->DeleteSecurityContext(&sspi_context);
+      return CURLE_COULDNT_CONNECT;
+    }
+    memcpy(socksreq,sspi_w_token[0].pvBuffer,sspi_w_token[0].cbBuffer);
+    s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+  }
+
+  infof(data, "SOCKS5 access with%s protection granted.\n",
+        (socksreq[0]==0)?"out GSS-API data":
+        ((socksreq[0]==1)?" GSS-API integrity":" GSS-API confidentiality"));
+
+  /* For later use if encryption is required
+     conn->socks5_gssapi_enctype = socksreq[0];
+     if(socksreq[0] != 0)
+       conn->socks5_sspi_context = sspi_context;
+     else {
+       s_pSecFn->DeleteSecurityContext(&sspi_context);
+       conn->socks5_sspi_context = sspi_context;
+     }
+  */
+  return CURLE_OK;
+}
+#endif
diff --git a/Utilities/cmcurl/speedcheck.c b/Utilities/cmcurl/lib/speedcheck.c
index adda8a9..ac7447c 100644
--- a/Utilities/cmcurl/speedcheck.c
+++ b/Utilities/cmcurl/lib/speedcheck.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,13 +18,9 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
-
-#include <stdio.h>
-#include <string.h>
+#include "curl_setup.h"
 
 #include <curl/curl.h>
 #include "urldata.h"
@@ -45,21 +41,24 @@ CURLcode Curl_speedcheck(struct SessionHandle *data,
      (Curl_tvlong(data->state.keeps_speed) != 0) &&
      (data->progress.current_speed < data->set.low_speed_limit)) {
     long howlong = Curl_tvdiff(now, data->state.keeps_speed);
+    long nextcheck = (data->set.low_speed_time * 1000) - howlong;
 
     /* We are now below the "low speed limit". If we are below it
        for "low speed time" seconds we consider that enough reason
        to abort the download. */
-
-    if( (howlong/1000) > data->set.low_speed_time) {
+    if(nextcheck <= 0) {
       /* we have been this slow for long enough, now die */
       failf(data,
             "Operation too slow. "
-            "Less than %d bytes/sec transfered the last %d seconds",
+            "Less than %ld bytes/sec transferred the last %ld seconds",
             data->set.low_speed_limit,
             data->set.low_speed_time);
-      return CURLE_OPERATION_TIMEOUTED;
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+    else {
+      /* wait complete low_speed_time */
+      Curl_expire_latest(data, nextcheck);
     }
-    Curl_expire(data, howlong);
   }
   else {
     /* we keep up the required speed all right */
@@ -69,7 +68,7 @@ CURLcode Curl_speedcheck(struct SessionHandle *data,
       /* if there is a low speed limit enabled, we set the expire timer to
          make this connection's speed get checked again no later than when
          this time is up */
-      Curl_expire(data, data->set.low_speed_time*1000);
+      Curl_expire_latest(data, data->set.low_speed_time*1000);
   }
   return CURLE_OK;
 }
diff --git a/Utilities/cmcurl/lib/speedcheck.h b/Utilities/cmcurl/lib/speedcheck.h
new file mode 100644
index 0000000..786cd12
--- /dev/null
+++ b/Utilities/cmcurl/lib/speedcheck.h
@@ -0,0 +1,33 @@
+#ifndef HEADER_CURL_SPEEDCHECK_H
+#define HEADER_CURL_SPEEDCHECK_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "timeval.h"
+
+void Curl_speedinit(struct SessionHandle *data);
+CURLcode Curl_speedcheck(struct SessionHandle *data,
+                         struct timeval now);
+
+#endif /* HEADER_CURL_SPEEDCHECK_H */
diff --git a/Utilities/cmcurl/splay.c b/Utilities/cmcurl/lib/splay.c
index 9fb66c7..5bb7065 100644
--- a/Utilities/cmcurl/splay.c
+++ b/Utilities/cmcurl/lib/splay.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1997 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1997 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,59 +18,62 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include <stdio.h>
-#include <stdlib.h>
+#include "curl_setup.h"
 
 #include "splay.h"
 
-#define compare(i,j) ((i)-(j))
-
-/* Set this to a key value that will *NEVER* appear otherwise */
-#define KEY_NOTUSED -1
+/*
+ * This macro compares two node keys i and j and returns:
+ *
+ *  negative value: when i is smaller than j
+ *  zero          : when i is equal   to   j
+ *  positive when : when i is larger  than j
+ */
+#define compare(i,j) Curl_splaycomparekeys((i),(j))
 
 /*
  * Splay using the key i (which may or may not be in the tree.) The starting
  * root is t.
  */
-struct Curl_tree *Curl_splay(int i, struct Curl_tree *t)
+struct Curl_tree *Curl_splay(struct timeval i,
+                             struct Curl_tree *t)
 {
   struct Curl_tree N, *l, *r, *y;
-  int comp;
+  long comp;
 
-  if (t == NULL)
+  if(t == NULL)
     return t;
   N.smaller = N.larger = NULL;
   l = r = &N;
 
-  for (;;) {
+  for(;;) {
     comp = compare(i, t->key);
-    if (comp < 0) {
-      if (t->smaller == NULL)
+    if(comp < 0) {
+      if(t->smaller == NULL)
         break;
-      if (compare(i, t->smaller->key) < 0) {
+      if(compare(i, t->smaller->key) < 0) {
         y = t->smaller;                           /* rotate smaller */
         t->smaller = y->larger;
         y->larger = t;
         t = y;
-        if (t->smaller == NULL)
+        if(t->smaller == NULL)
           break;
       }
       r->smaller = t;                               /* link smaller */
       r = t;
       t = t->smaller;
     }
-    else if (comp > 0) {
-      if (t->larger == NULL)
+    else if(comp > 0) {
+      if(t->larger == NULL)
         break;
-      if (compare(i, t->larger->key) > 0) {
+      if(compare(i, t->larger->key) > 0) {
         y = t->larger;                          /* rotate larger */
         t->larger = y->smaller;
         y->smaller = t;
         t = y;
-        if (t->larger == NULL)
+        if(t->larger == NULL)
           break;
       }
       l->larger = t;                              /* link larger */
@@ -90,17 +93,22 @@ struct Curl_tree *Curl_splay(int i, struct Curl_tree *t)
 }
 
 /* Insert key i into the tree t.  Return a pointer to the resulting tree or
-   NULL if something went wrong. */
-struct Curl_tree *Curl_splayinsert(int i,
+ * NULL if something went wrong.
+ *
+ * @unittest: 1309
+ */
+struct Curl_tree *Curl_splayinsert(struct timeval i,
                                    struct Curl_tree *t,
                                    struct Curl_tree *node)
 {
-  if (node == NULL)
+  static const struct timeval KEY_NOTUSED = {-1,-1}; /* will *NEVER* appear */
+
+  if(node == NULL)
     return t;
 
-  if (t != NULL) {
+  if(t != NULL) {
     t = Curl_splay(i,t);
-    if (compare(i, t->key)==0) {
+    if(compare(i, t->key)==0) {
       /* There already exists a node in the tree with the very same key. Build
          a linked list of nodes. We make the new 'node' struct the new master
          node and make the previous node the first one in the 'same' list. */
@@ -121,10 +129,10 @@ struct Curl_tree *Curl_splayinsert(int i,
     }
   }
 
-  if (t == NULL) {
+  if(t == NULL) {
     node->smaller = node->larger = NULL;
   }
-  else if (compare(i, t->key) < 0) {
+  else if(compare(i, t->key) < 0) {
     node->smaller = t->smaller;
     node->larger = t;
     t->smaller = NULL;
@@ -141,63 +149,15 @@ struct Curl_tree *Curl_splayinsert(int i,
   return node;
 }
 
-#if 0
-/* Deletes 'i' from the tree if it's there (with an exact match). Returns a
-   pointer to the resulting tree.
-
-   Function not used in libcurl.
-*/
-struct Curl_tree *Curl_splayremove(int i, struct Curl_tree *t,
-                                   struct Curl_tree **removed)
-{
-  struct Curl_tree *x;
-
-  *removed = NULL; /* default to no removed */
-
-  if (t==NULL)
-    return NULL;
-
-  t = Curl_splay(i,t);
-  if (compare(i, t->key) == 0) {               /* found it */
-
-    /* FIRST! Check if there is a list with identical sizes */
-    if((x = t->same)) {
-      /* there is, pick one from the list */
-
-      /* 'x' is the new root node */
-
-      x->key = t->key;
-      x->larger = t->larger;
-      x->smaller = t->smaller;
-
-      *removed = t;
-      return x; /* new root */
-    }
-
-    if (t->smaller == NULL) {
-      x = t->larger;
-    }
-    else {
-      x = Curl_splay(i, t->smaller);
-      x->larger = t->larger;
-    }
-    *removed = t;
-
-    return x;
-  }
-  else
-    return t;                         /* It wasn't there */
-}
-#endif
-
 /* Finds and deletes the best-fit node from the tree. Return a pointer to the
-   resulting tree.  best-fit means the node with the given or lower number */
-struct Curl_tree *Curl_splaygetbest(int i, struct Curl_tree *t,
+   resulting tree.  best-fit means the node with the given or lower key */
+struct Curl_tree *Curl_splaygetbest(struct timeval i,
+                                    struct Curl_tree *t,
                                     struct Curl_tree **removed)
 {
   struct Curl_tree *x;
 
-  if (!t) {
+  if(!t) {
     *removed = NULL; /* none removed since there was no root */
     return NULL;
   }
@@ -214,8 +174,8 @@ struct Curl_tree *Curl_splaygetbest(int i, struct Curl_tree *t,
     }
   }
 
-  if (compare(i, t->key) >= 0) {               /* found it */
-    /* FIRST! Check if there is a list with identical sizes */
+  if(compare(i, t->key) >= 0) {               /* found it */
+    /* FIRST! Check if there is a list with identical keys */
     x = t->same;
     if(x) {
       /* there is, pick one from the list */
@@ -230,7 +190,7 @@ struct Curl_tree *Curl_splaygetbest(int i, struct Curl_tree *t,
       return x; /* new root */
     }
 
-    if (t->smaller == NULL) {
+    if(t->smaller == NULL) {
       x = t->larger;
     }
     else {
@@ -249,43 +209,46 @@ struct Curl_tree *Curl_splaygetbest(int i, struct Curl_tree *t,
 
 
 /* Deletes the very node we point out from the tree if it's there. Stores a
-   pointer to the new resulting tree in 'newroot'.
-
-   Returns zero on success and non-zero on errors! TODO: document error codes.
-   When returning error, it does not touch the 'newroot' pointer.
-
-   NOTE: when the last node of the tree is removed, there's no tree left so
-   'newroot' will be made to point to NULL.
-*/
+ * pointer to the new resulting tree in 'newroot'.
+ *
+ * Returns zero on success and non-zero on errors! TODO: document error codes.
+ * When returning error, it does not touch the 'newroot' pointer.
+ *
+ * NOTE: when the last node of the tree is removed, there's no tree left so
+ * 'newroot' will be made to point to NULL.
+ *
+ * @unittest: 1309
+ */
 int Curl_splayremovebyaddr(struct Curl_tree *t,
-                           struct Curl_tree *remove,
+                           struct Curl_tree *removenode,
                            struct Curl_tree **newroot)
 {
+  static const struct timeval KEY_NOTUSED = {-1,-1}; /* will *NEVER* appear */
   struct Curl_tree *x;
 
-  if (!t || !remove)
+  if(!t || !removenode)
     return 1;
 
-  if(KEY_NOTUSED == remove->key) {
+  if(compare(KEY_NOTUSED, removenode->key) == 0) {
     /* Key set to NOTUSED means it is a subnode within a 'same' linked list
        and thus we can unlink it easily. The 'smaller' link of a subnode
        links to the parent node. */
-    if (remove->smaller == NULL)
+    if(removenode->smaller == NULL)
       return 3;
 
-    remove->smaller->same = remove->same;
-    if(remove->same)
-      remove->same->smaller = remove->smaller;
+    removenode->smaller->same = removenode->same;
+    if(removenode->same)
+      removenode->same->smaller = removenode->smaller;
 
     /* Ensures that double-remove gets caught. */
-    remove->smaller = NULL;
+    removenode->smaller = NULL;
 
     /* voila, we're done! */
     *newroot = t; /* return the same root */
     return 0;
   }
 
-  t = Curl_splay(remove->key, t);
+  t = Curl_splay(removenode->key, t);
 
   /* First make sure that we got the same root node as the one we want
      to remove, as otherwise we might be trying to remove a node that
@@ -294,7 +257,7 @@ int Curl_splayremovebyaddr(struct Curl_tree *t,
      We cannot just compare the keys here as a double remove in quick
      succession of a node with key != KEY_NOTUSED && same != NULL
      could return the same key but a different node. */
-  if(t != remove)
+  if(t != removenode)
     return 2;
 
   /* Check if there is a list with identical sizes, as then we're trying to
@@ -310,10 +273,10 @@ int Curl_splayremovebyaddr(struct Curl_tree *t,
   }
   else {
     /* Remove the root node */
-    if (t->smaller == NULL)
+    if(t->smaller == NULL)
       x = t->larger;
     else {
-      x = Curl_splay(remove->key, t->smaller);
+      x = Curl_splay(removenode->key, t->smaller);
       x->larger = t->larger;
     }
   }
@@ -323,103 +286,3 @@ int Curl_splayremovebyaddr(struct Curl_tree *t,
   return 0;
 }
 
-#ifdef CURLDEBUG
-
-void Curl_splayprint(struct Curl_tree * t, int d, char output)
-{
-  struct Curl_tree *node;
-  int i;
-  int count;
-  if (t == NULL)
-    return;
-
-  Curl_splayprint(t->larger, d+1, output);
-  for (i=0; i<d; i++)
-    if(output)
-      printf("  ");
-
-  if(output) {
-    printf("%d[%d]", t->key, i);
-  }
-
-  for(count=0, node = t->same; node; node = node->same, count++)
-    ;
-
-  if(output) {
-    if(count)
-      printf(" [%d more]\n", count);
-    else
-      printf("\n");
-  }
-
-  Curl_splayprint(t->smaller, d+1, output);
-}
-#endif
-
-#ifdef TEST_SPLAY
-
-/*#define TEST2 */
-#define MAX 50
-#define TEST2
-
-/* A sample use of these functions.  Start with the empty tree, insert some
-   stuff into it, and then delete it */
-int main(int argc, char **argv)
-{
-  struct Curl_tree *root, *t;
-  void *ptrs[MAX];
-  int adds=0;
-  int rc;
-
-  long sizes[]={
-    50, 60, 50, 100, 60, 200, 120, 300, 400, 200, 256, 122, 60, 120, 200, 300,
-    220, 80, 90, 50, 100, 60, 200, 120, 300, 400, 200, 256, 122, 60, 120, 200,
-    300, 220, 80, 90, 50, 100, 60, 200, 120, 300, 400, 200, 256, 122, 60, 120,
-    200, 300, 220, 80, 90};
-  int i;
-  root = NULL;              /* the empty tree */
-
-  for (i = 0; i < MAX; i++) {
-    int key;
-    ptrs[i] = t = (struct Curl_tree *)malloc(sizeof(struct Curl_tree));
-
-#ifdef TEST2
-    key = sizes[i];
-#elif defined(TEST1)
-    key = (541*i)%1023;
-#elif defined(TEST3)
-    key = 100;
-#endif
-
-    t->payload = (void *)key; /* for simplicity */
-    if(!t) {
-      puts("out of memory!");
-      return 0;
-    }
-    root = Curl_splayinsert(key, root, t);
-  }
-
-#if 0
-  puts("Result:");
-  Curl_splayprint(root, 0, 1);
-#endif
-
-#if 1
-  for (i = 0; i < MAX; i++) {
-    int rem = (i+7)%MAX;
-    struct Curl_tree *r;
-    printf("Tree look:\n");
-    Curl_splayprint(root, 0, 1);
-    printf("remove pointer %d, payload %d\n", rem,
-           (int)((struct Curl_tree *)ptrs[rem])->payload);
-    rc = Curl_splayremovebyaddr(root, (struct Curl_tree *)ptrs[rem], &root);
-    if(rc)
-      /* failed! */
-      printf("remove %d failed!\n", rem);
-  }
-#endif
-
-  return 0;
-}
-
-#endif /* TEST_SPLAY */
diff --git a/Utilities/cmcurl/splay.h b/Utilities/cmcurl/lib/splay.h
index 1674534..5f9ef24 100644
--- a/Utilities/cmcurl/splay.h
+++ b/Utilities/cmcurl/lib/splay.h
@@ -1,5 +1,5 @@
-#ifndef __SPLAY_H
-#define __SPLAY_H
+#ifndef HEADER_CURL_SPLAY_H
+#define HEADER_CURL_SPLAY_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1997 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1997 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,35 +20,47 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
+#include "curl_setup.h"
 
 struct Curl_tree {
   struct Curl_tree *smaller; /* smaller node */
   struct Curl_tree *larger;  /* larger node */
   struct Curl_tree *same;    /* points to a node with identical key */
-  int key;                   /* the "sort" key */
+  struct timeval key;        /* this node's "sort" key */
   void *payload;             /* data the splay code doesn't care about */
 };
 
-struct Curl_tree *Curl_splay(int i, struct Curl_tree *t);
-struct Curl_tree *Curl_splayinsert(int key, struct Curl_tree *t,
+struct Curl_tree *Curl_splay(struct timeval i,
+                             struct Curl_tree *t);
+
+struct Curl_tree *Curl_splayinsert(struct timeval key,
+                                   struct Curl_tree *t,
                                    struct Curl_tree *newnode);
+
 #if 0
-struct Curl_tree *Curl_splayremove(int key, struct Curl_tree *t,
+struct Curl_tree *Curl_splayremove(struct timeval key,
+                                   struct Curl_tree *t,
                                    struct Curl_tree **removed);
 #endif
 
-struct Curl_tree *Curl_splaygetbest(int key, struct Curl_tree *t,
+struct Curl_tree *Curl_splaygetbest(struct timeval key,
+                                    struct Curl_tree *t,
                                     struct Curl_tree **removed);
+
 int Curl_splayremovebyaddr(struct Curl_tree *t,
-                           struct Curl_tree *remove,
+                           struct Curl_tree *removenode,
                            struct Curl_tree **newroot);
 
-#ifdef CURLDEBUG
+#define Curl_splaycomparekeys(i,j) ( ((i.tv_sec)  < (j.tv_sec))  ? -1 : \
+                                   ( ((i.tv_sec)  > (j.tv_sec))  ?  1 : \
+                                   ( ((i.tv_usec) < (j.tv_usec)) ? -1 : \
+                                   ( ((i.tv_usec) > (j.tv_usec)) ?  1 : 0 ))))
+
+#ifdef DEBUGBUILD
 void Curl_splayprint(struct Curl_tree * t, int d, char output);
 #else
-#define Curl_splayprint(x,y,z)
+#define Curl_splayprint(x,y,z) Curl_nop_stmt
 #endif
 
-#endif
+#endif /* HEADER_CURL_SPLAY_H */
diff --git a/Utilities/cmcurl/lib/ssh.c b/Utilities/cmcurl/lib/ssh.c
new file mode 100644
index 0000000..887e10f
--- /dev/null
+++ b/Utilities/cmcurl/lib/ssh.c
@@ -0,0 +1,3302 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* #define CURL_LIBSSH2_DEBUG */
+
+#include "curl_setup.h"
+
+#ifdef USE_LIBSSH2
+
+#ifdef HAVE_LIMITS_H
+#  include <limits.h>
+#endif
+
+#include <libssh2.h>
+#include <libssh2_sftp.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
+#undef in_addr_t
+#define in_addr_t unsigned long
+#endif
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "sendf.h"
+#include "hostip.h"
+#include "progress.h"
+#include "transfer.h"
+#include "escape.h"
+#include "http.h" /* for HTTP proxy tunnel stuff */
+#include "ssh.h"
+#include "url.h"
+#include "speedcheck.h"
+#include "getinfo.h"
+
+#include "strequal.h"
+#include "vtls/vtls.h"
+#include "connect.h"
+#include "strerror.h"
+#include "inet_ntop.h"
+#include "parsedate.h" /* for the week day and month names */
+#include "sockaddr.h" /* required for Curl_sockaddr_storage */
+#include "strtoofft.h"
+#include "multiif.h"
+#include "select.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifdef WIN32
+#  undef  PATH_MAX
+#  define PATH_MAX MAX_PATH
+#endif
+
+#ifndef PATH_MAX
+#define PATH_MAX 1024 /* just an extra precaution since there are systems that
+                         have their definition hidden well */
+#endif
+
+#define sftp_libssh2_last_error(s) curlx_ultosi(libssh2_sftp_last_error(s))
+
+#define sftp_libssh2_realpath(s,p,t,m) \
+        libssh2_sftp_symlink_ex((s), (p), curlx_uztoui(strlen(p)), \
+                                (t), (m), LIBSSH2_SFTP_REALPATH)
+
+/* Local functions: */
+static const char *sftp_libssh2_strerror(int err);
+static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc);
+static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc);
+static LIBSSH2_FREE_FUNC(my_libssh2_free);
+
+static CURLcode get_pathname(const char **cpp, char **path);
+
+static CURLcode ssh_connect(struct connectdata *conn, bool *done);
+static CURLcode ssh_multi_statemach(struct connectdata *conn, bool *done);
+static CURLcode ssh_do(struct connectdata *conn, bool *done);
+
+static CURLcode ssh_getworkingpath(struct connectdata *conn,
+                                   char *homedir, /* when SFTP is used */
+                                   char **path);
+
+static CURLcode scp_done(struct connectdata *conn,
+                         CURLcode, bool premature);
+static CURLcode scp_doing(struct connectdata *conn,
+                          bool *dophase_done);
+static CURLcode scp_disconnect(struct connectdata *conn, bool dead_connection);
+
+static CURLcode sftp_done(struct connectdata *conn,
+                          CURLcode, bool premature);
+static CURLcode sftp_doing(struct connectdata *conn,
+                           bool *dophase_done);
+static CURLcode sftp_disconnect(struct connectdata *conn, bool dead);
+static
+CURLcode sftp_perform(struct connectdata *conn,
+                      bool *connected,
+                      bool *dophase_done);
+
+static int ssh_getsock(struct connectdata *conn,
+                       curl_socket_t *sock, /* points to numsocks number
+                                               of sockets */
+                       int numsocks);
+
+static int ssh_perform_getsock(const struct connectdata *conn,
+                               curl_socket_t *sock, /* points to numsocks
+                                                       number of sockets */
+                               int numsocks);
+
+static CURLcode ssh_setup_connection(struct connectdata *conn);
+
+/*
+ * SCP protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_scp = {
+  "SCP",                                /* scheme */
+  ssh_setup_connection,                 /* setup_connection */
+  ssh_do,                               /* do_it */
+  scp_done,                             /* done */
+  ZERO_NULL,                            /* do_more */
+  ssh_connect,                          /* connect_it */
+  ssh_multi_statemach,                  /* connecting */
+  scp_doing,                            /* doing */
+  ssh_getsock,                          /* proto_getsock */
+  ssh_getsock,                          /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ssh_perform_getsock,                  /* perform_getsock */
+  scp_disconnect,                       /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_SSH,                             /* defport */
+  CURLPROTO_SCP,                        /* protocol */
+  PROTOPT_DIRLOCK | PROTOPT_CLOSEACTION
+  | PROTOPT_NOURLQUERY                  /* flags */
+};
+
+
+/*
+ * SFTP protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_sftp = {
+  "SFTP",                               /* scheme */
+  ssh_setup_connection,                 /* setup_connection */
+  ssh_do,                               /* do_it */
+  sftp_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ssh_connect,                          /* connect_it */
+  ssh_multi_statemach,                  /* connecting */
+  sftp_doing,                           /* doing */
+  ssh_getsock,                          /* proto_getsock */
+  ssh_getsock,                          /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ssh_perform_getsock,                  /* perform_getsock */
+  sftp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_SSH,                             /* defport */
+  CURLPROTO_SFTP,                       /* protocol */
+  PROTOPT_DIRLOCK | PROTOPT_CLOSEACTION
+  | PROTOPT_NOURLQUERY                  /* flags */
+};
+
+static void
+kbd_callback(const char *name, int name_len, const char *instruction,
+             int instruction_len, int num_prompts,
+             const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
+             LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
+             void **abstract)
+{
+  struct connectdata *conn = (struct connectdata *)*abstract;
+
+#ifdef CURL_LIBSSH2_DEBUG
+  fprintf(stderr, "name=%s\n", name);
+  fprintf(stderr, "name_len=%d\n", name_len);
+  fprintf(stderr, "instruction=%s\n", instruction);
+  fprintf(stderr, "instruction_len=%d\n", instruction_len);
+  fprintf(stderr, "num_prompts=%d\n", num_prompts);
+#else
+  (void)name;
+  (void)name_len;
+  (void)instruction;
+  (void)instruction_len;
+#endif  /* CURL_LIBSSH2_DEBUG */
+  if(num_prompts == 1) {
+    responses[0].text = strdup(conn->passwd);
+    responses[0].length = curlx_uztoui(strlen(conn->passwd));
+  }
+  (void)prompts;
+  (void)abstract;
+} /* kbd_callback */
+
+static CURLcode sftp_libssh2_error_to_CURLE(int err)
+{
+  switch (err) {
+    case LIBSSH2_FX_OK:
+      return CURLE_OK;
+
+    case LIBSSH2_FX_NO_SUCH_FILE:
+    case LIBSSH2_FX_NO_SUCH_PATH:
+      return CURLE_REMOTE_FILE_NOT_FOUND;
+
+    case LIBSSH2_FX_PERMISSION_DENIED:
+    case LIBSSH2_FX_WRITE_PROTECT:
+    case LIBSSH2_FX_LOCK_CONFlICT:
+      return CURLE_REMOTE_ACCESS_DENIED;
+
+    case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
+    case LIBSSH2_FX_QUOTA_EXCEEDED:
+      return CURLE_REMOTE_DISK_FULL;
+
+    case LIBSSH2_FX_FILE_ALREADY_EXISTS:
+      return CURLE_REMOTE_FILE_EXISTS;
+
+    case LIBSSH2_FX_DIR_NOT_EMPTY:
+      return CURLE_QUOTE_ERROR;
+
+    default:
+      break;
+  }
+
+  return CURLE_SSH;
+}
+
+static CURLcode libssh2_session_error_to_CURLE(int err)
+{
+  switch (err) {
+    /* Ordered by order of appearance in libssh2.h */
+    case LIBSSH2_ERROR_NONE:
+      return CURLE_OK;
+
+    case LIBSSH2_ERROR_SOCKET_NONE:
+      return CURLE_COULDNT_CONNECT;
+
+    case LIBSSH2_ERROR_ALLOC:
+      return CURLE_OUT_OF_MEMORY;
+
+    case LIBSSH2_ERROR_SOCKET_SEND:
+      return CURLE_SEND_ERROR;
+
+    case LIBSSH2_ERROR_HOSTKEY_INIT:
+    case LIBSSH2_ERROR_HOSTKEY_SIGN:
+    case LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED:
+    case LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED:
+      return CURLE_PEER_FAILED_VERIFICATION;
+
+    case LIBSSH2_ERROR_PASSWORD_EXPIRED:
+      return CURLE_LOGIN_DENIED;
+
+    case LIBSSH2_ERROR_SOCKET_TIMEOUT:
+    case LIBSSH2_ERROR_TIMEOUT:
+      return CURLE_OPERATION_TIMEDOUT;
+
+    case LIBSSH2_ERROR_EAGAIN:
+      return CURLE_AGAIN;
+  }
+
+  /* TODO: map some more of the libssh2 errors to the more appropriate CURLcode
+     error code, and possibly add a few new SSH-related one. We must however
+     not return or even depend on libssh2 errors in the public libcurl API */
+
+  return CURLE_SSH;
+}
+
+static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc)
+{
+  (void)abstract; /* arg not used */
+  return malloc(count);
+}
+
+static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc)
+{
+  (void)abstract; /* arg not used */
+  return realloc(ptr, count);
+}
+
+static LIBSSH2_FREE_FUNC(my_libssh2_free)
+{
+  (void)abstract; /* arg not used */
+  if(ptr) /* ssh2 agent sometimes call free with null ptr */
+    free(ptr);
+}
+
+/*
+ * SSH State machine related code
+ */
+/* This is the ONLY way to change SSH state! */
+static void state(struct connectdata *conn, sshstate nowstate)
+{
+  struct ssh_conn *sshc = &conn->proto.sshc;
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+  /* for debug purposes */
+  static const char * const names[] = {
+    "SSH_STOP",
+    "SSH_INIT",
+    "SSH_S_STARTUP",
+    "SSH_HOSTKEY",
+    "SSH_AUTHLIST",
+    "SSH_AUTH_PKEY_INIT",
+    "SSH_AUTH_PKEY",
+    "SSH_AUTH_PASS_INIT",
+    "SSH_AUTH_PASS",
+    "SSH_AUTH_AGENT_INIT",
+    "SSH_AUTH_AGENT_LIST",
+    "SSH_AUTH_AGENT",
+    "SSH_AUTH_HOST_INIT",
+    "SSH_AUTH_HOST",
+    "SSH_AUTH_KEY_INIT",
+    "SSH_AUTH_KEY",
+    "SSH_AUTH_DONE",
+    "SSH_SFTP_INIT",
+    "SSH_SFTP_REALPATH",
+    "SSH_SFTP_QUOTE_INIT",
+    "SSH_SFTP_POSTQUOTE_INIT",
+    "SSH_SFTP_QUOTE",
+    "SSH_SFTP_NEXT_QUOTE",
+    "SSH_SFTP_QUOTE_STAT",
+    "SSH_SFTP_QUOTE_SETSTAT",
+    "SSH_SFTP_QUOTE_SYMLINK",
+    "SSH_SFTP_QUOTE_MKDIR",
+    "SSH_SFTP_QUOTE_RENAME",
+    "SSH_SFTP_QUOTE_RMDIR",
+    "SSH_SFTP_QUOTE_UNLINK",
+    "SSH_SFTP_TRANS_INIT",
+    "SSH_SFTP_UPLOAD_INIT",
+    "SSH_SFTP_CREATE_DIRS_INIT",
+    "SSH_SFTP_CREATE_DIRS",
+    "SSH_SFTP_CREATE_DIRS_MKDIR",
+    "SSH_SFTP_READDIR_INIT",
+    "SSH_SFTP_READDIR",
+    "SSH_SFTP_READDIR_LINK",
+    "SSH_SFTP_READDIR_BOTTOM",
+    "SSH_SFTP_READDIR_DONE",
+    "SSH_SFTP_DOWNLOAD_INIT",
+    "SSH_SFTP_DOWNLOAD_STAT",
+    "SSH_SFTP_CLOSE",
+    "SSH_SFTP_SHUTDOWN",
+    "SSH_SCP_TRANS_INIT",
+    "SSH_SCP_UPLOAD_INIT",
+    "SSH_SCP_DOWNLOAD_INIT",
+    "SSH_SCP_DONE",
+    "SSH_SCP_SEND_EOF",
+    "SSH_SCP_WAIT_EOF",
+    "SSH_SCP_WAIT_CLOSE",
+    "SSH_SCP_CHANNEL_FREE",
+    "SSH_SESSION_DISCONNECT",
+    "SSH_SESSION_FREE",
+    "QUIT"
+  };
+
+  if(sshc->state != nowstate) {
+    infof(conn->data, "SFTP %p state change from %s to %s\n",
+          (void *)sshc, names[sshc->state], names[nowstate]);
+  }
+#endif
+
+  sshc->state = nowstate;
+}
+
+/* figure out the path to work with in this particular request */
+static CURLcode ssh_getworkingpath(struct connectdata *conn,
+                                   char *homedir,  /* when SFTP is used */
+                                   char **path) /* returns the  allocated
+                                                   real path to work with */
+{
+  struct SessionHandle *data = conn->data;
+  char *real_path = NULL;
+  char *working_path;
+  int working_path_len;
+
+  working_path = curl_easy_unescape(data, data->state.path, 0,
+                                    &working_path_len);
+  if(!working_path)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Check for /~/ , indicating relative to the user's home directory */
+  if(conn->handler->protocol & CURLPROTO_SCP) {
+    real_path = malloc(working_path_len+1);
+    if(real_path == NULL) {
+      free(working_path);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
+      /* It is referenced to the home directory, so strip the leading '/~/' */
+      memcpy(real_path, working_path+3, 4 + working_path_len-3);
+    else
+      memcpy(real_path, working_path, 1 + working_path_len);
+  }
+  else if(conn->handler->protocol & CURLPROTO_SFTP) {
+    if((working_path_len > 1) && (working_path[1] == '~')) {
+      size_t homelen = strlen(homedir);
+      real_path = malloc(homelen + working_path_len + 1);
+      if(real_path == NULL) {
+        free(working_path);
+        return CURLE_OUT_OF_MEMORY;
+      }
+      /* It is referenced to the home directory, so strip the
+         leading '/' */
+      memcpy(real_path, homedir, homelen);
+      real_path[homelen] = '/';
+      real_path[homelen+1] = '\0';
+      if(working_path_len > 3) {
+        memcpy(real_path+homelen+1, working_path + 3,
+               1 + working_path_len -3);
+      }
+    }
+    else {
+      real_path = malloc(working_path_len+1);
+      if(real_path == NULL) {
+        free(working_path);
+        return CURLE_OUT_OF_MEMORY;
+      }
+      memcpy(real_path, working_path, 1+working_path_len);
+    }
+  }
+
+  free(working_path);
+
+  /* store the pointer for the caller to receive */
+  *path = real_path;
+
+  return CURLE_OK;
+}
+
+#ifdef HAVE_LIBSSH2_KNOWNHOST_API
+static int sshkeycallback(CURL *easy,
+                          const struct curl_khkey *knownkey, /* known */
+                          const struct curl_khkey *foundkey, /* found */
+                          enum curl_khmatch match,
+                          void *clientp)
+{
+  (void)easy;
+  (void)knownkey;
+  (void)foundkey;
+  (void)clientp;
+
+  /* we only allow perfect matches, and we reject everything else */
+  return (match != CURLKHMATCH_OK)?CURLKHSTAT_REJECT:CURLKHSTAT_FINE;
+}
+#endif
+
+/*
+ * Earlier libssh2 versions didn't have the ability to seek to 64bit positions
+ * with 32bit size_t.
+ */
+#ifdef HAVE_LIBSSH2_SFTP_SEEK64
+#define SFTP_SEEK(x,y) libssh2_sftp_seek64(x, (libssh2_uint64_t)y)
+#else
+#define SFTP_SEEK(x,y) libssh2_sftp_seek(x, (size_t)y)
+#endif
+
+/*
+ * Earlier libssh2 versions didn't do SCP properly beyond 32bit sizes on 32bit
+ * architectures so we check of the necessary function is present.
+ */
+#ifndef HAVE_LIBSSH2_SCP_SEND64
+#define SCP_SEND(a,b,c,d) libssh2_scp_send_ex(a, b, (int)(c), (size_t)d, 0, 0)
+#else
+#define SCP_SEND(a,b,c,d) libssh2_scp_send64(a, b, (int)(c),            \
+                                             (libssh2_uint64_t)d, 0, 0)
+#endif
+
+/*
+ * libssh2 1.2.8 fixed the problem with 32bit ints used for sockets on win64.
+ */
+#ifdef HAVE_LIBSSH2_SESSION_HANDSHAKE
+#define libssh2_session_startup(x,y) libssh2_session_handshake(x,y)
+#endif
+
+static CURLcode ssh_knownhost(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+
+#ifdef HAVE_LIBSSH2_KNOWNHOST_API
+  struct SessionHandle *data = conn->data;
+
+  if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
+    /* we're asked to verify the host against a file */
+    struct ssh_conn *sshc = &conn->proto.sshc;
+    int rc;
+    int keytype;
+    size_t keylen;
+    const char *remotekey = libssh2_session_hostkey(sshc->ssh_session,
+                                                    &keylen, &keytype);
+    int keycheck = LIBSSH2_KNOWNHOST_CHECK_FAILURE;
+    int keybit = 0;
+
+    if(remotekey) {
+      /*
+       * A subject to figure out is what host name we need to pass in here.
+       * What host name does OpenSSH store in its file if an IDN name is
+       * used?
+       */
+      struct libssh2_knownhost *host;
+      enum curl_khmatch keymatch;
+      curl_sshkeycallback func =
+        data->set.ssh_keyfunc?data->set.ssh_keyfunc:sshkeycallback;
+      struct curl_khkey knownkey;
+      struct curl_khkey *knownkeyp = NULL;
+      struct curl_khkey foundkey;
+
+      keybit = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
+        LIBSSH2_KNOWNHOST_KEY_SSHRSA:LIBSSH2_KNOWNHOST_KEY_SSHDSS;
+
+      keycheck = libssh2_knownhost_check(sshc->kh,
+                                         conn->host.name,
+                                         remotekey, keylen,
+                                         LIBSSH2_KNOWNHOST_TYPE_PLAIN|
+                                         LIBSSH2_KNOWNHOST_KEYENC_RAW|
+                                         keybit,
+                                         &host);
+
+      infof(data, "SSH host check: %d, key: %s\n", keycheck,
+            (keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)?
+            host->key:"<none>");
+
+      /* setup 'knownkey' */
+      if(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) {
+        knownkey.key = host->key;
+        knownkey.len = 0;
+        knownkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
+          CURLKHTYPE_RSA : CURLKHTYPE_DSS;
+        knownkeyp = &knownkey;
+      }
+
+      /* setup 'foundkey' */
+      foundkey.key = remotekey;
+      foundkey.len = keylen;
+      foundkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
+        CURLKHTYPE_RSA : CURLKHTYPE_DSS;
+
+      /*
+       * if any of the LIBSSH2_KNOWNHOST_CHECK_* defines and the
+       * curl_khmatch enum are ever modified, we need to introduce a
+       * translation table here!
+       */
+      keymatch = (enum curl_khmatch)keycheck;
+
+      /* Ask the callback how to behave */
+      rc = func(data, knownkeyp, /* from the knownhosts file */
+                &foundkey, /* from the remote host */
+                keymatch, data->set.ssh_keyfunc_userp);
+    }
+    else
+      /* no remotekey means failure! */
+      rc = CURLKHSTAT_REJECT;
+
+    switch(rc) {
+    default: /* unknown return codes will equal reject */
+    case CURLKHSTAT_REJECT:
+      state(conn, SSH_SESSION_FREE);
+    case CURLKHSTAT_DEFER:
+      /* DEFER means bail out but keep the SSH_HOSTKEY state */
+      result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+      break;
+    case CURLKHSTAT_FINE:
+    case CURLKHSTAT_FINE_ADD_TO_FILE:
+      /* proceed */
+      if(keycheck != LIBSSH2_KNOWNHOST_CHECK_MATCH) {
+        /* the found host+key didn't match but has been told to be fine
+           anyway so we add it in memory */
+        int addrc = libssh2_knownhost_add(sshc->kh,
+                                          conn->host.name, NULL,
+                                          remotekey, keylen,
+                                          LIBSSH2_KNOWNHOST_TYPE_PLAIN|
+                                          LIBSSH2_KNOWNHOST_KEYENC_RAW|
+                                          keybit, NULL);
+        if(addrc)
+          infof(data, "Warning adding the known host %s failed!\n",
+                conn->host.name);
+        else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE) {
+          /* now we write the entire in-memory list of known hosts to the
+             known_hosts file */
+          int wrc =
+            libssh2_knownhost_writefile(sshc->kh,
+                                        data->set.str[STRING_SSH_KNOWNHOSTS],
+                                        LIBSSH2_KNOWNHOST_FILE_OPENSSH);
+          if(wrc) {
+            infof(data, "Warning, writing %s failed!\n",
+                  data->set.str[STRING_SSH_KNOWNHOSTS]);
+          }
+        }
+      }
+      break;
+    }
+  }
+#else /* HAVE_LIBSSH2_KNOWNHOST_API */
+  (void)conn;
+#endif
+  return result;
+}
+
+static CURLcode ssh_check_fingerprint(struct connectdata *conn)
+{
+  struct ssh_conn *sshc = &conn->proto.sshc;
+  struct SessionHandle *data = conn->data;
+  const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
+  char md5buffer[33];
+  int i;
+
+  const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
+      LIBSSH2_HOSTKEY_HASH_MD5);
+
+  if(fingerprint) {
+    /* The fingerprint points to static storage (!), don't free() it. */
+    for(i = 0; i < 16; i++)
+      snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
+    infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
+  }
+
+  /* Before we authenticate we check the hostkey's MD5 fingerprint
+   * against a known fingerprint, if available.
+   */
+  if(pubkey_md5 && strlen(pubkey_md5) == 32) {
+    if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
+      if(fingerprint)
+        failf(data,
+            "Denied establishing ssh session: mismatch md5 fingerprint. "
+            "Remote %s is not equal to %s", md5buffer, pubkey_md5);
+      else
+        failf(data,
+            "Denied establishing ssh session: md5 fingerprint not available");
+      state(conn, SSH_SESSION_FREE);
+      sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+      return sshc->actualcode;
+    }
+    else {
+      infof(data, "MD5 checksum match!\n");
+      /* as we already matched, we skip the check for known hosts */
+      return CURLE_OK;
+    }
+  }
+  else
+    return ssh_knownhost(conn);
+}
+
+/*
+ * ssh_statemach_act() runs the SSH state machine as far as it can without
+ * blocking and without reaching the end.  The data the pointer 'block' points
+ * to will be set to TRUE if the libssh2 function returns LIBSSH2_ERROR_EAGAIN
+ * meaning it wants to be called again when the socket is ready
+ */
+
+static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct SSHPROTO *sftp_scp = data->req.protop;
+  struct ssh_conn *sshc = &conn->proto.sshc;
+  curl_socket_t sock = conn->sock[FIRSTSOCKET];
+  char *new_readdir_line;
+  int rc = LIBSSH2_ERROR_NONE;
+  int err;
+  int seekerr = CURL_SEEKFUNC_OK;
+  *block = 0; /* we're not blocking by default */
+
+  do {
+
+    switch(sshc->state) {
+    case SSH_INIT:
+      sshc->secondCreateDirs = 0;
+      sshc->nextstate = SSH_NO_STATE;
+      sshc->actualcode = CURLE_OK;
+
+      /* Set libssh2 to non-blocking, since everything internally is
+         non-blocking */
+      libssh2_session_set_blocking(sshc->ssh_session, 0);
+
+      state(conn, SSH_S_STARTUP);
+      /* fall-through */
+
+    case SSH_S_STARTUP:
+      rc = libssh2_session_startup(sshc->ssh_session, (int)sock);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc) {
+        failf(data, "Failure establishing ssh session");
+        state(conn, SSH_SESSION_FREE);
+        sshc->actualcode = CURLE_FAILED_INIT;
+        break;
+      }
+
+      state(conn, SSH_HOSTKEY);
+
+      /* fall-through */
+    case SSH_HOSTKEY:
+      /*
+       * Before we authenticate we should check the hostkey's fingerprint
+       * against our known hosts. How that is handled (reading from file,
+       * whatever) is up to us.
+       */
+      result = ssh_check_fingerprint(conn);
+      if(result == CURLE_OK)
+        state(conn, SSH_AUTHLIST);
+      /* ssh_check_fingerprint sets state appropriately on error */
+      break;
+
+    case SSH_AUTHLIST:
+      /*
+       * Figure out authentication methods
+       * NB: As soon as we have provided a username to an openssh server we
+       * must never change it later. Thus, always specify the correct username
+       * here, even though the libssh2 docs kind of indicate that it should be
+       * possible to get a 'generic' list (not user-specific) of authentication
+       * methods, presumably with a blank username. That won't work in my
+       * experience.
+       * So always specify it here.
+       */
+      sshc->authlist = libssh2_userauth_list(sshc->ssh_session,
+                                             conn->user,
+                                             curlx_uztoui(strlen(conn->user)));
+
+      if(!sshc->authlist) {
+        if(libssh2_userauth_authenticated(sshc->ssh_session)) {
+          sshc->authed = TRUE;
+          infof(data, "SSH user accepted with no authentication\n");
+          state(conn, SSH_AUTH_DONE);
+          break;
+        }
+        else if((err = libssh2_session_last_errno(sshc->ssh_session)) ==
+           LIBSSH2_ERROR_EAGAIN) {
+          rc = LIBSSH2_ERROR_EAGAIN;
+          break;
+        }
+        else {
+          state(conn, SSH_SESSION_FREE);
+          sshc->actualcode = libssh2_session_error_to_CURLE(err);
+          break;
+        }
+      }
+      infof(data, "SSH authentication methods available: %s\n",
+            sshc->authlist);
+
+      state(conn, SSH_AUTH_PKEY_INIT);
+      break;
+
+    case SSH_AUTH_PKEY_INIT:
+      /*
+       * Check the supported auth types in the order I feel is most secure
+       * with the requested type of authentication
+       */
+      sshc->authed = FALSE;
+
+      if((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&
+         (strstr(sshc->authlist, "publickey") != NULL)) {
+        char *home = NULL;
+        bool rsa_pub_empty_but_ok = FALSE;
+
+        sshc->rsa_pub = sshc->rsa = NULL;
+
+        /* To ponder about: should really the lib be messing about with the
+           HOME environment variable etc? */
+        home = curl_getenv("HOME");
+
+        if(data->set.str[STRING_SSH_PUBLIC_KEY] &&
+           !*data->set.str[STRING_SSH_PUBLIC_KEY])
+           rsa_pub_empty_but_ok = true;
+        else if(data->set.str[STRING_SSH_PUBLIC_KEY])
+          sshc->rsa_pub = aprintf("%s", data->set.str[STRING_SSH_PUBLIC_KEY]);
+        else if(home)
+          sshc->rsa_pub = aprintf("%s/.ssh/id_dsa.pub", home);
+        else
+          /* as a final resort, try current dir! */
+          sshc->rsa_pub = strdup("id_dsa.pub");
+
+        if(!rsa_pub_empty_but_ok && (sshc->rsa_pub == NULL)) {
+          Curl_safefree(home);
+          state(conn, SSH_SESSION_FREE);
+          sshc->actualcode = CURLE_OUT_OF_MEMORY;
+          break;
+        }
+
+        if(data->set.str[STRING_SSH_PRIVATE_KEY])
+          sshc->rsa = aprintf("%s", data->set.str[STRING_SSH_PRIVATE_KEY]);
+        else if(home)
+          sshc->rsa = aprintf("%s/.ssh/id_dsa", home);
+        else
+          /* as a final resort, try current dir! */
+          sshc->rsa = strdup("id_dsa");
+
+        if(sshc->rsa == NULL) {
+          Curl_safefree(home);
+          Curl_safefree(sshc->rsa_pub);
+          state(conn, SSH_SESSION_FREE);
+          sshc->actualcode = CURLE_OUT_OF_MEMORY;
+          break;
+        }
+
+        sshc->passphrase = data->set.str[STRING_KEY_PASSWD];
+        if(!sshc->passphrase)
+          sshc->passphrase = "";
+
+        Curl_safefree(home);
+
+        infof(data, "Using ssh public key file %s\n", sshc->rsa_pub);
+        infof(data, "Using ssh private key file %s\n", sshc->rsa);
+
+        state(conn, SSH_AUTH_PKEY);
+      }
+      else {
+        state(conn, SSH_AUTH_PASS_INIT);
+      }
+      break;
+
+    case SSH_AUTH_PKEY:
+      /* The function below checks if the files exists, no need to stat() here.
+       */
+      rc = libssh2_userauth_publickey_fromfile_ex(sshc->ssh_session,
+                                                  conn->user,
+                                                  curlx_uztoui(
+                                                    strlen(conn->user)),
+                                                  sshc->rsa_pub,
+                                                  sshc->rsa, sshc->passphrase);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+
+      Curl_safefree(sshc->rsa_pub);
+      Curl_safefree(sshc->rsa);
+
+      if(rc == 0) {
+        sshc->authed = TRUE;
+        infof(data, "Initialized SSH public key authentication\n");
+        state(conn, SSH_AUTH_DONE);
+      }
+      else {
+        char *err_msg;
+        (void)libssh2_session_last_error(sshc->ssh_session,
+                                         &err_msg, NULL, 0);
+        infof(data, "SSH public key authentication failed: %s\n", err_msg);
+        state(conn, SSH_AUTH_PASS_INIT);
+      }
+      break;
+
+    case SSH_AUTH_PASS_INIT:
+      if((data->set.ssh_auth_types & CURLSSH_AUTH_PASSWORD) &&
+         (strstr(sshc->authlist, "password") != NULL)) {
+        state(conn, SSH_AUTH_PASS);
+      }
+      else {
+        state(conn, SSH_AUTH_HOST_INIT);
+      }
+      break;
+
+    case SSH_AUTH_PASS:
+      rc = libssh2_userauth_password_ex(sshc->ssh_session, conn->user,
+                                        curlx_uztoui(strlen(conn->user)),
+                                        conn->passwd,
+                                        curlx_uztoui(strlen(conn->passwd)),
+                                        NULL);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc == 0) {
+        sshc->authed = TRUE;
+        infof(data, "Initialized password authentication\n");
+        state(conn, SSH_AUTH_DONE);
+      }
+      else {
+        state(conn, SSH_AUTH_HOST_INIT);
+      }
+      break;
+
+    case SSH_AUTH_HOST_INIT:
+      if((data->set.ssh_auth_types & CURLSSH_AUTH_HOST) &&
+         (strstr(sshc->authlist, "hostbased") != NULL)) {
+        state(conn, SSH_AUTH_HOST);
+      }
+      else {
+        state(conn, SSH_AUTH_AGENT_INIT);
+      }
+      break;
+
+    case SSH_AUTH_HOST:
+      state(conn, SSH_AUTH_AGENT_INIT);
+      break;
+
+    case SSH_AUTH_AGENT_INIT:
+#ifdef HAVE_LIBSSH2_AGENT_API
+      if((data->set.ssh_auth_types & CURLSSH_AUTH_AGENT)
+         && (strstr(sshc->authlist, "publickey") != NULL)) {
+
+        /* Connect to the ssh-agent */
+        /* The agent could be shared by a curl thread i believe
+           but nothing obvious as keys can be added/removed at any time */
+        if(!sshc->ssh_agent) {
+          sshc->ssh_agent = libssh2_agent_init(sshc->ssh_session);
+          if(!sshc->ssh_agent) {
+            infof(data, "Could not create agent object\n");
+
+            state(conn, SSH_AUTH_KEY_INIT);
+            break;
+          }
+        }
+
+        rc = libssh2_agent_connect(sshc->ssh_agent);
+        if(rc == LIBSSH2_ERROR_EAGAIN)
+          break;
+        if(rc < 0) {
+          infof(data, "Failure connecting to agent\n");
+          state(conn, SSH_AUTH_KEY_INIT);
+        }
+        else {
+          state(conn, SSH_AUTH_AGENT_LIST);
+        }
+      }
+      else
+#endif /* HAVE_LIBSSH2_AGENT_API */
+        state(conn, SSH_AUTH_KEY_INIT);
+      break;
+
+    case SSH_AUTH_AGENT_LIST:
+#ifdef HAVE_LIBSSH2_AGENT_API
+      rc = libssh2_agent_list_identities(sshc->ssh_agent);
+
+      if(rc == LIBSSH2_ERROR_EAGAIN)
+        break;
+      if(rc < 0) {
+        infof(data, "Failure requesting identities to agent\n");
+        state(conn, SSH_AUTH_KEY_INIT);
+      }
+      else {
+        state(conn, SSH_AUTH_AGENT);
+        sshc->sshagent_prev_identity = NULL;
+      }
+#endif
+      break;
+
+    case SSH_AUTH_AGENT:
+#ifdef HAVE_LIBSSH2_AGENT_API
+      /* as prev_identity evolves only after an identity user auth finished we
+         can safely request it again as long as EAGAIN is returned here or by
+         libssh2_agent_userauth */
+      rc = libssh2_agent_get_identity(sshc->ssh_agent,
+                                      &sshc->sshagent_identity,
+                                      sshc->sshagent_prev_identity);
+      if(rc == LIBSSH2_ERROR_EAGAIN)
+        break;
+
+      if(rc == 0) {
+        rc = libssh2_agent_userauth(sshc->ssh_agent, conn->user,
+                                    sshc->sshagent_identity);
+
+        if(rc < 0) {
+          if(rc != LIBSSH2_ERROR_EAGAIN) {
+            /* tried and failed? go to next identity */
+            sshc->sshagent_prev_identity = sshc->sshagent_identity;
+          }
+          break;
+        }
+      }
+
+      if(rc < 0)
+        infof(data, "Failure requesting identities to agent\n");
+      else if(rc == 1)
+        infof(data, "No identity would match\n");
+
+      if(rc == LIBSSH2_ERROR_NONE) {
+        sshc->authed = TRUE;
+        infof(data, "Agent based authentication successful\n");
+        state(conn, SSH_AUTH_DONE);
+      }
+      else
+        state(conn, SSH_AUTH_KEY_INIT);
+#endif
+      break;
+
+    case SSH_AUTH_KEY_INIT:
+      if((data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD)
+         && (strstr(sshc->authlist, "keyboard-interactive") != NULL)) {
+        state(conn, SSH_AUTH_KEY);
+      }
+      else {
+        state(conn, SSH_AUTH_DONE);
+      }
+      break;
+
+    case SSH_AUTH_KEY:
+      /* Authentication failed. Continue with keyboard-interactive now. */
+      rc = libssh2_userauth_keyboard_interactive_ex(sshc->ssh_session,
+                                                    conn->user,
+                                                    curlx_uztoui(
+                                                      strlen(conn->user)),
+                                                    &kbd_callback);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc == 0) {
+        sshc->authed = TRUE;
+        infof(data, "Initialized keyboard interactive authentication\n");
+      }
+      state(conn, SSH_AUTH_DONE);
+      break;
+
+    case SSH_AUTH_DONE:
+      if(!sshc->authed) {
+        failf(data, "Authentication failure");
+        state(conn, SSH_SESSION_FREE);
+        sshc->actualcode = CURLE_LOGIN_DENIED;
+        break;
+      }
+
+      /*
+       * At this point we have an authenticated ssh session.
+       */
+      infof(data, "Authentication complete\n");
+
+      Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSH is connected */
+
+      conn->sockfd = sock;
+      conn->writesockfd = CURL_SOCKET_BAD;
+
+      if(conn->handler->protocol == CURLPROTO_SFTP) {
+        state(conn, SSH_SFTP_INIT);
+        break;
+      }
+      infof(data, "SSH CONNECT phase done\n");
+      state(conn, SSH_STOP);
+      break;
+
+    case SSH_SFTP_INIT:
+      /*
+       * Start the libssh2 sftp session
+       */
+      sshc->sftp_session = libssh2_sftp_init(sshc->ssh_session);
+      if(!sshc->sftp_session) {
+        if(libssh2_session_last_errno(sshc->ssh_session) ==
+           LIBSSH2_ERROR_EAGAIN) {
+          rc = LIBSSH2_ERROR_EAGAIN;
+          break;
+        }
+        else {
+          char *err_msg;
+
+          (void)libssh2_session_last_error(sshc->ssh_session,
+                                           &err_msg, NULL, 0);
+          failf(data, "Failure initializing sftp session: %s", err_msg);
+          state(conn, SSH_SESSION_FREE);
+          sshc->actualcode = CURLE_FAILED_INIT;
+          break;
+        }
+      }
+      state(conn, SSH_SFTP_REALPATH);
+      break;
+
+    case SSH_SFTP_REALPATH:
+    {
+      char tempHome[PATH_MAX];
+
+      /*
+       * Get the "home" directory
+       */
+      rc = sftp_libssh2_realpath(sshc->sftp_session, ".",
+                                 tempHome, PATH_MAX-1);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc > 0) {
+        /* It seems that this string is not always NULL terminated */
+        tempHome[rc] = '\0';
+        sshc->homedir = strdup(tempHome);
+        if(!sshc->homedir) {
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->actualcode = CURLE_OUT_OF_MEMORY;
+          break;
+        }
+        conn->data->state.most_recent_ftp_entrypath = sshc->homedir;
+      }
+      else {
+        /* Return the error type */
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        result = sftp_libssh2_error_to_CURLE(err);
+        sshc->actualcode = result?result:CURLE_SSH;
+        DEBUGF(infof(data, "error = %d makes libcurl = %d\n",
+                     err, (int)result));
+        state(conn, SSH_STOP);
+        break;
+      }
+    }
+    /* This is the last step in the SFTP connect phase. Do note that while
+       we get the homedir here, we get the "workingpath" in the DO action
+       since the homedir will remain the same between request but the
+       working path will not. */
+    DEBUGF(infof(data, "SSH CONNECT phase done\n"));
+    state(conn, SSH_STOP);
+    break;
+
+    case SSH_SFTP_QUOTE_INIT:
+
+      result = ssh_getworkingpath(conn, sshc->homedir, &sftp_scp->path);
+      if(result) {
+        sshc->actualcode = result;
+        state(conn, SSH_STOP);
+        break;
+      }
+
+      if(data->set.quote) {
+        infof(data, "Sending quote commands\n");
+        sshc->quote_item = data->set.quote;
+        state(conn, SSH_SFTP_QUOTE);
+      }
+      else {
+        state(conn, SSH_SFTP_TRANS_INIT);
+      }
+      break;
+
+    case SSH_SFTP_POSTQUOTE_INIT:
+      if(data->set.postquote) {
+        infof(data, "Sending quote commands\n");
+        sshc->quote_item = data->set.postquote;
+        state(conn, SSH_SFTP_QUOTE);
+      }
+      else {
+        state(conn, SSH_STOP);
+      }
+      break;
+
+    case SSH_SFTP_QUOTE:
+      /* Send any quote commands */
+    {
+      const char *cp;
+
+      /*
+       * Support some of the "FTP" commands
+       */
+      char *cmd = sshc->quote_item->data;
+      sshc->acceptfail = FALSE;
+
+      /* if a command starts with an asterisk, which a legal SFTP command never
+         can, the command will be allowed to fail without it causing any
+         aborts or cancels etc. It will cause libcurl to act as if the command
+         is successful, whatever the server reponds. */
+
+      if(cmd[0] == '*') {
+        cmd++;
+        sshc->acceptfail = TRUE;
+      }
+
+      if(curl_strequal("pwd", cmd)) {
+        /* output debug output if that is requested */
+        char *tmp = aprintf("257 \"%s\" is current directory.\n",
+                            sftp_scp->path);
+        if(!tmp) {
+          result = CURLE_OUT_OF_MEMORY;
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->nextstate = SSH_NO_STATE;
+          break;
+        }
+        if(data->set.verbose) {
+          Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"PWD\n", 4, conn);
+          Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp), conn);
+        }
+        /* this sends an FTP-like "header" to the header callback so that the
+           current directory can be read very similar to how it is read when
+           using ordinary FTP. */
+        result = Curl_client_write(conn, CLIENTWRITE_HEADER, tmp, strlen(tmp));
+        free(tmp);
+        if(result) {
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->nextstate = SSH_NO_STATE;
+          sshc->actualcode = result;
+        }
+        else
+          state(conn, SSH_SFTP_NEXT_QUOTE);
+        break;
+      }
+      else if(cmd) {
+        /*
+         * the arguments following the command must be separated from the
+         * command with a space so we can check for it unconditionally
+         */
+        cp = strchr(cmd, ' ');
+        if(cp == NULL) {
+          failf(data, "Syntax error in SFTP command. Supply parameter(s)!");
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->nextstate = SSH_NO_STATE;
+          sshc->actualcode = CURLE_QUOTE_ERROR;
+          break;
+        }
+
+        /*
+         * also, every command takes at least one argument so we get that
+         * first argument right now
+         */
+        result = get_pathname(&cp, &sshc->quote_path1);
+        if(result) {
+          if(result == CURLE_OUT_OF_MEMORY)
+            failf(data, "Out of memory");
+          else
+            failf(data, "Syntax error: Bad first parameter");
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->nextstate = SSH_NO_STATE;
+          sshc->actualcode = result;
+          break;
+        }
+
+        /*
+         * SFTP is a binary protocol, so we don't send text commands
+         * to the server. Instead, we scan for commands used by
+         * OpenSSH's sftp program and call the appropriate libssh2
+         * functions.
+         */
+        if(curl_strnequal(cmd, "chgrp ", 6) ||
+           curl_strnequal(cmd, "chmod ", 6) ||
+           curl_strnequal(cmd, "chown ", 6) ) {
+          /* attribute change */
+
+          /* sshc->quote_path1 contains the mode to set */
+          /* get the destination */
+          result = get_pathname(&cp, &sshc->quote_path2);
+          if(result) {
+            if(result == CURLE_OUT_OF_MEMORY)
+              failf(data, "Out of memory");
+            else
+              failf(data, "Syntax error in chgrp/chmod/chown: "
+                    "Bad second parameter");
+            Curl_safefree(sshc->quote_path1);
+            state(conn, SSH_SFTP_CLOSE);
+            sshc->nextstate = SSH_NO_STATE;
+            sshc->actualcode = result;
+            break;
+          }
+          memset(&sshc->quote_attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES));
+          state(conn, SSH_SFTP_QUOTE_STAT);
+          break;
+        }
+        else if(curl_strnequal(cmd, "ln ", 3) ||
+                curl_strnequal(cmd, "symlink ", 8)) {
+          /* symbolic linking */
+          /* sshc->quote_path1 is the source */
+          /* get the destination */
+          result = get_pathname(&cp, &sshc->quote_path2);
+          if(result) {
+            if(result == CURLE_OUT_OF_MEMORY)
+              failf(data, "Out of memory");
+            else
+              failf(data,
+                    "Syntax error in ln/symlink: Bad second parameter");
+            Curl_safefree(sshc->quote_path1);
+            state(conn, SSH_SFTP_CLOSE);
+            sshc->nextstate = SSH_NO_STATE;
+            sshc->actualcode = result;
+            break;
+          }
+          state(conn, SSH_SFTP_QUOTE_SYMLINK);
+          break;
+        }
+        else if(curl_strnequal(cmd, "mkdir ", 6)) {
+          /* create dir */
+          state(conn, SSH_SFTP_QUOTE_MKDIR);
+          break;
+        }
+        else if(curl_strnequal(cmd, "rename ", 7)) {
+          /* rename file */
+          /* first param is the source path */
+          /* second param is the dest. path */
+          result = get_pathname(&cp, &sshc->quote_path2);
+          if(result) {
+            if(result == CURLE_OUT_OF_MEMORY)
+              failf(data, "Out of memory");
+            else
+              failf(data, "Syntax error in rename: Bad second parameter");
+            Curl_safefree(sshc->quote_path1);
+            state(conn, SSH_SFTP_CLOSE);
+            sshc->nextstate = SSH_NO_STATE;
+            sshc->actualcode = result;
+            break;
+          }
+          state(conn, SSH_SFTP_QUOTE_RENAME);
+          break;
+        }
+        else if(curl_strnequal(cmd, "rmdir ", 6)) {
+          /* delete dir */
+          state(conn, SSH_SFTP_QUOTE_RMDIR);
+          break;
+        }
+        else if(curl_strnequal(cmd, "rm ", 3)) {
+          state(conn, SSH_SFTP_QUOTE_UNLINK);
+          break;
+        }
+
+        failf(data, "Unknown SFTP command");
+        Curl_safefree(sshc->quote_path1);
+        Curl_safefree(sshc->quote_path2);
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->nextstate = SSH_NO_STATE;
+        sshc->actualcode = CURLE_QUOTE_ERROR;
+        break;
+      }
+    }
+    if(!sshc->quote_item) {
+      state(conn, SSH_SFTP_TRANS_INIT);
+    }
+    break;
+
+    case SSH_SFTP_NEXT_QUOTE:
+      Curl_safefree(sshc->quote_path1);
+      Curl_safefree(sshc->quote_path2);
+
+      sshc->quote_item = sshc->quote_item->next;
+
+      if(sshc->quote_item) {
+        state(conn, SSH_SFTP_QUOTE);
+      }
+      else {
+        if(sshc->nextstate != SSH_NO_STATE) {
+          state(conn, sshc->nextstate);
+          sshc->nextstate = SSH_NO_STATE;
+        }
+        else {
+          state(conn, SSH_SFTP_TRANS_INIT);
+        }
+      }
+      break;
+
+    case SSH_SFTP_QUOTE_STAT:
+    {
+      char *cmd = sshc->quote_item->data;
+      sshc->acceptfail = FALSE;
+
+      /* if a command starts with an asterisk, which a legal SFTP command never
+         can, the command will be allowed to fail without it causing any
+         aborts or cancels etc. It will cause libcurl to act as if the command
+         is successful, whatever the server reponds. */
+
+      if(cmd[0] == '*') {
+        cmd++;
+        sshc->acceptfail = TRUE;
+      }
+
+      if(!curl_strnequal(cmd, "chmod", 5)) {
+        /* Since chown and chgrp only set owner OR group but libssh2 wants to
+         * set them both at once, we need to obtain the current ownership
+         * first.  This takes an extra protocol round trip.
+         */
+        rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2,
+                                  curlx_uztoui(strlen(sshc->quote_path2)),
+                                  LIBSSH2_SFTP_STAT,
+                                  &sshc->quote_attrs);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc != 0 && !sshc->acceptfail) { /* get those attributes */
+          err = sftp_libssh2_last_error(sshc->sftp_session);
+          Curl_safefree(sshc->quote_path1);
+          Curl_safefree(sshc->quote_path2);
+          failf(data, "Attempt to get SFTP stats failed: %s",
+                sftp_libssh2_strerror(err));
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->nextstate = SSH_NO_STATE;
+          sshc->actualcode = CURLE_QUOTE_ERROR;
+          break;
+        }
+      }
+
+      /* Now set the new attributes... */
+      if(curl_strnequal(cmd, "chgrp", 5)) {
+        sshc->quote_attrs.gid = strtoul(sshc->quote_path1, NULL, 10);
+        sshc->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID;
+        if(sshc->quote_attrs.gid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
+           !sshc->acceptfail) {
+          Curl_safefree(sshc->quote_path1);
+          Curl_safefree(sshc->quote_path2);
+          failf(data, "Syntax error: chgrp gid not a number");
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->nextstate = SSH_NO_STATE;
+          sshc->actualcode = CURLE_QUOTE_ERROR;
+          break;
+        }
+      }
+      else if(curl_strnequal(cmd, "chmod", 5)) {
+        sshc->quote_attrs.permissions = strtoul(sshc->quote_path1, NULL, 8);
+        sshc->quote_attrs.flags = LIBSSH2_SFTP_ATTR_PERMISSIONS;
+        /* permissions are octal */
+        if(sshc->quote_attrs.permissions == 0 &&
+           !ISDIGIT(sshc->quote_path1[0])) {
+          Curl_safefree(sshc->quote_path1);
+          Curl_safefree(sshc->quote_path2);
+          failf(data, "Syntax error: chmod permissions not a number");
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->nextstate = SSH_NO_STATE;
+          sshc->actualcode = CURLE_QUOTE_ERROR;
+          break;
+        }
+      }
+      else if(curl_strnequal(cmd, "chown", 5)) {
+        sshc->quote_attrs.uid = strtoul(sshc->quote_path1, NULL, 10);
+        sshc->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID;
+        if(sshc->quote_attrs.uid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
+           !sshc->acceptfail) {
+          Curl_safefree(sshc->quote_path1);
+          Curl_safefree(sshc->quote_path2);
+          failf(data, "Syntax error: chown uid not a number");
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->nextstate = SSH_NO_STATE;
+          sshc->actualcode = CURLE_QUOTE_ERROR;
+          break;
+        }
+      }
+
+      /* Now send the completed structure... */
+      state(conn, SSH_SFTP_QUOTE_SETSTAT);
+      break;
+    }
+
+    case SSH_SFTP_QUOTE_SETSTAT:
+      rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2,
+                                curlx_uztoui(strlen(sshc->quote_path2)),
+                                LIBSSH2_SFTP_SETSTAT,
+                                &sshc->quote_attrs);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc != 0 && !sshc->acceptfail) {
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        Curl_safefree(sshc->quote_path1);
+        Curl_safefree(sshc->quote_path2);
+        failf(data, "Attempt to set SFTP stats failed: %s",
+              sftp_libssh2_strerror(err));
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->nextstate = SSH_NO_STATE;
+        sshc->actualcode = CURLE_QUOTE_ERROR;
+        break;
+      }
+      state(conn, SSH_SFTP_NEXT_QUOTE);
+      break;
+
+    case SSH_SFTP_QUOTE_SYMLINK:
+      rc = libssh2_sftp_symlink_ex(sshc->sftp_session, sshc->quote_path1,
+                                   curlx_uztoui(strlen(sshc->quote_path1)),
+                                   sshc->quote_path2,
+                                   curlx_uztoui(strlen(sshc->quote_path2)),
+                                   LIBSSH2_SFTP_SYMLINK);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc != 0 && !sshc->acceptfail) {
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        Curl_safefree(sshc->quote_path1);
+        Curl_safefree(sshc->quote_path2);
+        failf(data, "symlink command failed: %s",
+              sftp_libssh2_strerror(err));
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->nextstate = SSH_NO_STATE;
+        sshc->actualcode = CURLE_QUOTE_ERROR;
+        break;
+      }
+      state(conn, SSH_SFTP_NEXT_QUOTE);
+      break;
+
+    case SSH_SFTP_QUOTE_MKDIR:
+      rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sshc->quote_path1,
+                                 curlx_uztoui(strlen(sshc->quote_path1)),
+                                 data->set.new_directory_perms);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc != 0 && !sshc->acceptfail) {
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        Curl_safefree(sshc->quote_path1);
+        failf(data, "mkdir command failed: %s", sftp_libssh2_strerror(err));
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->nextstate = SSH_NO_STATE;
+        sshc->actualcode = CURLE_QUOTE_ERROR;
+        break;
+      }
+      state(conn, SSH_SFTP_NEXT_QUOTE);
+      break;
+
+    case SSH_SFTP_QUOTE_RENAME:
+      rc = libssh2_sftp_rename_ex(sshc->sftp_session, sshc->quote_path1,
+                                  curlx_uztoui(strlen(sshc->quote_path1)),
+                                  sshc->quote_path2,
+                                  curlx_uztoui(strlen(sshc->quote_path2)),
+                                  LIBSSH2_SFTP_RENAME_OVERWRITE |
+                                  LIBSSH2_SFTP_RENAME_ATOMIC |
+                                  LIBSSH2_SFTP_RENAME_NATIVE);
+
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc != 0 && !sshc->acceptfail) {
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        Curl_safefree(sshc->quote_path1);
+        Curl_safefree(sshc->quote_path2);
+        failf(data, "rename command failed: %s", sftp_libssh2_strerror(err));
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->nextstate = SSH_NO_STATE;
+        sshc->actualcode = CURLE_QUOTE_ERROR;
+        break;
+      }
+      state(conn, SSH_SFTP_NEXT_QUOTE);
+      break;
+
+    case SSH_SFTP_QUOTE_RMDIR:
+      rc = libssh2_sftp_rmdir_ex(sshc->sftp_session, sshc->quote_path1,
+                                 curlx_uztoui(strlen(sshc->quote_path1)));
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc != 0 && !sshc->acceptfail) {
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        Curl_safefree(sshc->quote_path1);
+        failf(data, "rmdir command failed: %s", sftp_libssh2_strerror(err));
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->nextstate = SSH_NO_STATE;
+        sshc->actualcode = CURLE_QUOTE_ERROR;
+        break;
+      }
+      state(conn, SSH_SFTP_NEXT_QUOTE);
+      break;
+
+    case SSH_SFTP_QUOTE_UNLINK:
+      rc = libssh2_sftp_unlink_ex(sshc->sftp_session, sshc->quote_path1,
+                                  curlx_uztoui(strlen(sshc->quote_path1)));
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc != 0 && !sshc->acceptfail) {
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        Curl_safefree(sshc->quote_path1);
+        failf(data, "rm command failed: %s", sftp_libssh2_strerror(err));
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->nextstate = SSH_NO_STATE;
+        sshc->actualcode = CURLE_QUOTE_ERROR;
+        break;
+      }
+      state(conn, SSH_SFTP_NEXT_QUOTE);
+      break;
+
+    case SSH_SFTP_TRANS_INIT:
+      if(data->set.upload)
+        state(conn, SSH_SFTP_UPLOAD_INIT);
+      else {
+        if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
+          state(conn, SSH_SFTP_READDIR_INIT);
+        else
+          state(conn, SSH_SFTP_DOWNLOAD_INIT);
+      }
+      break;
+
+    case SSH_SFTP_UPLOAD_INIT:
+    {
+      unsigned long flags;
+      /*
+       * NOTE!!!  libssh2 requires that the destination path is a full path
+       *          that includes the destination file and name OR ends in a "/"
+       *          If this is not done the destination file will be named the
+       *          same name as the last directory in the path.
+       */
+
+      if(data->state.resume_from != 0) {
+        LIBSSH2_SFTP_ATTRIBUTES attrs;
+        if(data->state.resume_from < 0) {
+          rc = libssh2_sftp_stat_ex(sshc->sftp_session, sftp_scp->path,
+                                    curlx_uztoui(strlen(sftp_scp->path)),
+                                    LIBSSH2_SFTP_STAT, &attrs);
+          if(rc == LIBSSH2_ERROR_EAGAIN) {
+            break;
+          }
+          else if(rc) {
+            data->state.resume_from = 0;
+          }
+          else {
+            curl_off_t size = attrs.filesize;
+            if(size < 0) {
+              failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size);
+              return CURLE_BAD_DOWNLOAD_RESUME;
+            }
+            data->state.resume_from = attrs.filesize;
+          }
+        }
+      }
+
+      if(data->set.ftp_append)
+        /* Try to open for append, but create if nonexisting */
+        flags = LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_APPEND;
+      else if(data->state.resume_from > 0)
+        /* If we have restart position then open for append */
+        flags = LIBSSH2_FXF_WRITE|LIBSSH2_FXF_APPEND;
+      else
+        /* Clear file before writing (normal behaviour) */
+        flags = LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC;
+
+      sshc->sftp_handle =
+        libssh2_sftp_open_ex(sshc->sftp_session, sftp_scp->path,
+                             curlx_uztoui(strlen(sftp_scp->path)),
+                             flags, data->set.new_file_perms,
+                             LIBSSH2_SFTP_OPENFILE);
+
+      if(!sshc->sftp_handle) {
+        rc = libssh2_session_last_errno(sshc->ssh_session);
+
+        if(LIBSSH2_ERROR_EAGAIN == rc)
+          break;
+        else {
+          if(LIBSSH2_ERROR_SFTP_PROTOCOL == rc)
+            /* only when there was an SFTP protocol error can we extract
+               the sftp error! */
+            err = sftp_libssh2_last_error(sshc->sftp_session);
+          else
+            err = -1; /* not an sftp error at all */
+
+          if(sshc->secondCreateDirs) {
+            state(conn, SSH_SFTP_CLOSE);
+            sshc->actualcode = err>= LIBSSH2_FX_OK?
+              sftp_libssh2_error_to_CURLE(err):CURLE_SSH;
+            failf(data, "Creating the dir/file failed: %s",
+                  sftp_libssh2_strerror(err));
+            break;
+          }
+          else if(((err == LIBSSH2_FX_NO_SUCH_FILE) ||
+                   (err == LIBSSH2_FX_FAILURE) ||
+                   (err == LIBSSH2_FX_NO_SUCH_PATH)) &&
+                  (data->set.ftp_create_missing_dirs &&
+                   (strlen(sftp_scp->path) > 1))) {
+            /* try to create the path remotely */
+            sshc->secondCreateDirs = 1;
+            state(conn, SSH_SFTP_CREATE_DIRS_INIT);
+            break;
+          }
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->actualcode = err>= LIBSSH2_FX_OK?
+            sftp_libssh2_error_to_CURLE(err):CURLE_SSH;
+          if(!sshc->actualcode) {
+            /* Sometimes, for some reason libssh2_sftp_last_error() returns
+               zero even though libssh2_sftp_open() failed previously! We need
+               to work around that! */
+            sshc->actualcode = CURLE_SSH;
+            err=-1;
+          }
+          failf(data, "Upload failed: %s (%d/%d)",
+                err>= LIBSSH2_FX_OK?sftp_libssh2_strerror(err):"ssh error",
+                err, rc);
+          break;
+        }
+      }
+
+      /* If we have a restart point then we need to seek to the correct
+         position. */
+      if(data->state.resume_from > 0) {
+        /* Let's read off the proper amount of bytes from the input. */
+        if(conn->seek_func) {
+          seekerr = conn->seek_func(conn->seek_client, data->state.resume_from,
+                                    SEEK_SET);
+        }
+
+        if(seekerr != CURL_SEEKFUNC_OK) {
+
+          if(seekerr != CURL_SEEKFUNC_CANTSEEK) {
+            failf(data, "Could not seek stream");
+            return CURLE_FTP_COULDNT_USE_REST;
+          }
+          /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */
+          else {
+            curl_off_t passed=0;
+            do {
+              size_t readthisamountnow =
+                (data->state.resume_from - passed > CURL_OFF_T_C(BUFSIZE)) ?
+                BUFSIZE : curlx_sotouz(data->state.resume_from - passed);
+
+              size_t actuallyread =
+                conn->fread_func(data->state.buffer, 1, readthisamountnow,
+                                 conn->fread_in);
+
+              passed += actuallyread;
+              if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
+                /* this checks for greater-than only to make sure that the
+                   CURL_READFUNC_ABORT return code still aborts */
+                failf(data, "Failed to read data");
+                return CURLE_FTP_COULDNT_USE_REST;
+              }
+            } while(passed < data->state.resume_from);
+          }
+        }
+
+        /* now, decrease the size of the read */
+        if(data->state.infilesize > 0) {
+          data->state.infilesize -= data->state.resume_from;
+          data->req.size = data->state.infilesize;
+          Curl_pgrsSetUploadSize(data, data->state.infilesize);
+        }
+
+        SFTP_SEEK(sshc->sftp_handle, data->state.resume_from);
+      }
+      if(data->state.infilesize > 0) {
+        data->req.size = data->state.infilesize;
+        Curl_pgrsSetUploadSize(data, data->state.infilesize);
+      }
+      /* upload data */
+      Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
+
+      /* not set by Curl_setup_transfer to preserve keepon bits */
+      conn->sockfd = conn->writesockfd;
+
+      if(result) {
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->actualcode = result;
+      }
+      else {
+        /* store this original bitmask setup to use later on if we can't
+           figure out a "real" bitmask */
+        sshc->orig_waitfor = data->req.keepon;
+
+        /* we want to use the _sending_ function even when the socket turns
+           out readable as the underlying libssh2 sftp send function will deal
+           with both accordingly */
+        conn->cselect_bits = CURL_CSELECT_OUT;
+
+        /* since we don't really wait for anything at this point, we want the
+           state machine to move on as soon as possible so we set a very short
+           timeout here */
+        Curl_expire(data, 1);
+
+        state(conn, SSH_STOP);
+      }
+      break;
+    }
+
+    case SSH_SFTP_CREATE_DIRS_INIT:
+      if(strlen(sftp_scp->path) > 1) {
+        sshc->slash_pos = sftp_scp->path + 1; /* ignore the leading '/' */
+        state(conn, SSH_SFTP_CREATE_DIRS);
+      }
+      else {
+        state(conn, SSH_SFTP_UPLOAD_INIT);
+      }
+      break;
+
+    case SSH_SFTP_CREATE_DIRS:
+      if((sshc->slash_pos = strchr(sshc->slash_pos, '/')) != NULL) {
+        *sshc->slash_pos = 0;
+
+        infof(data, "Creating directory '%s'\n", sftp_scp->path);
+        state(conn, SSH_SFTP_CREATE_DIRS_MKDIR);
+        break;
+      }
+      else {
+        state(conn, SSH_SFTP_UPLOAD_INIT);
+      }
+      break;
+
+    case SSH_SFTP_CREATE_DIRS_MKDIR:
+      /* 'mode' - parameter is preliminary - default to 0644 */
+      rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sftp_scp->path,
+                                 curlx_uztoui(strlen(sftp_scp->path)),
+                                 data->set.new_directory_perms);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      *sshc->slash_pos = '/';
+      ++sshc->slash_pos;
+      if(rc == -1) {
+        /*
+         * Abort if failure wasn't that the dir already exists or the
+         * permission was denied (creation might succeed further down the
+         * path) - retry on unspecific FAILURE also
+         */
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        if((err != LIBSSH2_FX_FILE_ALREADY_EXISTS) &&
+           (err != LIBSSH2_FX_FAILURE) &&
+           (err != LIBSSH2_FX_PERMISSION_DENIED)) {
+          result = sftp_libssh2_error_to_CURLE(err);
+          state(conn, SSH_SFTP_CLOSE);
+          sshc->actualcode = result?result:CURLE_SSH;
+          break;
+        }
+      }
+      state(conn, SSH_SFTP_CREATE_DIRS);
+      break;
+
+    case SSH_SFTP_READDIR_INIT:
+      Curl_pgrsSetDownloadSize(data, -1);
+      if(data->set.opt_no_body) {
+        state(conn, SSH_STOP);
+        break;
+      }
+
+      /*
+       * This is a directory that we are trying to get, so produce a directory
+       * listing
+       */
+      sshc->sftp_handle = libssh2_sftp_open_ex(sshc->sftp_session,
+                                               sftp_scp->path,
+                                               curlx_uztoui(
+                                                 strlen(sftp_scp->path)),
+                                               0, 0, LIBSSH2_SFTP_OPENDIR);
+      if(!sshc->sftp_handle) {
+        if(libssh2_session_last_errno(sshc->ssh_session) ==
+           LIBSSH2_ERROR_EAGAIN) {
+          rc = LIBSSH2_ERROR_EAGAIN;
+          break;
+        }
+        else {
+          err = sftp_libssh2_last_error(sshc->sftp_session);
+          failf(data, "Could not open directory for reading: %s",
+                sftp_libssh2_strerror(err));
+          state(conn, SSH_SFTP_CLOSE);
+          result = sftp_libssh2_error_to_CURLE(err);
+          sshc->actualcode = result?result:CURLE_SSH;
+          break;
+        }
+      }
+      if((sshc->readdir_filename = malloc(PATH_MAX+1)) == NULL) {
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->actualcode = CURLE_OUT_OF_MEMORY;
+        break;
+      }
+      if((sshc->readdir_longentry = malloc(PATH_MAX+1)) == NULL) {
+        Curl_safefree(sshc->readdir_filename);
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->actualcode = CURLE_OUT_OF_MEMORY;
+        break;
+      }
+      state(conn, SSH_SFTP_READDIR);
+      break;
+
+    case SSH_SFTP_READDIR:
+      sshc->readdir_len = libssh2_sftp_readdir_ex(sshc->sftp_handle,
+                                                  sshc->readdir_filename,
+                                                  PATH_MAX,
+                                                  sshc->readdir_longentry,
+                                                  PATH_MAX,
+                                                  &sshc->readdir_attrs);
+      if(sshc->readdir_len == LIBSSH2_ERROR_EAGAIN) {
+        rc = LIBSSH2_ERROR_EAGAIN;
+        break;
+      }
+      if(sshc->readdir_len > 0) {
+        sshc->readdir_filename[sshc->readdir_len] = '\0';
+
+        if(data->set.ftp_list_only) {
+          char *tmpLine;
+
+          tmpLine = aprintf("%s\n", sshc->readdir_filename);
+          if(tmpLine == NULL) {
+            state(conn, SSH_SFTP_CLOSE);
+            sshc->actualcode = CURLE_OUT_OF_MEMORY;
+            break;
+          }
+          result = Curl_client_write(conn, CLIENTWRITE_BODY,
+                                     tmpLine, sshc->readdir_len+1);
+          Curl_safefree(tmpLine);
+
+          if(result) {
+            state(conn, SSH_STOP);
+            break;
+          }
+          /* since this counts what we send to the client, we include the
+             newline in this counter */
+          data->req.bytecount += sshc->readdir_len+1;
+
+          /* output debug output if that is requested */
+          if(data->set.verbose) {
+            Curl_debug(data, CURLINFO_DATA_OUT, sshc->readdir_filename,
+                       sshc->readdir_len, conn);
+          }
+        }
+        else {
+          sshc->readdir_currLen = (int)strlen(sshc->readdir_longentry);
+          sshc->readdir_totalLen = 80 + sshc->readdir_currLen;
+          sshc->readdir_line = calloc(sshc->readdir_totalLen, 1);
+          if(!sshc->readdir_line) {
+            Curl_safefree(sshc->readdir_filename);
+            Curl_safefree(sshc->readdir_longentry);
+            state(conn, SSH_SFTP_CLOSE);
+            sshc->actualcode = CURLE_OUT_OF_MEMORY;
+            break;
+          }
+
+          memcpy(sshc->readdir_line, sshc->readdir_longentry,
+                 sshc->readdir_currLen);
+          if((sshc->readdir_attrs.flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) &&
+             ((sshc->readdir_attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
+              LIBSSH2_SFTP_S_IFLNK)) {
+            sshc->readdir_linkPath = malloc(PATH_MAX + 1);
+            if(sshc->readdir_linkPath == NULL) {
+              Curl_safefree(sshc->readdir_filename);
+              Curl_safefree(sshc->readdir_longentry);
+              state(conn, SSH_SFTP_CLOSE);
+              sshc->actualcode = CURLE_OUT_OF_MEMORY;
+              break;
+            }
+
+            snprintf(sshc->readdir_linkPath, PATH_MAX, "%s%s", sftp_scp->path,
+                     sshc->readdir_filename);
+            state(conn, SSH_SFTP_READDIR_LINK);
+            break;
+          }
+          state(conn, SSH_SFTP_READDIR_BOTTOM);
+          break;
+        }
+      }
+      else if(sshc->readdir_len == 0) {
+        Curl_safefree(sshc->readdir_filename);
+        Curl_safefree(sshc->readdir_longentry);
+        state(conn, SSH_SFTP_READDIR_DONE);
+        break;
+      }
+      else if(sshc->readdir_len <= 0) {
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        result = sftp_libssh2_error_to_CURLE(err);
+        sshc->actualcode = result?result:CURLE_SSH;
+        failf(data, "Could not open remote file for reading: %s :: %d",
+              sftp_libssh2_strerror(err),
+              libssh2_session_last_errno(sshc->ssh_session));
+        Curl_safefree(sshc->readdir_filename);
+        Curl_safefree(sshc->readdir_longentry);
+        state(conn, SSH_SFTP_CLOSE);
+        break;
+      }
+      break;
+
+    case SSH_SFTP_READDIR_LINK:
+      sshc->readdir_len =
+        libssh2_sftp_symlink_ex(sshc->sftp_session,
+                                sshc->readdir_linkPath,
+                                curlx_uztoui(strlen(sshc->readdir_linkPath)),
+                                sshc->readdir_filename,
+                                PATH_MAX, LIBSSH2_SFTP_READLINK);
+      if(sshc->readdir_len == LIBSSH2_ERROR_EAGAIN) {
+        rc = LIBSSH2_ERROR_EAGAIN;
+        break;
+      }
+      Curl_safefree(sshc->readdir_linkPath);
+
+      /* get room for the filename and extra output */
+      sshc->readdir_totalLen += 4 + sshc->readdir_len;
+      new_readdir_line = realloc(sshc->readdir_line, sshc->readdir_totalLen);
+      if(!new_readdir_line) {
+        Curl_safefree(sshc->readdir_line);
+        Curl_safefree(sshc->readdir_filename);
+        Curl_safefree(sshc->readdir_longentry);
+        state(conn, SSH_SFTP_CLOSE);
+        sshc->actualcode = CURLE_OUT_OF_MEMORY;
+        break;
+      }
+      sshc->readdir_line = new_readdir_line;
+
+      sshc->readdir_currLen += snprintf(sshc->readdir_line +
+                                        sshc->readdir_currLen,
+                                        sshc->readdir_totalLen -
+                                        sshc->readdir_currLen,
+                                        " -> %s",
+                                        sshc->readdir_filename);
+
+      state(conn, SSH_SFTP_READDIR_BOTTOM);
+      break;
+
+    case SSH_SFTP_READDIR_BOTTOM:
+      sshc->readdir_currLen += snprintf(sshc->readdir_line +
+                                        sshc->readdir_currLen,
+                                        sshc->readdir_totalLen -
+                                        sshc->readdir_currLen, "\n");
+      result = Curl_client_write(conn, CLIENTWRITE_BODY,
+                                 sshc->readdir_line,
+                                 sshc->readdir_currLen);
+
+      if(result == CURLE_OK) {
+
+        /* output debug output if that is requested */
+        if(data->set.verbose) {
+          Curl_debug(data, CURLINFO_DATA_OUT, sshc->readdir_line,
+                     sshc->readdir_currLen, conn);
+        }
+        data->req.bytecount += sshc->readdir_currLen;
+      }
+      Curl_safefree(sshc->readdir_line);
+      if(result) {
+        state(conn, SSH_STOP);
+      }
+      else
+        state(conn, SSH_SFTP_READDIR);
+      break;
+
+    case SSH_SFTP_READDIR_DONE:
+      if(libssh2_sftp_closedir(sshc->sftp_handle) ==
+         LIBSSH2_ERROR_EAGAIN) {
+        rc = LIBSSH2_ERROR_EAGAIN;
+        break;
+      }
+      sshc->sftp_handle = NULL;
+      Curl_safefree(sshc->readdir_filename);
+      Curl_safefree(sshc->readdir_longentry);
+
+      /* no data to transfer */
+      Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+      state(conn, SSH_STOP);
+      break;
+
+    case SSH_SFTP_DOWNLOAD_INIT:
+      /*
+       * Work on getting the specified file
+       */
+      sshc->sftp_handle =
+        libssh2_sftp_open_ex(sshc->sftp_session, sftp_scp->path,
+                             curlx_uztoui(strlen(sftp_scp->path)),
+                             LIBSSH2_FXF_READ, data->set.new_file_perms,
+                             LIBSSH2_SFTP_OPENFILE);
+      if(!sshc->sftp_handle) {
+        if(libssh2_session_last_errno(sshc->ssh_session) ==
+           LIBSSH2_ERROR_EAGAIN) {
+          rc = LIBSSH2_ERROR_EAGAIN;
+          break;
+        }
+        else {
+          err = sftp_libssh2_last_error(sshc->sftp_session);
+          failf(data, "Could not open remote file for reading: %s",
+                sftp_libssh2_strerror(err));
+          state(conn, SSH_SFTP_CLOSE);
+          result = sftp_libssh2_error_to_CURLE(err);
+          sshc->actualcode = result?result:CURLE_SSH;
+          break;
+        }
+      }
+      state(conn, SSH_SFTP_DOWNLOAD_STAT);
+      break;
+
+    case SSH_SFTP_DOWNLOAD_STAT:
+    {
+      LIBSSH2_SFTP_ATTRIBUTES attrs;
+
+      rc = libssh2_sftp_stat_ex(sshc->sftp_session, sftp_scp->path,
+                                curlx_uztoui(strlen(sftp_scp->path)),
+                                LIBSSH2_SFTP_STAT, &attrs);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
+        break;
+      }
+      else if(rc) {
+        /*
+         * libssh2_sftp_open() didn't return an error, so maybe the server
+         * just doesn't support stat()
+         */
+        data->req.size = -1;
+        data->req.maxdownload = -1;
+        Curl_pgrsSetDownloadSize(data, -1);
+      }
+      else {
+        curl_off_t size = attrs.filesize;
+
+        if(size < 0) {
+          failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size);
+          return CURLE_BAD_DOWNLOAD_RESUME;
+        }
+        if(conn->data->state.use_range) {
+          curl_off_t from, to;
+          char *ptr;
+          char *ptr2;
+
+          from=curlx_strtoofft(conn->data->state.range, &ptr, 0);
+          while(*ptr && (ISSPACE(*ptr) || (*ptr=='-')))
+            ptr++;
+          to=curlx_strtoofft(ptr, &ptr2, 0);
+          if((ptr == ptr2) /* no "to" value given */
+             || (to >= size)) {
+            to = size - 1;
+          }
+          if(from < 0) {
+            /* from is relative to end of file */
+            from += size;
+          }
+          if(from >= size) {
+            failf(data, "Offset (%"
+                  CURL_FORMAT_CURL_OFF_T ") was beyond file size (%"
+                  CURL_FORMAT_CURL_OFF_T ")", from, attrs.filesize);
+            return CURLE_BAD_DOWNLOAD_RESUME;
+          }
+          if(from > to) {
+            from = to;
+            size = 0;
+          }
+          else {
+            size = to - from + 1;
+          }
+
+          SFTP_SEEK(conn->proto.sshc.sftp_handle, from);
+        }
+        data->req.size = size;
+        data->req.maxdownload = size;
+        Curl_pgrsSetDownloadSize(data, size);
+      }
+
+      /* We can resume if we can seek to the resume position */
+      if(data->state.resume_from) {
+        if(data->state.resume_from < 0) {
+          /* We're supposed to download the last abs(from) bytes */
+          if((curl_off_t)attrs.filesize < -data->state.resume_from) {
+            failf(data, "Offset (%"
+                  CURL_FORMAT_CURL_OFF_T ") was beyond file size (%"
+                  CURL_FORMAT_CURL_OFF_T ")",
+                  data->state.resume_from, attrs.filesize);
+            return CURLE_BAD_DOWNLOAD_RESUME;
+          }
+          /* download from where? */
+          data->state.resume_from += attrs.filesize;
+        }
+        else {
+          if((curl_off_t)attrs.filesize < data->state.resume_from) {
+            failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T
+                  ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")",
+                  data->state.resume_from, attrs.filesize);
+            return CURLE_BAD_DOWNLOAD_RESUME;
+          }
+        }
+        /* Does a completed file need to be seeked and started or closed ? */
+        /* Now store the number of bytes we are expected to download */
+        data->req.size = attrs.filesize - data->state.resume_from;
+        data->req.maxdownload = attrs.filesize - data->state.resume_from;
+        Curl_pgrsSetDownloadSize(data,
+                                 attrs.filesize - data->state.resume_from);
+        SFTP_SEEK(sshc->sftp_handle, data->state.resume_from);
+      }
+    }
+
+    /* Setup the actual download */
+    if(data->req.size == 0) {
+      /* no data to transfer */
+      Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+      infof(data, "File already completely downloaded\n");
+      state(conn, SSH_STOP);
+      break;
+    }
+    else {
+      Curl_setup_transfer(conn, FIRSTSOCKET, data->req.size,
+                          FALSE, NULL, -1, NULL);
+
+      /* not set by Curl_setup_transfer to preserve keepon bits */
+      conn->writesockfd = conn->sockfd;
+
+      /* we want to use the _receiving_ function even when the socket turns
+         out writableable as the underlying libssh2 recv function will deal
+         with both accordingly */
+      conn->cselect_bits = CURL_CSELECT_IN;
+    }
+    if(result) {
+      /* this should never occur; the close state should be entered
+         at the time the error occurs */
+      state(conn, SSH_SFTP_CLOSE);
+      sshc->actualcode = result;
+    }
+    else {
+      state(conn, SSH_STOP);
+    }
+    break;
+
+    case SSH_SFTP_CLOSE:
+      if(sshc->sftp_handle) {
+        rc = libssh2_sftp_close(sshc->sftp_handle);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc < 0) {
+          infof(data, "Failed to close libssh2 file\n");
+        }
+        sshc->sftp_handle = NULL;
+      }
+      if(sftp_scp)
+        Curl_safefree(sftp_scp->path);
+
+      DEBUGF(infof(data, "SFTP DONE done\n"));
+
+      /* Check if nextstate is set and move .nextstate could be POSTQUOTE_INIT
+         After nextstate is executed,the control should come back to
+         SSH_SFTP_CLOSE to pass the correct result back  */
+      if(sshc->nextstate != SSH_NO_STATE &&
+         sshc->nextstate != SSH_SFTP_CLOSE) {
+        state(conn, sshc->nextstate);
+        sshc->nextstate = SSH_SFTP_CLOSE;
+      }
+      else {
+        state(conn, SSH_STOP);
+        result = sshc->actualcode;
+      }
+      break;
+
+    case SSH_SFTP_SHUTDOWN:
+      /* during times we get here due to a broken transfer and then the
+         sftp_handle might not have been taken down so make sure that is done
+         before we proceed */
+
+      if(sshc->sftp_handle) {
+        rc = libssh2_sftp_close(sshc->sftp_handle);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc < 0) {
+          infof(data, "Failed to close libssh2 file\n");
+        }
+        sshc->sftp_handle = NULL;
+      }
+      if(sshc->sftp_session) {
+        rc = libssh2_sftp_shutdown(sshc->sftp_session);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc < 0) {
+          infof(data, "Failed to stop libssh2 sftp subsystem\n");
+        }
+        sshc->sftp_session = NULL;
+      }
+
+      Curl_safefree(sshc->homedir);
+      conn->data->state.most_recent_ftp_entrypath = NULL;
+
+      state(conn, SSH_SESSION_DISCONNECT);
+      break;
+
+    case SSH_SCP_TRANS_INIT:
+      result = ssh_getworkingpath(conn, sshc->homedir, &sftp_scp->path);
+      if(result) {
+        sshc->actualcode = result;
+        state(conn, SSH_STOP);
+        break;
+      }
+
+      if(data->set.upload) {
+        if(data->state.infilesize < 0) {
+          failf(data, "SCP requires a known file size for upload");
+          sshc->actualcode = CURLE_UPLOAD_FAILED;
+          state(conn, SSH_SCP_CHANNEL_FREE);
+          break;
+        }
+        state(conn, SSH_SCP_UPLOAD_INIT);
+      }
+      else {
+        state(conn, SSH_SCP_DOWNLOAD_INIT);
+      }
+      break;
+
+    case SSH_SCP_UPLOAD_INIT:
+      /*
+       * libssh2 requires that the destination path is a full path that
+       * includes the destination file and name OR ends in a "/" .  If this is
+       * not done the destination file will be named the same name as the last
+       * directory in the path.
+       */
+      sshc->ssh_channel =
+        SCP_SEND(sshc->ssh_session, sftp_scp->path, data->set.new_file_perms,
+                 data->state.infilesize);
+      if(!sshc->ssh_channel) {
+        if(libssh2_session_last_errno(sshc->ssh_session) ==
+           LIBSSH2_ERROR_EAGAIN) {
+          rc = LIBSSH2_ERROR_EAGAIN;
+          break;
+        }
+        else {
+          int ssh_err;
+          char *err_msg;
+
+          ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
+                                                     &err_msg, NULL, 0));
+          failf(conn->data, "%s", err_msg);
+          state(conn, SSH_SCP_CHANNEL_FREE);
+          sshc->actualcode = libssh2_session_error_to_CURLE(ssh_err);
+          break;
+        }
+      }
+
+      /* upload data */
+      Curl_setup_transfer(conn, -1, data->req.size, FALSE, NULL,
+                          FIRSTSOCKET, NULL);
+
+      /* not set by Curl_setup_transfer to preserve keepon bits */
+      conn->sockfd = conn->writesockfd;
+
+      if(result) {
+        state(conn, SSH_SCP_CHANNEL_FREE);
+        sshc->actualcode = result;
+      }
+      else {
+        /* store this original bitmask setup to use later on if we can't
+           figure out a "real" bitmask */
+        sshc->orig_waitfor = data->req.keepon;
+
+        /* we want to use the _sending_ function even when the socket turns
+           out readable as the underlying libssh2 scp send function will deal
+           with both accordingly */
+        conn->cselect_bits = CURL_CSELECT_OUT;
+
+        state(conn, SSH_STOP);
+      }
+      break;
+
+    case SSH_SCP_DOWNLOAD_INIT:
+    {
+      /*
+       * We must check the remote file; if it is a directory no values will
+       * be set in sb
+       */
+      struct stat sb;
+      curl_off_t bytecount;
+
+      /* clear the struct scp recv will fill in */
+      memset(&sb, 0, sizeof(struct stat));
+
+      /* get a fresh new channel from the ssh layer */
+      sshc->ssh_channel = libssh2_scp_recv(sshc->ssh_session,
+                                           sftp_scp->path, &sb);
+      if(!sshc->ssh_channel) {
+        if(libssh2_session_last_errno(sshc->ssh_session) ==
+           LIBSSH2_ERROR_EAGAIN) {
+          rc = LIBSSH2_ERROR_EAGAIN;
+          break;
+        }
+        else {
+          int ssh_err;
+          char *err_msg;
+
+          ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
+                                                     &err_msg, NULL, 0));
+          failf(conn->data, "%s", err_msg);
+          state(conn, SSH_SCP_CHANNEL_FREE);
+          sshc->actualcode = libssh2_session_error_to_CURLE(ssh_err);
+          break;
+        }
+      }
+
+      /* download data */
+      bytecount = (curl_off_t)sb.st_size;
+      data->req.maxdownload =  (curl_off_t)sb.st_size;
+      Curl_setup_transfer(conn, FIRSTSOCKET, bytecount, FALSE, NULL, -1, NULL);
+
+      /* not set by Curl_setup_transfer to preserve keepon bits */
+      conn->writesockfd = conn->sockfd;
+
+      /* we want to use the _receiving_ function even when the socket turns
+         out writableable as the underlying libssh2 recv function will deal
+         with both accordingly */
+      conn->cselect_bits = CURL_CSELECT_IN;
+
+      if(result) {
+        state(conn, SSH_SCP_CHANNEL_FREE);
+        sshc->actualcode = result;
+      }
+      else
+        state(conn, SSH_STOP);
+    }
+    break;
+
+    case SSH_SCP_DONE:
+      if(data->set.upload)
+        state(conn, SSH_SCP_SEND_EOF);
+      else
+        state(conn, SSH_SCP_CHANNEL_FREE);
+      break;
+
+    case SSH_SCP_SEND_EOF:
+      if(sshc->ssh_channel) {
+        rc = libssh2_channel_send_eof(sshc->ssh_channel);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc) {
+          infof(data, "Failed to send libssh2 channel EOF\n");
+        }
+      }
+      state(conn, SSH_SCP_WAIT_EOF);
+      break;
+
+    case SSH_SCP_WAIT_EOF:
+      if(sshc->ssh_channel) {
+        rc = libssh2_channel_wait_eof(sshc->ssh_channel);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc) {
+          infof(data, "Failed to get channel EOF: %d\n", rc);
+        }
+      }
+      state(conn, SSH_SCP_WAIT_CLOSE);
+      break;
+
+    case SSH_SCP_WAIT_CLOSE:
+      if(sshc->ssh_channel) {
+        rc = libssh2_channel_wait_closed(sshc->ssh_channel);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc) {
+          infof(data, "Channel failed to close: %d\n", rc);
+        }
+      }
+      state(conn, SSH_SCP_CHANNEL_FREE);
+      break;
+
+    case SSH_SCP_CHANNEL_FREE:
+      if(sshc->ssh_channel) {
+        rc = libssh2_channel_free(sshc->ssh_channel);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc < 0) {
+          infof(data, "Failed to free libssh2 scp subsystem\n");
+        }
+        sshc->ssh_channel = NULL;
+      }
+      DEBUGF(infof(data, "SCP DONE phase complete\n"));
+#if 0 /* PREV */
+      state(conn, SSH_SESSION_DISCONNECT);
+#endif
+      state(conn, SSH_STOP);
+      result = sshc->actualcode;
+      break;
+
+    case SSH_SESSION_DISCONNECT:
+      /* during weird times when we've been prematurely aborted, the channel
+         is still alive when we reach this state and we MUST kill the channel
+         properly first */
+      if(sshc->ssh_channel) {
+        rc = libssh2_channel_free(sshc->ssh_channel);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc < 0) {
+          infof(data, "Failed to free libssh2 scp subsystem\n");
+        }
+        sshc->ssh_channel = NULL;
+      }
+
+      if(sshc->ssh_session) {
+        rc = libssh2_session_disconnect(sshc->ssh_session, "Shutdown");
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc < 0) {
+          infof(data, "Failed to disconnect libssh2 session\n");
+        }
+      }
+
+      Curl_safefree(sshc->homedir);
+      conn->data->state.most_recent_ftp_entrypath = NULL;
+
+      state(conn, SSH_SESSION_FREE);
+      break;
+
+    case SSH_SESSION_FREE:
+#ifdef HAVE_LIBSSH2_KNOWNHOST_API
+      if(sshc->kh) {
+        libssh2_knownhost_free(sshc->kh);
+        sshc->kh = NULL;
+      }
+#endif
+
+#ifdef HAVE_LIBSSH2_AGENT_API
+      if(sshc->ssh_agent) {
+        rc = libssh2_agent_disconnect(sshc->ssh_agent);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc < 0) {
+          infof(data, "Failed to disconnect from libssh2 agent\n");
+        }
+        libssh2_agent_free (sshc->ssh_agent);
+        sshc->ssh_agent = NULL;
+
+        /* NB: there is no need to free identities, they are part of internal
+           agent stuff */
+        sshc->sshagent_identity = NULL;
+        sshc->sshagent_prev_identity = NULL;
+      }
+#endif
+
+      if(sshc->ssh_session) {
+        rc = libssh2_session_free(sshc->ssh_session);
+        if(rc == LIBSSH2_ERROR_EAGAIN) {
+          break;
+        }
+        else if(rc < 0) {
+          infof(data, "Failed to free libssh2 session\n");
+        }
+        sshc->ssh_session = NULL;
+      }
+
+      /* worst-case scenario cleanup */
+
+      DEBUGASSERT(sshc->ssh_session == NULL);
+      DEBUGASSERT(sshc->ssh_channel == NULL);
+      DEBUGASSERT(sshc->sftp_session == NULL);
+      DEBUGASSERT(sshc->sftp_handle == NULL);
+#ifdef HAVE_LIBSSH2_KNOWNHOST_API
+      DEBUGASSERT(sshc->kh == NULL);
+#endif
+#ifdef HAVE_LIBSSH2_AGENT_API
+      DEBUGASSERT(sshc->ssh_agent == NULL);
+#endif
+
+      Curl_safefree(sshc->rsa_pub);
+      Curl_safefree(sshc->rsa);
+
+      Curl_safefree(sshc->quote_path1);
+      Curl_safefree(sshc->quote_path2);
+
+      Curl_safefree(sshc->homedir);
+
+      Curl_safefree(sshc->readdir_filename);
+      Curl_safefree(sshc->readdir_longentry);
+      Curl_safefree(sshc->readdir_line);
+      Curl_safefree(sshc->readdir_linkPath);
+
+      /* the code we are about to return */
+      result = sshc->actualcode;
+
+      memset(sshc, 0, sizeof(struct ssh_conn));
+
+      connclose(conn, "SSH session free");
+      sshc->state = SSH_SESSION_FREE; /* current */
+      sshc->nextstate = SSH_NO_STATE;
+      state(conn, SSH_STOP);
+      break;
+
+    case SSH_QUIT:
+      /* fallthrough, just stop! */
+    default:
+      /* internal error */
+      sshc->nextstate = SSH_NO_STATE;
+      state(conn, SSH_STOP);
+      break;
+    }
+
+  } while(!rc && (sshc->state != SSH_STOP));
+
+  if(rc == LIBSSH2_ERROR_EAGAIN) {
+    /* we would block, we need to wait for the socket to be ready (in the
+       right direction too)! */
+    *block = TRUE;
+  }
+
+  return result;
+}
+
+/* called by the multi interface to figure out what socket(s) to wait for and
+   for what actions in the DO_DONE, PERFORM and WAITPERFORM states */
+static int ssh_perform_getsock(const struct connectdata *conn,
+                               curl_socket_t *sock, /* points to numsocks
+                                                       number of sockets */
+                               int numsocks)
+{
+#ifdef HAVE_LIBSSH2_SESSION_BLOCK_DIRECTION
+  int bitmap = GETSOCK_BLANK;
+  (void)numsocks;
+
+  sock[0] = conn->sock[FIRSTSOCKET];
+
+  if(conn->waitfor & KEEP_RECV)
+    bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
+
+  if(conn->waitfor & KEEP_SEND)
+    bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
+
+  return bitmap;
+#else
+  /* if we don't know the direction we can use the generic *_getsock()
+     function even for the protocol_connect and doing states */
+  return Curl_single_getsock(conn, sock, numsocks);
+#endif
+}
+
+/* Generic function called by the multi interface to figure out what socket(s)
+   to wait for and for what actions during the DOING and PROTOCONNECT states*/
+static int ssh_getsock(struct connectdata *conn,
+                       curl_socket_t *sock, /* points to numsocks number
+                                               of sockets */
+                       int numsocks)
+{
+#ifndef HAVE_LIBSSH2_SESSION_BLOCK_DIRECTION
+  (void)conn;
+  (void)sock;
+  (void)numsocks;
+  /* if we don't know any direction we can just play along as we used to and
+     not provide any sensible info */
+  return GETSOCK_BLANK;
+#else
+  /* if we know the direction we can use the generic *_getsock() function even
+     for the protocol_connect and doing states */
+  return ssh_perform_getsock(conn, sock, numsocks);
+#endif
+}
+
+#ifdef HAVE_LIBSSH2_SESSION_BLOCK_DIRECTION
+/*
+ * When one of the libssh2 functions has returned LIBSSH2_ERROR_EAGAIN this
+ * function is used to figure out in what direction and stores this info so
+ * that the multi interface can take advantage of it. Make sure to call this
+ * function in all cases so that when it _doesn't_ return EAGAIN we can
+ * restore the default wait bits.
+ */
+static void ssh_block2waitfor(struct connectdata *conn, bool block)
+{
+  struct ssh_conn *sshc = &conn->proto.sshc;
+  int dir;
+  if(block && (dir = libssh2_session_block_directions(sshc->ssh_session))) {
+    /* translate the libssh2 define bits into our own bit defines */
+    conn->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
+      ((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND)?KEEP_SEND:0);
+  }
+  else
+    /* It didn't block or libssh2 didn't reveal in which direction, put back
+       the original set */
+    conn->waitfor = sshc->orig_waitfor;
+}
+#else
+  /* no libssh2 directional support so we simply don't know */
+#define ssh_block2waitfor(x,y) Curl_nop_stmt
+#endif
+
+/* called repeatedly until done from multi.c */
+static CURLcode ssh_multi_statemach(struct connectdata *conn, bool *done)
+{
+  struct ssh_conn *sshc = &conn->proto.sshc;
+  CURLcode result = CURLE_OK;
+  bool block; /* we store the status and use that to provide a ssh_getsock()
+                 implementation */
+
+  result = ssh_statemach_act(conn, &block);
+  *done = (sshc->state == SSH_STOP) ? TRUE : FALSE;
+  ssh_block2waitfor(conn, block);
+
+  return result;
+}
+
+static CURLcode ssh_block_statemach(struct connectdata *conn,
+                                   bool duringconnect)
+{
+  struct ssh_conn *sshc = &conn->proto.sshc;
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  while((sshc->state != SSH_STOP) && !result) {
+    bool block;
+    long left;
+
+    result = ssh_statemach_act(conn, &block);
+    if(result)
+      break;
+
+    if(Curl_pgrsUpdate(conn))
+      return CURLE_ABORTED_BY_CALLBACK;
+    else {
+      struct timeval now = Curl_tvnow();
+      result = Curl_speedcheck(data, now);
+      if(result)
+        break;
+    }
+
+    left = Curl_timeleft(data, NULL, duringconnect);
+    if(left < 0) {
+      failf(data, "Operation timed out");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+#ifdef HAVE_LIBSSH2_SESSION_BLOCK_DIRECTION
+    if((CURLE_OK == result) && block) {
+      int dir = libssh2_session_block_directions(sshc->ssh_session);
+      curl_socket_t sock = conn->sock[FIRSTSOCKET];
+      curl_socket_t fd_read = CURL_SOCKET_BAD;
+      curl_socket_t fd_write = CURL_SOCKET_BAD;
+      if(LIBSSH2_SESSION_BLOCK_INBOUND & dir)
+        fd_read = sock;
+      if(LIBSSH2_SESSION_BLOCK_OUTBOUND & dir)
+        fd_write = sock;
+      /* wait for the socket to become ready */
+      Curl_socket_ready(fd_read, fd_write,
+                        left>1000?1000:left); /* ignore result */
+    }
+#endif
+
+  }
+
+  return result;
+}
+
+/*
+ * SSH setup and connection
+ */
+static CURLcode ssh_setup_connection(struct connectdata *conn)
+{
+  struct SSHPROTO *ssh;
+
+  conn->data->req.protop = ssh = calloc(1, sizeof(struct SSHPROTO));
+  if(!ssh)
+    return CURLE_OUT_OF_MEMORY;
+
+  return CURLE_OK;
+}
+
+static Curl_recv scp_recv, sftp_recv;
+static Curl_send scp_send, sftp_send;
+
+/*
+ * Curl_ssh_connect() gets called from Curl_protocol_connect() to allow us to
+ * do protocol-specific actions at connect-time.
+ */
+static CURLcode ssh_connect(struct connectdata *conn, bool *done)
+{
+#ifdef CURL_LIBSSH2_DEBUG
+  curl_socket_t sock;
+#endif
+  struct ssh_conn *ssh;
+  CURLcode result;
+  struct SessionHandle *data = conn->data;
+
+  /* initialize per-handle data if not already */
+  if(!data->req.protop)
+    ssh_setup_connection(conn);
+
+  /* We default to persistent connections. We set this already in this connect
+     function to make the re-use checks properly be able to check this bit. */
+  connkeep(conn, "SSH default");
+
+  if(conn->handler->protocol & CURLPROTO_SCP) {
+    conn->recv[FIRSTSOCKET] = scp_recv;
+    conn->send[FIRSTSOCKET] = scp_send;
+  }
+  else {
+    conn->recv[FIRSTSOCKET] = sftp_recv;
+    conn->send[FIRSTSOCKET] = sftp_send;
+  }
+  ssh = &conn->proto.sshc;
+
+#ifdef CURL_LIBSSH2_DEBUG
+  if(conn->user) {
+    infof(data, "User: %s\n", conn->user);
+  }
+  if(conn->passwd) {
+    infof(data, "Password: %s\n", conn->passwd);
+  }
+  sock = conn->sock[FIRSTSOCKET];
+#endif /* CURL_LIBSSH2_DEBUG */
+
+  ssh->ssh_session = libssh2_session_init_ex(my_libssh2_malloc,
+                                             my_libssh2_free,
+                                             my_libssh2_realloc, conn);
+  if(ssh->ssh_session == NULL) {
+    failf(data, "Failure initialising ssh session");
+    return CURLE_FAILED_INIT;
+  }
+
+#ifdef HAVE_LIBSSH2_KNOWNHOST_API
+  if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
+    int rc;
+    ssh->kh = libssh2_knownhost_init(ssh->ssh_session);
+    if(!ssh->kh) {
+      /* eeek. TODO: free the ssh_session! */
+      return CURLE_FAILED_INIT;
+    }
+
+    /* read all known hosts from there */
+    rc = libssh2_knownhost_readfile(ssh->kh,
+                                    data->set.str[STRING_SSH_KNOWNHOSTS],
+                                    LIBSSH2_KNOWNHOST_FILE_OPENSSH);
+    if(rc < 0)
+      infof(data, "Failed to read known hosts from %s\n",
+            data->set.str[STRING_SSH_KNOWNHOSTS]);
+  }
+#endif /* HAVE_LIBSSH2_KNOWNHOST_API */
+
+#ifdef CURL_LIBSSH2_DEBUG
+  libssh2_trace(ssh->ssh_session, ~0);
+  infof(data, "SSH socket: %d\n", (int)sock);
+#endif /* CURL_LIBSSH2_DEBUG */
+
+  state(conn, SSH_INIT);
+
+  result = ssh_multi_statemach(conn, done);
+
+  return result;
+}
+
+/*
+ ***********************************************************************
+ *
+ * scp_perform()
+ *
+ * This is the actual DO function for SCP. Get a file according to
+ * the options previously setup.
+ */
+
+static
+CURLcode scp_perform(struct connectdata *conn,
+                      bool *connected,
+                      bool *dophase_done)
+{
+  CURLcode result = CURLE_OK;
+
+  DEBUGF(infof(conn->data, "DO phase starts\n"));
+
+  *dophase_done = FALSE; /* not done yet */
+
+  /* start the first command in the DO phase */
+  state(conn, SSH_SCP_TRANS_INIT);
+
+  /* run the state-machine */
+  result = ssh_multi_statemach(conn, dophase_done);
+
+  *connected = conn->bits.tcpconnect[FIRSTSOCKET];
+
+  if(*dophase_done) {
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+  }
+
+  return result;
+}
+
+/* called from multi.c while DOing */
+static CURLcode scp_doing(struct connectdata *conn,
+                               bool *dophase_done)
+{
+  CURLcode result;
+  result = ssh_multi_statemach(conn, dophase_done);
+
+  if(*dophase_done) {
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+  }
+  return result;
+}
+
+/*
+ * The DO function is generic for both protocols. There was previously two
+ * separate ones but this way means less duplicated code.
+ */
+
+static CURLcode ssh_do(struct connectdata *conn, bool *done)
+{
+  CURLcode res;
+  bool connected = 0;
+  struct SessionHandle *data = conn->data;
+  struct ssh_conn *sshc = &conn->proto.sshc;
+
+  *done = FALSE; /* default to false */
+
+  data->req.size = -1; /* make sure this is unknown at this point */
+
+  sshc->actualcode = CURLE_OK; /* reset error code */
+  sshc->secondCreateDirs =0;   /* reset the create dir attempt state
+                                  variable */
+
+  Curl_pgrsSetUploadCounter(data, 0);
+  Curl_pgrsSetDownloadCounter(data, 0);
+  Curl_pgrsSetUploadSize(data, -1);
+  Curl_pgrsSetDownloadSize(data, -1);
+
+  if(conn->handler->protocol & CURLPROTO_SCP)
+    res = scp_perform(conn, &connected,  done);
+  else
+    res = sftp_perform(conn, &connected,  done);
+
+  return res;
+}
+
+/* BLOCKING, but the function is using the state machine so the only reason
+   this is still blocking is that the multi interface code has no support for
+   disconnecting operations that takes a while */
+static CURLcode scp_disconnect(struct connectdata *conn, bool dead_connection)
+{
+  CURLcode result = CURLE_OK;
+  struct ssh_conn *ssh = &conn->proto.sshc;
+  (void) dead_connection;
+
+  Curl_safefree(conn->data->req.protop);
+
+  if(ssh->ssh_session) {
+    /* only if there's a session still around to use! */
+
+    state(conn, SSH_SESSION_DISCONNECT);
+
+    result = ssh_block_statemach(conn, FALSE);
+  }
+
+  return result;
+}
+
+/* generic done function for both SCP and SFTP called from their specific
+   done functions */
+static CURLcode ssh_done(struct connectdata *conn, CURLcode status)
+{
+  CURLcode result = CURLE_OK;
+  struct SSHPROTO *sftp_scp = conn->data->req.protop;
+
+  if(status == CURLE_OK) {
+    /* run the state-machine
+
+       TODO: when the multi interface is used, this _really_ should be using
+       the ssh_multi_statemach function but we have no general support for
+       non-blocking DONE operations, not in the multi state machine and with
+       Curl_done() invokes on several places in the code!
+    */
+    result = ssh_block_statemach(conn, FALSE);
+  }
+  else
+    result = status;
+
+  if(sftp_scp)
+    Curl_safefree(sftp_scp->path);
+  if(Curl_pgrsDone(conn))
+    return CURLE_ABORTED_BY_CALLBACK;
+
+  conn->data->req.keepon = 0; /* clear all bits */
+  return result;
+}
+
+
+static CURLcode scp_done(struct connectdata *conn, CURLcode status,
+                         bool premature)
+{
+  (void)premature; /* not used */
+
+  if(status == CURLE_OK)
+    state(conn, SSH_SCP_DONE);
+
+  return ssh_done(conn, status);
+
+}
+
+/* return number of received (decrypted) bytes */
+static ssize_t scp_send(struct connectdata *conn, int sockindex,
+                        const void *mem, size_t len, CURLcode *err)
+{
+  ssize_t nwrite;
+  (void)sockindex; /* we only support SCP on the fixed known primary socket */
+
+  /* libssh2_channel_write() returns int! */
+  nwrite = (ssize_t)
+    libssh2_channel_write(conn->proto.sshc.ssh_channel, mem, len);
+
+  ssh_block2waitfor(conn, (nwrite == LIBSSH2_ERROR_EAGAIN)?TRUE:FALSE);
+
+  if(nwrite == LIBSSH2_ERROR_EAGAIN) {
+    *err = CURLE_AGAIN;
+    nwrite = 0;
+  }
+  else if(nwrite < LIBSSH2_ERROR_NONE) {
+    *err = libssh2_session_error_to_CURLE((int)nwrite);
+    nwrite = -1;
+  }
+
+  return nwrite;
+}
+
+/*
+ * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
+ * a regular CURLcode value.
+ */
+static ssize_t scp_recv(struct connectdata *conn, int sockindex,
+                        char *mem, size_t len, CURLcode *err)
+{
+  ssize_t nread;
+  (void)sockindex; /* we only support SCP on the fixed known primary socket */
+
+  /* libssh2_channel_read() returns int */
+  nread = (ssize_t)
+    libssh2_channel_read(conn->proto.sshc.ssh_channel, mem, len);
+
+  ssh_block2waitfor(conn, (nread == LIBSSH2_ERROR_EAGAIN)?TRUE:FALSE);
+  if(nread == LIBSSH2_ERROR_EAGAIN) {
+    *err = CURLE_AGAIN;
+    nread = -1;
+  }
+
+  return nread;
+}
+
+/*
+ * =============== SFTP ===============
+ */
+
+/*
+ ***********************************************************************
+ *
+ * sftp_perform()
+ *
+ * This is the actual DO function for SFTP. Get a file/directory according to
+ * the options previously setup.
+ */
+
+static
+CURLcode sftp_perform(struct connectdata *conn,
+                      bool *connected,
+                      bool *dophase_done)
+{
+  CURLcode result = CURLE_OK;
+
+  DEBUGF(infof(conn->data, "DO phase starts\n"));
+
+  *dophase_done = FALSE; /* not done yet */
+
+  /* start the first command in the DO phase */
+  state(conn, SSH_SFTP_QUOTE_INIT);
+
+  /* run the state-machine */
+  result = ssh_multi_statemach(conn, dophase_done);
+
+  *connected = conn->bits.tcpconnect[FIRSTSOCKET];
+
+  if(*dophase_done) {
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+  }
+
+  return result;
+}
+
+/* called from multi.c while DOing */
+static CURLcode sftp_doing(struct connectdata *conn,
+                           bool *dophase_done)
+{
+  CURLcode result;
+  result = ssh_multi_statemach(conn, dophase_done);
+
+  if(*dophase_done) {
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+  }
+  return result;
+}
+
+/* BLOCKING, but the function is using the state machine so the only reason
+   this is still blocking is that the multi interface code has no support for
+   disconnecting operations that takes a while */
+static CURLcode sftp_disconnect(struct connectdata *conn, bool dead_connection)
+{
+  CURLcode result = CURLE_OK;
+  (void) dead_connection;
+
+  DEBUGF(infof(conn->data, "SSH DISCONNECT starts now\n"));
+
+  Curl_safefree(conn->data->req.protop);
+
+  if(conn->proto.sshc.ssh_session) {
+    /* only if there's a session still around to use! */
+    state(conn, SSH_SFTP_SHUTDOWN);
+    result = ssh_block_statemach(conn, FALSE);
+  }
+
+  DEBUGF(infof(conn->data, "SSH DISCONNECT is done\n"));
+
+  return result;
+
+}
+
+static CURLcode sftp_done(struct connectdata *conn, CURLcode status,
+                               bool premature)
+{
+  struct ssh_conn *sshc = &conn->proto.sshc;
+
+  if(status == CURLE_OK) {
+    /* Post quote commands are executed after the SFTP_CLOSE state to avoid
+       errors that could happen due to open file handles during POSTQUOTE
+       operation */
+    if(!status && !premature && conn->data->set.postquote) {
+      sshc->nextstate = SSH_SFTP_POSTQUOTE_INIT;
+      state(conn, SSH_SFTP_CLOSE);
+    }
+    else
+      state(conn, SSH_SFTP_CLOSE);
+  }
+  return ssh_done(conn, status);
+}
+
+/* return number of sent bytes */
+static ssize_t sftp_send(struct connectdata *conn, int sockindex,
+                         const void *mem, size_t len, CURLcode *err)
+{
+  ssize_t nwrite;   /* libssh2_sftp_write() used to return size_t in 0.14
+                       but is changed to ssize_t in 0.15. These days we don't
+                       support libssh2 0.15*/
+  (void)sockindex;
+
+  nwrite = libssh2_sftp_write(conn->proto.sshc.sftp_handle, mem, len);
+
+  ssh_block2waitfor(conn, (nwrite == LIBSSH2_ERROR_EAGAIN)?TRUE:FALSE);
+
+  if(nwrite == LIBSSH2_ERROR_EAGAIN) {
+    *err = CURLE_AGAIN;
+    nwrite = 0;
+  }
+  else if(nwrite < LIBSSH2_ERROR_NONE) {
+    *err = libssh2_session_error_to_CURLE((int)nwrite);
+    nwrite = -1;
+  }
+
+  return nwrite;
+}
+
+/*
+ * Return number of received (decrypted) bytes
+ * or <0 on error
+ */
+static ssize_t sftp_recv(struct connectdata *conn, int sockindex,
+                         char *mem, size_t len, CURLcode *err)
+{
+  ssize_t nread;
+  (void)sockindex;
+
+  nread = libssh2_sftp_read(conn->proto.sshc.sftp_handle, mem, len);
+
+  ssh_block2waitfor(conn, (nread == LIBSSH2_ERROR_EAGAIN)?TRUE:FALSE);
+
+  if(nread == LIBSSH2_ERROR_EAGAIN) {
+    *err = CURLE_AGAIN;
+    nread = -1;
+
+  }
+  else if(nread < 0) {
+    *err = libssh2_session_error_to_CURLE((int)nread);
+  }
+  return nread;
+}
+
+/* The get_pathname() function is being borrowed from OpenSSH sftp.c
+   version 4.6p1. */
+/*
+ * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+static CURLcode
+get_pathname(const char **cpp, char **path)
+{
+  const char *cp = *cpp, *end;
+  char quot;
+  unsigned int i, j;
+  static const char WHITESPACE[] = " \t\r\n";
+
+  cp += strspn(cp, WHITESPACE);
+  if(!*cp) {
+    *cpp = cp;
+    *path = NULL;
+    return CURLE_QUOTE_ERROR;
+  }
+
+  *path = malloc(strlen(cp) + 1);
+  if(*path == NULL)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Check for quoted filenames */
+  if(*cp == '\"' || *cp == '\'') {
+    quot = *cp++;
+
+    /* Search for terminating quote, unescape some chars */
+    for(i = j = 0; i <= strlen(cp); i++) {
+      if(cp[i] == quot) {  /* Found quote */
+        i++;
+        (*path)[j] = '\0';
+        break;
+      }
+      if(cp[i] == '\0') {  /* End of string */
+        /*error("Unterminated quote");*/
+        goto fail;
+      }
+      if(cp[i] == '\\') {  /* Escaped characters */
+        i++;
+        if(cp[i] != '\'' && cp[i] != '\"' &&
+            cp[i] != '\\') {
+          /*error("Bad escaped character '\\%c'",
+              cp[i]);*/
+          goto fail;
+        }
+      }
+      (*path)[j++] = cp[i];
+    }
+
+    if(j == 0) {
+      /*error("Empty quotes");*/
+      goto fail;
+    }
+    *cpp = cp + i + strspn(cp + i, WHITESPACE);
+  }
+  else {
+    /* Read to end of filename */
+    end = strpbrk(cp, WHITESPACE);
+    if(end == NULL)
+      end = strchr(cp, '\0');
+    *cpp = end + strspn(end, WHITESPACE);
+
+    memcpy(*path, cp, end - cp);
+    (*path)[end - cp] = '\0';
+  }
+  return CURLE_OK;
+
+  fail:
+    Curl_safefree(*path);
+    return CURLE_QUOTE_ERROR;
+}
+
+
+static const char *sftp_libssh2_strerror(int err)
+{
+  switch (err) {
+    case LIBSSH2_FX_NO_SUCH_FILE:
+      return "No such file or directory";
+
+    case LIBSSH2_FX_PERMISSION_DENIED:
+      return "Permission denied";
+
+    case LIBSSH2_FX_FAILURE:
+      return "Operation failed";
+
+    case LIBSSH2_FX_BAD_MESSAGE:
+      return "Bad message from SFTP server";
+
+    case LIBSSH2_FX_NO_CONNECTION:
+      return "Not connected to SFTP server";
+
+    case LIBSSH2_FX_CONNECTION_LOST:
+      return "Connection to SFTP server lost";
+
+    case LIBSSH2_FX_OP_UNSUPPORTED:
+      return "Operation not supported by SFTP server";
+
+    case LIBSSH2_FX_INVALID_HANDLE:
+      return "Invalid handle";
+
+    case LIBSSH2_FX_NO_SUCH_PATH:
+      return "No such file or directory";
+
+    case LIBSSH2_FX_FILE_ALREADY_EXISTS:
+      return "File already exists";
+
+    case LIBSSH2_FX_WRITE_PROTECT:
+      return "File is write protected";
+
+    case LIBSSH2_FX_NO_MEDIA:
+      return "No media";
+
+    case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
+      return "Disk full";
+
+    case LIBSSH2_FX_QUOTA_EXCEEDED:
+      return "User quota exceeded";
+
+    case LIBSSH2_FX_UNKNOWN_PRINCIPLE:
+      return "Unknown principle";
+
+    case LIBSSH2_FX_LOCK_CONFlICT:
+      return "File lock conflict";
+
+    case LIBSSH2_FX_DIR_NOT_EMPTY:
+      return "Directory not empty";
+
+    case LIBSSH2_FX_NOT_A_DIRECTORY:
+      return "Not a directory";
+
+    case LIBSSH2_FX_INVALID_FILENAME:
+      return "Invalid filename";
+
+    case LIBSSH2_FX_LINK_LOOP:
+      return "Link points to itself";
+  }
+  return "Unknown error in libssh2";
+}
+
+#endif /* USE_LIBSSH2 */
diff --git a/Utilities/cmcurl/lib/ssh.h b/Utilities/cmcurl/lib/ssh.h
new file mode 100644
index 0000000..ff2e16b
--- /dev/null
+++ b/Utilities/cmcurl/lib/ssh.h
@@ -0,0 +1,183 @@
+#ifndef HEADER_CURL_SSH_H
+#define HEADER_CURL_SSH_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_LIBSSH2_H
+#include <libssh2.h>
+#include <libssh2_sftp.h>
+#endif /* HAVE_LIBSSH2_H */
+
+/****************************************************************************
+ * SSH unique setup
+ ***************************************************************************/
+typedef enum {
+  SSH_NO_STATE = -1,  /* Used for "nextState" so say there is none */
+  SSH_STOP = 0,       /* do nothing state, stops the state machine */
+
+  SSH_INIT,           /* First state in SSH-CONNECT */
+  SSH_S_STARTUP,      /* Session startup */
+  SSH_HOSTKEY,        /* verify hostkey */
+  SSH_AUTHLIST,
+  SSH_AUTH_PKEY_INIT,
+  SSH_AUTH_PKEY,
+  SSH_AUTH_PASS_INIT,
+  SSH_AUTH_PASS,
+  SSH_AUTH_AGENT_INIT,/* initialize then wait for connection to agent */
+  SSH_AUTH_AGENT_LIST,/* ask for list then wait for entire list to come */
+  SSH_AUTH_AGENT,     /* attempt one key at a time */
+  SSH_AUTH_HOST_INIT,
+  SSH_AUTH_HOST,
+  SSH_AUTH_KEY_INIT,
+  SSH_AUTH_KEY,
+  SSH_AUTH_DONE,
+  SSH_SFTP_INIT,
+  SSH_SFTP_REALPATH,   /* Last state in SSH-CONNECT */
+
+  SSH_SFTP_QUOTE_INIT, /* First state in SFTP-DO */
+  SSH_SFTP_POSTQUOTE_INIT, /* (Possibly) First state in SFTP-DONE */
+  SSH_SFTP_QUOTE,
+  SSH_SFTP_NEXT_QUOTE,
+  SSH_SFTP_QUOTE_STAT,
+  SSH_SFTP_QUOTE_SETSTAT,
+  SSH_SFTP_QUOTE_SYMLINK,
+  SSH_SFTP_QUOTE_MKDIR,
+  SSH_SFTP_QUOTE_RENAME,
+  SSH_SFTP_QUOTE_RMDIR,
+  SSH_SFTP_QUOTE_UNLINK,
+  SSH_SFTP_TRANS_INIT,
+  SSH_SFTP_UPLOAD_INIT,
+  SSH_SFTP_CREATE_DIRS_INIT,
+  SSH_SFTP_CREATE_DIRS,
+  SSH_SFTP_CREATE_DIRS_MKDIR,
+  SSH_SFTP_READDIR_INIT,
+  SSH_SFTP_READDIR,
+  SSH_SFTP_READDIR_LINK,
+  SSH_SFTP_READDIR_BOTTOM,
+  SSH_SFTP_READDIR_DONE,
+  SSH_SFTP_DOWNLOAD_INIT,
+  SSH_SFTP_DOWNLOAD_STAT, /* Last state in SFTP-DO */
+  SSH_SFTP_CLOSE,    /* Last state in SFTP-DONE */
+  SSH_SFTP_SHUTDOWN, /* First state in SFTP-DISCONNECT */
+  SSH_SCP_TRANS_INIT, /* First state in SCP-DO */
+  SSH_SCP_UPLOAD_INIT,
+  SSH_SCP_DOWNLOAD_INIT,
+  SSH_SCP_DONE,
+  SSH_SCP_SEND_EOF,
+  SSH_SCP_WAIT_EOF,
+  SSH_SCP_WAIT_CLOSE,
+  SSH_SCP_CHANNEL_FREE,   /* Last state in SCP-DONE */
+  SSH_SESSION_DISCONNECT, /* First state in SCP-DISCONNECT */
+  SSH_SESSION_FREE,       /* Last state in SCP/SFTP-DISCONNECT */
+  SSH_QUIT,
+  SSH_LAST  /* never used */
+} sshstate;
+
+/* this struct is used in the HandleData struct which is part of the
+   SessionHandle, which means this is used on a per-easy handle basis.
+   Everything that is strictly related to a connection is banned from this
+   struct. */
+struct SSHPROTO {
+  char *path;                  /* the path we operate on */
+};
+
+/* ssh_conn is used for struct connection-oriented data in the connectdata
+   struct */
+struct ssh_conn {
+  const char *authlist;       /* List of auth. methods, managed by libssh2 */
+#ifdef USE_LIBSSH2
+  const char *passphrase;     /* pass-phrase to use */
+  char *rsa_pub;              /* path name */
+  char *rsa;                  /* path name */
+  bool authed;                /* the connection has been authenticated fine */
+  sshstate state;             /* always use ssh.c:state() to change state! */
+  sshstate nextstate;         /* the state to goto after stopping */
+  CURLcode actualcode;        /* the actual error code */
+  struct curl_slist *quote_item; /* for the quote option */
+  char *quote_path1;          /* two generic pointers for the QUOTE stuff */
+  char *quote_path2;
+  LIBSSH2_SFTP_ATTRIBUTES quote_attrs; /* used by the SFTP_QUOTE state */
+  bool acceptfail;            /* used by the SFTP_QUOTE (continue if
+                                 quote command fails) */
+  char *homedir;              /* when doing SFTP we figure out home dir in the
+                                 connect phase */
+
+  /* Here's a set of struct members used by the SFTP_READDIR state */
+  LIBSSH2_SFTP_ATTRIBUTES readdir_attrs;
+  char *readdir_filename;
+  char *readdir_longentry;
+  int readdir_len, readdir_totalLen, readdir_currLen;
+  char *readdir_line;
+  char *readdir_linkPath;
+  /* end of READDIR stuff */
+
+  int secondCreateDirs;         /* counter use by the code to see if the
+                                   second attempt has been made to change
+                                   to/create a directory */
+  char *slash_pos;              /* used by the SFTP_CREATE_DIRS state */
+  LIBSSH2_SESSION *ssh_session; /* Secure Shell session */
+  LIBSSH2_CHANNEL *ssh_channel; /* Secure Shell channel handle */
+  LIBSSH2_SFTP *sftp_session;   /* SFTP handle */
+  LIBSSH2_SFTP_HANDLE *sftp_handle;
+  int orig_waitfor;             /* default READ/WRITE bits wait for */
+
+#ifdef HAVE_LIBSSH2_AGENT_API
+  LIBSSH2_AGENT *ssh_agent;     /* proxy to ssh-agent/pageant */
+  struct libssh2_agent_publickey *sshagent_identity,
+                                 *sshagent_prev_identity;
+#endif
+
+  /* note that HAVE_LIBSSH2_KNOWNHOST_API is a define set in the libssh2.h
+     header */
+#ifdef HAVE_LIBSSH2_KNOWNHOST_API
+  LIBSSH2_KNOWNHOSTS *kh;
+#endif
+#endif /* USE_LIBSSH2 */
+};
+
+#ifdef USE_LIBSSH2
+
+#if !defined(LIBSSH2_VERSION_NUM) || (LIBSSH2_VERSION_NUM < 0x001000)
+#  error "SCP/SFTP protocols require libssh2 0.16 or later"
+#endif
+
+#if defined(LIBSSH2_VERSION_NUM) && (LIBSSH2_VERSION_NUM >= 0x010000)
+#  define HAVE_LIBSSH2_SFTP_SEEK64 1
+#else
+#  undef HAVE_LIBSSH2_SFTP_SEEK64
+#endif
+
+#if defined(LIBSSH2_VERSION_NUM) && (LIBSSH2_VERSION_NUM >= 0x010206)
+#  define HAVE_LIBSSH2_SCP_SEND64 1
+#else
+#  undef HAVE_LIBSSH2_SCP_SEND64
+#endif
+
+
+extern const struct Curl_handler Curl_handler_scp;
+extern const struct Curl_handler Curl_handler_sftp;
+
+#endif /* USE_LIBSSH2 */
+
+#endif /* HEADER_CURL_SSH_H */
diff --git a/Utilities/cmcurl/strdup.c b/Utilities/cmcurl/lib/strdup.c
index e16e08a..3b776b1 100644
--- a/Utilities/cmcurl/strdup.c
+++ b/Utilities/cmcurl/lib/strdup.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,27 +18,33 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
+/*
+ * This file is 'mem-include-scan' clean. See test 1132.
+ */
+#include "curl_setup.h"
 
-#include "setup.h"
 #include "strdup.h"
 
 #ifndef HAVE_STRDUP
 char *curlx_strdup(const char *str)
 {
-  int len;
+  size_t len;
   char *newstr;
 
-  if (!str)
+  if(!str)
     return (char *)NULL;
 
   len = strlen(str);
-  newstr = (char *) malloc((len+1)*sizeof(char));
-  if (!newstr)
+
+  if(len >= ((size_t)-1) / sizeof(char))
+    return (char *)NULL;
+
+  newstr = malloc((len+1)*sizeof(char));
+  if(!newstr)
     return (char *)NULL;
 
-  strcpy(newstr,str);
+  memcpy(newstr,str,(len+1)*sizeof(char));
 
   return newstr;
 
diff --git a/Utilities/cmcurl/escape.h b/Utilities/cmcurl/lib/strdup.h
index a0a0209..49af911 100644
--- a/Utilities/cmcurl/escape.h
+++ b/Utilities/cmcurl/lib/strdup.h
@@ -1,6 +1,5 @@
-#ifndef __ESCAPE_H
-#define __ESCAPE_H
-
+#ifndef HEADER_CURL_STRDUP_H
+#define HEADER_CURL_STRDUP_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -8,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,10 +20,11 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-/* Escape and unescape URL encoding in strings. The functions return a new
- * allocated string or NULL if an error occurred.  */
-
+#include "curl_setup.h"
 
+#ifndef HAVE_STRDUP
+extern char *curlx_strdup(const char *str);
 #endif
+
+#endif /* HEADER_CURL_STRDUP_H */
diff --git a/Utilities/cmcurl/strequal.c b/Utilities/cmcurl/lib/strequal.c
index 83796f6..5f2f508 100644
--- a/Utilities/cmcurl/strequal.c
+++ b/Utilities/cmcurl/lib/strequal.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,25 +18,19 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
-#include <string.h>
-#include <ctype.h>
 #ifdef HAVE_STRINGS_H
 #include <strings.h>
 #endif
 
 #include "strequal.h"
 
-#if defined(HAVE_STRCASECMP) && defined(__STRICT_ANSI__)
-/* this is for "-ansi -Wall -pedantic" to stop complaining! */
-extern int (strcasecmp)(const char *s1, const char *s2);
-extern int (strncasecmp)(const char *s1, const char *s2, size_t n);
-#endif
-
+/*
+ * @unittest: 1301
+ */
 int curl_strequal(const char *first, const char *second)
 {
 #if defined(HAVE_STRCASECMP)
@@ -46,8 +40,8 @@ int curl_strequal(const char *first, const char *second)
 #elif defined(HAVE_STRICMP)
   return !(stricmp)(first, second);
 #else
-  while (*first && *second) {
-    if (toupper(*first) != toupper(*second)) {
+  while(*first && *second) {
+    if(toupper(*first) != toupper(*second)) {
       break;
     }
     first++;
@@ -57,17 +51,20 @@ int curl_strequal(const char *first, const char *second)
 #endif
 }
 
+/*
+ * @unittest: 1301
+ */
 int curl_strnequal(const char *first, const char *second, size_t max)
 {
-#if defined(HAVE_STRCASECMP)
+#if defined(HAVE_STRNCASECMP)
   return !strncasecmp(first, second, max);
-#elif defined(HAVE_STRCMPI)
+#elif defined(HAVE_STRNCMPI)
   return !strncmpi(first, second, max);
-#elif defined(HAVE_STRICMP)
+#elif defined(HAVE_STRNICMP)
   return !strnicmp(first, second, max);
 #else
-  while (*first && *second && max) {
-    if (toupper(*first) != toupper(*second)) {
+  while(*first && *second && max) {
+    if(toupper(*first) != toupper(*second)) {
       break;
     }
     max--;
@@ -80,22 +77,3 @@ int curl_strnequal(const char *first, const char *second, size_t max)
   return toupper(*first) == toupper(*second);
 #endif
 }
-
-/*
- * Curl_strcasestr() finds the first occurrence of the substring needle in the
- * string haystack.  The terminating `\0' characters are not compared. The
- * matching is done CASE INSENSITIVE, which thus is the difference between
- * this and strstr().
- */
-char *Curl_strcasestr(const char *haystack, const char *needle)
-{
-  size_t nlen = strlen(needle);
-  size_t hlen = strlen(haystack);
-
-  while(hlen-- >= nlen) {
-    if(curl_strnequal(haystack, needle, nlen))
-      return (char *)haystack;
-    haystack++;
-  }
-  return NULL;
-}
diff --git a/Utilities/cmcurl/lib/strequal.h b/Utilities/cmcurl/lib/strequal.h
new file mode 100644
index 0000000..117a305
--- /dev/null
+++ b/Utilities/cmcurl/lib/strequal.h
@@ -0,0 +1,31 @@
+#ifndef HEADER_CURL_STREQUAL_H
+#define HEADER_CURL_STREQUAL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include <curl/curl.h>
+
+#define strequal(a,b) curl_strequal(a,b)
+#define strnequal(a,b,c) curl_strnequal(a,b,c)
+
+#endif /* HEADER_CURL_STREQUAL_H */
+
diff --git a/Utilities/cmcurl/lib/strerror.c b/Utilities/cmcurl/lib/strerror.c
new file mode 100644
index 0000000..66033f2
--- /dev/null
+++ b/Utilities/cmcurl/lib/strerror.c
@@ -0,0 +1,1127 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2004 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_STRERROR_R
+#  if (!defined(HAVE_POSIX_STRERROR_R) && \
+       !defined(HAVE_GLIBC_STRERROR_R) && \
+       !defined(HAVE_VXWORKS_STRERROR_R)) || \
+      (defined(HAVE_POSIX_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R)) || \
+      (defined(HAVE_GLIBC_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R)) || \
+      (defined(HAVE_POSIX_STRERROR_R) && defined(HAVE_GLIBC_STRERROR_R))
+#    error "strerror_r MUST be either POSIX, glibc or vxworks-style"
+#  endif
+#endif
+
+#include <curl/curl.h>
+
+#ifdef USE_LIBIDN
+#include <idna.h>
+#endif
+
+#include "strerror.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+const char *
+curl_easy_strerror(CURLcode error)
+{
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  switch (error) {
+  case CURLE_OK:
+    return "No error";
+
+  case CURLE_UNSUPPORTED_PROTOCOL:
+    return "Unsupported protocol";
+
+  case CURLE_FAILED_INIT:
+    return "Failed initialization";
+
+  case CURLE_URL_MALFORMAT:
+    return "URL using bad/illegal format or missing URL";
+
+  case CURLE_NOT_BUILT_IN:
+    return "A requested feature, protocol or option was not found built-in in"
+      " this libcurl due to a build-time decision.";
+
+  case CURLE_COULDNT_RESOLVE_PROXY:
+    return "Couldn't resolve proxy name";
+
+  case CURLE_COULDNT_RESOLVE_HOST:
+    return "Couldn't resolve host name";
+
+  case CURLE_COULDNT_CONNECT:
+    return "Couldn't connect to server";
+
+  case CURLE_FTP_WEIRD_SERVER_REPLY:
+    return "FTP: weird server reply";
+
+  case CURLE_REMOTE_ACCESS_DENIED:
+    return "Access denied to remote resource";
+
+  case CURLE_FTP_ACCEPT_FAILED:
+    return "FTP: The server failed to connect to data port";
+
+  case CURLE_FTP_ACCEPT_TIMEOUT:
+    return "FTP: Accepting server connect has timed out";
+
+  case CURLE_FTP_PRET_FAILED:
+    return "FTP: The server did not accept the PRET command.";
+
+  case CURLE_FTP_WEIRD_PASS_REPLY:
+    return "FTP: unknown PASS reply";
+
+  case CURLE_FTP_WEIRD_PASV_REPLY:
+    return "FTP: unknown PASV reply";
+
+  case CURLE_FTP_WEIRD_227_FORMAT:
+    return "FTP: unknown 227 response format";
+
+  case CURLE_FTP_CANT_GET_HOST:
+    return "FTP: can't figure out the host in the PASV response";
+
+  case CURLE_HTTP2:
+    return "Error in the HTTP2 framing layer";
+
+  case CURLE_FTP_COULDNT_SET_TYPE:
+    return "FTP: couldn't set file type";
+
+  case CURLE_PARTIAL_FILE:
+    return "Transferred a partial file";
+
+  case CURLE_FTP_COULDNT_RETR_FILE:
+    return "FTP: couldn't retrieve (RETR failed) the specified file";
+
+  case CURLE_QUOTE_ERROR:
+    return "Quote command returned error";
+
+  case CURLE_HTTP_RETURNED_ERROR:
+    return "HTTP response code said error";
+
+  case CURLE_WRITE_ERROR:
+    return "Failed writing received data to disk/application";
+
+  case CURLE_UPLOAD_FAILED:
+    return "Upload failed (at start/before it took off)";
+
+  case CURLE_READ_ERROR:
+    return "Failed to open/read local data from file/application";
+
+  case CURLE_OUT_OF_MEMORY:
+    return "Out of memory";
+
+  case CURLE_OPERATION_TIMEDOUT:
+    return "Timeout was reached";
+
+  case CURLE_FTP_PORT_FAILED:
+    return "FTP: command PORT failed";
+
+  case CURLE_FTP_COULDNT_USE_REST:
+    return "FTP: command REST failed";
+
+  case CURLE_RANGE_ERROR:
+    return "Requested range was not delivered by the server";
+
+  case CURLE_HTTP_POST_ERROR:
+    return "Internal problem setting up the POST";
+
+  case CURLE_SSL_CONNECT_ERROR:
+    return "SSL connect error";
+
+  case CURLE_BAD_DOWNLOAD_RESUME:
+    return "Couldn't resume download";
+
+  case CURLE_FILE_COULDNT_READ_FILE:
+    return "Couldn't read a file:// file";
+
+  case CURLE_LDAP_CANNOT_BIND:
+    return "LDAP: cannot bind";
+
+  case CURLE_LDAP_SEARCH_FAILED:
+    return "LDAP: search failed";
+
+  case CURLE_FUNCTION_NOT_FOUND:
+    return "A required function in the library was not found";
+
+  case CURLE_ABORTED_BY_CALLBACK:
+    return "Operation was aborted by an application callback";
+
+  case CURLE_BAD_FUNCTION_ARGUMENT:
+    return "A libcurl function was given a bad argument";
+
+  case CURLE_INTERFACE_FAILED:
+    return "Failed binding local connection end";
+
+  case CURLE_TOO_MANY_REDIRECTS :
+    return "Number of redirects hit maximum amount";
+
+  case CURLE_UNKNOWN_OPTION:
+    return "An unknown option was passed in to libcurl";
+
+  case CURLE_TELNET_OPTION_SYNTAX :
+    return "Malformed telnet option";
+
+  case CURLE_PEER_FAILED_VERIFICATION:
+    return "SSL peer certificate or SSH remote key was not OK";
+
+  case CURLE_GOT_NOTHING:
+    return "Server returned nothing (no headers, no data)";
+
+  case CURLE_SSL_ENGINE_NOTFOUND:
+    return "SSL crypto engine not found";
+
+  case CURLE_SSL_ENGINE_SETFAILED:
+    return "Can not set SSL crypto engine as default";
+
+  case CURLE_SSL_ENGINE_INITFAILED:
+    return "Failed to initialise SSL crypto engine";
+
+  case CURLE_SEND_ERROR:
+    return "Failed sending data to the peer";
+
+  case CURLE_RECV_ERROR:
+    return "Failure when receiving data from the peer";
+
+  case CURLE_SSL_CERTPROBLEM:
+    return "Problem with the local SSL certificate";
+
+  case CURLE_SSL_CIPHER:
+    return "Couldn't use specified SSL cipher";
+
+  case CURLE_SSL_CACERT:
+    return "Peer certificate cannot be authenticated with given CA "
+      "certificates";
+
+  case CURLE_SSL_CACERT_BADFILE:
+    return "Problem with the SSL CA cert (path? access rights?)";
+
+  case CURLE_BAD_CONTENT_ENCODING:
+    return "Unrecognized or bad HTTP Content or Transfer-Encoding";
+
+  case CURLE_LDAP_INVALID_URL:
+    return "Invalid LDAP URL";
+
+  case CURLE_FILESIZE_EXCEEDED:
+    return "Maximum file size exceeded";
+
+  case CURLE_USE_SSL_FAILED:
+    return "Requested SSL level failed";
+
+  case CURLE_SSL_SHUTDOWN_FAILED:
+    return "Failed to shut down the SSL connection";
+
+  case CURLE_SSL_CRL_BADFILE:
+    return "Failed to load CRL file (path? access rights?, format?)";
+
+  case CURLE_SSL_ISSUER_ERROR:
+    return "Issuer check against peer certificate failed";
+
+  case CURLE_SEND_FAIL_REWIND:
+    return "Send failed since rewinding of the data stream failed";
+
+  case CURLE_LOGIN_DENIED:
+    return "Login denied";
+
+  case CURLE_TFTP_NOTFOUND:
+    return "TFTP: File Not Found";
+
+  case CURLE_TFTP_PERM:
+    return "TFTP: Access Violation";
+
+  case CURLE_REMOTE_DISK_FULL:
+    return "Disk full or allocation exceeded";
+
+  case CURLE_TFTP_ILLEGAL:
+    return "TFTP: Illegal operation";
+
+  case CURLE_TFTP_UNKNOWNID:
+    return "TFTP: Unknown transfer ID";
+
+  case CURLE_REMOTE_FILE_EXISTS:
+    return "Remote file already exists";
+
+  case CURLE_TFTP_NOSUCHUSER:
+    return "TFTP: No such user";
+
+  case CURLE_CONV_FAILED:
+    return "Conversion failed";
+
+  case CURLE_CONV_REQD:
+    return "Caller must register CURLOPT_CONV_ callback options";
+
+  case CURLE_REMOTE_FILE_NOT_FOUND:
+    return "Remote file not found";
+
+  case CURLE_SSH:
+    return "Error in the SSH layer";
+
+  case CURLE_AGAIN:
+    return "Socket not ready for send/recv";
+
+  case CURLE_RTSP_CSEQ_ERROR:
+    return "RTSP CSeq mismatch or invalid CSeq";
+
+  case CURLE_RTSP_SESSION_ERROR:
+    return "RTSP session error";
+
+  case CURLE_FTP_BAD_FILE_LIST:
+    return "Unable to parse FTP file list";
+
+  case CURLE_CHUNK_FAILED:
+    return "Chunk callback failed";
+
+  case CURLE_NO_CONNECTION_AVAILABLE:
+    return "The max connection limit is reached";
+
+    /* error codes not used by current libcurl */
+  case CURLE_OBSOLETE20:
+  case CURLE_OBSOLETE24:
+  case CURLE_OBSOLETE29:
+  case CURLE_OBSOLETE32:
+  case CURLE_OBSOLETE40:
+  case CURLE_OBSOLETE44:
+  case CURLE_OBSOLETE46:
+  case CURLE_OBSOLETE50:
+  case CURLE_OBSOLETE57:
+  case CURL_LAST:
+    break;
+  }
+  /*
+   * By using a switch, gcc -Wall will complain about enum values
+   * which do not appear, helping keep this function up-to-date.
+   * By using gcc -Wall -Werror, you can't forget.
+   *
+   * A table would not have the same benefit.  Most compilers will
+   * generate code very similar to a table in any case, so there
+   * is little performance gain from a table.  And something is broken
+   * for the user's application, anyways, so does it matter how fast
+   * it _doesn't_ work?
+   *
+   * The line number for the error will be near this comment, which
+   * is why it is here, and not at the start of the switch.
+   */
+  return "Unknown error";
+#else
+  if(error == CURLE_OK)
+    return "No error";
+  else
+    return "Error";
+#endif
+}
+
+const char *
+curl_multi_strerror(CURLMcode error)
+{
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  switch (error) {
+  case CURLM_CALL_MULTI_PERFORM:
+    return "Please call curl_multi_perform() soon";
+
+  case CURLM_OK:
+    return "No error";
+
+  case CURLM_BAD_HANDLE:
+    return "Invalid multi handle";
+
+  case CURLM_BAD_EASY_HANDLE:
+    return "Invalid easy handle";
+
+  case CURLM_OUT_OF_MEMORY:
+    return "Out of memory";
+
+  case CURLM_INTERNAL_ERROR:
+    return "Internal error";
+
+  case CURLM_BAD_SOCKET:
+    return "Invalid socket argument";
+
+  case CURLM_UNKNOWN_OPTION:
+    return "Unknown option";
+
+  case CURLM_ADDED_ALREADY:
+    return "The easy handle is already added to a multi handle";
+
+  case CURLM_LAST:
+    break;
+  }
+
+  return "Unknown error";
+#else
+  if(error == CURLM_OK)
+    return "No error";
+  else
+    return "Error";
+#endif
+}
+
+const char *
+curl_share_strerror(CURLSHcode error)
+{
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  switch (error) {
+  case CURLSHE_OK:
+    return "No error";
+
+  case CURLSHE_BAD_OPTION:
+    return "Unknown share option";
+
+  case CURLSHE_IN_USE:
+    return "Share currently in use";
+
+  case CURLSHE_INVALID:
+    return "Invalid share handle";
+
+  case CURLSHE_NOMEM:
+    return "Out of memory";
+
+  case CURLSHE_NOT_BUILT_IN:
+    return "Feature not enabled in this library";
+
+  case CURLSHE_LAST:
+    break;
+  }
+
+  return "CURLSHcode unknown";
+#else
+  if(error == CURLSHE_OK)
+    return "No error";
+  else
+    return "Error";
+#endif
+}
+
+#ifdef USE_WINSOCK
+
+/* This function handles most / all (?) Winsock errors cURL is able to produce.
+ */
+static const char *
+get_winsock_error (int err, char *buf, size_t len)
+{
+  const char *p;
+
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  switch (err) {
+  case WSAEINTR:
+    p = "Call interrupted";
+    break;
+  case WSAEBADF:
+    p = "Bad file";
+    break;
+  case WSAEACCES:
+    p = "Bad access";
+    break;
+  case WSAEFAULT:
+    p = "Bad argument";
+    break;
+  case WSAEINVAL:
+    p = "Invalid arguments";
+    break;
+  case WSAEMFILE:
+    p = "Out of file descriptors";
+    break;
+  case WSAEWOULDBLOCK:
+    p = "Call would block";
+    break;
+  case WSAEINPROGRESS:
+  case WSAEALREADY:
+    p = "Blocking call in progress";
+    break;
+  case WSAENOTSOCK:
+    p = "Descriptor is not a socket";
+    break;
+  case WSAEDESTADDRREQ:
+    p = "Need destination address";
+    break;
+  case WSAEMSGSIZE:
+    p = "Bad message size";
+    break;
+  case WSAEPROTOTYPE:
+    p = "Bad protocol";
+    break;
+  case WSAENOPROTOOPT:
+    p = "Protocol option is unsupported";
+    break;
+  case WSAEPROTONOSUPPORT:
+    p = "Protocol is unsupported";
+    break;
+  case WSAESOCKTNOSUPPORT:
+    p = "Socket is unsupported";
+    break;
+  case WSAEOPNOTSUPP:
+    p = "Operation not supported";
+    break;
+  case WSAEAFNOSUPPORT:
+    p = "Address family not supported";
+    break;
+  case WSAEPFNOSUPPORT:
+    p = "Protocol family not supported";
+    break;
+  case WSAEADDRINUSE:
+    p = "Address already in use";
+    break;
+  case WSAEADDRNOTAVAIL:
+    p = "Address not available";
+    break;
+  case WSAENETDOWN:
+    p = "Network down";
+    break;
+  case WSAENETUNREACH:
+    p = "Network unreachable";
+    break;
+  case WSAENETRESET:
+    p = "Network has been reset";
+    break;
+  case WSAECONNABORTED:
+    p = "Connection was aborted";
+    break;
+  case WSAECONNRESET:
+    p = "Connection was reset";
+    break;
+  case WSAENOBUFS:
+    p = "No buffer space";
+    break;
+  case WSAEISCONN:
+    p = "Socket is already connected";
+    break;
+  case WSAENOTCONN:
+    p = "Socket is not connected";
+    break;
+  case WSAESHUTDOWN:
+    p = "Socket has been shut down";
+    break;
+  case WSAETOOMANYREFS:
+    p = "Too many references";
+    break;
+  case WSAETIMEDOUT:
+    p = "Timed out";
+    break;
+  case WSAECONNREFUSED:
+    p = "Connection refused";
+    break;
+  case WSAELOOP:
+    p = "Loop??";
+    break;
+  case WSAENAMETOOLONG:
+    p = "Name too long";
+    break;
+  case WSAEHOSTDOWN:
+    p = "Host down";
+    break;
+  case WSAEHOSTUNREACH:
+    p = "Host unreachable";
+    break;
+  case WSAENOTEMPTY:
+    p = "Not empty";
+    break;
+  case WSAEPROCLIM:
+    p = "Process limit reached";
+    break;
+  case WSAEUSERS:
+    p = "Too many users";
+    break;
+  case WSAEDQUOT:
+    p = "Bad quota";
+    break;
+  case WSAESTALE:
+    p = "Something is stale";
+    break;
+  case WSAEREMOTE:
+    p = "Remote error";
+    break;
+#ifdef WSAEDISCON  /* missing in SalfordC! */
+  case WSAEDISCON:
+    p = "Disconnected";
+    break;
+#endif
+    /* Extended Winsock errors */
+  case WSASYSNOTREADY:
+    p = "Winsock library is not ready";
+    break;
+  case WSANOTINITIALISED:
+    p = "Winsock library not initialised";
+    break;
+  case WSAVERNOTSUPPORTED:
+    p = "Winsock version not supported";
+    break;
+
+    /* getXbyY() errors (already handled in herrmsg):
+     * Authoritative Answer: Host not found */
+  case WSAHOST_NOT_FOUND:
+    p = "Host not found";
+    break;
+
+    /* Non-Authoritative: Host not found, or SERVERFAIL */
+  case WSATRY_AGAIN:
+    p = "Host not found, try again";
+    break;
+
+    /* Non recoverable errors, FORMERR, REFUSED, NOTIMP */
+  case WSANO_RECOVERY:
+    p = "Unrecoverable error in call to nameserver";
+    break;
+
+    /* Valid name, no data record of requested type */
+  case WSANO_DATA:
+    p = "No data record of requested type";
+    break;
+
+  default:
+    return NULL;
+  }
+#else
+  if(err == CURLE_OK)
+    return NULL;
+  else
+    p = "error";
+#endif
+  strncpy (buf, p, len);
+  buf [len-1] = '\0';
+  return buf;
+}
+#endif   /* USE_WINSOCK */
+
+/*
+ * Our thread-safe and smart strerror() replacement.
+ *
+ * The 'err' argument passed in to this function MUST be a true errno number
+ * as reported on this system. We do no range checking on the number before
+ * we pass it to the "number-to-message" conversion function and there might
+ * be systems that don't do proper range checking in there themselves.
+ *
+ * We don't do range checking (on systems other than Windows) since there is
+ * no good reliable and portable way to do it.
+ */
+const char *Curl_strerror(struct connectdata *conn, int err)
+{
+  char *buf, *p;
+  size_t max;
+  int old_errno = ERRNO;
+
+  DEBUGASSERT(conn);
+  DEBUGASSERT(err >= 0);
+
+  buf = conn->syserr_buf;
+  max = sizeof(conn->syserr_buf)-1;
+  *buf = '\0';
+
+#ifdef USE_WINSOCK
+
+#ifdef _WIN32_WCE
+  {
+    wchar_t wbuf[256];
+    wbuf[0] = L'\0';
+
+    FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, err,
+                  LANG_NEUTRAL, wbuf, sizeof(wbuf)/sizeof(wchar_t), NULL);
+    wcstombs(buf,wbuf,max);
+  }
+#else
+  /* 'sys_nerr' is the maximum errno number, it is not widely portable */
+  if(err >= 0 && err < sys_nerr)
+    strncpy(buf, strerror(err), max);
+  else {
+    if(!get_winsock_error(err, buf, max) &&
+       !FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM, NULL, err,
+                       LANG_NEUTRAL, buf, (DWORD)max, NULL))
+      snprintf(buf, max, "Unknown error %d (%#x)", err, err);
+  }
+#endif
+
+#else /* not USE_WINSOCK coming up */
+
+#if defined(HAVE_STRERROR_R) && defined(HAVE_POSIX_STRERROR_R)
+ /*
+  * The POSIX-style strerror_r() may set errno to ERANGE if insufficient
+  * storage is supplied via 'strerrbuf' and 'buflen' to hold the generated
+  * message string, or EINVAL if 'errnum' is not a valid error number.
+  */
+  if(0 != strerror_r(err, buf, max)) {
+    if('\0' == buf[0])
+      snprintf(buf, max, "Unknown error %d", err);
+  }
+#elif defined(HAVE_STRERROR_R) && defined(HAVE_GLIBC_STRERROR_R)
+ /*
+  * The glibc-style strerror_r() only *might* use the buffer we pass to
+  * the function, but it always returns the error message as a pointer,
+  * so we must copy that string unconditionally (if non-NULL).
+  */
+  {
+    char buffer[256];
+    char *msg = strerror_r(err, buffer, sizeof(buffer));
+    if(msg)
+      strncpy(buf, msg, max);
+    else
+      snprintf(buf, max, "Unknown error %d", err);
+  }
+#elif defined(HAVE_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R)
+ /*
+  * The vxworks-style strerror_r() does use the buffer we pass to the function.
+  * The buffer size should be at least NAME_MAX (256)
+  */
+  {
+    char buffer[256];
+    if(OK == strerror_r(err, buffer))
+      strncpy(buf, buffer, max);
+    else
+      snprintf(buf, max, "Unknown error %d", err);
+  }
+#else
+  {
+    char *msg = strerror(err);
+    if(msg)
+      strncpy(buf, msg, max);
+    else
+      snprintf(buf, max, "Unknown error %d", err);
+  }
+#endif
+
+#endif /* end of ! USE_WINSOCK */
+
+  buf[max] = '\0'; /* make sure the string is zero terminated */
+
+  /* strip trailing '\r\n' or '\n'. */
+  if((p = strrchr(buf,'\n')) != NULL && (p - buf) >= 2)
+     *p = '\0';
+  if((p = strrchr(buf,'\r')) != NULL && (p - buf) >= 1)
+     *p = '\0';
+
+  if(old_errno != ERRNO)
+    SET_ERRNO(old_errno);
+
+  return buf;
+}
+
+#ifdef USE_LIBIDN
+/*
+ * Return error-string for libidn status as returned from idna_to_ascii_lz().
+ */
+const char *Curl_idn_strerror (struct connectdata *conn, int err)
+{
+#ifdef HAVE_IDNA_STRERROR
+  (void)conn;
+  return idna_strerror((Idna_rc) err);
+#else
+  const char *str;
+  char *buf;
+  size_t max;
+
+  DEBUGASSERT(conn);
+
+  buf = conn->syserr_buf;
+  max = sizeof(conn->syserr_buf)-1;
+  *buf = '\0';
+
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  switch ((Idna_rc)err) {
+    case IDNA_SUCCESS:
+      str = "No error";
+      break;
+    case IDNA_STRINGPREP_ERROR:
+      str = "Error in string preparation";
+      break;
+    case IDNA_PUNYCODE_ERROR:
+      str = "Error in Punycode operation";
+      break;
+    case IDNA_CONTAINS_NON_LDH:
+      str = "Illegal ASCII characters";
+      break;
+    case IDNA_CONTAINS_MINUS:
+      str = "Contains minus";
+      break;
+    case IDNA_INVALID_LENGTH:
+      str = "Invalid output length";
+      break;
+    case IDNA_NO_ACE_PREFIX:
+      str = "No ACE prefix (\"xn--\")";
+      break;
+    case IDNA_ROUNDTRIP_VERIFY_ERROR:
+      str = "Round trip verify error";
+      break;
+    case IDNA_CONTAINS_ACE_PREFIX:
+      str = "Already have ACE prefix (\"xn--\")";
+      break;
+    case IDNA_ICONV_ERROR:
+      str = "Locale conversion failed";
+      break;
+    case IDNA_MALLOC_ERROR:
+      str = "Allocation failed";
+      break;
+    case IDNA_DLOPEN_ERROR:
+      str = "dlopen() error";
+      break;
+    default:
+      snprintf(buf, max, "error %d", err);
+      str = NULL;
+      break;
+  }
+#else
+  if((Idna_rc)err == IDNA_SUCCESS)
+    str = "No error";
+  else
+    str = "Error";
+#endif
+  if(str)
+    strncpy(buf, str, max);
+  buf[max] = '\0';
+  return (buf);
+#endif
+}
+#endif  /* USE_LIBIDN */
+
+#ifdef USE_WINDOWS_SSPI
+const char *Curl_sspi_strerror (struct connectdata *conn, int err)
+{
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  char txtbuf[80];
+  char msgbuf[sizeof(conn->syserr_buf)];
+  char *p, *str, *msg = NULL;
+  bool msg_formatted = FALSE;
+  int old_errno;
+#endif
+  const char *txt;
+  char *outbuf;
+  size_t outmax;
+
+  DEBUGASSERT(conn);
+
+  outbuf = conn->syserr_buf;
+  outmax = sizeof(conn->syserr_buf)-1;
+  *outbuf = '\0';
+
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+
+  old_errno = ERRNO;
+
+  switch (err) {
+    case SEC_E_OK:
+      txt = "No error";
+      break;
+    case SEC_E_ALGORITHM_MISMATCH:
+      txt = "SEC_E_ALGORITHM_MISMATCH";
+      break;
+    case SEC_E_BAD_BINDINGS:
+      txt = "SEC_E_BAD_BINDINGS";
+      break;
+    case SEC_E_BAD_PKGID:
+      txt = "SEC_E_BAD_PKGID";
+      break;
+    case SEC_E_BUFFER_TOO_SMALL:
+      txt = "SEC_E_BUFFER_TOO_SMALL";
+      break;
+    case SEC_E_CANNOT_INSTALL:
+      txt = "SEC_E_CANNOT_INSTALL";
+      break;
+    case SEC_E_CANNOT_PACK:
+      txt = "SEC_E_CANNOT_PACK";
+      break;
+    case SEC_E_CERT_EXPIRED:
+      txt = "SEC_E_CERT_EXPIRED";
+      break;
+    case SEC_E_CERT_UNKNOWN:
+      txt = "SEC_E_CERT_UNKNOWN";
+      break;
+    case SEC_E_CERT_WRONG_USAGE:
+      txt = "SEC_E_CERT_WRONG_USAGE";
+      break;
+    case SEC_E_CONTEXT_EXPIRED:
+      txt = "SEC_E_CONTEXT_EXPIRED";
+      break;
+    case SEC_E_CROSSREALM_DELEGATION_FAILURE:
+      txt = "SEC_E_CROSSREALM_DELEGATION_FAILURE";
+      break;
+    case SEC_E_CRYPTO_SYSTEM_INVALID:
+      txt = "SEC_E_CRYPTO_SYSTEM_INVALID";
+      break;
+    case SEC_E_DECRYPT_FAILURE:
+      txt = "SEC_E_DECRYPT_FAILURE";
+      break;
+    case SEC_E_DELEGATION_POLICY:
+      txt = "SEC_E_DELEGATION_POLICY";
+      break;
+    case SEC_E_DELEGATION_REQUIRED:
+      txt = "SEC_E_DELEGATION_REQUIRED";
+      break;
+    case SEC_E_DOWNGRADE_DETECTED:
+      txt = "SEC_E_DOWNGRADE_DETECTED";
+      break;
+    case SEC_E_ENCRYPT_FAILURE:
+      txt = "SEC_E_ENCRYPT_FAILURE";
+      break;
+    case SEC_E_ILLEGAL_MESSAGE:
+      txt = "SEC_E_ILLEGAL_MESSAGE";
+      break;
+    case SEC_E_INCOMPLETE_CREDENTIALS:
+      txt = "SEC_E_INCOMPLETE_CREDENTIALS";
+      break;
+    case SEC_E_INCOMPLETE_MESSAGE:
+      txt = "SEC_E_INCOMPLETE_MESSAGE";
+      break;
+    case SEC_E_INSUFFICIENT_MEMORY:
+      txt = "SEC_E_INSUFFICIENT_MEMORY";
+      break;
+    case SEC_E_INTERNAL_ERROR:
+      txt = "SEC_E_INTERNAL_ERROR";
+      break;
+    case SEC_E_INVALID_HANDLE:
+      txt = "SEC_E_INVALID_HANDLE";
+      break;
+    case SEC_E_INVALID_PARAMETER:
+      txt = "SEC_E_INVALID_PARAMETER";
+      break;
+    case SEC_E_INVALID_TOKEN:
+      txt = "SEC_E_INVALID_TOKEN";
+      break;
+    case SEC_E_ISSUING_CA_UNTRUSTED:
+      txt = "SEC_E_ISSUING_CA_UNTRUSTED";
+      break;
+    case SEC_E_ISSUING_CA_UNTRUSTED_KDC:
+      txt = "SEC_E_ISSUING_CA_UNTRUSTED_KDC";
+      break;
+    case SEC_E_KDC_CERT_EXPIRED:
+      txt = "SEC_E_KDC_CERT_EXPIRED";
+      break;
+    case SEC_E_KDC_CERT_REVOKED:
+      txt = "SEC_E_KDC_CERT_REVOKED";
+      break;
+    case SEC_E_KDC_INVALID_REQUEST:
+      txt = "SEC_E_KDC_INVALID_REQUEST";
+      break;
+    case SEC_E_KDC_UNABLE_TO_REFER:
+      txt = "SEC_E_KDC_UNABLE_TO_REFER";
+      break;
+    case SEC_E_KDC_UNKNOWN_ETYPE:
+      txt = "SEC_E_KDC_UNKNOWN_ETYPE";
+      break;
+    case SEC_E_LOGON_DENIED:
+      txt = "SEC_E_LOGON_DENIED";
+      break;
+    case SEC_E_MAX_REFERRALS_EXCEEDED:
+      txt = "SEC_E_MAX_REFERRALS_EXCEEDED";
+      break;
+    case SEC_E_MESSAGE_ALTERED:
+      txt = "SEC_E_MESSAGE_ALTERED";
+      break;
+    case SEC_E_MULTIPLE_ACCOUNTS:
+      txt = "SEC_E_MULTIPLE_ACCOUNTS";
+      break;
+    case SEC_E_MUST_BE_KDC:
+      txt = "SEC_E_MUST_BE_KDC";
+      break;
+    case SEC_E_NOT_OWNER:
+      txt = "SEC_E_NOT_OWNER";
+      break;
+    case SEC_E_NO_AUTHENTICATING_AUTHORITY:
+      txt = "SEC_E_NO_AUTHENTICATING_AUTHORITY";
+      break;
+    case SEC_E_NO_CREDENTIALS:
+      txt = "SEC_E_NO_CREDENTIALS";
+      break;
+    case SEC_E_NO_IMPERSONATION:
+      txt = "SEC_E_NO_IMPERSONATION";
+      break;
+    case SEC_E_NO_IP_ADDRESSES:
+      txt = "SEC_E_NO_IP_ADDRESSES";
+      break;
+    case SEC_E_NO_KERB_KEY:
+      txt = "SEC_E_NO_KERB_KEY";
+      break;
+    case SEC_E_NO_PA_DATA:
+      txt = "SEC_E_NO_PA_DATA";
+      break;
+    case SEC_E_NO_S4U_PROT_SUPPORT:
+      txt = "SEC_E_NO_S4U_PROT_SUPPORT";
+      break;
+    case SEC_E_NO_TGT_REPLY:
+      txt = "SEC_E_NO_TGT_REPLY";
+      break;
+    case SEC_E_OUT_OF_SEQUENCE:
+      txt = "SEC_E_OUT_OF_SEQUENCE";
+      break;
+    case SEC_E_PKINIT_CLIENT_FAILURE:
+      txt = "SEC_E_PKINIT_CLIENT_FAILURE";
+      break;
+    case SEC_E_PKINIT_NAME_MISMATCH:
+      txt = "SEC_E_PKINIT_NAME_MISMATCH";
+      break;
+    case SEC_E_POLICY_NLTM_ONLY:
+      txt = "SEC_E_POLICY_NLTM_ONLY";
+      break;
+    case SEC_E_QOP_NOT_SUPPORTED:
+      txt = "SEC_E_QOP_NOT_SUPPORTED";
+      break;
+    case SEC_E_REVOCATION_OFFLINE_C:
+      txt = "SEC_E_REVOCATION_OFFLINE_C";
+      break;
+    case SEC_E_REVOCATION_OFFLINE_KDC:
+      txt = "SEC_E_REVOCATION_OFFLINE_KDC";
+      break;
+    case SEC_E_SECPKG_NOT_FOUND:
+      txt = "SEC_E_SECPKG_NOT_FOUND";
+      break;
+    case SEC_E_SECURITY_QOS_FAILED:
+      txt = "SEC_E_SECURITY_QOS_FAILED";
+      break;
+    case SEC_E_SHUTDOWN_IN_PROGRESS:
+      txt = "SEC_E_SHUTDOWN_IN_PROGRESS";
+      break;
+    case SEC_E_SMARTCARD_CERT_EXPIRED:
+      txt = "SEC_E_SMARTCARD_CERT_EXPIRED";
+      break;
+    case SEC_E_SMARTCARD_CERT_REVOKED:
+      txt = "SEC_E_SMARTCARD_CERT_REVOKED";
+      break;
+    case SEC_E_SMARTCARD_LOGON_REQUIRED:
+      txt = "SEC_E_SMARTCARD_LOGON_REQUIRED";
+      break;
+    case SEC_E_STRONG_CRYPTO_NOT_SUPPORTED:
+      txt = "SEC_E_STRONG_CRYPTO_NOT_SUPPORTED";
+      break;
+    case SEC_E_TARGET_UNKNOWN:
+      txt = "SEC_E_TARGET_UNKNOWN";
+      break;
+    case SEC_E_TIME_SKEW:
+      txt = "SEC_E_TIME_SKEW";
+      break;
+    case SEC_E_TOO_MANY_PRINCIPALS:
+      txt = "SEC_E_TOO_MANY_PRINCIPALS";
+      break;
+    case SEC_E_UNFINISHED_CONTEXT_DELETED:
+      txt = "SEC_E_UNFINISHED_CONTEXT_DELETED";
+      break;
+    case SEC_E_UNKNOWN_CREDENTIALS:
+      txt = "SEC_E_UNKNOWN_CREDENTIALS";
+      break;
+    case SEC_E_UNSUPPORTED_FUNCTION:
+      txt = "SEC_E_UNSUPPORTED_FUNCTION";
+      break;
+    case SEC_E_UNSUPPORTED_PREAUTH:
+      txt = "SEC_E_UNSUPPORTED_PREAUTH";
+      break;
+    case SEC_E_UNTRUSTED_ROOT:
+      txt = "SEC_E_UNTRUSTED_ROOT";
+      break;
+    case SEC_E_WRONG_CREDENTIAL_HANDLE:
+      txt = "SEC_E_WRONG_CREDENTIAL_HANDLE";
+      break;
+    case SEC_E_WRONG_PRINCIPAL:
+      txt = "SEC_E_WRONG_PRINCIPAL";
+      break;
+    case SEC_I_COMPLETE_AND_CONTINUE:
+      txt = "SEC_I_COMPLETE_AND_CONTINUE";
+      break;
+    case SEC_I_COMPLETE_NEEDED:
+      txt = "SEC_I_COMPLETE_NEEDED";
+      break;
+    case SEC_I_CONTEXT_EXPIRED:
+      txt = "SEC_I_CONTEXT_EXPIRED";
+      break;
+    case SEC_I_CONTINUE_NEEDED:
+      txt = "SEC_I_CONTINUE_NEEDED";
+      break;
+    case SEC_I_INCOMPLETE_CREDENTIALS:
+      txt = "SEC_I_INCOMPLETE_CREDENTIALS";
+      break;
+    case SEC_I_LOCAL_LOGON:
+      txt = "SEC_I_LOCAL_LOGON";
+      break;
+    case SEC_I_NO_LSA_CONTEXT:
+      txt = "SEC_I_NO_LSA_CONTEXT";
+      break;
+    case SEC_I_RENEGOTIATE:
+      txt = "SEC_I_RENEGOTIATE";
+      break;
+    case SEC_I_SIGNATURE_NEEDED:
+      txt = "SEC_I_SIGNATURE_NEEDED";
+      break;
+    default:
+      txt = "Unknown error";
+  }
+
+  if(err == SEC_E_OK)
+    strncpy(outbuf, txt, outmax);
+  else {
+    str = txtbuf;
+    snprintf(txtbuf, sizeof(txtbuf), "%s (0x%04X%04X)",
+             txt, (err >> 16) & 0xffff, err & 0xffff);
+    txtbuf[sizeof(txtbuf)-1] = '\0';
+
+#ifdef _WIN32_WCE
+    {
+      wchar_t wbuf[256];
+      wbuf[0] = L'\0';
+
+      if(FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
+                       FORMAT_MESSAGE_IGNORE_INSERTS,
+                       NULL, err, LANG_NEUTRAL,
+                       wbuf, sizeof(wbuf)/sizeof(wchar_t), NULL)) {
+        wcstombs(msgbuf,wbuf,sizeof(msgbuf)-1);
+        msg_formatted = TRUE;
+      }
+    }
+#else
+    if(FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM |
+                      FORMAT_MESSAGE_IGNORE_INSERTS,
+                      NULL, err, LANG_NEUTRAL,
+                      msgbuf, sizeof(msgbuf)-1, NULL)) {
+      msg_formatted = TRUE;
+    }
+#endif
+    if(msg_formatted) {
+      msgbuf[sizeof(msgbuf)-1] = '\0';
+      /* strip trailing '\r\n' or '\n' */
+      if((p = strrchr(msgbuf,'\n')) != NULL && (p - msgbuf) >= 2)
+         *p = '\0';
+      if((p = strrchr(msgbuf,'\r')) != NULL && (p - msgbuf) >= 1)
+         *p = '\0';
+      msg = msgbuf;
+    }
+    if(msg)
+      snprintf(outbuf, outmax, "%s - %s", str, msg);
+    else
+      strncpy(outbuf, str, outmax);
+  }
+
+  if(old_errno != ERRNO)
+    SET_ERRNO(old_errno);
+
+#else
+
+  if(err == SEC_E_OK)
+    txt = "No error";
+  else
+    txt = "Error";
+
+  strncpy(outbuf, txt, outmax);
+
+#endif
+
+  outbuf[outmax] = '\0';
+
+  return outbuf;
+}
+#endif /* USE_WINDOWS_SSPI */
diff --git a/Utilities/cmcurl/strerror.h b/Utilities/cmcurl/lib/strerror.h
index b280504..f1b2221 100644
--- a/Utilities/cmcurl/strerror.h
+++ b/Utilities/cmcurl/lib/strerror.h
@@ -1,5 +1,5 @@
-#ifndef __CURL_STRERROR_H
-#define __CURL_STRERROR_H
+#ifndef HEADER_CURL_STRERROR_H
+#define HEADER_CURL_STRERROR_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 #include "urldata.h"
@@ -31,4 +30,8 @@ const char *Curl_strerror (struct connectdata *conn, int err);
 const char *Curl_idn_strerror (struct connectdata *conn, int err);
 #endif
 
+#ifdef USE_WINDOWS_SSPI
+const char *Curl_sspi_strerror (struct connectdata *conn, int err);
 #endif
+
+#endif /* HEADER_CURL_STRERROR_H */
diff --git a/Utilities/cmcurl/strtok.c b/Utilities/cmcurl/lib/strtok.c
index 630e4e0..0d31351 100644
--- a/Utilities/cmcurl/strtok.c
+++ b/Utilities/cmcurl/lib/strtok.c
@@ -1,16 +1,16 @@
 /***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
+ *
  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  * copies of the Software, and permit persons to whom the Software is
  * furnished to do so, under the terms of the COPYING file.
@@ -18,29 +18,27 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
 
 #ifndef HAVE_STRTOK_R
 #include <stddef.h>
-#include <string.h>
 
 #include "strtok.h"
 
 char *
 Curl_strtok_r(char *ptr, const char *sep, char **end)
 {
-  if (!ptr)
+  if(!ptr)
     /* we got NULL input so then we get our last position instead */
     ptr = *end;
 
   /* pass all letters that are including in the separator string */
-  while (*ptr && strchr(sep, *ptr))
+  while(*ptr && strchr(sep, *ptr))
     ++ptr;
 
-  if (*ptr) {
+  if(*ptr) {
     /* so this is where the next piece of string starts */
     char *start = ptr;
 
@@ -49,10 +47,10 @@ Curl_strtok_r(char *ptr, const char *sep, char **end)
 
     /* scan through the string to find where it ends, it ends on a
        null byte or a character that exists in the separator string */
-    while (**end && !strchr(sep, **end))
+    while(**end && !strchr(sep, **end))
       ++*end;
 
-    if (**end) {
+    if(**end) {
       /* the end is not a null byte */
       **end = '\0';  /* zero terminate it! */
       ++*end;        /* advance the last pointer to beyond the null byte */
diff --git a/Utilities/cmcurl/lib/strtok.h b/Utilities/cmcurl/lib/strtok.h
new file mode 100644
index 0000000..1147d70
--- /dev/null
+++ b/Utilities/cmcurl/lib/strtok.h
@@ -0,0 +1,34 @@
+#ifndef HEADER_CURL_STRTOK_H
+#define HEADER_CURL_STRTOK_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+#include <stddef.h>
+
+#ifndef HAVE_STRTOK_R
+char *Curl_strtok_r(char *s, const char *delim, char **last);
+#define strtok_r Curl_strtok_r
+#else
+#include <string.h>
+#endif
+
+#endif /* HEADER_CURL_STRTOK_H */
diff --git a/Utilities/cmcurl/strtoofft.c b/Utilities/cmcurl/lib/strtoofft.c
index 3ab1bfd..03a97e8 100644
--- a/Utilities/cmcurl/strtoofft.c
+++ b/Utilities/cmcurl/lib/strtoofft.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,10 +18,10 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
+#include "curl_setup.h"
+
 #include "strtoofft.h"
 
 /*
@@ -33,9 +33,17 @@
  */
 
 #ifdef NEED_CURL_STRTOLL
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
+
+/* Range tests can be used for alphanum decoding if characters are consecutive,
+   like in ASCII. Else an array is scanned. Determine this condition now. */
+
+#if('9' - '0') != 9 || ('Z' - 'A') != 25 || ('z' - 'a') != 25
+
+#define NO_RANGE_TEST
+
+static const char valchars[] =
+            "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+#endif
 
 static int get_char(char c, int base);
 
@@ -55,35 +63,35 @@ curlx_strtoll(const char *nptr, char **endptr, int base)
 
   /* Skip leading whitespace. */
   end = (char *)nptr;
-  while (ISSPACE(end[0])) {
+  while(ISSPACE(end[0])) {
     end++;
   }
 
   /* Handle the sign, if any. */
-  if (end[0] == '-') {
+  if(end[0] == '-') {
     is_negative = 1;
     end++;
   }
-  else if (end[0] == '+') {
+  else if(end[0] == '+') {
     end++;
   }
-  else if (end[0] == '\0') {
+  else if(end[0] == '\0') {
     /* We had nothing but perhaps some whitespace -- there was no number. */
-    if (endptr) {
+    if(endptr) {
       *endptr = end;
     }
     return 0;
   }
 
   /* Handle special beginnings, if present and allowed. */
-  if (end[0] == '0' && end[1] == 'x') {
-    if (base == 16 || base == 0) {
+  if(end[0] == '0' && end[1] == 'x') {
+    if(base == 16 || base == 0) {
       end += 2;
       base = 16;
     }
   }
-  else if (end[0] == '0') {
-    if (base == 8 || base == 0) {
+  else if(end[0] == '0') {
+    if(base == 8 || base == 0) {
       end++;
       base = 8;
     }
@@ -92,18 +100,18 @@ curlx_strtoll(const char *nptr, char **endptr, int base)
   /* Matching strtol, if the base is 0 and it doesn't look like
    * the number is octal or hex, we assume it's base 10.
    */
-  if (base == 0) {
+  if(base == 0) {
     base = 10;
   }
 
   /* Loop handling digits. */
   value = 0;
   overflow = 0;
-  for (i = get_char(end[0], base);
-       i != -1;
-       end++, i = get_char(end[0], base)) {
+  for(i = get_char(end[0], base);
+      i != -1;
+      end++, i = get_char(end[0], base)) {
     newval = base * value + i;
-    if (newval < value) {
+    if(newval < value) {
       /* We've overflowed. */
       overflow = 1;
       break;
@@ -112,22 +120,22 @@ curlx_strtoll(const char *nptr, char **endptr, int base)
       value = newval;
   }
 
-  if (!overflow) {
-    if (is_negative) {
+  if(!overflow) {
+    if(is_negative) {
       /* Fix the sign. */
       value *= -1;
     }
   }
   else {
-    if (is_negative)
-      value = CURL_LLONG_MIN;
+    if(is_negative)
+      value = CURL_OFF_T_MIN;
     else
-      value = CURL_LLONG_MAX;
+      value = CURL_OFF_T_MAX;
 
-    errno = ERANGE;
+    SET_ERRNO(ERANGE);
   }
 
-  if (endptr)
+  if(endptr)
     *endptr = end;
 
   return value;
@@ -145,18 +153,33 @@ curlx_strtoll(const char *nptr, char **endptr, int base)
  */
 static int get_char(char c, int base)
 {
+#ifndef NO_RANGE_TEST
   int value = -1;
-  if (c <= '9' && c >= '0') {
+  if(c <= '9' && c >= '0') {
     value = c - '0';
   }
-  else if (c <= 'Z' && c >= 'A') {
+  else if(c <= 'Z' && c >= 'A') {
     value = c - 'A' + 10;
   }
-  else if (c <= 'z' && c >= 'a') {
+  else if(c <= 'z' && c >= 'a') {
     value = c - 'a' + 10;
   }
+#else
+  const char * cp;
+  int value;
+
+  cp = memchr(valchars, c, 10 + 26 + 26);
+
+  if(!cp)
+    return -1;
+
+  value = cp - valchars;
+
+  if(value >= 10 + 26)
+    value -= 26;                /* Lowercase. */
+#endif
 
-  if (value >= base) {
+  if(value >= base) {
     value = -1;
   }
 
diff --git a/Utilities/cmcurl/lib/strtoofft.h b/Utilities/cmcurl/lib/strtoofft.h
new file mode 100644
index 0000000..b812a67
--- /dev/null
+++ b/Utilities/cmcurl/lib/strtoofft.h
@@ -0,0 +1,68 @@
+#ifndef HEADER_CURL_STRTOOFFT_H
+#define HEADER_CURL_STRTOOFFT_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+/*
+ * Determine which string to integral data type conversion function we use
+ * to implement string conversion to our curl_off_t integral data type.
+ *
+ * Notice that curl_off_t might be 64 or 32 bit wide, and that it might use
+ * an underlying data type which might be 'long', 'int64_t', 'long long' or
+ * '__int64' and more remotely other data types.
+ *
+ * On systems where the size of curl_off_t is greater than the size of 'long'
+ * the conversion function to use is strtoll() if it is available, otherwise,
+ * we emulate its functionality with our own clone.
+ *
+ * On systems where the size of curl_off_t is smaller or equal than the size
+ * of 'long' the conversion function to use is strtol().
+ */
+
+#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG)
+#  ifdef HAVE_STRTOLL
+#    define curlx_strtoofft strtoll
+#  else
+#    if defined(_MSC_VER) && (_MSC_VER >= 1300) && (_INTEGRAL_MAX_BITS >= 64)
+       _CRTIMP __int64 __cdecl _strtoi64(const char *, char **, int);
+#      define curlx_strtoofft _strtoi64
+#    else
+       curl_off_t curlx_strtoll(const char *nptr, char **endptr, int base);
+#      define curlx_strtoofft curlx_strtoll
+#      define NEED_CURL_STRTOLL 1
+#    endif
+#  endif
+#else
+#  define curlx_strtoofft strtol
+#endif
+
+#if (CURL_SIZEOF_CURL_OFF_T == 4)
+#  define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF)
+#else
+   /* assume CURL_SIZEOF_CURL_OFF_T == 8 */
+#  define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF)
+#endif
+#define CURL_OFF_T_MIN (-CURL_OFF_T_MAX - CURL_OFF_T_C(1))
+
+#endif /* HEADER_CURL_STRTOOFFT_H */
diff --git a/Utilities/cmcurl/lib/telnet.c b/Utilities/cmcurl/lib/telnet.c
new file mode 100644
index 0000000..1f03a00
--- /dev/null
+++ b/Utilities/cmcurl/lib/telnet.c
@@ -0,0 +1,1680 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_TELNET
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "transfer.h"
+#include "sendf.h"
+#include "telnet.h"
+#include "connect.h"
+#include "progress.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#define  TELOPTS
+#define  TELCMDS
+
+#include "arpa_telnet.h"
+#include "curl_memory.h"
+#include "select.h"
+#include "strequal.h"
+#include "rawstr.h"
+#include "warnless.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#define SUBBUFSIZE 512
+
+#define CURL_SB_CLEAR(x)  x->subpointer = x->subbuffer
+#define CURL_SB_TERM(x)                                 \
+  do {                                                  \
+    x->subend = x->subpointer;                          \
+    CURL_SB_CLEAR(x);                                   \
+  } WHILE_FALSE
+#define CURL_SB_ACCUM(x,c)                                   \
+  do {                                                       \
+    if(x->subpointer < (x->subbuffer+sizeof x->subbuffer))   \
+      *x->subpointer++ = (c);                                \
+  } WHILE_FALSE
+
+#define  CURL_SB_GET(x) ((*x->subpointer++)&0xff)
+#define  CURL_SB_PEEK(x)   ((*x->subpointer)&0xff)
+#define  CURL_SB_EOF(x) (x->subpointer >= x->subend)
+#define  CURL_SB_LEN(x) (x->subend - x->subpointer)
+
+#ifdef CURL_DISABLE_VERBOSE_STRINGS
+#define printoption(a,b,c,d)  Curl_nop_stmt
+#endif
+
+#ifdef USE_WINSOCK
+typedef FARPROC WSOCK2_FUNC;
+static CURLcode check_wsock2 ( struct SessionHandle *data );
+#endif
+
+static
+CURLcode telrcv(struct connectdata *,
+                const unsigned char *inbuf, /* Data received from socket */
+                ssize_t count);             /* Number of bytes received */
+
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+static void printoption(struct SessionHandle *data,
+                        const char *direction,
+                        int cmd, int option);
+#endif
+
+static void negotiate(struct connectdata *);
+static void send_negotiation(struct connectdata *, int cmd, int option);
+static void set_local_option(struct connectdata *, int cmd, int option);
+static void set_remote_option(struct connectdata *, int cmd, int option);
+
+static void printsub(struct SessionHandle *data,
+                     int direction, unsigned char *pointer,
+                     size_t length);
+static void suboption(struct connectdata *);
+static void sendsuboption(struct connectdata *conn, int option);
+
+static CURLcode telnet_do(struct connectdata *conn, bool *done);
+static CURLcode telnet_done(struct connectdata *conn,
+                                 CURLcode, bool premature);
+static CURLcode send_telnet_data(struct connectdata *conn,
+                                 char *buffer, ssize_t nread);
+
+/* For negotiation compliant to RFC 1143 */
+#define CURL_NO          0
+#define CURL_YES         1
+#define CURL_WANTYES     2
+#define CURL_WANTNO      3
+
+#define CURL_EMPTY       0
+#define CURL_OPPOSITE    1
+
+/*
+ * Telnet receiver states for fsm
+ */
+typedef enum
+{
+   CURL_TS_DATA = 0,
+   CURL_TS_IAC,
+   CURL_TS_WILL,
+   CURL_TS_WONT,
+   CURL_TS_DO,
+   CURL_TS_DONT,
+   CURL_TS_CR,
+   CURL_TS_SB,   /* sub-option collection */
+   CURL_TS_SE   /* looking for sub-option end */
+} TelnetReceive;
+
+struct TELNET {
+  int please_negotiate;
+  int already_negotiated;
+  int us[256];
+  int usq[256];
+  int us_preferred[256];
+  int him[256];
+  int himq[256];
+  int him_preferred[256];
+  int subnegotiation[256];
+  char subopt_ttype[32];             /* Set with suboption TTYPE */
+  char subopt_xdisploc[128];         /* Set with suboption XDISPLOC */
+  unsigned short subopt_wsx;         /* Set with suboption NAWS */
+  unsigned short subopt_wsy;         /* Set with suboption NAWS */
+  struct curl_slist *telnet_vars;    /* Environment variables */
+
+  /* suboptions */
+  unsigned char subbuffer[SUBBUFSIZE];
+  unsigned char *subpointer, *subend;      /* buffer for sub-options */
+
+  TelnetReceive telrcv_state;
+};
+
+
+/*
+ * TELNET protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_telnet = {
+  "TELNET",                             /* scheme */
+  ZERO_NULL,                            /* setup_connection */
+  telnet_do,                            /* do_it */
+  telnet_done,                          /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_TELNET,                          /* defport */
+  CURLPROTO_TELNET,                     /* protocol */
+  PROTOPT_NONE | PROTOPT_NOURLQUERY     /* flags */
+};
+
+
+#ifdef USE_WINSOCK
+static CURLcode
+check_wsock2 ( struct SessionHandle *data )
+{
+  int err;
+  WORD wVersionRequested;
+  WSADATA wsaData;
+
+  DEBUGASSERT(data);
+
+  /* telnet requires at least WinSock 2.0 so ask for it. */
+  wVersionRequested = MAKEWORD(2, 0);
+
+  err = WSAStartup(wVersionRequested, &wsaData);
+
+  /* We must've called this once already, so this call */
+  /* should always succeed.  But, just in case... */
+  if(err != 0) {
+    failf(data,"WSAStartup failed (%d)",err);
+    return CURLE_FAILED_INIT;
+  }
+
+  /* We have to have a WSACleanup call for every successful */
+  /* WSAStartup call. */
+  WSACleanup();
+
+  /* Check that our version is supported */
+  if(LOBYTE(wsaData.wVersion) != LOBYTE(wVersionRequested) ||
+      HIBYTE(wsaData.wVersion) != HIBYTE(wVersionRequested)) {
+      /* Our version isn't supported */
+      failf(data,"insufficient winsock version to support "
+            "telnet");
+      return CURLE_FAILED_INIT;
+  }
+
+  /* Our version is supported */
+  return CURLE_OK;
+}
+#endif
+
+static
+CURLcode init_telnet(struct connectdata *conn)
+{
+  struct TELNET *tn;
+
+  tn = calloc(1, sizeof(struct TELNET));
+  if(!tn)
+    return CURLE_OUT_OF_MEMORY;
+
+  conn->data->req.protop = tn; /* make us known */
+
+  tn->telrcv_state = CURL_TS_DATA;
+
+  /* Init suboptions */
+  CURL_SB_CLEAR(tn);
+
+  /* Set the options we want by default */
+  tn->us_preferred[CURL_TELOPT_SGA] = CURL_YES;
+  tn->him_preferred[CURL_TELOPT_SGA] = CURL_YES;
+
+  /* To be compliant with previous releases of libcurl
+     we enable this option by default. This behaviour
+         can be changed thanks to the "BINARY" option in
+         CURLOPT_TELNETOPTIONS
+  */
+  tn->us_preferred[CURL_TELOPT_BINARY] = CURL_YES;
+  tn->him_preferred[CURL_TELOPT_BINARY] = CURL_YES;
+
+  /* We must allow the server to echo what we sent
+         but it is not necessary to request the server
+         to do so (it might forces the server to close
+         the connection). Hence, we ignore ECHO in the
+         negotiate function
+  */
+  tn->him_preferred[CURL_TELOPT_ECHO] = CURL_YES;
+
+  /* Set the subnegotiation fields to send information
+    just after negotiation passed (do/will)
+
+     Default values are (0,0) initialized by calloc.
+     According to the RFC1013 it is valid:
+     A value equal to zero is acceptable for the width (or height),
+         and means that no character width (or height) is being sent.
+         In this case, the width (or height) that will be assumed by the
+         Telnet server is operating system specific (it will probably be
+         based upon the terminal type information that may have been sent
+         using the TERMINAL TYPE Telnet option). */
+  tn->subnegotiation[CURL_TELOPT_NAWS] = CURL_YES;
+  return CURLE_OK;
+}
+
+static void negotiate(struct connectdata *conn)
+{
+  int i;
+  struct TELNET *tn = (struct TELNET *) conn->data->req.protop;
+
+  for(i = 0;i < CURL_NTELOPTS;i++) {
+    if(i==CURL_TELOPT_ECHO)
+      continue;
+
+    if(tn->us_preferred[i] == CURL_YES)
+      set_local_option(conn, i, CURL_YES);
+
+    if(tn->him_preferred[i] == CURL_YES)
+      set_remote_option(conn, i, CURL_YES);
+  }
+}
+
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+static void printoption(struct SessionHandle *data,
+                        const char *direction, int cmd, int option)
+{
+  const char *fmt;
+  const char *opt;
+
+  if(data->set.verbose) {
+    if(cmd == CURL_IAC) {
+      if(CURL_TELCMD_OK(option))
+        infof(data, "%s IAC %s\n", direction, CURL_TELCMD(option));
+      else
+        infof(data, "%s IAC %d\n", direction, option);
+    }
+    else {
+      fmt = (cmd == CURL_WILL) ? "WILL" : (cmd == CURL_WONT) ? "WONT" :
+        (cmd == CURL_DO) ? "DO" : (cmd == CURL_DONT) ? "DONT" : 0;
+      if(fmt) {
+        if(CURL_TELOPT_OK(option))
+          opt = CURL_TELOPT(option);
+        else if(option == CURL_TELOPT_EXOPL)
+          opt = "EXOPL";
+        else
+          opt = NULL;
+
+        if(opt)
+          infof(data, "%s %s %s\n", direction, fmt, opt);
+        else
+          infof(data, "%s %s %d\n", direction, fmt, option);
+      }
+      else
+        infof(data, "%s %d %d\n", direction, cmd, option);
+    }
+  }
+}
+#endif
+
+static void send_negotiation(struct connectdata *conn, int cmd, int option)
+{
+   unsigned char buf[3];
+   ssize_t bytes_written;
+   int err;
+   struct SessionHandle *data = conn->data;
+
+   buf[0] = CURL_IAC;
+   buf[1] = (unsigned char)cmd;
+   buf[2] = (unsigned char)option;
+
+   bytes_written = swrite(conn->sock[FIRSTSOCKET], buf, 3);
+   if(bytes_written < 0) {
+     err = SOCKERRNO;
+     failf(data,"Sending data failed (%d)",err);
+   }
+
+   printoption(conn->data, "SENT", cmd, option);
+}
+
+static
+void set_remote_option(struct connectdata *conn, int option, int newstate)
+{
+  struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
+  if(newstate == CURL_YES) {
+    switch(tn->him[option]) {
+    case CURL_NO:
+      tn->him[option] = CURL_WANTYES;
+      send_negotiation(conn, CURL_DO, option);
+      break;
+
+    case CURL_YES:
+      /* Already enabled */
+      break;
+
+    case CURL_WANTNO:
+      switch(tn->himq[option]) {
+      case CURL_EMPTY:
+        /* Already negotiating for CURL_YES, queue the request */
+        tn->himq[option] = CURL_OPPOSITE;
+        break;
+      case CURL_OPPOSITE:
+        /* Error: already queued an enable request */
+        break;
+      }
+      break;
+
+    case CURL_WANTYES:
+      switch(tn->himq[option]) {
+      case CURL_EMPTY:
+        /* Error: already negotiating for enable */
+        break;
+      case CURL_OPPOSITE:
+        tn->himq[option] = CURL_EMPTY;
+        break;
+      }
+      break;
+    }
+  }
+  else { /* NO */
+    switch(tn->him[option]) {
+    case CURL_NO:
+      /* Already disabled */
+      break;
+
+    case CURL_YES:
+      tn->him[option] = CURL_WANTNO;
+      send_negotiation(conn, CURL_DONT, option);
+      break;
+
+    case CURL_WANTNO:
+      switch(tn->himq[option]) {
+      case CURL_EMPTY:
+        /* Already negotiating for NO */
+        break;
+      case CURL_OPPOSITE:
+        tn->himq[option] = CURL_EMPTY;
+        break;
+      }
+      break;
+
+    case CURL_WANTYES:
+      switch(tn->himq[option]) {
+      case CURL_EMPTY:
+        tn->himq[option] = CURL_OPPOSITE;
+        break;
+      case CURL_OPPOSITE:
+        break;
+      }
+      break;
+    }
+  }
+}
+
+static
+void rec_will(struct connectdata *conn, int option)
+{
+  struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
+  switch(tn->him[option]) {
+  case CURL_NO:
+    if(tn->him_preferred[option] == CURL_YES) {
+      tn->him[option] = CURL_YES;
+      send_negotiation(conn, CURL_DO, option);
+    }
+    else
+      send_negotiation(conn, CURL_DONT, option);
+
+    break;
+
+  case CURL_YES:
+    /* Already enabled */
+    break;
+
+  case CURL_WANTNO:
+    switch(tn->himq[option]) {
+    case CURL_EMPTY:
+      /* Error: DONT answered by WILL */
+      tn->him[option] = CURL_NO;
+      break;
+    case CURL_OPPOSITE:
+      /* Error: DONT answered by WILL */
+      tn->him[option] = CURL_YES;
+      tn->himq[option] = CURL_EMPTY;
+      break;
+    }
+    break;
+
+  case CURL_WANTYES:
+    switch(tn->himq[option]) {
+    case CURL_EMPTY:
+      tn->him[option] = CURL_YES;
+      break;
+    case CURL_OPPOSITE:
+      tn->him[option] = CURL_WANTNO;
+      tn->himq[option] = CURL_EMPTY;
+      send_negotiation(conn, CURL_DONT, option);
+      break;
+    }
+    break;
+  }
+}
+
+static
+void rec_wont(struct connectdata *conn, int option)
+{
+  struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
+  switch(tn->him[option]) {
+  case CURL_NO:
+    /* Already disabled */
+    break;
+
+  case CURL_YES:
+    tn->him[option] = CURL_NO;
+    send_negotiation(conn, CURL_DONT, option);
+    break;
+
+  case CURL_WANTNO:
+    switch(tn->himq[option]) {
+    case CURL_EMPTY:
+      tn->him[option] = CURL_NO;
+      break;
+
+    case CURL_OPPOSITE:
+      tn->him[option] = CURL_WANTYES;
+      tn->himq[option] = CURL_EMPTY;
+      send_negotiation(conn, CURL_DO, option);
+      break;
+    }
+    break;
+
+  case CURL_WANTYES:
+    switch(tn->himq[option]) {
+    case CURL_EMPTY:
+      tn->him[option] = CURL_NO;
+      break;
+    case CURL_OPPOSITE:
+      tn->him[option] = CURL_NO;
+      tn->himq[option] = CURL_EMPTY;
+      break;
+    }
+    break;
+  }
+}
+
+static void
+set_local_option(struct connectdata *conn, int option, int newstate)
+{
+  struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
+  if(newstate == CURL_YES) {
+    switch(tn->us[option]) {
+    case CURL_NO:
+      tn->us[option] = CURL_WANTYES;
+      send_negotiation(conn, CURL_WILL, option);
+      break;
+
+    case CURL_YES:
+      /* Already enabled */
+      break;
+
+    case CURL_WANTNO:
+      switch(tn->usq[option]) {
+      case CURL_EMPTY:
+        /* Already negotiating for CURL_YES, queue the request */
+        tn->usq[option] = CURL_OPPOSITE;
+        break;
+      case CURL_OPPOSITE:
+        /* Error: already queued an enable request */
+        break;
+      }
+      break;
+
+    case CURL_WANTYES:
+      switch(tn->usq[option]) {
+      case CURL_EMPTY:
+        /* Error: already negotiating for enable */
+        break;
+      case CURL_OPPOSITE:
+        tn->usq[option] = CURL_EMPTY;
+        break;
+      }
+      break;
+    }
+  }
+  else { /* NO */
+    switch(tn->us[option]) {
+    case CURL_NO:
+      /* Already disabled */
+      break;
+
+    case CURL_YES:
+      tn->us[option] = CURL_WANTNO;
+      send_negotiation(conn, CURL_WONT, option);
+      break;
+
+    case CURL_WANTNO:
+      switch(tn->usq[option]) {
+      case CURL_EMPTY:
+        /* Already negotiating for NO */
+        break;
+      case CURL_OPPOSITE:
+        tn->usq[option] = CURL_EMPTY;
+        break;
+      }
+      break;
+
+    case CURL_WANTYES:
+      switch(tn->usq[option]) {
+      case CURL_EMPTY:
+        tn->usq[option] = CURL_OPPOSITE;
+        break;
+      case CURL_OPPOSITE:
+        break;
+      }
+      break;
+    }
+  }
+}
+
+static
+void rec_do(struct connectdata *conn, int option)
+{
+  struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
+  switch(tn->us[option]) {
+  case CURL_NO:
+    if(tn->us_preferred[option] == CURL_YES) {
+      tn->us[option] = CURL_YES;
+      send_negotiation(conn, CURL_WILL, option);
+      if(tn->subnegotiation[option] == CURL_YES)
+        /* transmission of data option */
+        sendsuboption(conn, option);
+    }
+    else if(tn->subnegotiation[option] == CURL_YES) {
+      /* send information to achieve this option*/
+      tn->us[option] = CURL_YES;
+      send_negotiation(conn, CURL_WILL, option);
+      sendsuboption(conn, option);
+    }
+    else
+      send_negotiation(conn, CURL_WONT, option);
+    break;
+
+  case CURL_YES:
+    /* Already enabled */
+    break;
+
+  case CURL_WANTNO:
+    switch(tn->usq[option]) {
+    case CURL_EMPTY:
+      /* Error: DONT answered by WILL */
+      tn->us[option] = CURL_NO;
+      break;
+    case CURL_OPPOSITE:
+      /* Error: DONT answered by WILL */
+      tn->us[option] = CURL_YES;
+      tn->usq[option] = CURL_EMPTY;
+      break;
+    }
+    break;
+
+  case CURL_WANTYES:
+    switch(tn->usq[option]) {
+    case CURL_EMPTY:
+      tn->us[option] = CURL_YES;
+      if(tn->subnegotiation[option] == CURL_YES) {
+        /* transmission of data option */
+        sendsuboption(conn, option);
+      }
+      break;
+    case CURL_OPPOSITE:
+      tn->us[option] = CURL_WANTNO;
+      tn->himq[option] = CURL_EMPTY;
+      send_negotiation(conn, CURL_WONT, option);
+      break;
+    }
+    break;
+  }
+}
+
+static
+void rec_dont(struct connectdata *conn, int option)
+{
+  struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
+  switch(tn->us[option]) {
+  case CURL_NO:
+    /* Already disabled */
+    break;
+
+  case CURL_YES:
+    tn->us[option] = CURL_NO;
+    send_negotiation(conn, CURL_WONT, option);
+    break;
+
+  case CURL_WANTNO:
+    switch(tn->usq[option]) {
+    case CURL_EMPTY:
+      tn->us[option] = CURL_NO;
+      break;
+
+    case CURL_OPPOSITE:
+      tn->us[option] = CURL_WANTYES;
+      tn->usq[option] = CURL_EMPTY;
+      send_negotiation(conn, CURL_WILL, option);
+      break;
+    }
+    break;
+
+  case CURL_WANTYES:
+    switch(tn->usq[option]) {
+    case CURL_EMPTY:
+      tn->us[option] = CURL_NO;
+      break;
+    case CURL_OPPOSITE:
+      tn->us[option] = CURL_NO;
+      tn->usq[option] = CURL_EMPTY;
+      break;
+    }
+    break;
+  }
+}
+
+
+static void printsub(struct SessionHandle *data,
+                     int direction,             /* '<' or '>' */
+                     unsigned char *pointer,    /* where suboption data is */
+                     size_t length)             /* length of suboption data */
+{
+  unsigned int i = 0;
+  unsigned short *pval;
+
+  if(data->set.verbose) {
+    if(direction) {
+      infof(data, "%s IAC SB ", (direction == '<')? "RCVD":"SENT");
+      if(length >= 3) {
+        int j;
+
+        i = pointer[length-2];
+        j = pointer[length-1];
+
+        if(i != CURL_IAC || j != CURL_SE) {
+          infof(data, "(terminated by ");
+          if(CURL_TELOPT_OK(i))
+            infof(data, "%s ", CURL_TELOPT(i));
+          else if(CURL_TELCMD_OK(i))
+            infof(data, "%s ", CURL_TELCMD(i));
+          else
+            infof(data, "%u ", i);
+          if(CURL_TELOPT_OK(j))
+            infof(data, "%s", CURL_TELOPT(j));
+          else if(CURL_TELCMD_OK(j))
+            infof(data, "%s", CURL_TELCMD(j));
+          else
+            infof(data, "%d", j);
+          infof(data, ", not IAC SE!) ");
+        }
+      }
+      length -= 2;
+    }
+    if(length < 1) {
+      infof(data, "(Empty suboption?)");
+      return;
+    }
+
+    if(CURL_TELOPT_OK(pointer[0])) {
+      switch(pointer[0]) {
+      case CURL_TELOPT_TTYPE:
+      case CURL_TELOPT_XDISPLOC:
+      case CURL_TELOPT_NEW_ENVIRON:
+      case CURL_TELOPT_NAWS:
+        infof(data, "%s", CURL_TELOPT(pointer[0]));
+        break;
+      default:
+        infof(data, "%s (unsupported)", CURL_TELOPT(pointer[0]));
+        break;
+      }
+    }
+    else
+      infof(data, "%d (unknown)", pointer[i]);
+
+    switch(pointer[0]) {
+    case CURL_TELOPT_NAWS:
+      pval = (unsigned short*)(pointer+1);
+      infof(data, "Width: %hu ; Height: %hu",
+            ntohs(pval[0]), ntohs(pval[1]));
+      break;
+    default:
+      switch(pointer[1]) {
+      case CURL_TELQUAL_IS:
+        infof(data, " IS");
+        break;
+      case CURL_TELQUAL_SEND:
+        infof(data, " SEND");
+        break;
+      case CURL_TELQUAL_INFO:
+        infof(data, " INFO/REPLY");
+        break;
+      case CURL_TELQUAL_NAME:
+        infof(data, " NAME");
+        break;
+      }
+
+      switch(pointer[0]) {
+      case CURL_TELOPT_TTYPE:
+      case CURL_TELOPT_XDISPLOC:
+        pointer[length] = 0;
+        infof(data, " \"%s\"", &pointer[2]);
+        break;
+      case CURL_TELOPT_NEW_ENVIRON:
+        if(pointer[1] == CURL_TELQUAL_IS) {
+          infof(data, " ");
+          for(i = 3;i < length;i++) {
+            switch(pointer[i]) {
+            case CURL_NEW_ENV_VAR:
+              infof(data, ", ");
+              break;
+            case CURL_NEW_ENV_VALUE:
+              infof(data, " = ");
+              break;
+            default:
+              infof(data, "%c", pointer[i]);
+              break;
+            }
+          }
+        }
+        break;
+      default:
+        for(i = 2; i < length; i++)
+          infof(data, " %.2x", pointer[i]);
+        break;
+      }
+    }
+    if(direction)
+      infof(data, "\n");
+  }
+}
+
+static CURLcode check_telnet_options(struct connectdata *conn)
+{
+  struct curl_slist *head;
+  struct curl_slist *beg;
+  char option_keyword[128] = "";
+  char option_arg[256] = "";
+  struct SessionHandle *data = conn->data;
+  struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
+  CURLcode result = CURLE_OK;
+  int binary_option;
+
+  /* Add the user name as an environment variable if it
+     was given on the command line */
+  if(conn->bits.user_passwd) {
+    snprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user);
+    beg = curl_slist_append(tn->telnet_vars, option_arg);
+    if(!beg) {
+      curl_slist_free_all(tn->telnet_vars);
+      tn->telnet_vars = NULL;
+      return CURLE_OUT_OF_MEMORY;
+    }
+    tn->telnet_vars = beg;
+    tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
+  }
+
+  for(head = data->set.telnet_options; head; head=head->next) {
+    if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
+              option_keyword, option_arg) == 2) {
+
+      /* Terminal type */
+      if(Curl_raw_equal(option_keyword, "TTYPE")) {
+        strncpy(tn->subopt_ttype, option_arg, 31);
+        tn->subopt_ttype[31] = 0; /* String termination */
+        tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES;
+        continue;
+      }
+
+      /* Display variable */
+      if(Curl_raw_equal(option_keyword, "XDISPLOC")) {
+        strncpy(tn->subopt_xdisploc, option_arg, 127);
+        tn->subopt_xdisploc[127] = 0; /* String termination */
+        tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES;
+        continue;
+      }
+
+      /* Environment variable */
+      if(Curl_raw_equal(option_keyword, "NEW_ENV")) {
+        beg = curl_slist_append(tn->telnet_vars, option_arg);
+        if(!beg) {
+          result = CURLE_OUT_OF_MEMORY;
+          break;
+        }
+        tn->telnet_vars = beg;
+        tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
+        continue;
+      }
+
+          /* Window Size */
+      if(Curl_raw_equal(option_keyword, "WS")) {
+        if(sscanf(option_arg, "%hu%*[xX]%hu",
+                  &tn->subopt_wsx, &tn->subopt_wsy) == 2)
+          tn->us_preferred[CURL_TELOPT_NAWS] = CURL_YES;
+        else {
+          failf(data, "Syntax error in telnet option: %s", head->data);
+          result = CURLE_TELNET_OPTION_SYNTAX;
+          break;
+        }
+        continue;
+      }
+
+      /* To take care or not of the 8th bit in data exchange */
+      if(Curl_raw_equal(option_keyword, "BINARY")) {
+        binary_option=atoi(option_arg);
+        if(binary_option!=1) {
+          tn->us_preferred[CURL_TELOPT_BINARY] = CURL_NO;
+          tn->him_preferred[CURL_TELOPT_BINARY] = CURL_NO;
+        }
+        continue;
+      }
+
+      failf(data, "Unknown telnet option %s", head->data);
+      result = CURLE_UNKNOWN_TELNET_OPTION;
+      break;
+    }
+    else {
+      failf(data, "Syntax error in telnet option: %s", head->data);
+      result = CURLE_TELNET_OPTION_SYNTAX;
+      break;
+    }
+  }
+
+  if(result) {
+    curl_slist_free_all(tn->telnet_vars);
+    tn->telnet_vars = NULL;
+  }
+
+  return result;
+}
+
+/*
+ * suboption()
+ *
+ * Look at the sub-option buffer, and try to be helpful to the other
+ * side.
+ */
+
+static void suboption(struct connectdata *conn)
+{
+  struct curl_slist *v;
+  unsigned char temp[2048];
+  ssize_t bytes_written;
+  size_t len;
+  size_t tmplen;
+  int err;
+  char varname[128] = "";
+  char varval[128] = "";
+  struct SessionHandle *data = conn->data;
+  struct TELNET *tn = (struct TELNET *)data->req.protop;
+
+  printsub(data, '<', (unsigned char *)tn->subbuffer, CURL_SB_LEN(tn)+2);
+  switch (CURL_SB_GET(tn)) {
+    case CURL_TELOPT_TTYPE:
+      len = strlen(tn->subopt_ttype) + 4 + 2;
+      snprintf((char *)temp, sizeof(temp),
+               "%c%c%c%c%s%c%c", CURL_IAC, CURL_SB, CURL_TELOPT_TTYPE,
+               CURL_TELQUAL_IS, tn->subopt_ttype, CURL_IAC, CURL_SE);
+      bytes_written = swrite(conn->sock[FIRSTSOCKET], temp, len);
+      if(bytes_written < 0) {
+        err = SOCKERRNO;
+        failf(data,"Sending data failed (%d)",err);
+      }
+      printsub(data, '>', &temp[2], len-2);
+      break;
+    case CURL_TELOPT_XDISPLOC:
+      len = strlen(tn->subopt_xdisploc) + 4 + 2;
+      snprintf((char *)temp, sizeof(temp),
+               "%c%c%c%c%s%c%c", CURL_IAC, CURL_SB, CURL_TELOPT_XDISPLOC,
+               CURL_TELQUAL_IS, tn->subopt_xdisploc, CURL_IAC, CURL_SE);
+      bytes_written = swrite(conn->sock[FIRSTSOCKET], temp, len);
+      if(bytes_written < 0) {
+        err = SOCKERRNO;
+        failf(data,"Sending data failed (%d)",err);
+      }
+      printsub(data, '>', &temp[2], len-2);
+      break;
+    case CURL_TELOPT_NEW_ENVIRON:
+      snprintf((char *)temp, sizeof(temp),
+               "%c%c%c%c", CURL_IAC, CURL_SB, CURL_TELOPT_NEW_ENVIRON,
+               CURL_TELQUAL_IS);
+      len = 4;
+
+      for(v = tn->telnet_vars;v;v = v->next) {
+        tmplen = (strlen(v->data) + 1);
+        /* Add the variable only if it fits */
+        if(len + tmplen < (int)sizeof(temp)-6) {
+          if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
+            snprintf((char *)&temp[len], sizeof(temp) - len,
+                     "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+                     CURL_NEW_ENV_VALUE, varval);
+            len += tmplen;
+          }
+        }
+      }
+      snprintf((char *)&temp[len], sizeof(temp) - len,
+               "%c%c", CURL_IAC, CURL_SE);
+      len += 2;
+      bytes_written = swrite(conn->sock[FIRSTSOCKET], temp, len);
+      if(bytes_written < 0) {
+        err = SOCKERRNO;
+        failf(data,"Sending data failed (%d)",err);
+      }
+      printsub(data, '>', &temp[2], len-2);
+      break;
+  }
+  return;
+}
+
+
+/*
+ * sendsuboption()
+ *
+ * Send suboption information to the server side.
+ */
+
+static void sendsuboption(struct connectdata *conn, int option)
+{
+  ssize_t bytes_written;
+  int err;
+  unsigned short x, y;
+  unsigned char*uc1, *uc2;
+
+  struct SessionHandle *data = conn->data;
+  struct TELNET *tn = (struct TELNET *)data->req.protop;
+
+  switch (option) {
+  case CURL_TELOPT_NAWS:
+    /* We prepare data to be sent */
+    CURL_SB_CLEAR(tn);
+    CURL_SB_ACCUM(tn, CURL_IAC);
+    CURL_SB_ACCUM(tn, CURL_SB);
+    CURL_SB_ACCUM(tn, CURL_TELOPT_NAWS);
+    /* We must deal either with litte or big endien processors */
+    /* Window size must be sent according to the 'network order' */
+    x=htons(tn->subopt_wsx);
+    y=htons(tn->subopt_wsy);
+    uc1 = (unsigned char*)&x;
+    uc2 = (unsigned char*)&y;
+    CURL_SB_ACCUM(tn, uc1[0]);
+    CURL_SB_ACCUM(tn, uc1[1]);
+    CURL_SB_ACCUM(tn, uc2[0]);
+    CURL_SB_ACCUM(tn, uc2[1]);
+
+    CURL_SB_ACCUM(tn, CURL_IAC);
+    CURL_SB_ACCUM(tn, CURL_SE);
+    CURL_SB_TERM(tn);
+    /* data suboption is now ready */
+
+    printsub(data, '>', (unsigned char *)tn->subbuffer+2,
+             CURL_SB_LEN(tn)-2);
+
+    /* we send the header of the suboption... */
+    bytes_written = swrite(conn->sock[FIRSTSOCKET], tn->subbuffer, 3);
+    if(bytes_written < 0) {
+      err = SOCKERRNO;
+      failf(data, "Sending data failed (%d)", err);
+    }
+    /* ... then the window size with the send_telnet_data() function
+       to deal with 0xFF cases ... */
+    send_telnet_data(conn, (char *)tn->subbuffer+3, 4);
+    /* ... and the footer */
+    bytes_written = swrite(conn->sock[FIRSTSOCKET], tn->subbuffer+7, 2);
+    if(bytes_written < 0) {
+      err = SOCKERRNO;
+      failf(data, "Sending data failed (%d)", err);
+    }
+    break;
+  }
+}
+
+
+static
+CURLcode telrcv(struct connectdata *conn,
+                const unsigned char *inbuf, /* Data received from socket */
+                ssize_t count)              /* Number of bytes received */
+{
+  unsigned char c;
+  CURLcode result;
+  int in = 0;
+  int startwrite=-1;
+  struct SessionHandle *data = conn->data;
+  struct TELNET *tn = (struct TELNET *)data->req.protop;
+
+#define startskipping()                                       \
+  if(startwrite >= 0) {                                       \
+    result = Curl_client_write(conn,                          \
+                               CLIENTWRITE_BODY,              \
+                               (char *)&inbuf[startwrite],    \
+                               in-startwrite);                \
+    if(result != CURLE_OK)                                    \
+      return result;                                          \
+  }                                                           \
+  startwrite = -1
+
+#define writebyte() \
+    if(startwrite < 0) \
+      startwrite = in
+
+#define bufferflush() startskipping()
+
+  while(count--) {
+    c = inbuf[in];
+
+    switch (tn->telrcv_state) {
+    case CURL_TS_CR:
+      tn->telrcv_state = CURL_TS_DATA;
+      if(c == '\0') {
+        startskipping();
+        break;   /* Ignore \0 after CR */
+      }
+      writebyte();
+      break;
+
+    case CURL_TS_DATA:
+      if(c == CURL_IAC) {
+        tn->telrcv_state = CURL_TS_IAC;
+        startskipping();
+        break;
+      }
+      else if(c == '\r')
+        tn->telrcv_state = CURL_TS_CR;
+      writebyte();
+      break;
+
+    case CURL_TS_IAC:
+    process_iac:
+      DEBUGASSERT(startwrite < 0);
+      switch (c) {
+      case CURL_WILL:
+        tn->telrcv_state = CURL_TS_WILL;
+        break;
+      case CURL_WONT:
+        tn->telrcv_state = CURL_TS_WONT;
+        break;
+      case CURL_DO:
+        tn->telrcv_state = CURL_TS_DO;
+        break;
+      case CURL_DONT:
+        tn->telrcv_state = CURL_TS_DONT;
+        break;
+      case CURL_SB:
+        CURL_SB_CLEAR(tn);
+        tn->telrcv_state = CURL_TS_SB;
+        break;
+      case CURL_IAC:
+        tn->telrcv_state = CURL_TS_DATA;
+        writebyte();
+        break;
+      case CURL_DM:
+      case CURL_NOP:
+      case CURL_GA:
+      default:
+        tn->telrcv_state = CURL_TS_DATA;
+        printoption(data, "RCVD", CURL_IAC, c);
+        break;
+      }
+      break;
+
+      case CURL_TS_WILL:
+        printoption(data, "RCVD", CURL_WILL, c);
+        tn->please_negotiate = 1;
+        rec_will(conn, c);
+        tn->telrcv_state = CURL_TS_DATA;
+        break;
+
+      case CURL_TS_WONT:
+        printoption(data, "RCVD", CURL_WONT, c);
+        tn->please_negotiate = 1;
+        rec_wont(conn, c);
+        tn->telrcv_state = CURL_TS_DATA;
+        break;
+
+      case CURL_TS_DO:
+        printoption(data, "RCVD", CURL_DO, c);
+        tn->please_negotiate = 1;
+        rec_do(conn, c);
+        tn->telrcv_state = CURL_TS_DATA;
+        break;
+
+      case CURL_TS_DONT:
+        printoption(data, "RCVD", CURL_DONT, c);
+        tn->please_negotiate = 1;
+        rec_dont(conn, c);
+        tn->telrcv_state = CURL_TS_DATA;
+        break;
+
+      case CURL_TS_SB:
+        if(c == CURL_IAC)
+          tn->telrcv_state = CURL_TS_SE;
+        else
+          CURL_SB_ACCUM(tn,c);
+        break;
+
+      case CURL_TS_SE:
+        if(c != CURL_SE) {
+          if(c != CURL_IAC) {
+            /*
+             * This is an error.  We only expect to get "IAC IAC" or "IAC SE".
+             * Several things may have happened.  An IAC was not doubled, the
+             * IAC SE was left off, or another option got inserted into the
+             * suboption are all possibilities.  If we assume that the IAC was
+             * not doubled, and really the IAC SE was left off, we could get
+             * into an infinate loop here.  So, instead, we terminate the
+             * suboption, and process the partial suboption if we can.
+             */
+            CURL_SB_ACCUM(tn, CURL_IAC);
+            CURL_SB_ACCUM(tn, c);
+            tn->subpointer -= 2;
+            CURL_SB_TERM(tn);
+
+            printoption(data, "In SUBOPTION processing, RCVD", CURL_IAC, c);
+            suboption(conn);   /* handle sub-option */
+            tn->telrcv_state = CURL_TS_IAC;
+            goto process_iac;
+          }
+          CURL_SB_ACCUM(tn,c);
+          tn->telrcv_state = CURL_TS_SB;
+        }
+        else
+        {
+          CURL_SB_ACCUM(tn, CURL_IAC);
+          CURL_SB_ACCUM(tn, CURL_SE);
+          tn->subpointer -= 2;
+          CURL_SB_TERM(tn);
+          suboption(conn);   /* handle sub-option */
+          tn->telrcv_state = CURL_TS_DATA;
+        }
+        break;
+    }
+    ++in;
+  }
+  bufferflush();
+  return CURLE_OK;
+}
+
+/* Escape and send a telnet data block */
+/* TODO: write large chunks of data instead of one byte at a time */
+static CURLcode send_telnet_data(struct connectdata *conn,
+                                 char *buffer, ssize_t nread)
+{
+  unsigned char outbuf[2];
+  ssize_t bytes_written, total_written;
+  int out_count;
+  CURLcode rc = CURLE_OK;
+
+  while(rc == CURLE_OK && nread--) {
+    outbuf[0] = *buffer++;
+    out_count = 1;
+    if(outbuf[0] == CURL_IAC)
+      outbuf[out_count++] = CURL_IAC;
+
+    total_written = 0;
+    do {
+      /* Make sure socket is writable to avoid EWOULDBLOCK condition */
+      struct pollfd pfd[1];
+      pfd[0].fd = conn->sock[FIRSTSOCKET];
+      pfd[0].events = POLLOUT;
+      switch (Curl_poll(pfd, 1, -1)) {
+        case -1:                    /* error, abort writing */
+        case 0:                     /* timeout (will never happen) */
+          rc = CURLE_SEND_ERROR;
+          break;
+        default:                    /* write! */
+          bytes_written = 0;
+          rc = Curl_write(conn, conn->sock[FIRSTSOCKET], outbuf+total_written,
+                          out_count-total_written, &bytes_written);
+          total_written += bytes_written;
+          break;
+      }
+    /* handle partial write */
+    } while(rc == CURLE_OK && total_written < out_count);
+  }
+  return rc;
+}
+
+static CURLcode telnet_done(struct connectdata *conn,
+                                 CURLcode status, bool premature)
+{
+  struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
+  (void)status; /* unused */
+  (void)premature; /* not used */
+
+  if(!tn)
+    return CURLE_OK;
+
+  curl_slist_free_all(tn->telnet_vars);
+  tn->telnet_vars = NULL;
+
+  Curl_safefree(conn->data->req.protop);
+
+  return CURLE_OK;
+}
+
+static CURLcode telnet_do(struct connectdata *conn, bool *done)
+{
+  CURLcode code;
+  struct SessionHandle *data = conn->data;
+  curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
+#ifdef USE_WINSOCK
+  HMODULE wsock2;
+  WSOCK2_FUNC close_event_func;
+  WSOCK2_FUNC create_event_func;
+  WSOCK2_FUNC event_select_func;
+  WSOCK2_FUNC enum_netevents_func;
+  WSAEVENT event_handle;
+  WSANETWORKEVENTS events;
+  HANDLE stdin_handle;
+  HANDLE objs[2];
+  DWORD  obj_count;
+  DWORD  wait_timeout;
+  DWORD waitret;
+  DWORD readfile_read;
+  int err;
+#else
+  int interval_ms;
+  struct pollfd pfd[2];
+  int poll_cnt;
+  curl_off_t total_dl = 0;
+  curl_off_t total_ul = 0;
+#endif
+  ssize_t nread;
+  struct timeval now;
+  bool keepon = TRUE;
+  char *buf = data->state.buffer;
+  struct TELNET *tn;
+
+  *done = TRUE; /* unconditionally */
+
+  code = init_telnet(conn);
+  if(code)
+    return code;
+
+  tn = (struct TELNET *)data->req.protop;
+
+  code = check_telnet_options(conn);
+  if(code)
+    return code;
+
+#ifdef USE_WINSOCK
+  /*
+  ** This functionality only works with WinSock >= 2.0.  So,
+  ** make sure have it.
+  */
+  code = check_wsock2(data);
+  if(code)
+    return code;
+
+  /* OK, so we have WinSock 2.0.  We need to dynamically */
+  /* load ws2_32.dll and get the function pointers we need. */
+  wsock2 = LoadLibrary(TEXT("WS2_32.DLL"));
+  if(wsock2 == NULL) {
+    failf(data,"failed to load WS2_32.DLL (%d)", ERRNO);
+    return CURLE_FAILED_INIT;
+  }
+
+  /* Grab a pointer to WSACreateEvent */
+  create_event_func = GetProcAddress(wsock2,"WSACreateEvent");
+  if(create_event_func == NULL) {
+    failf(data,"failed to find WSACreateEvent function (%d)",
+          ERRNO);
+    FreeLibrary(wsock2);
+    return CURLE_FAILED_INIT;
+  }
+
+  /* And WSACloseEvent */
+  close_event_func = GetProcAddress(wsock2,"WSACloseEvent");
+  if(close_event_func == NULL) {
+    failf(data,"failed to find WSACloseEvent function (%d)",
+          ERRNO);
+    FreeLibrary(wsock2);
+    return CURLE_FAILED_INIT;
+  }
+
+  /* And WSAEventSelect */
+  event_select_func = GetProcAddress(wsock2,"WSAEventSelect");
+  if(event_select_func == NULL) {
+    failf(data,"failed to find WSAEventSelect function (%d)",
+          ERRNO);
+    FreeLibrary(wsock2);
+    return CURLE_FAILED_INIT;
+  }
+
+  /* And WSAEnumNetworkEvents */
+  enum_netevents_func = GetProcAddress(wsock2,"WSAEnumNetworkEvents");
+  if(enum_netevents_func == NULL) {
+    failf(data,"failed to find WSAEnumNetworkEvents function (%d)",
+          ERRNO);
+    FreeLibrary(wsock2);
+    return CURLE_FAILED_INIT;
+  }
+
+  /* We want to wait for both stdin and the socket. Since
+  ** the select() function in winsock only works on sockets
+  ** we have to use the WaitForMultipleObjects() call.
+  */
+
+  /* First, create a sockets event object */
+  event_handle = (WSAEVENT)create_event_func();
+  if(event_handle == WSA_INVALID_EVENT) {
+    failf(data,"WSACreateEvent failed (%d)", SOCKERRNO);
+    FreeLibrary(wsock2);
+    return CURLE_FAILED_INIT;
+  }
+
+  /* Tell winsock what events we want to listen to */
+  if(event_select_func(sockfd, event_handle, FD_READ|FD_CLOSE) ==
+     SOCKET_ERROR) {
+    close_event_func(event_handle);
+    FreeLibrary(wsock2);
+    return CURLE_OK;
+  }
+
+  /* The get the Windows file handle for stdin */
+  stdin_handle = GetStdHandle(STD_INPUT_HANDLE);
+
+  /* Create the list of objects to wait for */
+  objs[0] = event_handle;
+  objs[1] = stdin_handle;
+
+  /* If stdin_handle is a pipe, use PeekNamedPipe() method to check it,
+     else use the old WaitForMultipleObjects() way */
+  if(GetFileType(stdin_handle) == FILE_TYPE_PIPE ||
+     data->set.is_fread_set) {
+    /* Don't wait for stdin_handle, just wait for event_handle */
+    obj_count = 1;
+    /* Check stdin_handle per 100 milliseconds */
+    wait_timeout = 100;
+  }
+  else {
+    obj_count = 2;
+    wait_timeout = 1000;
+  }
+
+  /* Keep on listening and act on events */
+  while(keepon) {
+    waitret = WaitForMultipleObjects(obj_count, objs, FALSE, wait_timeout);
+    switch(waitret) {
+    case WAIT_TIMEOUT:
+    {
+      for(;;) {
+        if(obj_count == 1) {
+          /* read from user-supplied method */
+          code = (int)conn->fread_func(buf, 1, BUFSIZE - 1, conn->fread_in);
+          if(code == CURL_READFUNC_ABORT) {
+            keepon = FALSE;
+            code = CURLE_READ_ERROR;
+            break;
+          }
+
+          if(code == CURL_READFUNC_PAUSE)
+            break;
+
+          if(code == 0)                        /* no bytes */
+            break;
+
+          readfile_read = code; /* fall thru with number of bytes read */
+        }
+        else {
+          /* read from stdin */
+          if(!PeekNamedPipe(stdin_handle, NULL, 0, NULL,
+                            &readfile_read, NULL)) {
+            keepon = FALSE;
+            code = CURLE_READ_ERROR;
+            break;
+          }
+
+          if(!readfile_read)
+            break;
+
+          if(!ReadFile(stdin_handle, buf, sizeof(data->state.buffer),
+                       &readfile_read, NULL)) {
+            keepon = FALSE;
+            code = CURLE_READ_ERROR;
+            break;
+          }
+        }
+
+        code = send_telnet_data(conn, buf, readfile_read);
+        if(code) {
+          keepon = FALSE;
+          break;
+        }
+      }
+    }
+    break;
+
+    case WAIT_OBJECT_0 + 1:
+    {
+      if(!ReadFile(stdin_handle, buf, sizeof(data->state.buffer),
+                   &readfile_read, NULL)) {
+        keepon = FALSE;
+        code = CURLE_READ_ERROR;
+        break;
+      }
+
+      code = send_telnet_data(conn, buf, readfile_read);
+      if(code) {
+        keepon = FALSE;
+        break;
+      }
+    }
+    break;
+
+    case WAIT_OBJECT_0:
+
+      events.lNetworkEvents = 0;
+      if(SOCKET_ERROR == enum_netevents_func(sockfd, event_handle, &events)) {
+        if((err = SOCKERRNO) != EINPROGRESS) {
+          infof(data,"WSAEnumNetworkEvents failed (%d)", err);
+          keepon = FALSE;
+          code = CURLE_READ_ERROR;
+        }
+        break;
+      }
+      if(events.lNetworkEvents & FD_READ) {
+        /* read data from network */
+        code = Curl_read(conn, sockfd, buf, BUFSIZE - 1, &nread);
+        /* read would've blocked. Loop again */
+        if(code == CURLE_AGAIN)
+          break;
+        /* returned not-zero, this an error */
+        else if(code) {
+          keepon = FALSE;
+          break;
+        }
+        /* returned zero but actually received 0 or less here,
+           the server closed the connection and we bail out */
+        else if(nread <= 0) {
+          keepon = FALSE;
+          break;
+        }
+
+        code = telrcv(conn, (unsigned char *)buf, nread);
+        if(code) {
+          keepon = FALSE;
+          break;
+        }
+
+        /* Negotiate if the peer has started negotiating,
+           otherwise don't. We don't want to speak telnet with
+           non-telnet servers, like POP or SMTP. */
+        if(tn->please_negotiate && !tn->already_negotiated) {
+          negotiate(conn);
+          tn->already_negotiated = 1;
+        }
+      }
+      if(events.lNetworkEvents & FD_CLOSE) {
+        keepon = FALSE;
+      }
+      break;
+
+    }
+
+    if(data->set.timeout) {
+      now = Curl_tvnow();
+      if(Curl_tvdiff(now, conn->created) >= data->set.timeout) {
+        failf(data, "Time-out");
+        code = CURLE_OPERATION_TIMEDOUT;
+        keepon = FALSE;
+      }
+    }
+  }
+
+  /* We called WSACreateEvent, so call WSACloseEvent */
+  if(!close_event_func(event_handle)) {
+    infof(data,"WSACloseEvent failed (%d)", SOCKERRNO);
+  }
+
+  /* "Forget" pointers into the library we're about to free */
+  create_event_func = NULL;
+  close_event_func = NULL;
+  event_select_func = NULL;
+  enum_netevents_func = NULL;
+
+  /* We called LoadLibrary, so call FreeLibrary */
+  if(!FreeLibrary(wsock2))
+    infof(data,"FreeLibrary(wsock2) failed (%d)", ERRNO);
+#else
+  pfd[0].fd = sockfd;
+  pfd[0].events = POLLIN;
+
+  if(conn->fread_func != (curl_read_callback)fread) {
+    poll_cnt = 1;
+    interval_ms = 100; /* poll user-supplied read function */
+  }
+  else {
+    /* really using fread, so infile is a FILE* */
+    pfd[1].fd = fileno((FILE *)conn->fread_in);
+    pfd[1].events = POLLIN;
+    poll_cnt = 2;
+    interval_ms = 1 * 1000;
+  }
+
+  while(keepon) {
+    switch (Curl_poll(pfd, poll_cnt, interval_ms)) {
+    case -1:                    /* error, stop reading */
+      keepon = FALSE;
+      continue;
+    case 0:                     /* timeout */
+      pfd[0].revents = 0;
+      pfd[1].revents = 0;
+      /* fall through */
+    default:                    /* read! */
+      if(pfd[0].revents & POLLIN) {
+        /* read data from network */
+        code = Curl_read(conn, sockfd, buf, BUFSIZE - 1, &nread);
+        /* read would've blocked. Loop again */
+        if(code == CURLE_AGAIN)
+          break;
+        /* returned not-zero, this an error */
+        else if(code) {
+          keepon = FALSE;
+          break;
+        }
+        /* returned zero but actually received 0 or less here,
+           the server closed the connection and we bail out */
+        else if(nread <= 0) {
+          keepon = FALSE;
+          break;
+        }
+
+        total_dl += nread;
+        Curl_pgrsSetDownloadCounter(data, total_dl);
+        code = telrcv(conn, (unsigned char *)buf, nread);
+        if(code) {
+          keepon = FALSE;
+          break;
+        }
+
+        /* Negotiate if the peer has started negotiating,
+           otherwise don't. We don't want to speak telnet with
+           non-telnet servers, like POP or SMTP. */
+        if(tn->please_negotiate && !tn->already_negotiated) {
+          negotiate(conn);
+          tn->already_negotiated = 1;
+        }
+      }
+
+      nread = 0;
+      if(poll_cnt == 2) {
+        if(pfd[1].revents & POLLIN) { /* read from in file */
+          nread = read(pfd[1].fd, buf, BUFSIZE - 1);
+        }
+      }
+      else {
+        /* read from user-supplied method */
+        nread = (int)conn->fread_func(buf, 1, BUFSIZE - 1, conn->fread_in);
+        if(nread == CURL_READFUNC_ABORT) {
+          keepon = FALSE;
+          break;
+        }
+        if(nread == CURL_READFUNC_PAUSE)
+          break;
+      }
+
+      if(nread > 0) {
+        code = send_telnet_data(conn, buf, nread);
+        if(code) {
+          keepon = FALSE;
+          break;
+        }
+        total_ul += nread;
+        Curl_pgrsSetUploadCounter(data, total_ul);
+      }
+      else if(nread < 0)
+        keepon = FALSE;
+
+      break;
+    } /* poll switch statement */
+
+    if(data->set.timeout) {
+      now = Curl_tvnow();
+      if(Curl_tvdiff(now, conn->created) >= data->set.timeout) {
+        failf(data, "Time-out");
+        code = CURLE_OPERATION_TIMEDOUT;
+        keepon = FALSE;
+      }
+    }
+
+    if(Curl_pgrsUpdate(conn)) {
+      code = CURLE_ABORTED_BY_CALLBACK;
+      break;
+    }
+  }
+#endif
+  /* mark this as "no further transfer wanted" */
+  Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+
+  return code;
+}
+#endif
diff --git a/Utilities/cmcurl/telnet.h b/Utilities/cmcurl/lib/telnet.h
index 693abf3..ddb9e54 100644
--- a/Utilities/cmcurl/telnet.h
+++ b/Utilities/cmcurl/lib/telnet.h
@@ -1,6 +1,5 @@
-#ifndef __TELNET_H
-#define __TELNET_H
-
+#ifndef HEADER_CURL_TELNET_H
+#define HEADER_CURL_TELNET_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -21,10 +20,10 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 #ifndef CURL_DISABLE_TELNET
-CURLcode Curl_telnet(struct connectdata *conn, bool *done);
-CURLcode Curl_telnet_done(struct connectdata *conn, CURLcode, bool premature);
-#endif
+extern const struct Curl_handler Curl_handler_telnet;
 #endif
+
+#endif /* HEADER_CURL_TELNET_H */
+
diff --git a/Utilities/cmcurl/lib/tftp.c b/Utilities/cmcurl/lib/tftp.c
new file mode 100644
index 0000000..e499c45
--- /dev/null
+++ b/Utilities/cmcurl/lib/tftp.c
@@ -0,0 +1,1375 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_TFTP
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "transfer.h"
+#include "sendf.h"
+#include "tftp.h"
+#include "progress.h"
+#include "connect.h"
+#include "strerror.h"
+#include "sockaddr.h" /* required for Curl_sockaddr_storage */
+#include "multiif.h"
+#include "url.h"
+#include "rawstr.h"
+#include "speedcheck.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+#include "select.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* RFC2348 allows the block size to be negotiated */
+#define TFTP_BLKSIZE_DEFAULT 512
+#define TFTP_BLKSIZE_MIN 8
+#define TFTP_BLKSIZE_MAX 65464
+#define TFTP_OPTION_BLKSIZE "blksize"
+
+/* from RFC2349: */
+#define TFTP_OPTION_TSIZE    "tsize"
+#define TFTP_OPTION_INTERVAL "timeout"
+
+typedef enum {
+  TFTP_MODE_NETASCII=0,
+  TFTP_MODE_OCTET
+} tftp_mode_t;
+
+typedef enum {
+  TFTP_STATE_START=0,
+  TFTP_STATE_RX,
+  TFTP_STATE_TX,
+  TFTP_STATE_FIN
+} tftp_state_t;
+
+typedef enum {
+  TFTP_EVENT_NONE = -1,
+  TFTP_EVENT_INIT = 0,
+  TFTP_EVENT_RRQ = 1,
+  TFTP_EVENT_WRQ = 2,
+  TFTP_EVENT_DATA = 3,
+  TFTP_EVENT_ACK = 4,
+  TFTP_EVENT_ERROR = 5,
+  TFTP_EVENT_OACK = 6,
+  TFTP_EVENT_TIMEOUT
+} tftp_event_t;
+
+typedef enum {
+  TFTP_ERR_UNDEF=0,
+  TFTP_ERR_NOTFOUND,
+  TFTP_ERR_PERM,
+  TFTP_ERR_DISKFULL,
+  TFTP_ERR_ILLEGAL,
+  TFTP_ERR_UNKNOWNID,
+  TFTP_ERR_EXISTS,
+  TFTP_ERR_NOSUCHUSER,  /* This will never be triggered by this code */
+
+  /* The remaining error codes are internal to curl */
+  TFTP_ERR_NONE = -100,
+  TFTP_ERR_TIMEOUT,
+  TFTP_ERR_NORESPONSE
+} tftp_error_t;
+
+typedef struct tftp_packet {
+  unsigned char *data;
+} tftp_packet_t;
+
+typedef struct tftp_state_data {
+  tftp_state_t    state;
+  tftp_mode_t     mode;
+  tftp_error_t    error;
+  tftp_event_t    event;
+  struct connectdata      *conn;
+  curl_socket_t   sockfd;
+  int             retries;
+  int             retry_time;
+  int             retry_max;
+  time_t          start_time;
+  time_t          max_time;
+  time_t          rx_time;
+  unsigned short  block;
+  struct Curl_sockaddr_storage   local_addr;
+  struct Curl_sockaddr_storage   remote_addr;
+  curl_socklen_t  remote_addrlen;
+  int             rbytes;
+  int             sbytes;
+  int             blksize;
+  int             requested_blksize;
+  tftp_packet_t   rpacket;
+  tftp_packet_t   spacket;
+} tftp_state_data_t;
+
+
+/* Forward declarations */
+static CURLcode tftp_rx(tftp_state_data_t *state, tftp_event_t event) ;
+static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event) ;
+static CURLcode tftp_connect(struct connectdata *conn, bool *done);
+static CURLcode tftp_disconnect(struct connectdata *conn,
+                                bool dead_connection);
+static CURLcode tftp_do(struct connectdata *conn, bool *done);
+static CURLcode tftp_done(struct connectdata *conn,
+                          CURLcode, bool premature);
+static CURLcode tftp_setup_connection(struct connectdata * conn);
+static CURLcode tftp_multi_statemach(struct connectdata *conn, bool *done);
+static CURLcode tftp_doing(struct connectdata *conn, bool *dophase_done);
+static int tftp_getsock(struct connectdata *conn, curl_socket_t *socks,
+                        int numsocks);
+static CURLcode tftp_translate_code(tftp_error_t error);
+
+
+/*
+ * TFTP protocol handler.
+ */
+
+const struct Curl_handler Curl_handler_tftp = {
+  "TFTP",                               /* scheme */
+  tftp_setup_connection,                /* setup_connection */
+  tftp_do,                              /* do_it */
+  tftp_done,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  tftp_connect,                         /* connect_it */
+  tftp_multi_statemach,                 /* connecting */
+  tftp_doing,                           /* doing */
+  tftp_getsock,                         /* proto_getsock */
+  tftp_getsock,                         /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  tftp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  PORT_TFTP,                            /* defport */
+  CURLPROTO_TFTP,                       /* protocol */
+  PROTOPT_NONE | PROTOPT_NOURLQUERY     /* flags */
+};
+
+/**********************************************************
+ *
+ * tftp_set_timeouts -
+ *
+ * Set timeouts based on state machine state.
+ * Use user provided connect timeouts until DATA or ACK
+ * packet is received, then use user-provided transfer timeouts
+ *
+ *
+ **********************************************************/
+static CURLcode tftp_set_timeouts(tftp_state_data_t *state)
+{
+  time_t maxtime, timeout;
+  long timeout_ms;
+  bool start = (state->state == TFTP_STATE_START) ? TRUE : FALSE;
+
+  time(&state->start_time);
+
+  /* Compute drop-dead time */
+  timeout_ms = Curl_timeleft(state->conn->data, NULL, start);
+
+  if(timeout_ms < 0) {
+    /* time-out, bail out, go home */
+    failf(state->conn->data, "Connection time-out");
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  if(start) {
+
+    maxtime = (time_t)(timeout_ms + 500) / 1000;
+    state->max_time = state->start_time+maxtime;
+
+    /* Set per-block timeout to total */
+    timeout = maxtime ;
+
+    /* Average restart after 5 seconds */
+    state->retry_max = (int)timeout/5;
+
+    if(state->retry_max < 1)
+      /* avoid division by zero below */
+      state->retry_max = 1;
+
+    /* Compute the re-start interval to suit the timeout */
+    state->retry_time = (int)timeout/state->retry_max;
+    if(state->retry_time<1)
+      state->retry_time=1;
+
+  }
+  else {
+    if(timeout_ms > 0)
+      maxtime = (time_t)(timeout_ms + 500) / 1000;
+    else
+      maxtime = 3600;
+
+    state->max_time = state->start_time+maxtime;
+
+    /* Set per-block timeout to total */
+    timeout = maxtime;
+
+    /* Average reposting an ACK after 5 seconds */
+    state->retry_max = (int)timeout/5;
+  }
+  /* But bound the total number */
+  if(state->retry_max<3)
+    state->retry_max=3;
+
+  if(state->retry_max>50)
+    state->retry_max=50;
+
+  /* Compute the re-ACK interval to suit the timeout */
+  state->retry_time = (int)(timeout/state->retry_max);
+  if(state->retry_time<1)
+    state->retry_time=1;
+
+  infof(state->conn->data,
+        "set timeouts for state %d; Total %ld, retry %d maxtry %d\n",
+        (int)state->state, (long)(state->max_time-state->start_time),
+        state->retry_time, state->retry_max);
+
+  /* init RX time */
+  time(&state->rx_time);
+
+  return CURLE_OK;
+}
+
+/**********************************************************
+ *
+ * tftp_set_send_first
+ *
+ * Event handler for the START state
+ *
+ **********************************************************/
+
+static void setpacketevent(tftp_packet_t *packet, unsigned short num)
+{
+  packet->data[0] = (unsigned char)(num >> 8);
+  packet->data[1] = (unsigned char)(num & 0xff);
+}
+
+
+static void setpacketblock(tftp_packet_t *packet, unsigned short num)
+{
+  packet->data[2] = (unsigned char)(num >> 8);
+  packet->data[3] = (unsigned char)(num & 0xff);
+}
+
+static unsigned short getrpacketevent(const tftp_packet_t *packet)
+{
+  return (unsigned short)((packet->data[0] << 8) | packet->data[1]);
+}
+
+static unsigned short getrpacketblock(const tftp_packet_t *packet)
+{
+  return (unsigned short)((packet->data[2] << 8) | packet->data[3]);
+}
+
+static size_t Curl_strnlen(const char *string, size_t maxlen)
+{
+  const char *end = memchr (string, '\0', maxlen);
+  return end ? (size_t) (end - string) : maxlen;
+}
+
+static const char *tftp_option_get(const char *buf, size_t len,
+                                   const char **option, const char **value)
+{
+  size_t loc;
+
+  loc = Curl_strnlen( buf, len );
+  loc++; /* NULL term */
+
+  if(loc >= len)
+    return NULL;
+  *option = buf;
+
+  loc += Curl_strnlen( buf+loc, len-loc );
+  loc++; /* NULL term */
+
+  if(loc > len)
+    return NULL;
+  *value = &buf[strlen(*option) + 1];
+
+  return &buf[loc];
+}
+
+static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
+                                      const char *ptr, int len)
+{
+  const char *tmp = ptr;
+  struct SessionHandle *data = state->conn->data;
+
+  /* if OACK doesn't contain blksize option, the default (512) must be used */
+  state->blksize = TFTP_BLKSIZE_DEFAULT;
+
+  while(tmp < ptr + len) {
+    const char *option, *value;
+
+    tmp = tftp_option_get(tmp, ptr + len - tmp, &option, &value);
+    if(tmp == NULL) {
+      failf(data, "Malformed ACK packet, rejecting");
+      return CURLE_TFTP_ILLEGAL;
+    }
+
+    infof(data, "got option=(%s) value=(%s)\n", option, value);
+
+    if(checkprefix(option, TFTP_OPTION_BLKSIZE)) {
+      long blksize;
+
+      blksize = strtol( value, NULL, 10 );
+
+      if(!blksize) {
+        failf(data, "invalid blocksize value in OACK packet");
+        return CURLE_TFTP_ILLEGAL;
+      }
+      else if(blksize > TFTP_BLKSIZE_MAX) {
+        failf(data, "%s (%d)", "blksize is larger than max supported",
+              TFTP_BLKSIZE_MAX);
+        return CURLE_TFTP_ILLEGAL;
+      }
+      else if(blksize < TFTP_BLKSIZE_MIN) {
+        failf(data, "%s (%d)", "blksize is smaller than min supported",
+              TFTP_BLKSIZE_MIN);
+        return CURLE_TFTP_ILLEGAL;
+      }
+      else if(blksize > state->requested_blksize) {
+        /* could realloc pkt buffers here, but the spec doesn't call out
+         * support for the server requesting a bigger blksize than the client
+         * requests */
+        failf(data, "%s (%ld)",
+              "server requested blksize larger than allocated", blksize);
+        return CURLE_TFTP_ILLEGAL;
+      }
+
+      state->blksize = (int)blksize;
+      infof(data, "%s (%d) %s (%d)\n", "blksize parsed from OACK",
+            state->blksize, "requested", state->requested_blksize);
+    }
+    else if(checkprefix(option, TFTP_OPTION_TSIZE)) {
+      long tsize = 0;
+
+      tsize = strtol( value, NULL, 10 );
+      infof(data, "%s (%ld)\n", "tsize parsed from OACK", tsize);
+
+      /* tsize should be ignored on upload: Who cares about the size of the
+         remote file? */
+      if(!data->set.upload) {
+        if(!tsize) {
+          failf(data, "invalid tsize -:%s:- value in OACK packet", value);
+          return CURLE_TFTP_ILLEGAL;
+        }
+        Curl_pgrsSetDownloadSize(data, tsize);
+      }
+    }
+  }
+
+  return CURLE_OK;
+}
+
+static size_t tftp_option_add(tftp_state_data_t *state, size_t csize,
+                              char *buf, const char *option)
+{
+  if(( strlen(option) + csize + 1 ) > (size_t)state->blksize)
+    return 0;
+  strcpy(buf, option);
+  return( strlen(option) + 1 );
+}
+
+static CURLcode tftp_connect_for_tx(tftp_state_data_t *state,
+                                    tftp_event_t event)
+{
+  CURLcode res;
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  struct SessionHandle *data = state->conn->data;
+
+  infof(data, "%s\n", "Connected for transmit");
+#endif
+  state->state = TFTP_STATE_TX;
+  res = tftp_set_timeouts(state);
+  if(res != CURLE_OK)
+    return(res);
+  return tftp_tx(state, event);
+}
+
+static CURLcode tftp_connect_for_rx(tftp_state_data_t *state,
+                                    tftp_event_t event)
+{
+  CURLcode res;
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  struct SessionHandle *data = state->conn->data;
+
+  infof(data, "%s\n", "Connected for receive");
+#endif
+  state->state = TFTP_STATE_RX;
+  res = tftp_set_timeouts(state);
+  if(res != CURLE_OK)
+    return(res);
+  return tftp_rx(state, event);
+}
+
+static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
+{
+  size_t sbytes;
+  ssize_t senddata;
+  const char *mode = "octet";
+  char *filename;
+  char buf[64];
+  struct SessionHandle *data = state->conn->data;
+  CURLcode res = CURLE_OK;
+
+  /* Set ascii mode if -B flag was used */
+  if(data->set.prefer_ascii)
+    mode = "netascii";
+
+  switch(event) {
+
+  case TFTP_EVENT_INIT:    /* Send the first packet out */
+  case TFTP_EVENT_TIMEOUT: /* Resend the first packet out */
+    /* Increment the retry counter, quit if over the limit */
+    state->retries++;
+    if(state->retries>state->retry_max) {
+      state->error = TFTP_ERR_NORESPONSE;
+      state->state = TFTP_STATE_FIN;
+      return res;
+    }
+
+    if(data->set.upload) {
+      /* If we are uploading, send an WRQ */
+      setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
+      state->conn->data->req.upload_fromhere =
+        (char *)state->spacket.data+4;
+      if(data->state.infilesize != -1)
+        Curl_pgrsSetUploadSize(data, data->state.infilesize);
+    }
+    else {
+      /* If we are downloading, send an RRQ */
+      setpacketevent(&state->spacket, TFTP_EVENT_RRQ);
+    }
+    /* As RFC3617 describes the separator slash is not actually part of the
+       file name so we skip the always-present first letter of the path
+       string. */
+    filename = curl_easy_unescape(data, &state->conn->data->state.path[1], 0,
+                                  NULL);
+    if(!filename)
+      return CURLE_OUT_OF_MEMORY;
+
+    snprintf((char *)state->spacket.data+2,
+             state->blksize,
+             "%s%c%s%c", filename, '\0',  mode, '\0');
+    sbytes = 4 + strlen(filename) + strlen(mode);
+
+    /* add tsize option */
+    if(data->set.upload && (data->state.infilesize != -1))
+      snprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T,
+               data->state.infilesize);
+    else
+      strcpy(buf, "0"); /* the destination is large enough */
+
+    sbytes += tftp_option_add(state, sbytes,
+                              (char *)state->spacket.data+sbytes,
+                              TFTP_OPTION_TSIZE);
+    sbytes += tftp_option_add(state, sbytes,
+                              (char *)state->spacket.data+sbytes, buf);
+    /* add blksize option */
+    snprintf( buf, sizeof(buf), "%d", state->requested_blksize );
+    sbytes += tftp_option_add(state, sbytes,
+                              (char *)state->spacket.data+sbytes,
+                              TFTP_OPTION_BLKSIZE);
+    sbytes += tftp_option_add(state, sbytes,
+                              (char *)state->spacket.data+sbytes, buf );
+
+    /* add timeout option */
+    snprintf( buf, sizeof(buf), "%d", state->retry_time);
+    sbytes += tftp_option_add(state, sbytes,
+                              (char *)state->spacket.data+sbytes,
+                              TFTP_OPTION_INTERVAL);
+    sbytes += tftp_option_add(state, sbytes,
+                              (char *)state->spacket.data+sbytes, buf );
+
+    /* the typecase for the 3rd argument is mostly for systems that do
+       not have a size_t argument, like older unixes that want an 'int' */
+    senddata = sendto(state->sockfd, (void *)state->spacket.data,
+                      (SEND_TYPE_ARG3)sbytes, 0,
+                      state->conn->ip_addr->ai_addr,
+                      state->conn->ip_addr->ai_addrlen);
+    if(senddata != (ssize_t)sbytes) {
+      failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
+    }
+    Curl_safefree(filename);
+    break;
+
+  case TFTP_EVENT_OACK:
+    if(data->set.upload) {
+      res = tftp_connect_for_tx(state, event);
+    }
+    else {
+      res = tftp_connect_for_rx(state, event);
+    }
+    break;
+
+  case TFTP_EVENT_ACK: /* Connected for transmit */
+    res = tftp_connect_for_tx(state, event);
+    break;
+
+  case TFTP_EVENT_DATA: /* Connected for receive */
+    res = tftp_connect_for_rx(state, event);
+    break;
+
+  case TFTP_EVENT_ERROR:
+    state->state = TFTP_STATE_FIN;
+    break;
+
+  default:
+    failf(state->conn->data, "tftp_send_first: internal error");
+    break;
+  }
+  return res;
+}
+
+/* the next blocknum is x + 1 but it needs to wrap at an unsigned 16bit
+   boundary */
+#define NEXT_BLOCKNUM(x) (((x)+1)&0xffff)
+
+/**********************************************************
+ *
+ * tftp_rx
+ *
+ * Event handler for the RX state
+ *
+ **********************************************************/
+static CURLcode tftp_rx(tftp_state_data_t *state, tftp_event_t event)
+{
+  ssize_t sbytes;
+  int rblock;
+  struct SessionHandle *data = state->conn->data;
+
+  switch(event) {
+
+  case TFTP_EVENT_DATA:
+    /* Is this the block we expect? */
+    rblock = getrpacketblock(&state->rpacket);
+    if(NEXT_BLOCKNUM(state->block) == rblock) {
+      /* This is the expected block.  Reset counters and ACK it. */
+      state->retries = 0;
+    }
+    else if(state->block == rblock) {
+      /* This is the last recently received block again. Log it and ACK it
+         again. */
+      infof(data, "Received last DATA packet block %d again.\n", rblock);
+    }
+    else {
+      /* totally unexpected, just log it */
+      infof(data,
+            "Received unexpected DATA packet block %d, expecting block %d\n",
+            rblock, NEXT_BLOCKNUM(state->block));
+      break;
+    }
+
+    /* ACK this block. */
+    state->block = (unsigned short)rblock;
+    setpacketevent(&state->spacket, TFTP_EVENT_ACK);
+    setpacketblock(&state->spacket, state->block);
+    sbytes = sendto(state->sockfd, (void *)state->spacket.data,
+                    4, SEND_4TH_ARG,
+                    (struct sockaddr *)&state->remote_addr,
+                    state->remote_addrlen);
+    if(sbytes < 0) {
+      failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
+      return CURLE_SEND_ERROR;
+    }
+
+    /* Check if completed (That is, a less than full packet is received) */
+    if(state->rbytes < (ssize_t)state->blksize+4) {
+      state->state = TFTP_STATE_FIN;
+    }
+    else {
+      state->state = TFTP_STATE_RX;
+    }
+    time(&state->rx_time);
+    break;
+
+  case TFTP_EVENT_OACK:
+    /* ACK option acknowledgement so we can move on to data */
+    state->block = 0;
+    state->retries = 0;
+    setpacketevent(&state->spacket, TFTP_EVENT_ACK);
+    setpacketblock(&state->spacket, state->block);
+    sbytes = sendto(state->sockfd, (void *)state->spacket.data,
+                    4, SEND_4TH_ARG,
+                    (struct sockaddr *)&state->remote_addr,
+                    state->remote_addrlen);
+    if(sbytes < 0) {
+      failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
+      return CURLE_SEND_ERROR;
+    }
+
+    /* we're ready to RX data */
+    state->state = TFTP_STATE_RX;
+    time(&state->rx_time);
+    break;
+
+  case TFTP_EVENT_TIMEOUT:
+    /* Increment the retry count and fail if over the limit */
+    state->retries++;
+    infof(data,
+          "Timeout waiting for block %d ACK.  Retries = %d\n",
+          NEXT_BLOCKNUM(state->block), state->retries);
+    if(state->retries > state->retry_max) {
+      state->error = TFTP_ERR_TIMEOUT;
+      state->state = TFTP_STATE_FIN;
+    }
+    else {
+      /* Resend the previous ACK */
+      sbytes = sendto(state->sockfd, (void *)state->spacket.data,
+                      4, SEND_4TH_ARG,
+                      (struct sockaddr *)&state->remote_addr,
+                      state->remote_addrlen);
+      if(sbytes<0) {
+        failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
+        return CURLE_SEND_ERROR;
+      }
+    }
+    break;
+
+  case TFTP_EVENT_ERROR:
+    setpacketevent(&state->spacket, TFTP_EVENT_ERROR);
+    setpacketblock(&state->spacket, state->block);
+    (void)sendto(state->sockfd, (void *)state->spacket.data,
+                 4, SEND_4TH_ARG,
+                 (struct sockaddr *)&state->remote_addr,
+                 state->remote_addrlen);
+    /* don't bother with the return code, but if the socket is still up we
+     * should be a good TFTP client and let the server know we're done */
+    state->state = TFTP_STATE_FIN;
+    break;
+
+  default:
+    failf(data, "%s", "tftp_rx: internal error");
+    return CURLE_TFTP_ILLEGAL; /* not really the perfect return code for
+                                  this */
+  }
+  return CURLE_OK;
+}
+
+/**********************************************************
+ *
+ * tftp_tx
+ *
+ * Event handler for the TX state
+ *
+ **********************************************************/
+static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event)
+{
+  struct SessionHandle *data = state->conn->data;
+  ssize_t sbytes;
+  int rblock;
+  CURLcode res = CURLE_OK;
+  struct SingleRequest *k = &data->req;
+
+  switch(event) {
+
+  case TFTP_EVENT_ACK:
+  case TFTP_EVENT_OACK:
+    if(event == TFTP_EVENT_ACK) {
+      /* Ack the packet */
+      rblock = getrpacketblock(&state->rpacket);
+
+      if(rblock != state->block &&
+         /* There's a bug in tftpd-hpa that causes it to send us an ack for
+          * 65535 when the block number wraps to 0. So when we're expecting
+          * 0, also accept 65535. See
+          * http://syslinux.zytor.com/archives/2010-September/015253.html
+          * */
+         !(state->block == 0 && rblock == 65535)) {
+        /* This isn't the expected block.  Log it and up the retry counter */
+        infof(data, "Received ACK for block %d, expecting %d\n",
+              rblock, state->block);
+        state->retries++;
+        /* Bail out if over the maximum */
+        if(state->retries>state->retry_max) {
+          failf(data, "tftp_tx: giving up waiting for block %d ack",
+                state->block);
+          res = CURLE_SEND_ERROR;
+        }
+        else {
+          /* Re-send the data packet */
+          sbytes = sendto(state->sockfd, (void *)state->spacket.data,
+                          4+state->sbytes, SEND_4TH_ARG,
+                          (struct sockaddr *)&state->remote_addr,
+                          state->remote_addrlen);
+          /* Check all sbytes were sent */
+          if(sbytes<0) {
+            failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
+            res = CURLE_SEND_ERROR;
+          }
+        }
+        return res;
+      }
+      /* This is the expected packet.  Reset the counters and send the next
+         block */
+      time(&state->rx_time);
+      state->block++;
+    }
+    else
+      state->block = 1; /* first data block is 1 when using OACK */
+
+    state->retries = 0;
+    setpacketevent(&state->spacket, TFTP_EVENT_DATA);
+    setpacketblock(&state->spacket, state->block);
+    if(state->block > 1 && state->sbytes < (int)state->blksize) {
+      state->state = TFTP_STATE_FIN;
+      return CURLE_OK;
+    }
+    res = Curl_fillreadbuffer(state->conn, state->blksize, &state->sbytes);
+    if(res)
+      return res;
+    sbytes = sendto(state->sockfd, (void *)state->spacket.data,
+                    4+state->sbytes, SEND_4TH_ARG,
+                    (struct sockaddr *)&state->remote_addr,
+                    state->remote_addrlen);
+    /* Check all sbytes were sent */
+    if(sbytes<0) {
+      failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
+      return CURLE_SEND_ERROR;
+    }
+    /* Update the progress meter */
+    k->writebytecount += state->sbytes;
+    Curl_pgrsSetUploadCounter(data, k->writebytecount);
+    break;
+
+  case TFTP_EVENT_TIMEOUT:
+    /* Increment the retry counter and log the timeout */
+    state->retries++;
+    infof(data, "Timeout waiting for block %d ACK. "
+          " Retries = %d\n", NEXT_BLOCKNUM(state->block), state->retries);
+    /* Decide if we've had enough */
+    if(state->retries > state->retry_max) {
+      state->error = TFTP_ERR_TIMEOUT;
+      state->state = TFTP_STATE_FIN;
+    }
+    else {
+      /* Re-send the data packet */
+      sbytes = sendto(state->sockfd, (void *)state->spacket.data,
+                      4+state->sbytes, SEND_4TH_ARG,
+                      (struct sockaddr *)&state->remote_addr,
+                      state->remote_addrlen);
+      /* Check all sbytes were sent */
+      if(sbytes<0) {
+        failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
+        return CURLE_SEND_ERROR;
+      }
+      /* since this was a re-send, we remain at the still byte position */
+      Curl_pgrsSetUploadCounter(data, k->writebytecount);
+    }
+    break;
+
+  case TFTP_EVENT_ERROR:
+    state->state = TFTP_STATE_FIN;
+    setpacketevent(&state->spacket, TFTP_EVENT_ERROR);
+    setpacketblock(&state->spacket, state->block);
+    (void)sendto(state->sockfd, (void *)state->spacket.data, 4, SEND_4TH_ARG,
+                 (struct sockaddr *)&state->remote_addr,
+                 state->remote_addrlen);
+    /* don't bother with the return code, but if the socket is still up we
+     * should be a good TFTP client and let the server know we're done */
+    state->state = TFTP_STATE_FIN;
+    break;
+
+  default:
+    failf(data, "tftp_tx: internal error, event: %i", (int)(event));
+    break;
+  }
+
+  return res;
+}
+
+/**********************************************************
+ *
+ * tftp_translate_code
+ *
+ * Translate internal error codes to CURL error codes
+ *
+ **********************************************************/
+static CURLcode tftp_translate_code(tftp_error_t error)
+{
+  CURLcode code = CURLE_OK;
+
+  if(error != TFTP_ERR_NONE) {
+    switch(error) {
+    case TFTP_ERR_NOTFOUND:
+      code = CURLE_TFTP_NOTFOUND;
+      break;
+    case TFTP_ERR_PERM:
+      code = CURLE_TFTP_PERM;
+      break;
+    case TFTP_ERR_DISKFULL:
+      code = CURLE_REMOTE_DISK_FULL;
+      break;
+    case TFTP_ERR_UNDEF:
+    case TFTP_ERR_ILLEGAL:
+      code = CURLE_TFTP_ILLEGAL;
+      break;
+    case TFTP_ERR_UNKNOWNID:
+      code = CURLE_TFTP_UNKNOWNID;
+      break;
+    case TFTP_ERR_EXISTS:
+      code = CURLE_REMOTE_FILE_EXISTS;
+      break;
+    case TFTP_ERR_NOSUCHUSER:
+      code = CURLE_TFTP_NOSUCHUSER;
+      break;
+    case TFTP_ERR_TIMEOUT:
+      code = CURLE_OPERATION_TIMEDOUT;
+      break;
+    case TFTP_ERR_NORESPONSE:
+      code = CURLE_COULDNT_CONNECT;
+      break;
+    default:
+      code= CURLE_ABORTED_BY_CALLBACK;
+      break;
+    }
+  }
+  else {
+    code = CURLE_OK;
+  }
+
+  return(code);
+}
+
+/**********************************************************
+ *
+ * tftp_state_machine
+ *
+ * The tftp state machine event dispatcher
+ *
+ **********************************************************/
+static CURLcode tftp_state_machine(tftp_state_data_t *state,
+                                   tftp_event_t event)
+{
+  CURLcode res = CURLE_OK;
+  struct SessionHandle *data = state->conn->data;
+  switch(state->state) {
+  case TFTP_STATE_START:
+    DEBUGF(infof(data, "TFTP_STATE_START\n"));
+    res = tftp_send_first(state, event);
+    break;
+  case TFTP_STATE_RX:
+    DEBUGF(infof(data, "TFTP_STATE_RX\n"));
+    res = tftp_rx(state, event);
+    break;
+  case TFTP_STATE_TX:
+    DEBUGF(infof(data, "TFTP_STATE_TX\n"));
+    res = tftp_tx(state, event);
+    break;
+  case TFTP_STATE_FIN:
+    infof(data, "%s\n", "TFTP finished");
+    break;
+  default:
+    DEBUGF(infof(data, "STATE: %d\n", state->state));
+    failf(data, "%s", "Internal state machine error");
+    res = CURLE_TFTP_ILLEGAL;
+    break;
+  }
+  return res;
+}
+
+/**********************************************************
+ *
+ * tftp_disconnect
+ *
+ * The disconnect callback
+ *
+ **********************************************************/
+static CURLcode tftp_disconnect(struct connectdata *conn, bool dead_connection)
+{
+  tftp_state_data_t *state = conn->proto.tftpc;
+  (void) dead_connection;
+
+  /* done, free dynamically allocated pkt buffers */
+  if(state) {
+    Curl_safefree(state->rpacket.data);
+    Curl_safefree(state->spacket.data);
+    free(state);
+  }
+
+  return CURLE_OK;
+}
+
+/**********************************************************
+ *
+ * tftp_connect
+ *
+ * The connect callback
+ *
+ **********************************************************/
+static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+{
+  CURLcode code;
+  tftp_state_data_t *state;
+  int blksize, rc;
+
+  blksize = TFTP_BLKSIZE_DEFAULT;
+
+  state = conn->proto.tftpc = calloc(1, sizeof(tftp_state_data_t));
+  if(!state)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* alloc pkt buffers based on specified blksize */
+  if(conn->data->set.tftp_blksize) {
+    blksize = (int)conn->data->set.tftp_blksize;
+    if(blksize > TFTP_BLKSIZE_MAX || blksize < TFTP_BLKSIZE_MIN )
+      return CURLE_TFTP_ILLEGAL;
+  }
+
+  if(!state->rpacket.data) {
+    state->rpacket.data = calloc(1, blksize + 2 + 2);
+
+    if(!state->rpacket.data)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
+  if(!state->spacket.data) {
+    state->spacket.data = calloc(1, blksize + 2 + 2);
+
+    if(!state->spacket.data)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* we don't keep TFTP connections up bascially because there's none or very
+   * little gain for UDP */
+  connclose(conn, "TFTP");
+
+  state->conn = conn;
+  state->sockfd = state->conn->sock[FIRSTSOCKET];
+  state->state = TFTP_STATE_START;
+  state->error = TFTP_ERR_NONE;
+  state->blksize = TFTP_BLKSIZE_DEFAULT;
+  state->requested_blksize = blksize;
+
+  ((struct sockaddr *)&state->local_addr)->sa_family =
+    (unsigned short)(conn->ip_addr->ai_family);
+
+  tftp_set_timeouts(state);
+
+  if(!conn->bits.bound) {
+    /* If not already bound, bind to any interface, random UDP port. If it is
+     * reused or a custom local port was desired, this has already been done!
+     *
+     * We once used the size of the local_addr struct as the third argument
+     * for bind() to better work with IPv6 or whatever size the struct could
+     * have, but we learned that at least Tru64, AIX and IRIX *requires* the
+     * size of that argument to match the exact size of a 'sockaddr_in' struct
+     * when running IPv4-only.
+     *
+     * Therefore we use the size from the address we connected to, which we
+     * assume uses the same IP version and thus hopefully this works for both
+     * IPv4 and IPv6...
+     */
+    rc = bind(state->sockfd, (struct sockaddr *)&state->local_addr,
+              conn->ip_addr->ai_addrlen);
+    if(rc) {
+      failf(conn->data, "bind() failed; %s",
+            Curl_strerror(conn, SOCKERRNO));
+      return CURLE_COULDNT_CONNECT;
+    }
+    conn->bits.bound = TRUE;
+  }
+
+  Curl_pgrsStartNow(conn->data);
+
+  *done = TRUE;
+  code = CURLE_OK;
+  return(code);
+}
+
+/**********************************************************
+ *
+ * tftp_done
+ *
+ * The done callback
+ *
+ **********************************************************/
+static CURLcode tftp_done(struct connectdata *conn, CURLcode status,
+                          bool premature)
+{
+  CURLcode code = CURLE_OK;
+  tftp_state_data_t *state = (tftp_state_data_t *)conn->proto.tftpc;
+
+  (void)status; /* unused */
+  (void)premature; /* not used */
+
+  if(Curl_pgrsDone(conn))
+    return CURLE_ABORTED_BY_CALLBACK;
+
+  /* If we have encountered an error */
+  if(state)
+    code = tftp_translate_code(state->error);
+
+  return code;
+}
+
+/**********************************************************
+ *
+ * tftp_getsock
+ *
+ * The getsock callback
+ *
+ **********************************************************/
+static int tftp_getsock(struct connectdata *conn, curl_socket_t *socks,
+                        int numsocks)
+{
+  if(!numsocks)
+    return GETSOCK_BLANK;
+
+  socks[0] = conn->sock[FIRSTSOCKET];
+
+  return GETSOCK_READSOCK(0);
+}
+
+/**********************************************************
+ *
+ * tftp_receive_packet
+ *
+ * Called once select fires and data is ready on the socket
+ *
+ **********************************************************/
+static CURLcode tftp_receive_packet(struct connectdata *conn)
+{
+  struct Curl_sockaddr_storage fromaddr;
+  curl_socklen_t        fromlen;
+  CURLcode              result = CURLE_OK;
+  struct SessionHandle  *data = conn->data;
+  tftp_state_data_t     *state = (tftp_state_data_t *)conn->proto.tftpc;
+  struct SingleRequest  *k = &data->req;
+
+  /* Receive the packet */
+  fromlen = sizeof(fromaddr);
+  state->rbytes = (int)recvfrom(state->sockfd,
+                                (void *)state->rpacket.data,
+                                state->blksize+4,
+                                0,
+                                (struct sockaddr *)&fromaddr,
+                                &fromlen);
+  if(state->remote_addrlen==0) {
+    memcpy(&state->remote_addr, &fromaddr, fromlen);
+    state->remote_addrlen = fromlen;
+  }
+
+  /* Sanity check packet length */
+  if(state->rbytes < 4) {
+    failf(data, "Received too short packet");
+    /* Not a timeout, but how best to handle it? */
+    state->event = TFTP_EVENT_TIMEOUT;
+  }
+  else {
+    /* The event is given by the TFTP packet time */
+    state->event = (tftp_event_t)getrpacketevent(&state->rpacket);
+
+    switch(state->event) {
+    case TFTP_EVENT_DATA:
+      /* Don't pass to the client empty or retransmitted packets */
+      if(state->rbytes > 4 &&
+         (NEXT_BLOCKNUM(state->block) == getrpacketblock(&state->rpacket))) {
+        result = Curl_client_write(conn, CLIENTWRITE_BODY,
+                                   (char *)state->rpacket.data+4,
+                                   state->rbytes-4);
+        if(result) {
+          tftp_state_machine(state, TFTP_EVENT_ERROR);
+          return result;
+        }
+        k->bytecount += state->rbytes-4;
+        Curl_pgrsSetDownloadCounter(data, (curl_off_t) k->bytecount);
+      }
+      break;
+    case TFTP_EVENT_ERROR:
+      state->error = (tftp_error_t)getrpacketblock(&state->rpacket);
+      infof(data, "%s\n", (const char *)state->rpacket.data+4);
+      break;
+    case TFTP_EVENT_ACK:
+      break;
+    case TFTP_EVENT_OACK:
+      result = tftp_parse_option_ack(state,
+                                     (const char *)state->rpacket.data+2,
+                                     state->rbytes-2);
+      if(result)
+        return result;
+      break;
+    case TFTP_EVENT_RRQ:
+    case TFTP_EVENT_WRQ:
+    default:
+      failf(data, "%s", "Internal error: Unexpected packet");
+      break;
+    }
+
+    /* Update the progress meter */
+    if(Curl_pgrsUpdate(conn)) {
+      tftp_state_machine(state, TFTP_EVENT_ERROR);
+      return CURLE_ABORTED_BY_CALLBACK;
+    }
+  }
+  return result;
+}
+
+/**********************************************************
+ *
+ * tftp_state_timeout
+ *
+ * Check if timeouts have been reached
+ *
+ **********************************************************/
+static long tftp_state_timeout(struct connectdata *conn, tftp_event_t *event)
+{
+  time_t                current;
+  tftp_state_data_t     *state = (tftp_state_data_t *)conn->proto.tftpc;
+
+  if(event)
+    *event = TFTP_EVENT_NONE;
+
+  time(&current);
+  if(current > state->max_time) {
+    DEBUGF(infof(conn->data, "timeout: %ld > %ld\n",
+                 (long)current, (long)state->max_time));
+    state->error = TFTP_ERR_TIMEOUT;
+    state->state = TFTP_STATE_FIN;
+    return 0;
+  }
+  else if(current > state->rx_time+state->retry_time) {
+    if(event)
+      *event = TFTP_EVENT_TIMEOUT;
+    time(&state->rx_time); /* update even though we received nothing */
+  }
+
+  /* there's a typecast below here since 'time_t' may in fact be larger than
+     'long', but we estimate that a 'long' will still be able to hold number
+     of seconds even if "only" 32 bit */
+  return (long)(state->max_time - current);
+}
+
+/**********************************************************
+ *
+ * tftp_multi_statemach
+ *
+ * Handle single RX socket event and return
+ *
+ **********************************************************/
+static CURLcode tftp_multi_statemach(struct connectdata *conn, bool *done)
+{
+  int                   rc;
+  tftp_event_t          event;
+  CURLcode              result = CURLE_OK;
+  struct SessionHandle  *data = conn->data;
+  tftp_state_data_t     *state = (tftp_state_data_t *)conn->proto.tftpc;
+  long                  timeout_ms = tftp_state_timeout(conn, &event);
+
+  *done = FALSE;
+
+  if(timeout_ms <= 0) {
+    failf(data, "TFTP response timeout");
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+  else if(event != TFTP_EVENT_NONE) {
+    result = tftp_state_machine(state, event);
+    if(result != CURLE_OK)
+      return(result);
+    *done = (state->state == TFTP_STATE_FIN) ? TRUE : FALSE;
+    if(*done)
+      /* Tell curl we're done */
+      Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+  }
+  else {
+    /* no timeouts to handle, check our socket */
+    rc = Curl_socket_ready(state->sockfd, CURL_SOCKET_BAD, 0);
+
+    if(rc == -1) {
+      /* bail out */
+      int error = SOCKERRNO;
+      failf(data, "%s", Curl_strerror(conn, error));
+      state->event = TFTP_EVENT_ERROR;
+    }
+    else if(rc != 0) {
+      result = tftp_receive_packet(conn);
+      if(result != CURLE_OK)
+        return(result);
+      result = tftp_state_machine(state, state->event);
+      if(result != CURLE_OK)
+        return(result);
+      *done = (state->state == TFTP_STATE_FIN) ? TRUE : FALSE;
+      if(*done)
+        /* Tell curl we're done */
+        Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
+    }
+    /* if rc == 0, then select() timed out */
+  }
+
+  return result;
+}
+
+/**********************************************************
+ *
+ * tftp_doing
+ *
+ * Called from multi.c while DOing
+ *
+ **********************************************************/
+static CURLcode tftp_doing(struct connectdata *conn, bool *dophase_done)
+{
+  CURLcode result;
+  result = tftp_multi_statemach(conn, dophase_done);
+
+  if(*dophase_done) {
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+  }
+  else if(!result) {
+    /* The multi code doesn't have this logic for the DOING state so we
+       provide it for TFTP since it may do the entire transfer in this
+       state. */
+    if(Curl_pgrsUpdate(conn))
+      result = CURLE_ABORTED_BY_CALLBACK;
+    else
+      result = Curl_speedcheck(conn->data, Curl_tvnow());
+  }
+  return result;
+}
+
+/**********************************************************
+ *
+ * tftp_peform
+ *
+ * Entry point for transfer from tftp_do, sarts state mach
+ *
+ **********************************************************/
+static CURLcode tftp_perform(struct connectdata *conn, bool *dophase_done)
+{
+  CURLcode              result = CURLE_OK;
+  tftp_state_data_t     *state = (tftp_state_data_t *)conn->proto.tftpc;
+
+  *dophase_done = FALSE;
+
+  result = tftp_state_machine(state, TFTP_EVENT_INIT);
+
+  if(state->state == TFTP_STATE_FIN || result != CURLE_OK)
+    return(result);
+
+  tftp_multi_statemach(conn, dophase_done);
+
+  if(*dophase_done)
+    DEBUGF(infof(conn->data, "DO phase is complete\n"));
+
+  return result;
+}
+
+
+/**********************************************************
+ *
+ * tftp_do
+ *
+ * The do callback
+ *
+ * This callback initiates the TFTP transfer
+ *
+ **********************************************************/
+
+static CURLcode tftp_do(struct connectdata *conn, bool *done)
+{
+  tftp_state_data_t     *state;
+  CURLcode              code;
+
+  *done = FALSE;
+
+  if(!conn->proto.tftpc) {
+    code = tftp_connect(conn, done);
+    if(code)
+      return code;
+  }
+
+  state = (tftp_state_data_t *)conn->proto.tftpc;
+  if(!state)
+    return CURLE_BAD_CALLING_ORDER;
+
+  code = tftp_perform(conn, done);
+
+  /* If tftp_perform() returned an error, use that for return code. If it
+     was OK, see if tftp_translate_code() has an error. */
+  if(code == CURLE_OK)
+    /* If we have encountered an internal tftp error, translate it. */
+    code = tftp_translate_code(state->error);
+
+  return code;
+}
+
+static CURLcode tftp_setup_connection(struct connectdata * conn)
+{
+  struct SessionHandle *data = conn->data;
+  char * type;
+  char command;
+
+  conn->socktype = SOCK_DGRAM;   /* UDP datagram based */
+
+  /* TFTP URLs support an extension like ";mode=<typecode>" that
+   * we'll try to get now! */
+  type = strstr(data->state.path, ";mode=");
+
+  if(!type)
+    type = strstr(conn->host.rawalloc, ";mode=");
+
+  if(type) {
+    *type = 0;                   /* it was in the middle of the hostname */
+    command = Curl_raw_toupper(type[6]);
+
+    switch (command) {
+    case 'A': /* ASCII mode */
+    case 'N': /* NETASCII mode */
+      data->set.prefer_ascii = TRUE;
+      break;
+
+    case 'O': /* octet mode */
+    case 'I': /* binary mode */
+    default:
+      /* switch off ASCII */
+      data->set.prefer_ascii = FALSE;
+      break;
+    }
+  }
+
+  return CURLE_OK;
+}
+#endif
diff --git a/Utilities/cmcurl/base64.h b/Utilities/cmcurl/lib/tftp.h
index 59742bc..117b40f 100644
--- a/Utilities/cmcurl/base64.h
+++ b/Utilities/cmcurl/lib/tftp.h
@@ -1,5 +1,5 @@
-#ifndef __BASE64_H
-#define __BASE64_H
+#ifndef HEADER_CURL_TFTP_H
+#define HEADER_CURL_TFTP_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -20,9 +20,10 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-size_t Curl_base64_encode(struct SessionHandle *data,
-                          const char *input, size_t size, char **str);
-size_t Curl_base64_decode(const char *source, unsigned char **outptr);
+#ifndef CURL_DISABLE_TFTP
+extern const struct Curl_handler Curl_handler_tftp;
 #endif
+
+#endif /* HEADER_CURL_TFTP_H */
+
diff --git a/Utilities/cmcurl/lib/timeval.c b/Utilities/cmcurl/lib/timeval.c
new file mode 100644
index 0000000..2fd7201
--- /dev/null
+++ b/Utilities/cmcurl/lib/timeval.c
@@ -0,0 +1,134 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "timeval.h"
+
+#if defined(WIN32) && !defined(MSDOS)
+
+struct timeval curlx_tvnow(void)
+{
+  /*
+  ** GetTickCount() is available on _all_ Windows versions from W95 up
+  ** to nowadays. Returns milliseconds elapsed since last system boot,
+  ** increases monotonically and wraps once 49.7 days have elapsed.
+  */
+  struct timeval now;
+  DWORD milliseconds = GetTickCount();
+  now.tv_sec = milliseconds / 1000;
+  now.tv_usec = (milliseconds % 1000) * 1000;
+  return now;
+}
+
+#elif defined(HAVE_CLOCK_GETTIME_MONOTONIC)
+
+struct timeval curlx_tvnow(void)
+{
+  /*
+  ** clock_gettime() is granted to be increased monotonically when the
+  ** monotonic clock is queried. Time starting point is unspecified, it
+  ** could be the system start-up time, the Epoch, or something else,
+  ** in any case the time starting point does not change once that the
+  ** system has started up.
+  */
+  struct timeval now;
+  struct timespec tsnow;
+  if(0 == clock_gettime(CLOCK_MONOTONIC, &tsnow)) {
+    now.tv_sec = tsnow.tv_sec;
+    now.tv_usec = tsnow.tv_nsec / 1000;
+  }
+  /*
+  ** Even when the configure process has truly detected monotonic clock
+  ** availability, it might happen that it is not actually available at
+  ** run-time. When this occurs simply fallback to other time source.
+  */
+#ifdef HAVE_GETTIMEOFDAY
+  else
+    (void)gettimeofday(&now, NULL);
+#else
+  else {
+    now.tv_sec = (long)time(NULL);
+    now.tv_usec = 0;
+  }
+#endif
+  return now;
+}
+
+#elif defined(HAVE_GETTIMEOFDAY)
+
+struct timeval curlx_tvnow(void)
+{
+  /*
+  ** gettimeofday() is not granted to be increased monotonically, due to
+  ** clock drifting and external source time synchronization it can jump
+  ** forward or backward in time.
+  */
+  struct timeval now;
+  (void)gettimeofday(&now, NULL);
+  return now;
+}
+
+#else
+
+struct timeval curlx_tvnow(void)
+{
+  /*
+  ** time() returns the value of time in seconds since the Epoch.
+  */
+  struct timeval now;
+  now.tv_sec = (long)time(NULL);
+  now.tv_usec = 0;
+  return now;
+}
+
+#endif
+
+/*
+ * Make sure that the first argument is the more recent time, as otherwise
+ * we'll get a weird negative time-diff back...
+ *
+ * Returns: the time difference in number of milliseconds.
+ */
+long curlx_tvdiff(struct timeval newer, struct timeval older)
+{
+  return (newer.tv_sec-older.tv_sec)*1000+
+    (newer.tv_usec-older.tv_usec)/1000;
+}
+
+/*
+ * Same as curlx_tvdiff but with full usec resolution.
+ *
+ * Returns: the time difference in seconds with subsecond resolution.
+ */
+double curlx_tvdiff_secs(struct timeval newer, struct timeval older)
+{
+  if(newer.tv_sec != older.tv_sec)
+    return (double)(newer.tv_sec-older.tv_sec)+
+      (double)(newer.tv_usec-older.tv_usec)/1000000.0;
+  else
+    return (double)(newer.tv_usec-older.tv_usec)/1000000.0;
+}
+
+/* return the number of seconds in the given input timeval struct */
+long Curl_tvlong(struct timeval t1)
+{
+  return t1.tv_sec;
+}
diff --git a/Utilities/cmcurl/timeval.h b/Utilities/cmcurl/lib/timeval.h
index effd741..3f1b9ea 100644
--- a/Utilities/cmcurl/timeval.h
+++ b/Utilities/cmcurl/lib/timeval.h
@@ -1,5 +1,5 @@
-#ifndef __TIMEVAL_H
-#define __TIMEVAL_H
+#ifndef HEADER_CURL_TIMEVAL_H
+#define HEADER_CURL_TIMEVAL_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,7 +20,6 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
 /*
@@ -28,25 +27,7 @@
  * as well as the library. Do not mix with library internals!
  */
 
-#include "setup.h"
-
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <time.h>
-#endif
-#else
-#ifdef HAVE_TIME_H
-#include <time.h>
-#endif
-#endif
-
-#ifndef HAVE_STRUCT_TIMEVAL
-struct timeval {
- long tv_sec;
- long tv_usec;
-};
-#endif
+#include "curl_setup.h"
 
 struct timeval curlx_tvnow(void);
 
@@ -73,4 +54,5 @@ long Curl_tvlong(struct timeval t1);
 #define Curl_tvdiff(x,y) curlx_tvdiff(x,y)
 #define Curl_tvdiff_secs(x,y) curlx_tvdiff_secs(x,y)
 
-#endif
+#endif /* HEADER_CURL_TIMEVAL_H */
+
diff --git a/Utilities/cmcurl/lib/transfer.c b/Utilities/cmcurl/lib/transfer.c
new file mode 100644
index 0000000..dc817a6
--- /dev/null
+++ b/Utilities/cmcurl/lib/transfer.c
@@ -0,0 +1,1993 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "strtoofft.h"
+#include "strequal.h"
+#include "rawstr.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifndef HAVE_SOCKET
+#error "We can't compile without socket() support!"
+#endif
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "netrc.h"
+
+#include "content_encoding.h"
+#include "hostip.h"
+#include "transfer.h"
+#include "sendf.h"
+#include "speedcheck.h"
+#include "progress.h"
+#include "http.h"
+#include "url.h"
+#include "getinfo.h"
+#include "vtls/vtls.h"
+#include "http_digest.h"
+#include "curl_ntlm.h"
+#include "http_negotiate.h"
+#include "share.h"
+#include "curl_memory.h"
+#include "select.h"
+#include "multiif.h"
+#include "connect.h"
+#include "non-ascii.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * This function will call the read callback to fill our buffer with data
+ * to upload.
+ */
+CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
+{
+  struct SessionHandle *data = conn->data;
+  size_t buffersize = (size_t)bytes;
+  int nread;
+#ifdef CURL_DOES_CONVERSIONS
+  bool sending_http_headers = FALSE;
+
+  if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) {
+    const struct HTTP *http = data->req.protop;
+
+    if(http->sending == HTTPSEND_REQUEST)
+      /* We're sending the HTTP request headers, not the data.
+         Remember that so we don't re-translate them into garbage. */
+      sending_http_headers = TRUE;
+  }
+#endif
+
+  if(data->req.upload_chunky) {
+    /* if chunked Transfer-Encoding */
+    buffersize -= (8 + 2 + 2);   /* 32bit hex + CRLF + CRLF */
+    data->req.upload_fromhere += (8 + 2); /* 32bit hex + CRLF */
+  }
+
+  /* this function returns a size_t, so we typecast to int to prevent warnings
+     with picky compilers */
+  nread = (int)conn->fread_func(data->req.upload_fromhere, 1,
+                                buffersize, conn->fread_in);
+
+  if(nread == CURL_READFUNC_ABORT) {
+    failf(data, "operation aborted by callback");
+    *nreadp = 0;
+    return CURLE_ABORTED_BY_CALLBACK;
+  }
+  else if(nread == CURL_READFUNC_PAUSE) {
+
+    if(conn->handler->flags & PROTOPT_NONETWORK) {
+      /* protocols that work without network cannot be paused. This is
+         actually only FILE:// just now, and it can't pause since the transfer
+         isn't done using the "normal" procedure. */
+      failf(data, "Read callback asked for PAUSE when not supported!");
+      return CURLE_READ_ERROR;
+    }
+    else {
+      struct SingleRequest *k = &data->req;
+      /* CURL_READFUNC_PAUSE pauses read callbacks that feed socket writes */
+      k->keepon |= KEEP_SEND_PAUSE; /* mark socket send as paused */
+      if(data->req.upload_chunky) {
+        /* Back out the preallocation done above */
+        data->req.upload_fromhere -= (8 + 2);
+      }
+      *nreadp = 0;
+    }
+    return CURLE_OK; /* nothing was read */
+  }
+  else if((size_t)nread > buffersize) {
+    /* the read function returned a too large value */
+    *nreadp = 0;
+    failf(data, "read function returned funny value");
+    return CURLE_READ_ERROR;
+  }
+
+  if(!data->req.forbidchunk && data->req.upload_chunky) {
+    /* if chunked Transfer-Encoding
+     *    build chunk:
+     *
+     *        <HEX SIZE> CRLF
+     *        <DATA> CRLF
+     */
+    /* On non-ASCII platforms the <DATA> may or may not be
+       translated based on set.prefer_ascii while the protocol
+       portion must always be translated to the network encoding.
+       To further complicate matters, line end conversion might be
+       done later on, so we need to prevent CRLFs from becoming
+       CRCRLFs if that's the case.  To do this we use bare LFs
+       here, knowing they'll become CRLFs later on.
+     */
+
+    char hexbuffer[11];
+    const char *endofline_native;
+    const char *endofline_network;
+    int hexlen;
+
+    if(
+#ifdef CURL_DO_LINEEND_CONV
+       (data->set.prefer_ascii) ||
+#endif
+       (data->set.crlf)) {
+      /* \n will become \r\n later on */
+      endofline_native  = "\n";
+      endofline_network = "\x0a";
+    }
+    else {
+      endofline_native  = "\r\n";
+      endofline_network = "\x0d\x0a";
+    }
+    hexlen = snprintf(hexbuffer, sizeof(hexbuffer),
+                      "%x%s", nread, endofline_native);
+
+    /* move buffer pointer */
+    data->req.upload_fromhere -= hexlen;
+    nread += hexlen;
+
+    /* copy the prefix to the buffer, leaving out the NUL */
+    memcpy(data->req.upload_fromhere, hexbuffer, hexlen);
+
+    /* always append ASCII CRLF to the data */
+    memcpy(data->req.upload_fromhere + nread,
+           endofline_network,
+           strlen(endofline_network));
+
+#ifdef CURL_DOES_CONVERSIONS
+    CURLcode res;
+    int length;
+    if(data->set.prefer_ascii) {
+      /* translate the protocol and data */
+      length = nread;
+    }
+    else {
+      /* just translate the protocol portion */
+      length = strlen(hexbuffer);
+    }
+    res = Curl_convert_to_network(data, data->req.upload_fromhere, length);
+    /* Curl_convert_to_network calls failf if unsuccessful */
+    if(res)
+      return(res);
+#endif /* CURL_DOES_CONVERSIONS */
+
+    if((nread - hexlen) == 0)
+      /* mark this as done once this chunk is transferred */
+      data->req.upload_done = TRUE;
+
+    nread+=(int)strlen(endofline_native); /* for the added end of line */
+  }
+#ifdef CURL_DOES_CONVERSIONS
+  else if((data->set.prefer_ascii) && (!sending_http_headers)) {
+    CURLcode res;
+    res = Curl_convert_to_network(data, data->req.upload_fromhere, nread);
+    /* Curl_convert_to_network calls failf if unsuccessful */
+    if(res != CURLE_OK)
+      return(res);
+  }
+#endif /* CURL_DOES_CONVERSIONS */
+
+  *nreadp = nread;
+
+  return CURLE_OK;
+}
+
+
+/*
+ * Curl_readrewind() rewinds the read stream. This is typically used for HTTP
+ * POST/PUT with multi-pass authentication when a sending was denied and a
+ * resend is necessary.
+ */
+CURLcode Curl_readrewind(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+
+  conn->bits.rewindaftersend = FALSE; /* we rewind now */
+
+  /* explicitly switch off sending data on this connection now since we are
+     about to restart a new transfer and thus we want to avoid inadvertently
+     sending more data on the existing connection until the next transfer
+     starts */
+  data->req.keepon &= ~KEEP_SEND;
+
+  /* We have sent away data. If not using CURLOPT_POSTFIELDS or
+     CURLOPT_HTTPPOST, call app to rewind
+  */
+  if(data->set.postfields ||
+     (data->set.httpreq == HTTPREQ_POST_FORM))
+    ; /* do nothing */
+  else {
+    if(data->set.seek_func) {
+      int err;
+
+      err = (data->set.seek_func)(data->set.seek_client, 0, SEEK_SET);
+      if(err) {
+        failf(data, "seek callback returned error %d", (int)err);
+        return CURLE_SEND_FAIL_REWIND;
+      }
+    }
+    else if(data->set.ioctl_func) {
+      curlioerr err;
+
+      err = (data->set.ioctl_func)(data, CURLIOCMD_RESTARTREAD,
+                                   data->set.ioctl_client);
+      infof(data, "the ioctl callback returned %d\n", (int)err);
+
+      if(err) {
+        /* FIXME: convert to a human readable error message */
+        failf(data, "ioctl callback returned error %d", (int)err);
+        return CURLE_SEND_FAIL_REWIND;
+      }
+    }
+    else {
+      /* If no CURLOPT_READFUNCTION is used, we know that we operate on a
+         given FILE * stream and we can actually attempt to rewind that
+         ourselves with fseek() */
+      if(data->set.fread_func == (curl_read_callback)fread) {
+        if(-1 != fseek(data->set.in, 0, SEEK_SET))
+          /* successful rewind */
+          return CURLE_OK;
+      }
+
+      /* no callback set or failure above, makes us fail at once */
+      failf(data, "necessary data rewind wasn't possible");
+      return CURLE_SEND_FAIL_REWIND;
+    }
+  }
+  return CURLE_OK;
+}
+
+static int data_pending(const struct connectdata *conn)
+{
+  /* in the case of libssh2, we can never be really sure that we have emptied
+     its internal buffers so we MUST always try until we get EAGAIN back */
+  return conn->handler->protocol&(CURLPROTO_SCP|CURLPROTO_SFTP) ||
+#if defined(USE_NGHTTP2)
+    Curl_ssl_data_pending(conn, FIRSTSOCKET) ||
+    /* For HTTP/2, we may read up everything including responde body
+       with header fields in Curl_http_readwrite_headers. If no
+       content-length is provided, curl waits for the connection
+       close, which we emulate it using conn->proto.httpc.closed =
+       TRUE. The thing is if we read everything, then http2_recv won't
+       be called and we cannot signal the HTTP/2 stream has closed. As
+       a workaround, we return nonzero here to call http2_recv. */
+    ((conn->handler->protocol&PROTO_FAMILY_HTTP) && conn->httpversion == 20 &&
+     conn->proto.httpc.closed);
+#else
+    Curl_ssl_data_pending(conn, FIRSTSOCKET);
+#endif
+}
+
+static void read_rewind(struct connectdata *conn,
+                        size_t thismuch)
+{
+  DEBUGASSERT(conn->read_pos >= thismuch);
+
+  conn->read_pos -= thismuch;
+  conn->bits.stream_was_rewound = TRUE;
+
+#ifdef DEBUGBUILD
+  {
+    char buf[512 + 1];
+    size_t show;
+
+    show = CURLMIN(conn->buf_len - conn->read_pos, sizeof(buf)-1);
+    if(conn->master_buffer) {
+      memcpy(buf, conn->master_buffer + conn->read_pos, show);
+      buf[show] = '\0';
+    }
+    else {
+      buf[0] = '\0';
+    }
+
+    DEBUGF(infof(conn->data,
+                 "Buffer after stream rewind (read_pos = %zu): [%s]\n",
+                 conn->read_pos, buf));
+  }
+#endif
+}
+
+/*
+ * Check to see if CURLOPT_TIMECONDITION was met by comparing the time of the
+ * remote document with the time provided by CURLOPT_TIMEVAL
+ */
+bool Curl_meets_timecondition(struct SessionHandle *data, time_t timeofdoc)
+{
+  if((timeofdoc == 0) || (data->set.timevalue == 0))
+    return TRUE;
+
+  switch(data->set.timecondition) {
+  case CURL_TIMECOND_IFMODSINCE:
+  default:
+    if(timeofdoc <= data->set.timevalue) {
+      infof(data,
+            "The requested document is not new enough\n");
+      data->info.timecond = TRUE;
+      return FALSE;
+    }
+    break;
+  case CURL_TIMECOND_IFUNMODSINCE:
+    if(timeofdoc >= data->set.timevalue) {
+      infof(data,
+            "The requested document is not old enough\n");
+      data->info.timecond = TRUE;
+      return FALSE;
+    }
+    break;
+  }
+
+  return TRUE;
+}
+
+/*
+ * Go ahead and do a read if we have a readable socket or if
+ * the stream was rewound (in which case we have data in a
+ * buffer)
+ */
+static CURLcode readwrite_data(struct SessionHandle *data,
+                               struct connectdata *conn,
+                               struct SingleRequest *k,
+                               int *didwhat, bool *done)
+{
+  CURLcode result = CURLE_OK;
+  ssize_t nread; /* number of bytes read */
+  size_t excess = 0; /* excess bytes read */
+  bool is_empty_data = FALSE;
+  bool readmore = FALSE; /* used by RTP to signal for more data */
+
+  *done = FALSE;
+
+  /* This is where we loop until we have read everything there is to
+     read or we get a CURLE_AGAIN */
+  do {
+    size_t buffersize = data->set.buffer_size?
+      data->set.buffer_size : BUFSIZE;
+    size_t bytestoread = buffersize;
+
+    if(k->size != -1 && !k->header) {
+      /* make sure we don't read "too much" if we can help it since we
+         might be pipelining and then someone else might want to read what
+         follows! */
+      curl_off_t totalleft = k->size - k->bytecount;
+      if(totalleft < (curl_off_t)bytestoread)
+        bytestoread = (size_t)totalleft;
+    }
+
+    if(bytestoread) {
+      /* receive data from the network! */
+      result = Curl_read(conn, conn->sockfd, k->buf, bytestoread, &nread);
+
+      /* read would've blocked */
+      if(CURLE_AGAIN == result)
+        break; /* get out of loop */
+
+      if(result>0)
+        return result;
+    }
+    else {
+      /* read nothing but since we wanted nothing we consider this an OK
+         situation to proceed from */
+      nread = 0;
+    }
+
+    if((k->bytecount == 0) && (k->writebytecount == 0)) {
+      Curl_pgrsTime(data, TIMER_STARTTRANSFER);
+      if(k->exp100 > EXP100_SEND_DATA)
+        /* set time stamp to compare with when waiting for the 100 */
+        k->start100 = Curl_tvnow();
+    }
+
+    *didwhat |= KEEP_RECV;
+    /* indicates data of zero size, i.e. empty file */
+    is_empty_data = ((nread == 0) && (k->bodywrites == 0)) ? TRUE : FALSE;
+
+    /* NUL terminate, allowing string ops to be used */
+    if(0 < nread || is_empty_data) {
+      k->buf[nread] = 0;
+    }
+    else if(0 >= nread) {
+      /* if we receive 0 or less here, the server closed the connection
+         and we bail out from this! */
+      DEBUGF(infof(data, "nread <= 0, server closed connection, bailing\n"));
+      k->keepon &= ~KEEP_RECV;
+      break;
+    }
+
+    /* Default buffer to use when we write the buffer, it may be changed
+       in the flow below before the actual storing is done. */
+    k->str = k->buf;
+
+    if(conn->handler->readwrite) {
+      result = conn->handler->readwrite(data, conn, &nread, &readmore);
+      if(result)
+        return result;
+      if(readmore)
+        break;
+    }
+
+#ifndef CURL_DISABLE_HTTP
+    /* Since this is a two-state thing, we check if we are parsing
+       headers at the moment or not. */
+    if(k->header) {
+      /* we are in parse-the-header-mode */
+      bool stop_reading = FALSE;
+      result = Curl_http_readwrite_headers(data, conn, &nread, &stop_reading);
+      if(result)
+        return result;
+
+      if(conn->handler->readwrite &&
+         (k->maxdownload <= 0 && nread > 0)) {
+        result = conn->handler->readwrite(data, conn, &nread, &readmore);
+        if(result)
+          return result;
+        if(readmore)
+          break;
+      }
+
+      if(stop_reading) {
+        /* We've stopped dealing with input, get out of the do-while loop */
+
+        if(nread > 0) {
+          if(Curl_multi_pipeline_enabled(conn->data->multi)) {
+            infof(data,
+                  "Rewinding stream by : %zd"
+                  " bytes on url %s (zero-length body)\n",
+                  nread, data->state.path);
+            read_rewind(conn, (size_t)nread);
+          }
+          else {
+            infof(data,
+                  "Excess found in a non pipelined read:"
+                  " excess = %zd"
+                  " url = %s (zero-length body)\n",
+                  nread, data->state.path);
+          }
+        }
+
+        break;
+      }
+    }
+#endif /* CURL_DISABLE_HTTP */
+
+
+    /* This is not an 'else if' since it may be a rest from the header
+       parsing, where the beginning of the buffer is headers and the end
+       is non-headers. */
+    if(k->str && !k->header && (nread > 0 || is_empty_data)) {
+
+#ifndef CURL_DISABLE_HTTP
+      if(0 == k->bodywrites && !is_empty_data) {
+        /* These checks are only made the first time we are about to
+           write a piece of the body */
+        if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) {
+          /* HTTP-only checks */
+
+          if(data->req.newurl) {
+            if(conn->bits.close) {
+              /* Abort after the headers if "follow Location" is set
+                 and we're set to close anyway. */
+              k->keepon &= ~KEEP_RECV;
+              *done = TRUE;
+              return CURLE_OK;
+            }
+            /* We have a new url to load, but since we want to be able
+               to re-use this connection properly, we read the full
+               response in "ignore more" */
+            k->ignorebody = TRUE;
+            infof(data, "Ignoring the response-body\n");
+          }
+          if(data->state.resume_from && !k->content_range &&
+             (data->set.httpreq==HTTPREQ_GET) &&
+             !k->ignorebody) {
+            /* we wanted to resume a download, although the server doesn't
+             * seem to support this and we did this with a GET (if it
+             * wasn't a GET we did a POST or PUT resume) */
+            failf(data, "HTTP server doesn't seem to support "
+                  "byte ranges. Cannot resume.");
+            return CURLE_RANGE_ERROR;
+          }
+
+          if(data->set.timecondition && !data->state.range) {
+            /* A time condition has been set AND no ranges have been
+               requested. This seems to be what chapter 13.3.4 of
+               RFC 2616 defines to be the correct action for a
+               HTTP/1.1 client */
+
+            if(!Curl_meets_timecondition(data, k->timeofdoc)) {
+              *done = TRUE;
+              /* We're simulating a http 304 from server so we return
+                 what should have been returned from the server */
+              data->info.httpcode = 304;
+              infof(data, "Simulate a HTTP 304 response!\n");
+              /* we abort the transfer before it is completed == we ruin the
+                 re-use ability. Close the connection */
+              connclose(conn, "Simulated 304 handling");
+              return CURLE_OK;
+            }
+          } /* we have a time condition */
+
+        } /* this is HTTP or RTSP */
+      } /* this is the first time we write a body part */
+#endif /* CURL_DISABLE_HTTP */
+
+      k->bodywrites++;
+
+      /* pass data to the debug function before it gets "dechunked" */
+      if(data->set.verbose) {
+        if(k->badheader) {
+          Curl_debug(data, CURLINFO_DATA_IN, data->state.headerbuff,
+                     (size_t)k->hbuflen, conn);
+          if(k->badheader == HEADER_PARTHEADER)
+            Curl_debug(data, CURLINFO_DATA_IN,
+                       k->str, (size_t)nread, conn);
+        }
+        else
+          Curl_debug(data, CURLINFO_DATA_IN,
+                     k->str, (size_t)nread, conn);
+      }
+
+#ifndef CURL_DISABLE_HTTP
+      if(k->chunk) {
+        /*
+         * Here comes a chunked transfer flying and we need to decode this
+         * properly.  While the name says read, this function both reads
+         * and writes away the data. The returned 'nread' holds the number
+         * of actual data it wrote to the client.
+         */
+
+        CHUNKcode res =
+          Curl_httpchunk_read(conn, k->str, nread, &nread);
+
+        if(CHUNKE_OK < res) {
+          if(CHUNKE_WRITE_ERROR == res) {
+            failf(data, "Failed writing data");
+            return CURLE_WRITE_ERROR;
+          }
+          failf(data, "%s in chunked-encoding", Curl_chunked_strerror(res));
+          return CURLE_RECV_ERROR;
+        }
+        else if(CHUNKE_STOP == res) {
+          size_t dataleft;
+          /* we're done reading chunks! */
+          k->keepon &= ~KEEP_RECV; /* read no more */
+
+          /* There are now possibly N number of bytes at the end of the
+             str buffer that weren't written to the client.
+
+             We DO care about this data if we are pipelining.
+             Push it back to be read on the next pass. */
+
+          dataleft = conn->chunk.dataleft;
+          if(dataleft != 0) {
+            infof(conn->data, "Leftovers after chunking: %zu bytes\n",
+                  dataleft);
+            if(Curl_multi_pipeline_enabled(conn->data->multi)) {
+              /* only attempt the rewind if we truly are pipelining */
+              infof(conn->data, "Rewinding %zu bytes\n",dataleft);
+              read_rewind(conn, dataleft);
+            }
+          }
+        }
+        /* If it returned OK, we just keep going */
+      }
+#endif   /* CURL_DISABLE_HTTP */
+
+      /* Account for body content stored in the header buffer */
+      if(k->badheader && !k->ignorebody) {
+        DEBUGF(infof(data, "Increasing bytecount by %zu from hbuflen\n",
+                     k->hbuflen));
+        k->bytecount += k->hbuflen;
+      }
+
+      if((-1 != k->maxdownload) &&
+         (k->bytecount + nread >= k->maxdownload)) {
+
+        excess = (size_t)(k->bytecount + nread - k->maxdownload);
+        if(excess > 0 && !k->ignorebody) {
+          if(Curl_multi_pipeline_enabled(conn->data->multi)) {
+            /* The 'excess' amount below can't be more than BUFSIZE which
+               always will fit in a size_t */
+            infof(data,
+                  "Rewinding stream by : %zu"
+                  " bytes on url %s (size = %" CURL_FORMAT_CURL_OFF_T
+                  ", maxdownload = %" CURL_FORMAT_CURL_OFF_T
+                  ", bytecount = %" CURL_FORMAT_CURL_OFF_T ", nread = %zd)\n",
+                  excess, data->state.path,
+                  k->size, k->maxdownload, k->bytecount, nread);
+            read_rewind(conn, excess);
+          }
+          else {
+            infof(data,
+                  "Excess found in a non pipelined read:"
+                  " excess = %zu"
+                  ", size = %" CURL_FORMAT_CURL_OFF_T
+                  ", maxdownload = %" CURL_FORMAT_CURL_OFF_T
+                  ", bytecount = %" CURL_FORMAT_CURL_OFF_T "\n",
+                  excess, k->size, k->maxdownload, k->bytecount);
+          }
+        }
+
+        nread = (ssize_t) (k->maxdownload - k->bytecount);
+        if(nread < 0 ) /* this should be unusual */
+          nread = 0;
+
+        k->keepon &= ~KEEP_RECV; /* we're done reading */
+      }
+
+      k->bytecount += nread;
+
+      Curl_pgrsSetDownloadCounter(data, k->bytecount);
+
+      if(!k->chunk && (nread || k->badheader || is_empty_data)) {
+        /* If this is chunky transfer, it was already written */
+
+        if(k->badheader && !k->ignorebody) {
+          /* we parsed a piece of data wrongly assuming it was a header
+             and now we output it as body instead */
+
+          /* Don't let excess data pollute body writes */
+          if(k->maxdownload == -1 || (curl_off_t)k->hbuflen <= k->maxdownload)
+            result = Curl_client_write(conn, CLIENTWRITE_BODY,
+                                       data->state.headerbuff,
+                                       k->hbuflen);
+          else
+            result = Curl_client_write(conn, CLIENTWRITE_BODY,
+                                       data->state.headerbuff,
+                                       (size_t)k->maxdownload);
+
+          if(result)
+            return result;
+        }
+        if(k->badheader < HEADER_ALLBAD) {
+          /* This switch handles various content encodings. If there's an
+             error here, be sure to check over the almost identical code
+             in http_chunks.c.
+             Make sure that ALL_CONTENT_ENCODINGS contains all the
+             encodings handled here. */
+#ifdef HAVE_LIBZ
+          switch (conn->data->set.http_ce_skip ?
+                  IDENTITY : k->auto_decoding) {
+          case IDENTITY:
+#endif
+            /* This is the default when the server sends no
+               Content-Encoding header. See Curl_readwrite_init; the
+               memset() call initializes k->auto_decoding to zero. */
+            if(!k->ignorebody) {
+
+#ifndef CURL_DISABLE_POP3
+              if(conn->handler->protocol&PROTO_FAMILY_POP3)
+                result = Curl_pop3_write(conn, k->str, nread);
+              else
+#endif /* CURL_DISABLE_POP3 */
+
+                result = Curl_client_write(conn, CLIENTWRITE_BODY, k->str,
+                                           nread);
+            }
+#ifdef HAVE_LIBZ
+            break;
+
+          case DEFLATE:
+            /* Assume CLIENTWRITE_BODY; headers are not encoded. */
+            if(!k->ignorebody)
+              result = Curl_unencode_deflate_write(conn, k, nread);
+            break;
+
+          case GZIP:
+            /* Assume CLIENTWRITE_BODY; headers are not encoded. */
+            if(!k->ignorebody)
+              result = Curl_unencode_gzip_write(conn, k, nread);
+            break;
+
+          case COMPRESS:
+          default:
+            failf (data, "Unrecognized content encoding type. "
+                   "libcurl understands `identity', `deflate' and `gzip' "
+                   "content encodings.");
+            result = CURLE_BAD_CONTENT_ENCODING;
+            break;
+          }
+#endif
+        }
+        k->badheader = HEADER_NORMAL; /* taken care of now */
+
+        if(result)
+          return result;
+      }
+
+    } /* if(! header and data to read ) */
+
+    if(conn->handler->readwrite &&
+       (excess > 0 && !conn->bits.stream_was_rewound)) {
+      /* Parse the excess data */
+      k->str += nread;
+      nread = (ssize_t)excess;
+
+      result = conn->handler->readwrite(data, conn, &nread, &readmore);
+      if(result)
+        return result;
+
+      if(readmore)
+        k->keepon |= KEEP_RECV; /* we're not done reading */
+      break;
+    }
+
+    if(is_empty_data) {
+      /* if we received nothing, the server closed the connection and we
+         are done */
+      k->keepon &= ~KEEP_RECV;
+    }
+
+  } while(data_pending(conn));
+
+  if(((k->keepon & (KEEP_RECV|KEEP_SEND)) == KEEP_SEND) &&
+     conn->bits.close ) {
+    /* When we've read the entire thing and the close bit is set, the server
+       may now close the connection. If there's now any kind of sending going
+       on from our side, we need to stop that immediately. */
+    infof(data, "we are done reading and this is set to close, stop send\n");
+    k->keepon &= ~KEEP_SEND; /* no writing anymore either */
+  }
+
+  return CURLE_OK;
+}
+
+/*
+ * Send data to upload to the server, when the socket is writable.
+ */
+static CURLcode readwrite_upload(struct SessionHandle *data,
+                                 struct connectdata *conn,
+                                 struct SingleRequest *k,
+                                 int *didwhat)
+{
+  ssize_t i, si;
+  ssize_t bytes_written;
+  CURLcode result;
+  ssize_t nread; /* number of bytes read */
+  bool sending_http_headers = FALSE;
+
+  if((k->bytecount == 0) && (k->writebytecount == 0))
+    Curl_pgrsTime(data, TIMER_STARTTRANSFER);
+
+  *didwhat |= KEEP_SEND;
+
+  /*
+   * We loop here to do the READ and SEND loop until we run out of
+   * data to send or until we get EWOULDBLOCK back
+   *
+   * FIXME: above comment is misleading. Currently no looping is
+   * actually done in do-while loop below.
+   */
+  do {
+
+    /* only read more data if there's no upload data already
+       present in the upload buffer */
+    if(0 == data->req.upload_present) {
+      /* init the "upload from here" pointer */
+      data->req.upload_fromhere = k->uploadbuf;
+
+      if(!k->upload_done) {
+        /* HTTP pollution, this should be written nicer to become more
+           protocol agnostic. */
+        int fillcount;
+        struct HTTP *http = data->req.protop;
+
+        if((k->exp100 == EXP100_SENDING_REQUEST) &&
+           (http->sending == HTTPSEND_BODY)) {
+          /* If this call is to send body data, we must take some action:
+             We have sent off the full HTTP 1.1 request, and we shall now
+             go into the Expect: 100 state and await such a header */
+          k->exp100 = EXP100_AWAITING_CONTINUE; /* wait for the header */
+          k->keepon &= ~KEEP_SEND;         /* disable writing */
+          k->start100 = Curl_tvnow();       /* timeout count starts now */
+          *didwhat &= ~KEEP_SEND;  /* we didn't write anything actually */
+
+          /* set a timeout for the multi interface */
+          Curl_expire(data, data->set.expect_100_timeout);
+          break;
+        }
+
+        if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) {
+          if(http->sending == HTTPSEND_REQUEST)
+            /* We're sending the HTTP request headers, not the data.
+               Remember that so we don't change the line endings. */
+            sending_http_headers = TRUE;
+          else
+            sending_http_headers = FALSE;
+        }
+
+        result = Curl_fillreadbuffer(conn, BUFSIZE, &fillcount);
+        if(result)
+          return result;
+
+        nread = (ssize_t)fillcount;
+      }
+      else
+        nread = 0; /* we're done uploading/reading */
+
+      if(!nread && (k->keepon & KEEP_SEND_PAUSE)) {
+        /* this is a paused transfer */
+        break;
+      }
+      else if(nread<=0) {
+        /* done */
+        k->keepon &= ~KEEP_SEND; /* we're done writing */
+
+        if(conn->bits.rewindaftersend) {
+          result = Curl_readrewind(conn);
+          if(result)
+            return result;
+        }
+        break;
+      }
+
+      /* store number of bytes available for upload */
+      data->req.upload_present = nread;
+
+#ifndef CURL_DISABLE_SMTP
+      if(conn->handler->protocol & PROTO_FAMILY_SMTP) {
+        result = Curl_smtp_escape_eob(conn, nread);
+        if(result)
+          return result;
+      }
+      else
+#endif /* CURL_DISABLE_SMTP */
+
+      /* convert LF to CRLF if so asked */
+      if((!sending_http_headers) && (
+#ifdef CURL_DO_LINEEND_CONV
+         /* always convert if we're FTPing in ASCII mode */
+         (data->set.prefer_ascii) ||
+#endif
+         (data->set.crlf))) {
+        if(data->state.scratch == NULL)
+          data->state.scratch = malloc(2*BUFSIZE);
+        if(data->state.scratch == NULL) {
+          failf (data, "Failed to alloc scratch buffer!");
+          return CURLE_OUT_OF_MEMORY;
+        }
+        /*
+         * ASCII/EBCDIC Note: This is presumably a text (not binary)
+         * transfer so the data should already be in ASCII.
+         * That means the hex values for ASCII CR (0x0d) & LF (0x0a)
+         * must be used instead of the escape sequences \r & \n.
+         */
+        for(i = 0, si = 0; i < nread; i++, si++) {
+          if(data->req.upload_fromhere[i] == 0x0a) {
+            data->state.scratch[si++] = 0x0d;
+            data->state.scratch[si] = 0x0a;
+            if(!data->set.crlf) {
+              /* we're here only because FTP is in ASCII mode...
+                 bump infilesize for the LF we just added */
+              data->state.infilesize++;
+            }
+          }
+          else
+            data->state.scratch[si] = data->req.upload_fromhere[i];
+        }
+        if(si != nread) {
+          /* only perform the special operation if we really did replace
+             anything */
+          nread = si;
+
+          /* upload from the new (replaced) buffer instead */
+          data->req.upload_fromhere = data->state.scratch;
+
+          /* set the new amount too */
+          data->req.upload_present = nread;
+        }
+      }
+    } /* if 0 == data->req.upload_present */
+    else {
+      /* We have a partial buffer left from a previous "round". Use
+         that instead of reading more data */
+    }
+
+    /* write to socket (send away data) */
+    result = Curl_write(conn,
+                        conn->writesockfd,     /* socket to send to */
+                        data->req.upload_fromhere, /* buffer pointer */
+                        data->req.upload_present,  /* buffer size */
+                        &bytes_written);           /* actually sent */
+
+    if(result)
+      return result;
+
+    if(data->set.verbose)
+      /* show the data before we change the pointer upload_fromhere */
+      Curl_debug(data, CURLINFO_DATA_OUT, data->req.upload_fromhere,
+                 (size_t)bytes_written, conn);
+
+    k->writebytecount += bytes_written;
+
+    if(k->writebytecount == data->state.infilesize) {
+      /* we have sent all data we were supposed to */
+      k->upload_done = TRUE;
+      infof(data, "We are completely uploaded and fine\n");
+    }
+
+    if(data->req.upload_present != bytes_written) {
+      /* we only wrote a part of the buffer (if anything), deal with it! */
+
+      /* store the amount of bytes left in the buffer to write */
+      data->req.upload_present -= bytes_written;
+
+      /* advance the pointer where to find the buffer when the next send
+         is to happen */
+      data->req.upload_fromhere += bytes_written;
+    }
+    else {
+      /* we've uploaded that buffer now */
+      data->req.upload_fromhere = k->uploadbuf;
+      data->req.upload_present = 0; /* no more bytes left */
+
+      if(k->upload_done) {
+        /* switch off writing, we're done! */
+        k->keepon &= ~KEEP_SEND; /* we're done writing */
+      }
+    }
+
+    Curl_pgrsSetUploadCounter(data, k->writebytecount);
+
+  } WHILE_FALSE; /* just to break out from! */
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_readwrite() is the low-level function to be called when data is to
+ * be read and written to/from the connection.
+ */
+CURLcode Curl_readwrite(struct connectdata *conn,
+                        bool *done)
+{
+  struct SessionHandle *data = conn->data;
+  struct SingleRequest *k = &data->req;
+  CURLcode result;
+  int didwhat=0;
+
+  curl_socket_t fd_read;
+  curl_socket_t fd_write;
+  int select_res = conn->cselect_bits;
+
+  conn->cselect_bits = 0;
+
+  /* only use the proper socket if the *_HOLD bit is not set simultaneously as
+     then we are in rate limiting state in that transfer direction */
+
+  if((k->keepon & KEEP_RECVBITS) == KEEP_RECV)
+    fd_read = conn->sockfd;
+  else
+    fd_read = CURL_SOCKET_BAD;
+
+  if((k->keepon & KEEP_SENDBITS) == KEEP_SEND)
+    fd_write = conn->writesockfd;
+  else
+    fd_write = CURL_SOCKET_BAD;
+
+  if(!select_res) /* Call for select()/poll() only, if read/write/error
+                     status is not known. */
+    select_res = Curl_socket_ready(fd_read, fd_write, 0);
+
+  if(select_res == CURL_CSELECT_ERR) {
+    failf(data, "select/poll returned error");
+    return CURLE_SEND_ERROR;
+  }
+
+  /* We go ahead and do a read if we have a readable socket or if
+     the stream was rewound (in which case we have data in a
+     buffer) */
+  if((k->keepon & KEEP_RECV) &&
+     ((select_res & CURL_CSELECT_IN) || conn->bits.stream_was_rewound)) {
+
+    result = readwrite_data(data, conn, k, &didwhat, done);
+    if(result || *done)
+      return result;
+  }
+
+  /* If we still have writing to do, we check if we have a writable socket. */
+  if((k->keepon & KEEP_SEND) && (select_res & CURL_CSELECT_OUT)) {
+    /* write */
+
+    result = readwrite_upload(data, conn, k, &didwhat);
+    if(result)
+      return result;
+  }
+
+  k->now = Curl_tvnow();
+  if(didwhat) {
+    /* Update read/write counters */
+    if(k->bytecountp)
+      *k->bytecountp = k->bytecount; /* read count */
+    if(k->writebytecountp)
+      *k->writebytecountp = k->writebytecount; /* write count */
+  }
+  else {
+    /* no read no write, this is a timeout? */
+    if(k->exp100 == EXP100_AWAITING_CONTINUE) {
+      /* This should allow some time for the header to arrive, but only a
+         very short time as otherwise it'll be too much wasted time too
+         often. */
+
+      /* Quoting RFC2616, section "8.2.3 Use of the 100 (Continue) Status":
+
+         Therefore, when a client sends this header field to an origin server
+         (possibly via a proxy) from which it has never seen a 100 (Continue)
+         status, the client SHOULD NOT wait for an indefinite period before
+         sending the request body.
+
+      */
+
+      long ms = Curl_tvdiff(k->now, k->start100);
+      if(ms >= data->set.expect_100_timeout) {
+        /* we've waited long enough, continue anyway */
+        k->exp100 = EXP100_SEND_DATA;
+        k->keepon |= KEEP_SEND;
+        infof(data, "Done waiting for 100-continue\n");
+      }
+    }
+  }
+
+  if(Curl_pgrsUpdate(conn))
+    result = CURLE_ABORTED_BY_CALLBACK;
+  else
+    result = Curl_speedcheck(data, k->now);
+  if(result)
+    return result;
+
+  if(k->keepon) {
+    if(0 > Curl_timeleft(data, &k->now, FALSE)) {
+      if(k->size != -1) {
+        failf(data, "Operation timed out after %ld milliseconds with %"
+              CURL_FORMAT_CURL_OFF_T " out of %"
+              CURL_FORMAT_CURL_OFF_T " bytes received",
+              Curl_tvdiff(k->now, data->progress.t_startsingle), k->bytecount,
+              k->size);
+      }
+      else {
+        failf(data, "Operation timed out after %ld milliseconds with %"
+              CURL_FORMAT_CURL_OFF_T " bytes received",
+              Curl_tvdiff(k->now, data->progress.t_startsingle), k->bytecount);
+      }
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+  }
+  else {
+    /*
+     * The transfer has been performed. Just make some general checks before
+     * returning.
+     */
+
+    if(!(data->set.opt_no_body) && (k->size != -1) &&
+       (k->bytecount != k->size) &&
+#ifdef CURL_DO_LINEEND_CONV
+       /* Most FTP servers don't adjust their file SIZE response for CRLFs,
+          so we'll check to see if the discrepancy can be explained
+          by the number of CRLFs we've changed to LFs.
+       */
+       (k->bytecount != (k->size + data->state.crlf_conversions)) &&
+#endif /* CURL_DO_LINEEND_CONV */
+       !data->req.newurl) {
+      failf(data, "transfer closed with %" CURL_FORMAT_CURL_OFF_T
+            " bytes remaining to read",
+            k->size - k->bytecount);
+      return CURLE_PARTIAL_FILE;
+    }
+    else if(!(data->set.opt_no_body) &&
+            k->chunk &&
+            (conn->chunk.state != CHUNK_STOP)) {
+      /*
+       * In chunked mode, return an error if the connection is closed prior to
+       * the empty (terminating) chunk is read.
+       *
+       * The condition above used to check for
+       * conn->proto.http->chunk.datasize != 0 which is true after reading
+       * *any* chunk, not just the empty chunk.
+       *
+       */
+      failf(data, "transfer closed with outstanding read data remaining");
+      return CURLE_PARTIAL_FILE;
+    }
+    if(Curl_pgrsUpdate(conn))
+      return CURLE_ABORTED_BY_CALLBACK;
+  }
+
+  /* Now update the "done" boolean we return */
+  *done = (0 == (k->keepon&(KEEP_RECV|KEEP_SEND|
+                            KEEP_RECV_PAUSE|KEEP_SEND_PAUSE))) ? TRUE : FALSE;
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_single_getsock() gets called by the multi interface code when the app
+ * has requested to get the sockets for the current connection. This function
+ * will then be called once for every connection that the multi interface
+ * keeps track of. This function will only be called for connections that are
+ * in the proper state to have this information available.
+ */
+int Curl_single_getsock(const struct connectdata *conn,
+                        curl_socket_t *sock, /* points to numsocks number
+                                                of sockets */
+                        int numsocks)
+{
+  const struct SessionHandle *data = conn->data;
+  int bitmap = GETSOCK_BLANK;
+  unsigned sockindex = 0;
+
+  if(conn->handler->perform_getsock)
+    return conn->handler->perform_getsock(conn, sock, numsocks);
+
+  if(numsocks < 2)
+    /* simple check but we might need two slots */
+    return GETSOCK_BLANK;
+
+  /* don't include HOLD and PAUSE connections */
+  if((data->req.keepon & KEEP_RECVBITS) == KEEP_RECV) {
+
+    DEBUGASSERT(conn->sockfd != CURL_SOCKET_BAD);
+
+    bitmap |= GETSOCK_READSOCK(sockindex);
+    sock[sockindex] = conn->sockfd;
+  }
+
+  /* don't include HOLD and PAUSE connections */
+  if((data->req.keepon & KEEP_SENDBITS) == KEEP_SEND) {
+
+    if((conn->sockfd != conn->writesockfd) ||
+       !(data->req.keepon & KEEP_RECV)) {
+      /* only if they are not the same socket or we didn't have a readable
+         one, we increase index */
+      if(data->req.keepon & KEEP_RECV)
+        sockindex++; /* increase index if we need two entries */
+
+      DEBUGASSERT(conn->writesockfd != CURL_SOCKET_BAD);
+
+      sock[sockindex] = conn->writesockfd;
+    }
+
+    bitmap |= GETSOCK_WRITESOCK(sockindex);
+  }
+
+  return bitmap;
+}
+
+/*
+ * Determine optimum sleep time based on configured rate, current rate,
+ * and packet size.
+ * Returns value in milliseconds.
+ *
+ * The basic idea is to adjust the desired rate up/down in this method
+ * based on whether we are running too slow or too fast.  Then, calculate
+ * how many milliseconds to wait for the next packet to achieve this new
+ * rate.
+ */
+long Curl_sleep_time(curl_off_t rate_bps, curl_off_t cur_rate_bps,
+                             int pkt_size)
+{
+  curl_off_t min_sleep = 0;
+  curl_off_t rv = 0;
+
+  if(rate_bps == 0)
+    return 0;
+
+  /* If running faster than about .1% of the desired speed, slow
+   * us down a bit.  Use shift instead of division as the 0.1%
+   * cutoff is arbitrary anyway.
+   */
+  if(cur_rate_bps > (rate_bps + (rate_bps >> 10))) {
+    /* running too fast, decrease target rate by 1/64th of rate */
+    rate_bps -= rate_bps >> 6;
+    min_sleep = 1;
+  }
+  else if(cur_rate_bps < (rate_bps - (rate_bps >> 10))) {
+    /* running too slow, increase target rate by 1/64th of rate */
+    rate_bps += rate_bps >> 6;
+  }
+
+  /* Determine number of milliseconds to wait until we do
+   * the next packet at the adjusted rate.  We should wait
+   * longer when using larger packets, for instance.
+   */
+  rv = ((curl_off_t)((pkt_size * 8) * 1000) / rate_bps);
+
+  /* Catch rounding errors and always slow down at least 1ms if
+   * we are running too fast.
+   */
+  if(rv < min_sleep)
+    rv = min_sleep;
+
+  /* Bound value to fit in 'long' on 32-bit platform.  That's
+   * plenty long enough anyway!
+   */
+  if(rv > 0x7fffffff)
+    rv = 0x7fffffff;
+
+  return (long)rv;
+}
+
+/*
+ * Curl_pretransfer() is called immediately before a transfer starts.
+ */
+CURLcode Curl_pretransfer(struct SessionHandle *data)
+{
+  CURLcode res;
+  if(!data->change.url) {
+    /* we can't do anything without URL */
+    failf(data, "No URL set!");
+    return CURLE_URL_MALFORMAT;
+  }
+
+  /* Init the SSL session ID cache here. We do it here since we want to do it
+     after the *_setopt() calls (that could specify the size of the cache) but
+     before any transfer takes place. */
+  res = Curl_ssl_initsessions(data, data->set.ssl.max_ssl_sessions);
+  if(res)
+    return res;
+
+  data->set.followlocation=0; /* reset the location-follow counter */
+  data->state.this_is_a_follow = FALSE; /* reset this */
+  data->state.errorbuf = FALSE; /* no error has occurred */
+  data->state.httpversion = 0; /* don't assume any particular server version */
+
+  data->state.ssl_connect_retry = FALSE;
+
+  data->state.authproblem = FALSE;
+  data->state.authhost.want = data->set.httpauth;
+  data->state.authproxy.want = data->set.proxyauth;
+  Curl_safefree(data->info.wouldredirect);
+  data->info.wouldredirect = NULL;
+
+  /* If there is a list of cookie files to read, do it now! */
+  if(data->change.cookielist)
+    Curl_cookie_loadfiles(data);
+
+  /* If there is a list of host pairs to deal with */
+  if(data->change.resolve)
+    res = Curl_loadhostpairs(data);
+
+  if(!res) {
+    /* Allow data->set.use_port to set which port to use. This needs to be
+     * disabled for example when we follow Location: headers to URLs using
+     * different ports! */
+    data->state.allow_port = TRUE;
+
+#if defined(HAVE_SIGNAL) && defined(SIGPIPE) && !defined(HAVE_MSG_NOSIGNAL)
+    /*************************************************************
+     * Tell signal handler to ignore SIGPIPE
+     *************************************************************/
+    if(!data->set.no_signal)
+      data->state.prev_signal = signal(SIGPIPE, SIG_IGN);
+#endif
+
+    Curl_initinfo(data); /* reset session-specific information "variables" */
+    Curl_pgrsStartNow(data);
+
+    if(data->set.timeout)
+      Curl_expire(data, data->set.timeout);
+
+    if(data->set.connecttimeout)
+      Curl_expire(data, data->set.connecttimeout);
+
+    /* In case the handle is re-used and an authentication method was picked
+       in the session we need to make sure we only use the one(s) we now
+       consider to be fine */
+    data->state.authhost.picked &= data->state.authhost.want;
+    data->state.authproxy.picked &= data->state.authproxy.want;
+  }
+
+  return res;
+}
+
+/*
+ * Curl_posttransfer() is called immediately after a transfer ends
+ */
+CURLcode Curl_posttransfer(struct SessionHandle *data)
+{
+#if defined(HAVE_SIGNAL) && defined(SIGPIPE) && !defined(HAVE_MSG_NOSIGNAL)
+  /* restore the signal handler for SIGPIPE before we get back */
+  if(!data->set.no_signal)
+    signal(SIGPIPE, data->state.prev_signal);
+#else
+  (void)data; /* unused parameter */
+#endif
+
+  return CURLE_OK;
+}
+
+#ifndef CURL_DISABLE_HTTP
+/*
+ * strlen_url() returns the length of the given URL if the spaces within the
+ * URL were properly URL encoded.
+ */
+static size_t strlen_url(const char *url)
+{
+  const char *ptr;
+  size_t newlen=0;
+  bool left=TRUE; /* left side of the ? */
+
+  for(ptr=url; *ptr; ptr++) {
+    switch(*ptr) {
+    case '?':
+      left=FALSE;
+      /* fall through */
+    default:
+      newlen++;
+      break;
+    case ' ':
+      if(left)
+        newlen+=3;
+      else
+        newlen++;
+      break;
+    }
+  }
+  return newlen;
+}
+
+/* strcpy_url() copies a url to a output buffer and URL-encodes the spaces in
+ * the source URL accordingly.
+ */
+static void strcpy_url(char *output, const char *url)
+{
+  /* we must add this with whitespace-replacing */
+  bool left=TRUE;
+  const char *iptr;
+  char *optr = output;
+  for(iptr = url;    /* read from here */
+      *iptr;         /* until zero byte */
+      iptr++) {
+    switch(*iptr) {
+    case '?':
+      left=FALSE;
+      /* fall through */
+    default:
+      *optr++=*iptr;
+      break;
+    case ' ':
+      if(left) {
+        *optr++='%'; /* add a '%' */
+        *optr++='2'; /* add a '2' */
+        *optr++='0'; /* add a '0' */
+      }
+      else
+        *optr++='+'; /* add a '+' here */
+      break;
+    }
+  }
+  *optr=0; /* zero terminate output buffer */
+
+}
+
+/*
+ * Returns true if the given URL is absolute (as opposed to relative)
+ */
+static bool is_absolute_url(const char *url)
+{
+  char prot[16]; /* URL protocol string storage */
+  char letter;   /* used for a silly sscanf */
+
+  return (2 == sscanf(url, "%15[^?&/:]://%c", prot, &letter)) ? TRUE : FALSE;
+}
+
+/*
+ * Concatenate a relative URL to a base URL making it absolute.
+ * URL-encodes any spaces.
+ * The returned pointer must be freed by the caller unless NULL
+ * (returns NULL on out of memory).
+ */
+static char *concat_url(const char *base, const char *relurl)
+{
+  /***
+   TRY to append this new path to the old URL
+   to the right of the host part. Oh crap, this is doomed to cause
+   problems in the future...
+  */
+  char *newest;
+  char *protsep;
+  char *pathsep;
+  size_t newlen;
+
+  const char *useurl = relurl;
+  size_t urllen;
+
+  /* we must make our own copy of the URL to play with, as it may
+     point to read-only data */
+  char *url_clone=strdup(base);
+
+  if(!url_clone)
+    return NULL; /* skip out of this NOW */
+
+  /* protsep points to the start of the host name */
+  protsep=strstr(url_clone, "//");
+  if(!protsep)
+    protsep=url_clone;
+  else
+    protsep+=2; /* pass the slashes */
+
+  if('/' != relurl[0]) {
+    int level=0;
+
+    /* First we need to find out if there's a ?-letter in the URL,
+       and cut it and the right-side of that off */
+    pathsep = strchr(protsep, '?');
+    if(pathsep)
+      *pathsep=0;
+
+    /* we have a relative path to append to the last slash if there's one
+       available, or if the new URL is just a query string (starts with a
+       '?')  we append the new one at the end of the entire currently worked
+       out URL */
+    if(useurl[0] != '?') {
+      pathsep = strrchr(protsep, '/');
+      if(pathsep)
+        *pathsep=0;
+    }
+
+    /* Check if there's any slash after the host name, and if so, remember
+       that position instead */
+    pathsep = strchr(protsep, '/');
+    if(pathsep)
+      protsep = pathsep+1;
+    else
+      protsep = NULL;
+
+    /* now deal with one "./" or any amount of "../" in the newurl
+       and act accordingly */
+
+    if((useurl[0] == '.') && (useurl[1] == '/'))
+      useurl+=2; /* just skip the "./" */
+
+    while((useurl[0] == '.') &&
+          (useurl[1] == '.') &&
+          (useurl[2] == '/')) {
+      level++;
+      useurl+=3; /* pass the "../" */
+    }
+
+    if(protsep) {
+      while(level--) {
+        /* cut off one more level from the right of the original URL */
+        pathsep = strrchr(protsep, '/');
+        if(pathsep)
+          *pathsep=0;
+        else {
+          *protsep=0;
+          break;
+        }
+      }
+    }
+  }
+  else {
+    /* We got a new absolute path for this server */
+
+    if((relurl[0] == '/') && (relurl[1] == '/')) {
+      /* the new URL starts with //, just keep the protocol part from the
+         original one */
+      *protsep=0;
+      useurl = &relurl[2]; /* we keep the slashes from the original, so we
+                              skip the new ones */
+    }
+    else {
+      /* cut off the original URL from the first slash, or deal with URLs
+         without slash */
+      pathsep = strchr(protsep, '/');
+      if(pathsep) {
+        /* When people use badly formatted URLs, such as
+           "http://www.url.com?dir=/home/daniel" we must not use the first
+           slash, if there's a ?-letter before it! */
+        char *sep = strchr(protsep, '?');
+        if(sep && (sep < pathsep))
+          pathsep = sep;
+        *pathsep=0;
+      }
+      else {
+        /* There was no slash. Now, since we might be operating on a badly
+           formatted URL, such as "http://www.url.com?id=2380" which doesn't
+           use a slash separator as it is supposed to, we need to check for a
+           ?-letter as well! */
+        pathsep = strchr(protsep, '?');
+        if(pathsep)
+          *pathsep=0;
+      }
+    }
+  }
+
+  /* If the new part contains a space, this is a mighty stupid redirect
+     but we still make an effort to do "right". To the left of a '?'
+     letter we replace each space with %20 while it is replaced with '+'
+     on the right side of the '?' letter.
+  */
+  newlen = strlen_url(useurl);
+
+  urllen = strlen(url_clone);
+
+  newest = malloc(urllen + 1 + /* possible slash */
+                  newlen + 1 /* zero byte */);
+
+  if(!newest) {
+    free(url_clone); /* don't leak this */
+    return NULL;
+  }
+
+  /* copy over the root url part */
+  memcpy(newest, url_clone, urllen);
+
+  /* check if we need to append a slash */
+  if(('/' == useurl[0]) || (protsep && !*protsep) || ('?' == useurl[0]))
+    ;
+  else
+    newest[urllen++]='/';
+
+  /* then append the new piece on the right side */
+  strcpy_url(&newest[urllen], useurl);
+
+  free(url_clone);
+
+  return newest;
+}
+#endif /* CURL_DISABLE_HTTP */
+
+/*
+ * Curl_follow() handles the URL redirect magic. Pass in the 'newurl' string
+ * as given by the remote server and set up the new URL to request.
+ */
+CURLcode Curl_follow(struct SessionHandle *data,
+                     char *newurl, /* this 'newurl' is the Location: string,
+                                      and it must be malloc()ed before passed
+                                      here */
+                     followtype type) /* see transfer.h */
+{
+#ifdef CURL_DISABLE_HTTP
+  (void)data;
+  (void)newurl;
+  (void)type;
+  /* Location: following will not happen when HTTP is disabled */
+  return CURLE_TOO_MANY_REDIRECTS;
+#else
+
+  /* Location: redirect */
+  bool disallowport = FALSE;
+
+  if(type == FOLLOW_REDIR) {
+    if((data->set.maxredirs != -1) &&
+        (data->set.followlocation >= data->set.maxredirs)) {
+      failf(data,"Maximum (%ld) redirects followed", data->set.maxredirs);
+      return CURLE_TOO_MANY_REDIRECTS;
+    }
+
+    /* mark the next request as a followed location: */
+    data->state.this_is_a_follow = TRUE;
+
+    data->set.followlocation++; /* count location-followers */
+
+    if(data->set.http_auto_referer) {
+      /* We are asked to automatically set the previous URL as the referer
+         when we get the next URL. We pick the ->url field, which may or may
+         not be 100% correct */
+
+      if(data->change.referer_alloc) {
+        Curl_safefree(data->change.referer);
+        data->change.referer_alloc = FALSE;
+      }
+
+      data->change.referer = strdup(data->change.url);
+      if(!data->change.referer)
+        return CURLE_OUT_OF_MEMORY;
+      data->change.referer_alloc = TRUE; /* yes, free this later */
+    }
+  }
+
+  if(!is_absolute_url(newurl))  {
+    /***
+     *DANG* this is an RFC 2068 violation. The URL is supposed
+     to be absolute and this doesn't seem to be that!
+     */
+    char *absolute = concat_url(data->change.url, newurl);
+    if(!absolute)
+      return CURLE_OUT_OF_MEMORY;
+    free(newurl);
+    newurl = absolute;
+  }
+  else {
+    /* This is an absolute URL, don't allow the custom port number */
+    disallowport = TRUE;
+
+    if(strchr(newurl, ' ')) {
+      /* This new URL contains at least one space, this is a mighty stupid
+         redirect but we still make an effort to do "right". */
+      char *newest;
+      size_t newlen = strlen_url(newurl);
+
+      newest = malloc(newlen+1); /* get memory for this */
+      if(!newest)
+        return CURLE_OUT_OF_MEMORY;
+      strcpy_url(newest, newurl); /* create a space-free URL */
+
+      free(newurl); /* that was no good */
+      newurl = newest; /* use this instead now */
+    }
+
+  }
+
+  if(type == FOLLOW_FAKE) {
+    /* we're only figuring out the new url if we would've followed locations
+       but now we're done so we can get out! */
+    data->info.wouldredirect = newurl;
+    return CURLE_OK;
+  }
+
+  if(disallowport)
+    data->state.allow_port = FALSE;
+
+  if(data->change.url_alloc) {
+    Curl_safefree(data->change.url);
+    data->change.url_alloc = FALSE;
+  }
+
+  data->change.url = newurl;
+  data->change.url_alloc = TRUE;
+  newurl = NULL; /* don't free! */
+
+  infof(data, "Issue another request to this URL: '%s'\n", data->change.url);
+
+  /*
+   * We get here when the HTTP code is 300-399 (and 401). We need to perform
+   * differently based on exactly what return code there was.
+   *
+   * News from 7.10.6: we can also get here on a 401 or 407, in case we act on
+   * a HTTP (proxy-) authentication scheme other than Basic.
+   */
+  switch(data->info.httpcode) {
+    /* 401 - Act on a WWW-Authenticate, we keep on moving and do the
+       Authorization: XXXX header in the HTTP request code snippet */
+    /* 407 - Act on a Proxy-Authenticate, we keep on moving and do the
+       Proxy-Authorization: XXXX header in the HTTP request code snippet */
+    /* 300 - Multiple Choices */
+    /* 306 - Not used */
+    /* 307 - Temporary Redirect */
+  default:  /* for all above (and the unknown ones) */
+    /* Some codes are explicitly mentioned since I've checked RFC2616 and they
+     * seem to be OK to POST to.
+     */
+    break;
+  case 301: /* Moved Permanently */
+    /* (quote from RFC7231, section 6.4.2)
+     *
+     * Note: For historical reasons, a user agent MAY change the request
+     * method from POST to GET for the subsequent request.  If this
+     * behavior is undesired, the 307 (Temporary Redirect) status code
+     * can be used instead.
+     *
+     * ----
+     *
+     * Many webservers expect this, so these servers often answers to a POST
+     * request with an error page. To be sure that libcurl gets the page that
+     * most user agents would get, libcurl has to force GET.
+     *
+     * This behaviour is forbidden by RFC1945 and the obsolete RFC2616, and
+     * can be overridden with CURLOPT_POSTREDIR.
+     */
+    if((data->set.httpreq == HTTPREQ_POST
+        || data->set.httpreq == HTTPREQ_POST_FORM)
+       && !(data->set.keep_post & CURL_REDIR_POST_301)) {
+      infof(data, "Switch from POST to GET\n");
+      data->set.httpreq = HTTPREQ_GET;
+    }
+    break;
+  case 302: /* Found */
+    /* (quote from RFC7231, section 6.4.3)
+     *
+     * Note: For historical reasons, a user agent MAY change the request
+     * method from POST to GET for the subsequent request.  If this
+     * behavior is undesired, the 307 (Temporary Redirect) status code
+     * can be used instead.
+     *
+     * ----
+     *
+     * Many webservers expect this, so these servers often answers to a POST
+     * request with an error page. To be sure that libcurl gets the page that
+     * most user agents would get, libcurl has to force GET.
+     *
+     * This behaviour is forbidden by RFC1945 and the obsolete RFC2616, and
+     * can be overridden with CURLOPT_POSTREDIR.
+     */
+    if((data->set.httpreq == HTTPREQ_POST
+        || data->set.httpreq == HTTPREQ_POST_FORM)
+       && !(data->set.keep_post & CURL_REDIR_POST_302)) {
+      infof(data, "Switch from POST to GET\n");
+      data->set.httpreq = HTTPREQ_GET;
+    }
+    break;
+
+  case 303: /* See Other */
+    /* Disable both types of POSTs, unless the user explicitely
+       asks for POST after POST */
+    if(data->set.httpreq != HTTPREQ_GET
+      && !(data->set.keep_post & CURL_REDIR_POST_303)) {
+      data->set.httpreq = HTTPREQ_GET; /* enforce GET request */
+      infof(data, "Disables POST, goes with %s\n",
+            data->set.opt_no_body?"HEAD":"GET");
+    }
+    break;
+  case 304: /* Not Modified */
+    /* 304 means we did a conditional request and it was "Not modified".
+     * We shouldn't get any Location: header in this response!
+     */
+    break;
+  case 305: /* Use Proxy */
+    /* (quote from RFC2616, section 10.3.6):
+     * "The requested resource MUST be accessed through the proxy given
+     * by the Location field. The Location field gives the URI of the
+     * proxy.  The recipient is expected to repeat this single request
+     * via the proxy. 305 responses MUST only be generated by origin
+     * servers."
+     */
+    break;
+  }
+  Curl_pgrsTime(data, TIMER_REDIRECT);
+  Curl_pgrsResetTimesSizes(data);
+
+  return CURLE_OK;
+#endif /* CURL_DISABLE_HTTP */
+}
+
+CURLcode
+Curl_reconnect_request(struct connectdata **connp)
+{
+  CURLcode result = CURLE_OK;
+  struct connectdata *conn = *connp;
+  struct SessionHandle *data = conn->data;
+
+  /* This was a re-use of a connection and we got a write error in the
+   * DO-phase. Then we DISCONNECT this connection and have another attempt to
+   * CONNECT and then DO again! The retry cannot possibly find another
+   * connection to re-use, since we only keep one possible connection for
+   * each.  */
+
+  infof(data, "Re-used connection seems dead, get a new one\n");
+
+  connclose(conn, "Reconnect dead connection"); /* enforce close */
+  result = Curl_done(&conn, result, FALSE); /* we are so done with this */
+
+  /* conn may no longer be a good pointer, clear it to avoid mistakes by
+     parent functions */
+  *connp = NULL;
+
+  /*
+   * According to bug report #1330310. We need to check for CURLE_SEND_ERROR
+   * here as well. I figure this could happen when the request failed on a FTP
+   * connection and thus Curl_done() itself tried to use the connection
+   * (again). Slight Lack of feedback in the report, but I don't think this
+   * extra check can do much harm.
+   */
+  if((CURLE_OK == result) || (CURLE_SEND_ERROR == result)) {
+    bool async;
+    bool protocol_done = TRUE;
+
+    /* Now, redo the connect and get a new connection */
+    result = Curl_connect(data, connp, &async, &protocol_done);
+    if(CURLE_OK == result) {
+      /* We have connected or sent away a name resolve query fine */
+
+      conn = *connp; /* setup conn to again point to something nice */
+      if(async) {
+        /* Now, if async is TRUE here, we need to wait for the name
+           to resolve */
+        result = Curl_resolver_wait_resolv(conn, NULL);
+        if(result)
+          return result;
+
+        /* Resolved, continue with the connection */
+        result = Curl_async_resolved(conn, &protocol_done);
+        if(result)
+          return result;
+      }
+    }
+  }
+
+  return result;
+}
+
+/* Returns CURLE_OK *and* sets '*url' if a request retry is wanted.
+
+   NOTE: that the *url is malloc()ed. */
+CURLcode Curl_retry_request(struct connectdata *conn,
+                            char **url)
+{
+  struct SessionHandle *data = conn->data;
+
+  *url = NULL;
+
+  /* if we're talking upload, we can't do the checks below, unless the protocol
+     is HTTP as when uploading over HTTP we will still get a response */
+  if(data->set.upload &&
+     !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)))
+    return CURLE_OK;
+
+  if(/* workaround for broken TLS servers */ data->state.ssl_connect_retry ||
+      ((data->req.bytecount +
+        data->req.headerbytecount == 0) &&
+        conn->bits.reuse &&
+        !data->set.opt_no_body &&
+       data->set.rtspreq != RTSPREQ_RECEIVE)) {
+    /* We got no data, we attempted to re-use a connection and yet we want a
+       "body". This might happen if the connection was left alive when we were
+       done using it before, but that was closed when we wanted to read from
+       it again. Bad luck. Retry the same request on a fresh connect! */
+    infof(conn->data, "Connection died, retrying a fresh connect\n");
+    *url = strdup(conn->data->change.url);
+    if(!*url)
+      return CURLE_OUT_OF_MEMORY;
+
+    connclose(conn, "retry"); /* close this connection */
+    conn->bits.retry = TRUE; /* mark this as a connection we're about
+                                to retry. Marking it this way should
+                                prevent i.e HTTP transfers to return
+                                error just because nothing has been
+                                transferred! */
+
+
+    if(conn->handler->protocol&PROTO_FAMILY_HTTP) {
+      struct HTTP *http = data->req.protop;
+      if(http->writebytecount)
+        return Curl_readrewind(conn);
+    }
+  }
+  return CURLE_OK;
+}
+
+/*
+ * Curl_setup_transfer() is called to setup some basic properties for the
+ * upcoming transfer.
+ */
+void
+Curl_setup_transfer(
+  struct connectdata *conn, /* connection data */
+  int sockindex,            /* socket index to read from or -1 */
+  curl_off_t size,          /* -1 if unknown at this point */
+  bool getheader,           /* TRUE if header parsing is wanted */
+  curl_off_t *bytecountp,   /* return number of bytes read or NULL */
+  int writesockindex,       /* socket index to write to, it may very well be
+                               the same we read from. -1 disables */
+  curl_off_t *writecountp   /* return number of bytes written or NULL */
+  )
+{
+  struct SessionHandle *data;
+  struct SingleRequest *k;
+
+  DEBUGASSERT(conn != NULL);
+
+  data = conn->data;
+  k = &data->req;
+
+  DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
+
+  /* now copy all input parameters */
+  conn->sockfd = sockindex == -1 ?
+      CURL_SOCKET_BAD : conn->sock[sockindex];
+  conn->writesockfd = writesockindex == -1 ?
+      CURL_SOCKET_BAD:conn->sock[writesockindex];
+  k->getheader = getheader;
+
+  k->size = size;
+  k->bytecountp = bytecountp;
+  k->writebytecountp = writecountp;
+
+  /* The code sequence below is placed in this function just because all
+     necessary input is not always known in do_complete() as this function may
+     be called after that */
+
+  if(!k->getheader) {
+    k->header = FALSE;
+    if(size > 0)
+      Curl_pgrsSetDownloadSize(data, size);
+  }
+  /* we want header and/or body, if neither then don't do this! */
+  if(k->getheader || !data->set.opt_no_body) {
+
+    if(conn->sockfd != CURL_SOCKET_BAD)
+      k->keepon |= KEEP_RECV;
+
+    if(conn->writesockfd != CURL_SOCKET_BAD) {
+      struct HTTP *http = data->req.protop;
+      /* HTTP 1.1 magic:
+
+         Even if we require a 100-return code before uploading data, we might
+         need to write data before that since the REQUEST may not have been
+         finished sent off just yet.
+
+         Thus, we must check if the request has been sent before we set the
+         state info where we wait for the 100-return code
+      */
+      if((data->state.expect100header) &&
+         (conn->handler->protocol&PROTO_FAMILY_HTTP) &&
+         (http->sending == HTTPSEND_BODY)) {
+        /* wait with write until we either got 100-continue or a timeout */
+        k->exp100 = EXP100_AWAITING_CONTINUE;
+        k->start100 = Curl_tvnow();
+
+        /* Set a timeout for the multi interface. Add the inaccuracy margin so
+           that we don't fire slightly too early and get denied to run. */
+        Curl_expire(data, data->set.expect_100_timeout);
+      }
+      else {
+        if(data->state.expect100header)
+          /* when we've sent off the rest of the headers, we must await a
+             100-continue but first finish sending the request */
+          k->exp100 = EXP100_SENDING_REQUEST;
+
+        /* enable the write bit when we're not waiting for continue */
+        k->keepon |= KEEP_SEND;
+      }
+    } /* if(conn->writesockfd != CURL_SOCKET_BAD) */
+  } /* if(k->getheader || !data->set.opt_no_body) */
+
+}
diff --git a/Utilities/cmcurl/transfer.h b/Utilities/cmcurl/lib/transfer.h
index 3c415cc..ad4a3ac 100644
--- a/Utilities/cmcurl/transfer.h
+++ b/Utilities/cmcurl/lib/transfer.h
@@ -1,5 +1,5 @@
-#ifndef __TRANSFER_H
-#define __TRANSFER_H
+#ifndef HEADER_CURL_TRANSFER_H
+#define HEADER_CURL_TRANSFER_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,24 +20,38 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-CURLcode Curl_perform(struct SessionHandle *data);
+
 CURLcode Curl_pretransfer(struct SessionHandle *data);
 CURLcode Curl_second_connect(struct connectdata *conn);
 CURLcode Curl_posttransfer(struct SessionHandle *data);
-CURLcode Curl_follow(struct SessionHandle *data, char *newurl, bool retry);
+
+typedef enum {
+  FOLLOW_NONE,  /* not used within the function, just a placeholder to
+                   allow initing to this */
+  FOLLOW_FAKE,  /* only records stuff, not actually following */
+  FOLLOW_RETRY, /* set if this is a request retry as opposed to a real
+                          redirect following */
+  FOLLOW_REDIR, /* a full true redirect */
+  FOLLOW_LAST   /* never used */
+} followtype;
+
+CURLcode Curl_follow(struct SessionHandle *data, char *newurl,
+                     followtype type);
+
+
 CURLcode Curl_readwrite(struct connectdata *conn, bool *done);
-int Curl_single_getsock(struct connectdata *conn,
+int Curl_single_getsock(const struct connectdata *conn,
                         curl_socket_t *socks,
                         int numsocks);
-CURLcode Curl_readwrite_init(struct connectdata *conn);
 CURLcode Curl_readrewind(struct connectdata *conn);
 CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp);
-bool Curl_retry_request(struct connectdata *conn, char **url);
+CURLcode Curl_reconnect_request(struct connectdata **connp);
+CURLcode Curl_retry_request(struct connectdata *conn, char **url);
+bool Curl_meets_timecondition(struct SessionHandle *data, time_t timeofdoc);
 
 /* This sets up a forthcoming transfer */
-CURLcode
+void
 Curl_setup_transfer (struct connectdata *data,
                int sockindex,           /* socket index to read from or -1 */
                curl_off_t size,         /* -1 if unknown at this point */
@@ -48,4 +62,9 @@ Curl_setup_transfer (struct connectdata *data,
                                            -1 disables */
                curl_off_t *writecountp /* return number of bytes written */
 );
-#endif
+
+long Curl_sleep_time(curl_off_t rate_bps, curl_off_t cur_rate_bps,
+                     int pkt_size);
+
+#endif /* HEADER_CURL_TRANSFER_H */
+
diff --git a/Utilities/cmcurl/lib/url.c b/Utilities/cmcurl/lib/url.c
new file mode 100644
index 0000000..67126ab
--- /dev/null
+++ b/Utilities/cmcurl/lib/url.c
@@ -0,0 +1,6032 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#ifndef HAVE_SOCKET
+#error "We can't compile without socket() support!"
+#endif
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#ifdef USE_LIBIDN
+#include <idna.h>
+#include <tld.h>
+#include <stringprep.h>
+#ifdef HAVE_IDN_FREE_H
+#include <idn-free.h>
+#else
+/* prototype from idn-free.h, not provided by libidn 0.4.5's make install! */
+void idn_free (void *ptr);
+#endif
+#ifndef HAVE_IDN_FREE
+/* if idn_free() was not found in this version of libidn use free() instead */
+#define idn_free(x) (free)(x)
+#endif
+#elif defined(USE_WIN32_IDN)
+/* prototype for curl_win32_idn_to_ascii() */
+int curl_win32_idn_to_ascii(const char *in, char **out);
+#endif  /* USE_LIBIDN */
+
+#include "urldata.h"
+#include "netrc.h"
+
+#include "formdata.h"
+#include "vtls/vtls.h"
+#include "hostip.h"
+#include "transfer.h"
+#include "sendf.h"
+#include "progress.h"
+#include "cookie.h"
+#include "strequal.h"
+#include "strerror.h"
+#include "escape.h"
+#include "strtok.h"
+#include "share.h"
+#include "content_encoding.h"
+#include "http_digest.h"
+#include "http_negotiate.h"
+#include "select.h"
+#include "multiif.h"
+#include "easyif.h"
+#include "speedcheck.h"
+#include "rawstr.h"
+#include "warnless.h"
+#include "non-ascii.h"
+#include "inet_pton.h"
+
+/* And now for the protocols */
+#include "ftp.h"
+#include "dict.h"
+#include "telnet.h"
+#include "tftp.h"
+#include "http.h"
+#include "file.h"
+#include "curl_ldap.h"
+#include "ssh.h"
+#include "imap.h"
+#include "url.h"
+#include "connect.h"
+#include "inet_ntop.h"
+#include "curl_ntlm.h"
+#include "curl_ntlm_wb.h"
+#include "socks.h"
+#include "curl_rtmp.h"
+#include "gopher.h"
+#include "http_proxy.h"
+#include "bundles.h"
+#include "conncache.h"
+#include "multihandle.h"
+#include "pipeline.h"
+#include "dotdot.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* Local static prototypes */
+static struct connectdata *
+find_oldest_idle_connection(struct SessionHandle *data);
+static struct connectdata *
+find_oldest_idle_connection_in_bundle(struct SessionHandle *data,
+                                      struct connectbundle *bundle);
+static void conn_free(struct connectdata *conn);
+static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke);
+static CURLcode do_init(struct connectdata *conn);
+static CURLcode parse_url_login(struct SessionHandle *data,
+                                struct connectdata *conn,
+                                char **userptr, char **passwdptr,
+                                char **optionsptr);
+static CURLcode parse_login_details(const char *login, const size_t len,
+                                    char **userptr, char **passwdptr,
+                                    char **optionsptr);
+/*
+ * Protocol table.
+ */
+
+static const struct Curl_handler * const protocols[] = {
+
+#ifndef CURL_DISABLE_HTTP
+  &Curl_handler_http,
+#endif
+
+#if defined(USE_SSL) && !defined(CURL_DISABLE_HTTP)
+  &Curl_handler_https,
+#endif
+
+#ifndef CURL_DISABLE_FTP
+  &Curl_handler_ftp,
+#endif
+
+#if defined(USE_SSL) && !defined(CURL_DISABLE_FTP)
+  &Curl_handler_ftps,
+#endif
+
+#ifndef CURL_DISABLE_TELNET
+  &Curl_handler_telnet,
+#endif
+
+#ifndef CURL_DISABLE_DICT
+  &Curl_handler_dict,
+#endif
+
+#ifndef CURL_DISABLE_LDAP
+  &Curl_handler_ldap,
+#if !defined(CURL_DISABLE_LDAPS) && \
+    ((defined(USE_OPENLDAP) && defined(USE_SSL)) || \
+     (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL)))
+  &Curl_handler_ldaps,
+#endif
+#endif
+
+#ifndef CURL_DISABLE_FILE
+  &Curl_handler_file,
+#endif
+
+#ifndef CURL_DISABLE_TFTP
+  &Curl_handler_tftp,
+#endif
+
+#ifdef USE_LIBSSH2
+  &Curl_handler_scp,
+  &Curl_handler_sftp,
+#endif
+
+#ifndef CURL_DISABLE_IMAP
+  &Curl_handler_imap,
+#ifdef USE_SSL
+  &Curl_handler_imaps,
+#endif
+#endif
+
+#ifndef CURL_DISABLE_POP3
+  &Curl_handler_pop3,
+#ifdef USE_SSL
+  &Curl_handler_pop3s,
+#endif
+#endif
+
+#ifndef CURL_DISABLE_SMTP
+  &Curl_handler_smtp,
+#ifdef USE_SSL
+  &Curl_handler_smtps,
+#endif
+#endif
+
+#ifndef CURL_DISABLE_RTSP
+  &Curl_handler_rtsp,
+#endif
+
+#ifndef CURL_DISABLE_GOPHER
+  &Curl_handler_gopher,
+#endif
+
+#ifdef USE_LIBRTMP
+  &Curl_handler_rtmp,
+  &Curl_handler_rtmpt,
+  &Curl_handler_rtmpe,
+  &Curl_handler_rtmpte,
+  &Curl_handler_rtmps,
+  &Curl_handler_rtmpts,
+#endif
+
+  (struct Curl_handler *) NULL
+};
+
+/*
+ * Dummy handler for undefined protocol schemes.
+ */
+
+static const struct Curl_handler Curl_handler_dummy = {
+  "<no protocol>",                      /* scheme */
+  ZERO_NULL,                            /* setup_connection */
+  ZERO_NULL,                            /* do_it */
+  ZERO_NULL,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  ZERO_NULL,                            /* readwrite */
+  0,                                    /* defport */
+  0,                                    /* protocol */
+  PROTOPT_NONE                          /* flags */
+};
+
+void Curl_freeset(struct SessionHandle *data)
+{
+  /* Free all dynamic strings stored in the data->set substructure. */
+  enum dupstring i;
+  for(i=(enum dupstring)0; i < STRING_LAST; i++)
+    Curl_safefree(data->set.str[i]);
+
+  if(data->change.referer_alloc) {
+    Curl_safefree(data->change.referer);
+    data->change.referer_alloc = FALSE;
+  }
+  data->change.referer = NULL;
+  if(data->change.url_alloc) {
+    Curl_safefree(data->change.url);
+    data->change.url_alloc = FALSE;
+  }
+  data->change.url = NULL;
+}
+
+static CURLcode setstropt(char **charp, char *s)
+{
+  /* Release the previous storage at `charp' and replace by a dynamic storage
+     copy of `s'. Return CURLE_OK or CURLE_OUT_OF_MEMORY. */
+
+  Curl_safefree(*charp);
+
+  if(s) {
+    s = strdup(s);
+
+    if(!s)
+      return CURLE_OUT_OF_MEMORY;
+
+    *charp = s;
+  }
+
+  return CURLE_OK;
+}
+
+static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp)
+{
+  CURLcode result = CURLE_OK;
+  char *user = NULL;
+  char *passwd = NULL;
+
+  /* Parse the login details if specified. It not then we treat NULL as a hint
+     to clear the existing data */
+  if(option) {
+    result = parse_login_details(option, strlen(option),
+                                 (userp ? &user : NULL),
+                                 (passwdp ? &passwd : NULL),
+                                 NULL);
+  }
+
+  if(!result) {
+    /* Store the username part of option if required */
+    if(userp) {
+      if(!user && option && option[0] == ':') {
+        /* Allocate an empty string instead of returning NULL as user name */
+        user = strdup("");
+        if(!user)
+          result = CURLE_OUT_OF_MEMORY;
+      }
+
+      Curl_safefree(*userp);
+      *userp = user;
+    }
+
+    /* Store the password part of option if required */
+    if(passwdp) {
+      Curl_safefree(*passwdp);
+      *passwdp = passwd;
+    }
+  }
+
+  return result;
+}
+
+CURLcode Curl_dupset(struct SessionHandle *dst, struct SessionHandle *src)
+{
+  CURLcode r = CURLE_OK;
+  enum dupstring i;
+
+  /* Copy src->set into dst->set first, then deal with the strings
+     afterwards */
+  dst->set = src->set;
+
+  /* clear all string pointers first */
+  memset(dst->set.str, 0, STRING_LAST * sizeof(char *));
+
+  /* duplicate all strings */
+  for(i=(enum dupstring)0; i< STRING_LAST; i++) {
+    r = setstropt(&dst->set.str[i], src->set.str[i]);
+    if(r != CURLE_OK)
+      break;
+  }
+
+  /* If a failure occurred, freeing has to be performed externally. */
+  return r;
+}
+
+/*
+ * This is the internal function curl_easy_cleanup() calls. This should
+ * cleanup and free all resources associated with this sessionhandle.
+ *
+ * NOTE: if we ever add something that attempts to write to a socket or
+ * similar here, we must ignore SIGPIPE first. It is currently only done
+ * when curl_easy_perform() is invoked.
+ */
+
+CURLcode Curl_close(struct SessionHandle *data)
+{
+  struct Curl_multi *m;
+
+  if(!data)
+    return CURLE_OK;
+
+  Curl_expire(data, 0); /* shut off timers */
+
+  m = data->multi;
+
+  if(m)
+    /* This handle is still part of a multi handle, take care of this first
+       and detach this handle from there. */
+    curl_multi_remove_handle(data->multi, data);
+
+  if(data->multi_easy)
+    /* when curl_easy_perform() is used, it creates its own multi handle to
+       use and this is the one */
+    curl_multi_cleanup(data->multi_easy);
+
+  /* Destroy the timeout list that is held in the easy handle. It is
+     /normally/ done by curl_multi_remove_handle() but this is "just in
+     case" */
+  if(data->state.timeoutlist) {
+    Curl_llist_destroy(data->state.timeoutlist, NULL);
+    data->state.timeoutlist = NULL;
+  }
+
+  data->magic = 0; /* force a clear AFTER the possibly enforced removal from
+                      the multi handle, since that function uses the magic
+                      field! */
+
+  if(data->state.rangestringalloc)
+    free(data->state.range);
+
+  /* Free the pathbuffer */
+  Curl_safefree(data->state.pathbuffer);
+  data->state.path = NULL;
+
+  /* freed here just in case DONE wasn't called */
+  Curl_free_request_state(data);
+
+  /* Close down all open SSL info and sessions */
+  Curl_ssl_close_all(data);
+  Curl_safefree(data->state.first_host);
+  Curl_safefree(data->state.scratch);
+  Curl_ssl_free_certinfo(data);
+
+  /* Cleanup possible redirect junk */
+  if(data->req.newurl) {
+    free(data->req.newurl);
+    data->req.newurl = NULL;
+  }
+
+  if(data->change.referer_alloc) {
+    Curl_safefree(data->change.referer);
+    data->change.referer_alloc = FALSE;
+  }
+  data->change.referer = NULL;
+
+  if(data->change.url_alloc) {
+    Curl_safefree(data->change.url);
+    data->change.url_alloc = FALSE;
+  }
+  data->change.url = NULL;
+
+  Curl_safefree(data->state.headerbuff);
+
+  Curl_flush_cookies(data, 1);
+
+  Curl_digest_cleanup(data);
+
+  Curl_safefree(data->info.contenttype);
+  Curl_safefree(data->info.wouldredirect);
+
+  /* this destroys the channel and we cannot use it anymore after this */
+  Curl_resolver_cleanup(data->state.resolver);
+
+  Curl_convert_close(data);
+
+  /* No longer a dirty share, if it exists */
+  if(data->share) {
+    Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
+    data->share->dirty--;
+    Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
+  }
+
+  Curl_freeset(data);
+  free(data);
+  return CURLE_OK;
+}
+
+/*
+ * Initialize the UserDefined fields within a SessionHandle.
+ * This may be safely called on a new or existing SessionHandle.
+ */
+CURLcode Curl_init_userdefined(struct UserDefined *set)
+{
+  CURLcode res = CURLE_OK;
+
+  set->out = stdout; /* default output to stdout */
+  set->in  = stdin;  /* default input from stdin */
+  set->err  = stderr;  /* default stderr to stderr */
+
+  /* use fwrite as default function to store output */
+  set->fwrite_func = (curl_write_callback)fwrite;
+
+  /* use fread as default function to read input */
+  set->fread_func = (curl_read_callback)fread;
+  set->is_fread_set = 0;
+  set->is_fwrite_set = 0;
+
+  set->seek_func = ZERO_NULL;
+  set->seek_client = ZERO_NULL;
+
+  /* conversion callbacks for non-ASCII hosts */
+  set->convfromnetwork = ZERO_NULL;
+  set->convtonetwork   = ZERO_NULL;
+  set->convfromutf8    = ZERO_NULL;
+
+  set->filesize = -1;        /* we don't know the size */
+  set->postfieldsize = -1;   /* unknown size */
+  set->maxredirs = -1;       /* allow any amount by default */
+
+  set->httpreq = HTTPREQ_GET; /* Default HTTP request */
+  set->rtspreq = RTSPREQ_OPTIONS; /* Default RTSP request */
+  set->ftp_use_epsv = TRUE;   /* FTP defaults to EPSV operations */
+  set->ftp_use_eprt = TRUE;   /* FTP defaults to EPRT operations */
+  set->ftp_use_pret = FALSE;  /* mainly useful for drftpd servers */
+  set->ftp_filemethod = FTPFILE_MULTICWD;
+
+  set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
+
+  /* Set the default size of the SSL session ID cache */
+  set->ssl.max_ssl_sessions = 5;
+
+  set->proxyport = CURL_DEFAULT_PROXY_PORT; /* from url.h */
+  set->proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */
+  set->httpauth = CURLAUTH_BASIC;  /* defaults to basic */
+  set->proxyauth = CURLAUTH_BASIC; /* defaults to basic */
+
+  /* make libcurl quiet by default: */
+  set->hide_progress = TRUE;  /* CURLOPT_NOPROGRESS changes these */
+
+  /*
+   * libcurl 7.10 introduced SSL verification *by default*! This needs to be
+   * switched off unless wanted.
+   */
+  set->ssl.verifypeer = TRUE;
+  set->ssl.verifyhost = TRUE;
+#ifdef USE_TLS_SRP
+  set->ssl.authtype = CURL_TLSAUTH_NONE;
+#endif
+  set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
+                                                      type */
+  set->ssl.sessionid = TRUE; /* session ID caching enabled by default */
+
+  set->new_file_perms = 0644;    /* Default permissions */
+  set->new_directory_perms = 0755; /* Default permissions */
+
+  /* for the *protocols fields we don't use the CURLPROTO_ALL convenience
+     define since we internally only use the lower 16 bits for the passed
+     in bitmask to not conflict with the private bits */
+  set->allowed_protocols = CURLPROTO_ALL;
+  set->redir_protocols =
+    CURLPROTO_ALL & ~(CURLPROTO_FILE|CURLPROTO_SCP); /* not FILE or SCP */
+
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  /*
+   * disallow unprotected protection negotiation NEC reference implementation
+   * seem not to follow rfc1961 section 4.3/4.4
+   */
+  set->socks5_gssapi_nec = FALSE;
+  /* set default GSS-API service name */
+  res = setstropt(&set->str[STRING_SOCKS5_GSSAPI_SERVICE],
+                  (char *) CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE);
+  if(res != CURLE_OK)
+    return res;
+#endif
+
+  /* This is our preferred CA cert bundle/path since install time */
+#if defined(CURL_CA_BUNDLE)
+  res = setstropt(&set->str[STRING_SSL_CAFILE], (char *) CURL_CA_BUNDLE);
+#elif defined(CURL_CA_PATH)
+  res = setstropt(&set->str[STRING_SSL_CAPATH], (char *) CURL_CA_PATH);
+#endif
+
+  set->wildcardmatch  = FALSE;
+  set->chunk_bgn      = ZERO_NULL;
+  set->chunk_end      = ZERO_NULL;
+
+  /* tcp keepalives are disabled by default, but provide reasonable values for
+   * the interval and idle times.
+   */
+  set->tcp_keepalive = FALSE;
+  set->tcp_keepintvl = 60;
+  set->tcp_keepidle = 60;
+
+  set->ssl_enable_npn = TRUE;
+  set->ssl_enable_alpn = TRUE;
+
+  set->expect_100_timeout = 1000L; /* Wait for a second by default. */
+  return res;
+}
+
+/**
+ * Curl_open()
+ *
+ * @param curl is a pointer to a sessionhandle pointer that gets set by this
+ * function.
+ * @return CURLcode
+ */
+
+CURLcode Curl_open(struct SessionHandle **curl)
+{
+  CURLcode res = CURLE_OK;
+  struct SessionHandle *data;
+  CURLcode status;
+
+  /* Very simple start-up: alloc the struct, init it with zeroes and return */
+  data = calloc(1, sizeof(struct SessionHandle));
+  if(!data) {
+    /* this is a very serious error */
+    DEBUGF(fprintf(stderr, "Error: calloc of SessionHandle failed\n"));
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  data->magic = CURLEASY_MAGIC_NUMBER;
+
+  status = Curl_resolver_init(&data->state.resolver);
+  if(status) {
+    DEBUGF(fprintf(stderr, "Error: resolver_init failed\n"));
+    free(data);
+    return status;
+  }
+
+  /* We do some initial setup here, all those fields that can't be just 0 */
+
+  data->state.headerbuff = malloc(HEADERSIZE);
+  if(!data->state.headerbuff) {
+    DEBUGF(fprintf(stderr, "Error: malloc of headerbuff failed\n"));
+    res = CURLE_OUT_OF_MEMORY;
+  }
+  else {
+    res = Curl_init_userdefined(&data->set);
+
+    data->state.headersize=HEADERSIZE;
+
+    Curl_convert_init(data);
+
+    /* most recent connection is not yet defined */
+    data->state.lastconnect = NULL;
+
+    data->progress.flags |= PGRS_HIDE;
+    data->state.current_speed = -1; /* init to negative == impossible */
+
+    data->wildcard.state = CURLWC_INIT;
+    data->wildcard.filelist = NULL;
+    data->set.fnmatch = ZERO_NULL;
+    data->set.maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */
+  }
+
+  if(res) {
+    Curl_resolver_cleanup(data->state.resolver);
+    if(data->state.headerbuff)
+      free(data->state.headerbuff);
+    Curl_freeset(data);
+    free(data);
+    data = NULL;
+  }
+  else
+    *curl = data;
+
+  return res;
+}
+
+CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
+                     va_list param)
+{
+  char *argptr;
+  CURLcode result = CURLE_OK;
+  long arg;
+#ifndef CURL_DISABLE_HTTP
+  curl_off_t bigsize;
+#endif
+
+  switch(option) {
+  case CURLOPT_DNS_CACHE_TIMEOUT:
+    data->set.dns_cache_timeout = va_arg(param, long);
+    break;
+  case CURLOPT_DNS_USE_GLOBAL_CACHE:
+    /* remember we want this enabled */
+    arg = va_arg(param, long);
+    data->set.global_dns_cache = (0 != arg)?TRUE:FALSE;
+    break;
+  case CURLOPT_SSL_CIPHER_LIST:
+    /* set a list of cipher we want to use in the SSL connection */
+    result = setstropt(&data->set.str[STRING_SSL_CIPHER_LIST],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_RANDOM_FILE:
+    /*
+     * This is the path name to a file that contains random data to seed
+     * the random SSL stuff with. The file is only used for reading.
+     */
+    result = setstropt(&data->set.str[STRING_SSL_RANDOM_FILE],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_EGDSOCKET:
+    /*
+     * The Entropy Gathering Daemon socket pathname
+     */
+    result = setstropt(&data->set.str[STRING_SSL_EGDSOCKET],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_MAXCONNECTS:
+    /*
+     * Set the absolute number of maximum simultaneous alive connection that
+     * libcurl is allowed to have.
+     */
+    data->set.maxconnects = va_arg(param, long);
+    break;
+  case CURLOPT_FORBID_REUSE:
+    /*
+     * When this transfer is done, it must not be left to be reused by a
+     * subsequent transfer but shall be closed immediately.
+     */
+    data->set.reuse_forbid = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_FRESH_CONNECT:
+    /*
+     * This transfer shall not use a previously cached connection but
+     * should be made with a fresh new connect!
+     */
+    data->set.reuse_fresh = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_VERBOSE:
+    /*
+     * Verbose means infof() calls that give a lot of information about
+     * the connection and transfer procedures as well as internal choices.
+     */
+    data->set.verbose = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_HEADER:
+    /*
+     * Set to include the header in the general data output stream.
+     */
+    data->set.include_header = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_NOPROGRESS:
+    /*
+     * Shut off the internal supported progress meter
+     */
+    data->set.hide_progress = (0 != va_arg(param, long))?TRUE:FALSE;
+    if(data->set.hide_progress)
+      data->progress.flags |= PGRS_HIDE;
+    else
+      data->progress.flags &= ~PGRS_HIDE;
+    break;
+  case CURLOPT_NOBODY:
+    /*
+     * Do not include the body part in the output data stream.
+     */
+    data->set.opt_no_body = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_FAILONERROR:
+    /*
+     * Don't output the >=300 error code HTML-page, but instead only
+     * return error.
+     */
+    data->set.http_fail_on_error = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_UPLOAD:
+  case CURLOPT_PUT:
+    /*
+     * We want to sent data to the remote host. If this is HTTP, that equals
+     * using the PUT request.
+     */
+    data->set.upload = (0 != va_arg(param, long))?TRUE:FALSE;
+    if(data->set.upload) {
+      /* If this is HTTP, PUT is what's needed to "upload" */
+      data->set.httpreq = HTTPREQ_PUT;
+      data->set.opt_no_body = FALSE; /* this is implied */
+    }
+    else
+      /* In HTTP, the opposite of upload is GET (unless NOBODY is true as
+         then this can be changed to HEAD later on) */
+      data->set.httpreq = HTTPREQ_GET;
+    break;
+  case CURLOPT_FILETIME:
+    /*
+     * Try to get the file time of the remote document. The time will
+     * later (possibly) become available using curl_easy_getinfo().
+     */
+    data->set.get_filetime = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_FTP_CREATE_MISSING_DIRS:
+    /*
+     * An FTP option that modifies an upload to create missing directories on
+     * the server.
+     */
+    switch(va_arg(param, long)) {
+    case 0:
+      data->set.ftp_create_missing_dirs = 0;
+      break;
+    case 1:
+      data->set.ftp_create_missing_dirs = 1;
+      break;
+    case 2:
+      data->set.ftp_create_missing_dirs = 2;
+      break;
+    default:
+      /* reserve other values for future use */
+      result = CURLE_UNKNOWN_OPTION;
+      break;
+    }
+    break;
+  case CURLOPT_SERVER_RESPONSE_TIMEOUT:
+    /*
+     * Option that specifies how quickly an server response must be obtained
+     * before it is considered failure. For pingpong protocols.
+     */
+    data->set.server_response_timeout = va_arg( param , long ) * 1000;
+    break;
+  case CURLOPT_TFTP_BLKSIZE:
+    /*
+     * TFTP option that specifies the block size to use for data transmission
+     */
+    data->set.tftp_blksize = va_arg(param, long);
+    break;
+  case CURLOPT_DIRLISTONLY:
+    /*
+     * An option that changes the command to one that asks for a list
+     * only, no file info details.
+     */
+    data->set.ftp_list_only = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_APPEND:
+    /*
+     * We want to upload and append to an existing file.
+     */
+    data->set.ftp_append = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_FTP_FILEMETHOD:
+    /*
+     * How do access files over FTP.
+     */
+    data->set.ftp_filemethod = (curl_ftpfile)va_arg(param, long);
+    break;
+  case CURLOPT_NETRC:
+    /*
+     * Parse the $HOME/.netrc file
+     */
+    data->set.use_netrc = (enum CURL_NETRC_OPTION)va_arg(param, long);
+    break;
+  case CURLOPT_NETRC_FILE:
+    /*
+     * Use this file instead of the $HOME/.netrc file
+     */
+    result = setstropt(&data->set.str[STRING_NETRC_FILE],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_TRANSFERTEXT:
+    /*
+     * This option was previously named 'FTPASCII'. Renamed to work with
+     * more protocols than merely FTP.
+     *
+     * Transfer using ASCII (instead of BINARY).
+     */
+    data->set.prefer_ascii = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_TIMECONDITION:
+    /*
+     * Set HTTP time condition. This must be one of the defines in the
+     * curl/curl.h header file.
+     */
+    data->set.timecondition = (curl_TimeCond)va_arg(param, long);
+    break;
+  case CURLOPT_TIMEVALUE:
+    /*
+     * This is the value to compare with the remote document with the
+     * method set with CURLOPT_TIMECONDITION
+     */
+    data->set.timevalue = (time_t)va_arg(param, long);
+    break;
+  case CURLOPT_SSLVERSION:
+    /*
+     * Set explicit SSL version to try to connect with, as some SSL
+     * implementations are lame.
+     */
+    data->set.ssl.version = va_arg(param, long);
+    break;
+
+#ifndef CURL_DISABLE_HTTP
+  case CURLOPT_AUTOREFERER:
+    /*
+     * Switch on automatic referer that gets set if curl follows locations.
+     */
+    data->set.http_auto_referer = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_ACCEPT_ENCODING:
+    /*
+     * String to use at the value of Accept-Encoding header.
+     *
+     * If the encoding is set to "" we use an Accept-Encoding header that
+     * encompasses all the encodings we support.
+     * If the encoding is set to NULL we don't send an Accept-Encoding header
+     * and ignore an received Content-Encoding header.
+     *
+     */
+    argptr = va_arg(param, char *);
+    result = setstropt(&data->set.str[STRING_ENCODING],
+                       (argptr && !*argptr)?
+                       (char *) ALL_CONTENT_ENCODINGS: argptr);
+    break;
+
+  case CURLOPT_TRANSFER_ENCODING:
+    data->set.http_transfer_encoding = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_FOLLOWLOCATION:
+    /*
+     * Follow Location: header hints on a HTTP-server.
+     */
+    data->set.http_follow_location = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_UNRESTRICTED_AUTH:
+    /*
+     * Send authentication (user+password) when following locations, even when
+     * hostname changed.
+     */
+    data->set.http_disable_hostname_check_before_authentication =
+      (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_MAXREDIRS:
+    /*
+     * The maximum amount of hops you allow curl to follow Location:
+     * headers. This should mostly be used to detect never-ending loops.
+     */
+    data->set.maxredirs = va_arg(param, long);
+    break;
+
+  case CURLOPT_POSTREDIR:
+  {
+    /*
+     * Set the behaviour of POST when redirecting
+     * CURL_REDIR_GET_ALL - POST is changed to GET after 301 and 302
+     * CURL_REDIR_POST_301 - POST is kept as POST after 301
+     * CURL_REDIR_POST_302 - POST is kept as POST after 302
+     * CURL_REDIR_POST_303 - POST is kept as POST after 303
+     * CURL_REDIR_POST_ALL - POST is kept as POST after 301, 302 and 303
+     * other - POST is kept as POST after 301 and 302
+     */
+    int postRedir = curlx_sltosi(va_arg(param, long));
+    data->set.keep_post = postRedir & CURL_REDIR_POST_ALL;
+  }
+  break;
+
+  case CURLOPT_POST:
+    /* Does this option serve a purpose anymore? Yes it does, when
+       CURLOPT_POSTFIELDS isn't used and the POST data is read off the
+       callback! */
+    if(va_arg(param, long)) {
+      data->set.httpreq = HTTPREQ_POST;
+      data->set.opt_no_body = FALSE; /* this is implied */
+    }
+    else
+      data->set.httpreq = HTTPREQ_GET;
+    break;
+
+  case CURLOPT_COPYPOSTFIELDS:
+    /*
+     * A string with POST data. Makes curl HTTP POST. Even if it is NULL.
+     * If needed, CURLOPT_POSTFIELDSIZE must have been set prior to
+     *  CURLOPT_COPYPOSTFIELDS and not altered later.
+     */
+    argptr = va_arg(param, char *);
+
+    if(!argptr || data->set.postfieldsize == -1)
+      result = setstropt(&data->set.str[STRING_COPYPOSTFIELDS], argptr);
+    else {
+      /*
+       *  Check that requested length does not overflow the size_t type.
+       */
+
+      if((data->set.postfieldsize < 0) ||
+         ((sizeof(curl_off_t) != sizeof(size_t)) &&
+          (data->set.postfieldsize > (curl_off_t)((size_t)-1))))
+        result = CURLE_OUT_OF_MEMORY;
+      else {
+        char * p;
+
+        (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
+
+        /* Allocate even when size == 0. This satisfies the need of possible
+           later address compare to detect the COPYPOSTFIELDS mode, and
+           to mark that postfields is used rather than read function or
+           form data.
+        */
+        p = malloc((size_t)(data->set.postfieldsize?
+                            data->set.postfieldsize:1));
+
+        if(!p)
+          result = CURLE_OUT_OF_MEMORY;
+        else {
+          if(data->set.postfieldsize)
+            memcpy(p, argptr, (size_t)data->set.postfieldsize);
+
+          data->set.str[STRING_COPYPOSTFIELDS] = p;
+        }
+      }
+    }
+
+    data->set.postfields = data->set.str[STRING_COPYPOSTFIELDS];
+    data->set.httpreq = HTTPREQ_POST;
+    break;
+
+  case CURLOPT_POSTFIELDS:
+    /*
+     * Like above, but use static data instead of copying it.
+     */
+    data->set.postfields = va_arg(param, void *);
+    /* Release old copied data. */
+    (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
+    data->set.httpreq = HTTPREQ_POST;
+    break;
+
+  case CURLOPT_POSTFIELDSIZE:
+    /*
+     * The size of the POSTFIELD data to prevent libcurl to do strlen() to
+     * figure it out. Enables binary posts.
+     */
+    bigsize = va_arg(param, long);
+
+    if(data->set.postfieldsize < bigsize &&
+       data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) {
+      /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */
+      (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
+      data->set.postfields = NULL;
+    }
+
+    data->set.postfieldsize = bigsize;
+    break;
+
+  case CURLOPT_POSTFIELDSIZE_LARGE:
+    /*
+     * The size of the POSTFIELD data to prevent libcurl to do strlen() to
+     * figure it out. Enables binary posts.
+     */
+    bigsize = va_arg(param, curl_off_t);
+
+    if(data->set.postfieldsize < bigsize &&
+       data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) {
+      /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */
+      (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
+      data->set.postfields = NULL;
+    }
+
+    data->set.postfieldsize = bigsize;
+    break;
+
+  case CURLOPT_HTTPPOST:
+    /*
+     * Set to make us do HTTP POST
+     */
+    data->set.httppost = va_arg(param, struct curl_httppost *);
+    data->set.httpreq = HTTPREQ_POST_FORM;
+    data->set.opt_no_body = FALSE; /* this is implied */
+    break;
+
+  case CURLOPT_REFERER:
+    /*
+     * String to set in the HTTP Referer: field.
+     */
+    if(data->change.referer_alloc) {
+      Curl_safefree(data->change.referer);
+      data->change.referer_alloc = FALSE;
+    }
+    result = setstropt(&data->set.str[STRING_SET_REFERER],
+                       va_arg(param, char *));
+    data->change.referer = data->set.str[STRING_SET_REFERER];
+    break;
+
+  case CURLOPT_USERAGENT:
+    /*
+     * String to use in the HTTP User-Agent field
+     */
+    result = setstropt(&data->set.str[STRING_USERAGENT],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_HTTPHEADER:
+    /*
+     * Set a list with HTTP headers to use (or replace internals with)
+     */
+    data->set.headers = va_arg(param, struct curl_slist *);
+    break;
+
+  case CURLOPT_PROXYHEADER:
+    /*
+     * Set a list with proxy headers to use (or replace internals with)
+     *
+     * Since CURLOPT_HTTPHEADER was the only way to set HTTP headers for a
+     * long time we remain doing it this way until CURLOPT_PROXYHEADER is
+     * used. As soon as this option has been used, if set to anything but
+     * NULL, custom headers for proxies are only picked from this list.
+     *
+     * Set this option to NULL to restore the previous behavior.
+     */
+    data->set.proxyheaders = va_arg(param, struct curl_slist *);
+    break;
+
+  case CURLOPT_HEADEROPT:
+    /*
+     * Set header option.
+     */
+    arg = va_arg(param, long);
+    data->set.sep_headers = (arg & CURLHEADER_SEPARATE)? TRUE: FALSE;
+    break;
+
+  case CURLOPT_HTTP200ALIASES:
+    /*
+     * Set a list of aliases for HTTP 200 in response header
+     */
+    data->set.http200aliases = va_arg(param, struct curl_slist *);
+    break;
+
+#if !defined(CURL_DISABLE_COOKIES)
+  case CURLOPT_COOKIE:
+    /*
+     * Cookie string to send to the remote server in the request.
+     */
+    result = setstropt(&data->set.str[STRING_COOKIE],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_COOKIEFILE:
+    /*
+     * Set cookie file to read and parse. Can be used multiple times.
+     */
+    argptr = (char *)va_arg(param, void *);
+    if(argptr) {
+      struct curl_slist *cl;
+      /* append the cookie file name to the list of file names, and deal with
+         them later */
+      cl = curl_slist_append(data->change.cookielist, argptr);
+      if(!cl) {
+        curl_slist_free_all(data->change.cookielist);
+        data->change.cookielist = NULL;
+        return CURLE_OUT_OF_MEMORY;
+      }
+      data->change.cookielist = cl; /* store the list for later use */
+    }
+    break;
+
+  case CURLOPT_COOKIEJAR:
+    /*
+     * Set cookie file name to dump all cookies to when we're done.
+     */
+    result = setstropt(&data->set.str[STRING_COOKIEJAR],
+                       va_arg(param, char *));
+
+    /*
+     * Activate the cookie parser. This may or may not already
+     * have been made.
+     */
+    data->cookies = Curl_cookie_init(data, NULL, data->cookies,
+                                     data->set.cookiesession);
+    break;
+
+  case CURLOPT_COOKIESESSION:
+    /*
+     * Set this option to TRUE to start a new "cookie session". It will
+     * prevent the forthcoming read-cookies-from-file actions to accept
+     * cookies that are marked as being session cookies, as they belong to a
+     * previous session.
+     *
+     * In the original Netscape cookie spec, "session cookies" are cookies
+     * with no expire date set. RFC2109 describes the same action if no
+     * 'Max-Age' is set and RFC2965 includes the RFC2109 description and adds
+     * a 'Discard' action that can enforce the discard even for cookies that
+     * have a Max-Age.
+     *
+     * We run mostly with the original cookie spec, as hardly anyone implements
+     * anything else.
+     */
+    data->set.cookiesession = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_COOKIELIST:
+    argptr = va_arg(param, char *);
+
+    if(argptr == NULL)
+      break;
+
+    if(Curl_raw_equal(argptr, "ALL")) {
+      /* clear all cookies */
+      Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+      Curl_cookie_clearall(data->cookies);
+      Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+    }
+    else if(Curl_raw_equal(argptr, "SESS")) {
+      /* clear session cookies */
+      Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+      Curl_cookie_clearsess(data->cookies);
+      Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+    }
+    else if(Curl_raw_equal(argptr, "FLUSH")) {
+      /* flush cookies to file, takes care of the locking */
+      Curl_flush_cookies(data, 0);
+    }
+    else {
+      if(!data->cookies)
+        /* if cookie engine was not running, activate it */
+        data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE);
+
+      argptr = strdup(argptr);
+      if(!argptr) {
+        result = CURLE_OUT_OF_MEMORY;
+      }
+      else {
+        Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+
+        if(checkprefix("Set-Cookie:", argptr))
+          /* HTTP Header format line */
+          Curl_cookie_add(data, data->cookies, TRUE, argptr + 11, NULL, NULL);
+
+        else
+          /* Netscape format line */
+          Curl_cookie_add(data, data->cookies, FALSE, argptr, NULL, NULL);
+
+        Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+        free(argptr);
+      }
+    }
+
+    break;
+#endif /* CURL_DISABLE_COOKIES */
+
+  case CURLOPT_HTTPGET:
+    /*
+     * Set to force us do HTTP GET
+     */
+    if(va_arg(param, long)) {
+      data->set.httpreq = HTTPREQ_GET;
+      data->set.upload = FALSE; /* switch off upload */
+      data->set.opt_no_body = FALSE; /* this is implied */
+    }
+    break;
+
+  case CURLOPT_HTTP_VERSION:
+    /*
+     * This sets a requested HTTP version to be used. The value is one of
+     * the listed enums in curl/curl.h.
+     */
+    arg = va_arg(param, long);
+#ifndef USE_NGHTTP2
+    if(arg == CURL_HTTP_VERSION_2_0)
+      return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+    data->set.httpversion = arg;
+    break;
+
+  case CURLOPT_HTTPAUTH:
+    /*
+     * Set HTTP Authentication type BITMASK.
+     */
+  {
+    int bitcheck;
+    bool authbits;
+    unsigned long auth = va_arg(param, unsigned long);
+
+    if(auth == CURLAUTH_NONE) {
+      data->set.httpauth = auth;
+      break;
+    }
+
+    /* the DIGEST_IE bit is only used to set a special marker, for all the
+       rest we need to handle it as normal DIGEST */
+    data->state.authhost.iestyle = (auth & CURLAUTH_DIGEST_IE)?TRUE:FALSE;
+
+    if(auth & CURLAUTH_DIGEST_IE) {
+      auth |= CURLAUTH_DIGEST; /* set standard digest bit */
+      auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */
+    }
+
+    /* switch off bits we can't support */
+#ifndef USE_NTLM
+    auth &= ~CURLAUTH_NTLM;    /* no NTLM support */
+    auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
+#elif !defined(NTLM_WB_ENABLED)
+    auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
+#endif
+#ifndef USE_SPNEGO
+    auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without
+                                    GSS-API or SSPI */
+#endif
+
+    /* check if any auth bit lower than CURLAUTH_ONLY is still set */
+    bitcheck = 0;
+    authbits = FALSE;
+    while(bitcheck < 31) {
+      if(auth & (1UL << bitcheck++)) {
+        authbits = TRUE;
+        break;
+      }
+    }
+    if(!authbits)
+      return CURLE_NOT_BUILT_IN; /* no supported types left! */
+
+    data->set.httpauth = auth;
+  }
+  break;
+
+  case CURLOPT_EXPECT_100_TIMEOUT_MS:
+    /*
+     * Time to wait for a response to a HTTP request containing an
+     * Expect: 100-continue header before sending the data anyway.
+     */
+    data->set.expect_100_timeout = va_arg(param, long);
+    break;
+
+#endif   /* CURL_DISABLE_HTTP */
+
+  case CURLOPT_CUSTOMREQUEST:
+    /*
+     * Set a custom string to use as request
+     */
+    result = setstropt(&data->set.str[STRING_CUSTOMREQUEST],
+                       va_arg(param, char *));
+
+    /* we don't set
+       data->set.httpreq = HTTPREQ_CUSTOM;
+       here, we continue as if we were using the already set type
+       and this just changes the actual request keyword */
+    break;
+
+#ifndef CURL_DISABLE_PROXY
+  case CURLOPT_HTTPPROXYTUNNEL:
+    /*
+     * Tunnel operations through the proxy instead of normal proxy use
+     */
+    data->set.tunnel_thru_httpproxy = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_PROXYPORT:
+    /*
+     * Explicitly set HTTP proxy port number.
+     */
+    data->set.proxyport = va_arg(param, long);
+    break;
+
+  case CURLOPT_PROXYAUTH:
+    /*
+     * Set HTTP Authentication type BITMASK.
+     */
+  {
+    int bitcheck;
+    bool authbits;
+    unsigned long auth = va_arg(param, unsigned long);
+
+    if(auth == CURLAUTH_NONE) {
+      data->set.proxyauth = auth;
+      break;
+    }
+
+    /* the DIGEST_IE bit is only used to set a special marker, for all the
+       rest we need to handle it as normal DIGEST */
+    data->state.authproxy.iestyle = (auth & CURLAUTH_DIGEST_IE)?TRUE:FALSE;
+
+    if(auth & CURLAUTH_DIGEST_IE) {
+      auth |= CURLAUTH_DIGEST; /* set standard digest bit */
+      auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */
+    }
+    /* switch off bits we can't support */
+#ifndef USE_NTLM
+    auth &= ~CURLAUTH_NTLM;    /* no NTLM support */
+    auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
+#elif !defined(NTLM_WB_ENABLED)
+    auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
+#endif
+#ifndef USE_SPNEGO
+    auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without
+                                    GSS-API or SSPI */
+#endif
+
+    /* check if any auth bit lower than CURLAUTH_ONLY is still set */
+    bitcheck = 0;
+    authbits = FALSE;
+    while(bitcheck < 31) {
+      if(auth & (1UL << bitcheck++)) {
+        authbits = TRUE;
+        break;
+      }
+    }
+    if(!authbits)
+      return CURLE_NOT_BUILT_IN; /* no supported types left! */
+
+    data->set.proxyauth = auth;
+  }
+  break;
+
+  case CURLOPT_PROXY:
+    /*
+     * Set proxy server:port to use as HTTP proxy.
+     *
+     * If the proxy is set to "" we explicitly say that we don't want to use a
+     * proxy (even though there might be environment variables saying so).
+     *
+     * Setting it to NULL, means no proxy but allows the environment variables
+     * to decide for us.
+     */
+    result = setstropt(&data->set.str[STRING_PROXY],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_PROXYTYPE:
+    /*
+     * Set proxy type. HTTP/HTTP_1_0/SOCKS4/SOCKS4a/SOCKS5/SOCKS5_HOSTNAME
+     */
+    data->set.proxytype = (curl_proxytype)va_arg(param, long);
+    break;
+
+  case CURLOPT_PROXY_TRANSFER_MODE:
+    /*
+     * set transfer mode (;type=<a|i>) when doing FTP via an HTTP proxy
+     */
+    switch (va_arg(param, long)) {
+    case 0:
+      data->set.proxy_transfer_mode = FALSE;
+      break;
+    case 1:
+      data->set.proxy_transfer_mode = TRUE;
+      break;
+    default:
+      /* reserve other values for future use */
+      result = CURLE_UNKNOWN_OPTION;
+      break;
+    }
+    break;
+#endif   /* CURL_DISABLE_PROXY */
+
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  case CURLOPT_SOCKS5_GSSAPI_SERVICE:
+    /*
+     * Set GSS-API service name
+     */
+    result = setstropt(&data->set.str[STRING_SOCKS5_GSSAPI_SERVICE],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_SOCKS5_GSSAPI_NEC:
+    /*
+     * set flag for nec socks5 support
+     */
+    data->set.socks5_gssapi_nec = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+#endif
+
+  case CURLOPT_HEADERDATA:
+    /*
+     * Custom pointer to pass the header write callback function
+     */
+    data->set.writeheader = (void *)va_arg(param, void *);
+    break;
+  case CURLOPT_ERRORBUFFER:
+    /*
+     * Error buffer provided by the caller to get the human readable
+     * error string in.
+     */
+    data->set.errorbuffer = va_arg(param, char *);
+    break;
+  case CURLOPT_WRITEDATA:
+    /*
+     * FILE pointer to write to. Or possibly
+     * used as argument to the write callback.
+     */
+    data->set.out = va_arg(param, void *);
+    break;
+  case CURLOPT_FTPPORT:
+    /*
+     * Use FTP PORT, this also specifies which IP address to use
+     */
+    result = setstropt(&data->set.str[STRING_FTPPORT],
+                       va_arg(param, char *));
+    data->set.ftp_use_port = (NULL != data->set.str[STRING_FTPPORT]) ?
+                             TRUE:FALSE;
+    break;
+
+  case CURLOPT_FTP_USE_EPRT:
+    data->set.ftp_use_eprt = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_FTP_USE_EPSV:
+    data->set.ftp_use_epsv = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_FTP_USE_PRET:
+    data->set.ftp_use_pret = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_FTP_SSL_CCC:
+    data->set.ftp_ccc = (curl_ftpccc)va_arg(param, long);
+    break;
+
+  case CURLOPT_FTP_SKIP_PASV_IP:
+    /*
+     * Enable or disable FTP_SKIP_PASV_IP, which will disable/enable the
+     * bypass of the IP address in PASV responses.
+     */
+    data->set.ftp_skip_ip = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_READDATA:
+    /*
+     * FILE pointer to read the file to be uploaded from. Or possibly
+     * used as argument to the read callback.
+     */
+    data->set.in = va_arg(param, void *);
+    break;
+  case CURLOPT_INFILESIZE:
+    /*
+     * If known, this should inform curl about the file size of the
+     * to-be-uploaded file.
+     */
+    data->set.filesize = va_arg(param, long);
+    break;
+  case CURLOPT_INFILESIZE_LARGE:
+    /*
+     * If known, this should inform curl about the file size of the
+     * to-be-uploaded file.
+     */
+    data->set.filesize = va_arg(param, curl_off_t);
+    break;
+  case CURLOPT_LOW_SPEED_LIMIT:
+    /*
+     * The low speed limit that if transfers are below this for
+     * CURLOPT_LOW_SPEED_TIME, the transfer is aborted.
+     */
+    data->set.low_speed_limit=va_arg(param, long);
+    break;
+  case CURLOPT_MAX_SEND_SPEED_LARGE:
+    /*
+     * When transfer uploads are faster then CURLOPT_MAX_SEND_SPEED_LARGE
+     * bytes per second the transfer is throttled..
+     */
+    data->set.max_send_speed=va_arg(param, curl_off_t);
+    break;
+  case CURLOPT_MAX_RECV_SPEED_LARGE:
+    /*
+     * When receiving data faster than CURLOPT_MAX_RECV_SPEED_LARGE bytes per
+     * second the transfer is throttled..
+     */
+    data->set.max_recv_speed=va_arg(param, curl_off_t);
+    break;
+  case CURLOPT_LOW_SPEED_TIME:
+    /*
+     * The low speed time that if transfers are below the set
+     * CURLOPT_LOW_SPEED_LIMIT during this time, the transfer is aborted.
+     */
+    data->set.low_speed_time=va_arg(param, long);
+    break;
+  case CURLOPT_URL:
+    /*
+     * The URL to fetch.
+     */
+    if(data->change.url_alloc) {
+      /* the already set URL is allocated, free it first! */
+      Curl_safefree(data->change.url);
+      data->change.url_alloc = FALSE;
+    }
+    result = setstropt(&data->set.str[STRING_SET_URL],
+                       va_arg(param, char *));
+    data->change.url = data->set.str[STRING_SET_URL];
+    break;
+  case CURLOPT_PORT:
+    /*
+     * The port number to use when getting the URL
+     */
+    data->set.use_port = va_arg(param, long);
+    break;
+  case CURLOPT_TIMEOUT:
+    /*
+     * The maximum time you allow curl to use for a single transfer
+     * operation.
+     */
+    data->set.timeout = va_arg(param, long) * 1000L;
+    break;
+
+  case CURLOPT_TIMEOUT_MS:
+    data->set.timeout = va_arg(param, long);
+    break;
+
+  case CURLOPT_CONNECTTIMEOUT:
+    /*
+     * The maximum time you allow curl to use to connect.
+     */
+    data->set.connecttimeout = va_arg(param, long) * 1000L;
+    break;
+
+  case CURLOPT_CONNECTTIMEOUT_MS:
+    data->set.connecttimeout = va_arg(param, long);
+    break;
+
+  case CURLOPT_ACCEPTTIMEOUT_MS:
+    /*
+     * The maximum time you allow curl to wait for server connect
+     */
+    data->set.accepttimeout = va_arg(param, long);
+    break;
+
+  case CURLOPT_USERPWD:
+    /*
+     * user:password to use in the operation
+     */
+    result = setstropt_userpwd(va_arg(param, char *),
+                               &data->set.str[STRING_USERNAME],
+                               &data->set.str[STRING_PASSWORD]);
+    break;
+
+  case CURLOPT_USERNAME:
+    /*
+     * authentication user name to use in the operation
+     */
+    result = setstropt(&data->set.str[STRING_USERNAME],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_PASSWORD:
+    /*
+     * authentication password to use in the operation
+     */
+    result = setstropt(&data->set.str[STRING_PASSWORD],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_LOGIN_OPTIONS:
+    /*
+     * authentication options to use in the operation
+     */
+    result = setstropt(&data->set.str[STRING_OPTIONS],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_XOAUTH2_BEARER:
+    /*
+     * XOAUTH2 bearer token to use in the operation
+     */
+    result = setstropt(&data->set.str[STRING_BEARER],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_POSTQUOTE:
+    /*
+     * List of RAW FTP commands to use after a transfer
+     */
+    data->set.postquote = va_arg(param, struct curl_slist *);
+    break;
+  case CURLOPT_PREQUOTE:
+    /*
+     * List of RAW FTP commands to use prior to RETR (Wesley Laxton)
+     */
+    data->set.prequote = va_arg(param, struct curl_slist *);
+    break;
+  case CURLOPT_QUOTE:
+    /*
+     * List of RAW FTP commands to use before a transfer
+     */
+    data->set.quote = va_arg(param, struct curl_slist *);
+    break;
+  case CURLOPT_RESOLVE:
+    /*
+     * List of NAME:[address] names to populate the DNS cache with
+     * Prefix the NAME with dash (-) to _remove_ the name from the cache.
+     *
+     * Names added with this API will remain in the cache until explicitly
+     * removed or the handle is cleaned up.
+     *
+     * This API can remove any name from the DNS cache, but only entries
+     * that aren't actually in use right now will be pruned immediately.
+     */
+    data->set.resolve = va_arg(param, struct curl_slist *);
+    data->change.resolve = data->set.resolve;
+    break;
+  case CURLOPT_PROGRESSFUNCTION:
+    /*
+     * Progress callback function
+     */
+    data->set.fprogress = va_arg(param, curl_progress_callback);
+    if(data->set.fprogress)
+      data->progress.callback = TRUE; /* no longer internal */
+    else
+      data->progress.callback = FALSE; /* NULL enforces internal */
+    break;
+
+  case CURLOPT_XFERINFOFUNCTION:
+    /*
+     * Transfer info callback function
+     */
+    data->set.fxferinfo = va_arg(param, curl_xferinfo_callback);
+    if(data->set.fxferinfo)
+      data->progress.callback = TRUE; /* no longer internal */
+    else
+      data->progress.callback = FALSE; /* NULL enforces internal */
+
+    break;
+
+  case CURLOPT_PROGRESSDATA:
+    /*
+     * Custom client data to pass to the progress callback
+     */
+    data->set.progress_client = va_arg(param, void *);
+    break;
+
+#ifndef CURL_DISABLE_PROXY
+  case CURLOPT_PROXYUSERPWD:
+    /*
+     * user:password needed to use the proxy
+     */
+    result = setstropt_userpwd(va_arg(param, char *),
+                               &data->set.str[STRING_PROXYUSERNAME],
+                               &data->set.str[STRING_PROXYPASSWORD]);
+    break;
+  case CURLOPT_PROXYUSERNAME:
+    /*
+     * authentication user name to use in the operation
+     */
+    result = setstropt(&data->set.str[STRING_PROXYUSERNAME],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_PROXYPASSWORD:
+    /*
+     * authentication password to use in the operation
+     */
+    result = setstropt(&data->set.str[STRING_PROXYPASSWORD],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_NOPROXY:
+    /*
+     * proxy exception list
+     */
+    result = setstropt(&data->set.str[STRING_NOPROXY],
+                       va_arg(param, char *));
+    break;
+#endif
+
+  case CURLOPT_RANGE:
+    /*
+     * What range of the file you want to transfer
+     */
+    result = setstropt(&data->set.str[STRING_SET_RANGE],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_RESUME_FROM:
+    /*
+     * Resume transfer at the give file position
+     */
+    data->set.set_resume_from = va_arg(param, long);
+    break;
+  case CURLOPT_RESUME_FROM_LARGE:
+    /*
+     * Resume transfer at the give file position
+     */
+    data->set.set_resume_from = va_arg(param, curl_off_t);
+    break;
+  case CURLOPT_DEBUGFUNCTION:
+    /*
+     * stderr write callback.
+     */
+    data->set.fdebug = va_arg(param, curl_debug_callback);
+    /*
+     * if the callback provided is NULL, it'll use the default callback
+     */
+    break;
+  case CURLOPT_DEBUGDATA:
+    /*
+     * Set to a void * that should receive all error writes. This
+     * defaults to CURLOPT_STDERR for normal operations.
+     */
+    data->set.debugdata = va_arg(param, void *);
+    break;
+  case CURLOPT_STDERR:
+    /*
+     * Set to a FILE * that should receive all error writes. This
+     * defaults to stderr for normal operations.
+     */
+    data->set.err = va_arg(param, FILE *);
+    if(!data->set.err)
+      data->set.err = stderr;
+    break;
+  case CURLOPT_HEADERFUNCTION:
+    /*
+     * Set header write callback
+     */
+    data->set.fwrite_header = va_arg(param, curl_write_callback);
+    break;
+  case CURLOPT_WRITEFUNCTION:
+    /*
+     * Set data write callback
+     */
+    data->set.fwrite_func = va_arg(param, curl_write_callback);
+    if(!data->set.fwrite_func) {
+      data->set.is_fwrite_set = 0;
+      /* When set to NULL, reset to our internal default function */
+      data->set.fwrite_func = (curl_write_callback)fwrite;
+    }
+    else
+      data->set.is_fwrite_set = 1;
+    break;
+  case CURLOPT_READFUNCTION:
+    /*
+     * Read data callback
+     */
+    data->set.fread_func = va_arg(param, curl_read_callback);
+    if(!data->set.fread_func) {
+      data->set.is_fread_set = 0;
+      /* When set to NULL, reset to our internal default function */
+      data->set.fread_func = (curl_read_callback)fread;
+    }
+    else
+      data->set.is_fread_set = 1;
+    break;
+  case CURLOPT_SEEKFUNCTION:
+    /*
+     * Seek callback. Might be NULL.
+     */
+    data->set.seek_func = va_arg(param, curl_seek_callback);
+    break;
+  case CURLOPT_SEEKDATA:
+    /*
+     * Seek control callback. Might be NULL.
+     */
+    data->set.seek_client = va_arg(param, void *);
+    break;
+  case CURLOPT_CONV_FROM_NETWORK_FUNCTION:
+    /*
+     * "Convert from network encoding" callback
+     */
+    data->set.convfromnetwork = va_arg(param, curl_conv_callback);
+    break;
+  case CURLOPT_CONV_TO_NETWORK_FUNCTION:
+    /*
+     * "Convert to network encoding" callback
+     */
+    data->set.convtonetwork = va_arg(param, curl_conv_callback);
+    break;
+  case CURLOPT_CONV_FROM_UTF8_FUNCTION:
+    /*
+     * "Convert from UTF-8 encoding" callback
+     */
+    data->set.convfromutf8 = va_arg(param, curl_conv_callback);
+    break;
+  case CURLOPT_IOCTLFUNCTION:
+    /*
+     * I/O control callback. Might be NULL.
+     */
+    data->set.ioctl_func = va_arg(param, curl_ioctl_callback);
+    break;
+  case CURLOPT_IOCTLDATA:
+    /*
+     * I/O control data pointer. Might be NULL.
+     */
+    data->set.ioctl_client = va_arg(param, void *);
+    break;
+  case CURLOPT_SSLCERT:
+    /*
+     * String that holds file name of the SSL certificate to use
+     */
+    result = setstropt(&data->set.str[STRING_CERT],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_SSLCERTTYPE:
+    /*
+     * String that holds file type of the SSL certificate to use
+     */
+    result = setstropt(&data->set.str[STRING_CERT_TYPE],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_SSLKEY:
+    /*
+     * String that holds file name of the SSL key to use
+     */
+    result = setstropt(&data->set.str[STRING_KEY],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_SSLKEYTYPE:
+    /*
+     * String that holds file type of the SSL key to use
+     */
+    result = setstropt(&data->set.str[STRING_KEY_TYPE],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_KEYPASSWD:
+    /*
+     * String that holds the SSL or SSH private key password.
+     */
+    result = setstropt(&data->set.str[STRING_KEY_PASSWD],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_SSLENGINE:
+    /*
+     * String that holds the SSL crypto engine.
+     */
+    argptr = va_arg(param, char *);
+    if(argptr && argptr[0])
+      result = Curl_ssl_set_engine(data, argptr);
+    break;
+
+  case CURLOPT_SSLENGINE_DEFAULT:
+    /*
+     * flag to set engine as default.
+     */
+    result = Curl_ssl_set_engine_default(data);
+    break;
+  case CURLOPT_CRLF:
+    /*
+     * Kludgy option to enable CRLF conversions. Subject for removal.
+     */
+    data->set.crlf = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_INTERFACE:
+    /*
+     * Set what interface or address/hostname to bind the socket to when
+     * performing an operation and thus what from-IP your connection will use.
+     */
+    result = setstropt(&data->set.str[STRING_DEVICE],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_LOCALPORT:
+    /*
+     * Set what local port to bind the socket to when performing an operation.
+     */
+    data->set.localport = curlx_sltous(va_arg(param, long));
+    break;
+  case CURLOPT_LOCALPORTRANGE:
+    /*
+     * Set number of local ports to try, starting with CURLOPT_LOCALPORT.
+     */
+    data->set.localportrange = curlx_sltosi(va_arg(param, long));
+    break;
+  case CURLOPT_KRBLEVEL:
+    /*
+     * A string that defines the kerberos security level.
+     */
+    result = setstropt(&data->set.str[STRING_KRB_LEVEL],
+                       va_arg(param, char *));
+    data->set.krb = (NULL != data->set.str[STRING_KRB_LEVEL])?TRUE:FALSE;
+    break;
+  case CURLOPT_GSSAPI_DELEGATION:
+    /*
+     * GSS-API credential delegation
+     */
+    data->set.gssapi_delegation = va_arg(param, long);
+    break;
+  case CURLOPT_SSL_VERIFYPEER:
+    /*
+     * Enable peer SSL verifying.
+     */
+    data->set.ssl.verifypeer = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_SSL_VERIFYHOST:
+    /*
+     * Enable verification of the host name in the peer certificate
+     */
+    arg = va_arg(param, long);
+
+    /* Obviously people are not reading documentation and too many thought
+       this argument took a boolean when it wasn't and misused it. We thus ban
+       1 as a sensible input and we warn about its use. Then we only have the
+       2 action internally stored as TRUE. */
+
+    if(1 == arg) {
+      failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!");
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    }
+
+    data->set.ssl.verifyhost = (0 != arg)?TRUE:FALSE;
+    break;
+#ifdef USE_SSLEAY
+    /* since these two options are only possible to use on an OpenSSL-
+       powered libcurl we #ifdef them on this condition so that libcurls
+       built against other SSL libs will return a proper error when trying
+       to set this option! */
+  case CURLOPT_SSL_CTX_FUNCTION:
+    /*
+     * Set a SSL_CTX callback
+     */
+    data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
+    break;
+  case CURLOPT_SSL_CTX_DATA:
+    /*
+     * Set a SSL_CTX callback parameter pointer
+     */
+    data->set.ssl.fsslctxp = va_arg(param, void *);
+    break;
+#endif
+#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT) || \
+    defined(USE_NSS)
+  case CURLOPT_CERTINFO:
+    data->set.ssl.certinfo = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+#endif
+  case CURLOPT_CAINFO:
+    /*
+     * Set CA info for SSL connection. Specify file name of the CA certificate
+     */
+    result = setstropt(&data->set.str[STRING_SSL_CAFILE],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_CAPATH:
+    /*
+     * Set CA path info for SSL connection. Specify directory name of the CA
+     * certificates which have been prepared using openssl c_rehash utility.
+     */
+    /* This does not work on windows. */
+    result = setstropt(&data->set.str[STRING_SSL_CAPATH],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_CRLFILE:
+    /*
+     * Set CRL file info for SSL connection. Specify file name of the CRL
+     * to check certificates revocation
+     */
+    result = setstropt(&data->set.str[STRING_SSL_CRLFILE],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_ISSUERCERT:
+    /*
+     * Set Issuer certificate file
+     * to check certificates issuer
+     */
+    result = setstropt(&data->set.str[STRING_SSL_ISSUERCERT],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_TELNETOPTIONS:
+    /*
+     * Set a linked list of telnet options
+     */
+    data->set.telnet_options = va_arg(param, struct curl_slist *);
+    break;
+
+  case CURLOPT_BUFFERSIZE:
+    /*
+     * The application kindly asks for a differently sized receive buffer.
+     * If it seems reasonable, we'll use it.
+     */
+    data->set.buffer_size = va_arg(param, long);
+
+    if((data->set.buffer_size> (BUFSIZE -1 )) ||
+       (data->set.buffer_size < 1))
+      data->set.buffer_size = 0; /* huge internal default */
+
+    break;
+
+  case CURLOPT_NOSIGNAL:
+    /*
+     * The application asks not to set any signal() or alarm() handlers,
+     * even when using a timeout.
+     */
+    data->set.no_signal = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_SHARE:
+  {
+    struct Curl_share *set;
+    set = va_arg(param, struct Curl_share *);
+
+    /* disconnect from old share, if any */
+    if(data->share) {
+      Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
+
+      if(data->dns.hostcachetype == HCACHE_SHARED) {
+        data->dns.hostcache = NULL;
+        data->dns.hostcachetype = HCACHE_NONE;
+      }
+
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
+      if(data->share->cookies == data->cookies)
+        data->cookies = NULL;
+#endif
+
+      if(data->share->sslsession == data->state.session)
+        data->state.session = NULL;
+
+      data->share->dirty--;
+
+      Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
+      data->share = NULL;
+    }
+
+    /* use new share if it set */
+    data->share = set;
+    if(data->share) {
+
+      Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
+
+      data->share->dirty++;
+
+      if(data->share->hostcache) {
+        /* use shared host cache */
+        data->dns.hostcache = data->share->hostcache;
+        data->dns.hostcachetype = HCACHE_SHARED;
+      }
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
+      if(data->share->cookies) {
+        /* use shared cookie list, first free own one if any */
+        if(data->cookies)
+          Curl_cookie_cleanup(data->cookies);
+        /* enable cookies since we now use a share that uses cookies! */
+        data->cookies = data->share->cookies;
+      }
+#endif   /* CURL_DISABLE_HTTP */
+      if(data->share->sslsession) {
+        data->set.ssl.max_ssl_sessions = data->share->max_ssl_sessions;
+        data->state.session = data->share->sslsession;
+      }
+      Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
+
+    }
+    /* check for host cache not needed,
+     * it will be done by curl_easy_perform */
+  }
+  break;
+
+  case CURLOPT_PRIVATE:
+    /*
+     * Set private data pointer.
+     */
+    data->set.private_data = va_arg(param, void *);
+    break;
+
+  case CURLOPT_MAXFILESIZE:
+    /*
+     * Set the maximum size of a file to download.
+     */
+    data->set.max_filesize = va_arg(param, long);
+    break;
+
+#ifdef USE_SSL
+  case CURLOPT_USE_SSL:
+    /*
+     * Make transfers attempt to use SSL/TLS.
+     */
+    data->set.use_ssl = (curl_usessl)va_arg(param, long);
+    break;
+
+  case CURLOPT_SSL_OPTIONS:
+    arg = va_arg(param, long);
+    data->set.ssl_enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE;
+    break;
+
+#endif
+  case CURLOPT_FTPSSLAUTH:
+    /*
+     * Set a specific auth for FTP-SSL transfers.
+     */
+    data->set.ftpsslauth = (curl_ftpauth)va_arg(param, long);
+    break;
+
+  case CURLOPT_IPRESOLVE:
+    data->set.ipver = va_arg(param, long);
+    break;
+
+  case CURLOPT_MAXFILESIZE_LARGE:
+    /*
+     * Set the maximum size of a file to download.
+     */
+    data->set.max_filesize = va_arg(param, curl_off_t);
+    break;
+
+  case CURLOPT_TCP_NODELAY:
+    /*
+     * Enable or disable TCP_NODELAY, which will disable/enable the Nagle
+     * algorithm
+     */
+    data->set.tcp_nodelay = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_FTP_ACCOUNT:
+    result = setstropt(&data->set.str[STRING_FTP_ACCOUNT],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_IGNORE_CONTENT_LENGTH:
+    data->set.ignorecl = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_CONNECT_ONLY:
+    /*
+     * No data transfer, set up connection and let application use the socket
+     */
+    data->set.connect_only = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_FTP_ALTERNATIVE_TO_USER:
+    result = setstropt(&data->set.str[STRING_FTP_ALTERNATIVE_TO_USER],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_SOCKOPTFUNCTION:
+    /*
+     * socket callback function: called after socket() but before connect()
+     */
+    data->set.fsockopt = va_arg(param, curl_sockopt_callback);
+    break;
+
+  case CURLOPT_SOCKOPTDATA:
+    /*
+     * socket callback data pointer. Might be NULL.
+     */
+    data->set.sockopt_client = va_arg(param, void *);
+    break;
+
+  case CURLOPT_OPENSOCKETFUNCTION:
+    /*
+     * open/create socket callback function: called instead of socket(),
+     * before connect()
+     */
+    data->set.fopensocket = va_arg(param, curl_opensocket_callback);
+    break;
+
+  case CURLOPT_OPENSOCKETDATA:
+    /*
+     * socket callback data pointer. Might be NULL.
+     */
+    data->set.opensocket_client = va_arg(param, void *);
+    break;
+
+  case CURLOPT_CLOSESOCKETFUNCTION:
+    /*
+     * close socket callback function: called instead of close()
+     * when shutting down a connection
+     */
+    data->set.fclosesocket = va_arg(param, curl_closesocket_callback);
+    break;
+
+  case CURLOPT_CLOSESOCKETDATA:
+    /*
+     * socket callback data pointer. Might be NULL.
+     */
+    data->set.closesocket_client = va_arg(param, void *);
+    break;
+
+  case CURLOPT_SSL_SESSIONID_CACHE:
+    data->set.ssl.sessionid = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+#ifdef USE_LIBSSH2
+    /* we only include SSH options if explicitly built to support SSH */
+  case CURLOPT_SSH_AUTH_TYPES:
+    data->set.ssh_auth_types = va_arg(param, long);
+    break;
+
+  case CURLOPT_SSH_PUBLIC_KEYFILE:
+    /*
+     * Use this file instead of the $HOME/.ssh/id_dsa.pub file
+     */
+    result = setstropt(&data->set.str[STRING_SSH_PUBLIC_KEY],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_SSH_PRIVATE_KEYFILE:
+    /*
+     * Use this file instead of the $HOME/.ssh/id_dsa file
+     */
+    result = setstropt(&data->set.str[STRING_SSH_PRIVATE_KEY],
+                       va_arg(param, char *));
+    break;
+  case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5:
+    /*
+     * Option to allow for the MD5 of the host public key to be checked
+     * for validation purposes.
+     */
+    result = setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5],
+                       va_arg(param, char *));
+    break;
+#ifdef HAVE_LIBSSH2_KNOWNHOST_API
+  case CURLOPT_SSH_KNOWNHOSTS:
+    /*
+     * Store the file name to read known hosts from.
+     */
+    result = setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_SSH_KEYFUNCTION:
+    /* setting to NULL is fine since the ssh.c functions themselves will
+       then rever to use the internal default */
+    data->set.ssh_keyfunc = va_arg(param, curl_sshkeycallback);
+    break;
+
+  case CURLOPT_SSH_KEYDATA:
+    /*
+     * Custom client data to pass to the SSH keyfunc callback
+     */
+    data->set.ssh_keyfunc_userp = va_arg(param, void *);
+    break;
+#endif /* HAVE_LIBSSH2_KNOWNHOST_API */
+
+#endif /* USE_LIBSSH2 */
+
+  case CURLOPT_HTTP_TRANSFER_DECODING:
+    /*
+     * disable libcurl transfer encoding is used
+     */
+    data->set.http_te_skip = (0 == va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_HTTP_CONTENT_DECODING:
+    /*
+     * raw data passed to the application when content encoding is used
+     */
+    data->set.http_ce_skip = (0 == va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  case CURLOPT_NEW_FILE_PERMS:
+    /*
+     * Uses these permissions instead of 0644
+     */
+    data->set.new_file_perms = va_arg(param, long);
+    break;
+
+  case CURLOPT_NEW_DIRECTORY_PERMS:
+    /*
+     * Uses these permissions instead of 0755
+     */
+    data->set.new_directory_perms = va_arg(param, long);
+    break;
+
+  case CURLOPT_ADDRESS_SCOPE:
+    /*
+     * We always get longs when passed plain numericals, but for this value we
+     * know that an unsigned int will always hold the value so we blindly
+     * typecast to this type
+     */
+    data->set.scope = curlx_sltoui(va_arg(param, long));
+    break;
+
+  case CURLOPT_PROTOCOLS:
+    /* set the bitmask for the protocols that are allowed to be used for the
+       transfer, which thus helps the app which takes URLs from users or other
+       external inputs and want to restrict what protocol(s) to deal
+       with. Defaults to CURLPROTO_ALL. */
+    data->set.allowed_protocols = va_arg(param, long);
+    break;
+
+  case CURLOPT_REDIR_PROTOCOLS:
+    /* set the bitmask for the protocols that libcurl is allowed to follow to,
+       as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
+       to be set in both bitmasks to be allowed to get redirected to. Defaults
+       to all protocols except FILE and SCP. */
+    data->set.redir_protocols = va_arg(param, long);
+    break;
+
+  case CURLOPT_MAIL_FROM:
+    /* Set the SMTP mail originator */
+    result = setstropt(&data->set.str[STRING_MAIL_FROM],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_MAIL_AUTH:
+    /* Set the SMTP auth originator */
+    result = setstropt(&data->set.str[STRING_MAIL_AUTH],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_MAIL_RCPT:
+    /* Set the list of mail recipients */
+    data->set.mail_rcpt = va_arg(param, struct curl_slist *);
+    break;
+
+  case CURLOPT_SASL_IR:
+    /* Enable/disable SASL initial response */
+    data->set.sasl_ir = (0 != va_arg(param, long)) ? TRUE : FALSE;
+    break;
+
+  case CURLOPT_RTSP_REQUEST:
+    {
+      /*
+       * Set the RTSP request method (OPTIONS, SETUP, PLAY, etc...)
+       * Would this be better if the RTSPREQ_* were just moved into here?
+       */
+      long curl_rtspreq = va_arg(param, long);
+      Curl_RtspReq rtspreq = RTSPREQ_NONE;
+      switch(curl_rtspreq) {
+        case CURL_RTSPREQ_OPTIONS:
+          rtspreq = RTSPREQ_OPTIONS;
+          break;
+
+        case CURL_RTSPREQ_DESCRIBE:
+          rtspreq = RTSPREQ_DESCRIBE;
+          break;
+
+        case CURL_RTSPREQ_ANNOUNCE:
+          rtspreq = RTSPREQ_ANNOUNCE;
+          break;
+
+        case CURL_RTSPREQ_SETUP:
+          rtspreq = RTSPREQ_SETUP;
+          break;
+
+        case CURL_RTSPREQ_PLAY:
+          rtspreq = RTSPREQ_PLAY;
+          break;
+
+        case CURL_RTSPREQ_PAUSE:
+          rtspreq = RTSPREQ_PAUSE;
+          break;
+
+        case CURL_RTSPREQ_TEARDOWN:
+          rtspreq = RTSPREQ_TEARDOWN;
+          break;
+
+        case CURL_RTSPREQ_GET_PARAMETER:
+          rtspreq = RTSPREQ_GET_PARAMETER;
+          break;
+
+        case CURL_RTSPREQ_SET_PARAMETER:
+          rtspreq = RTSPREQ_SET_PARAMETER;
+          break;
+
+        case CURL_RTSPREQ_RECORD:
+          rtspreq = RTSPREQ_RECORD;
+          break;
+
+        case CURL_RTSPREQ_RECEIVE:
+          rtspreq = RTSPREQ_RECEIVE;
+          break;
+        default:
+          rtspreq = RTSPREQ_NONE;
+      }
+
+      data->set.rtspreq = rtspreq;
+    break;
+    }
+
+
+  case CURLOPT_RTSP_SESSION_ID:
+    /*
+     * Set the RTSP Session ID manually. Useful if the application is
+     * resuming a previously established RTSP session
+     */
+    result = setstropt(&data->set.str[STRING_RTSP_SESSION_ID],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_RTSP_STREAM_URI:
+    /*
+     * Set the Stream URI for the RTSP request. Unless the request is
+     * for generic server options, the application will need to set this.
+     */
+    result = setstropt(&data->set.str[STRING_RTSP_STREAM_URI],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_RTSP_TRANSPORT:
+    /*
+     * The content of the Transport: header for the RTSP request
+     */
+    result = setstropt(&data->set.str[STRING_RTSP_TRANSPORT],
+                       va_arg(param, char *));
+    break;
+
+  case CURLOPT_RTSP_CLIENT_CSEQ:
+    /*
+     * Set the CSEQ number to issue for the next RTSP request. Useful if the
+     * application is resuming a previously broken connection. The CSEQ
+     * will increment from this new number henceforth.
+     */
+    data->state.rtsp_next_client_CSeq = va_arg(param, long);
+    break;
+
+  case CURLOPT_RTSP_SERVER_CSEQ:
+    /* Same as the above, but for server-initiated requests */
+    data->state.rtsp_next_client_CSeq = va_arg(param, long);
+    break;
+
+  case CURLOPT_INTERLEAVEDATA:
+    data->set.rtp_out = va_arg(param, void *);
+    break;
+  case CURLOPT_INTERLEAVEFUNCTION:
+    /* Set the user defined RTP write function */
+    data->set.fwrite_rtp = va_arg(param, curl_write_callback);
+    break;
+
+  case CURLOPT_WILDCARDMATCH:
+    data->set.wildcardmatch = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_CHUNK_BGN_FUNCTION:
+    data->set.chunk_bgn = va_arg(param, curl_chunk_bgn_callback);
+    break;
+  case CURLOPT_CHUNK_END_FUNCTION:
+    data->set.chunk_end = va_arg(param, curl_chunk_end_callback);
+    break;
+  case CURLOPT_FNMATCH_FUNCTION:
+    data->set.fnmatch = va_arg(param, curl_fnmatch_callback);
+    break;
+  case CURLOPT_CHUNK_DATA:
+    data->wildcard.customptr = va_arg(param, void *);
+    break;
+  case CURLOPT_FNMATCH_DATA:
+    data->set.fnmatch_data = va_arg(param, void *);
+    break;
+#ifdef USE_TLS_SRP
+  case CURLOPT_TLSAUTH_USERNAME:
+    result = setstropt(&data->set.str[STRING_TLSAUTH_USERNAME],
+                       va_arg(param, char *));
+    if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
+      data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+    break;
+  case CURLOPT_TLSAUTH_PASSWORD:
+    result = setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
+                       va_arg(param, char *));
+    if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
+      data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+    break;
+  case CURLOPT_TLSAUTH_TYPE:
+    if(strnequal((char *)va_arg(param, char *), "SRP", strlen("SRP")))
+      data->set.ssl.authtype = CURL_TLSAUTH_SRP;
+    else
+      data->set.ssl.authtype = CURL_TLSAUTH_NONE;
+    break;
+#endif
+  case CURLOPT_DNS_SERVERS:
+    result = Curl_set_dns_servers(data, va_arg(param, char *));
+    break;
+  case CURLOPT_DNS_INTERFACE:
+    result = Curl_set_dns_interface(data, va_arg(param, char *));
+    break;
+  case CURLOPT_DNS_LOCAL_IP4:
+    result = Curl_set_dns_local_ip4(data, va_arg(param, char *));
+    break;
+  case CURLOPT_DNS_LOCAL_IP6:
+    result = Curl_set_dns_local_ip6(data, va_arg(param, char *));
+    break;
+
+  case CURLOPT_TCP_KEEPALIVE:
+    data->set.tcp_keepalive = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_TCP_KEEPIDLE:
+    data->set.tcp_keepidle = va_arg(param, long);
+    break;
+  case CURLOPT_TCP_KEEPINTVL:
+    data->set.tcp_keepintvl = va_arg(param, long);
+    break;
+  case CURLOPT_SSL_ENABLE_NPN:
+    data->set.ssl_enable_npn = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_SSL_ENABLE_ALPN:
+    data->set.ssl_enable_alpn = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+
+  default:
+    /* unknown tag and its companion, just ignore: */
+    result = CURLE_UNKNOWN_OPTION;
+    break;
+  }
+
+  return result;
+}
+
+static void conn_free(struct connectdata *conn)
+{
+  if(!conn)
+    return;
+
+  /* possible left-overs from the async name resolvers */
+  Curl_resolver_cancel(conn);
+
+  /* close the SSL stuff before we close any sockets since they will/may
+     write to the sockets */
+  Curl_ssl_close(conn, FIRSTSOCKET);
+  Curl_ssl_close(conn, SECONDARYSOCKET);
+
+  /* close possibly still open sockets */
+  if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
+    Curl_closesocket(conn, conn->sock[SECONDARYSOCKET]);
+  if(CURL_SOCKET_BAD != conn->sock[FIRSTSOCKET])
+    Curl_closesocket(conn, conn->sock[FIRSTSOCKET]);
+  if(CURL_SOCKET_BAD != conn->tempsock[0])
+    Curl_closesocket(conn, conn->tempsock[0]);
+  if(CURL_SOCKET_BAD != conn->tempsock[1])
+    Curl_closesocket(conn, conn->tempsock[1]);
+
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+  Curl_ntlm_wb_cleanup(conn);
+#endif
+
+  Curl_safefree(conn->user);
+  Curl_safefree(conn->passwd);
+  Curl_safefree(conn->xoauth2_bearer);
+  Curl_safefree(conn->options);
+  Curl_safefree(conn->proxyuser);
+  Curl_safefree(conn->proxypasswd);
+  Curl_safefree(conn->allocptr.proxyuserpwd);
+  Curl_safefree(conn->allocptr.uagent);
+  Curl_safefree(conn->allocptr.userpwd);
+  Curl_safefree(conn->allocptr.accept_encoding);
+  Curl_safefree(conn->allocptr.te);
+  Curl_safefree(conn->allocptr.rangeline);
+  Curl_safefree(conn->allocptr.ref);
+  Curl_safefree(conn->allocptr.host);
+  Curl_safefree(conn->allocptr.cookiehost);
+  Curl_safefree(conn->allocptr.rtsp_transport);
+  Curl_safefree(conn->trailer);
+  Curl_safefree(conn->host.rawalloc); /* host name buffer */
+  Curl_safefree(conn->proxy.rawalloc); /* proxy name buffer */
+  Curl_safefree(conn->master_buffer);
+
+  Curl_llist_destroy(conn->send_pipe, NULL);
+  Curl_llist_destroy(conn->recv_pipe, NULL);
+
+  conn->send_pipe = NULL;
+  conn->recv_pipe = NULL;
+
+  Curl_safefree(conn->localdev);
+  Curl_free_ssl_config(&conn->ssl_config);
+
+  free(conn); /* free all the connection oriented data */
+}
+
+/*
+ * Disconnects the given connection. Note the connection may not be the
+ * primary connection, like when freeing room in the connection cache or
+ * killing of a dead old connection.
+ *
+ * This function MUST NOT reset state in the SessionHandle struct if that
+ * isn't strictly bound to the life-time of *this* particular connection.
+ *
+ */
+
+CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
+{
+  struct SessionHandle *data;
+  if(!conn)
+    return CURLE_OK; /* this is closed and fine already */
+  data = conn->data;
+
+  if(!data) {
+    DEBUGF(fprintf(stderr, "DISCONNECT without easy handle, ignoring\n"));
+    return CURLE_OK;
+  }
+
+  if(conn->dns_entry != NULL) {
+    Curl_resolv_unlock(data, conn->dns_entry);
+    conn->dns_entry = NULL;
+  }
+
+  Curl_hostcache_prune(data); /* kill old DNS cache entries */
+
+  /* Cleanup NTLM connection-related data */
+  Curl_http_ntlm_cleanup(conn);
+
+  if(conn->handler->disconnect)
+    /* This is set if protocol-specific cleanups should be made */
+    conn->handler->disconnect(conn, dead_connection);
+
+    /* unlink ourselves! */
+  infof(data, "Closing connection %ld\n", conn->connection_id);
+  Curl_conncache_remove_conn(data->state.conn_cache, conn);
+
+#if defined(USE_LIBIDN)
+  if(conn->host.encalloc)
+    idn_free(conn->host.encalloc); /* encoded host name buffer, must be freed
+                                      with idn_free() since this was allocated
+                                      by libidn */
+  if(conn->proxy.encalloc)
+    idn_free(conn->proxy.encalloc); /* encoded proxy name buffer, must be
+                                       freed with idn_free() since this was
+                                       allocated by libidn */
+#elif defined(USE_WIN32_IDN)
+  free(conn->host.encalloc); /* encoded host name buffer, must be freed with
+                                idn_free() since this was allocated by
+                                curl_win32_idn_to_ascii */
+  if(conn->proxy.encalloc)
+    free(conn->proxy.encalloc); /* encoded proxy name buffer, must be freed
+                                   with idn_free() since this was allocated by
+                                   curl_win32_idn_to_ascii */
+#endif
+
+  Curl_ssl_close(conn, FIRSTSOCKET);
+
+  /* Indicate to all handles on the pipe that we're dead */
+  if(Curl_multi_pipeline_enabled(data->multi)) {
+    signalPipeClose(conn->send_pipe, TRUE);
+    signalPipeClose(conn->recv_pipe, TRUE);
+  }
+
+  conn_free(conn);
+
+  return CURLE_OK;
+}
+
+/*
+ * This function should return TRUE if the socket is to be assumed to
+ * be dead. Most commonly this happens when the server has closed the
+ * connection due to inactivity.
+ */
+static bool SocketIsDead(curl_socket_t sock)
+{
+  int sval;
+  bool ret_val = TRUE;
+
+  sval = Curl_socket_ready(sock, CURL_SOCKET_BAD, 0);
+  if(sval == 0)
+    /* timeout */
+    ret_val = FALSE;
+
+  return ret_val;
+}
+
+static bool IsPipeliningPossible(const struct SessionHandle *handle,
+                                 const struct connectdata *conn)
+{
+  if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+     Curl_multi_pipeline_enabled(handle->multi) &&
+     (handle->set.httpreq == HTTPREQ_GET ||
+      handle->set.httpreq == HTTPREQ_HEAD) &&
+     handle->set.httpversion != CURL_HTTP_VERSION_1_0)
+    return TRUE;
+
+  return FALSE;
+}
+
+bool Curl_isPipeliningEnabled(const struct SessionHandle *handle)
+{
+  return Curl_multi_pipeline_enabled(handle->multi);
+}
+
+CURLcode Curl_addHandleToPipeline(struct SessionHandle *data,
+                                  struct curl_llist *pipeline)
+{
+  if(!Curl_llist_insert_next(pipeline, pipeline->tail, data))
+    return CURLE_OUT_OF_MEMORY;
+  return CURLE_OK;
+}
+
+int Curl_removeHandleFromPipeline(struct SessionHandle *handle,
+                                  struct curl_llist *pipeline)
+{
+  struct curl_llist_element *curr;
+
+  curr = pipeline->head;
+  while(curr) {
+    if(curr->ptr == handle) {
+      Curl_llist_remove(pipeline, curr, NULL);
+      return 1; /* we removed a handle */
+    }
+    curr = curr->next;
+  }
+
+  return 0;
+}
+
+#if 0 /* this code is saved here as it is useful for debugging purposes */
+static void Curl_printPipeline(struct curl_llist *pipeline)
+{
+  struct curl_llist_element *curr;
+
+  curr = pipeline->head;
+  while(curr) {
+    struct SessionHandle *data = (struct SessionHandle *) curr->ptr;
+    infof(data, "Handle in pipeline: %s\n", data->state.path);
+    curr = curr->next;
+  }
+}
+#endif
+
+static struct SessionHandle* gethandleathead(struct curl_llist *pipeline)
+{
+  struct curl_llist_element *curr = pipeline->head;
+  if(curr) {
+    return (struct SessionHandle *) curr->ptr;
+  }
+
+  return NULL;
+}
+
+/* remove the specified connection from all (possible) pipelines and related
+   queues */
+void Curl_getoff_all_pipelines(struct SessionHandle *data,
+                               struct connectdata *conn)
+{
+  bool recv_head = (conn->readchannel_inuse &&
+    (gethandleathead(conn->recv_pipe) == data)) ? TRUE : FALSE;
+
+  bool send_head = (conn->writechannel_inuse &&
+    (gethandleathead(conn->send_pipe) == data)) ? TRUE : FALSE;
+
+  if(Curl_removeHandleFromPipeline(data, conn->recv_pipe) && recv_head)
+    conn->readchannel_inuse = FALSE;
+  if(Curl_removeHandleFromPipeline(data, conn->send_pipe) && send_head)
+    conn->writechannel_inuse = FALSE;
+}
+
+static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke)
+{
+  struct curl_llist_element *curr;
+
+  if(!pipeline)
+    return;
+
+  curr = pipeline->head;
+  while(curr) {
+    struct curl_llist_element *next = curr->next;
+    struct SessionHandle *data = (struct SessionHandle *) curr->ptr;
+
+#ifdef DEBUGBUILD /* debug-only code */
+    if(data->magic != CURLEASY_MAGIC_NUMBER) {
+      /* MAJOR BADNESS */
+      infof(data, "signalPipeClose() found BAAD easy handle\n");
+    }
+#endif
+
+    if(pipe_broke)
+      data->state.pipe_broke = TRUE;
+    Curl_multi_handlePipeBreak(data);
+    Curl_llist_remove(pipeline, curr, NULL);
+    curr = next;
+  }
+}
+
+/*
+ * This function finds the connection in the connection
+ * cache that has been unused for the longest time.
+ *
+ * Returns the pointer to the oldest idle connection, or NULL if none was
+ * found.
+ */
+static struct connectdata *
+find_oldest_idle_connection(struct SessionHandle *data)
+{
+  struct conncache *bc = data->state.conn_cache;
+  struct curl_hash_iterator iter;
+  struct curl_llist_element *curr;
+  struct curl_hash_element *he;
+  long highscore=-1;
+  long score;
+  struct timeval now;
+  struct connectdata *conn_candidate = NULL;
+  struct connectbundle *bundle;
+
+  now = Curl_tvnow();
+
+  Curl_hash_start_iterate(bc->hash, &iter);
+
+  he = Curl_hash_next_element(&iter);
+  while(he) {
+    struct connectdata *conn;
+
+    bundle = he->ptr;
+
+    curr = bundle->conn_list->head;
+    while(curr) {
+      conn = curr->ptr;
+
+      if(!conn->inuse) {
+        /* Set higher score for the age passed since the connection was used */
+        score = Curl_tvdiff(now, conn->now);
+
+        if(score > highscore) {
+          highscore = score;
+          conn_candidate = conn;
+        }
+      }
+      curr = curr->next;
+    }
+
+    he = Curl_hash_next_element(&iter);
+  }
+
+  return conn_candidate;
+}
+
+/*
+ * This function finds the connection in the connection
+ * bundle that has been unused for the longest time.
+ *
+ * Returns the pointer to the oldest idle connection, or NULL if none was
+ * found.
+ */
+static struct connectdata *
+find_oldest_idle_connection_in_bundle(struct SessionHandle *data,
+                                      struct connectbundle *bundle)
+{
+  struct curl_llist_element *curr;
+  long highscore=-1;
+  long score;
+  struct timeval now;
+  struct connectdata *conn_candidate = NULL;
+  struct connectdata *conn;
+
+  (void)data;
+
+  now = Curl_tvnow();
+
+  curr = bundle->conn_list->head;
+  while(curr) {
+    conn = curr->ptr;
+
+    if(!conn->inuse) {
+      /* Set higher score for the age passed since the connection was used */
+      score = Curl_tvdiff(now, conn->now);
+
+      if(score > highscore) {
+        highscore = score;
+        conn_candidate = conn;
+      }
+    }
+    curr = curr->next;
+  }
+
+  return conn_candidate;
+}
+
+/*
+ * This function checks if given connection is dead and disconnects if so.
+ * (That also removes it from the connection cache.)
+ *
+ * Returns TRUE if the connection actually was dead and disconnected.
+ */
+static bool disconnect_if_dead(struct connectdata *conn,
+                               struct SessionHandle *data)
+{
+  size_t pipeLen = conn->send_pipe->size + conn->recv_pipe->size;
+  if(!pipeLen && !conn->inuse) {
+    /* The check for a dead socket makes sense only if there are no
+       handles in pipeline and the connection isn't already marked in
+       use */
+    bool dead;
+    if(conn->handler->protocol & CURLPROTO_RTSP)
+      /* RTSP is a special case due to RTP interleaving */
+      dead = Curl_rtsp_connisdead(conn);
+    else
+      dead = SocketIsDead(conn->sock[FIRSTSOCKET]);
+
+    if(dead) {
+      conn->data = data;
+      infof(data, "Connection %ld seems to be dead!\n", conn->connection_id);
+
+      /* disconnect resources */
+      Curl_disconnect(conn, /* dead_connection */TRUE);
+      return TRUE;
+    }
+  }
+  return FALSE;
+}
+
+/*
+ * Wrapper to use disconnect_if_dead() function in Curl_conncache_foreach()
+ *
+ * Returns always 0.
+ */
+static int call_disconnect_if_dead(struct connectdata *conn,
+                                      void *param)
+{
+  struct SessionHandle* data = (struct SessionHandle*)param;
+  disconnect_if_dead(conn, data);
+  return 0; /* continue iteration */
+}
+
+/*
+ * This function scans the connection cache for half-open/dead connections,
+ * closes and removes them.
+ * The cleanup is done at most once per second.
+ */
+static void prune_dead_connections(struct SessionHandle *data)
+{
+  struct timeval now = Curl_tvnow();
+  long elapsed = Curl_tvdiff(now, data->state.conn_cache->last_cleanup);
+
+  if(elapsed >= 1000L) {
+    Curl_conncache_foreach(data->state.conn_cache, data,
+                           call_disconnect_if_dead);
+    data->state.conn_cache->last_cleanup = now;
+  }
+}
+
+/*
+ * Given one filled in connection struct (named needle), this function should
+ * detect if there already is one that has all the significant details
+ * exactly the same and thus should be used instead.
+ *
+ * If there is a match, this function returns TRUE - and has marked the
+ * connection as 'in-use'. It must later be called with ConnectionDone() to
+ * return back to 'idle' (unused) state.
+ *
+ * The force_reuse flag is set if the connection must be used, even if
+ * the pipelining strategy wants to open a new connection instead of reusing.
+ */
+static bool
+ConnectionExists(struct SessionHandle *data,
+                 struct connectdata *needle,
+                 struct connectdata **usethis,
+                 bool *force_reuse)
+{
+  struct connectdata *check;
+  struct connectdata *chosen = 0;
+  bool canPipeline = IsPipeliningPossible(data, needle);
+  bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) ||
+                       (data->state.authhost.want & CURLAUTH_NTLM_WB)) &&
+    (needle->handler->protocol & PROTO_FAMILY_HTTP) ? TRUE : FALSE;
+  struct connectbundle *bundle;
+
+  *force_reuse = FALSE;
+
+  /* We can't pipe if the site is blacklisted */
+  if(canPipeline && Curl_pipeline_site_blacklisted(data, needle)) {
+    canPipeline = FALSE;
+  }
+
+  /* Look up the bundle with all the connections to this
+     particular host */
+  bundle = Curl_conncache_find_bundle(data->state.conn_cache,
+                                      needle->host.name);
+  if(bundle) {
+    size_t max_pipe_len = Curl_multi_max_pipeline_length(data->multi);
+    size_t best_pipe_len = max_pipe_len;
+    struct curl_llist_element *curr;
+
+    infof(data, "Found bundle for host %s: %p\n",
+          needle->host.name, (void *)bundle);
+
+    /* We can't pipe if we don't know anything about the server */
+    if(canPipeline && !bundle->server_supports_pipelining) {
+      infof(data, "Server doesn't support pipelining\n");
+      canPipeline = FALSE;
+    }
+
+    curr = bundle->conn_list->head;
+    while(curr) {
+      bool match = FALSE;
+      bool credentialsMatch = FALSE;
+      size_t pipeLen;
+
+      /*
+       * Note that if we use a HTTP proxy, we check connections to that
+       * proxy and not to the actual remote server.
+       */
+      check = curr->ptr;
+      curr = curr->next;
+
+      if(disconnect_if_dead(check, data))
+        continue;
+
+      pipeLen = check->send_pipe->size + check->recv_pipe->size;
+
+      if(canPipeline) {
+        /* Make sure the pipe has only GET requests */
+        struct SessionHandle* sh = gethandleathead(check->send_pipe);
+        struct SessionHandle* rh = gethandleathead(check->recv_pipe);
+        if(sh) {
+          if(!IsPipeliningPossible(sh, check))
+            continue;
+        }
+        else if(rh) {
+          if(!IsPipeliningPossible(rh, check))
+            continue;
+        }
+      }
+      else {
+        if(pipeLen > 0) {
+          /* can only happen within multi handles, and means that another easy
+             handle is using this connection */
+          continue;
+        }
+
+        if(Curl_resolver_asynch()) {
+          /* ip_addr_str[0] is NUL only if the resolving of the name hasn't
+             completed yet and until then we don't re-use this connection */
+          if(!check->ip_addr_str[0]) {
+            infof(data,
+                  "Connection #%ld is still name resolving, can't reuse\n",
+                  check->connection_id);
+            continue;
+          }
+        }
+
+        if((check->sock[FIRSTSOCKET] == CURL_SOCKET_BAD) ||
+           check->bits.close) {
+          /* Don't pick a connection that hasn't connected yet or that is going
+             to get closed. */
+          infof(data, "Connection #%ld isn't open enough, can't reuse\n",
+                check->connection_id);
+#ifdef DEBUGBUILD
+          if(check->recv_pipe->size > 0) {
+            infof(data,
+                  "BAD! Unconnected #%ld has a non-empty recv pipeline!\n",
+                  check->connection_id);
+          }
+#endif
+          continue;
+        }
+      }
+
+      if((needle->handler->flags&PROTOPT_SSL) !=
+         (check->handler->flags&PROTOPT_SSL))
+        /* don't do mixed SSL and non-SSL connections */
+        if(!(needle->handler->protocol & check->handler->protocol))
+          /* except protocols that have been upgraded via TLS */
+          continue;
+
+      if(needle->handler->flags&PROTOPT_SSL) {
+        if((data->set.ssl.verifypeer != check->verifypeer) ||
+           (data->set.ssl.verifyhost != check->verifyhost))
+          continue;
+      }
+
+      if(needle->bits.proxy != check->bits.proxy)
+        /* don't do mixed proxy and non-proxy connections */
+        continue;
+
+      if(!canPipeline && check->inuse)
+        /* this request can't be pipelined but the checked connection is
+           already in use so we skip it */
+        continue;
+
+      if(needle->localdev || needle->localport) {
+        /* If we are bound to a specific local end (IP+port), we must not
+           re-use a random other one, although if we didn't ask for a
+           particular one we can reuse one that was bound.
+
+           This comparison is a bit rough and too strict. Since the input
+           parameters can be specified in numerous ways and still end up the
+           same it would take a lot of processing to make it really accurate.
+           Instead, this matching will assume that re-uses of bound connections
+           will most likely also re-use the exact same binding parameters and
+           missing out a few edge cases shouldn't hurt anyone very much.
+        */
+        if((check->localport != needle->localport) ||
+           (check->localportrange != needle->localportrange) ||
+           !check->localdev ||
+           !needle->localdev ||
+           strcmp(check->localdev, needle->localdev))
+          continue;
+      }
+
+      if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||
+         wantNTLMhttp) {
+        /* This protocol requires credentials per connection or is HTTP+NTLM,
+           so verify that we're using the same name and password as well */
+        if(!strequal(needle->user, check->user) ||
+           !strequal(needle->passwd, check->passwd)) {
+          /* one of them was different */
+          continue;
+        }
+        credentialsMatch = TRUE;
+      }
+
+      if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL ||
+         (needle->bits.httpproxy && check->bits.httpproxy &&
+          needle->bits.tunnel_proxy && check->bits.tunnel_proxy &&
+          Curl_raw_equal(needle->proxy.name, check->proxy.name) &&
+          (needle->port == check->port))) {
+        /* The requested connection does not use a HTTP proxy or it uses SSL or
+           it is a non-SSL protocol tunneled over the same http proxy name and
+           port number or it is a non-SSL protocol which is allowed to be
+           upgraded via TLS */
+
+        if((Curl_raw_equal(needle->handler->scheme, check->handler->scheme) ||
+            needle->handler->protocol & check->handler->protocol) &&
+           Curl_raw_equal(needle->host.name, check->host.name) &&
+           needle->remote_port == check->remote_port) {
+          if(needle->handler->flags & PROTOPT_SSL) {
+            /* This is a SSL connection so verify that we're using the same
+               SSL options as well */
+            if(!Curl_ssl_config_matches(&needle->ssl_config,
+                                        &check->ssl_config)) {
+              DEBUGF(infof(data,
+                           "Connection #%ld has different SSL parameters, "
+                           "can't reuse\n",
+                           check->connection_id));
+              continue;
+            }
+            else if(check->ssl[FIRSTSOCKET].state != ssl_connection_complete) {
+              DEBUGF(infof(data,
+                           "Connection #%ld has not started SSL connect, "
+                           "can't reuse\n",
+                           check->connection_id));
+              continue;
+            }
+          }
+          match = TRUE;
+        }
+      }
+      else { /* The requested needle connection is using a proxy,
+                is the checked one using the same host, port and type? */
+        if(check->bits.proxy &&
+           (needle->proxytype == check->proxytype) &&
+           (needle->bits.tunnel_proxy == check->bits.tunnel_proxy) &&
+           Curl_raw_equal(needle->proxy.name, check->proxy.name) &&
+           needle->port == check->port) {
+          /* This is the same proxy connection, use it! */
+          match = TRUE;
+        }
+      }
+
+      if(match) {
+        /* If we are looking for an HTTP+NTLM connection, check if this is
+           already authenticating with the right credentials. If not, keep
+           looking so that we can reuse NTLM connections if
+           possible. (Especially we must not reuse the same connection if
+           partway through a handshake!) */
+        if(wantNTLMhttp) {
+          if(credentialsMatch && check->ntlm.state != NTLMSTATE_NONE) {
+            chosen = check;
+
+            /* We must use this connection, no other */
+            *force_reuse = TRUE;
+            break;
+          }
+          else if(credentialsMatch)
+            /* this is a backup choice */
+            chosen = check;
+          continue;
+        }
+
+        if(canPipeline) {
+          /* We can pipeline if we want to. Let's continue looking for
+             the optimal connection to use, i.e the shortest pipe that is not
+             blacklisted. */
+
+          if(pipeLen == 0) {
+            /* We have the optimal connection. Let's stop looking. */
+            chosen = check;
+            break;
+          }
+
+          /* We can't use the connection if the pipe is full */
+          if(pipeLen >= max_pipe_len)
+            continue;
+
+          /* We can't use the connection if the pipe is penalized */
+          if(Curl_pipeline_penalized(data, check))
+            continue;
+
+          if(pipeLen < best_pipe_len) {
+            /* This connection has a shorter pipe so far. We'll pick this
+               and continue searching */
+            chosen = check;
+            best_pipe_len = pipeLen;
+            continue;
+          }
+        }
+        else {
+          /* We have found a connection. Let's stop searching. */
+          chosen = check;
+          break;
+        }
+      }
+    }
+  }
+
+  if(chosen) {
+    *usethis = chosen;
+    return TRUE; /* yes, we found one to use! */
+  }
+
+  return FALSE; /* no matching connecting exists */
+}
+
+/* Mark the connection as 'idle', or close it if the cache is full.
+   Returns TRUE if the connection is kept, or FALSE if it was closed. */
+static bool
+ConnectionDone(struct SessionHandle *data, struct connectdata *conn)
+{
+  /* data->multi->maxconnects can be negative, deal with it. */
+  size_t maxconnects =
+    (data->multi->maxconnects < 0) ? data->multi->num_easy * 4:
+    data->multi->maxconnects;
+  struct connectdata *conn_candidate = NULL;
+
+  /* Mark the current connection as 'unused' */
+  conn->inuse = FALSE;
+
+  if(maxconnects > 0 &&
+     data->state.conn_cache->num_connections > maxconnects) {
+    infof(data, "Connection cache is full, closing the oldest one.\n");
+
+    conn_candidate = find_oldest_idle_connection(data);
+
+    if(conn_candidate) {
+      /* Set the connection's owner correctly */
+      conn_candidate->data = data;
+
+      /* the winner gets the honour of being disconnected */
+      (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
+    }
+  }
+
+  return (conn_candidate == conn) ? FALSE : TRUE;
+}
+
+/*
+ * The given input connection struct pointer is to be stored in the connection
+ * cache. If the cache is already full, least interesting existing connection
+ * (if any) gets closed.
+ *
+ * The given connection should be unique. That must've been checked prior to
+ * this call.
+ */
+static CURLcode ConnectionStore(struct SessionHandle *data,
+                                struct connectdata *conn)
+{
+  return Curl_conncache_add_conn(data->state.conn_cache, conn);
+}
+
+/* after a TCP connection to the proxy has been verified, this function does
+   the next magic step.
+
+   Note: this function's sub-functions call failf()
+
+*/
+CURLcode Curl_connected_proxy(struct connectdata *conn,
+                              int sockindex)
+{
+  if(!conn->bits.proxy || sockindex)
+    /* this magic only works for the primary socket as the secondary is used
+       for FTP only and it has FTP specific magic in ftp.c */
+    return CURLE_OK;
+
+  switch(conn->proxytype) {
+#ifndef CURL_DISABLE_PROXY
+  case CURLPROXY_SOCKS5:
+  case CURLPROXY_SOCKS5_HOSTNAME:
+    return Curl_SOCKS5(conn->proxyuser, conn->proxypasswd,
+                       conn->host.name, conn->remote_port,
+                       FIRSTSOCKET, conn);
+
+  case CURLPROXY_SOCKS4:
+    return Curl_SOCKS4(conn->proxyuser, conn->host.name,
+                       conn->remote_port, FIRSTSOCKET, conn, FALSE);
+
+  case CURLPROXY_SOCKS4A:
+    return Curl_SOCKS4(conn->proxyuser, conn->host.name,
+                       conn->remote_port, FIRSTSOCKET, conn, TRUE);
+
+#endif /* CURL_DISABLE_PROXY */
+  case CURLPROXY_HTTP:
+  case CURLPROXY_HTTP_1_0:
+    /* do nothing here. handled later. */
+    break;
+  default:
+    break;
+  } /* switch proxytype */
+
+  return CURLE_OK;
+}
+
+/*
+ * verboseconnect() displays verbose information after a connect
+ */
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+void Curl_verboseconnect(struct connectdata *conn)
+{
+  if(conn->data->set.verbose)
+    infof(conn->data, "Connected to %s (%s) port %ld (#%ld)\n",
+          conn->bits.proxy ? conn->proxy.dispname : conn->host.dispname,
+          conn->ip_addr_str, conn->port, conn->connection_id);
+}
+#endif
+
+int Curl_protocol_getsock(struct connectdata *conn,
+                          curl_socket_t *socks,
+                          int numsocks)
+{
+  if(conn->handler->proto_getsock)
+    return conn->handler->proto_getsock(conn, socks, numsocks);
+  return GETSOCK_BLANK;
+}
+
+int Curl_doing_getsock(struct connectdata *conn,
+                       curl_socket_t *socks,
+                       int numsocks)
+{
+  if(conn && conn->handler->doing_getsock)
+    return conn->handler->doing_getsock(conn, socks, numsocks);
+  return GETSOCK_BLANK;
+}
+
+/*
+ * We are doing protocol-specific connecting and this is being called over and
+ * over from the multi interface until the connection phase is done on
+ * protocol layer.
+ */
+
+CURLcode Curl_protocol_connecting(struct connectdata *conn,
+                                  bool *done)
+{
+  CURLcode result=CURLE_OK;
+
+  if(conn && conn->handler->connecting) {
+    *done = FALSE;
+    result = conn->handler->connecting(conn, done);
+  }
+  else
+    *done = TRUE;
+
+  return result;
+}
+
+/*
+ * We are DOING this is being called over and over from the multi interface
+ * until the DOING phase is done on protocol layer.
+ */
+
+CURLcode Curl_protocol_doing(struct connectdata *conn, bool *done)
+{
+  CURLcode result=CURLE_OK;
+
+  if(conn && conn->handler->doing) {
+    *done = FALSE;
+    result = conn->handler->doing(conn, done);
+  }
+  else
+    *done = TRUE;
+
+  return result;
+}
+
+/*
+ * We have discovered that the TCP connection has been successful, we can now
+ * proceed with some action.
+ *
+ */
+CURLcode Curl_protocol_connect(struct connectdata *conn,
+                               bool *protocol_done)
+{
+  CURLcode result=CURLE_OK;
+
+  *protocol_done = FALSE;
+
+  if(conn->bits.tcpconnect[FIRSTSOCKET] && conn->bits.protoconnstart) {
+    /* We already are connected, get back. This may happen when the connect
+       worked fine in the first call, like when we connect to a local server
+       or proxy. Note that we don't know if the protocol is actually done.
+
+       Unless this protocol doesn't have any protocol-connect callback, as
+       then we know we're done. */
+    if(!conn->handler->connecting)
+      *protocol_done = TRUE;
+
+    return CURLE_OK;
+  }
+
+  if(!conn->bits.protoconnstart) {
+
+    result = Curl_proxy_connect(conn);
+    if(result)
+      return result;
+
+    if(conn->bits.tunnel_proxy && conn->bits.httpproxy &&
+       (conn->tunnel_state[FIRSTSOCKET] != TUNNEL_COMPLETE))
+      /* when using an HTTP tunnel proxy, await complete tunnel establishment
+         before proceeding further. Return CURLE_OK so we'll be called again */
+      return CURLE_OK;
+
+    if(conn->handler->connect_it) {
+      /* is there a protocol-specific connect() procedure? */
+
+      /* Call the protocol-specific connect function */
+      result = conn->handler->connect_it(conn, protocol_done);
+    }
+    else
+      *protocol_done = TRUE;
+
+    /* it has started, possibly even completed but that knowledge isn't stored
+       in this bit! */
+    if(!result)
+      conn->bits.protoconnstart = TRUE;
+  }
+
+  return result; /* pass back status */
+}
+
+/*
+ * Helpers for IDNA convertions.
+ */
+static bool is_ASCII_name(const char *hostname)
+{
+  const unsigned char *ch = (const unsigned char*)hostname;
+
+  while(*ch) {
+    if(*ch++ & 0x80)
+      return FALSE;
+  }
+  return TRUE;
+}
+
+#ifdef USE_LIBIDN
+/*
+ * Check if characters in hostname is allowed in Top Level Domain.
+ */
+static bool tld_check_name(struct SessionHandle *data,
+                           const char *ace_hostname)
+{
+  size_t err_pos;
+  char *uc_name = NULL;
+  int rc;
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  const char *tld_errmsg = "<no msg>";
+#else
+  (void)data;
+#endif
+
+  /* Convert (and downcase) ACE-name back into locale's character set */
+  rc = idna_to_unicode_lzlz(ace_hostname, &uc_name, 0);
+  if(rc != IDNA_SUCCESS)
+    return FALSE;
+
+  rc = tld_check_lz(uc_name, &err_pos, NULL);
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+#ifdef HAVE_TLD_STRERROR
+  if(rc != TLD_SUCCESS)
+    tld_errmsg = tld_strerror((Tld_rc)rc);
+#endif
+  if(rc == TLD_INVALID)
+    infof(data, "WARNING: %s; pos %u = `%c'/0x%02X\n",
+          tld_errmsg, err_pos, uc_name[err_pos],
+          uc_name[err_pos] & 255);
+  else if(rc != TLD_SUCCESS)
+    infof(data, "WARNING: TLD check for %s failed; %s\n",
+          uc_name, tld_errmsg);
+#endif /* CURL_DISABLE_VERBOSE_STRINGS */
+  if(uc_name)
+     idn_free(uc_name);
+  if(rc != TLD_SUCCESS)
+    return FALSE;
+
+  return TRUE;
+}
+#endif
+
+/*
+ * Perform any necessary IDN conversion of hostname
+ */
+static void fix_hostname(struct SessionHandle *data,
+                         struct connectdata *conn, struct hostname *host)
+{
+  size_t len;
+
+#ifndef USE_LIBIDN
+  (void)data;
+  (void)conn;
+#elif defined(CURL_DISABLE_VERBOSE_STRINGS)
+  (void)conn;
+#endif
+
+  /* set the name we use to display the host name */
+  host->dispname = host->name;
+
+  len = strlen(host->name);
+  if(host->name[len-1] == '.')
+    /* strip off a single trailing dot if present, primarily for SNI but
+       there's no use for it */
+    host->name[len-1]=0;
+
+  if(!is_ASCII_name(host->name)) {
+#ifdef USE_LIBIDN
+  /*************************************************************
+   * Check name for non-ASCII and convert hostname to ACE form.
+   *************************************************************/
+  if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
+    char *ace_hostname = NULL;
+    int rc = idna_to_ascii_lz(host->name, &ace_hostname, 0);
+    infof (data, "Input domain encoded as `%s'\n",
+           stringprep_locale_charset ());
+    if(rc != IDNA_SUCCESS)
+      infof(data, "Failed to convert %s to ACE; %s\n",
+            host->name, Curl_idn_strerror(conn,rc));
+    else {
+      /* tld_check_name() displays a warning if the host name contains
+         "illegal" characters for this TLD */
+      (void)tld_check_name(data, ace_hostname);
+
+      host->encalloc = ace_hostname;
+      /* change the name pointer to point to the encoded hostname */
+      host->name = host->encalloc;
+    }
+  }
+#elif defined(USE_WIN32_IDN)
+  /*************************************************************
+   * Check name for non-ASCII and convert hostname to ACE form.
+   *************************************************************/
+    char *ace_hostname = NULL;
+    int rc = curl_win32_idn_to_ascii(host->name, &ace_hostname);
+    if(rc == 0)
+      infof(data, "Failed to convert %s to ACE;\n",
+            host->name);
+    else {
+      host->encalloc = ace_hostname;
+      /* change the name pointer to point to the encoded hostname */
+      host->name = host->encalloc;
+    }
+#else
+    infof(data, "IDN support not present, can't parse Unicode domains\n");
+#endif
+  }
+}
+
+static void llist_dtor(void *user, void *element)
+{
+  (void)user;
+  (void)element;
+  /* Do nothing */
+}
+
+/*
+ * Allocate and initialize a new connectdata object.
+ */
+static struct connectdata *allocate_conn(struct SessionHandle *data)
+{
+  struct connectdata *conn = calloc(1, sizeof(struct connectdata));
+  if(!conn)
+    return NULL;
+
+  conn->handler = &Curl_handler_dummy;  /* Be sure we have a handler defined
+                                           already from start to avoid NULL
+                                           situations and checks */
+
+  /* and we setup a few fields in case we end up actually using this struct */
+
+  conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD;     /* no file descriptor */
+  conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD; /* no file descriptor */
+  conn->tempsock[0] = CURL_SOCKET_BAD; /* no file descriptor */
+  conn->tempsock[1] = CURL_SOCKET_BAD; /* no file descriptor */
+  conn->connection_id = -1;    /* no ID */
+  conn->port = -1; /* unknown at this point */
+  conn->remote_port = -1; /* unknown */
+
+  /* Default protocol-independent behavior doesn't support persistent
+     connections, so we set this to force-close. Protocols that support
+     this need to set this to FALSE in their "curl_do" functions. */
+  connclose(conn, "Default to force-close");
+
+  /* Store creation time to help future close decision making */
+  conn->created = Curl_tvnow();
+
+  conn->data = data; /* Setup the association between this connection
+                        and the SessionHandle */
+
+  conn->proxytype = data->set.proxytype; /* type */
+
+#ifdef CURL_DISABLE_PROXY
+
+  conn->bits.proxy = FALSE;
+  conn->bits.httpproxy = FALSE;
+  conn->bits.proxy_user_passwd = FALSE;
+  conn->bits.tunnel_proxy = FALSE;
+
+#else /* CURL_DISABLE_PROXY */
+
+  /* note that these two proxy bits are now just on what looks to be
+     requested, they may be altered down the road */
+  conn->bits.proxy = (data->set.str[STRING_PROXY] &&
+                      *data->set.str[STRING_PROXY])?TRUE:FALSE;
+  conn->bits.httpproxy = (conn->bits.proxy &&
+                          (conn->proxytype == CURLPROXY_HTTP ||
+                           conn->proxytype == CURLPROXY_HTTP_1_0))?TRUE:FALSE;
+  conn->bits.proxy_user_passwd =
+    (NULL != data->set.str[STRING_PROXYUSERNAME])?TRUE:FALSE;
+  conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy;
+
+#endif /* CURL_DISABLE_PROXY */
+
+  conn->bits.user_passwd = (NULL != data->set.str[STRING_USERNAME])?TRUE:FALSE;
+  conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
+  conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
+
+  conn->verifypeer = data->set.ssl.verifypeer;
+  conn->verifyhost = data->set.ssl.verifyhost;
+
+  conn->ip_version = data->set.ipver;
+
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+  conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
+  conn->ntlm_auth_hlpr_pid = 0;
+  conn->challenge_header = NULL;
+  conn->response_header = NULL;
+#endif
+
+  if(Curl_multi_pipeline_enabled(data->multi) &&
+      !conn->master_buffer) {
+    /* Allocate master_buffer to be used for pipelining */
+    conn->master_buffer = calloc(BUFSIZE, sizeof (char));
+    if(!conn->master_buffer)
+      goto error;
+  }
+
+  /* Initialize the pipeline lists */
+  conn->send_pipe = Curl_llist_alloc((curl_llist_dtor) llist_dtor);
+  conn->recv_pipe = Curl_llist_alloc((curl_llist_dtor) llist_dtor);
+  if(!conn->send_pipe || !conn->recv_pipe)
+    goto error;
+
+#ifdef HAVE_GSSAPI
+  conn->data_prot = PROT_CLEAR;
+#endif
+
+  /* Store the local bind parameters that will be used for this connection */
+  if(data->set.str[STRING_DEVICE]) {
+    conn->localdev = strdup(data->set.str[STRING_DEVICE]);
+    if(!conn->localdev)
+      goto error;
+  }
+  conn->localportrange = data->set.localportrange;
+  conn->localport = data->set.localport;
+
+  /* the close socket stuff needs to be copied to the connection struct as
+     it may live on without (this specific) SessionHandle */
+  conn->fclosesocket = data->set.fclosesocket;
+  conn->closesocket_client = data->set.closesocket_client;
+
+  return conn;
+  error:
+
+  Curl_llist_destroy(conn->send_pipe, NULL);
+  Curl_llist_destroy(conn->recv_pipe, NULL);
+
+  conn->send_pipe = NULL;
+  conn->recv_pipe = NULL;
+
+  Curl_safefree(conn->master_buffer);
+  Curl_safefree(conn->localdev);
+  Curl_safefree(conn);
+  return NULL;
+}
+
+static CURLcode findprotocol(struct SessionHandle *data,
+                             struct connectdata *conn,
+                             const char *protostr)
+{
+  const struct Curl_handler * const *pp;
+  const struct Curl_handler *p;
+
+  /* Scan protocol handler table and match against 'protostr' to set a few
+     variables based on the URL. Now that the handler may be changed later
+     when the protocol specific setup function is called. */
+  for(pp = protocols; (p = *pp) != NULL; pp++) {
+    if(Curl_raw_equal(p->scheme, protostr)) {
+      /* Protocol found in table. Check if allowed */
+      if(!(data->set.allowed_protocols & p->protocol))
+        /* nope, get out */
+        break;
+
+      /* it is allowed for "normal" request, now do an extra check if this is
+         the result of a redirect */
+      if(data->state.this_is_a_follow &&
+         !(data->set.redir_protocols & p->protocol))
+        /* nope, get out */
+        break;
+
+      /* Perform setup complement if some. */
+      conn->handler = conn->given = p;
+
+      /* 'port' and 'remote_port' are set in setup_connection_internals() */
+      return CURLE_OK;
+    }
+  }
+
+
+  /* The protocol was not found in the table, but we don't have to assign it
+     to anything since it is already assigned to a dummy-struct in the
+     create_conn() function when the connectdata struct is allocated. */
+  failf(data, "Protocol \"%s\" not supported or disabled in " LIBCURL_NAME,
+        protostr);
+
+  return CURLE_UNSUPPORTED_PROTOCOL;
+}
+
+/*
+ * Parse URL and fill in the relevant members of the connection struct.
+ */
+static CURLcode parseurlandfillconn(struct SessionHandle *data,
+                                    struct connectdata *conn,
+                                    bool *prot_missing,
+                                    char **userp, char **passwdp,
+                                    char **optionsp)
+{
+  char *at;
+  char *fragment;
+  char *path = data->state.path;
+  char *query;
+  int rc;
+  char protobuf[16] = "";
+  const char *protop = "";
+  CURLcode result;
+  bool rebuild_url = FALSE;
+
+  *prot_missing = FALSE;
+
+  /*************************************************************
+   * Parse the URL.
+   *
+   * We need to parse the url even when using the proxy, because we will need
+   * the hostname and port in case we are trying to SSL connect through the
+   * proxy -- and we don't know if we will need to use SSL until we parse the
+   * url ...
+   ************************************************************/
+  if((2 == sscanf(data->change.url, "%15[^:]:%[^\n]",
+                  protobuf, path)) &&
+     Curl_raw_equal(protobuf, "file")) {
+    if(path[0] == '/' && path[1] == '/') {
+      /* Allow omitted hostname (e.g. file:/<path>).  This is not strictly
+       * speaking a valid file: URL by RFC 1738, but treating file:/<path> as
+       * file://localhost/<path> is similar to how other schemes treat missing
+       * hostnames.  See RFC 1808. */
+
+      /* This cannot be done with strcpy() in a portable manner, since the
+         memory areas overlap! */
+      memmove(path, path + 2, strlen(path + 2)+1);
+    }
+    /*
+     * we deal with file://<host>/<path> differently since it supports no
+     * hostname other than "localhost" and "127.0.0.1", which is unique among
+     * the URL protocols specified in RFC 1738
+     */
+    if(path[0] != '/') {
+      /* the URL included a host name, we ignore host names in file:// URLs
+         as the standards don't define what to do with them */
+      char *ptr=strchr(path, '/');
+      if(ptr) {
+        /* there was a slash present
+
+           RFC1738 (section 3.1, page 5) says:
+
+           The rest of the locator consists of data specific to the scheme,
+           and is known as the "url-path". It supplies the details of how the
+           specified resource can be accessed. Note that the "/" between the
+           host (or port) and the url-path is NOT part of the url-path.
+
+           As most agents use file://localhost/foo to get '/foo' although the
+           slash preceding foo is a separator and not a slash for the path,
+           a URL as file://localhost//foo must be valid as well, to refer to
+           the same file with an absolute path.
+        */
+
+        if(ptr[1] && ('/' == ptr[1]))
+          /* if there was two slashes, we skip the first one as that is then
+             used truly as a separator */
+          ptr++;
+
+        /* This cannot be made with strcpy, as the memory chunks overlap! */
+        memmove(path, ptr, strlen(ptr)+1);
+      }
+    }
+
+    protop = "file"; /* protocol string */
+  }
+  else {
+    /* clear path */
+    path[0]=0;
+
+    if(2 > sscanf(data->change.url,
+                   "%15[^\n:]://%[^\n/?]%[^\n]",
+                   protobuf,
+                   conn->host.name, path)) {
+
+      /*
+       * The URL was badly formatted, let's try the browser-style _without_
+       * protocol specified like 'http://'.
+       */
+      rc = sscanf(data->change.url, "%[^\n/?]%[^\n]", conn->host.name, path);
+      if(1 > rc) {
+        /*
+         * We couldn't even get this format.
+         * djgpp 2.04 has a sscanf() bug where 'conn->host.name' is
+         * assigned, but the return value is EOF!
+         */
+#if defined(__DJGPP__) && (DJGPP_MINOR == 4)
+        if(!(rc == -1 && *conn->host.name))
+#endif
+        {
+          failf(data, "<url> malformed");
+          return CURLE_URL_MALFORMAT;
+        }
+      }
+
+      /*
+       * Since there was no protocol part specified, we guess what protocol it
+       * is based on the first letters of the server name.
+       */
+
+      /* Note: if you add a new protocol, please update the list in
+       * lib/version.c too! */
+
+      if(checkprefix("FTP.", conn->host.name))
+        protop = "ftp";
+      else if(checkprefix("DICT.", conn->host.name))
+        protop = "DICT";
+      else if(checkprefix("LDAP.", conn->host.name))
+        protop = "LDAP";
+      else if(checkprefix("IMAP.", conn->host.name))
+        protop = "IMAP";
+      else if(checkprefix("SMTP.", conn->host.name))
+        protop = "smtp";
+      else if(checkprefix("POP3.", conn->host.name))
+        protop = "pop3";
+      else {
+        protop = "http";
+      }
+
+      *prot_missing = TRUE; /* not given in URL */
+    }
+    else
+      protop = protobuf;
+  }
+
+  /* We search for '?' in the host name (but only on the right side of a
+   * @-letter to allow ?-letters in username and password) to handle things
+   * like http://example.com?param= (notice the missing '/').
+   */
+  at = strchr(conn->host.name, '@');
+  if(at)
+    query = strchr(at+1, '?');
+  else
+    query = strchr(conn->host.name, '?');
+
+  if(query) {
+    /* We must insert a slash before the '?'-letter in the URL. If the URL had
+       a slash after the '?', that is where the path currently begins and the
+       '?string' is still part of the host name.
+
+       We must move the trailing part from the host name and put it first in
+       the path. And have it all prefixed with a slash.
+    */
+
+    size_t hostlen = strlen(query);
+    size_t pathlen = strlen(path);
+
+    /* move the existing path plus the zero byte forward, to make room for
+       the host-name part */
+    memmove(path+hostlen+1, path, pathlen+1);
+
+     /* now copy the trailing host part in front of the existing path */
+    memcpy(path+1, query, hostlen);
+
+    path[0]='/'; /* prepend the missing slash */
+    rebuild_url = TRUE;
+
+    *query=0; /* now cut off the hostname at the ? */
+  }
+  else if(!path[0]) {
+    /* if there's no path set, use a single slash */
+    strcpy(path, "/");
+    rebuild_url = TRUE;
+  }
+
+  /* If the URL is malformatted (missing a '/' after hostname before path) we
+   * insert a slash here. The only letter except '/' we accept to start a path
+   * is '?'.
+   */
+  if(path[0] == '?') {
+    /* We need this function to deal with overlapping memory areas. We know
+       that the memory area 'path' points to is 'urllen' bytes big and that
+       is bigger than the path. Use +1 to move the zero byte too. */
+    memmove(&path[1], path, strlen(path)+1);
+    path[0] = '/';
+    rebuild_url = TRUE;
+  }
+  else {
+    /* sanitise paths and remove ../ and ./ sequences according to RFC3986 */
+    char *newp = Curl_dedotdotify(path);
+    if(!newp)
+      return CURLE_OUT_OF_MEMORY;
+
+    if(strcmp(newp, path)) {
+      rebuild_url = TRUE;
+      free(data->state.pathbuffer);
+      data->state.pathbuffer = newp;
+      data->state.path = newp;
+      path = newp;
+    }
+    else
+      free(newp);
+  }
+
+  /*
+   * "rebuild_url" means that one or more URL components have been modified so
+   * we need to generate an updated full version.  We need the corrected URL
+   * when communicating over HTTP proxy and we don't know at this point if
+   * we're using a proxy or not.
+   */
+  if(rebuild_url) {
+    char *reurl;
+
+    size_t plen = strlen(path); /* new path, should be 1 byte longer than
+                                   the original */
+    size_t urllen = strlen(data->change.url); /* original URL length */
+
+    size_t prefixlen = strlen(conn->host.name);
+
+    if(!*prot_missing)
+      prefixlen += strlen(protop) + strlen("://");
+
+    reurl = malloc(urllen + 2); /* 2 for zerobyte + slash */
+    if(!reurl)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* copy the prefix */
+    memcpy(reurl, data->change.url, prefixlen);
+
+    /* append the trailing piece + zerobyte */
+    memcpy(&reurl[prefixlen], path, plen + 1);
+
+    /* possible free the old one */
+    if(data->change.url_alloc) {
+      Curl_safefree(data->change.url);
+      data->change.url_alloc = FALSE;
+    }
+
+    infof(data, "Rebuilt URL to: %s\n", reurl);
+
+    data->change.url = reurl;
+    data->change.url_alloc = TRUE; /* free this later */
+  }
+
+  /*
+   * Parse the login details from the URL and strip them out of
+   * the host name
+   */
+  result = parse_url_login(data, conn, userp, passwdp, optionsp);
+  if(result != CURLE_OK)
+    return result;
+
+  if(conn->host.name[0] == '[') {
+    /* This looks like an IPv6 address literal.  See if there is an address
+       scope if there is no location header */
+    char *percent = strchr(conn->host.name, '%');
+    if(percent) {
+      unsigned int identifier_offset = 3;
+      char *endp;
+      unsigned long scope;
+      if(strncmp("%25", percent, 3) != 0) {
+        infof(data,
+              "Please URL encode %% as %%25, see RFC 6874.\n");
+        identifier_offset = 1;
+      }
+      scope = strtoul(percent + identifier_offset, &endp, 10);
+      if(*endp == ']') {
+        /* The address scope was well formed.  Knock it out of the
+           hostname. */
+        memmove(percent, endp, strlen(endp)+1);
+        conn->scope = (unsigned int)scope;
+      }
+      else {
+        /* Zone identifier is not numeric */
+#if defined(HAVE_NET_IF_H) && defined(IFNAMSIZ) && defined(HAVE_IF_NAMETOINDEX)
+        char ifname[IFNAMSIZ + 2];
+        char *square_bracket;
+        unsigned int scopeidx = 0;
+        strncpy(ifname, percent + identifier_offset, IFNAMSIZ + 2);
+        /* Ensure nullbyte termination */
+        ifname[IFNAMSIZ + 1] = '\0';
+        square_bracket = strchr(ifname, ']');
+        if(square_bracket) {
+          /* Remove ']' */
+          *square_bracket = '\0';
+          scopeidx = if_nametoindex(ifname);
+          if(scopeidx == 0) {
+            infof(data, "Invalid network interface: %s; %s\n", ifname,
+                  strerror(errno));
+          }
+        }
+        if(scopeidx > 0) {
+          /* Remove zone identifier from hostname */
+          memmove(percent,
+                  percent + identifier_offset + strlen(ifname),
+                  identifier_offset + strlen(ifname));
+          conn->scope = scopeidx;
+        }
+        else
+#endif /* HAVE_NET_IF_H && IFNAMSIZ */
+          infof(data, "Invalid IPv6 address format\n");
+      }
+    }
+  }
+
+  if(data->set.scope)
+    /* Override any scope that was set above.  */
+    conn->scope = data->set.scope;
+
+  /* Remove the fragment part of the path. Per RFC 2396, this is always the
+     last part of the URI. We are looking for the first '#' so that we deal
+     gracefully with non conformant URI such as http://example.com#foo#bar. */
+  fragment = strchr(path, '#');
+  if(fragment) {
+    *fragment = 0;
+
+    /* we know the path part ended with a fragment, so we know the full URL
+       string does too and we need to cut it off from there so it isn't used
+       over proxy */
+    fragment = strchr(data->change.url, '#');
+    if(fragment)
+      *fragment = 0;
+  }
+
+  /*
+   * So if the URL was A://B/C#D,
+   *   protop is A
+   *   conn->host.name is B
+   *   data->state.path is /C
+   */
+
+  return findprotocol(data, conn, protop);
+}
+
+/*
+ * If we're doing a resumed transfer, we need to setup our stuff
+ * properly.
+ */
+static CURLcode setup_range(struct SessionHandle *data)
+{
+  struct UrlState *s = &data->state;
+  s->resume_from = data->set.set_resume_from;
+  if(s->resume_from || data->set.str[STRING_SET_RANGE]) {
+    if(s->rangestringalloc)
+      free(s->range);
+
+    if(s->resume_from)
+      s->range = aprintf("%" CURL_FORMAT_CURL_OFF_TU "-", s->resume_from);
+    else
+      s->range = strdup(data->set.str[STRING_SET_RANGE]);
+
+    s->rangestringalloc = (s->range)?TRUE:FALSE;
+
+    if(!s->range)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* tell ourselves to fetch this range */
+    s->use_range = TRUE;        /* enable range download */
+  }
+  else
+    s->use_range = FALSE; /* disable range download */
+
+  return CURLE_OK;
+}
+
+
+/*
+ * setup_connection_internals() -
+ *
+ * Setup connection internals specific to the requested protocol in the
+ * SessionHandle. This is inited and setup before the connection is made but
+ * is about the particular protocol that is to be used.
+ *
+ * This MUST get called after proxy magic has been figured out.
+ */
+static CURLcode setup_connection_internals(struct connectdata *conn)
+{
+  const struct Curl_handler * p;
+  CURLcode result;
+  struct SessionHandle *data = conn->data;
+
+  /* in some case in the multi state-machine, we go back to the CONNECT state
+     and then a second (or third or...) call to this function will be made
+     without doing a DISCONNECT or DONE in between (since the connection is
+     yet in place) and therefore this function needs to first make sure
+     there's no lingering previous data allocated. */
+  Curl_free_request_state(data);
+
+  memset(&data->req, 0, sizeof(struct SingleRequest));
+  data->req.maxdownload = -1;
+
+  conn->socktype = SOCK_STREAM; /* most of them are TCP streams */
+
+  /* Perform setup complement if some. */
+  p = conn->handler;
+
+  if(p->setup_connection) {
+    result = (*p->setup_connection)(conn);
+
+    if(result != CURLE_OK)
+      return result;
+
+    p = conn->handler;              /* May have changed. */
+  }
+
+  if(conn->port < 0)
+    /* we check for -1 here since if proxy was detected already, this
+       was very likely already set to the proxy port */
+    conn->port = p->defport;
+
+  /* only if remote_port was not already parsed off the URL we use the
+     default port number */
+  if(conn->remote_port < 0)
+    conn->remote_port = (unsigned short)conn->given->defport;
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_free_request_state() should free temp data that was allocated in the
+ * SessionHandle for this single request.
+ */
+
+void Curl_free_request_state(struct SessionHandle *data)
+{
+  Curl_safefree(data->req.protop);
+  Curl_safefree(data->req.newurl);
+}
+
+
+#ifndef CURL_DISABLE_PROXY
+/****************************************************************
+* Checks if the host is in the noproxy list. returns true if it matches
+* and therefore the proxy should NOT be used.
+****************************************************************/
+static bool check_noproxy(const char* name, const char* no_proxy)
+{
+  /* no_proxy=domain1.dom,host.domain2.dom
+   *   (a comma-separated list of hosts which should
+   *   not be proxied, or an asterisk to override
+   *   all proxy variables)
+   */
+  size_t tok_start;
+  size_t tok_end;
+  const char* separator = ", ";
+  size_t no_proxy_len;
+  size_t namelen;
+  char *endptr;
+
+  if(no_proxy && no_proxy[0]) {
+    if(Curl_raw_equal("*", no_proxy)) {
+      return TRUE;
+    }
+
+    /* NO_PROXY was specified and it wasn't just an asterisk */
+
+    no_proxy_len = strlen(no_proxy);
+    endptr = strchr(name, ':');
+    if(endptr)
+      namelen = endptr - name;
+    else
+      namelen = strlen(name);
+
+    for(tok_start = 0; tok_start < no_proxy_len; tok_start = tok_end + 1) {
+      while(tok_start < no_proxy_len &&
+            strchr(separator, no_proxy[tok_start]) != NULL) {
+        /* Look for the beginning of the token. */
+        ++tok_start;
+      }
+
+      if(tok_start == no_proxy_len)
+        break; /* It was all trailing separator chars, no more tokens. */
+
+      for(tok_end = tok_start; tok_end < no_proxy_len &&
+            strchr(separator, no_proxy[tok_end]) == NULL; ++tok_end)
+        /* Look for the end of the token. */
+        ;
+
+      /* To match previous behaviour, where it was necessary to specify
+       * ".local.com" to prevent matching "notlocal.com", we will leave
+       * the '.' off.
+       */
+      if(no_proxy[tok_start] == '.')
+        ++tok_start;
+
+      if((tok_end - tok_start) <= namelen) {
+        /* Match the last part of the name to the domain we are checking. */
+        const char *checkn = name + namelen - (tok_end - tok_start);
+        if(Curl_raw_nequal(no_proxy + tok_start, checkn,
+                           tok_end - tok_start)) {
+          if((tok_end - tok_start) == namelen || *(checkn - 1) == '.') {
+            /* We either have an exact match, or the previous character is a .
+             * so it is within the same domain, so no proxy for this host.
+             */
+            return TRUE;
+          }
+        }
+      } /* if((tok_end - tok_start) <= namelen) */
+    } /* for(tok_start = 0; tok_start < no_proxy_len;
+         tok_start = tok_end + 1) */
+  } /* NO_PROXY was specified and it wasn't just an asterisk */
+
+  return FALSE;
+}
+
+/****************************************************************
+* Detect what (if any) proxy to use. Remember that this selects a host
+* name and is not limited to HTTP proxies only.
+* The returned pointer must be freed by the caller (unless NULL)
+****************************************************************/
+static char *detect_proxy(struct connectdata *conn)
+{
+  char *proxy = NULL;
+
+#ifndef CURL_DISABLE_HTTP
+  /* If proxy was not specified, we check for default proxy environment
+   * variables, to enable i.e Lynx compliance:
+   *
+   * http_proxy=http://some.server.dom:port/
+   * https_proxy=http://some.server.dom:port/
+   * ftp_proxy=http://some.server.dom:port/
+   * no_proxy=domain1.dom,host.domain2.dom
+   *   (a comma-separated list of hosts which should
+   *   not be proxied, or an asterisk to override
+   *   all proxy variables)
+   * all_proxy=http://some.server.dom:port/
+   *   (seems to exist for the CERN www lib. Probably
+   *   the first to check for.)
+   *
+   * For compatibility, the all-uppercase versions of these variables are
+   * checked if the lowercase versions don't exist.
+   */
+  char *no_proxy=NULL;
+  char proxy_env[128];
+
+  no_proxy=curl_getenv("no_proxy");
+  if(!no_proxy)
+    no_proxy=curl_getenv("NO_PROXY");
+
+  if(!check_noproxy(conn->host.name, no_proxy)) {
+    /* It was not listed as without proxy */
+    const char *protop = conn->handler->scheme;
+    char *envp = proxy_env;
+    char *prox;
+
+    /* Now, build <protocol>_proxy and check for such a one to use */
+    while(*protop)
+      *envp++ = (char)tolower((int)*protop++);
+
+    /* append _proxy */
+    strcpy(envp, "_proxy");
+
+    /* read the protocol proxy: */
+    prox=curl_getenv(proxy_env);
+
+    /*
+     * We don't try the uppercase version of HTTP_PROXY because of
+     * security reasons:
+     *
+     * When curl is used in a webserver application
+     * environment (cgi or php), this environment variable can
+     * be controlled by the web server user by setting the
+     * http header 'Proxy:' to some value.
+     *
+     * This can cause 'internal' http/ftp requests to be
+     * arbitrarily redirected by any external attacker.
+     */
+    if(!prox && !Curl_raw_equal("http_proxy", proxy_env)) {
+      /* There was no lowercase variable, try the uppercase version: */
+      Curl_strntoupper(proxy_env, proxy_env, sizeof(proxy_env));
+      prox=curl_getenv(proxy_env);
+    }
+
+    if(prox && *prox) { /* don't count "" strings */
+      proxy = prox; /* use this */
+    }
+    else {
+      proxy = curl_getenv("all_proxy"); /* default proxy to use */
+      if(!proxy)
+        proxy=curl_getenv("ALL_PROXY");
+    }
+  } /* if(!check_noproxy(conn->host.name, no_proxy)) - it wasn't specified
+       non-proxy */
+  if(no_proxy)
+    free(no_proxy);
+
+#else /* !CURL_DISABLE_HTTP */
+
+  (void)conn;
+#endif /* CURL_DISABLE_HTTP */
+
+  return proxy;
+}
+
+/*
+ * If this is supposed to use a proxy, we need to figure out the proxy
+ * host name, so that we can re-use an existing connection
+ * that may exist registered to the same proxy host.
+ * proxy will be freed before this function returns.
+ */
+static CURLcode parse_proxy(struct SessionHandle *data,
+                            struct connectdata *conn, char *proxy)
+{
+  char *prox_portno;
+  char *endofprot;
+
+  /* We use 'proxyptr' to point to the proxy name from now on... */
+  char *proxyptr;
+  char *portptr;
+  char *atsign;
+
+  /* We do the proxy host string parsing here. We want the host name and the
+   * port name. Accept a protocol:// prefix
+   */
+
+  /* Parse the protocol part if present */
+  endofprot = strstr(proxy, "://");
+  if(endofprot) {
+    proxyptr = endofprot+3;
+    if(checkprefix("socks5h", proxy))
+      conn->proxytype = CURLPROXY_SOCKS5_HOSTNAME;
+    else if(checkprefix("socks5", proxy))
+      conn->proxytype = CURLPROXY_SOCKS5;
+    else if(checkprefix("socks4a", proxy))
+      conn->proxytype = CURLPROXY_SOCKS4A;
+    else if(checkprefix("socks4", proxy) || checkprefix("socks", proxy))
+      conn->proxytype = CURLPROXY_SOCKS4;
+    /* Any other xxx:// : change to http proxy */
+  }
+  else
+    proxyptr = proxy; /* No xxx:// head: It's a HTTP proxy */
+
+  /* Is there a username and password given in this proxy url? */
+  atsign = strchr(proxyptr, '@');
+  if(atsign) {
+    CURLcode res = CURLE_OK;
+    char *proxyuser = NULL;
+    char *proxypasswd = NULL;
+
+    res = parse_login_details(proxyptr, atsign - proxyptr,
+                              &proxyuser, &proxypasswd, NULL);
+    if(!res) {
+      /* found user and password, rip them out.  note that we are
+         unescaping them, as there is otherwise no way to have a
+         username or password with reserved characters like ':' in
+         them. */
+      Curl_safefree(conn->proxyuser);
+      if(proxyuser && strlen(proxyuser) < MAX_CURL_USER_LENGTH)
+        conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
+      else
+        conn->proxyuser = strdup("");
+
+      if(!conn->proxyuser)
+        res = CURLE_OUT_OF_MEMORY;
+      else {
+        Curl_safefree(conn->proxypasswd);
+        if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
+          conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
+        else
+          conn->proxypasswd = strdup("");
+
+        if(!conn->proxypasswd)
+          res = CURLE_OUT_OF_MEMORY;
+      }
+
+      if(!res) {
+        conn->bits.proxy_user_passwd = TRUE; /* enable it */
+        atsign++; /* the right side of the @-letter */
+
+        if(atsign)
+          proxyptr = atsign; /* now use this instead */
+        else
+          res = CURLE_OUT_OF_MEMORY;
+      }
+    }
+
+    Curl_safefree(proxyuser);
+    Curl_safefree(proxypasswd);
+
+    if(res)
+      return res;
+  }
+
+  /* start scanning for port number at this point */
+  portptr = proxyptr;
+
+  /* detect and extract RFC6874-style IPv6-addresses */
+  if(*proxyptr == '[') {
+    char *ptr = ++proxyptr; /* advance beyond the initial bracket */
+    while(*ptr && (ISXDIGIT(*ptr) || (*ptr == ':') || (*ptr == '.')))
+      ptr++;
+    if(*ptr == '%') {
+      /* There might be a zone identifier */
+      if(strncmp("%25", ptr, 3))
+        infof(data, "Please URL encode %% as %%25, see RFC 6874.\n");
+      ptr++;
+      /* Allow unresered characters as defined in RFC 3986 */
+      while(*ptr && (ISALPHA(*ptr) || ISXDIGIT(*ptr) || (*ptr == '-') ||
+                     (*ptr == '.') || (*ptr == '_') || (*ptr == '~')))
+        ptr++;
+    }
+    if(*ptr == ']')
+      /* yeps, it ended nicely with a bracket as well */
+      *ptr++ = 0;
+    else
+      infof(data, "Invalid IPv6 address format\n");
+    portptr = ptr;
+    /* Note that if this didn't end with a bracket, we still advanced the
+     * proxyptr first, but I can't see anything wrong with that as no host
+     * name nor a numeric can legally start with a bracket.
+     */
+  }
+
+  /* Get port number off proxy.server.com:1080 */
+  prox_portno = strchr(portptr, ':');
+  if(prox_portno) {
+    *prox_portno = 0x0; /* cut off number from host name */
+    prox_portno ++;
+    /* now set the local port number */
+    conn->port = strtol(prox_portno, NULL, 10);
+  }
+  else {
+    if(proxyptr[0]=='/')
+      /* If the first character in the proxy string is a slash, fail
+         immediately. The following code will otherwise clear the string which
+         will lead to code running as if no proxy was set! */
+      return CURLE_COULDNT_RESOLVE_PROXY;
+
+    /* without a port number after the host name, some people seem to use
+       a slash so we strip everything from the first slash */
+    atsign = strchr(proxyptr, '/');
+    if(atsign)
+      *atsign = 0x0; /* cut off path part from host name */
+
+    if(data->set.proxyport)
+      /* None given in the proxy string, then get the default one if it is
+         given */
+      conn->port = data->set.proxyport;
+  }
+
+  /* now, clone the cleaned proxy host name */
+  conn->proxy.rawalloc = strdup(proxyptr);
+  conn->proxy.name = conn->proxy.rawalloc;
+
+  if(!conn->proxy.rawalloc)
+    return CURLE_OUT_OF_MEMORY;
+
+  return CURLE_OK;
+}
+
+/*
+ * Extract the user and password from the authentication string
+ */
+static CURLcode parse_proxy_auth(struct SessionHandle *data,
+                                 struct connectdata *conn)
+{
+  char proxyuser[MAX_CURL_USER_LENGTH]="";
+  char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
+
+  if(data->set.str[STRING_PROXYUSERNAME] != NULL) {
+    strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME],
+            MAX_CURL_USER_LENGTH);
+    proxyuser[MAX_CURL_USER_LENGTH-1] = '\0';   /*To be on safe side*/
+  }
+  if(data->set.str[STRING_PROXYPASSWORD] != NULL) {
+    strncpy(proxypasswd, data->set.str[STRING_PROXYPASSWORD],
+            MAX_CURL_PASSWORD_LENGTH);
+    proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/
+  }
+
+  conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
+  if(!conn->proxyuser)
+    return CURLE_OUT_OF_MEMORY;
+
+  conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
+  if(!conn->proxypasswd)
+    return CURLE_OUT_OF_MEMORY;
+
+  return CURLE_OK;
+}
+#endif /* CURL_DISABLE_PROXY */
+
+/*
+ * parse_url_login()
+ *
+ * Parse the login details (user name, password and options) from the URL and
+ * strip them out of the host name
+ *
+ * Inputs: data->set.use_netrc (CURLOPT_NETRC)
+ *         conn->host.name
+ *
+ * Outputs: (almost :- all currently undefined)
+ *          conn->bits.user_passwd  - non-zero if non-default passwords exist
+ *          user                    - non-zero length if defined
+ *          passwd                  - non-zero length if defined
+ *          options                 - non-zero length if defined
+ *          conn->host.name         - remove user name and password
+ */
+static CURLcode parse_url_login(struct SessionHandle *data,
+                                struct connectdata *conn,
+                                char **user, char **passwd, char **options)
+{
+  CURLcode result = CURLE_OK;
+  char *userp = NULL;
+  char *passwdp = NULL;
+  char *optionsp = NULL;
+
+  /* At this point, we're hoping all the other special cases have
+   * been taken care of, so conn->host.name is at most
+   *    [user[:password][;options]]@]hostname
+   *
+   * We need somewhere to put the embedded details, so do that first.
+   */
+
+  char *ptr = strchr(conn->host.name, '@');
+  char *login = conn->host.name;
+
+  DEBUGASSERT(!**user);
+  DEBUGASSERT(!**passwd);
+  DEBUGASSERT(!**options);
+
+  if(!ptr)
+    goto out;
+
+  /* We will now try to extract the
+   * possible login information in a string like:
+   * ftp://user:password@ftp.my.site:8021/README */
+  conn->host.name = ++ptr;
+
+  /* So the hostname is sane.  Only bother interpreting the
+   * results if we could care.  It could still be wasted
+   * work because it might be overtaken by the programmatically
+   * set user/passwd, but doing that first adds more cases here :-(
+   */
+
+  if(data->set.use_netrc == CURL_NETRC_REQUIRED)
+    goto out;
+
+  /* We could use the login information in the URL so extract it */
+  result = parse_login_details(login, ptr - login - 1,
+                               &userp, &passwdp, &optionsp);
+  if(result != CURLE_OK)
+    goto out;
+
+  if(userp) {
+    char *newname;
+
+    /* We have a user in the URL */
+    conn->bits.userpwd_in_url = TRUE;
+    conn->bits.user_passwd = TRUE; /* enable user+password */
+
+    /* Decode the user */
+    newname = curl_easy_unescape(data, userp, 0, NULL);
+    if(!newname) {
+      result = CURLE_OUT_OF_MEMORY;
+      goto out;
+    }
+
+    free(*user);
+    *user = newname;
+  }
+
+  if(passwdp) {
+    /* We have a password in the URL so decode it */
+    char *newpasswd = curl_easy_unescape(data, passwdp, 0, NULL);
+    if(!newpasswd) {
+      result = CURLE_OUT_OF_MEMORY;
+      goto out;
+    }
+
+    free(*passwd);
+    *passwd = newpasswd;
+  }
+
+  if(optionsp) {
+    /* We have an options list in the URL so decode it */
+    char *newoptions = curl_easy_unescape(data, optionsp, 0, NULL);
+    if(!newoptions) {
+      result = CURLE_OUT_OF_MEMORY;
+      goto out;
+    }
+
+    free(*options);
+    *options = newoptions;
+  }
+
+
+  out:
+
+  Curl_safefree(userp);
+  Curl_safefree(passwdp);
+  Curl_safefree(optionsp);
+
+  return result;
+}
+
+/*
+ * parse_login_details()
+ *
+ * This is used to parse a login string for user name, password and options in
+ * the following formats:
+ *
+ *   user
+ *   user:password
+ *   user:password;options
+ *   user;options
+ *   user;options:password
+ *   :password
+ *   :password;options
+ *   ;options
+ *   ;options:password
+ *
+ * Parameters:
+ *
+ * login    [in]     - The login string.
+ * len      [in]     - The length of the login string.
+ * userp    [in/out] - The address where a pointer to newly allocated memory
+ *                     holding the user will be stored upon completion.
+ * passdwp  [in/out] - The address where a pointer to newly allocated memory
+ *                     holding the password will be stored upon completion.
+ * optionsp [in/out] - The address where a pointer to newly allocated memory
+ *                     holding the options will be stored upon completion.
+ *
+ * Returns CURLE_OK on success.
+ */
+static CURLcode parse_login_details(const char *login, const size_t len,
+                                    char **userp, char **passwdp,
+                                    char **optionsp)
+{
+  CURLcode result = CURLE_OK;
+  char *ubuf = NULL;
+  char *pbuf = NULL;
+  char *obuf = NULL;
+  const char *psep = NULL;
+  const char *osep = NULL;
+  size_t ulen;
+  size_t plen;
+  size_t olen;
+
+  /* Attempt to find the password separator */
+  if(passwdp) {
+    psep = strchr(login, ':');
+
+    /* Within the constraint of the login string */
+    if(psep >= login + len)
+      psep = NULL;
+  }
+
+  /* Attempt to find the options separator */
+  if(optionsp) {
+    osep = strchr(login, ';');
+
+    /* Within the constraint of the login string */
+    if(osep >= login + len)
+      osep = NULL;
+  }
+
+  /* Calculate the portion lengths */
+  ulen = (psep ?
+          (size_t)(osep && psep > osep ? osep - login : psep - login) :
+          (osep ? (size_t)(osep - login) : len));
+  plen = (psep ?
+          (osep && osep > psep ? (size_t)(osep - psep) :
+                                 (size_t)(login + len - psep)) - 1 : 0);
+  olen = (osep ?
+          (psep && psep > osep ? (size_t)(psep - osep) :
+                                 (size_t)(login + len - osep)) - 1 : 0);
+
+  /* Allocate the user portion buffer */
+  if(userp && ulen) {
+    ubuf = malloc(ulen + 1);
+    if(!ubuf)
+      result = CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Allocate the password portion buffer */
+  if(!result && passwdp && plen) {
+    pbuf = malloc(plen + 1);
+    if(!pbuf) {
+      Curl_safefree(ubuf);
+      result = CURLE_OUT_OF_MEMORY;
+    }
+  }
+
+  /* Allocate the options portion buffer */
+  if(!result && optionsp && olen) {
+    obuf = malloc(olen + 1);
+    if(!obuf) {
+      Curl_safefree(pbuf);
+      Curl_safefree(ubuf);
+      result = CURLE_OUT_OF_MEMORY;
+    }
+  }
+
+  if(!result) {
+    /* Store the user portion if necessary */
+    if(ubuf) {
+      memcpy(ubuf, login, ulen);
+      ubuf[ulen] = '\0';
+      Curl_safefree(*userp);
+      *userp = ubuf;
+    }
+
+    /* Store the password portion if necessary */
+    if(pbuf) {
+      memcpy(pbuf, psep + 1, plen);
+      pbuf[plen] = '\0';
+      Curl_safefree(*passwdp);
+      *passwdp = pbuf;
+    }
+
+    /* Store the options portion if necessary */
+    if(obuf) {
+      memcpy(obuf, osep + 1, olen);
+      obuf[olen] = '\0';
+      Curl_safefree(*optionsp);
+      *optionsp = obuf;
+    }
+  }
+
+  return result;
+}
+
+/*************************************************************
+ * Figure out the remote port number and fix it in the URL
+ *
+ * No matter if we use a proxy or not, we have to figure out the remote
+ * port number of various reasons.
+ *
+ * To be able to detect port number flawlessly, we must not confuse them
+ * IPv6-specified addresses in the [0::1] style. (RFC2732)
+ *
+ * The conn->host.name is currently [user:passwd@]host[:port] where host
+ * could be a hostname, IPv4 address or IPv6 address.
+ *
+ * The port number embedded in the URL is replaced, if necessary.
+ *************************************************************/
+static CURLcode parse_remote_port(struct SessionHandle *data,
+                                  struct connectdata *conn)
+{
+  char *portptr;
+  char endbracket;
+
+  /* Note that at this point, the IPv6 address cannot contain any scope
+     suffix as that has already been removed in the parseurlandfillconn()
+     function */
+  if((1 == sscanf(conn->host.name, "[%*45[0123456789abcdefABCDEF:.]%c",
+                  &endbracket)) &&
+     (']' == endbracket)) {
+    /* this is a RFC2732-style specified IP-address */
+    conn->bits.ipv6_ip = TRUE;
+
+    conn->host.name++; /* skip over the starting bracket */
+    portptr = strchr(conn->host.name, ']');
+    if(portptr) {
+      *portptr++ = '\0'; /* zero terminate, killing the bracket */
+      if(':' != *portptr)
+        portptr = NULL; /* no port number available */
+    }
+  }
+  else {
+#ifdef ENABLE_IPV6
+    struct in6_addr in6;
+    if(Curl_inet_pton(AF_INET6, conn->host.name, &in6) > 0) {
+      /* This is a numerical IPv6 address, meaning this is a wrongly formatted
+         URL */
+      failf(data, "IPv6 numerical address used in URL without brackets");
+      return CURLE_URL_MALFORMAT;
+    }
+#endif
+
+    portptr = strrchr(conn->host.name, ':');
+  }
+
+  if(data->set.use_port && data->state.allow_port) {
+    /* if set, we use this and ignore the port possibly given in the URL */
+    conn->remote_port = (unsigned short)data->set.use_port;
+    if(portptr)
+      *portptr = '\0'; /* cut off the name there anyway - if there was a port
+                      number - since the port number is to be ignored! */
+    if(conn->bits.httpproxy) {
+      /* we need to create new URL with the new port number */
+      char *url;
+      char type[12]="";
+
+      if(conn->bits.type_set)
+        snprintf(type, sizeof(type), ";type=%c",
+                 data->set.prefer_ascii?'A':
+                 (data->set.ftp_list_only?'D':'I'));
+
+      /*
+       * This synthesized URL isn't always right--suffixes like ;type=A are
+       * stripped off. It would be better to work directly from the original
+       * URL and simply replace the port part of it.
+       */
+      url = aprintf("%s://%s%s%s:%hu%s%s%s", conn->given->scheme,
+                    conn->bits.ipv6_ip?"[":"", conn->host.name,
+                    conn->bits.ipv6_ip?"]":"", conn->remote_port,
+                    data->state.slash_removed?"/":"", data->state.path,
+                    type);
+      if(!url)
+        return CURLE_OUT_OF_MEMORY;
+
+      if(data->change.url_alloc) {
+        Curl_safefree(data->change.url);
+        data->change.url_alloc = FALSE;
+      }
+
+      data->change.url = url;
+      data->change.url_alloc = TRUE;
+    }
+  }
+  else if(portptr) {
+    /* no CURLOPT_PORT given, extract the one from the URL */
+
+    char *rest;
+    long port;
+
+    port=strtol(portptr+1, &rest, 10);  /* Port number must be decimal */
+
+    if((port < 0) || (port > 0xffff)) {
+      /* Single unix standard says port numbers are 16 bits long */
+      failf(data, "Port number out of range");
+      return CURLE_URL_MALFORMAT;
+    }
+
+    else if(rest != &portptr[1]) {
+      *portptr = '\0'; /* cut off the name there */
+      conn->remote_port = curlx_ultous(port);
+    }
+    else
+      /* Browser behavior adaptation. If there's a colon with no digits after,
+         just cut off the name there which makes us ignore the colon and just
+         use the default port. Firefox and Chrome both do that. */
+      *portptr = '\0';
+  }
+  return CURLE_OK;
+}
+
+/*
+ * Override the login details from the URL with that in the CURLOPT_USERPWD
+ * option or a .netrc file, if applicable.
+ */
+static CURLcode override_login(struct SessionHandle *data,
+                               struct connectdata *conn,
+                               char **userp, char **passwdp, char **optionsp)
+{
+  if(data->set.str[STRING_USERNAME]) {
+    free(*userp);
+    *userp = strdup(data->set.str[STRING_USERNAME]);
+    if(!*userp)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
+  if(data->set.str[STRING_PASSWORD]) {
+    free(*passwdp);
+    *passwdp = strdup(data->set.str[STRING_PASSWORD]);
+    if(!*passwdp)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
+  if(data->set.str[STRING_OPTIONS]) {
+    free(*optionsp);
+    *optionsp = strdup(data->set.str[STRING_OPTIONS]);
+    if(!*optionsp)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
+  conn->bits.netrc = FALSE;
+  if(data->set.use_netrc != CURL_NETRC_IGNORED) {
+    int ret = Curl_parsenetrc(conn->host.name,
+                              userp, passwdp,
+                              data->set.str[STRING_NETRC_FILE]);
+    if(ret > 0) {
+      infof(data, "Couldn't find host %s in the "
+            DOT_CHAR "netrc file; using defaults\n",
+            conn->host.name);
+    }
+    else if(ret < 0 ) {
+      return CURLE_OUT_OF_MEMORY;
+    }
+    else {
+      /* set bits.netrc TRUE to remember that we got the name from a .netrc
+         file, so that it is safe to use even if we followed a Location: to a
+         different host or similar. */
+      conn->bits.netrc = TRUE;
+
+      conn->bits.user_passwd = TRUE; /* enable user+password */
+    }
+  }
+
+  return CURLE_OK;
+}
+
+/*
+ * Set the login details so they're available in the connection
+ */
+static CURLcode set_login(struct connectdata *conn,
+                          const char *user, const char *passwd,
+                          const char *options)
+{
+  CURLcode result = CURLE_OK;
+
+  /* If our protocol needs a password and we have none, use the defaults */
+  if((conn->handler->flags & PROTOPT_NEEDSPWD) && !conn->bits.user_passwd) {
+    /* Store the default user */
+    conn->user = strdup(CURL_DEFAULT_USER);
+
+    /* Store the default password */
+    if(conn->user)
+      conn->passwd = strdup(CURL_DEFAULT_PASSWORD);
+    else
+      conn->passwd = NULL;
+
+    /* This is the default password, so DON'T set conn->bits.user_passwd */
+  }
+  else {
+    /* Store the user, zero-length if not set */
+    conn->user = strdup(user);
+
+    /* Store the password (only if user is present), zero-length if not set */
+    if(conn->user)
+      conn->passwd = strdup(passwd);
+    else
+      conn->passwd = NULL;
+  }
+
+  if(!conn->user || !conn->passwd)
+    result = CURLE_OUT_OF_MEMORY;
+
+  /* Store the options, null if not set */
+  if(!result && options[0]) {
+    conn->options = strdup(options);
+
+    if(!conn->options)
+      result = CURLE_OUT_OF_MEMORY;
+  }
+
+  return result;
+}
+
+/*************************************************************
+ * Resolve the address of the server or proxy
+ *************************************************************/
+static CURLcode resolve_server(struct SessionHandle *data,
+                               struct connectdata *conn,
+                               bool *async)
+{
+  CURLcode result=CURLE_OK;
+  long timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+  /*************************************************************
+   * Resolve the name of the server or proxy
+   *************************************************************/
+  if(conn->bits.reuse)
+    /* We're reusing the connection - no need to resolve anything, and
+       fix_hostname() was called already in create_conn() for the re-use
+       case. */
+    *async = FALSE;
+
+  else {
+    /* this is a fresh connect */
+    int rc;
+    struct Curl_dns_entry *hostaddr;
+
+    /* set a pointer to the hostname we display */
+    fix_hostname(data, conn, &conn->host);
+
+    if(!conn->proxy.name || !*conn->proxy.name) {
+      /* If not connecting via a proxy, extract the port from the URL, if it is
+       * there, thus overriding any defaults that might have been set above. */
+      conn->port =  conn->remote_port; /* it is the same port */
+
+      /* Resolve target host right on */
+      rc = Curl_resolv_timeout(conn, conn->host.name, (int)conn->port,
+                               &hostaddr, timeout_ms);
+      if(rc == CURLRESOLV_PENDING)
+        *async = TRUE;
+
+      else if(rc == CURLRESOLV_TIMEDOUT)
+        result = CURLE_OPERATION_TIMEDOUT;
+
+      else if(!hostaddr) {
+        failf(data, "Couldn't resolve host '%s'", conn->host.dispname);
+        result =  CURLE_COULDNT_RESOLVE_HOST;
+        /* don't return yet, we need to clean up the timeout first */
+      }
+    }
+    else {
+      /* This is a proxy that hasn't been resolved yet. */
+
+      /* IDN-fix the proxy name */
+      fix_hostname(data, conn, &conn->proxy);
+
+      /* resolve proxy */
+      rc = Curl_resolv_timeout(conn, conn->proxy.name, (int)conn->port,
+                               &hostaddr, timeout_ms);
+
+      if(rc == CURLRESOLV_PENDING)
+        *async = TRUE;
+
+      else if(rc == CURLRESOLV_TIMEDOUT)
+        result = CURLE_OPERATION_TIMEDOUT;
+
+      else if(!hostaddr) {
+        failf(data, "Couldn't resolve proxy '%s'", conn->proxy.dispname);
+        result = CURLE_COULDNT_RESOLVE_PROXY;
+        /* don't return yet, we need to clean up the timeout first */
+      }
+    }
+    DEBUGASSERT(conn->dns_entry == NULL);
+    conn->dns_entry = hostaddr;
+  }
+
+  return result;
+}
+
+/*
+ * Cleanup the connection just allocated before we can move along and use the
+ * previously existing one.  All relevant data is copied over and old_conn is
+ * ready for freeing once this function returns.
+ */
+static void reuse_conn(struct connectdata *old_conn,
+                       struct connectdata *conn)
+{
+  if(old_conn->proxy.rawalloc)
+    free(old_conn->proxy.rawalloc);
+
+  /* free the SSL config struct from this connection struct as this was
+     allocated in vain and is targeted for destruction */
+  Curl_free_ssl_config(&old_conn->ssl_config);
+
+  conn->data = old_conn->data;
+
+  /* get the user+password information from the old_conn struct since it may
+   * be new for this request even when we re-use an existing connection */
+  conn->bits.user_passwd = old_conn->bits.user_passwd;
+  if(conn->bits.user_passwd) {
+    /* use the new user name and password though */
+    Curl_safefree(conn->user);
+    Curl_safefree(conn->passwd);
+    conn->user = old_conn->user;
+    conn->passwd = old_conn->passwd;
+    old_conn->user = NULL;
+    old_conn->passwd = NULL;
+  }
+
+  conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;
+  if(conn->bits.proxy_user_passwd) {
+    /* use the new proxy user name and proxy password though */
+    Curl_safefree(conn->proxyuser);
+    Curl_safefree(conn->proxypasswd);
+    conn->proxyuser = old_conn->proxyuser;
+    conn->proxypasswd = old_conn->proxypasswd;
+    old_conn->proxyuser = NULL;
+    old_conn->proxypasswd = NULL;
+  }
+
+  /* host can change, when doing keepalive with a proxy or if the case is
+     different this time etc */
+  Curl_safefree(conn->host.rawalloc);
+  conn->host=old_conn->host;
+
+  /* persist connection info in session handle */
+  Curl_persistconninfo(conn);
+
+  /* re-use init */
+  conn->bits.reuse = TRUE; /* yes, we're re-using here */
+
+  Curl_safefree(old_conn->user);
+  Curl_safefree(old_conn->passwd);
+  Curl_safefree(old_conn->proxyuser);
+  Curl_safefree(old_conn->proxypasswd);
+  Curl_safefree(old_conn->localdev);
+
+  Curl_llist_destroy(old_conn->send_pipe, NULL);
+  Curl_llist_destroy(old_conn->recv_pipe, NULL);
+
+  old_conn->send_pipe = NULL;
+  old_conn->recv_pipe = NULL;
+
+  Curl_safefree(old_conn->master_buffer);
+}
+
+/**
+ * create_conn() sets up a new connectdata struct, or re-uses an already
+ * existing one, and resolves host name.
+ *
+ * if this function returns CURLE_OK and *async is set to TRUE, the resolve
+ * response will be coming asynchronously. If *async is FALSE, the name is
+ * already resolved.
+ *
+ * @param data The sessionhandle pointer
+ * @param in_connect is set to the next connection data pointer
+ * @param async is set TRUE when an async DNS resolution is pending
+ * @see Curl_setup_conn()
+ *
+ * *NOTE* this function assigns the conn->data pointer!
+ */
+
+static CURLcode create_conn(struct SessionHandle *data,
+                            struct connectdata **in_connect,
+                            bool *async)
+{
+  CURLcode result = CURLE_OK;
+  struct connectdata *conn;
+  struct connectdata *conn_temp = NULL;
+  size_t urllen;
+  char *user = NULL;
+  char *passwd = NULL;
+  char *options = NULL;
+  bool reuse;
+  char *proxy = NULL;
+  bool prot_missing = FALSE;
+  bool no_connections_available = FALSE;
+  bool force_reuse = FALSE;
+  size_t max_host_connections = Curl_multi_max_host_connections(data->multi);
+  size_t max_total_connections = Curl_multi_max_total_connections(data->multi);
+
+  *async = FALSE;
+
+  /*************************************************************
+   * Check input data
+   *************************************************************/
+
+  if(!data->change.url) {
+    result = CURLE_URL_MALFORMAT;
+    goto out;
+  }
+
+  /* First, split up the current URL in parts so that we can use the
+     parts for checking against the already present connections. In order
+     to not have to modify everything at once, we allocate a temporary
+     connection data struct and fill in for comparison purposes. */
+  conn = allocate_conn(data);
+
+  if(!conn) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+
+  /* We must set the return variable as soon as possible, so that our
+     parent can cleanup any possible allocs we may have done before
+     any failure */
+  *in_connect = conn;
+
+  /* This initing continues below, see the comment "Continue connectdata
+   * initialization here" */
+
+  /***********************************************************
+   * We need to allocate memory to store the path in. We get the size of the
+   * full URL to be sure, and we need to make it at least 256 bytes since
+   * other parts of the code will rely on this fact
+   ***********************************************************/
+#define LEAST_PATH_ALLOC 256
+  urllen=strlen(data->change.url);
+  if(urllen < LEAST_PATH_ALLOC)
+    urllen=LEAST_PATH_ALLOC;
+
+  /*
+   * We malloc() the buffers below urllen+2 to make room for 2 possibilities:
+   * 1 - an extra terminating zero
+   * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
+   */
+
+  Curl_safefree(data->state.pathbuffer);
+  data->state.path = NULL;
+
+  data->state.pathbuffer = malloc(urllen+2);
+  if(NULL == data->state.pathbuffer) {
+    result = CURLE_OUT_OF_MEMORY; /* really bad error */
+    goto out;
+  }
+  data->state.path = data->state.pathbuffer;
+
+  conn->host.rawalloc = malloc(urllen+2);
+  if(NULL == conn->host.rawalloc) {
+    Curl_safefree(data->state.pathbuffer);
+    data->state.path = NULL;
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+
+  conn->host.name = conn->host.rawalloc;
+  conn->host.name[0] = 0;
+
+  user = strdup("");
+  passwd = strdup("");
+  options = strdup("");
+  if(!user || !passwd || !options) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+
+  result = parseurlandfillconn(data, conn, &prot_missing, &user, &passwd,
+                               &options);
+  if(result != CURLE_OK)
+    goto out;
+
+  /*************************************************************
+   * No protocol part in URL was used, add it!
+   *************************************************************/
+  if(prot_missing) {
+    /* We're guessing prefixes here and if we're told to use a proxy or if
+       we're gonna follow a Location: later or... then we need the protocol
+       part added so that we have a valid URL. */
+    char *reurl;
+
+    reurl = aprintf("%s://%s", conn->handler->scheme, data->change.url);
+
+    if(!reurl) {
+      result = CURLE_OUT_OF_MEMORY;
+      goto out;
+    }
+
+    if(data->change.url_alloc) {
+      Curl_safefree(data->change.url);
+      data->change.url_alloc = FALSE;
+    }
+
+    data->change.url = reurl;
+    data->change.url_alloc = TRUE; /* free this later */
+  }
+
+  /*************************************************************
+   * If the protocol can't handle url query strings, then cut
+   * off the unhandable part
+   *************************************************************/
+  if((conn->given->flags&PROTOPT_NOURLQUERY)) {
+    char *path_q_sep = strchr(conn->data->state.path, '?');
+    if(path_q_sep) {
+      /* according to rfc3986, allow the query (?foo=bar)
+         also on protocols that can't handle it.
+
+         cut the string-part after '?'
+      */
+
+      /* terminate the string */
+      path_q_sep[0] = 0;
+    }
+  }
+
+  if(data->set.str[STRING_BEARER]) {
+    conn->xoauth2_bearer = strdup(data->set.str[STRING_BEARER]);
+    if(!conn->xoauth2_bearer) {
+      result = CURLE_OUT_OF_MEMORY;
+      goto out;
+    }
+  }
+
+#ifndef CURL_DISABLE_PROXY
+  /*************************************************************
+   * Extract the user and password from the authentication string
+   *************************************************************/
+  if(conn->bits.proxy_user_passwd) {
+    result = parse_proxy_auth(data, conn);
+    if(result != CURLE_OK)
+      goto out;
+  }
+
+  /*************************************************************
+   * Detect what (if any) proxy to use
+   *************************************************************/
+  if(data->set.str[STRING_PROXY]) {
+    proxy = strdup(data->set.str[STRING_PROXY]);
+    /* if global proxy is set, this is it */
+    if(NULL == proxy) {
+      failf(data, "memory shortage");
+      result = CURLE_OUT_OF_MEMORY;
+      goto out;
+    }
+  }
+
+  if(data->set.str[STRING_NOPROXY] &&
+     check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY])) {
+    if(proxy) {
+      free(proxy);  /* proxy is in exception list */
+      proxy = NULL;
+    }
+  }
+  else if(!proxy)
+    proxy = detect_proxy(conn);
+
+  if(proxy && (!*proxy || (conn->handler->flags & PROTOPT_NONETWORK))) {
+    free(proxy);  /* Don't bother with an empty proxy string or if the
+                     protocol doesn't work with network */
+    proxy = NULL;
+  }
+
+  /***********************************************************************
+   * If this is supposed to use a proxy, we need to figure out the proxy host
+   * name, proxy type and port number, so that we can re-use an existing
+   * connection that may exist registered to the same proxy host.
+   ***********************************************************************/
+  if(proxy) {
+    result = parse_proxy(data, conn, proxy);
+
+    Curl_safefree(proxy); /* parse_proxy copies the proxy string */
+
+    if(result)
+      goto out;
+
+    if((conn->proxytype == CURLPROXY_HTTP) ||
+       (conn->proxytype == CURLPROXY_HTTP_1_0)) {
+#ifdef CURL_DISABLE_HTTP
+      /* asking for a HTTP proxy is a bit funny when HTTP is disabled... */
+      result = CURLE_UNSUPPORTED_PROTOCOL;
+      goto out;
+#else
+      /* force this connection's protocol to become HTTP if not already
+         compatible - if it isn't tunneling through */
+      if(!(conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+         !conn->bits.tunnel_proxy)
+        conn->handler = &Curl_handler_http;
+
+      conn->bits.httpproxy = TRUE;
+#endif
+    }
+    else
+      conn->bits.httpproxy = FALSE; /* not a HTTP proxy */
+    conn->bits.proxy = TRUE;
+  }
+  else {
+    /* we aren't using the proxy after all... */
+    conn->bits.proxy = FALSE;
+    conn->bits.httpproxy = FALSE;
+    conn->bits.proxy_user_passwd = FALSE;
+    conn->bits.tunnel_proxy = FALSE;
+  }
+
+#endif /* CURL_DISABLE_PROXY */
+
+  /*************************************************************
+   * If the protocol is using SSL and HTTP proxy is used, we set
+   * the tunnel_proxy bit.
+   *************************************************************/
+  if((conn->given->flags&PROTOPT_SSL) && conn->bits.httpproxy)
+    conn->bits.tunnel_proxy = TRUE;
+
+  /*************************************************************
+   * Figure out the remote port number and fix it in the URL
+   *************************************************************/
+  result = parse_remote_port(data, conn);
+  if(result != CURLE_OK)
+    goto out;
+
+  /* Check for overridden login details and set them accordingly so they
+     they are known when protocol->setup_connection is called! */
+  result = override_login(data, conn, &user, &passwd, &options);
+  if(result != CURLE_OK)
+    goto out;
+  result = set_login(conn, user, passwd, options);
+  if(result != CURLE_OK)
+    goto out;
+
+  /*************************************************************
+   * Setup internals depending on protocol. Needs to be done after
+   * we figured out what/if proxy to use.
+   *************************************************************/
+  result = setup_connection_internals(conn);
+  if(result != CURLE_OK)
+    goto out;
+
+  conn->recv[FIRSTSOCKET] = Curl_recv_plain;
+  conn->send[FIRSTSOCKET] = Curl_send_plain;
+  conn->recv[SECONDARYSOCKET] = Curl_recv_plain;
+  conn->send[SECONDARYSOCKET] = Curl_send_plain;
+
+  /***********************************************************************
+   * file: is a special case in that it doesn't need a network connection
+   ***********************************************************************/
+#ifndef CURL_DISABLE_FILE
+  if(conn->handler->flags & PROTOPT_NONETWORK) {
+    bool done;
+    /* this is supposed to be the connect function so we better at least check
+       that the file is present here! */
+    DEBUGASSERT(conn->handler->connect_it);
+    result = conn->handler->connect_it(conn, &done);
+
+    /* Setup a "faked" transfer that'll do nothing */
+    if(CURLE_OK == result) {
+      conn->data = data;
+      conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */
+
+      ConnectionStore(data, conn);
+
+      /*
+       * Setup whatever necessary for a resumed transfer
+       */
+      result = setup_range(data);
+      if(result) {
+        DEBUGASSERT(conn->handler->done);
+        /* we ignore the return code for the protocol-specific DONE */
+        (void)conn->handler->done(conn, result, FALSE);
+        goto out;
+      }
+
+      Curl_setup_transfer(conn, -1, -1, FALSE, NULL, /* no download */
+                          -1, NULL); /* no upload */
+    }
+
+    /* since we skip do_init() */
+    do_init(conn);
+
+    goto out;
+  }
+#endif
+
+  /* Get a cloned copy of the SSL config situation stored in the
+     connection struct. But to get this going nicely, we must first make
+     sure that the strings in the master copy are pointing to the correct
+     strings in the session handle strings array!
+
+     Keep in mind that the pointers in the master copy are pointing to strings
+     that will be freed as part of the SessionHandle struct, but all cloned
+     copies will be separately allocated.
+  */
+  data->set.ssl.CApath = data->set.str[STRING_SSL_CAPATH];
+  data->set.ssl.CAfile = data->set.str[STRING_SSL_CAFILE];
+  data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE];
+  data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT];
+  data->set.ssl.random_file = data->set.str[STRING_SSL_RANDOM_FILE];
+  data->set.ssl.egdsocket = data->set.str[STRING_SSL_EGDSOCKET];
+  data->set.ssl.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST];
+#ifdef USE_TLS_SRP
+  data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
+  data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
+#endif
+
+  if(!Curl_clone_ssl_config(&data->set.ssl, &conn->ssl_config)) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+
+  prune_dead_connections(data);
+
+  /*************************************************************
+   * Check the current list of connections to see if we can
+   * re-use an already existing one or if we have to create a
+   * new one.
+   *************************************************************/
+
+  /* reuse_fresh is TRUE if we are told to use a new connection by force, but
+     we only acknowledge this option if this is not a re-used connection
+     already (which happens due to follow-location or during a HTTP
+     authentication phase). */
+  if(data->set.reuse_fresh && !data->state.this_is_a_follow)
+    reuse = FALSE;
+  else
+    reuse = ConnectionExists(data, conn, &conn_temp, &force_reuse);
+
+  /* If we found a reusable connection, we may still want to
+     open a new connection if we are pipelining. */
+  if(reuse && !force_reuse && IsPipeliningPossible(data, conn_temp)) {
+    size_t pipelen = conn_temp->send_pipe->size + conn_temp->recv_pipe->size;
+    if(pipelen > 0) {
+      infof(data, "Found connection %ld, with requests in the pipe (%zu)\n",
+            conn_temp->connection_id, pipelen);
+
+      if(conn_temp->bundle->num_connections < max_host_connections &&
+         data->state.conn_cache->num_connections < max_total_connections) {
+        /* We want a new connection anyway */
+        reuse = FALSE;
+
+        infof(data, "We can reuse, but we want a new connection anyway\n");
+      }
+    }
+  }
+
+  if(reuse) {
+    /*
+     * We already have a connection for this, we got the former connection
+     * in the conn_temp variable and thus we need to cleanup the one we
+     * just allocated before we can move along and use the previously
+     * existing one.
+     */
+    conn_temp->inuse = TRUE; /* mark this as being in use so that no other
+                                handle in a multi stack may nick it */
+    reuse_conn(conn, conn_temp);
+    free(conn);          /* we don't need this anymore */
+    conn = conn_temp;
+    *in_connect = conn;
+
+    /* set a pointer to the hostname we display */
+    fix_hostname(data, conn, &conn->host);
+
+    infof(data, "Re-using existing connection! (#%ld) with host %s\n",
+          conn->connection_id,
+          conn->proxy.name?conn->proxy.dispname:conn->host.dispname);
+  }
+  else {
+    /* We have decided that we want a new connection. However, we may not
+       be able to do that if we have reached the limit of how many
+       connections we are allowed to open. */
+    struct connectbundle *bundle;
+
+    bundle = Curl_conncache_find_bundle(data->state.conn_cache,
+                                        conn->host.name);
+    if(max_host_connections > 0 && bundle &&
+       (bundle->num_connections >= max_host_connections)) {
+      struct connectdata *conn_candidate;
+
+      /* The bundle is full. Let's see if we can kill a connection. */
+      conn_candidate = find_oldest_idle_connection_in_bundle(data, bundle);
+
+      if(conn_candidate) {
+        /* Set the connection's owner correctly, then kill it */
+        conn_candidate->data = data;
+        (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
+      }
+      else
+        no_connections_available = TRUE;
+    }
+
+    if(max_total_connections > 0 &&
+       (data->state.conn_cache->num_connections >= max_total_connections)) {
+      struct connectdata *conn_candidate;
+
+      /* The cache is full. Let's see if we can kill a connection. */
+      conn_candidate = find_oldest_idle_connection(data);
+
+      if(conn_candidate) {
+        /* Set the connection's owner correctly, then kill it */
+        conn_candidate->data = data;
+        (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
+      }
+      else
+        no_connections_available = TRUE;
+    }
+
+
+    if(no_connections_available) {
+      infof(data, "No connections available.\n");
+
+      conn_free(conn);
+      *in_connect = NULL;
+
+      result = CURLE_NO_CONNECTION_AVAILABLE;
+      goto out;
+    }
+    else {
+      /*
+       * This is a brand new connection, so let's store it in the connection
+       * cache of ours!
+       */
+      ConnectionStore(data, conn);
+    }
+
+    /* If NTLM is requested in a part of this connection, make sure we don't
+       assume the state is fine as this is a fresh connection and NTLM is
+       connection based. */
+    if((data->state.authhost.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
+       data->state.authhost.done) {
+      infof(data, "NTLM picked AND auth done set, clear picked!\n");
+      data->state.authhost.picked = CURLAUTH_NONE;
+    }
+    if((data->state.authproxy.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
+       data->state.authproxy.done) {
+      infof(data, "NTLM-proxy picked AND auth done set, clear picked!\n");
+      data->state.authproxy.picked = CURLAUTH_NONE;
+    }
+
+  }
+
+  /* Mark the connection as used */
+  conn->inuse = TRUE;
+
+  /* Setup and init stuff before DO starts, in preparing for the transfer. */
+  do_init(conn);
+
+  /*
+   * Setup whatever necessary for a resumed transfer
+   */
+  result = setup_range(data);
+  if(result)
+    goto out;
+
+  /* Continue connectdata initialization here. */
+
+  /*
+   * Inherit the proper values from the urldata struct AFTER we have arranged
+   * the persistent connection stuff
+   */
+  conn->fread_func = data->set.fread_func;
+  conn->fread_in = data->set.in;
+  conn->seek_func = data->set.seek_func;
+  conn->seek_client = data->set.seek_client;
+
+  /*************************************************************
+   * Resolve the address of the server or proxy
+   *************************************************************/
+  result = resolve_server(data, conn, async);
+
+  out:
+
+  Curl_safefree(options);
+  Curl_safefree(passwd);
+  Curl_safefree(user);
+  Curl_safefree(proxy);
+  return result;
+}
+
+/* Curl_setup_conn() is called after the name resolve initiated in
+ * create_conn() is all done.
+ *
+ * Curl_setup_conn() also handles reused connections
+ *
+ * conn->data MUST already have been setup fine (in create_conn)
+ */
+
+CURLcode Curl_setup_conn(struct connectdata *conn,
+                         bool *protocol_done)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  Curl_pgrsTime(data, TIMER_NAMELOOKUP);
+
+  if(conn->handler->flags & PROTOPT_NONETWORK) {
+    /* nothing to setup when not using a network */
+    *protocol_done = TRUE;
+    return result;
+  }
+  *protocol_done = FALSE; /* default to not done */
+
+  /* set proxy_connect_closed to false unconditionally already here since it
+     is used strictly to provide extra information to a parent function in the
+     case of proxy CONNECT failures and we must make sure we don't have it
+     lingering set from a previous invoke */
+  conn->bits.proxy_connect_closed = FALSE;
+
+  /*
+   * Set user-agent. Used for HTTP, but since we can attempt to tunnel
+   * basically anything through a http proxy we can't limit this based on
+   * protocol.
+   */
+  if(data->set.str[STRING_USERAGENT]) {
+    Curl_safefree(conn->allocptr.uagent);
+    conn->allocptr.uagent =
+      aprintf("User-Agent: %s\r\n", data->set.str[STRING_USERAGENT]);
+    if(!conn->allocptr.uagent)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
+  data->req.headerbytecount = 0;
+
+#ifdef CURL_DO_LINEEND_CONV
+  data->state.crlf_conversions = 0; /* reset CRLF conversion counter */
+#endif /* CURL_DO_LINEEND_CONV */
+
+  /* set start time here for timeout purposes in the connect procedure, it
+     is later set again for the progress meter purpose */
+  conn->now = Curl_tvnow();
+
+  if(CURL_SOCKET_BAD == conn->sock[FIRSTSOCKET]) {
+    conn->bits.tcpconnect[FIRSTSOCKET] = FALSE;
+    result = Curl_connecthost(conn, conn->dns_entry);
+    if(result)
+      return result;
+  }
+  else {
+    Curl_pgrsTime(data, TIMER_CONNECT);    /* we're connected already */
+    Curl_pgrsTime(data, TIMER_APPCONNECT); /* we're connected already */
+    conn->bits.tcpconnect[FIRSTSOCKET] = TRUE;
+    *protocol_done = TRUE;
+    Curl_updateconninfo(conn, conn->sock[FIRSTSOCKET]);
+    Curl_verboseconnect(conn);
+  }
+
+  conn->now = Curl_tvnow(); /* time this *after* the connect is done, we
+                               set this here perhaps a second time */
+
+#ifdef __EMX__
+  /*
+   * This check is quite a hack. We're calling _fsetmode to fix the problem
+   * with fwrite converting newline characters (you get mangled text files,
+   * and corrupted binary files when you download to stdout and redirect it to
+   * a file).
+   */
+
+  if((data->set.out)->_handle == NULL) {
+    _fsetmode(stdout, "b");
+  }
+#endif
+
+  return result;
+}
+
+CURLcode Curl_connect(struct SessionHandle *data,
+                      struct connectdata **in_connect,
+                      bool *asyncp,
+                      bool *protocol_done)
+{
+  CURLcode code;
+
+  *asyncp = FALSE; /* assume synchronous resolves by default */
+
+  /* call the stuff that needs to be called */
+  code = create_conn(data, in_connect, asyncp);
+
+  if(CURLE_OK == code) {
+    /* no error */
+    if((*in_connect)->send_pipe->size || (*in_connect)->recv_pipe->size)
+      /* pipelining */
+      *protocol_done = TRUE;
+    else if(!*asyncp) {
+      /* DNS resolution is done: that's either because this is a reused
+         connection, in which case DNS was unnecessary, or because DNS
+         really did finish already (synch resolver/fast async resolve) */
+      code = Curl_setup_conn(*in_connect, protocol_done);
+    }
+  }
+
+  if(code == CURLE_NO_CONNECTION_AVAILABLE) {
+    *in_connect = NULL;
+    return code;
+  }
+
+  if(code && *in_connect) {
+    /* We're not allowed to return failure with memory left allocated
+       in the connectdata struct, free those here */
+    Curl_disconnect(*in_connect, FALSE); /* close the connection */
+    *in_connect = NULL;           /* return a NULL */
+  }
+
+  return code;
+}
+
+CURLcode Curl_done(struct connectdata **connp,
+                   CURLcode status,  /* an error if this is called after an
+                                        error was detected */
+                   bool premature)
+{
+  CURLcode result;
+  struct connectdata *conn;
+  struct SessionHandle *data;
+
+  DEBUGASSERT(*connp);
+
+  conn = *connp;
+  data = conn->data;
+
+  if(conn->bits.done)
+    /* Stop if Curl_done() has already been called */
+    return CURLE_OK;
+
+  Curl_getoff_all_pipelines(data, conn);
+
+  if((conn->send_pipe->size + conn->recv_pipe->size != 0 &&
+      !data->set.reuse_forbid &&
+      !conn->bits.close))
+    /* Stop if pipeline is not empty and we do not have to close
+       connection. */
+    return CURLE_OK;
+
+  conn->bits.done = TRUE; /* called just now! */
+
+  /* Cleanup possible redirect junk */
+  if(data->req.newurl) {
+    free(data->req.newurl);
+    data->req.newurl = NULL;
+  }
+  if(data->req.location) {
+    free(data->req.location);
+    data->req.location = NULL;
+  }
+
+  Curl_resolver_cancel(conn);
+
+  if(conn->dns_entry) {
+    Curl_resolv_unlock(data, conn->dns_entry); /* done with this */
+    conn->dns_entry = NULL;
+  }
+
+  switch(status) {
+  case CURLE_ABORTED_BY_CALLBACK:
+  case CURLE_READ_ERROR:
+  case CURLE_WRITE_ERROR:
+    /* When we're aborted due to a callback return code it basically have to
+       be counted as premature as there is trouble ahead if we don't. We have
+       many callbacks and protocols work differently, we could potentially do
+       this more fine-grained in the future. */
+    premature = TRUE;
+  default:
+    break;
+  }
+
+  /* this calls the protocol-specific function pointer previously set */
+  if(conn->handler->done)
+    result = conn->handler->done(conn, status, premature);
+  else
+    result = status;
+
+  if(!result && Curl_pgrsDone(conn))
+    result = CURLE_ABORTED_BY_CALLBACK;
+
+  /* if the transfer was completed in a paused state there can be buffered
+     data left to write and then kill */
+  if(data->state.tempwrite) {
+    free(data->state.tempwrite);
+    data->state.tempwrite = NULL;
+  }
+
+  /* if data->set.reuse_forbid is TRUE, it means the libcurl client has
+     forced us to close this connection. This is ignored for requests taking
+     place in a NTLM authentication handshake
+
+     if conn->bits.close is TRUE, it means that the connection should be
+     closed in spite of all our efforts to be nice, due to protocol
+     restrictions in our or the server's end
+
+     if premature is TRUE, it means this connection was said to be DONE before
+     the entire request operation is complete and thus we can't know in what
+     state it is for re-using, so we're forced to close it. In a perfect world
+     we can add code that keep track of if we really must close it here or not,
+     but currently we have no such detail knowledge.
+  */
+
+  if((data->set.reuse_forbid && !(conn->ntlm.state == NTLMSTATE_TYPE2 ||
+                                  conn->proxyntlm.state == NTLMSTATE_TYPE2))
+     || conn->bits.close || premature) {
+    CURLcode res2 = Curl_disconnect(conn, premature); /* close connection */
+
+    /* If we had an error already, make sure we return that one. But
+       if we got a new error, return that. */
+    if(!result && res2)
+      result = res2;
+  }
+  else {
+    /* the connection is no longer in use */
+    if(ConnectionDone(data, conn)) {
+      /* remember the most recently used connection */
+      data->state.lastconnect = conn;
+
+      infof(data, "Connection #%ld to host %s left intact\n",
+            conn->connection_id,
+            conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname);
+    }
+    else
+      data->state.lastconnect = NULL;
+  }
+
+  *connp = NULL; /* to make the caller of this function better detect that
+                    this was either closed or handed over to the connection
+                    cache here, and therefore cannot be used from this point on
+                 */
+  Curl_free_request_state(data);
+
+  return result;
+}
+
+/*
+ * do_init() inits the readwrite session. This is inited each time (in the DO
+ * function before the protocol-specific DO functions are invoked) for a
+ * transfer, sometimes multiple times on the same SessionHandle. Make sure
+ * nothing in here depends on stuff that are setup dynamically for the
+ * transfer.
+ */
+
+static CURLcode do_init(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  struct SingleRequest *k = &data->req;
+
+  conn->bits.done = FALSE; /* Curl_done() is not called yet */
+  conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to use */
+  data->state.expect100header = FALSE;
+
+  if(data->set.opt_no_body)
+    /* in HTTP lingo, no body means using the HEAD request... */
+    data->set.httpreq = HTTPREQ_HEAD;
+  else if(HTTPREQ_HEAD == data->set.httpreq)
+    /* ... but if unset there really is no perfect method that is the
+       "opposite" of HEAD but in reality most people probably think GET
+       then. The important thing is that we can't let it remain HEAD if the
+       opt_no_body is set FALSE since then we'll behave wrong when getting
+       HTTP. */
+    data->set.httpreq = HTTPREQ_GET;
+
+  k->start = Curl_tvnow(); /* start time */
+  k->now = k->start;   /* current time is now */
+  k->header = TRUE; /* assume header */
+
+  k->bytecount = 0;
+
+  k->buf = data->state.buffer;
+  k->uploadbuf = data->state.uploadbuffer;
+  k->hbufp = data->state.headerbuff;
+  k->ignorebody=FALSE;
+
+  Curl_speedinit(data);
+
+  Curl_pgrsSetUploadCounter(data, 0);
+  Curl_pgrsSetDownloadCounter(data, 0);
+
+  return CURLE_OK;
+}
+
+/*
+ * do_complete is called when the DO actions are complete.
+ *
+ * We init chunking and trailer bits to their default values here immediately
+ * before receiving any header data for the current request in the pipeline.
+ */
+static void do_complete(struct connectdata *conn)
+{
+  conn->data->req.chunk=FALSE;
+  conn->data->req.maxfd = (conn->sockfd>conn->writesockfd?
+                           conn->sockfd:conn->writesockfd)+1;
+  Curl_pgrsTime(conn->data, TIMER_PRETRANSFER);
+}
+
+CURLcode Curl_do(struct connectdata **connp, bool *done)
+{
+  CURLcode result=CURLE_OK;
+  struct connectdata *conn = *connp;
+  struct SessionHandle *data = conn->data;
+
+  if(conn->handler->do_it) {
+    /* generic protocol-specific function pointer set in curl_connect() */
+    result = conn->handler->do_it(conn, done);
+
+    /* This was formerly done in transfer.c, but we better do it here */
+    if((CURLE_SEND_ERROR == result) && conn->bits.reuse) {
+      /*
+       * If the connection is using an easy handle, call reconnect
+       * to re-establish the connection.  Otherwise, let the multi logic
+       * figure out how to re-establish the connection.
+       */
+      if(!data->multi) {
+        result = Curl_reconnect_request(connp);
+
+        if(result == CURLE_OK) {
+          /* ... finally back to actually retry the DO phase */
+          conn = *connp; /* re-assign conn since Curl_reconnect_request
+                            creates a new connection */
+          result = conn->handler->do_it(conn, done);
+        }
+      }
+      else
+        return result;
+    }
+
+    if((result == CURLE_OK) && *done)
+      /* do_complete must be called after the protocol-specific DO function */
+      do_complete(conn);
+  }
+  return result;
+}
+
+/*
+ * Curl_do_more() is called during the DO_MORE multi state. It is basically a
+ * second stage DO state which (wrongly) was introduced to support FTP's
+ * second connection.
+ *
+ * TODO: A future libcurl should be able to work away this state.
+ *
+ * 'complete' can return 0 for incomplete, 1 for done and -1 for go back to
+ * DOING state there's more work to do!
+ */
+
+CURLcode Curl_do_more(struct connectdata *conn, int *complete)
+{
+  CURLcode result=CURLE_OK;
+
+  *complete = 0;
+
+  if(conn->handler->do_more)
+    result = conn->handler->do_more(conn, complete);
+
+  if(!result && (*complete == 1))
+    /* do_complete must be called after the protocol-specific DO function */
+    do_complete(conn);
+
+  return result;
+}
diff --git a/Utilities/cmcurl/url.h b/Utilities/cmcurl/lib/url.h
index 446b3d9..cd46a92 100644
--- a/Utilities/cmcurl/url.h
+++ b/Utilities/cmcurl/lib/url.h
@@ -1,5 +1,5 @@
-#ifndef __URL_H
-#define __URL_H
+#ifndef HEADER_CURL_URL_H
+#define HEADER_CURL_URL_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,40 +20,32 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-
-#include <stdarg.h> /* to make sure we have ap_list */
+#include "curl_setup.h"
 
 /*
  * Prototypes for library-wide functions provided by url.c
  */
 
 CURLcode Curl_open(struct SessionHandle **curl);
+CURLcode Curl_init_userdefined(struct UserDefined *set);
 CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
                      va_list arg);
+CURLcode Curl_dupset(struct SessionHandle * dst, struct SessionHandle * src);
+void Curl_freeset(struct SessionHandle * data);
 CURLcode Curl_close(struct SessionHandle *data); /* opposite of curl_open() */
 CURLcode Curl_connect(struct SessionHandle *, struct connectdata **,
                       bool *async, bool *protocol_connect);
-CURLcode Curl_async_resolved(struct connectdata *conn,
-                             bool *protocol_connect);
 CURLcode Curl_do(struct connectdata **, bool *done);
-CURLcode Curl_do_more(struct connectdata *);
+CURLcode Curl_do_more(struct connectdata *, int *completed);
 CURLcode Curl_done(struct connectdata **, CURLcode, bool premature);
-CURLcode Curl_disconnect(struct connectdata *);
+CURLcode Curl_disconnect(struct connectdata *, bool dead_connection);
 CURLcode Curl_protocol_connect(struct connectdata *conn, bool *done);
 CURLcode Curl_protocol_connecting(struct connectdata *conn, bool *done);
 CURLcode Curl_protocol_doing(struct connectdata *conn, bool *done);
-void Curl_safefree(void *ptr);
-
-/* create a connection cache */
-struct conncache *Curl_mk_connc(int type, int amount);
-/* free a connection cache */
-void Curl_rm_connc(struct conncache *c);
-/* Change number of entries of a connection cache */
-CURLcode Curl_ch_connc(struct SessionHandle *data,
-                       struct conncache *c,
-                       long newamount);
+CURLcode Curl_setup_conn(struct connectdata *conn,
+                         bool *protocol_done);
+void Curl_free_request_state(struct SessionHandle *data);
 
 int Curl_protocol_getsock(struct connectdata *conn,
                           curl_socket_t *socks,
@@ -62,24 +54,29 @@ int Curl_doing_getsock(struct connectdata *conn,
                        curl_socket_t *socks,
                        int numsocks);
 
-void Curl_addHandleToPipeline(struct SessionHandle *handle,
-                              struct curl_llist *pipe);
+bool Curl_isPipeliningEnabled(const struct SessionHandle *handle);
+CURLcode Curl_addHandleToPipeline(struct SessionHandle *handle,
+                                  struct curl_llist *pipeline);
 int Curl_removeHandleFromPipeline(struct SessionHandle *handle,
-                                  struct curl_llist *pipe);
-bool Curl_isHandleAtHead(struct SessionHandle *handle,
-                         struct curl_llist *pipe);
+                                  struct curl_llist *pipeline);
+/* remove the specified connection from all (possible) pipelines and related
+   queues */
+void Curl_getoff_all_pipelines(struct SessionHandle *data,
+                               struct connectdata *conn);
 
 void Curl_close_connections(struct SessionHandle *data);
 
-#if 0
-CURLcode Curl_protocol_fdset(struct connectdata *conn,
-                             fd_set *read_fd_set,
-                             fd_set *write_fd_set,
-                             int *max_fdp);
-CURLcode Curl_doing_fdset(struct connectdata *conn,
-                          fd_set *read_fd_set,
-                          fd_set *write_fd_set,
-                          int *max_fdp);
-#endif
+#define CURL_DEFAULT_PROXY_PORT 1080 /* default proxy port unless specified */
+#define CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE "rcmd" /* default socks5 gssapi
+                                                     service */
 
+CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex);
+
+#ifdef CURL_DISABLE_VERBOSE_STRINGS
+#define Curl_verboseconnect(x)  Curl_nop_stmt
+#else
+void Curl_verboseconnect(struct connectdata *conn);
 #endif
+
+
+#endif /* HEADER_CURL_URL_H */
diff --git a/Utilities/cmcurl/lib/urldata.h b/Utilities/cmcurl/lib/urldata.h
new file mode 100644
index 0000000..8594c2f
--- /dev/null
+++ b/Utilities/cmcurl/lib/urldata.h
@@ -0,0 +1,1705 @@
+#ifndef HEADER_CURL_URLDATA_H
+#define HEADER_CURL_URLDATA_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* This file is for lib internal stuff */
+
+#include "curl_setup.h"
+
+#define PORT_FTP 21
+#define PORT_FTPS 990
+#define PORT_TELNET 23
+#define PORT_HTTP 80
+#define PORT_HTTPS 443
+#define PORT_DICT 2628
+#define PORT_LDAP 389
+#define PORT_LDAPS 636
+#define PORT_TFTP 69
+#define PORT_SSH 22
+#define PORT_IMAP 143
+#define PORT_IMAPS 993
+#define PORT_POP3 110
+#define PORT_POP3S 995
+#define PORT_SMTP 25
+#define PORT_SMTPS 465 /* sometimes called SSMTP */
+#define PORT_RTSP 554
+#define PORT_RTMP 1935
+#define PORT_RTMPT PORT_HTTP
+#define PORT_RTMPS PORT_HTTPS
+#define PORT_GOPHER 70
+
+#define DICT_MATCH "/MATCH:"
+#define DICT_MATCH2 "/M:"
+#define DICT_MATCH3 "/FIND:"
+#define DICT_DEFINE "/DEFINE:"
+#define DICT_DEFINE2 "/D:"
+#define DICT_DEFINE3 "/LOOKUP:"
+
+#define CURL_DEFAULT_USER "anonymous"
+#define CURL_DEFAULT_PASSWORD "ftp@example.com"
+
+/* Convenience defines for checking protocols or their SSL based version. Each
+   protocol handler should only ever have a single CURLPROTO_ in its protocol
+   field. */
+#define PROTO_FAMILY_HTTP (CURLPROTO_HTTP|CURLPROTO_HTTPS)
+#define PROTO_FAMILY_FTP  (CURLPROTO_FTP|CURLPROTO_FTPS)
+#define PROTO_FAMILY_POP3 (CURLPROTO_POP3|CURLPROTO_POP3S)
+#define PROTO_FAMILY_SMTP (CURLPROTO_SMTP|CURLPROTO_SMTPS)
+
+#define DEFAULT_CONNCACHE_SIZE 5
+
+/* length of longest IPv6 address string including the trailing null */
+#define MAX_IPADR_LEN sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")
+
+/* Default FTP/IMAP etc response timeout in milliseconds.
+   Symbian OS panics when given a timeout much greater than 1/2 hour.
+*/
+#define RESP_TIMEOUT (1800*1000)
+
+#include "cookie.h"
+#include "formdata.h"
+
+#ifdef USE_SSLEAY
+#ifdef USE_OPENSSL
+#include <openssl/rsa.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#ifdef HAVE_OPENSSL_ENGINE_H
+#include <openssl/engine.h>
+#endif
+#ifdef HAVE_OPENSSL_PKCS12_H
+#include <openssl/pkcs12.h>
+#endif
+#else /* SSLeay-style includes */
+#include <rsa.h>
+#include <crypto.h>
+#include <x509.h>
+#include <pem.h>
+#include <ssl.h>
+#include <err.h>
+#ifdef HAVE_OPENSSL_ENGINE_H
+#include <engine.h>
+#endif
+#ifdef HAVE_OPENSSL_PKCS12_H
+#include <pkcs12.h>
+#endif
+#endif /* USE_OPENSSL */
+#ifdef USE_GNUTLS
+#error Configuration error; cannot use GnuTLS *and* OpenSSL.
+#endif
+#endif /* USE_SSLEAY */
+
+#ifdef USE_GNUTLS
+#include <gnutls/gnutls.h>
+#endif
+
+#ifdef USE_POLARSSL
+#include <polarssl/ssl.h>
+#include <polarssl/version.h>
+#if POLARSSL_VERSION_NUMBER<0x01010000
+#include <polarssl/havege.h>
+#else
+#include <polarssl/entropy.h>
+#include <polarssl/ctr_drbg.h>
+#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
+#endif /* USE_POLARSSL */
+
+#ifdef USE_CYASSL
+#undef OCSP_REQUEST  /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */
+#undef OCSP_RESPONSE /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */
+#include <cyassl/openssl/ssl.h>
+#endif
+
+#ifdef USE_NSS
+#include <nspr.h>
+#include <pk11pub.h>
+#endif
+
+#ifdef USE_QSOSSL
+#include <qsossl.h>
+#endif
+
+#ifdef USE_GSKIT
+#include <gskssl.h>
+#endif
+
+#ifdef USE_AXTLS
+#include <axTLS/ssl.h>
+#undef malloc
+#undef calloc
+#undef realloc
+#endif /* USE_AXTLS */
+
+#ifdef USE_SCHANNEL
+#include "curl_sspi.h"
+#include <schnlsp.h>
+#include <schannel.h>
+#endif
+
+#ifdef USE_DARWINSSL
+#include <Security/Security.h>
+/* For some reason, when building for iOS, the omnibus header above does
+ * not include SecureTransport.h as of iOS SDK 5.1. */
+#include <Security/SecureTransport.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#include "timeval.h"
+
+#ifdef HAVE_ZLIB_H
+#include <zlib.h>               /* for content-encoding */
+#ifdef __SYMBIAN32__
+/* zlib pollutes the namespace with this definition */
+#undef WIN32
+#endif
+#endif
+
+#include <curl/curl.h>
+
+#include "http_chunks.h" /* for the structs and enum stuff */
+#include "hostip.h"
+#include "hash.h"
+#include "splay.h"
+
+#include "imap.h"
+#include "pop3.h"
+#include "smtp.h"
+#include "ftp.h"
+#include "file.h"
+#include "ssh.h"
+#include "http.h"
+#include "rtsp.h"
+#include "wildcard.h"
+#include "multihandle.h"
+
+#ifdef HAVE_GSSAPI
+# ifdef HAVE_GSSGNU
+#  include <gss.h>
+# elif defined HAVE_GSSMIT
+#  include <gssapi/gssapi.h>
+#  include <gssapi/gssapi_generic.h>
+# else
+#  include <gssapi.h>
+# endif
+#endif
+
+#ifdef HAVE_LIBSSH2_H
+#include <libssh2.h>
+#include <libssh2_sftp.h>
+#endif /* HAVE_LIBSSH2_H */
+
+/* Download buffer size, keep it fairly big for speed reasons */
+#undef BUFSIZE
+#define BUFSIZE CURL_MAX_WRITE_SIZE
+
+/* Initial size of the buffer to store headers in, it'll be enlarged in case
+   of need. */
+#define HEADERSIZE 256
+
+#define CURLEASY_MAGIC_NUMBER 0xc0dedbadU
+
+/* Some convenience macros to get the larger/smaller value out of two given.
+   We prefix with CURL to prevent name collisions. */
+#define CURLMAX(x,y) ((x)>(y)?(x):(y))
+#define CURLMIN(x,y) ((x)<(y)?(x):(y))
+
+
+#ifdef HAVE_GSSAPI
+/* Types needed for krb5-ftp connections */
+struct krb5buffer {
+  void *data;
+  size_t size;
+  size_t index;
+  int eof_flag;
+};
+
+enum protection_level {
+  PROT_NONE, /* first in list */
+  PROT_CLEAR,
+  PROT_SAFE,
+  PROT_CONFIDENTIAL,
+  PROT_PRIVATE,
+  PROT_CMD,
+  PROT_LAST /* last in list */
+};
+#endif
+
+#ifdef USE_SCHANNEL
+/* Structs to store Schannel handles */
+struct curl_schannel_cred {
+  CredHandle cred_handle;
+  TimeStamp time_stamp;
+  int refcount;
+  bool cached;
+};
+
+struct curl_schannel_ctxt {
+  CtxtHandle ctxt_handle;
+  TimeStamp time_stamp;
+};
+#endif
+
+/* enum for the nonblocking SSL connection state machine */
+typedef enum {
+  ssl_connect_1,
+  ssl_connect_2,
+  ssl_connect_2_reading,
+  ssl_connect_2_writing,
+  ssl_connect_3,
+  ssl_connect_done
+} ssl_connect_state;
+
+typedef enum {
+  ssl_connection_none,
+  ssl_connection_negotiating,
+  ssl_connection_complete
+} ssl_connection_state;
+
+/* struct for data related to each SSL connection */
+struct ssl_connect_data {
+  /* Use ssl encrypted communications TRUE/FALSE, not necessarily using it atm
+     but at least asked to or meaning to use it. See 'state' for the exact
+     current state of the connection. */
+  bool use;
+  ssl_connection_state state;
+#ifdef USE_SSLEAY
+  /* these ones requires specific SSL-types */
+  SSL_CTX* ctx;
+  SSL*     handle;
+  X509*    server_cert;
+  ssl_connect_state connecting_state;
+#endif /* USE_SSLEAY */
+#ifdef USE_GNUTLS
+  gnutls_session_t session;
+  gnutls_certificate_credentials_t cred;
+#ifdef USE_TLS_SRP
+  gnutls_srp_client_credentials_t srp_client_cred;
+#endif
+  ssl_connect_state connecting_state;
+#endif /* USE_GNUTLS */
+#ifdef USE_POLARSSL
+  ctr_drbg_context ctr_drbg;
+  entropy_context entropy;
+  ssl_context ssl;
+  ssl_session ssn;
+  int server_fd;
+  x509_crt cacert;
+  x509_crt clicert;
+  x509_crl crl;
+  rsa_context rsa;
+  ssl_connect_state connecting_state;
+#endif /* USE_POLARSSL */
+#ifdef USE_CYASSL
+  SSL_CTX* ctx;
+  SSL*     handle;
+  ssl_connect_state connecting_state;
+#endif /* USE_CYASSL */
+#ifdef USE_NSS
+  PRFileDesc *handle;
+  char *client_nickname;
+  struct SessionHandle *data;
+  struct curl_llist *obj_list;
+  PK11GenericObject *obj_clicert;
+  ssl_connect_state connecting_state;
+#endif /* USE_NSS */
+#ifdef USE_QSOSSL
+  SSLHandle *handle;
+#endif /* USE_QSOSSL */
+#ifdef USE_GSKIT
+  gsk_handle handle;
+  int iocport;
+  ssl_connect_state connecting_state;
+#endif
+#ifdef USE_AXTLS
+  SSL_CTX* ssl_ctx;
+  SSL*     ssl;
+  ssl_connect_state connecting_state;
+#endif /* USE_AXTLS */
+#ifdef USE_SCHANNEL
+  struct curl_schannel_cred *cred;
+  struct curl_schannel_ctxt *ctxt;
+  SecPkgContext_StreamSizes stream_sizes;
+  ssl_connect_state connecting_state;
+  size_t encdata_length, decdata_length;
+  size_t encdata_offset, decdata_offset;
+  unsigned char *encdata_buffer, *decdata_buffer;
+  unsigned long req_flags, ret_flags;
+#endif /* USE_SCHANNEL */
+#ifdef USE_DARWINSSL
+  SSLContextRef ssl_ctx;
+  curl_socket_t ssl_sockfd;
+  ssl_connect_state connecting_state;
+  bool ssl_direction; /* true if writing, false if reading */
+  size_t ssl_write_buffered_length;
+#endif /* USE_DARWINSSL */
+};
+
+struct ssl_config_data {
+  long version;          /* what version the client wants to use */
+  long certverifyresult; /* result from the certificate verification */
+
+  bool verifypeer;       /* set TRUE if this is desired */
+  bool verifyhost;       /* set TRUE if CN/SAN must match hostname */
+  char *CApath;          /* certificate dir (doesn't work on windows) */
+  char *CAfile;          /* certificate to verify peer against */
+  const char *CRLfile;   /* CRL to check certificate revocation */
+  const char *issuercert;/* optional issuer certificate filename */
+  char *random_file;     /* path to file containing "random" data */
+  char *egdsocket;       /* path to file containing the EGD daemon socket */
+  char *cipher_list;     /* list of ciphers to use */
+  size_t max_ssl_sessions; /* SSL session id cache size */
+  curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
+  void *fsslctxp;        /* parameter for call back */
+  bool sessionid;        /* cache session IDs or not */
+  bool certinfo;         /* gather lots of certificate info */
+
+#ifdef USE_TLS_SRP
+  char *username; /* TLS username (for, e.g., SRP) */
+  char *password; /* TLS password (for, e.g., SRP) */
+  enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
+#endif
+};
+
+/* information stored about one single SSL session */
+struct curl_ssl_session {
+  char *name;       /* host name for which this ID was used */
+  void *sessionid;  /* as returned from the SSL layer */
+  size_t idsize;    /* if known, otherwise 0 */
+  long age;         /* just a number, the higher the more recent */
+  int remote_port;  /* remote port to connect to */
+  struct ssl_config_data ssl_config; /* setup for this session */
+};
+
+/* Struct used for Digest challenge-response authentication */
+struct digestdata {
+  char *nonce;
+  char *cnonce;
+  char *realm;
+  int algo;
+  bool stale; /* set true for re-negotiation */
+  char *opaque;
+  char *qop;
+  char *algorithm;
+  int nc; /* nounce count */
+};
+
+typedef enum {
+  NTLMSTATE_NONE,
+  NTLMSTATE_TYPE1,
+  NTLMSTATE_TYPE2,
+  NTLMSTATE_TYPE3,
+  NTLMSTATE_LAST
+} curlntlm;
+
+#ifdef USE_WINDOWS_SSPI
+#include "curl_sspi.h"
+#endif
+
+#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
+#include <iconv.h>
+#endif
+
+/* Struct used for GSSAPI (Kerberos V5) authentication */
+#if defined(USE_WINDOWS_SSPI)
+struct kerberos5data {
+  CredHandle *credentials;
+  CtxtHandle *context;
+  TCHAR *spn;
+  SEC_WINNT_AUTH_IDENTITY identity;
+  SEC_WINNT_AUTH_IDENTITY *p_identity;
+  size_t token_max;
+  BYTE *output_token;
+};
+#endif
+
+/* Struct used for NTLM challenge-response authentication */
+struct ntlmdata {
+  curlntlm state;
+#ifdef USE_WINDOWS_SSPI
+  CredHandle handle;
+  CtxtHandle c_handle;
+  SEC_WINNT_AUTH_IDENTITY identity;
+  SEC_WINNT_AUTH_IDENTITY *p_identity;
+  size_t max_token_length;
+  BYTE *output_token;
+  int has_handles;
+  void *type_2;
+  unsigned long n_type_2;
+#else
+  unsigned int flags;
+  unsigned char nonce[8];
+  void* target_info; /* TargetInfo received in the ntlm type-2 message */
+  unsigned int target_info_len;
+#endif
+};
+
+#ifdef USE_SPNEGO
+struct negotiatedata {
+  /* When doing Negotiate (SPNEGO) auth, we first need to send a token
+     and then validate the received one. */
+  enum { GSS_AUTHNONE, GSS_AUTHRECV, GSS_AUTHSENT } state;
+#ifdef HAVE_GSSAPI
+  OM_uint32 status;
+  gss_ctx_id_t context;
+  gss_name_t server_name;
+  gss_buffer_desc output_token;
+#else
+#ifdef USE_WINDOWS_SSPI
+  DWORD status;
+  CtxtHandle *context;
+  CredHandle *credentials;
+  SEC_WINNT_AUTH_IDENTITY identity;
+  SEC_WINNT_AUTH_IDENTITY *p_identity;
+  TCHAR *server_name;
+  size_t max_token_length;
+  BYTE *output_token;
+  size_t output_token_length;
+#endif
+#endif
+};
+#endif
+
+
+/*
+ * Boolean values that concerns this connection.
+ */
+struct ConnectBits {
+  /* always modify bits.close with the connclose() and connkeep() macros! */
+  bool close; /* if set, we close the connection after this request */
+  bool reuse; /* if set, this is a re-used connection */
+  bool proxy; /* if set, this transfer is done through a proxy - any type */
+  bool httpproxy;    /* if set, this transfer is done through a http proxy */
+  bool user_passwd;    /* do we use user+password for this connection? */
+  bool proxy_user_passwd; /* user+password for the proxy? */
+  bool ipv6_ip; /* we communicate with a remote site specified with pure IPv6
+                   IP address */
+  bool ipv6;    /* we communicate with a site using an IPv6 address */
+
+  bool do_more; /* this is set TRUE if the ->curl_do_more() function is
+                   supposed to be called, after ->curl_do() */
+  bool tcpconnect[2]; /* the TCP layer (or similar) is connected, this is set
+                         the first time on the first connect function call */
+  bool protoconnstart;/* the protocol layer has STARTED its operation after
+                         the TCP layer connect */
+
+  bool retry;         /* this connection is about to get closed and then
+                         re-attempted at another connection. */
+  bool tunnel_proxy;  /* if CONNECT is used to "tunnel" through the proxy.
+                         This is implicit when SSL-protocols are used through
+                         proxies, but can also be enabled explicitly by
+                         apps */
+  bool authneg;       /* TRUE when the auth phase has started, which means
+                         that we are creating a request with an auth header,
+                         but it is not the final request in the auth
+                         negotiation. */
+  bool rewindaftersend;/* TRUE when the sending couldn't be stopped even
+                          though it will be discarded. When the whole send
+                          operation is done, we must call the data rewind
+                          callback. */
+  bool ftp_use_epsv;  /* As set with CURLOPT_FTP_USE_EPSV, but if we find out
+                         EPSV doesn't work we disable it for the forthcoming
+                         requests */
+
+  bool ftp_use_eprt;  /* As set with CURLOPT_FTP_USE_EPRT, but if we find out
+                         EPRT doesn't work we disable it for the forthcoming
+                         requests */
+  bool netrc;         /* name+password provided by netrc */
+  bool userpwd_in_url; /* name+password found in url */
+
+  bool done;          /* set to FALSE when Curl_do() is called and set to TRUE
+                         when Curl_done() is called, to prevent Curl_done() to
+                         get invoked twice when the multi interface is
+                         used. */
+  bool stream_was_rewound; /* Indicates that the stream was rewound after a
+                              request read past the end of its response byte
+                              boundary */
+  bool proxy_connect_closed; /* set true if a proxy disconnected the
+                                connection in a CONNECT request with auth, so
+                                that libcurl should reconnect and continue. */
+  bool bound; /* set true if bind() has already been done on this socket/
+                 connection */
+  bool type_set;  /* type= was used in the URL */
+};
+
+struct hostname {
+  char *rawalloc; /* allocated "raw" version of the name */
+  char *encalloc; /* allocated IDN-encoded version of the name */
+  char *name;     /* name to use internally, might be encoded, might be raw */
+  const char *dispname; /* name to display, as 'name' might be encoded */
+};
+
+/*
+ * Flags on the keepon member of the Curl_transfer_keeper
+ */
+
+#define KEEP_NONE  0
+#define KEEP_RECV  (1<<0)     /* there is or may be data to read */
+#define KEEP_SEND (1<<1)     /* there is or may be data to write */
+#define KEEP_RECV_HOLD (1<<2) /* when set, no reading should be done but there
+                                 might still be data to read */
+#define KEEP_SEND_HOLD (1<<3) /* when set, no writing should be done but there
+                                  might still be data to write */
+#define KEEP_RECV_PAUSE (1<<4) /* reading is paused */
+#define KEEP_SEND_PAUSE (1<<5) /* writing is paused */
+
+#define KEEP_RECVBITS (KEEP_RECV | KEEP_RECV_HOLD | KEEP_RECV_PAUSE)
+#define KEEP_SENDBITS (KEEP_SEND | KEEP_SEND_HOLD | KEEP_SEND_PAUSE)
+
+
+#ifdef HAVE_LIBZ
+typedef enum {
+  ZLIB_UNINIT,          /* uninitialized */
+  ZLIB_INIT,            /* initialized */
+  ZLIB_GZIP_HEADER,     /* reading gzip header */
+  ZLIB_GZIP_INFLATING,  /* inflating gzip stream */
+  ZLIB_INIT_GZIP        /* initialized in transparent gzip mode */
+} zlibInitState;
+#endif
+
+#ifdef CURLRES_ASYNCH
+struct Curl_async {
+  char *hostname;
+  int port;
+  struct Curl_dns_entry *dns;
+  bool done;  /* set TRUE when the lookup is complete */
+  int status; /* if done is TRUE, this is the status from the callback */
+  void *os_specific;  /* 'struct thread_data' for Windows */
+};
+#endif
+
+#define FIRSTSOCKET     0
+#define SECONDARYSOCKET 1
+
+/* These function pointer types are here only to allow easier typecasting
+   within the source when we need to cast between data pointers (such as NULL)
+   and function pointers. */
+typedef CURLcode (*Curl_do_more_func)(struct connectdata *, int *);
+typedef CURLcode (*Curl_done_func)(struct connectdata *, CURLcode, bool);
+
+enum expect100 {
+  EXP100_SEND_DATA,           /* enough waiting, just send the body now */
+  EXP100_AWAITING_CONTINUE,   /* waiting for the 100 Continue header */
+  EXP100_SENDING_REQUEST,     /* still sending the request but will wait for
+                                 the 100 header once done with the request */
+  EXP100_FAILED               /* used on 417 Expectation Failed */
+};
+
+enum upgrade101 {
+  UPGR101_INIT,               /* default state */
+  UPGR101_REQUESTED,          /* upgrade requested */
+  UPGR101_RECEIVED,           /* response received */
+  UPGR101_WORKING             /* talking upgraded protocol */
+};
+
+enum negotiatenpn {
+  NPN_INIT,                   /* default state */
+  NPN_HTTP1_1,                /* HTTP/1.1 negotiated */
+  NPN_HTTP2                   /* HTTP2 (draft-xx) negotiated */
+};
+
+/*
+ * Request specific data in the easy handle (SessionHandle).  Previously,
+ * these members were on the connectdata struct but since a conn struct may
+ * now be shared between different SessionHandles, we store connection-specific
+ * data here. This struct only keeps stuff that's interesting for *this*
+ * request, as it will be cleared between multiple ones
+ */
+struct SingleRequest {
+  curl_off_t size;        /* -1 if unknown at this point */
+  curl_off_t *bytecountp; /* return number of bytes read or NULL */
+
+  curl_off_t maxdownload; /* in bytes, the maximum amount of data to fetch,
+                             -1 means unlimited */
+  curl_off_t *writebytecountp; /* return number of bytes written or NULL */
+
+  curl_off_t bytecount;         /* total number of bytes read */
+  curl_off_t writebytecount;    /* number of bytes written */
+
+  long headerbytecount;         /* only count received headers */
+  long deductheadercount; /* this amount of bytes doesn't count when we check
+                             if anything has been transferred at the end of a
+                             connection. We use this counter to make only a
+                             100 reply (without a following second response
+                             code) result in a CURLE_GOT_NOTHING error code */
+
+  struct timeval start;         /* transfer started at this time */
+  struct timeval now;           /* current time */
+  bool header;                  /* incoming data has HTTP header */
+  enum {
+    HEADER_NORMAL,              /* no bad header at all */
+    HEADER_PARTHEADER,          /* part of the chunk is a bad header, the rest
+                                   is normal data */
+    HEADER_ALLBAD               /* all was believed to be header */
+  } badheader;                  /* the header was deemed bad and will be
+                                   written as body */
+  int headerline;               /* counts header lines to better track the
+                                   first one */
+  char *hbufp;                  /* points at *end* of header line */
+  size_t hbuflen;
+  char *str;                    /* within buf */
+  char *str_start;              /* within buf */
+  char *end_ptr;                /* within buf */
+  char *p;                      /* within headerbuff */
+  bool content_range;           /* set TRUE if Content-Range: was found */
+  curl_off_t offset;            /* possible resume offset read from the
+                                   Content-Range: header */
+  int httpcode;                 /* error code from the 'HTTP/1.? XXX' or
+                                   'RTSP/1.? XXX' line */
+  struct timeval start100;      /* time stamp to wait for the 100 code from */
+  enum expect100 exp100;        /* expect 100 continue state */
+  enum upgrade101 upgr101;      /* 101 upgrade state */
+
+  int auto_decoding;            /* What content encoding. sec 3.5, RFC2616. */
+
+#define IDENTITY 0              /* No encoding */
+#define DEFLATE 1               /* zlib deflate [RFC 1950 & 1951] */
+#define GZIP 2                  /* gzip algorithm [RFC 1952] */
+#define COMPRESS 3              /* Not handled, added for completeness */
+
+#ifdef HAVE_LIBZ
+  zlibInitState zlib_init;      /* possible zlib init state;
+                                   undefined if Content-Encoding header. */
+  z_stream z;                   /* State structure for zlib. */
+#endif
+
+  time_t timeofdoc;
+  long bodywrites;
+
+  char *buf;
+  char *uploadbuf;
+  curl_socket_t maxfd;
+
+  int keepon;
+
+  bool upload_done; /* set to TRUE when doing chunked transfer-encoding upload
+                       and we're uploading the last chunk */
+
+  bool ignorebody;  /* we read a response-body but we ignore it! */
+  bool ignorecl;    /* This HTTP response has no body so we ignore the Content-
+                       Length: header */
+
+  char *location;   /* This points to an allocated version of the Location:
+                       header data */
+  char *newurl;     /* Set to the new URL to use when a redirect or a retry is
+                       wanted */
+
+  /* 'upload_present' is used to keep a byte counter of how much data there is
+     still left in the buffer, aimed for upload. */
+  ssize_t upload_present;
+
+   /* 'upload_fromhere' is used as a read-pointer when we uploaded parts of a
+      buffer, so the next read should read from where this pointer points to,
+      and the 'upload_present' contains the number of bytes available at this
+      position */
+  char *upload_fromhere;
+
+  bool chunk; /* if set, this is a chunked transfer-encoding */
+  bool upload_chunky; /* set TRUE if we are doing chunked transfer-encoding
+                         on upload */
+  bool getheader;     /* TRUE if header parsing is wanted */
+
+  bool forbidchunk;   /* used only to explicitly forbid chunk-upload for
+                         specific upload buffers. See readmoredata() in
+                         http.c for details. */
+
+  void *protop;       /* Allocated protocol-specific data. Each protocol
+                         handler makes sure this points to data it needs. */
+};
+
+/*
+ * Specific protocol handler.
+ */
+
+struct Curl_handler {
+  const char * scheme;        /* URL scheme name. */
+
+  /* Complement to setup_connection_internals(). */
+  CURLcode (*setup_connection)(struct connectdata *);
+
+  /* These two functions MUST be set to be protocol dependent */
+  CURLcode (*do_it)(struct connectdata *, bool *done);
+  Curl_done_func done;
+
+  /* If the curl_do() function is better made in two halves, this
+   * curl_do_more() function will be called afterwards, if set. For example
+   * for doing the FTP stuff after the PASV/PORT command.
+   */
+  Curl_do_more_func do_more;
+
+  /* This function *MAY* be set to a protocol-dependent function that is run
+   * after the connect() and everything is done, as a step in the connection.
+   * The 'done' pointer points to a bool that should be set to TRUE if the
+   * function completes before return. If it doesn't complete, the caller
+   * should call the curl_connecting() function until it is.
+   */
+  CURLcode (*connect_it)(struct connectdata *, bool *done);
+
+  /* See above. Currently only used for FTP. */
+  CURLcode (*connecting)(struct connectdata *, bool *done);
+  CURLcode (*doing)(struct connectdata *, bool *done);
+
+  /* Called from the multi interface during the PROTOCONNECT phase, and it
+     should then return a proper fd set */
+  int (*proto_getsock)(struct connectdata *conn,
+                       curl_socket_t *socks,
+                       int numsocks);
+
+  /* Called from the multi interface during the DOING phase, and it should
+     then return a proper fd set */
+  int (*doing_getsock)(struct connectdata *conn,
+                       curl_socket_t *socks,
+                       int numsocks);
+
+  /* Called from the multi interface during the DO_MORE phase, and it should
+     then return a proper fd set */
+  int (*domore_getsock)(struct connectdata *conn,
+                        curl_socket_t *socks,
+                        int numsocks);
+
+  /* Called from the multi interface during the DO_DONE, PERFORM and
+     WAITPERFORM phases, and it should then return a proper fd set. Not setting
+     this will make libcurl use the generic default one. */
+  int (*perform_getsock)(const struct connectdata *conn,
+                         curl_socket_t *socks,
+                         int numsocks);
+
+  /* This function *MAY* be set to a protocol-dependent function that is run
+   * by the curl_disconnect(), as a step in the disconnection.  If the handler
+   * is called because the connection has been considered dead, dead_connection
+   * is set to TRUE.
+   */
+  CURLcode (*disconnect)(struct connectdata *, bool dead_connection);
+
+  /* If used, this function gets called from transfer.c:readwrite_data() to
+     allow the protocol to do extra reads/writes */
+  CURLcode (*readwrite)(struct SessionHandle *data, struct connectdata *conn,
+                        ssize_t *nread, bool *readmore);
+
+  long defport;           /* Default port. */
+  unsigned int protocol;  /* See CURLPROTO_* - this needs to be the single
+                             specific protocol bit */
+  unsigned int flags;     /* Extra particular characteristics, see PROTOPT_* */
+};
+
+#define PROTOPT_NONE 0             /* nothing extra */
+#define PROTOPT_SSL (1<<0)         /* uses SSL */
+#define PROTOPT_DUAL (1<<1)        /* this protocol uses two connections */
+#define PROTOPT_CLOSEACTION (1<<2) /* need action before socket close */
+/* some protocols will have to call the underlying functions without regard to
+   what exact state the socket signals. IE even if the socket says "readable",
+   the send function might need to be called while uploading, or vice versa.
+*/
+#define PROTOPT_DIRLOCK (1<<3)
+#define PROTOPT_NONETWORK (1<<4)   /* protocol doesn't use the network! */
+#define PROTOPT_NEEDSPWD (1<<5)    /* needs a password, and if none is set it
+                                      gets a default */
+#define PROTOPT_NOURLQUERY (1<<6)   /* protocol can't handle
+                                        url query strings (?foo=bar) ! */
+#define PROTOPT_CREDSPERREQUEST (1<<7) /* requires login credentials per
+                                          request instead of per connection */
+
+
+/* return the count of bytes sent, or -1 on error */
+typedef ssize_t (Curl_send)(struct connectdata *conn, /* connection data */
+                            int sockindex,            /* socketindex */
+                            const void *buf,          /* data to write */
+                            size_t len,               /* max amount to write */
+                            CURLcode *err);           /* error to return */
+
+/* return the count of bytes read, or -1 on error */
+typedef ssize_t (Curl_recv)(struct connectdata *conn, /* connection data */
+                            int sockindex,            /* socketindex */
+                            char *buf,                /* store data here */
+                            size_t len,               /* max amount to read */
+                            CURLcode *err);           /* error to return */
+
+/*
+ * The connectdata struct contains all fields and variables that should be
+ * unique for an entire connection.
+ */
+struct connectdata {
+  /* 'data' is the CURRENT SessionHandle using this connection -- take great
+     caution that this might very well vary between different times this
+     connection is used! */
+  struct SessionHandle *data;
+
+  /* chunk is for HTTP chunked encoding, but is in the general connectdata
+     struct only because we can do just about any protocol through a HTTP proxy
+     and a HTTP proxy may in fact respond using chunked encoding */
+  struct Curl_chunker chunk;
+
+  curl_closesocket_callback fclosesocket; /* function closing the socket(s) */
+  void *closesocket_client;
+
+  bool inuse; /* This is a marker for the connection cache logic. If this is
+                 TRUE this handle is being used by an easy handle and cannot
+                 be used by any other easy handle without careful
+                 consideration (== only for pipelining). */
+
+  /**** Fields set when inited and not modified again */
+  long connection_id; /* Contains a unique number to make it easier to
+                         track the connections in the log output */
+
+  /* 'dns_entry' is the particular host we use. This points to an entry in the
+     DNS cache and it will not get pruned while locked. It gets unlocked in
+     Curl_done(). This entry will be NULL if the connection is re-used as then
+     there is no name resolve done. */
+  struct Curl_dns_entry *dns_entry;
+
+  /* 'ip_addr' is the particular IP we connected to. It points to a struct
+     within the DNS cache, so this pointer is only valid as long as the DNS
+     cache entry remains locked. It gets unlocked in Curl_done() */
+  Curl_addrinfo *ip_addr;
+  Curl_addrinfo *tempaddr[2]; /* for happy eyeballs */
+
+  /* 'ip_addr_str' is the ip_addr data as a human readable string.
+     It remains available as long as the connection does, which is longer than
+     the ip_addr itself. */
+  char ip_addr_str[MAX_IPADR_LEN];
+
+  unsigned int scope;    /* address scope for IPv6 */
+
+  int socktype;  /* SOCK_STREAM or SOCK_DGRAM */
+
+  struct hostname host;
+  struct hostname proxy;
+
+  long port;       /* which port to use locally */
+  int remote_port; /* what remote port to connect to, not the proxy port! */
+
+  /* 'primary_ip' and 'primary_port' get filled with peer's numerical
+     ip address and port number whenever an outgoing connection is
+     *attempted* from the primary socket to a remote address. When more
+     than one address is tried for a connection these will hold data
+     for the last attempt. When the connection is actually established
+     these are updated with data which comes directly from the socket. */
+
+  char primary_ip[MAX_IPADR_LEN];
+  long primary_port;
+
+  /* 'local_ip' and 'local_port' get filled with local's numerical
+     ip address and port number whenever an outgoing connection is
+     **established** from the primary socket to a remote address. */
+
+  char local_ip[MAX_IPADR_LEN];
+  long local_port;
+
+  char *user;    /* user name string, allocated */
+  char *passwd;  /* password string, allocated */
+  char *options; /* options string, allocated */
+
+  char *xoauth2_bearer; /* bearer token for xoauth2, allocated */
+
+  char *proxyuser;    /* proxy user name string, allocated */
+  char *proxypasswd;  /* proxy password string, allocated */
+  curl_proxytype proxytype; /* what kind of proxy that is in use */
+
+  int httpversion;        /* the HTTP version*10 reported by the server */
+  int rtspversion;        /* the RTSP version*10 reported by the server */
+
+  struct timeval now;     /* "current" time */
+  struct timeval created; /* creation time */
+  curl_socket_t sock[2]; /* two sockets, the second is used for the data
+                            transfer when doing FTP */
+  curl_socket_t tempsock[2]; /* temporary sockets for happy eyeballs */
+  bool sock_accepted[2]; /* TRUE if the socket on this index was created with
+                            accept() */
+  Curl_recv *recv[2];
+  Curl_send *send[2];
+
+  struct ssl_connect_data ssl[2]; /* this is for ssl-stuff */
+  struct ssl_config_data ssl_config;
+
+  struct ConnectBits bits;    /* various state-flags for this connection */
+
+ /* connecttime: when connect() is called on the current IP address. Used to
+    be able to track when to move on to try next IP - but only when the multi
+    interface is used. */
+  struct timeval connecttime;
+  /* The two fields below get set in Curl_connecthost */
+  int num_addr; /* number of addresses to try to connect to */
+  long timeoutms_per_addr; /* how long time in milliseconds to spend on
+                              trying to connect to each IP address */
+
+  const struct Curl_handler *handler; /* Connection's protocol handler */
+  const struct Curl_handler *given;   /* The protocol first given */
+
+  long ip_version; /* copied from the SessionHandle at creation time */
+
+  /**** curl_get() phase fields */
+
+  curl_socket_t sockfd;   /* socket to read from or CURL_SOCKET_BAD */
+  curl_socket_t writesockfd; /* socket to write to, it may very
+                                well be the same we read from.
+                                CURL_SOCKET_BAD disables */
+
+  /** Dynamicly allocated strings, MUST be freed before this **/
+  /** struct is killed.                                      **/
+  struct dynamically_allocated_data {
+    char *proxyuserpwd;
+    char *uagent;
+    char *accept_encoding;
+    char *userpwd;
+    char *rangeline;
+    char *ref;
+    char *host;
+    char *cookiehost;
+    char *rtsp_transport;
+    char *te; /* TE: request header */
+  } allocptr;
+
+  int sec_complete; /* if kerberos is enabled for this connection */
+#ifdef HAVE_GSSAPI
+  enum protection_level command_prot;
+  enum protection_level data_prot;
+  enum protection_level request_data_prot;
+  size_t buffer_size;
+  struct krb5buffer in_buffer;
+  void *app_data;
+  const struct Curl_sec_client_mech *mech;
+  struct sockaddr_in local_addr;
+#endif
+
+#if defined(USE_WINDOWS_SSPI) /* Consider moving some of the above GSS-API */
+  struct kerberos5data krb5;  /* variables into the structure definition, */
+#endif                        /* however, some of them are ftp specific. */
+
+  /* the two following *_inuse fields are only flags, not counters in any way.
+     If TRUE it means the channel is in use, and if FALSE it means the channel
+     is up for grabs by one. */
+
+  bool readchannel_inuse;  /* whether the read channel is in use by an easy
+                              handle */
+  bool writechannel_inuse; /* whether the write channel is in use by an easy
+                              handle */
+  struct curl_llist *send_pipe; /* List of handles waiting to
+                                   send on this pipeline */
+  struct curl_llist *recv_pipe; /* List of handles waiting to read
+                                   their responses on this pipeline */
+  char* master_buffer; /* The master buffer allocated on-demand;
+                          used for pipelining. */
+  size_t read_pos; /* Current read position in the master buffer */
+  size_t buf_len; /* Length of the buffer?? */
+
+
+  curl_seek_callback seek_func; /* function that seeks the input */
+  void *seek_client;            /* pointer to pass to the seek() above */
+
+  /*************** Request - specific items ************/
+
+  /* previously this was in the urldata struct */
+  curl_read_callback fread_func; /* function that reads the input */
+  void *fread_in;           /* pointer to pass to the fread() above */
+
+  struct ntlmdata ntlm;     /* NTLM differs from other authentication schemes
+                               because it authenticates connections, not
+                               single requests! */
+  struct ntlmdata proxyntlm; /* NTLM data for proxy */
+
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+  /* used for communication with Samba's winbind daemon helper ntlm_auth */
+  curl_socket_t ntlm_auth_hlpr_socket;
+  pid_t ntlm_auth_hlpr_pid;
+  char* challenge_header;
+  char* response_header;
+#endif
+
+  char syserr_buf [256]; /* buffer for Curl_strerror() */
+
+#ifdef CURLRES_ASYNCH
+  /* data used for the asynch name resolve callback */
+  struct Curl_async async;
+#endif
+
+  /* These three are used for chunked-encoding trailer support */
+  char *trailer; /* allocated buffer to store trailer in */
+  int trlMax;    /* allocated buffer size */
+  int trlPos;    /* index of where to store data */
+
+  union {
+    struct ftp_conn ftpc;
+    struct http_conn httpc;
+    struct ssh_conn sshc;
+    struct tftp_state_data *tftpc;
+    struct imap_conn imapc;
+    struct pop3_conn pop3c;
+    struct smtp_conn smtpc;
+    struct rtsp_conn rtspc;
+    void *generic; /* RTMP and LDAP use this */
+  } proto;
+
+  int cselect_bits; /* bitmask of socket events */
+  int waitfor;      /* current READ/WRITE bits to wait for */
+
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  int socks5_gssapi_enctype;
+#endif
+
+  bool verifypeer;
+  bool verifyhost;
+
+  /* When this connection is created, store the conditions for the local end
+     bind. This is stored before the actual bind and before any connection is
+     made and will serve the purpose of being used for comparison reasons so
+     that subsequent bound-requested connections aren't accidentally re-using
+     wrong connections. */
+  char *localdev;
+  unsigned short localport;
+  int localportrange;
+
+  /* tunnel as in tunnel through a HTTP proxy with CONNECT */
+  enum {
+    TUNNEL_INIT,    /* init/default/no tunnel state */
+    TUNNEL_CONNECT, /* CONNECT has been sent off */
+    TUNNEL_COMPLETE /* CONNECT response received completely */
+  } tunnel_state[2]; /* two separate ones to allow FTP */
+  struct connectbundle *bundle; /* The bundle we are member of */
+
+  enum negotiatenpn negnpn;
+};
+
+/* The end of connectdata. */
+
+/*
+ * Struct to keep statistical and informational data.
+ */
+struct PureInfo {
+  int httpcode;  /* Recent HTTP, FTP, or RTSP response code */
+  int httpproxycode; /* response code from proxy when received separate */
+  int httpversion; /* the http version number X.Y = X*10+Y */
+  long filetime; /* If requested, this is might get set. Set to -1 if the time
+                    was unretrievable. We cannot have this of type time_t,
+                    since time_t is unsigned on several platforms such as
+                    OpenVMS. */
+  bool timecond;  /* set to TRUE if the time condition didn't match, which
+                     thus made the document NOT get fetched */
+  long header_size;  /* size of read header(s) in bytes */
+  long request_size; /* the amount of bytes sent in the request(s) */
+  unsigned long proxyauthavail; /* what proxy auth types were announced */
+  unsigned long httpauthavail;  /* what host auth types were announced */
+  long numconnects; /* how many new connection did libcurl created */
+  char *contenttype; /* the content type of the object */
+  char *wouldredirect; /* URL this would've been redirected to if asked to */
+
+  /* PureInfo members 'conn_primary_ip', 'conn_primary_port', 'conn_local_ip'
+     and, 'conn_local_port' are copied over from the connectdata struct in
+     order to allow curl_easy_getinfo() to return this information even when
+     the session handle is no longer associated with a connection, and also
+     allow curl_easy_reset() to clear this information from the session handle
+     without disturbing information which is still alive, and that might be
+     reused, in the connection cache. */
+
+  char conn_primary_ip[MAX_IPADR_LEN];
+  long conn_primary_port;
+
+  char conn_local_ip[MAX_IPADR_LEN];
+  long conn_local_port;
+
+  struct curl_certinfo certs; /* info about the certs, only populated in
+                                 OpenSSL builds. Asked for with
+                                 CURLOPT_CERTINFO / CURLINFO_CERTINFO */
+};
+
+
+struct Progress {
+  long lastshow; /* time() of the last displayed progress meter or NULL to
+                    force redraw at next call */
+  curl_off_t size_dl; /* total expected size */
+  curl_off_t size_ul; /* total expected size */
+  curl_off_t downloaded; /* transferred so far */
+  curl_off_t uploaded; /* transferred so far */
+
+  curl_off_t current_speed; /* uses the currently fastest transfer */
+
+  bool callback;  /* set when progress callback is used */
+  int width; /* screen width at download start */
+  int flags; /* see progress.h */
+
+  double timespent;
+
+  curl_off_t dlspeed;
+  curl_off_t ulspeed;
+
+  double t_nslookup;
+  double t_connect;
+  double t_appconnect;
+  double t_pretransfer;
+  double t_starttransfer;
+  double t_redirect;
+
+  struct timeval start;
+  struct timeval t_startsingle;
+  struct timeval t_startop;
+  struct timeval t_acceptdata;
+#define CURR_TIME (5+1) /* 6 entries for 5 seconds */
+
+  curl_off_t speeder[ CURR_TIME ];
+  struct timeval speeder_time[ CURR_TIME ];
+  int speeder_c;
+};
+
+typedef enum {
+  HTTPREQ_NONE, /* first in list */
+  HTTPREQ_GET,
+  HTTPREQ_POST,
+  HTTPREQ_POST_FORM, /* we make a difference internally */
+  HTTPREQ_PUT,
+  HTTPREQ_HEAD,
+  HTTPREQ_CUSTOM,
+  HTTPREQ_LAST /* last in list */
+} Curl_HttpReq;
+
+typedef enum {
+    RTSPREQ_NONE, /* first in list */
+    RTSPREQ_OPTIONS,
+    RTSPREQ_DESCRIBE,
+    RTSPREQ_ANNOUNCE,
+    RTSPREQ_SETUP,
+    RTSPREQ_PLAY,
+    RTSPREQ_PAUSE,
+    RTSPREQ_TEARDOWN,
+    RTSPREQ_GET_PARAMETER,
+    RTSPREQ_SET_PARAMETER,
+    RTSPREQ_RECORD,
+    RTSPREQ_RECEIVE,
+    RTSPREQ_LAST /* last in list */
+} Curl_RtspReq;
+
+/*
+ * Values that are generated, temporary or calculated internally for a
+ * "session handle" must be defined within the 'struct UrlState'.  This struct
+ * will be used within the SessionHandle struct. When the 'SessionHandle'
+ * struct is cloned, this data MUST NOT be copied.
+ *
+ * Remember that any "state" information goes globally for the curl handle.
+ * Session-data MUST be put in the connectdata struct and here.  */
+#define MAX_CURL_USER_LENGTH 256
+#define MAX_CURL_PASSWORD_LENGTH 256
+
+struct auth {
+  unsigned long want;  /* Bitmask set to the authentication methods wanted by
+                          app (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
+  unsigned long picked;
+  unsigned long avail; /* Bitmask for what the server reports to support for
+                          this resource */
+  bool done;  /* TRUE when the auth phase is done and ready to do the *actual*
+                 request */
+  bool multi; /* TRUE if this is not yet authenticated but within the auth
+                 multipass negotiation */
+  bool iestyle; /* TRUE if digest should be done IE-style or FALSE if it should
+                   be RFC compliant */
+};
+
+struct UrlState {
+
+  /* Points to the connection cache */
+  struct conncache *conn_cache;
+
+  /* when curl_easy_perform() is called, the multi handle is "owned" by
+     the easy handle so curl_easy_cleanup() on such an easy handle will
+     also close the multi handle! */
+  bool multi_owned_by_easy;
+
+  /* buffers to store authentication data in, as parsed from input options */
+  struct timeval keeps_speed; /* for the progress meter really */
+
+  struct connectdata *lastconnect; /* The last connection, NULL if undefined */
+
+  char *headerbuff; /* allocated buffer to store headers in */
+  size_t headersize;   /* size of the allocation */
+
+  char buffer[BUFSIZE+1]; /* download buffer */
+  char uploadbuffer[BUFSIZE+1]; /* upload buffer */
+  curl_off_t current_speed;  /* the ProgressShow() funcion sets this,
+                                bytes / second */
+  bool this_is_a_follow; /* this is a followed Location: request */
+
+  char *first_host; /* if set, this should be the host name that we will
+                       sent authorization to, no else. Used to make Location:
+                       following not keep sending user+password... This is
+                       strdup() data.
+                    */
+  struct curl_ssl_session *session; /* array of 'max_ssl_sessions' size */
+  long sessionage;                  /* number of the most recent session */
+  char *tempwrite;      /* allocated buffer to keep data in when a write
+                           callback returns to make the connection paused */
+  size_t tempwritesize; /* size of the 'tempwrite' allocated buffer */
+  int tempwritetype;    /* type of the 'tempwrite' buffer as a bitmask that is
+                           used with Curl_client_write() */
+  char *scratch; /* huge buffer[BUFSIZE*2] when doing upload CRLF replacing */
+  bool errorbuf; /* Set to TRUE if the error buffer is already filled in.
+                    This must be set to FALSE every time _easy_perform() is
+                    called. */
+  int os_errno;  /* filled in with errno whenever an error occurs */
+#ifdef HAVE_SIGNAL
+  /* storage for the previous bag^H^H^HSIGPIPE signal handler :-) */
+  void (*prev_signal)(int sig);
+#endif
+  bool allow_port; /* Is set.use_port allowed to take effect or not. This
+                      is always set TRUE when curl_easy_perform() is called. */
+  struct digestdata digest;      /* state data for host Digest auth */
+  struct digestdata proxydigest; /* state data for proxy Digest auth */
+
+#ifdef USE_SPNEGO
+  struct negotiatedata negotiate; /* state data for host Negotiate auth */
+  struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */
+#endif
+
+  struct auth authhost;  /* auth details for host */
+  struct auth authproxy; /* auth details for proxy */
+
+  bool authproblem; /* TRUE if there's some problem authenticating */
+
+  void *resolver; /* resolver state, if it is used in the URL state -
+                     ares_channel f.e. */
+
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  ENGINE *engine;
+#endif /* USE_SSLEAY */
+  struct timeval expiretime; /* set this with Curl_expire() only */
+  struct Curl_tree timenode; /* for the splay stuff */
+  struct curl_llist *timeoutlist; /* list of pending timeouts */
+
+  /* a place to store the most recently set FTP entrypath */
+  char *most_recent_ftp_entrypath;
+
+  /* set after initial USER failure, to prevent an authentication loop */
+  bool ftp_trying_alternative;
+
+  int httpversion;       /* the lowest HTTP version*10 reported by any server
+                            involved in this request */
+  bool expect100header;  /* TRUE if we added Expect: 100-continue */
+
+  bool pipe_broke; /* TRUE if the connection we were pipelined on broke
+                      and we need to restart from the beginning */
+
+#if !defined(WIN32) && !defined(MSDOS) && !defined(__EMX__) && \
+    !defined(__SYMBIAN32__)
+/* do FTP line-end conversions on most platforms */
+#define CURL_DO_LINEEND_CONV
+  /* for FTP downloads: track CRLF sequences that span blocks */
+  bool prev_block_had_trailing_cr;
+  /* for FTP downloads: how many CRLFs did we converted to LFs? */
+  curl_off_t crlf_conversions;
+#endif
+  char *pathbuffer;/* allocated buffer to store the URL's path part in */
+  char *path;      /* path to use, points to somewhere within the pathbuffer
+                      area */
+  bool slash_removed; /* set TRUE if the 'path' points to a path where the
+                         initial URL slash separator has been taken off */
+  bool use_range;
+  bool rangestringalloc; /* the range string is malloc()'ed */
+
+  char *range; /* range, if used. See README for detailed specification on
+                  this syntax. */
+  curl_off_t resume_from; /* continue [ftp] transfer from here */
+
+  /* This RTSP state information survives requests and connections */
+  long rtsp_next_client_CSeq; /* the session's next client CSeq */
+  long rtsp_next_server_CSeq; /* the session's next server CSeq */
+  long rtsp_CSeq_recv; /* most recent CSeq received */
+
+  /* if true, force SSL connection retry (workaround for certain servers) */
+  bool ssl_connect_retry;
+  curl_off_t infilesize; /* size of file to upload, -1 means unknown.
+                            Copied from set.filesize at start of operation */
+};
+
+
+/*
+ * This 'DynamicStatic' struct defines dynamic states that actually change
+ * values in the 'UserDefined' area, which MUST be taken into consideration
+ * if the UserDefined struct is cloned or similar. You can probably just
+ * copy these, but each one indicate a special action on other data.
+ */
+
+struct DynamicStatic {
+  char *url;        /* work URL, copied from UserDefined */
+  bool url_alloc;   /* URL string is malloc()'ed */
+  char *referer;    /* referer string */
+  bool referer_alloc; /* referer sting is malloc()ed */
+  struct curl_slist *cookielist; /* list of cookie files set by
+                                    curl_easy_setopt(COOKIEFILE) calls */
+  struct curl_slist *resolve; /* set to point to the set.resolve list when
+                                 this should be dealt with in pretransfer */
+};
+
+/*
+ * This 'UserDefined' struct must only contain data that is set once to go
+ * for many (perhaps) independent connections. Values that are generated or
+ * calculated internally for the "session handle" MUST be defined within the
+ * 'struct UrlState' instead. The only exceptions MUST note the changes in
+ * the 'DynamicStatic' struct.
+ * Character pointer fields point to dynamic storage, unless otherwise stated.
+ */
+
+struct Curl_multi;    /* declared and used only in multi.c */
+
+enum dupstring {
+  STRING_CERT,            /* client certificate file name */
+  STRING_CERT_TYPE,       /* format for certificate (default: PEM)*/
+  STRING_COOKIE,          /* HTTP cookie string to send */
+  STRING_COOKIEJAR,       /* dump all cookies to this file */
+  STRING_CUSTOMREQUEST,   /* HTTP/FTP/RTSP request/method to use */
+  STRING_DEVICE,          /* local network interface/address to use */
+  STRING_ENCODING,        /* Accept-Encoding string */
+  STRING_FTP_ACCOUNT,     /* ftp account data */
+  STRING_FTP_ALTERNATIVE_TO_USER, /* command to send if USER/PASS fails */
+  STRING_FTPPORT,         /* port to send with the FTP PORT command */
+  STRING_KEY,             /* private key file name */
+  STRING_KEY_PASSWD,      /* plain text private key password */
+  STRING_KEY_TYPE,        /* format for private key (default: PEM) */
+  STRING_KRB_LEVEL,       /* krb security level */
+  STRING_NETRC_FILE,      /* if not NULL, use this instead of trying to find
+                             $HOME/.netrc */
+  STRING_COPYPOSTFIELDS,  /* if POST, set the fields' values here */
+  STRING_PROXY,           /* proxy to use */
+  STRING_SET_RANGE,       /* range, if used */
+  STRING_SET_REFERER,     /* custom string for the HTTP referer field */
+  STRING_SET_URL,         /* what original URL to work on */
+  STRING_SSL_CAPATH,      /* CA directory name (doesn't work on windows) */
+  STRING_SSL_CAFILE,      /* certificate file to verify peer against */
+  STRING_SSL_CIPHER_LIST, /* list of ciphers to use */
+  STRING_SSL_EGDSOCKET,   /* path to file containing the EGD daemon socket */
+  STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */
+  STRING_USERAGENT,       /* User-Agent string */
+  STRING_SSL_CRLFILE,     /* crl file to check certificate */
+  STRING_SSL_ISSUERCERT,  /* issuer cert file to check certificate */
+  STRING_USERNAME,        /* <username>, if used */
+  STRING_PASSWORD,        /* <password>, if used */
+  STRING_OPTIONS,         /* <options>, if used */
+  STRING_PROXYUSERNAME,   /* Proxy <username>, if used */
+  STRING_PROXYPASSWORD,   /* Proxy <password>, if used */
+  STRING_NOPROXY,         /* List of hosts which should not use the proxy, if
+                             used */
+  STRING_RTSP_SESSION_ID, /* Session ID to use */
+  STRING_RTSP_STREAM_URI, /* Stream URI for this request */
+  STRING_RTSP_TRANSPORT,  /* Transport for this session */
+#ifdef USE_LIBSSH2
+  STRING_SSH_PRIVATE_KEY, /* path to the private key file for auth */
+  STRING_SSH_PUBLIC_KEY,  /* path to the public key file for auth */
+  STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */
+  STRING_SSH_KNOWNHOSTS,  /* file name of knownhosts file */
+#endif
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  STRING_SOCKS5_GSSAPI_SERVICE,  /* GSSAPI service name */
+#endif
+  STRING_MAIL_FROM,
+  STRING_MAIL_AUTH,
+
+#ifdef USE_TLS_SRP
+  STRING_TLSAUTH_USERNAME,     /* TLS auth <username> */
+  STRING_TLSAUTH_PASSWORD,     /* TLS auth <password> */
+#endif
+
+  STRING_BEARER,          /* <bearer>, if used */
+
+  /* -- end of strings -- */
+  STRING_LAST /* not used, just an end-of-list marker */
+};
+
+struct UserDefined {
+  FILE *err;         /* the stderr user data goes here */
+  void *debugdata;   /* the data that will be passed to fdebug */
+  char *errorbuffer; /* (Static) store failure messages in here */
+  long proxyport; /* If non-zero, use this port number by default. If the
+                     proxy string features a ":[port]" that one will override
+                     this. */
+  void *out;         /* the fetched file goes here */
+  void *in;          /* the uploaded file is read from here */
+  void *writeheader; /* write the header to this if non-NULL */
+  void *rtp_out;     /* write RTP to this if non-NULL */
+  long use_port;     /* which port to use (when not using default) */
+  unsigned long httpauth;  /* kind of HTTP authentication to use (bitmask) */
+  unsigned long proxyauth; /* kind of proxy authentication to use (bitmask) */
+  long followlocation; /* as in HTTP Location: */
+  long maxredirs;    /* maximum no. of http(s) redirects to follow, set to -1
+                        for infinity */
+
+  int keep_post;     /* keep POSTs as POSTs after a 30x request; each
+                        bit represents a request, from 301 to 303 */
+  bool free_referer; /* set TRUE if 'referer' points to a string we
+                        allocated */
+  void *postfields;  /* if POST, set the fields' values here */
+  curl_seek_callback seek_func;      /* function that seeks the input */
+  curl_off_t postfieldsize; /* if POST, this might have a size to use instead
+                               of strlen(), and then the data *may* be binary
+                               (contain zero bytes) */
+  unsigned short localport; /* local port number to bind to */
+  int localportrange; /* number of additional port numbers to test in case the
+                         'localport' one can't be bind()ed */
+  curl_write_callback fwrite_func;   /* function that stores the output */
+  curl_write_callback fwrite_header; /* function that stores headers */
+  curl_write_callback fwrite_rtp;    /* function that stores interleaved RTP */
+  curl_read_callback fread_func;     /* function that reads the input */
+  int is_fread_set; /* boolean, has read callback been set to non-NULL? */
+  int is_fwrite_set; /* boolean, has write callback been set to non-NULL? */
+  curl_progress_callback fprogress; /* OLD and deprecated progress callback  */
+  curl_xferinfo_callback fxferinfo; /* progress callback */
+  curl_debug_callback fdebug;      /* function that write informational data */
+  curl_ioctl_callback ioctl_func;  /* function for I/O control */
+  curl_sockopt_callback fsockopt;  /* function for setting socket options */
+  void *sockopt_client; /* pointer to pass to the socket options callback */
+  curl_opensocket_callback fopensocket; /* function for checking/translating
+                                           the address and opening the
+                                           socket */
+  void* opensocket_client;
+  curl_closesocket_callback fclosesocket; /* function for closing the
+                                             socket */
+  void* closesocket_client;
+
+  void *seek_client;    /* pointer to pass to the seek callback */
+  /* the 3 curl_conv_callback functions below are used on non-ASCII hosts */
+  /* function to convert from the network encoding: */
+  curl_conv_callback convfromnetwork;
+  /* function to convert to the network encoding: */
+  curl_conv_callback convtonetwork;
+  /* function to convert from UTF-8 encoding: */
+  curl_conv_callback convfromutf8;
+
+  void *progress_client; /* pointer to pass to the progress callback */
+  void *ioctl_client;   /* pointer to pass to the ioctl callback */
+  long timeout;         /* in milliseconds, 0 means no timeout */
+  long connecttimeout;  /* in milliseconds, 0 means no timeout */
+  long accepttimeout;   /* in milliseconds, 0 means no timeout */
+  long server_response_timeout; /* in milliseconds, 0 means no timeout */
+  long tftp_blksize ; /* in bytes, 0 means use default */
+  curl_off_t filesize;  /* size of file to upload, -1 means unknown */
+  long low_speed_limit; /* bytes/second */
+  long low_speed_time;  /* number of seconds */
+  curl_off_t max_send_speed; /* high speed limit in bytes/second for upload */
+  curl_off_t max_recv_speed; /* high speed limit in bytes/second for
+                                download */
+  curl_off_t set_resume_from;  /* continue [ftp] transfer from here */
+  struct curl_slist *headers; /* linked list of extra headers */
+  struct curl_slist *proxyheaders; /* linked list of extra CONNECT headers */
+  struct curl_httppost *httppost;  /* linked list of POST data */
+  bool sep_headers;     /* handle host and proxy headers separately */
+  bool cookiesession;   /* new cookie session? */
+  bool crlf;            /* convert crlf on ftp upload(?) */
+  struct curl_slist *quote;     /* after connection is established */
+  struct curl_slist *postquote; /* after the transfer */
+  struct curl_slist *prequote; /* before the transfer, after type */
+  struct curl_slist *source_quote;  /* 3rd party quote */
+  struct curl_slist *source_prequote;  /* in 3rd party transfer mode - before
+                                          the transfer on source host */
+  struct curl_slist *source_postquote; /* in 3rd party transfer mode - after
+                                          the transfer on source host */
+  struct curl_slist *telnet_options; /* linked list of telnet options */
+  struct curl_slist *resolve;     /* list of names to add/remove from
+                                     DNS cache */
+  curl_TimeCond timecondition; /* kind of time/date comparison */
+  time_t timevalue;       /* what time to compare with */
+  Curl_HttpReq httpreq;   /* what kind of HTTP request (if any) is this */
+  long httpversion; /* when non-zero, a specific HTTP version requested to
+                       be used in the library's request(s) */
+  struct ssl_config_data ssl;  /* user defined SSL stuff */
+  curl_proxytype proxytype; /* what kind of proxy that is in use */
+  long dns_cache_timeout; /* DNS cache timeout */
+  long buffer_size;      /* size of receive buffer to use */
+  void *private_data; /* application-private data */
+
+  struct curl_slist *http200aliases; /* linked list of aliases for http200 */
+
+  long ipver; /* the CURL_IPRESOLVE_* defines in the public header file
+                 0 - whatever, 1 - v2, 2 - v6 */
+
+  curl_off_t max_filesize; /* Maximum file size to download */
+
+  curl_ftpfile ftp_filemethod; /* how to get to a file when FTP is used  */
+
+  int ftp_create_missing_dirs; /* 1 - create directories that don't exist
+                                  2 - the same but also allow MKD to fail once
+                               */
+
+  curl_sshkeycallback ssh_keyfunc; /* key matching callback */
+  void *ssh_keyfunc_userp;         /* custom pointer to callback */
+
+/* Here follows boolean settings that define how to behave during
+   this session. They are STATIC, set by libcurl users or at least initially
+   and they don't change during operations. */
+
+  bool printhost;        /* printing host name in debug info */
+  bool get_filetime;     /* get the time and get of the remote file */
+  bool tunnel_thru_httpproxy; /* use CONNECT through a HTTP proxy */
+  bool prefer_ascii;     /* ASCII rather than binary */
+  bool ftp_append;       /* append, not overwrite, on upload */
+  bool ftp_list_only;    /* switch FTP command for listing directories */
+  bool ftp_use_port;     /* use the FTP PORT command */
+  bool hide_progress;    /* don't use the progress meter */
+  bool http_fail_on_error;  /* fail on HTTP error codes >= 300 */
+  bool http_follow_location; /* follow HTTP redirects */
+  bool http_transfer_encoding; /* request compressed HTTP transfer-encoding */
+  bool http_disable_hostname_check_before_authentication;
+  bool include_header;   /* include received protocol headers in data output */
+  bool http_set_referer; /* is a custom referer used */
+  bool http_auto_referer; /* set "correct" referer when following location: */
+  bool opt_no_body;      /* as set with CURLOPT_NOBODY */
+  bool set_port;         /* custom port number used */
+  bool upload;           /* upload request */
+  enum CURL_NETRC_OPTION
+       use_netrc;        /* defined in include/curl.h */
+  bool verbose;          /* output verbosity */
+  bool krb;              /* kerberos connection requested */
+  bool reuse_forbid;     /* forbidden to be reused, close after use */
+  bool reuse_fresh;      /* do not re-use an existing connection  */
+  bool ftp_use_epsv;     /* if EPSV is to be attempted or not */
+  bool ftp_use_eprt;     /* if EPRT is to be attempted or not */
+  bool ftp_use_pret;     /* if PRET is to be used before PASV or not */
+
+  curl_usessl use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
+                            IMAP or POP3 or others! */
+  curl_ftpauth ftpsslauth; /* what AUTH XXX to be attempted */
+  curl_ftpccc ftp_ccc;   /* FTP CCC options */
+  bool no_signal;        /* do not use any signal/alarm handler */
+  bool global_dns_cache; /* subject for future removal */
+  bool tcp_nodelay;      /* whether to enable TCP_NODELAY or not */
+  bool ignorecl;         /* ignore content length */
+  bool ftp_skip_ip;      /* skip the IP address the FTP server passes on to
+                            us */
+  bool connect_only;     /* make connection, let application use the socket */
+  bool ssl_enable_beast; /* especially allow this flaw for interoperability's
+                            sake*/
+  long ssh_auth_types;   /* allowed SSH auth types */
+  bool http_te_skip;     /* pass the raw body data to the user, even when
+                            transfer-encoded (chunked, compressed) */
+  bool http_ce_skip;     /* pass the raw body data to the user, even when
+                            content-encoded (chunked, compressed) */
+  long new_file_perms;    /* Permissions to use when creating remote files */
+  long new_directory_perms; /* Permissions to use when creating remote dirs */
+  bool proxy_transfer_mode; /* set transfer mode (;type=<a|i>) when doing FTP
+                               via an HTTP proxy */
+  char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
+  unsigned int scope;    /* address scope for IPv6 */
+  long allowed_protocols;
+  long redir_protocols;
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  long socks5_gssapi_nec; /* flag to support nec socks5 server */
+#endif
+  struct curl_slist *mail_rcpt; /* linked list of mail recipients */
+  bool sasl_ir;         /* Enable/disable SASL initial response */
+  /* Common RTSP header options */
+  Curl_RtspReq rtspreq; /* RTSP request type */
+  long rtspversion; /* like httpversion, for RTSP */
+  bool wildcardmatch; /* enable wildcard matching */
+  curl_chunk_bgn_callback chunk_bgn; /* called before part of transfer
+                                        starts */
+  curl_chunk_end_callback chunk_end; /* called after part transferring
+                                        stopped */
+  curl_fnmatch_callback fnmatch; /* callback to decide which file corresponds
+                                    to pattern (e.g. if WILDCARDMATCH is on) */
+  void *fnmatch_data;
+
+  long gssapi_delegation; /* GSS-API credential delegation, see the
+                             documentation of CURLOPT_GSSAPI_DELEGATION */
+
+  bool tcp_keepalive;    /* use TCP keepalives */
+  long tcp_keepidle;     /* seconds in idle before sending keepalive probe */
+  long tcp_keepintvl;    /* seconds between TCP keepalive probes */
+
+  size_t maxconnects;  /* Max idle connections in the connection cache */
+
+  bool ssl_enable_npn;  /* TLS NPN extension? */
+  bool ssl_enable_alpn; /* TLS ALPN extension? */
+
+  long expect_100_timeout; /* in milliseconds */
+};
+
+struct Names {
+  struct curl_hash *hostcache;
+  enum {
+    HCACHE_NONE,    /* not pointing to anything */
+    HCACHE_GLOBAL,  /* points to the (shrug) global one */
+    HCACHE_MULTI,   /* points to a shared one in the multi handle */
+    HCACHE_SHARED   /* points to a shared one in a shared object */
+  } hostcachetype;
+};
+
+/*
+ * The 'connectdata' struct MUST have all the connection oriented stuff as we
+ * may have several simultaneous connections and connection structs in memory.
+ *
+ * The 'struct UserDefined' must only contain data that is set once to go for
+ * many (perhaps) independent connections. Values that are generated or
+ * calculated internally for the "session handle" must be defined within the
+ * 'struct UrlState' instead.
+ */
+
+struct SessionHandle {
+  /* first, two fields for the linked list of these */
+  struct SessionHandle *next;
+  struct SessionHandle *prev;
+
+  struct connectdata *easy_conn;     /* the "unit's" connection */
+
+  CURLMstate mstate;  /* the handle's state */
+  CURLcode result;   /* previous result */
+
+  struct Curl_message msg; /* A single posted message. */
+
+  /* Array with the plain socket numbers this handle takes care of, in no
+     particular order. Note that all sockets are added to the sockhash, where
+     the state etc are also kept. This array is mostly used to detect when a
+     socket is to be removed from the hash. See singlesocket(). */
+  curl_socket_t sockets[MAX_SOCKSPEREASYHANDLE];
+  int numsocks;
+
+  struct Names dns;
+  struct Curl_multi *multi;    /* if non-NULL, points to the multi handle
+                                  struct to which this "belongs" when used by
+                                  the multi interface */
+  struct Curl_multi *multi_easy; /* if non-NULL, points to the multi handle
+                                    struct to which this "belongs" when used
+                                    by the easy interface */
+  struct Curl_share *share;    /* Share, handles global variable mutexing */
+  struct SingleRequest req;    /* Request-specific data */
+  struct UserDefined set;      /* values set by the libcurl user */
+  struct DynamicStatic change; /* possibly modified userdefined data */
+  struct CookieInfo *cookies;  /* the cookies, read from files and servers.
+                                  NOTE that the 'cookie' field in the
+                                  UserDefined struct defines if the "engine"
+                                  is to be used or not. */
+  struct Progress progress;    /* for all the progress meter data */
+  struct UrlState state;       /* struct for fields used for state info and
+                                  other dynamic purposes */
+  struct WildcardData wildcard; /* wildcard download state info */
+  struct PureInfo info;        /* stats, reports and info data */
+  struct curl_tlssessioninfo tsi; /* Information about the TLS session, only
+                                     valid after a client has asked for it */
+#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
+  iconv_t outbound_cd;         /* for translating to the network encoding */
+  iconv_t inbound_cd;          /* for translating from the network encoding */
+  iconv_t utf8_cd;             /* for translating to UTF8 */
+#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */
+  unsigned int magic;          /* set to a CURLEASY_MAGIC_NUMBER */
+};
+
+#define LIBCURL_NAME "libcurl"
+
+#endif /* HEADER_CURL_URLDATA_H */
diff --git a/Utilities/cmcurl/version.c b/Utilities/cmcurl/lib/version.c
index 9085f7d..788f3e9 100644
--- a/Utilities/cmcurl/version.c
+++ b/Utilities/cmcurl/lib/version.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -18,23 +18,24 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
-#include "setup.h"
-
-#include <string.h>
-#include <stdio.h>
+#include "curl_setup.h"
 
 #include <curl/curl.h>
 #include "urldata.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
+#include "http2.h"
 
 #define _MPRINTF_REPLACE /* use the internal *printf() functions */
 #include <curl/mprintf.h>
 
 #ifdef USE_ARES
-#include <ares_version.h>
+#  if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
+     (defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__))
+#    define CARES_STATICLIB
+#  endif
+#  include <ares.h>
 #endif
 
 #ifdef USE_LIBIDN
@@ -45,25 +46,44 @@
 #include <iconv.h>
 #endif
 
+#ifdef USE_LIBRTMP
+#include <librtmp/rtmp.h>
+#endif
+
 #ifdef USE_LIBSSH2
 #include <libssh2.h>
 #endif
 
+#ifdef HAVE_LIBSSH2_VERSION
+/* get it run-time if possible */
+#define CURL_LIBSSH2_VERSION libssh2_version(0)
+#else
+/* use build-time if run-time not possible */
+#define CURL_LIBSSH2_VERSION LIBSSH2_VERSION
+#endif
 
 char *curl_version(void)
 {
   static char version[200];
-  char *ptr=version;
+  char *ptr = version;
   size_t len;
   size_t left = sizeof(version);
-  strcpy(ptr, LIBCURL_NAME "/" LIBCURL_VERSION );
-  ptr=strchr(ptr, '\0');
-  left -= strlen(ptr);
 
-  len = Curl_ssl_version(ptr, left);
+  strcpy(ptr, LIBCURL_NAME "/" LIBCURL_VERSION);
+  len = strlen(ptr);
   left -= len;
   ptr += len;
 
+  if(left > 1) {
+    len = Curl_ssl_version(ptr + 1, left - 1);
+
+    if(len > 0) {
+      *ptr = ' ';
+      left -= ++len;
+      ptr += len;
+    }
+  }
+
 #ifdef HAVE_LIBZ
   len = snprintf(ptr, left, " zlib/%s", zlibVersion());
   left -= len;
@@ -82,6 +102,11 @@ char *curl_version(void)
     ptr += len;
   }
 #endif
+#ifdef USE_WIN32_IDN
+  len = snprintf(ptr, left, " WinIDN");
+  left -= len;
+  ptr += len;
+#endif
 #if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS)
 #ifdef _LIBICONV_VERSION
   len = snprintf(ptr, left, " iconv/%d.%d",
@@ -94,52 +119,115 @@ char *curl_version(void)
   ptr += len;
 #endif
 #ifdef USE_LIBSSH2
-  len = snprintf(ptr, left, " libssh2/%s", LIBSSH2_VERSION);
+  len = snprintf(ptr, left, " libssh2/%s", CURL_LIBSSH2_VERSION);
   left -= len;
   ptr += len;
 #endif
+#ifdef USE_NGHTTP2
+  len = Curl_http2_ver(ptr, left);
+  left -= len;
+  ptr += len;
+#endif
+#ifdef USE_LIBRTMP
+  {
+    char suff[2];
+    if(RTMP_LIB_VERSION & 0xff) {
+      suff[0] = (RTMP_LIB_VERSION & 0xff) + 'a' - 1;
+      suff[1] = '\0';
+    }
+    else
+      suff[0] = '\0';
+
+    snprintf(ptr, left, " librtmp/%d.%d%s",
+             RTMP_LIB_VERSION >> 16, (RTMP_LIB_VERSION >> 8) & 0xff,
+             suff);
+/*
+  If another lib version is added below this one, this code would
+  also have to do:
+
+    len = what snprintf() returned
+
+    left -= len;
+    ptr += len;
+*/
+  }
+#endif
 
   return version;
 }
 
-/* data for curl_version_info */
+/* data for curl_version_info
+
+   Keep the list sorted alphabetically. It is also written so that each
+   protocol line has its own #if line to make things easier on the eye.
+ */
 
 static const char * const protocols[] = {
-#ifndef CURL_DISABLE_TFTP
-  "tftp",
+#ifndef CURL_DISABLE_DICT
+  "dict",
+#endif
+#ifndef CURL_DISABLE_FILE
+  "file",
 #endif
 #ifndef CURL_DISABLE_FTP
   "ftp",
 #endif
-#ifndef CURL_DISABLE_TELNET
-  "telnet",
+#if defined(USE_SSL) && !defined(CURL_DISABLE_FTP)
+  "ftps",
 #endif
-#ifndef CURL_DISABLE_DICT
-  "dict",
+#ifndef CURL_DISABLE_GOPHER
+  "gopher",
+#endif
+#ifndef CURL_DISABLE_HTTP
+  "http",
+#endif
+#if defined(USE_SSL) && !defined(CURL_DISABLE_HTTP)
+  "https",
+#endif
+#ifndef CURL_DISABLE_IMAP
+  "imap",
+#endif
+#if defined(USE_SSL) && !defined(CURL_DISABLE_IMAP)
+  "imaps",
 #endif
 #ifndef CURL_DISABLE_LDAP
   "ldap",
+#if !defined(CURL_DISABLE_LDAPS) && \
+    ((defined(USE_OPENLDAP) && defined(USE_SSL)) || \
+     (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL)))
+  "ldaps",
 #endif
-#ifndef CURL_DISABLE_HTTP
-  "http",
 #endif
-#ifndef CURL_DISABLE_FILE
-  "file",
+#ifndef CURL_DISABLE_POP3
+  "pop3",
 #endif
-
-#ifdef USE_SSL
-#ifndef CURL_DISABLE_HTTP
-  "https",
+#if defined(USE_SSL) && !defined(CURL_DISABLE_POP3)
+  "pop3s",
 #endif
-#ifndef CURL_DISABLE_FTP
-  "ftps",
+#ifdef USE_LIBRTMP
+  "rtmp",
 #endif
+#ifndef CURL_DISABLE_RTSP
+  "rtsp",
 #endif
-
 #ifdef USE_LIBSSH2
   "scp",
+#endif
+#ifdef USE_LIBSSH2
   "sftp",
 #endif
+#ifndef CURL_DISABLE_SMTP
+  "smtp",
+#endif
+#if defined(USE_SSL) && !defined(CURL_DISABLE_SMTP)
+  "smtps",
+#endif
+#ifndef CURL_DISABLE_TELNET
+  "telnet",
+#endif
+#ifndef CURL_DISABLE_TFTP
+  "tftp",
+#endif
 
   NULL
 };
@@ -153,39 +241,49 @@ static curl_version_info_data version_info = {
 #ifdef ENABLE_IPV6
   | CURL_VERSION_IPV6
 #endif
-#ifdef HAVE_KRB4
-  | CURL_VERSION_KERBEROS4
-#endif
 #ifdef USE_SSL
   | CURL_VERSION_SSL
 #endif
 #ifdef USE_NTLM
   | CURL_VERSION_NTLM
 #endif
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+  | CURL_VERSION_NTLM_WB
+#endif
+#ifdef USE_SPNEGO
+  | CURL_VERSION_SPNEGO
+#endif
+#ifdef HAVE_GSSAPI
+  | CURL_VERSION_GSSAPI
+#endif
 #ifdef USE_WINDOWS_SSPI
   | CURL_VERSION_SSPI
 #endif
 #ifdef HAVE_LIBZ
   | CURL_VERSION_LIBZ
 #endif
-#ifdef HAVE_GSSAPI
-  | CURL_VERSION_GSSNEGOTIATE
+#ifdef DEBUGBUILD
+  | CURL_VERSION_DEBUG
 #endif
 #ifdef CURLDEBUG
-  | CURL_VERSION_DEBUG
+  | CURL_VERSION_CURLDEBUG
 #endif
-#ifdef USE_ARES
+#ifdef CURLRES_ASYNCH
   | CURL_VERSION_ASYNCHDNS
 #endif
-#ifdef HAVE_SPNEGO
-  | CURL_VERSION_SPNEGO
-#endif
-#if defined(ENABLE_64BIT) && (SIZEOF_CURL_OFF_T > 4)
+#if (CURL_SIZEOF_CURL_OFF_T > 4) && \
+    ( (SIZEOF_OFF_T > 4) || defined(USE_WIN32_LARGE_FILES) )
   | CURL_VERSION_LARGEFILE
 #endif
 #if defined(CURL_DOES_CONVERSIONS)
   | CURL_VERSION_CONV
 #endif
+#if defined(USE_TLS_SRP)
+  | CURL_VERSION_TLSAUTH_SRP
+#endif
+#if defined(USE_NGHTTP2)
+  | CURL_VERSION_HTTP2
+#endif
   ,
   NULL, /* ssl_version */
   0,    /* ssl_version_num, this is kept at zero */
@@ -227,6 +325,8 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
   version_info.libidn = stringprep_check_version(LIBIDN_REQUIRED_VERSION);
   if(version_info.libidn)
     version_info.features |= CURL_VERSION_IDN;
+#elif defined(USE_WIN32_IDN)
+  version_info.features |= CURL_VERSION_IDN;
 #endif
 
 #if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS)
diff --git a/Utilities/cmcurl/lib/vtls/axtls.c b/Utilities/cmcurl/lib/vtls/axtls.c
new file mode 100644
index 0000000..1b577b1
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/axtls.c
@@ -0,0 +1,684 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010, DirecTV, Contact: Eric Hu, <ehu@directv.com>.
+ * Copyright (C) 2010 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all axTLS-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_AXTLS
+#include <axTLS/ssl.h>
+#include "axtls.h"
+
+#include "sendf.h"
+#include "inet_pton.h"
+#include "vtls.h"
+#include "parsedate.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+#include "curl_memory.h"
+#include <unistd.h>
+/* The last #include file should be: */
+#include "memdebug.h"
+#include "hostcheck.h"
+
+
+/* Global axTLS init, called from Curl_ssl_init() */
+int Curl_axtls_init(void)
+{
+/* axTLS has no global init.  Everything is done through SSL and SSL_CTX
+ * structs stored in connectdata structure.  Perhaps can move to axtls.h.
+ */
+  return 1;
+}
+
+int Curl_axtls_cleanup(void)
+{
+  /* axTLS has no global cleanup.  Perhaps can move this to axtls.h. */
+  return 1;
+}
+
+static CURLcode map_error_to_curl(int axtls_err)
+{
+  switch (axtls_err) {
+  case SSL_ERROR_NOT_SUPPORTED:
+  case SSL_ERROR_INVALID_VERSION:
+  case -70:                       /* protocol version alert from server */
+    return CURLE_UNSUPPORTED_PROTOCOL;
+    break;
+  case SSL_ERROR_NO_CIPHER:
+    return CURLE_SSL_CIPHER;
+    break;
+  case SSL_ERROR_BAD_CERTIFICATE: /* this may be bad server cert too */
+  case SSL_ERROR_NO_CERT_DEFINED:
+  case -42:                       /* bad certificate alert from server */
+  case -43:                       /* unsupported cert alert from server */
+  case -44:                       /* cert revoked alert from server */
+  case -45:                       /* cert expired alert from server */
+  case -46:                       /* cert unknown alert from server */
+    return CURLE_SSL_CERTPROBLEM;
+    break;
+  case SSL_X509_ERROR(X509_NOT_OK):
+  case SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT):
+  case SSL_X509_ERROR(X509_VFY_ERROR_BAD_SIGNATURE):
+  case SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID):
+  case SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED):
+  case SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED):
+  case SSL_X509_ERROR(X509_VFY_ERROR_INVALID_CHAIN):
+  case SSL_X509_ERROR(X509_VFY_ERROR_UNSUPPORTED_DIGEST):
+  case SSL_X509_ERROR(X509_INVALID_PRIV_KEY):
+    return CURLE_PEER_FAILED_VERIFICATION;
+    break;
+  case -48:                       /* unknown ca alert from server */
+    return CURLE_SSL_CACERT;
+    break;
+  case -49:                       /* access denied alert from server */
+    return CURLE_REMOTE_ACCESS_DENIED;
+    break;
+  case SSL_ERROR_CONN_LOST:
+  case SSL_ERROR_SOCK_SETUP_FAILURE:
+  case SSL_ERROR_INVALID_HANDSHAKE:
+  case SSL_ERROR_INVALID_PROT_MSG:
+  case SSL_ERROR_INVALID_HMAC:
+  case SSL_ERROR_INVALID_SESSION:
+  case SSL_ERROR_INVALID_KEY:     /* it's too bad this doesn't map better */
+  case SSL_ERROR_FINISHED_INVALID:
+  case SSL_ERROR_NO_CLIENT_RENOG:
+  default:
+    return CURLE_SSL_CONNECT_ERROR;
+    break;
+  }
+}
+
+static Curl_recv axtls_recv;
+static Curl_send axtls_send;
+
+static void free_ssl_structs(struct ssl_connect_data *connssl)
+{
+  if(connssl->ssl) {
+    ssl_free (connssl->ssl);
+    connssl->ssl = NULL;
+  }
+  if(connssl->ssl_ctx) {
+    ssl_ctx_free(connssl->ssl_ctx);
+    connssl->ssl_ctx = NULL;
+  }
+}
+
+/*
+ * For both blocking and non-blocking connects, this function sets up the
+ * ssl context and state.  This function is called after the TCP connect
+ * has completed.
+ */
+static CURLcode connect_prep(struct connectdata *conn, int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  SSL_CTX *ssl_ctx;
+  SSL *ssl = NULL;
+  int cert_types[] = {SSL_OBJ_X509_CERT, SSL_OBJ_PKCS12, 0};
+  int key_types[] = {SSL_OBJ_RSA_KEY, SSL_OBJ_PKCS8, SSL_OBJ_PKCS12, 0};
+  int i, ssl_fcn_return;
+  const uint8_t *ssl_sessionid;
+  size_t ssl_idsize;
+
+  /* Assuming users will not compile in custom key/cert to axTLS.
+  *  Also, even for blocking connects, use axTLS non-blocking feature.
+  */
+  uint32_t client_option = SSL_NO_DEFAULT_KEY |
+    SSL_SERVER_VERIFY_LATER |
+    SSL_CONNECT_IN_PARTS;
+
+  if(conn->ssl[sockindex].state == ssl_connection_complete)
+    /* to make us tolerant against being called more than once for the
+       same connection */
+    return CURLE_OK;
+
+  /* axTLS only supports TLSv1 */
+  /* check to see if we've been told to use an explicit SSL/TLS version */
+  switch(data->set.ssl.version) {
+  case CURL_SSLVERSION_DEFAULT:
+  case CURL_SSLVERSION_TLSv1:
+    break;
+  default:
+    failf(data, "axTLS only supports TLS 1.0 and 1.1, "
+          "and it cannot be specified which one to use");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+#ifdef  AXTLSDEBUG
+  client_option |= SSL_DISPLAY_STATES | SSL_DISPLAY_RSA | SSL_DISPLAY_CERTS;
+#endif /* AXTLSDEBUG */
+
+  /* Allocate an SSL_CTX struct */
+  ssl_ctx = ssl_ctx_new(client_option, SSL_DEFAULT_CLNT_SESS);
+  if(ssl_ctx == NULL) {
+    failf(data, "unable to create client SSL context");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  conn->ssl[sockindex].ssl_ctx = ssl_ctx;
+  conn->ssl[sockindex].ssl = NULL;
+
+  /* Load the trusted CA cert bundle file */
+  if(data->set.ssl.CAfile) {
+    if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL)
+       != SSL_OK) {
+      infof(data, "error reading ca cert file %s \n",
+            data->set.ssl.CAfile);
+      if(data->set.ssl.verifypeer) {
+        return CURLE_SSL_CACERT_BADFILE;
+      }
+    }
+    else
+      infof(data, "found certificates in %s\n", data->set.ssl.CAfile);
+  }
+
+  /* gtls.c tasks we're skipping for now:
+   * 1) certificate revocation list checking
+   * 2) dns name assignment to host
+   * 3) set protocol priority.  axTLS is TLSv1 only, so can probably ignore
+   * 4) set certificate priority.  axTLS ignores type and sends certs in
+   *  order added.  can probably ignore this.
+   */
+
+  /* Load client certificate */
+  if(data->set.str[STRING_CERT]) {
+    i=0;
+    /* Instead of trying to analyze cert type here, let axTLS try them all. */
+    while(cert_types[i] != 0) {
+      ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i],
+                                    data->set.str[STRING_CERT], NULL);
+      if(ssl_fcn_return == SSL_OK) {
+        infof(data, "successfully read cert file %s \n",
+              data->set.str[STRING_CERT]);
+        break;
+      }
+      i++;
+    }
+    /* Tried all cert types, none worked. */
+    if(cert_types[i] == 0) {
+      failf(data, "%s is not x509 or pkcs12 format",
+            data->set.str[STRING_CERT]);
+      return CURLE_SSL_CERTPROBLEM;
+    }
+  }
+
+  /* Load client key.
+     If a pkcs12 file successfully loaded a cert, then there's nothing to do
+     because the key has already been loaded. */
+  if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12) {
+    i=0;
+    /* Instead of trying to analyze key type here, let axTLS try them all. */
+    while(key_types[i] != 0) {
+      ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i],
+                                    data->set.str[STRING_KEY], NULL);
+      if(ssl_fcn_return == SSL_OK) {
+        infof(data, "successfully read key file %s \n",
+              data->set.str[STRING_KEY]);
+        break;
+      }
+      i++;
+    }
+    /* Tried all key types, none worked. */
+    if(key_types[i] == 0) {
+      failf(data, "Failure: %s is not a supported key file",
+            data->set.str[STRING_KEY]);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+
+  /* gtls.c does more here that is being left out for now
+   * 1) set session credentials.  can probably ignore since axtls puts this
+   *    info in the ssl_ctx struct
+   * 2) setting up callbacks.  these seem gnutls specific
+   */
+
+  /* In axTLS, handshaking happens inside ssl_client_new. */
+  if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize)) {
+    /* we got a session id, use it! */
+    infof (data, "SSL re-using session ID\n");
+    ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex],
+                         ssl_sessionid, (uint8_t)ssl_idsize);
+  }
+  else
+    ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], NULL, 0);
+
+  conn->ssl[sockindex].ssl = ssl;
+  return CURLE_OK;
+}
+
+/*
+ * For both blocking and non-blocking connects, this function finalizes the
+ * SSL connection.
+ */
+static CURLcode connect_finish(struct connectdata *conn, int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  SSL *ssl = conn->ssl[sockindex].ssl;
+  const uint8_t *ssl_sessionid;
+  size_t ssl_idsize;
+  const char *peer_CN;
+  uint32_t dns_altname_index;
+  const char *dns_altname;
+  int8_t found_subject_alt_names = 0;
+  int8_t found_subject_alt_name_matching_conn = 0;
+
+  /* Here, gtls.c gets the peer certificates and fails out depending on
+   * settings in "data."  axTLS api doesn't have get cert chain fcn, so omit?
+   */
+
+  /* Verify server's certificate */
+  if(data->set.ssl.verifypeer) {
+    if(ssl_verify_cert(ssl) != SSL_OK) {
+      Curl_axtls_close(conn, sockindex);
+      failf(data, "server cert verify failed");
+      return CURLE_PEER_FAILED_VERIFICATION;
+    }
+  }
+  else
+    infof(data, "\t server certificate verification SKIPPED\n");
+
+  /* Here, gtls.c does issuer verification. axTLS has no straightforward
+   * equivalent, so omitting for now.*/
+
+  /* Here, gtls.c does the following
+   * 1) x509 hostname checking per RFC2818.  axTLS doesn't support this, but
+   *    it seems useful. This is now implemented, by Oscar Koeroo
+   * 2) checks cert validity based on time.  axTLS does this in ssl_verify_cert
+   * 3) displays a bunch of cert information.  axTLS doesn't support most of
+   *    this, but a couple fields are available.
+   */
+
+  /* There is no (DNS) Altnames count in the version 1.4.8 API. There is a
+     risk of an inifite loop */
+  for(dns_altname_index = 0; ; dns_altname_index++) {
+    dns_altname = ssl_get_cert_subject_alt_dnsname(ssl, dns_altname_index);
+    if(dns_altname == NULL) {
+      break;
+    }
+    found_subject_alt_names = 1;
+
+    infof(data, "\tComparing subject alt name DNS with hostname: %s <-> %s\n",
+          dns_altname, conn->host.name);
+    if(Curl_cert_hostcheck(dns_altname, conn->host.name)) {
+      found_subject_alt_name_matching_conn = 1;
+      break;
+    }
+  }
+
+  /* RFC2818 checks */
+  if(found_subject_alt_names && !found_subject_alt_name_matching_conn) {
+    if(data->set.ssl.verifyhost) {
+      /* Break connection ! */
+      Curl_axtls_close(conn, sockindex);
+      failf(data, "\tsubjectAltName(s) do not match %s\n",
+            conn->host.dispname);
+      return CURLE_PEER_FAILED_VERIFICATION;
+    }
+    else
+      infof(data, "\tsubjectAltName(s) do not match %s\n",
+            conn->host.dispname);
+  }
+  else if(found_subject_alt_names == 0) {
+    /* Per RFC2818, when no Subject Alt Names were available, examine the peer
+       CN as a legacy fallback */
+    peer_CN = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);
+    if(peer_CN == NULL) {
+      if(data->set.ssl.verifyhost) {
+        Curl_axtls_close(conn, sockindex);
+        failf(data, "unable to obtain common name from peer certificate");
+        return CURLE_PEER_FAILED_VERIFICATION;
+      }
+      else
+        infof(data, "unable to obtain common name from peer certificate");
+    }
+    else {
+      if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
+        if(data->set.ssl.verifyhost) {
+          /* Break connection ! */
+          Curl_axtls_close(conn, sockindex);
+          failf(data, "\tcommon name \"%s\" does not match \"%s\"\n",
+                peer_CN, conn->host.dispname);
+          return CURLE_PEER_FAILED_VERIFICATION;
+        }
+        else
+          infof(data, "\tcommon name \"%s\" does not match \"%s\"\n",
+                peer_CN, conn->host.dispname);
+      }
+    }
+  }
+
+  /* General housekeeping */
+  conn->ssl[sockindex].state = ssl_connection_complete;
+  conn->recv[sockindex] = axtls_recv;
+  conn->send[sockindex] = axtls_send;
+
+  /* Put our freshly minted SSL session in cache */
+  ssl_idsize = ssl_get_session_id_size(ssl);
+  ssl_sessionid = ssl_get_session_id(ssl);
+  if(Curl_ssl_addsessionid(conn, (void *) ssl_sessionid, ssl_idsize)
+     != CURLE_OK)
+    infof (data, "failed to add session to cache\n");
+
+  return CURLE_OK;
+}
+
+/*
+ * Use axTLS's non-blocking connection feature to open an SSL connection.
+ * This is called after a TCP connection is already established.
+ */
+CURLcode Curl_axtls_connect_nonblocking(
+    struct connectdata *conn,
+    int sockindex,
+    bool *done)
+{
+  CURLcode conn_step;
+  int ssl_fcn_return;
+  int i;
+
+ *done = FALSE;
+  /* connectdata is calloc'd and connecting_state is only changed in this
+     function, so this is safe, as the state is effectively initialized. */
+  if(conn->ssl[sockindex].connecting_state == ssl_connect_1) {
+    conn_step = connect_prep(conn, sockindex);
+    if(conn_step != CURLE_OK) {
+      Curl_axtls_close(conn, sockindex);
+      return conn_step;
+    }
+    conn->ssl[sockindex].connecting_state = ssl_connect_2;
+  }
+
+  if(conn->ssl[sockindex].connecting_state == ssl_connect_2) {
+    /* Check to make sure handshake was ok. */
+    if(ssl_handshake_status(conn->ssl[sockindex].ssl) != SSL_OK) {
+      /* Loop to perform more work in between sleeps. This is work around the
+         fact that axtls does not expose any knowledge about when work needs
+         to be performed. This can save ~25% of time on SSL handshakes. */
+      for(i=0; i<5; i++) {
+        ssl_fcn_return = ssl_read(conn->ssl[sockindex].ssl, NULL);
+        if(ssl_fcn_return < 0) {
+          Curl_axtls_close(conn, sockindex);
+          ssl_display_error(ssl_fcn_return); /* goes to stdout. */
+          return map_error_to_curl(ssl_fcn_return);
+        }
+        return CURLE_OK;
+      }
+    }
+    infof (conn->data, "handshake completed successfully\n");
+    conn->ssl[sockindex].connecting_state = ssl_connect_3;
+  }
+
+  if(conn->ssl[sockindex].connecting_state == ssl_connect_3) {
+    conn_step = connect_finish(conn, sockindex);
+    if(conn_step != CURLE_OK) {
+      Curl_axtls_close(conn, sockindex);
+      return conn_step;
+    }
+
+    /* Reset connect state */
+    conn->ssl[sockindex].connecting_state = ssl_connect_1;
+
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  /* Unrecognized state.  Things are very bad. */
+  conn->ssl[sockindex].state  = ssl_connection_none;
+  conn->ssl[sockindex].connecting_state = ssl_connect_1;
+  /* Return value perhaps not strictly correct, but distinguishes the issue.*/
+  return CURLE_BAD_FUNCTION_ARGUMENT;
+}
+
+
+/*
+ * This function is called after the TCP connect has completed. Setup the TLS
+ * layer and do all necessary magic for a blocking connect.
+ */
+CURLcode
+Curl_axtls_connect(struct connectdata *conn,
+                  int sockindex)
+
+{
+  CURLcode conn_step = connect_prep(conn, sockindex);
+  int ssl_fcn_return;
+  SSL *ssl = conn->ssl[sockindex].ssl;
+
+  if(conn_step != CURLE_OK) {
+    Curl_axtls_close(conn, sockindex);
+    return conn_step;
+  }
+
+  /* Check to make sure handshake was ok. */
+  while(ssl_handshake_status(ssl) != SSL_OK) {
+    ssl_fcn_return = ssl_read(ssl, NULL);
+    if(ssl_fcn_return < 0) {
+      Curl_axtls_close(conn, sockindex);
+      ssl_display_error(ssl_fcn_return); /* goes to stdout. */
+      return map_error_to_curl(ssl_fcn_return);
+    }
+    usleep(10000);
+    /* TODO: check for timeout as this could hang indefinitely otherwise */
+  }
+  infof (conn->data, "handshake completed successfully\n");
+
+  conn_step = connect_finish(conn, sockindex);
+  if(conn_step != CURLE_OK) {
+    Curl_axtls_close(conn, sockindex);
+    return conn_step;
+  }
+
+  return CURLE_OK;
+}
+
+/* return number of sent (non-SSL) bytes */
+static ssize_t axtls_send(struct connectdata *conn,
+                          int sockindex,
+                          const void *mem,
+                          size_t len,
+                          CURLcode *err)
+{
+  /* ssl_write() returns 'int' while write() and send() returns 'size_t' */
+  int rc = ssl_write(conn->ssl[sockindex].ssl, mem, (int)len);
+
+  infof(conn->data, "  axtls_send\n");
+
+  if(rc < 0 ) {
+    *err = map_error_to_curl(rc);
+    rc = -1; /* generic error code for send failure */
+  }
+
+  *err = CURLE_OK;
+  return rc;
+}
+
+void Curl_axtls_close_all(struct SessionHandle *data)
+{
+  (void)data;
+  infof(data, "  Curl_axtls_close_all\n");
+}
+
+void Curl_axtls_close(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  infof(conn->data, "  Curl_axtls_close\n");
+
+    /* line from openssl.c: (void)SSL_shutdown(connssl->ssl);
+       axTLS compat layer does nothing for SSL_shutdown */
+
+    /* The following line is from openssl.c.  There seems to be no axTLS
+       equivalent.  ssl_free and ssl_ctx_free close things.
+       SSL_set_connect_state(connssl->handle); */
+
+  free_ssl_structs(connssl);
+}
+
+/*
+ * This function is called to shut down the SSL layer but keep the
+ * socket open (CCC - Clear Command Channel)
+ */
+int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
+{
+  /* Outline taken from openssl.c since functions are in axTLS compat layer.
+     axTLS's error set is much smaller, so a lot of error-handling was removed.
+   */
+  int retval = 0;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  uint8_t *buf;
+  ssize_t nread;
+
+  infof(conn->data, "  Curl_axtls_shutdown\n");
+
+  /* This has only been tested on the proftpd server, and the mod_tls code
+     sends a close notify alert without waiting for a close notify alert in
+     response. Thus we wait for a close notify alert from the server, but
+     we do not send one. Let's hope other servers do the same... */
+
+  /* axTLS compat layer does nothing for SSL_shutdown, so we do nothing too
+  if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
+      (void)SSL_shutdown(connssl->ssl);
+  */
+
+  if(connssl->ssl) {
+    int what = Curl_socket_ready(conn->sock[sockindex],
+                                 CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+    if(what > 0) {
+      /* Something to read, let's do it and hope that it is the close
+         notify alert from the server.  buf is managed internally by
+         axTLS and will be released upon calling ssl_free via
+         free_ssl_structs. */
+      nread = (ssize_t)ssl_read(connssl->ssl, &buf);
+
+      if(nread < SSL_OK) {
+        failf(data, "close notify alert not received during shutdown");
+        retval = -1;
+      }
+    }
+    else if(0 == what) {
+      /* timeout */
+      failf(data, "SSL shutdown timeout");
+    }
+    else {
+      /* anything that gets here is fatally bad */
+      failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+      retval = -1;
+    }
+
+    free_ssl_structs(connssl);
+  }
+  return retval;
+}
+
+static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
+                          int num,                  /* socketindex */
+                          char *buf,                /* store read data here */
+                          size_t buffersize,        /* max amount to read */
+                          CURLcode *err)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[num];
+  ssize_t ret = 0;
+  uint8_t *read_buf;
+
+  infof(conn->data, "  axtls_recv\n");
+
+  *err = CURLE_OK;
+  if(connssl) {
+    ret = ssl_read(connssl->ssl, &read_buf);
+    if(ret > SSL_OK) {
+      /* ssl_read returns SSL_OK if there is more data to read, so if it is
+         larger, then all data has been read already.  */
+      memcpy(buf, read_buf,
+             (size_t)ret > buffersize ? buffersize : (size_t)ret);
+    }
+    else if(ret == SSL_OK) {
+      /* more data to be read, signal caller to call again */
+      *err = CURLE_AGAIN;
+      ret = -1;
+    }
+    else if(ret == -3) {
+      /* With patched axTLS, SSL_CLOSE_NOTIFY=-3.  Hard-coding until axTLS
+         team approves proposed fix. */
+      Curl_axtls_close(conn, num);
+    }
+    else {
+      failf(conn->data, "axTLS recv error (%d)", ret);
+      *err = map_error_to_curl((int) ret);
+      ret = -1;
+    }
+  }
+
+  return ret;
+}
+
+/*
+ * Return codes:
+ *     1 means the connection is still in place
+ *     0 means the connection has been closed
+ *    -1 means the connection status is unknown
+ */
+int Curl_axtls_check_cxn(struct connectdata *conn)
+{
+  /* openssl.c line: rc = SSL_peek(conn->ssl[FIRSTSOCKET].ssl, (void*)&buf, 1);
+     axTLS compat layer always returns the last argument, so connection is
+     always alive? */
+
+  infof(conn->data, "  Curl_axtls_check_cxn\n");
+   return 1; /* connection still in place */
+}
+
+void Curl_axtls_session_free(void *ptr)
+{
+  (void)ptr;
+  /* free the ID */
+  /* both openssl.c and gtls.c do something here, but axTLS's OpenSSL
+     compatibility layer does nothing, so we do nothing too. */
+}
+
+size_t Curl_axtls_version(char *buffer, size_t size)
+{
+  return snprintf(buffer, size, "axTLS/%s", ssl_version());
+}
+
+int Curl_axtls_random(struct SessionHandle *data,
+                      unsigned char *entropy,
+                      size_t length)
+{
+  static bool ssl_seeded = FALSE;
+  (void)data;
+  if(!ssl_seeded) {
+    ssl_seeded = TRUE;
+    /* Initialize the seed if not already done. This call is not exactly thread
+     * safe (and neither is the ssl_seeded check), but the worst effect of a
+     * race condition is that some global resources will leak. */
+    RNG_initialize();
+  }
+  get_random(length, entropy);
+  return 0;
+}
+
+#endif /* USE_AXTLS */
diff --git a/Utilities/cmcurl/lib/vtls/axtls.h b/Utilities/cmcurl/lib/vtls/axtls.h
new file mode 100644
index 0000000..0459cf2
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/axtls.h
@@ -0,0 +1,72 @@
+#ifndef HEADER_CURL_AXTLS_H
+#define HEADER_CURL_AXTLS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010, DirecTV
+ * contact: Eric Hu <ehu@directv.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#ifdef USE_AXTLS
+#include "curl/curl.h"
+#include "urldata.h"
+
+int Curl_axtls_init(void);
+int Curl_axtls_cleanup(void);
+CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex);
+CURLcode Curl_axtls_connect_nonblocking(
+    struct connectdata *conn,
+    int sockindex,
+    bool *done);
+
+/* tell axTLS to close down all open information regarding connections (and
+   thus session ID caching etc) */
+void Curl_axtls_close_all(struct SessionHandle *data);
+
+ /* close a SSL connection */
+void Curl_axtls_close(struct connectdata *conn, int sockindex);
+
+void Curl_axtls_session_free(void *ptr);
+size_t Curl_axtls_version(char *buffer, size_t size);
+int Curl_axtls_shutdown(struct connectdata *conn, int sockindex);
+int Curl_axtls_check_cxn(struct connectdata *conn);
+int Curl_axtls_random(struct SessionHandle *data,
+                      unsigned char *entropy,
+                      size_t length);
+
+/* API setup for axTLS */
+#define curlssl_init Curl_axtls_init
+#define curlssl_cleanup Curl_axtls_cleanup
+#define curlssl_connect Curl_axtls_connect
+#define curlssl_connect_nonblocking Curl_axtls_connect_nonblocking
+#define curlssl_session_free(x)  Curl_axtls_session_free(x)
+#define curlssl_close_all Curl_axtls_close_all
+#define curlssl_close Curl_axtls_close
+#define curlssl_shutdown(x,y) Curl_axtls_shutdown(x,y)
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_axtls_version
+#define curlssl_check_cxn(x) Curl_axtls_check_cxn(x)
+#define curlssl_data_pending(x,y) (x=x, y=y, 0)
+#define curlssl_random(x,y,z) Curl_axtls_random(x,y,z)
+#define CURL_SSL_BACKEND CURLSSLBACKEND_AXTLS
+#endif /* USE_AXTLS */
+#endif /* HEADER_CURL_AXTLS_H */
+
diff --git a/Utilities/cmcurl/lib/vtls/curl_darwinssl.c b/Utilities/cmcurl/lib/vtls/curl_darwinssl.c
new file mode 100644
index 0000000..f229c6f
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/curl_darwinssl.c
@@ -0,0 +1,2485 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all iOS and Mac OS X SecureTransport-specific code for the
+ * TLS/SSL layer. No code but vtls.c should ever call or use these functions.
+ */
+
+#include "curl_setup.h"
+
+#include "urldata.h" /* for the SessionHandle definition */
+#include "curl_base64.h"
+#include "strtok.h"
+
+#ifdef USE_DARWINSSL
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include <Security/Security.h>
+#include <Security/SecureTransport.h>
+#include <CoreFoundation/CoreFoundation.h>
+#include <CommonCrypto/CommonDigest.h>
+
+/* The Security framework has changed greatly between iOS and different OS X
+   versions, and we will try to support as many of them as we can (back to
+   Leopard and iOS 5) by using macros and weak-linking.
+
+   IMPORTANT: If TLS 1.1 and 1.2 support are important for you on OS X, then
+   you must build this project against the 10.8 SDK or later. */
+#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
+
+#if MAC_OS_X_VERSION_MAX_ALLOWED < 1050
+#error "The darwinssl back-end requires Leopard or later."
+#endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */
+
+#define CURL_BUILD_IOS 0
+#define CURL_BUILD_IOS_7 0
+#define CURL_BUILD_MAC 1
+/* This is the maximum API level we are allowed to use when building: */
+#define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050
+#define CURL_BUILD_MAC_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= 1060
+#define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070
+#define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
+#define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090
+/* These macros mean "the following code is present to allow runtime backward
+   compatibility with at least this cat or earlier":
+   (You set this at build-time by setting the MACOSX_DEPLOYMENT_TARGET
+   environmental variable.) */
+#define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050
+#define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060
+#define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070
+#define CURL_SUPPORT_MAC_10_8 MAC_OS_X_VERSION_MIN_REQUIRED <= 1080
+#define CURL_SUPPORT_MAC_10_9 MAC_OS_X_VERSION_MIN_REQUIRED <= 1090
+
+#elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
+#define CURL_BUILD_IOS 1
+#define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000
+#define CURL_BUILD_MAC 0
+#define CURL_BUILD_MAC_10_5 0
+#define CURL_BUILD_MAC_10_6 0
+#define CURL_BUILD_MAC_10_7 0
+#define CURL_BUILD_MAC_10_8 0
+#define CURL_SUPPORT_MAC_10_5 0
+#define CURL_SUPPORT_MAC_10_6 0
+#define CURL_SUPPORT_MAC_10_7 0
+#define CURL_SUPPORT_MAC_10_8 0
+
+#else
+#error "The darwinssl back-end requires iOS or OS X."
+#endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */
+
+#if CURL_BUILD_MAC
+#include <sys/sysctl.h>
+#endif /* CURL_BUILD_MAC */
+
+#include "urldata.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "connect.h"
+#include "select.h"
+#include "vtls.h"
+#include "curl_darwinssl.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* From MacTypes.h (which we can't include because it isn't present in iOS: */
+#define ioErr -36
+#define paramErr -50
+
+/* The following two functions were ripped from Apple sample code,
+ * with some modifications: */
+static OSStatus SocketRead(SSLConnectionRef connection,
+                           void *data,          /* owned by
+                                                 * caller, data
+                                                 * RETURNED */
+                           size_t *dataLength)  /* IN/OUT */
+{
+  size_t bytesToGo = *dataLength;
+  size_t initLen = bytesToGo;
+  UInt8 *currData = (UInt8 *)data;
+  /*int sock = *(int *)connection;*/
+  struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
+  int sock = connssl->ssl_sockfd;
+  OSStatus rtn = noErr;
+  size_t bytesRead;
+  ssize_t rrtn;
+  int theErr;
+
+  *dataLength = 0;
+
+  for(;;) {
+    bytesRead = 0;
+    rrtn = read(sock, currData, bytesToGo);
+    if(rrtn <= 0) {
+      /* this is guesswork... */
+      theErr = errno;
+      if(rrtn == 0) { /* EOF = server hung up */
+        /* the framework will turn this into errSSLClosedNoNotify */
+        rtn = errSSLClosedGraceful;
+      }
+      else /* do the switch */
+        switch(theErr) {
+          case ENOENT:
+            /* connection closed */
+            rtn = errSSLClosedGraceful;
+            break;
+          case ECONNRESET:
+            rtn = errSSLClosedAbort;
+            break;
+          case EAGAIN:
+            rtn = errSSLWouldBlock;
+            connssl->ssl_direction = false;
+            break;
+          default:
+            rtn = ioErr;
+            break;
+        }
+      break;
+    }
+    else {
+      bytesRead = rrtn;
+    }
+    bytesToGo -= bytesRead;
+    currData  += bytesRead;
+
+    if(bytesToGo == 0) {
+      /* filled buffer with incoming data, done */
+      break;
+    }
+  }
+  *dataLength = initLen - bytesToGo;
+
+  return rtn;
+}
+
+static OSStatus SocketWrite(SSLConnectionRef connection,
+                            const void *data,
+                            size_t *dataLength)  /* IN/OUT */
+{
+  size_t bytesSent = 0;
+  /*int sock = *(int *)connection;*/
+  struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
+  int sock = connssl->ssl_sockfd;
+  ssize_t length;
+  size_t dataLen = *dataLength;
+  const UInt8 *dataPtr = (UInt8 *)data;
+  OSStatus ortn;
+  int theErr;
+
+  *dataLength = 0;
+
+  do {
+    length = write(sock,
+                   (char*)dataPtr + bytesSent,
+                   dataLen - bytesSent);
+  } while((length > 0) &&
+           ( (bytesSent += length) < dataLen) );
+
+  if(length <= 0) {
+    theErr = errno;
+    if(theErr == EAGAIN) {
+      ortn = errSSLWouldBlock;
+      connssl->ssl_direction = true;
+    }
+    else {
+      ortn = ioErr;
+    }
+  }
+  else {
+    ortn = noErr;
+  }
+  *dataLength = bytesSent;
+  return ortn;
+}
+
+CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher) {
+  switch (cipher) {
+    /* SSL version 3.0 */
+    case SSL_RSA_WITH_NULL_MD5:
+      return "SSL_RSA_WITH_NULL_MD5";
+      break;
+    case SSL_RSA_WITH_NULL_SHA:
+      return "SSL_RSA_WITH_NULL_SHA";
+      break;
+    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
+      return "SSL_RSA_EXPORT_WITH_RC4_40_MD5";
+      break;
+    case SSL_RSA_WITH_RC4_128_MD5:
+      return "SSL_RSA_WITH_RC4_128_MD5";
+      break;
+    case SSL_RSA_WITH_RC4_128_SHA:
+      return "SSL_RSA_WITH_RC4_128_SHA";
+      break;
+    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+      return "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5";
+      break;
+    case SSL_RSA_WITH_IDEA_CBC_SHA:
+      return "SSL_RSA_WITH_IDEA_CBC_SHA";
+      break;
+    case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_RSA_WITH_DES_CBC_SHA:
+      return "SSL_RSA_WITH_DES_CBC_SHA";
+      break;
+    case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DH_DSS_WITH_DES_CBC_SHA:
+      return "SSL_DH_DSS_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DH_RSA_WITH_DES_CBC_SHA:
+      return "SSL_DH_RSA_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DHE_DSS_WITH_DES_CBC_SHA:
+      return "SSL_DHE_DSS_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DHE_RSA_WITH_DES_CBC_SHA:
+      return "SSL_DHE_RSA_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
+      return "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5";
+      break;
+    case SSL_DH_anon_WITH_RC4_128_MD5:
+      return "SSL_DH_anon_WITH_RC4_128_MD5";
+      break;
+    case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DH_anon_WITH_DES_CBC_SHA:
+      return "SSL_DH_anon_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
+      return "SSL_FORTEZZA_DMS_WITH_NULL_SHA";
+      break;
+    case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
+      return "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA";
+      break;
+    /* TLS 1.0 with AES (RFC 3268)
+       (Apparently these are used in SSLv3 implementations as well.) */
+    case TLS_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
+      return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
+      return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DH_anon_WITH_AES_128_CBC_SHA:
+      return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
+      return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
+      return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DH_anon_WITH_AES_256_CBC_SHA:
+      return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
+      break;
+    /* SSL version 2.0 */
+    case SSL_RSA_WITH_RC2_CBC_MD5:
+      return "SSL_RSA_WITH_RC2_CBC_MD5";
+      break;
+    case SSL_RSA_WITH_IDEA_CBC_MD5:
+      return "SSL_RSA_WITH_IDEA_CBC_MD5";
+      break;
+    case SSL_RSA_WITH_DES_CBC_MD5:
+      return "SSL_RSA_WITH_DES_CBC_MD5";
+      break;
+    case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
+      return "SSL_RSA_WITH_3DES_EDE_CBC_MD5";
+      break;
+  }
+  return "SSL_NULL_WITH_NULL_NULL";
+}
+
+CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) {
+  switch(cipher) {
+    /* TLS 1.0 with AES (RFC 3268) */
+    case TLS_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
+      return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
+      return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DH_anon_WITH_AES_128_CBC_SHA:
+      return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
+      return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
+      return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DH_anon_WITH_AES_256_CBC_SHA:
+      return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
+      break;
+#if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
+    /* TLS 1.0 with ECDSA (RFC 4492) */
+    case TLS_ECDH_ECDSA_WITH_NULL_SHA:
+      return "TLS_ECDH_ECDSA_WITH_NULL_SHA";
+      break;
+    case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
+      return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_NULL_SHA:
+      return "TLS_ECDH_RSA_WITH_NULL_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_RC4_128_SHA:
+      return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_NULL_SHA:
+      return "TLS_ECDHE_RSA_WITH_NULL_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+      return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_NULL_SHA:
+      return "TLS_ECDH_anon_WITH_NULL_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_RC4_128_SHA:
+      return "TLS_ECDH_anon_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
+      break;
+#endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
+    /* TLS 1.2 (RFC 5246) */
+    case TLS_RSA_WITH_NULL_MD5:
+      return "TLS_RSA_WITH_NULL_MD5";
+      break;
+    case TLS_RSA_WITH_NULL_SHA:
+      return "TLS_RSA_WITH_NULL_SHA";
+      break;
+    case TLS_RSA_WITH_RC4_128_MD5:
+      return "TLS_RSA_WITH_RC4_128_MD5";
+      break;
+    case TLS_RSA_WITH_RC4_128_SHA:
+      return "TLS_RSA_WITH_RC4_128_SHA";
+      break;
+    case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_RSA_WITH_NULL_SHA256:
+      return "TLS_RSA_WITH_NULL_SHA256";
+      break;
+    case TLS_RSA_WITH_AES_128_CBC_SHA256:
+      return "TLS_RSA_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_RSA_WITH_AES_256_CBC_SHA256:
+      return "TLS_RSA_WITH_AES_256_CBC_SHA256";
+      break;
+    case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
+      return "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
+      return "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+      return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
+      return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
+      return "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
+      break;
+    case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
+      return "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
+      break;
+    case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
+      return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
+      break;
+    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
+      return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
+      break;
+    case TLS_DH_anon_WITH_RC4_128_MD5:
+      return "TLS_DH_anon_WITH_RC4_128_MD5";
+      break;
+    case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
+      return "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
+      return "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
+      break;
+    /* TLS 1.2 with AES GCM (RFC 5288) */
+    case TLS_RSA_WITH_AES_128_GCM_SHA256:
+      return "TLS_RSA_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_RSA_WITH_AES_256_GCM_SHA384:
+      return "TLS_RSA_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+      return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
+      return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
+      return "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
+      return "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+      return "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
+      return "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
+      return "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
+      return "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
+      return "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
+      return "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
+      break;
+    /* TLS 1.2 with elliptic curve ciphers (RFC 5289) */
+    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+      return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+      return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
+      break;
+    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
+      return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
+      return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+      return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
+      return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
+      break;
+    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
+      return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
+      return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+      return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+      return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
+      return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
+      return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+      return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+      return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
+      return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
+      return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
+      return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
+      break;
+#else
+    case SSL_RSA_WITH_NULL_MD5:
+      return "TLS_RSA_WITH_NULL_MD5";
+      break;
+    case SSL_RSA_WITH_NULL_SHA:
+      return "TLS_RSA_WITH_NULL_SHA";
+      break;
+    case SSL_RSA_WITH_RC4_128_MD5:
+      return "TLS_RSA_WITH_RC4_128_MD5";
+      break;
+    case SSL_RSA_WITH_RC4_128_SHA:
+      return "TLS_RSA_WITH_RC4_128_SHA";
+      break;
+    case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DH_anon_WITH_RC4_128_MD5:
+      return "TLS_DH_anon_WITH_RC4_128_MD5";
+      break;
+    case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
+      break;
+#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
+#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
+    /* TLS PSK (RFC 4279): */
+    case TLS_PSK_WITH_RC4_128_SHA:
+      return "TLS_PSK_WITH_RC4_128_SHA";
+      break;
+    case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_PSK_WITH_AES_128_CBC_SHA:
+      return "TLS_PSK_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_PSK_WITH_AES_256_CBC_SHA:
+      return "TLS_PSK_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DHE_PSK_WITH_RC4_128_SHA:
+      return "TLS_DHE_PSK_WITH_RC4_128_SHA";
+      break;
+    case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
+      return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
+      return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_RSA_PSK_WITH_RC4_128_SHA:
+      return "TLS_RSA_PSK_WITH_RC4_128_SHA";
+      break;
+    case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
+      return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
+      return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
+      break;
+    /* More TLS PSK (RFC 4785): */
+    case TLS_PSK_WITH_NULL_SHA:
+      return "TLS_PSK_WITH_NULL_SHA";
+      break;
+    case TLS_DHE_PSK_WITH_NULL_SHA:
+      return "TLS_DHE_PSK_WITH_NULL_SHA";
+      break;
+    case TLS_RSA_PSK_WITH_NULL_SHA:
+      return "TLS_RSA_PSK_WITH_NULL_SHA";
+      break;
+    /* Even more TLS PSK (RFC 5487): */
+    case TLS_PSK_WITH_AES_128_GCM_SHA256:
+      return "TLS_PSK_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_PSK_WITH_AES_256_GCM_SHA384:
+      return "TLS_PSK_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
+      return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+      return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
+      return "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
+      break;
+    case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
+      return "TLS_PSK_WITH_AES_256_GCM_SHA384";
+      break;
+    case TLS_PSK_WITH_AES_128_CBC_SHA256:
+      return "TLS_PSK_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_PSK_WITH_AES_256_CBC_SHA384:
+      return "TLS_PSK_WITH_AES_256_CBC_SHA384";
+      break;
+    case TLS_PSK_WITH_NULL_SHA256:
+      return "TLS_PSK_WITH_NULL_SHA256";
+      break;
+    case TLS_PSK_WITH_NULL_SHA384:
+      return "TLS_PSK_WITH_NULL_SHA384";
+      break;
+    case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
+      return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
+      return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
+      break;
+    case TLS_DHE_PSK_WITH_NULL_SHA256:
+      return "TLS_DHE_PSK_WITH_NULL_SHA256";
+      break;
+    case TLS_DHE_PSK_WITH_NULL_SHA384:
+      return "TLS_RSA_PSK_WITH_NULL_SHA384";
+      break;
+    case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
+      return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
+      break;
+    case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
+      return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
+      break;
+    case TLS_RSA_PSK_WITH_NULL_SHA256:
+      return "TLS_RSA_PSK_WITH_NULL_SHA256";
+      break;
+    case TLS_RSA_PSK_WITH_NULL_SHA384:
+      return "TLS_RSA_PSK_WITH_NULL_SHA384";
+      break;
+#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
+  }
+  return "TLS_NULL_WITH_NULL_NULL";
+}
+
+#if CURL_BUILD_MAC
+CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
+{
+  int mib[2];
+  char *os_version;
+  size_t os_version_len;
+  char *os_version_major, *os_version_minor/*, *os_version_point*/;
+  char *tok_buf;
+
+  /* Get the Darwin kernel version from the kernel using sysctl(): */
+  mib[0] = CTL_KERN;
+  mib[1] = KERN_OSRELEASE;
+  if(sysctl(mib, 2, NULL, &os_version_len, NULL, 0) == -1)
+    return;
+  os_version = malloc(os_version_len*sizeof(char));
+  if(!os_version)
+    return;
+  if(sysctl(mib, 2, os_version, &os_version_len, NULL, 0) == -1) {
+    free(os_version);
+    return;
+  }
+
+  /* Parse the version: */
+  os_version_major = strtok_r(os_version, ".", &tok_buf);
+  os_version_minor = strtok_r(NULL, ".", &tok_buf);
+  /*os_version_point = strtok_r(NULL, ".", &tok_buf);*/
+  *major = atoi(os_version_major);
+  *minor = atoi(os_version_minor);
+  free(os_version);
+}
+#endif /* CURL_BUILD_MAC */
+
+/* Apple provides a myriad of ways of getting information about a certificate
+   into a string. Some aren't available under iOS or newer cats. So here's
+   a unified function for getting a string describing the certificate that
+   ought to work in all cats starting with Leopard. */
+CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert)
+{
+  CFStringRef server_cert_summary = CFSTR("(null)");
+
+#if CURL_BUILD_IOS
+  /* iOS: There's only one way to do this. */
+  server_cert_summary = SecCertificateCopySubjectSummary(cert);
+#else
+#if CURL_BUILD_MAC_10_7
+  /* Lion & later: Get the long description if we can. */
+  if(SecCertificateCopyLongDescription != NULL)
+    server_cert_summary =
+      SecCertificateCopyLongDescription(NULL, cert, NULL);
+  else
+#endif /* CURL_BUILD_MAC_10_7 */
+#if CURL_BUILD_MAC_10_6
+  /* Snow Leopard: Get the certificate summary. */
+  if(SecCertificateCopySubjectSummary != NULL)
+    server_cert_summary = SecCertificateCopySubjectSummary(cert);
+  else
+#endif /* CURL_BUILD_MAC_10_6 */
+  /* Leopard is as far back as we go... */
+  (void)SecCertificateCopyCommonName(cert, &server_cert_summary);
+#endif /* CURL_BUILD_IOS */
+  return server_cert_summary;
+}
+
+#if CURL_SUPPORT_MAC_10_6
+/* The SecKeychainSearch API was deprecated in Lion, and using it will raise
+   deprecation warnings, so let's not compile this unless it's necessary: */
+static OSStatus CopyIdentityWithLabelOldSchool(char *label,
+                                               SecIdentityRef *out_c_a_k)
+{
+  OSStatus status = errSecItemNotFound;
+  SecKeychainAttributeList attr_list;
+  SecKeychainAttribute attr;
+  SecKeychainSearchRef search = NULL;
+  SecCertificateRef cert = NULL;
+
+  /* Set up the attribute list: */
+  attr_list.count = 1L;
+  attr_list.attr = &attr;
+
+  /* Set up our lone search criterion: */
+  attr.tag = kSecLabelItemAttr;
+  attr.data = label;
+  attr.length = (UInt32)strlen(label);
+
+  /* Start searching: */
+  status = SecKeychainSearchCreateFromAttributes(NULL,
+                                                 kSecCertificateItemClass,
+                                                 &attr_list,
+                                                 &search);
+  if(status == noErr) {
+    status = SecKeychainSearchCopyNext(search,
+                                       (SecKeychainItemRef *)&cert);
+    if(status == noErr && cert) {
+      /* If we found a certificate, does it have a private key? */
+      status = SecIdentityCreateWithCertificate(NULL, cert, out_c_a_k);
+      CFRelease(cert);
+    }
+  }
+
+  if(search)
+    CFRelease(search);
+  return status;
+}
+#endif /* CURL_SUPPORT_MAC_10_6 */
+
+static OSStatus CopyIdentityWithLabel(char *label,
+                                      SecIdentityRef *out_cert_and_key)
+{
+  OSStatus status = errSecItemNotFound;
+
+#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
+  /* SecItemCopyMatching() was introduced in iOS and Snow Leopard.
+     kSecClassIdentity was introduced in Lion. If both exist, let's use them
+     to find the certificate. */
+  if(SecItemCopyMatching != NULL && kSecClassIdentity != NULL) {
+    CFTypeRef keys[4];
+    CFTypeRef values[4];
+    CFDictionaryRef query_dict;
+    CFStringRef label_cf = CFStringCreateWithCString(NULL, label,
+      kCFStringEncodingUTF8);
+
+    /* Set up our search criteria and expected results: */
+    values[0] = kSecClassIdentity; /* we want a certificate and a key */
+    keys[0] = kSecClass;
+    values[1] = kCFBooleanTrue;    /* we want a reference */
+    keys[1] = kSecReturnRef;
+    values[2] = kSecMatchLimitOne; /* one is enough, thanks */
+    keys[2] = kSecMatchLimit;
+    /* identity searches need a SecPolicyRef in order to work */
+    values[3] = SecPolicyCreateSSL(false, label_cf);
+    keys[3] = kSecMatchPolicy;
+    query_dict = CFDictionaryCreate(NULL, (const void **)keys,
+                                   (const void **)values, 4L,
+                                   &kCFCopyStringDictionaryKeyCallBacks,
+                                   &kCFTypeDictionaryValueCallBacks);
+    CFRelease(values[3]);
+    CFRelease(label_cf);
+
+    /* Do we have a match? */
+    status = SecItemCopyMatching(query_dict, (CFTypeRef *)out_cert_and_key);
+    CFRelease(query_dict);
+  }
+  else {
+#if CURL_SUPPORT_MAC_10_6
+    /* On Leopard and Snow Leopard, fall back to SecKeychainSearch. */
+    status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
+#endif /* CURL_SUPPORT_MAC_10_7 */
+  }
+#elif CURL_SUPPORT_MAC_10_6
+  /* For developers building on older cats, we have no choice but to fall back
+     to SecKeychainSearch. */
+  status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
+#endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
+  return status;
+}
+
+static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
+                                           const char *cPassword,
+                                           SecIdentityRef *out_cert_and_key)
+{
+  OSStatus status = errSecItemNotFound;
+  CFURLRef pkcs_url = CFURLCreateFromFileSystemRepresentation(NULL,
+    (const UInt8 *)cPath, strlen(cPath), false);
+  CFStringRef password = cPassword ? CFStringCreateWithCString(NULL,
+    cPassword, kCFStringEncodingUTF8) : NULL;
+  CFDataRef pkcs_data = NULL;
+
+  /* We can import P12 files on iOS or OS X 10.7 or later: */
+  /* These constants are documented as having first appeared in 10.6 but they
+     raise linker errors when used on that cat for some reason. */
+#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
+  if(CFURLCreateDataAndPropertiesFromResource(NULL, pkcs_url, &pkcs_data,
+    NULL, NULL, &status)) {
+    const void *cKeys[] = {kSecImportExportPassphrase};
+    const void *cValues[] = {password};
+    CFDictionaryRef options = CFDictionaryCreate(NULL, cKeys, cValues,
+      password ? 1L : 0L, NULL, NULL);
+    CFArrayRef items = NULL;
+
+    /* Here we go: */
+    status = SecPKCS12Import(pkcs_data, options, &items);
+    if(status == noErr && items && CFArrayGetCount(items)) {
+      CFDictionaryRef identity_and_trust = CFArrayGetValueAtIndex(items, 0L);
+      const void *temp_identity = CFDictionaryGetValue(identity_and_trust,
+        kSecImportItemIdentity);
+
+      /* Retain the identity; we don't care about any other data... */
+      CFRetain(temp_identity);
+      *out_cert_and_key = (SecIdentityRef)temp_identity;
+    }
+
+    if(items)
+      CFRelease(items);
+    CFRelease(options);
+    CFRelease(pkcs_data);
+  }
+#endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
+  if(password)
+    CFRelease(password);
+  CFRelease(pkcs_url);
+  return status;
+}
+
+/* This code was borrowed from nss.c, with some modifications:
+ * Determine whether the nickname passed in is a filename that needs to
+ * be loaded as a PEM or a regular NSS nickname.
+ *
+ * returns 1 for a file
+ * returns 0 for not a file
+ */
+CF_INLINE bool is_file(const char *filename)
+{
+  struct_stat st;
+
+  if(filename == NULL)
+    return false;
+
+  if(stat(filename, &st) == 0)
+    return S_ISREG(st.st_mode);
+  return false;
+}
+
+static CURLcode darwinssl_connect_step1(struct connectdata *conn,
+                                        int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  curl_socket_t sockfd = conn->sock[sockindex];
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+#ifdef ENABLE_IPV6
+  struct in6_addr addr;
+#else
+  struct in_addr addr;
+#endif /* ENABLE_IPV6 */
+  size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i;
+  SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL;
+  char *ssl_sessionid;
+  size_t ssl_sessionid_len;
+  OSStatus err = noErr;
+#if CURL_BUILD_MAC
+  int darwinver_maj = 0, darwinver_min = 0;
+
+  GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
+#endif /* CURL_BUILD_MAC */
+
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
+  if(SSLCreateContext != NULL) {  /* use the newer API if avaialble */
+    if(connssl->ssl_ctx)
+      CFRelease(connssl->ssl_ctx);
+    connssl->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
+    if(!connssl->ssl_ctx) {
+      failf(data, "SSL: couldn't create a context!");
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  else {
+  /* The old ST API does not exist under iOS, so don't compile it: */
+#if CURL_SUPPORT_MAC_10_8
+    if(connssl->ssl_ctx)
+      (void)SSLDisposeContext(connssl->ssl_ctx);
+    err = SSLNewContext(false, &(connssl->ssl_ctx));
+    if(err != noErr) {
+      failf(data, "SSL: couldn't create a context: OSStatus %d", err);
+      return CURLE_OUT_OF_MEMORY;
+    }
+#endif /* CURL_SUPPORT_MAC_10_8 */
+  }
+#else
+  if(connssl->ssl_ctx)
+    (void)SSLDisposeContext(connssl->ssl_ctx);
+  err = SSLNewContext(false, &(connssl->ssl_ctx));
+  if(err != noErr) {
+    failf(data, "SSL: couldn't create a context: OSStatus %d", err);
+    return CURLE_OUT_OF_MEMORY;
+  }
+#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
+  connssl->ssl_write_buffered_length = 0UL; /* reset buffered write length */
+
+  /* check to see if we've been told to use an explicit SSL/TLS version */
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
+  if(SSLSetProtocolVersionMax != NULL) {
+    switch(data->set.ssl.version) {
+      case CURL_SSLVERSION_DEFAULT: default:
+        (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3);
+        (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
+        break;
+      case CURL_SSLVERSION_TLSv1:
+        (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
+        (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
+        break;
+      case CURL_SSLVERSION_TLSv1_0:
+        (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
+        (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol1);
+        break;
+      case CURL_SSLVERSION_TLSv1_1:
+        (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol11);
+        (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol11);
+        break;
+      case CURL_SSLVERSION_TLSv1_2:
+        (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol12);
+        (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
+        break;
+      case CURL_SSLVERSION_SSLv3:
+        (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3);
+        (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol3);
+        break;
+      case CURL_SSLVERSION_SSLv2:
+        err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol2);
+        if(err != noErr) {
+          failf(data, "Your version of the OS does not support SSLv2");
+          return CURLE_SSL_CONNECT_ERROR;
+        }
+        (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2);
+    }
+  }
+  else {
+#if CURL_SUPPORT_MAC_10_8
+    (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                       kSSLProtocolAll,
+                                       false);
+    switch (data->set.ssl.version) {
+      case CURL_SSLVERSION_DEFAULT: default:
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kSSLProtocol3,
+                                           true);
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kTLSProtocol1,
+                                           true);
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kTLSProtocol11,
+                                           true);
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kTLSProtocol12,
+                                           true);
+        break;
+      case CURL_SSLVERSION_TLSv1:
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kTLSProtocol1,
+                                           true);
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kTLSProtocol11,
+                                           true);
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kTLSProtocol12,
+                                           true);
+        break;
+      case CURL_SSLVERSION_TLSv1_0:
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kTLSProtocol1,
+                                           true);
+        break;
+      case CURL_SSLVERSION_TLSv1_1:
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kTLSProtocol11,
+                                           true);
+        break;
+      case CURL_SSLVERSION_TLSv1_2:
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kTLSProtocol12,
+                                           true);
+        break;
+      case CURL_SSLVERSION_SSLv3:
+        (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kSSLProtocol3,
+                                           true);
+        break;
+      case CURL_SSLVERSION_SSLv2:
+        err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                           kSSLProtocol2,
+                                           true);
+        if(err != noErr) {
+          failf(data, "Your version of the OS does not support SSLv2");
+          return CURLE_SSL_CONNECT_ERROR;
+        }
+        break;
+    }
+#endif  /* CURL_SUPPORT_MAC_10_8 */
+  }
+#else
+  (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false);
+  switch(data->set.ssl.version) {
+    default:
+    case CURL_SSLVERSION_DEFAULT:
+      (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kSSLProtocol3,
+                                         true);
+      (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kTLSProtocol1,
+                                         true);
+      break;
+    case CURL_SSLVERSION_TLSv1:
+    case CURL_SSLVERSION_TLSv1_0:
+      (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kTLSProtocol1,
+                                         true);
+      break;
+    case CURL_SSLVERSION_TLSv1_1:
+      failf(data, "Your version of the OS does not support TLSv1.1");
+      return CURLE_SSL_CONNECT_ERROR;
+    case CURL_SSLVERSION_TLSv1_2:
+      failf(data, "Your version of the OS does not support TLSv1.2");
+      return CURLE_SSL_CONNECT_ERROR;
+    case CURL_SSLVERSION_SSLv2:
+      err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kSSLProtocol2,
+                                         true);
+      if(err != noErr) {
+        failf(data, "Your version of the OS does not support SSLv2");
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      break;
+    case CURL_SSLVERSION_SSLv3:
+      (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kSSLProtocol3,
+                                         true);
+      break;
+  }
+#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
+
+  if(data->set.str[STRING_KEY]) {
+    infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
+                "Transport. The private key must be in the Keychain.\n");
+  }
+
+  if(data->set.str[STRING_CERT]) {
+    SecIdentityRef cert_and_key = NULL;
+    bool is_cert_file = is_file(data->set.str[STRING_CERT]);
+
+    /* User wants to authenticate with a client cert. Look for it:
+       If we detect that this is a file on disk, then let's load it.
+       Otherwise, assume that the user wants to use an identity loaded
+       from the Keychain. */
+    if(is_cert_file) {
+      if(!data->set.str[STRING_CERT_TYPE])
+        infof(data, "WARNING: SSL: Certificate type not set, assuming "
+                    "PKCS#12 format.\n");
+      else if(strncmp(data->set.str[STRING_CERT_TYPE], "P12",
+        strlen(data->set.str[STRING_CERT_TYPE])) != 0)
+        infof(data, "WARNING: SSL: The Security framework only supports "
+                    "loading identities that are in PKCS#12 format.\n");
+
+      err = CopyIdentityFromPKCS12File(data->set.str[STRING_CERT],
+        data->set.str[STRING_KEY_PASSWD], &cert_and_key);
+    }
+    else
+      err = CopyIdentityWithLabel(data->set.str[STRING_CERT], &cert_and_key);
+
+    if(err == noErr) {
+      SecCertificateRef cert = NULL;
+      CFTypeRef certs_c[1];
+      CFArrayRef certs;
+
+      /* If we found one, print it out: */
+      err = SecIdentityCopyCertificate(cert_and_key, &cert);
+      if(err == noErr) {
+        CFStringRef cert_summary = CopyCertSubject(cert);
+        char cert_summary_c[128];
+
+        if(cert_summary) {
+          memset(cert_summary_c, 0, 128);
+          if(CFStringGetCString(cert_summary,
+                                cert_summary_c,
+                                128,
+                                kCFStringEncodingUTF8)) {
+            infof(data, "Client certificate: %s\n", cert_summary_c);
+          }
+          CFRelease(cert_summary);
+          CFRelease(cert);
+        }
+      }
+      certs_c[0] = cert_and_key;
+      certs = CFArrayCreate(NULL, (const void **)certs_c, 1L,
+                            &kCFTypeArrayCallBacks);
+      err = SSLSetCertificate(connssl->ssl_ctx, certs);
+      if(certs)
+        CFRelease(certs);
+      if(err != noErr) {
+        failf(data, "SSL: SSLSetCertificate() failed: OSStatus %d", err);
+        return CURLE_SSL_CERTPROBLEM;
+      }
+      CFRelease(cert_and_key);
+    }
+    else {
+      switch(err) {
+        case errSecAuthFailed: case -25264: /* errSecPkcs12VerifyFailure */
+          failf(data, "SSL: Incorrect password for the certificate \"%s\" "
+                      "and its private key.", data->set.str[STRING_CERT]);
+          break;
+        case -26275: /* errSecDecode */ case -25257: /* errSecUnknownFormat */
+          failf(data, "SSL: Couldn't make sense of the data in the "
+                      "certificate \"%s\" and its private key.",
+                      data->set.str[STRING_CERT]);
+          break;
+        case -25260: /* errSecPassphraseRequired */
+          failf(data, "SSL The certificate \"%s\" requires a password.",
+                      data->set.str[STRING_CERT]);
+          break;
+        case errSecItemNotFound:
+          failf(data, "SSL: Can't find the certificate \"%s\" and its private "
+                      "key in the Keychain.", data->set.str[STRING_CERT]);
+          break;
+        default:
+          failf(data, "SSL: Can't load the certificate \"%s\" and its private "
+                      "key: OSStatus %d", data->set.str[STRING_CERT], err);
+          break;
+      }
+      return CURLE_SSL_CERTPROBLEM;
+    }
+  }
+
+  /* SSL always tries to verify the peer, this only says whether it should
+   * fail to connect if the verification fails, or if it should continue
+   * anyway. In the latter case the result of the verification is checked with
+   * SSL_get_verify_result() below. */
+#if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
+  /* Snow Leopard introduced the SSLSetSessionOption() function, but due to
+     a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag
+     works, it doesn't work as expected under Snow Leopard or Lion.
+     So we need to call SSLSetEnableCertVerify() on those older cats in order
+     to disable certificate validation if the user turned that off.
+     (SecureTransport will always validate the certificate chain by
+     default.) */
+  /* (Note: Darwin 12.x.x is Mountain Lion.) */
+#if CURL_BUILD_MAC
+  if(SSLSetSessionOption != NULL && darwinver_maj >= 12) {
+#else
+  if(SSLSetSessionOption != NULL) {
+#endif /* CURL_BUILD_MAC */
+    bool break_on_auth = !data->set.ssl.verifypeer ||
+      data->set.str[STRING_SSL_CAFILE];
+    err = SSLSetSessionOption(connssl->ssl_ctx,
+                              kSSLSessionOptionBreakOnServerAuth,
+                              break_on_auth);
+    if(err != noErr) {
+      failf(data, "SSL: SSLSetSessionOption() failed: OSStatus %d", err);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+  else {
+#if CURL_SUPPORT_MAC_10_8
+    err = SSLSetEnableCertVerify(connssl->ssl_ctx,
+                                 data->set.ssl.verifypeer?true:false);
+    if(err != noErr) {
+      failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+#endif /* CURL_SUPPORT_MAC_10_8 */
+  }
+#else
+  err = SSLSetEnableCertVerify(connssl->ssl_ctx,
+                               data->set.ssl.verifypeer?true:false);
+  if(err != noErr) {
+    failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+#endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
+
+  if(data->set.str[STRING_SSL_CAFILE]) {
+    bool is_cert_file = is_file(data->set.str[STRING_SSL_CAFILE]);
+
+    if(!is_cert_file) {
+      failf(data, "SSL: can't load CA certificate file %s",
+            data->set.str[STRING_SSL_CAFILE]);
+      return CURLE_SSL_CACERT_BADFILE;
+    }
+    if(!data->set.ssl.verifypeer) {
+      failf(data, "SSL: CA certificate set, but certificate verification "
+            "is disabled");
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+
+  /* Configure hostname check. SNI is used if available.
+   * Both hostname check and SNI require SSLSetPeerDomainName().
+   * Also: the verifyhost setting influences SNI usage */
+  if(data->set.ssl.verifyhost) {
+    err = SSLSetPeerDomainName(connssl->ssl_ctx, conn->host.name,
+    strlen(conn->host.name));
+
+    if(err != noErr) {
+      infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d\n",
+            err);
+    }
+
+    if((Curl_inet_pton(AF_INET, conn->host.name, &addr))
+  #ifdef ENABLE_IPV6
+    || (Curl_inet_pton(AF_INET6, conn->host.name, &addr))
+  #endif
+       ) {
+         infof(data, "WARNING: using IP address, SNI is being disabled by "
+         "the OS.\n");
+    }
+  }
+
+  /* Disable cipher suites that ST supports but are not safe. These ciphers
+     are unlikely to be used in any case since ST gives other ciphers a much
+     higher priority, but it's probably better that we not connect at all than
+     to give the user a false sense of security if the server only supports
+     insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */
+  (void)SSLGetNumberSupportedCiphers(connssl->ssl_ctx, &all_ciphers_count);
+  all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
+  allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
+  if(all_ciphers && allowed_ciphers &&
+     SSLGetSupportedCiphers(connssl->ssl_ctx, all_ciphers,
+       &all_ciphers_count) == noErr) {
+    for(i = 0UL ; i < all_ciphers_count ; i++) {
+#if CURL_BUILD_MAC
+     /* There's a known bug in early versions of Mountain Lion where ST's ECC
+        ciphers (cipher suite 0xC001 through 0xC032) simply do not work.
+        Work around the problem here by disabling those ciphers if we are
+        running in an affected version of OS X. */
+      if(darwinver_maj == 12 && darwinver_min <= 3 &&
+         all_ciphers[i] >= 0xC001 && all_ciphers[i] <= 0xC032) {
+           continue;
+      }
+#endif /* CURL_BUILD_MAC */
+      switch(all_ciphers[i]) {
+        /* Disable NULL ciphersuites: */
+        case SSL_NULL_WITH_NULL_NULL:
+        case SSL_RSA_WITH_NULL_MD5:
+        case SSL_RSA_WITH_NULL_SHA:
+        case 0x003B: /* TLS_RSA_WITH_NULL_SHA256 */
+        case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
+        case 0xC001: /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
+        case 0xC006: /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
+        case 0xC00B: /* TLS_ECDH_RSA_WITH_NULL_SHA */
+        case 0xC010: /* TLS_ECDHE_RSA_WITH_NULL_SHA */
+        case 0x002C: /* TLS_PSK_WITH_NULL_SHA */
+        case 0x002D: /* TLS_DHE_PSK_WITH_NULL_SHA */
+        case 0x002E: /* TLS_RSA_PSK_WITH_NULL_SHA */
+        case 0x00B0: /* TLS_PSK_WITH_NULL_SHA256 */
+        case 0x00B1: /* TLS_PSK_WITH_NULL_SHA384 */
+        case 0x00B4: /* TLS_DHE_PSK_WITH_NULL_SHA256 */
+        case 0x00B5: /* TLS_DHE_PSK_WITH_NULL_SHA384 */
+        case 0x00B8: /* TLS_RSA_PSK_WITH_NULL_SHA256 */
+        case 0x00B9: /* TLS_RSA_PSK_WITH_NULL_SHA384 */
+        /* Disable anonymous ciphersuites: */
+        case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
+        case SSL_DH_anon_WITH_RC4_128_MD5:
+        case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DH_anon_WITH_DES_CBC_SHA:
+        case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
+        case TLS_DH_anon_WITH_AES_128_CBC_SHA:
+        case TLS_DH_anon_WITH_AES_256_CBC_SHA:
+        case 0xC015: /* TLS_ECDH_anon_WITH_NULL_SHA */
+        case 0xC016: /* TLS_ECDH_anon_WITH_RC4_128_SHA */
+        case 0xC017: /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
+        case 0xC018: /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
+        case 0xC019: /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
+        case 0x006C: /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
+        case 0x006D: /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
+        case 0x00A6: /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
+        case 0x00A7: /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
+        /* Disable weak key ciphersuites: */
+        case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
+        case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+        case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_RSA_WITH_DES_CBC_SHA:
+        case SSL_DH_DSS_WITH_DES_CBC_SHA:
+        case SSL_DH_RSA_WITH_DES_CBC_SHA:
+        case SSL_DHE_DSS_WITH_DES_CBC_SHA:
+        case SSL_DHE_RSA_WITH_DES_CBC_SHA:
+        /* Disable IDEA: */
+        case SSL_RSA_WITH_IDEA_CBC_SHA:
+        case SSL_RSA_WITH_IDEA_CBC_MD5:
+          break;
+        default: /* enable everything else */
+          allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
+          break;
+      }
+    }
+    err = SSLSetEnabledCiphers(connssl->ssl_ctx, allowed_ciphers,
+                               allowed_ciphers_count);
+    if(err != noErr) {
+      failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+  else {
+    Curl_safefree(all_ciphers);
+    Curl_safefree(allowed_ciphers);
+    failf(data, "SSL: Failed to allocate memory for allowed ciphers");
+    return CURLE_OUT_OF_MEMORY;
+  }
+  Curl_safefree(all_ciphers);
+  Curl_safefree(allowed_ciphers);
+
+#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
+  /* We want to enable 1/n-1 when using a CBC cipher unless the user
+     specifically doesn't want us doing that: */
+  if(SSLSetSessionOption != NULL)
+    SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
+                      !data->set.ssl_enable_beast);
+#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
+
+  /* Check if there's a cached ID we can/should use here! */
+  if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
+    &ssl_sessionid_len)) {
+    /* we got a session id, use it! */
+    err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
+    if(err != noErr) {
+      failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+    /* Informational message */
+    infof(data, "SSL re-using session ID\n");
+  }
+  /* If there isn't one, then let's make one up! This has to be done prior
+     to starting the handshake. */
+  else {
+    CURLcode retcode;
+
+    ssl_sessionid = malloc(256*sizeof(char));
+    ssl_sessionid_len = snprintf(ssl_sessionid, 256, "curl:%s:%hu",
+      conn->host.name, conn->remote_port);
+    err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
+    if(err != noErr) {
+      failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+    retcode = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len);
+    if(retcode!= CURLE_OK) {
+      failf(data, "failed to store ssl session");
+      return retcode;
+    }
+  }
+
+  err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite);
+  if(err != noErr) {
+    failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* pass the raw socket into the SSL layers */
+  /* We need to store the FD in a constant memory address, because
+   * SSLSetConnection() will not copy that address. I've found that
+   * conn->sock[sockindex] may change on its own. */
+  connssl->ssl_sockfd = sockfd;
+  err = SSLSetConnection(connssl->ssl_ctx, connssl);
+  if(err != noErr) {
+    failf(data, "SSL: SSLSetConnection() failed: %d", err);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  connssl->connecting_state = ssl_connect_2;
+  return CURLE_OK;
+}
+
+static long pem_to_der(const char *in, unsigned char **out, size_t *outlen)
+{
+  char *sep_start, *sep_end, *cert_start, *cert_end;
+  size_t i, j, err;
+  size_t len;
+  unsigned char *b64;
+
+  /* Jump through the separators at the beginning of the certificate. */
+  sep_start = strstr(in, "-----");
+  if(sep_start == NULL)
+    return 0;
+  cert_start = strstr(sep_start + 1, "-----");
+  if(cert_start == NULL)
+    return -1;
+
+  cert_start += 5;
+
+  /* Find separator after the end of the certificate. */
+  cert_end = strstr(cert_start, "-----");
+  if(cert_end == NULL)
+    return -1;
+
+  sep_end = strstr(cert_end + 1, "-----");
+  if(sep_end == NULL)
+    return -1;
+  sep_end += 5;
+
+  len = cert_end - cert_start;
+  b64 = malloc(len + 1);
+  if(!b64)
+    return -1;
+
+  /* Create base64 string without linefeeds. */
+  for(i = 0, j = 0; i < len; i++) {
+    if(cert_start[i] != '\r' && cert_start[i] != '\n')
+      b64[j++] = cert_start[i];
+  }
+  b64[j] = '\0';
+
+  err = Curl_base64_decode((const char *)b64, out, outlen);
+  free(b64);
+  if(err) {
+    free(*out);
+    return -1;
+  }
+
+  return sep_end - in;
+}
+
+static int read_cert(const char *file, unsigned char **out, size_t *outlen)
+{
+  int fd;
+  ssize_t n, len = 0, cap = 512;
+  unsigned char buf[cap], *data;
+
+  fd = open(file, 0);
+  if(fd < 0)
+    return -1;
+
+  data = malloc(cap);
+  if(!data) {
+    close(fd);
+    return -1;
+  }
+
+  for(;;) {
+    n = read(fd, buf, sizeof(buf));
+    if(n < 0) {
+      close(fd);
+      free(data);
+      return -1;
+    }
+    else if(n == 0) {
+      close(fd);
+      break;
+    }
+
+    if(len + n >= cap) {
+      cap *= 2;
+      data = realloc(data, cap);
+      if(!data) {
+        close(fd);
+        return -1;
+      }
+    }
+
+    memcpy(data + len, buf, n);
+    len += n;
+  }
+  data[len] = '\0';
+
+  *out = data;
+  *outlen = len;
+
+  return 0;
+}
+
+static int sslerr_to_curlerr(struct SessionHandle *data, int err)
+{
+  switch(err) {
+    case errSSLXCertChainInvalid:
+      failf(data, "SSL certificate problem: Invalid certificate chain");
+      return CURLE_SSL_CACERT;
+    case errSSLUnknownRootCert:
+      failf(data, "SSL certificate problem: Untrusted root certificate");
+      return CURLE_SSL_CACERT;
+    case errSSLNoRootCert:
+      failf(data, "SSL certificate problem: No root certificate");
+      return CURLE_SSL_CACERT;
+    case errSSLCertExpired:
+      failf(data, "SSL certificate problem: Certificate chain had an "
+            "expired certificate");
+      return CURLE_SSL_CACERT;
+    case errSSLBadCert:
+      failf(data, "SSL certificate problem: Couldn't understand the server "
+            "certificate format");
+      return CURLE_SSL_CONNECT_ERROR;
+    case errSSLHostNameMismatch:
+      failf(data, "SSL certificate peer hostname mismatch");
+      return CURLE_PEER_FAILED_VERIFICATION;
+    default:
+      failf(data, "SSL unexpected certificate error %d", err);
+      return CURLE_SSL_CACERT;
+  }
+}
+
+static int append_cert_to_array(struct SessionHandle *data,
+                                unsigned char *buf, size_t buflen,
+                                CFMutableArrayRef array)
+{
+    CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
+    if(!certdata) {
+      failf(data, "SSL: failed to allocate array for CA certificate");
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    SecCertificateRef cacert =
+      SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
+    CFRelease(certdata);
+    if(!cacert) {
+      failf(data, "SSL: failed to create SecCertificate from CA certificate");
+      return CURLE_SSL_CACERT;
+    }
+
+    /* Check if cacert is valid. */
+    CFStringRef subject = CopyCertSubject(cacert);
+    if(subject) {
+      char subject_cbuf[128];
+      memset(subject_cbuf, 0, 128);
+      if(!CFStringGetCString(subject,
+                            subject_cbuf,
+                            128,
+                            kCFStringEncodingUTF8)) {
+        CFRelease(cacert);
+        failf(data, "SSL: invalid CA certificate subject");
+        return CURLE_SSL_CACERT;
+      }
+      CFRelease(subject);
+    }
+    else {
+      CFRelease(cacert);
+      failf(data, "SSL: invalid CA certificate");
+      return CURLE_SSL_CACERT;
+    }
+
+    CFArrayAppendValue(array, cacert);
+    CFRelease(cacert);
+
+    return CURLE_OK;
+}
+
+static int verify_cert(const char *cafile, struct SessionHandle *data,
+                       SSLContextRef ctx)
+{
+  int n = 0, rc;
+  long res;
+  unsigned char *certbuf, *der;
+  size_t buflen, derlen, offset = 0;
+
+  if(read_cert(cafile, &certbuf, &buflen) < 0) {
+    failf(data, "SSL: failed to read or invalid CA certificate");
+    return CURLE_SSL_CACERT;
+  }
+
+  /*
+   * Certbuf now contains the contents of the certificate file, which can be
+   * - a single DER certificate,
+   * - a single PEM certificate or
+   * - a bunch of PEM certificates (certificate bundle).
+   *
+   * Go through certbuf, and convert any PEM certificate in it into DER
+   * format.
+   */
+  CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, 0,
+                                                 &kCFTypeArrayCallBacks);
+  if(array == NULL) {
+    free(certbuf);
+    failf(data, "SSL: out of memory creating CA certificate array");
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  while(offset < buflen) {
+    n++;
+
+    /*
+     * Check if the certificate is in PEM format, and convert it to DER. If
+     * this fails, we assume the certificate is in DER format.
+     */
+    res = pem_to_der((const char *)certbuf + offset, &der, &derlen);
+    if(res < 0) {
+      free(certbuf);
+      CFRelease(array);
+      failf(data, "SSL: invalid CA certificate #%d (offset %d) in bundle",
+            n, offset);
+      return CURLE_SSL_CACERT;
+    }
+    offset += res;
+
+    if(res == 0 && offset == 0) {
+      /* This is not a PEM file, probably a certificate in DER format. */
+      rc = append_cert_to_array(data, certbuf, buflen, array);
+      free(certbuf);
+      if(rc != CURLE_OK) {
+        CFRelease(array);
+        return rc;
+      }
+      break;
+    }
+    else if(res == 0) {
+      /* No more certificates in the bundle. */
+      free(certbuf);
+      break;
+    }
+
+    rc = append_cert_to_array(data, der, derlen, array);
+    free(der);
+    if(rc != CURLE_OK) {
+      free(certbuf);
+      CFRelease(array);
+      return rc;
+    }
+  }
+
+  SecTrustRef trust;
+  OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
+  if(trust == NULL) {
+    failf(data, "SSL: error getting certificate chain");
+    CFRelease(array);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  else if(ret != noErr) {
+    CFRelease(array);
+    return sslerr_to_curlerr(data, ret);
+  }
+
+  ret = SecTrustSetAnchorCertificates(trust, array);
+  if(ret != noErr) {
+    CFRelease(trust);
+    return sslerr_to_curlerr(data, ret);
+  }
+  ret = SecTrustSetAnchorCertificatesOnly(trust, true);
+  if(ret != noErr) {
+    CFRelease(trust);
+    return sslerr_to_curlerr(data, ret);
+  }
+
+  SecTrustResultType trust_eval = 0;
+  ret = SecTrustEvaluate(trust, &trust_eval);
+  CFRelease(array);
+  CFRelease(trust);
+  if(ret != noErr) {
+    return sslerr_to_curlerr(data, ret);
+  }
+
+  switch (trust_eval) {
+    case kSecTrustResultUnspecified:
+    case kSecTrustResultProceed:
+      return CURLE_OK;
+
+    case kSecTrustResultRecoverableTrustFailure:
+    case kSecTrustResultDeny:
+    default:
+      failf(data, "SSL: certificate verification failed (result: %d)",
+            trust_eval);
+      return CURLE_PEER_FAILED_VERIFICATION;
+  }
+}
+
+static CURLcode
+darwinssl_connect_step2(struct connectdata *conn, int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  OSStatus err;
+  SSLCipherSuite cipher;
+  SSLProtocol protocol = 0;
+
+  DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
+              || ssl_connect_2_reading == connssl->connecting_state
+              || ssl_connect_2_writing == connssl->connecting_state);
+
+  /* Here goes nothing: */
+  err = SSLHandshake(connssl->ssl_ctx);
+
+  if(err != noErr) {
+    switch (err) {
+      case errSSLWouldBlock:  /* they're not done with us yet */
+        connssl->connecting_state = connssl->ssl_direction ?
+            ssl_connect_2_writing : ssl_connect_2_reading;
+        return CURLE_OK;
+
+      /* The below is errSSLServerAuthCompleted; it's not defined in
+        Leopard's headers */
+      case -9841:
+        if(data->set.str[STRING_SSL_CAFILE]) {
+          int res = verify_cert(data->set.str[STRING_SSL_CAFILE], data,
+                                connssl->ssl_ctx);
+          if(res != CURLE_OK)
+            return res;
+        }
+        /* the documentation says we need to call SSLHandshake() again */
+        return darwinssl_connect_step2(conn, sockindex);
+
+      /* These are all certificate problems with the server: */
+      case errSSLXCertChainInvalid:
+        failf(data, "SSL certificate problem: Invalid certificate chain");
+        return CURLE_SSL_CACERT;
+      case errSSLUnknownRootCert:
+        failf(data, "SSL certificate problem: Untrusted root certificate");
+        return CURLE_SSL_CACERT;
+      case errSSLNoRootCert:
+        failf(data, "SSL certificate problem: No root certificate");
+        return CURLE_SSL_CACERT;
+      case errSSLCertExpired:
+        failf(data, "SSL certificate problem: Certificate chain had an "
+              "expired certificate");
+        return CURLE_SSL_CACERT;
+      case errSSLBadCert:
+        failf(data, "SSL certificate problem: Couldn't understand the server "
+              "certificate format");
+        return CURLE_SSL_CONNECT_ERROR;
+
+      /* These are all certificate problems with the client: */
+      case errSecAuthFailed:
+        failf(data, "SSL authentication failed");
+        return CURLE_SSL_CONNECT_ERROR;
+      case errSSLPeerHandshakeFail:
+        failf(data, "SSL peer handshake failed, the server most likely "
+              "requires a client certificate to connect");
+        return CURLE_SSL_CONNECT_ERROR;
+      case errSSLPeerUnknownCA:
+        failf(data, "SSL server rejected the client certificate due to "
+              "the certificate being signed by an unknown certificate "
+              "authority");
+        return CURLE_SSL_CONNECT_ERROR;
+
+      /* This error is raised if the server's cert didn't match the server's
+         host name: */
+      case errSSLHostNameMismatch:
+        failf(data, "SSL certificate peer verification failed, the "
+              "certificate did not match \"%s\"\n", conn->host.dispname);
+        return CURLE_PEER_FAILED_VERIFICATION;
+
+      /* Generic handshake errors: */
+      case errSSLConnectionRefused:
+        failf(data, "Server dropped the connection during the SSL handshake");
+        return CURLE_SSL_CONNECT_ERROR;
+      case errSSLClosedAbort:
+        failf(data, "Server aborted the SSL handshake");
+        return CURLE_SSL_CONNECT_ERROR;
+      case errSSLNegotiation:
+        failf(data, "Could not negotiate an SSL cipher suite with the server");
+        return CURLE_SSL_CONNECT_ERROR;
+      /* Sometimes paramErr happens with buggy ciphers: */
+      case paramErr: case errSSLInternal:
+        failf(data, "Internal SSL engine error encountered during the "
+              "SSL handshake");
+        return CURLE_SSL_CONNECT_ERROR;
+      case errSSLFatalAlert:
+        failf(data, "Fatal SSL engine error encountered during the SSL "
+              "handshake");
+        return CURLE_SSL_CONNECT_ERROR;
+      default:
+        failf(data, "Unknown SSL protocol error in connection to %s:%d",
+              conn->host.name, err);
+        return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+  else {
+    /* we have been connected fine, we're not waiting for anything else. */
+    connssl->connecting_state = ssl_connect_3;
+
+    /* Informational message */
+    (void)SSLGetNegotiatedCipher(connssl->ssl_ctx, &cipher);
+    (void)SSLGetNegotiatedProtocolVersion(connssl->ssl_ctx, &protocol);
+    switch (protocol) {
+      case kSSLProtocol2:
+        infof(data, "SSL 2.0 connection using %s\n",
+              SSLCipherNameForNumber(cipher));
+        break;
+      case kSSLProtocol3:
+        infof(data, "SSL 3.0 connection using %s\n",
+              SSLCipherNameForNumber(cipher));
+        break;
+      case kTLSProtocol1:
+        infof(data, "TLS 1.0 connection using %s\n",
+              TLSCipherNameForNumber(cipher));
+        break;
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
+      case kTLSProtocol11:
+        infof(data, "TLS 1.1 connection using %s\n",
+              TLSCipherNameForNumber(cipher));
+        break;
+      case kTLSProtocol12:
+        infof(data, "TLS 1.2 connection using %s\n",
+              TLSCipherNameForNumber(cipher));
+        break;
+#endif
+      default:
+        infof(data, "Unknown protocol connection\n");
+        break;
+    }
+
+    return CURLE_OK;
+  }
+}
+
+static CURLcode
+darwinssl_connect_step3(struct connectdata *conn,
+                        int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  CFStringRef server_cert_summary;
+  char server_cert_summary_c[128];
+  CFArrayRef server_certs = NULL;
+  SecCertificateRef server_cert;
+  OSStatus err;
+  CFIndex i, count;
+  SecTrustRef trust = NULL;
+
+  /* There is no step 3!
+   * Well, okay, if verbose mode is on, let's print the details of the
+   * server certificates. */
+#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
+#if CURL_BUILD_IOS
+#pragma unused(server_certs)
+  err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
+  /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
+     a null trust, so be on guard for that: */
+  if(err == noErr && trust) {
+    count = SecTrustGetCertificateCount(trust);
+    for(i = 0L ; i < count ; i++) {
+      server_cert = SecTrustGetCertificateAtIndex(trust, i);
+      server_cert_summary = CopyCertSubject(server_cert);
+      memset(server_cert_summary_c, 0, 128);
+      if(CFStringGetCString(server_cert_summary,
+                            server_cert_summary_c,
+                            128,
+                            kCFStringEncodingUTF8)) {
+        infof(data, "Server certificate: %s\n", server_cert_summary_c);
+      }
+      CFRelease(server_cert_summary);
+    }
+    CFRelease(trust);
+  }
+#else
+  /* SSLCopyPeerCertificates() is deprecated as of Mountain Lion.
+     The function SecTrustGetCertificateAtIndex() is officially present
+     in Lion, but it is unfortunately also present in Snow Leopard as
+     private API and doesn't work as expected. So we have to look for
+     a different symbol to make sure this code is only executed under
+     Lion or later. */
+  if(SecTrustEvaluateAsync != NULL) {
+#pragma unused(server_certs)
+    err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
+    /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
+       a null trust, so be on guard for that: */
+    if(err == noErr && trust) {
+      count = SecTrustGetCertificateCount(trust);
+      for(i = 0L ; i < count ; i++) {
+        server_cert = SecTrustGetCertificateAtIndex(trust, i);
+        server_cert_summary = CopyCertSubject(server_cert);
+        memset(server_cert_summary_c, 0, 128);
+        if(CFStringGetCString(server_cert_summary,
+                              server_cert_summary_c,
+                              128,
+                              kCFStringEncodingUTF8)) {
+          infof(data, "Server certificate: %s\n", server_cert_summary_c);
+        }
+        CFRelease(server_cert_summary);
+      }
+      CFRelease(trust);
+    }
+  }
+  else {
+#if CURL_SUPPORT_MAC_10_8
+    err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
+    /* Just in case SSLCopyPeerCertificates() returns null too... */
+    if(err == noErr && server_certs) {
+      count = CFArrayGetCount(server_certs);
+      for(i = 0L ; i < count ; i++) {
+        server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
+                                                                i);
+
+        server_cert_summary = CopyCertSubject(server_cert);
+        memset(server_cert_summary_c, 0, 128);
+        if(CFStringGetCString(server_cert_summary,
+                              server_cert_summary_c,
+                              128,
+                              kCFStringEncodingUTF8)) {
+          infof(data, "Server certificate: %s\n", server_cert_summary_c);
+        }
+        CFRelease(server_cert_summary);
+      }
+      CFRelease(server_certs);
+    }
+#endif /* CURL_SUPPORT_MAC_10_8 */
+  }
+#endif /* CURL_BUILD_IOS */
+#else
+#pragma unused(trust)
+  err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
+  if(err == noErr) {
+    count = CFArrayGetCount(server_certs);
+    for(i = 0L ; i < count ; i++) {
+      server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
+      server_cert_summary = CopyCertSubject(server_cert);
+      memset(server_cert_summary_c, 0, 128);
+      if(CFStringGetCString(server_cert_summary,
+                            server_cert_summary_c,
+                            128,
+                            kCFStringEncodingUTF8)) {
+        infof(data, "Server certificate: %s\n", server_cert_summary_c);
+      }
+      CFRelease(server_cert_summary);
+    }
+    CFRelease(server_certs);
+  }
+#endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
+
+  connssl->connecting_state = ssl_connect_done;
+  return CURLE_OK;
+}
+
+static Curl_recv darwinssl_recv;
+static Curl_send darwinssl_send;
+
+static CURLcode
+darwinssl_connect_common(struct connectdata *conn,
+                         int sockindex,
+                         bool nonblocking,
+                         bool *done)
+{
+  CURLcode retcode;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  curl_socket_t sockfd = conn->sock[sockindex];
+  long timeout_ms;
+  int what;
+
+  /* check if the connection has already been established */
+  if(ssl_connection_complete == connssl->state) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  if(ssl_connect_1==connssl->connecting_state) {
+    /* Find out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+    retcode = darwinssl_connect_step1(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  while(ssl_connect_2 == connssl->connecting_state ||
+        ssl_connect_2_reading == connssl->connecting_state ||
+        ssl_connect_2_writing == connssl->connecting_state) {
+
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+    /* if ssl is expecting something, check if it's available. */
+    if(connssl->connecting_state == ssl_connect_2_reading
+       || connssl->connecting_state == ssl_connect_2_writing) {
+
+      curl_socket_t writefd = ssl_connect_2_writing ==
+      connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+      curl_socket_t readfd = ssl_connect_2_reading ==
+      connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+      what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
+      if(what < 0) {
+        /* fatal error */
+        failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      else if(0 == what) {
+        if(nonblocking) {
+          *done = FALSE;
+          return CURLE_OK;
+        }
+        else {
+          /* timeout */
+          failf(data, "SSL connection timeout");
+          return CURLE_OPERATION_TIMEDOUT;
+        }
+      }
+      /* socket is readable or writable */
+    }
+
+    /* Run transaction, and return to the caller if it failed or if this
+     * connection is done nonblocking and this loop would execute again. This
+     * permits the owner of a multi handle to abort a connection attempt
+     * before step2 has completed while ensuring that a client using select()
+     * or epoll() will always have a valid fdset to wait on.
+     */
+    retcode = darwinssl_connect_step2(conn, sockindex);
+    if(retcode || (nonblocking &&
+                   (ssl_connect_2 == connssl->connecting_state ||
+                    ssl_connect_2_reading == connssl->connecting_state ||
+                    ssl_connect_2_writing == connssl->connecting_state)))
+      return retcode;
+
+  } /* repeat step2 until all transactions are done. */
+
+
+  if(ssl_connect_3==connssl->connecting_state) {
+    retcode = darwinssl_connect_step3(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  if(ssl_connect_done==connssl->connecting_state) {
+    connssl->state = ssl_connection_complete;
+    conn->recv[sockindex] = darwinssl_recv;
+    conn->send[sockindex] = darwinssl_send;
+    *done = TRUE;
+  }
+  else
+    *done = FALSE;
+
+  /* Reset our connect state machine */
+  connssl->connecting_state = ssl_connect_1;
+
+  return CURLE_OK;
+}
+
+CURLcode
+Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
+                                   int sockindex,
+                                   bool *done)
+{
+  return darwinssl_connect_common(conn, sockindex, TRUE, done);
+}
+
+CURLcode
+Curl_darwinssl_connect(struct connectdata *conn,
+                       int sockindex)
+{
+  CURLcode retcode;
+  bool done = FALSE;
+
+  retcode = darwinssl_connect_common(conn, sockindex, FALSE, &done);
+
+  if(retcode)
+    return retcode;
+
+  DEBUGASSERT(done);
+
+  return CURLE_OK;
+}
+
+void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  if(connssl->ssl_ctx) {
+    (void)SSLClose(connssl->ssl_ctx);
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
+    if(SSLCreateContext != NULL)
+      CFRelease(connssl->ssl_ctx);
+#if CURL_SUPPORT_MAC_10_8
+    else
+      (void)SSLDisposeContext(connssl->ssl_ctx);
+#endif  /* CURL_SUPPORT_MAC_10_8 */
+#else
+    (void)SSLDisposeContext(connssl->ssl_ctx);
+#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
+    connssl->ssl_ctx = NULL;
+  }
+  connssl->ssl_sockfd = 0;
+}
+
+void Curl_darwinssl_close_all(struct SessionHandle *data)
+{
+  /* SecureTransport doesn't separate sessions from contexts, so... */
+  (void)data;
+}
+
+int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  ssize_t nread;
+  int what;
+  int rc;
+  char buf[120];
+
+  if(!connssl->ssl_ctx)
+    return 0;
+
+  if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
+    return 0;
+
+  Curl_darwinssl_close(conn, sockindex);
+
+  rc = 0;
+
+  what = Curl_socket_ready(conn->sock[sockindex],
+                           CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+
+  for(;;) {
+    if(what < 0) {
+      /* anything that gets here is fatally bad */
+      failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+      rc = -1;
+      break;
+    }
+
+    if(!what) {                                /* timeout */
+      failf(data, "SSL shutdown timeout");
+      break;
+    }
+
+    /* Something to read, let's do it and hope that it is the close
+     notify alert from the server. No way to SSL_Read now, so use read(). */
+
+    nread = read(conn->sock[sockindex], buf, sizeof(buf));
+
+    if(nread < 0) {
+      failf(data, "read: %s", strerror(errno));
+      rc = -1;
+    }
+
+    if(nread <= 0)
+      break;
+
+    what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
+  }
+
+  return rc;
+}
+
+void Curl_darwinssl_session_free(void *ptr)
+{
+  /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
+     cached session ID inside the Security framework. There is a private
+     function that does this, but I don't want to have to explain to you why I
+     got your application rejected from the App Store due to the use of a
+     private API, so the best we can do is free up our own char array that we
+     created way back in darwinssl_connect_step1... */
+  Curl_safefree(ptr);
+}
+
+size_t Curl_darwinssl_version(char *buffer, size_t size)
+{
+  return snprintf(buffer, size, "SecureTransport");
+}
+
+/*
+ * This function uses SSLGetSessionState to determine connection status.
+ *
+ * Return codes:
+ *     1 means the connection is still in place
+ *     0 means the connection has been closed
+ *    -1 means the connection status is unknown
+ */
+int Curl_darwinssl_check_cxn(struct connectdata *conn)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
+  OSStatus err;
+  SSLSessionState state;
+
+  if(connssl->ssl_ctx) {
+    err = SSLGetSessionState(connssl->ssl_ctx, &state);
+    if(err == noErr)
+      return state == kSSLConnected || state == kSSLHandshake;
+    return -1;
+  }
+  return 0;
+}
+
+bool Curl_darwinssl_data_pending(const struct connectdata *conn,
+                                 int connindex)
+{
+  const struct ssl_connect_data *connssl = &conn->ssl[connindex];
+  OSStatus err;
+  size_t buffer;
+
+  if(connssl->ssl_ctx) {  /* SSL is in use */
+    err = SSLGetBufferedReadSize(connssl->ssl_ctx, &buffer);
+    if(err == noErr)
+      return buffer > 0UL;
+    return false;
+  }
+  else
+    return false;
+}
+
+int Curl_darwinssl_random(unsigned char *entropy,
+                          size_t length)
+{
+  /* arc4random_buf() isn't available on cats older than Lion, so let's
+     do this manually for the benefit of the older cats. */
+  size_t i;
+  u_int32_t random_number = 0;
+
+  for(i = 0 ; i < length ; i++) {
+    if(i % sizeof(u_int32_t) == 0)
+      random_number = arc4random();
+    entropy[i] = random_number & 0xFF;
+    random_number >>= 8;
+  }
+  i = random_number = 0;
+  return 0;
+}
+
+void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
+                           size_t tmplen,
+                           unsigned char *md5sum, /* output */
+                           size_t md5len)
+{
+  (void)md5len;
+  (void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum);
+}
+
+static ssize_t darwinssl_send(struct connectdata *conn,
+                              int sockindex,
+                              const void *mem,
+                              size_t len,
+                              CURLcode *curlcode)
+{
+  /*struct SessionHandle *data = conn->data;*/
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  size_t processed = 0UL;
+  OSStatus err;
+
+  /* The SSLWrite() function works a little differently than expected. The
+     fourth argument (processed) is currently documented in Apple's
+     documentation as: "On return, the length, in bytes, of the data actually
+     written."
+
+     Now, one could interpret that as "written to the socket," but actually,
+     it returns the amount of data that was written to a buffer internal to
+     the SSLContextRef instead. So it's possible for SSLWrite() to return
+     errSSLWouldBlock and a number of bytes "written" because those bytes were
+     encrypted and written to a buffer, not to the socket.
+
+     So if this happens, then we need to keep calling SSLWrite() over and
+     over again with no new data until it quits returning errSSLWouldBlock. */
+
+  /* Do we have buffered data to write from the last time we were called? */
+  if(connssl->ssl_write_buffered_length) {
+    /* Write the buffered data: */
+    err = SSLWrite(connssl->ssl_ctx, NULL, 0UL, &processed);
+    switch (err) {
+      case noErr:
+        /* processed is always going to be 0 because we didn't write to
+           the buffer, so return how much was written to the socket */
+        processed = connssl->ssl_write_buffered_length;
+        connssl->ssl_write_buffered_length = 0UL;
+        break;
+      case errSSLWouldBlock: /* argh, try again */
+        *curlcode = CURLE_AGAIN;
+        return -1L;
+      default:
+        failf(conn->data, "SSLWrite() returned error %d", err);
+        *curlcode = CURLE_SEND_ERROR;
+        return -1L;
+    }
+  }
+  else {
+    /* We've got new data to write: */
+    err = SSLWrite(connssl->ssl_ctx, mem, len, &processed);
+    if(err != noErr) {
+      switch (err) {
+        case errSSLWouldBlock:
+          /* Data was buffered but not sent, we have to tell the caller
+             to try sending again, and remember how much was buffered */
+          connssl->ssl_write_buffered_length = len;
+          *curlcode = CURLE_AGAIN;
+          return -1L;
+        default:
+          failf(conn->data, "SSLWrite() returned error %d", err);
+          *curlcode = CURLE_SEND_ERROR;
+          return -1L;
+      }
+    }
+  }
+  return (ssize_t)processed;
+}
+
+static ssize_t darwinssl_recv(struct connectdata *conn,
+                              int num,
+                              char *buf,
+                              size_t buffersize,
+                              CURLcode *curlcode)
+{
+  /*struct SessionHandle *data = conn->data;*/
+  struct ssl_connect_data *connssl = &conn->ssl[num];
+  size_t processed = 0UL;
+  OSStatus err = SSLRead(connssl->ssl_ctx, buf, buffersize, &processed);
+
+  if(err != noErr) {
+    switch (err) {
+      case errSSLWouldBlock:  /* return how much we read (if anything) */
+        if(processed)
+          return (ssize_t)processed;
+        *curlcode = CURLE_AGAIN;
+        return -1L;
+        break;
+
+      /* errSSLClosedGraceful - server gracefully shut down the SSL session
+         errSSLClosedNoNotify - server hung up on us instead of sending a
+           closure alert notice, read() is returning 0
+         Either way, inform the caller that the server disconnected. */
+      case errSSLClosedGraceful:
+      case errSSLClosedNoNotify:
+        *curlcode = CURLE_OK;
+        return -1L;
+        break;
+
+      default:
+        failf(conn->data, "SSLRead() return error %d", err);
+        *curlcode = CURLE_RECV_ERROR;
+        return -1L;
+        break;
+    }
+  }
+  return (ssize_t)processed;
+}
+
+#endif /* USE_DARWINSSL */
diff --git a/Utilities/cmcurl/lib/vtls/curl_darwinssl.h b/Utilities/cmcurl/lib/vtls/curl_darwinssl.h
new file mode 100644
index 0000000..f5c03d8
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/curl_darwinssl.h
@@ -0,0 +1,77 @@
+#ifndef HEADER_CURL_DARWINSSL_H
+#define HEADER_CURL_DARWINSSL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_DARWINSSL
+
+CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex);
+
+CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
+                                            int sockindex,
+                                            bool *done);
+
+/* this function doesn't actually do anything */
+void Curl_darwinssl_close_all(struct SessionHandle *data);
+
+/* close a SSL connection */
+void Curl_darwinssl_close(struct connectdata *conn, int sockindex);
+
+void Curl_darwinssl_session_free(void *ptr);
+size_t Curl_darwinssl_version(char *buffer, size_t size);
+int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex);
+int Curl_darwinssl_check_cxn(struct connectdata *conn);
+bool Curl_darwinssl_data_pending(const struct connectdata *conn,
+                                 int connindex);
+
+int Curl_darwinssl_random(unsigned char *entropy,
+                          size_t length);
+void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
+                           size_t tmplen,
+                           unsigned char *md5sum, /* output */
+                           size_t md5len);
+
+/* this backend provides these functions: */
+#define have_curlssl_md5sum 1
+
+/* API setup for SecureTransport */
+#define curlssl_init() (1)
+#define curlssl_cleanup() Curl_nop_stmt
+#define curlssl_connect Curl_darwinssl_connect
+#define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking
+#define curlssl_session_free(x) Curl_darwinssl_session_free(x)
+#define curlssl_close_all Curl_darwinssl_close_all
+#define curlssl_close Curl_darwinssl_close
+#define curlssl_shutdown(x,y) 0
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_darwinssl_version
+#define curlssl_check_cxn Curl_darwinssl_check_cxn
+#define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y)
+#define curlssl_random(x,y,z) Curl_darwinssl_random(y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d)
+#define CURL_SSL_BACKEND CURLSSLBACKEND_DARWINSSL
+
+#endif /* USE_DARWINSSL */
+#endif /* HEADER_CURL_DARWINSSL_H */
diff --git a/Utilities/cmcurl/lib/vtls/curl_schannel.c b/Utilities/cmcurl/lib/vtls/curl_schannel.c
new file mode 100644
index 0000000..e4e595e
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/curl_schannel.c
@@ -0,0 +1,1346 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2014, Marc Hoersken, <info@marc-hoersken.de>
+ * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com>
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all SChannel-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ *
+ */
+
+/*
+ * Based upon the PolarSSL implementation in polarssl.c and polarssl.h:
+ *   Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ *
+ * Based upon the CyaSSL implementation in cyassl.c and cyassl.h:
+ *   Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * Thanks for code and inspiration!
+ */
+
+/*
+ * TODO list for TLS/SSL implementation:
+ * - implement client certificate authentication
+ * - implement custom server certificate validation
+ * - implement cipher/algorithm option
+ *
+ * Related articles on MSDN:
+ * - Getting a Certificate for Schannel
+ *   http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
+ * - Specifying Schannel Ciphers and Cipher Strengths
+ *   http://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_SCHANNEL
+
+#ifndef USE_WINDOWS_SSPI
+#  error "Can't compile SCHANNEL support without SSPI."
+#endif
+
+#include "curl_sspi.h"
+#include "curl_schannel.h"
+#include "vtls.h"
+#include "sendf.h"
+#include "connect.h" /* for the connect timeout */
+#include "strerror.h"
+#include "select.h" /* for the socket readyness */
+#include "inet_pton.h" /* for IP addr SNI check */
+#include "curl_multibyte.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* Uncomment to force verbose output
+ * #define infof(x, y, ...) printf(y, __VA_ARGS__)
+ * #define failf(x, y, ...) printf(y, __VA_ARGS__)
+ */
+
+static Curl_recv schannel_recv;
+static Curl_send schannel_send;
+
+#ifdef _WIN32_WCE
+static CURLcode verify_certificate(struct connectdata *conn, int sockindex);
+#endif
+
+static void InitSecBuffer(SecBuffer *buffer, unsigned long BufType,
+                          void *BufDataPtr, unsigned long BufByteSize)
+{
+  buffer->cbBuffer = BufByteSize;
+  buffer->BufferType = BufType;
+  buffer->pvBuffer = BufDataPtr;
+}
+
+static void InitSecBufferDesc(SecBufferDesc *desc, SecBuffer *BufArr,
+                              unsigned long NumArrElem)
+{
+  desc->ulVersion = SECBUFFER_VERSION;
+  desc->pBuffers = BufArr;
+  desc->cBuffers = NumArrElem;
+}
+
+static CURLcode
+schannel_connect_step1(struct connectdata *conn, int sockindex)
+{
+  ssize_t written = -1;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  SecBuffer outbuf;
+  SecBufferDesc outbuf_desc;
+  SCHANNEL_CRED schannel_cred;
+  SECURITY_STATUS sspi_status = SEC_E_OK;
+  struct curl_schannel_cred *old_cred = NULL;
+  struct in_addr addr;
+#ifdef ENABLE_IPV6
+  struct in6_addr addr6;
+#endif
+  TCHAR *host_name;
+  CURLcode code;
+
+  infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)\n",
+        conn->host.name, conn->remote_port);
+
+  /* check for an existing re-usable credential handle */
+  if(!Curl_ssl_getsessionid(conn, (void**)&old_cred, NULL)) {
+    connssl->cred = old_cred;
+    infof(data, "schannel: re-using existing credential handle\n");
+  }
+  else {
+    /* setup Schannel API options */
+    memset(&schannel_cred, 0, sizeof(schannel_cred));
+    schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
+
+    if(data->set.ssl.verifypeer) {
+#ifdef _WIN32_WCE
+      /* certificate validation on CE doesn't seem to work right; we'll
+         do it following a more manual process. */
+      schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
+                              SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
+                              SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+#else
+      schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
+                              SCH_CRED_REVOCATION_CHECK_CHAIN;
+#endif
+      infof(data, "schannel: checking server certificate revocation\n");
+    }
+    else {
+      schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
+                              SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
+                              SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+      infof(data, "schannel: disable server certificate revocation checks\n");
+    }
+
+    if(!data->set.ssl.verifyhost) {
+      schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
+      infof(data, "schannel: verifyhost setting prevents Schannel from "
+                  "comparing the supplied target name with the subject "
+                  "names in server certificates. Also disables SNI.\n");
+    }
+
+    switch(data->set.ssl.version) {
+      case CURL_SSLVERSION_TLSv1:
+        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
+                                              SP_PROT_TLS1_1_CLIENT |
+                                              SP_PROT_TLS1_2_CLIENT;
+        break;
+      case CURL_SSLVERSION_TLSv1_0:
+        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT;
+        break;
+      case CURL_SSLVERSION_TLSv1_1:
+        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_1_CLIENT;
+        break;
+      case CURL_SSLVERSION_TLSv1_2:
+        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT;
+        break;
+      case CURL_SSLVERSION_SSLv3:
+        schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
+        break;
+      case CURL_SSLVERSION_SSLv2:
+        schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
+        break;
+      default:
+        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
+                                              SP_PROT_TLS1_1_CLIENT |
+                                              SP_PROT_TLS1_2_CLIENT |
+                                              SP_PROT_SSL3_CLIENT;
+        break;
+    }
+
+    /* allocate memory for the re-usable credential handle */
+    connssl->cred = (struct curl_schannel_cred *)
+                     malloc(sizeof(struct curl_schannel_cred));
+    if(!connssl->cred) {
+      failf(data, "schannel: unable to allocate memory");
+      return CURLE_OUT_OF_MEMORY;
+    }
+    memset(connssl->cred, 0, sizeof(struct curl_schannel_cred));
+
+    /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx */
+    sspi_status = s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME,
+      SECPKG_CRED_OUTBOUND, NULL, &schannel_cred, NULL, NULL,
+      &connssl->cred->cred_handle, &connssl->cred->time_stamp);
+
+    if(sspi_status != SEC_E_OK) {
+      if(sspi_status == SEC_E_WRONG_PRINCIPAL)
+        failf(data, "schannel: SNI or certificate check failed: %s",
+              Curl_sspi_strerror(conn, sspi_status));
+      else
+        failf(data, "schannel: AcquireCredentialsHandle failed: %s",
+              Curl_sspi_strerror(conn, sspi_status));
+      Curl_safefree(connssl->cred);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+
+  /* Warn if SNI is disabled due to use of an IP address */
+  if(Curl_inet_pton(AF_INET, conn->host.name, &addr)
+#ifdef ENABLE_IPV6
+     || Curl_inet_pton(AF_INET6, conn->host.name, &addr6)
+#endif
+    ) {
+    infof(data, "schannel: using IP address, SNI is not supported by OS.\n");
+  }
+
+  /* setup output buffer */
+  InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
+  InitSecBufferDesc(&outbuf_desc, &outbuf, 1);
+
+  /* setup request flags */
+  connssl->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
+                       ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
+                       ISC_REQ_STREAM;
+
+  /* allocate memory for the security context handle */
+  connssl->ctxt = (struct curl_schannel_ctxt *)
+                   malloc(sizeof(struct curl_schannel_ctxt));
+  if(!connssl->ctxt) {
+    failf(data, "schannel: unable to allocate memory");
+    return CURLE_OUT_OF_MEMORY;
+  }
+  memset(connssl->ctxt, 0, sizeof(struct curl_schannel_ctxt));
+
+  host_name = Curl_convert_UTF8_to_tchar(conn->host.name);
+  if(!host_name)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx */
+
+  sspi_status = s_pSecFn->InitializeSecurityContext(
+    &connssl->cred->cred_handle, NULL, host_name,
+    connssl->req_flags, 0, 0, NULL, 0, &connssl->ctxt->ctxt_handle,
+    &outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp);
+
+  Curl_unicodefree(host_name);
+
+  if(sspi_status != SEC_I_CONTINUE_NEEDED) {
+    if(sspi_status == SEC_E_WRONG_PRINCIPAL)
+      failf(data, "schannel: SNI or certificate check failed: %s",
+            Curl_sspi_strerror(conn, sspi_status));
+    else
+      failf(data, "schannel: initial InitializeSecurityContext failed: %s",
+            Curl_sspi_strerror(conn, sspi_status));
+    Curl_safefree(connssl->ctxt);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  infof(data, "schannel: sending initial handshake data: "
+        "sending %lu bytes...\n", outbuf.cbBuffer);
+
+  /* send initial handshake data which is now stored in output buffer */
+  code = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,
+                          outbuf.cbBuffer, &written);
+  s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);
+  if((code != CURLE_OK) || (outbuf.cbBuffer != (size_t)written)) {
+    failf(data, "schannel: failed to send initial handshake data: "
+          "sent %zd of %lu bytes", written, outbuf.cbBuffer);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  infof(data, "schannel: sent initial handshake data: "
+        "sent %zd bytes\n", written);
+
+  /* continue to second handshake step */
+  connssl->connecting_state = ssl_connect_2;
+
+  return CURLE_OK;
+}
+
+static CURLcode
+schannel_connect_step2(struct connectdata *conn, int sockindex)
+{
+  int i;
+  ssize_t nread = -1, written = -1;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  SecBuffer outbuf[2];
+  SecBufferDesc outbuf_desc;
+  SecBuffer inbuf[2];
+  SecBufferDesc inbuf_desc;
+  SECURITY_STATUS sspi_status = SEC_E_OK;
+  TCHAR *host_name;
+  CURLcode code;
+  bool doread;
+
+  doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE;
+
+  infof(data, "schannel: SSL/TLS connection with %s port %hu (step 2/3)\n",
+        conn->host.name, conn->remote_port);
+
+  if(!connssl->cred || !connssl->ctxt)
+    return CURLE_SSL_CONNECT_ERROR;
+
+  /* buffer to store previously received and encrypted data */
+  if(connssl->encdata_buffer == NULL) {
+    connssl->encdata_offset = 0;
+    connssl->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE;
+    connssl->encdata_buffer = malloc(connssl->encdata_length);
+    if(connssl->encdata_buffer == NULL) {
+      failf(data, "schannel: unable to allocate memory");
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+
+  /* if we need a bigger buffer to read a full message, increase buffer now */
+  if(connssl->encdata_length - connssl->encdata_offset <
+     CURL_SCHANNEL_BUFFER_FREE_SIZE) {
+    /* increase internal encrypted data buffer */
+    connssl->encdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
+    connssl->encdata_buffer = realloc(connssl->encdata_buffer,
+                                      connssl->encdata_length);
+
+    if(connssl->encdata_buffer == NULL) {
+      failf(data, "schannel: unable to re-allocate memory");
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+
+  for(;;) {
+    if(doread) {
+      /* read encrypted handshake data from socket */
+      code = Curl_read_plain(conn->sock[sockindex],
+                (char *) (connssl->encdata_buffer + connssl->encdata_offset),
+                          connssl->encdata_length - connssl->encdata_offset,
+                          &nread);
+      if(code == CURLE_AGAIN) {
+        if(connssl->connecting_state != ssl_connect_2_writing)
+          connssl->connecting_state = ssl_connect_2_reading;
+        infof(data, "schannel: failed to receive handshake, "
+              "need more data\n");
+        return CURLE_OK;
+      }
+      else if((code != CURLE_OK) || (nread == 0)) {
+        failf(data, "schannel: failed to receive handshake, "
+              "SSL/TLS connection failed");
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+
+      /* increase encrypted data buffer offset */
+      connssl->encdata_offset += nread;
+    }
+
+    infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
+        connssl->encdata_offset, connssl->encdata_length);
+
+    /* setup input buffers */
+    InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(connssl->encdata_offset),
+                  curlx_uztoul(connssl->encdata_offset));
+    InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);
+    InitSecBufferDesc(&inbuf_desc, inbuf, 2);
+
+    /* setup output buffers */
+    InitSecBuffer(&outbuf[0], SECBUFFER_TOKEN, NULL, 0);
+    InitSecBuffer(&outbuf[1], SECBUFFER_ALERT, NULL, 0);
+    InitSecBufferDesc(&outbuf_desc, outbuf, 2);
+
+    if(inbuf[0].pvBuffer == NULL) {
+      failf(data, "schannel: unable to allocate memory");
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    /* copy received handshake data into input buffer */
+    memcpy(inbuf[0].pvBuffer, connssl->encdata_buffer,
+           connssl->encdata_offset);
+
+    host_name = Curl_convert_UTF8_to_tchar(conn->host.name);
+    if(!host_name)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx */
+
+    sspi_status = s_pSecFn->InitializeSecurityContext(
+      &connssl->cred->cred_handle, &connssl->ctxt->ctxt_handle,
+      host_name, connssl->req_flags, 0, 0, &inbuf_desc, 0, NULL,
+      &outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp);
+
+    Curl_unicodefree(host_name);
+
+    /* free buffer for received handshake data */
+    Curl_safefree(inbuf[0].pvBuffer);
+
+    /* check if the handshake was incomplete */
+    if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) {
+      connssl->connecting_state = ssl_connect_2_reading;
+      infof(data, "schannel: received incomplete message, need more data\n");
+      return CURLE_OK;
+    }
+
+    /* check if the handshake needs to be continued */
+    if(sspi_status == SEC_I_CONTINUE_NEEDED || sspi_status == SEC_E_OK) {
+      for(i = 0; i < 2; i++) {
+        /* search for handshake tokens that need to be send */
+        if(outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) {
+          infof(data, "schannel: sending next handshake data: "
+                "sending %lu bytes...\n", outbuf[i].cbBuffer);
+
+          /* send handshake token to server */
+          code = Curl_write_plain(conn, conn->sock[sockindex],
+                                  outbuf[i].pvBuffer, outbuf[i].cbBuffer,
+                                  &written);
+          if((code != CURLE_OK) || (outbuf[i].cbBuffer != (size_t)written)) {
+            failf(data, "schannel: failed to send next handshake data: "
+                  "sent %zd of %lu bytes", written, outbuf[i].cbBuffer);
+            return CURLE_SSL_CONNECT_ERROR;
+          }
+        }
+
+        /* free obsolete buffer */
+        if(outbuf[i].pvBuffer != NULL) {
+          s_pSecFn->FreeContextBuffer(outbuf[i].pvBuffer);
+        }
+      }
+    }
+    else {
+      if(sspi_status == SEC_E_WRONG_PRINCIPAL)
+        failf(data, "schannel: SNI or certificate check failed: %s",
+              Curl_sspi_strerror(conn, sspi_status));
+      else
+        failf(data, "schannel: next InitializeSecurityContext failed: %s",
+              Curl_sspi_strerror(conn, sspi_status));
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+
+    /* check if there was additional remaining encrypted data */
+    if(inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) {
+      infof(data, "schannel: encrypted data length: %lu\n", inbuf[1].cbBuffer);
+      /*
+         There are two cases where we could be getting extra data here:
+         1) If we're renegotiating a connection and the handshake is already
+            complete (from the server perspective), it can encrypted app data
+            (not handshake data) in an extra buffer at this point.
+         2) (sspi_status == SEC_I_CONTINUE_NEEDED) We are negotiating a
+            connection and this extra data is part of the handshake.
+            We should process the data immediately; waiting for the socket to
+            be ready may fail since the server is done sending handshake data.
+       */
+      /* check if the remaining data is less than the total amount
+         and therefore begins after the already processed data */
+      if(connssl->encdata_offset > inbuf[1].cbBuffer) {
+        memmove(connssl->encdata_buffer,
+                (connssl->encdata_buffer + connssl->encdata_offset) -
+                  inbuf[1].cbBuffer, inbuf[1].cbBuffer);
+        connssl->encdata_offset = inbuf[1].cbBuffer;
+        if(sspi_status == SEC_I_CONTINUE_NEEDED) {
+          doread = FALSE;
+          continue;
+        }
+      }
+    }
+    else {
+      connssl->encdata_offset = 0;
+    }
+    break;
+  }
+
+  /* check if the handshake needs to be continued */
+  if(sspi_status == SEC_I_CONTINUE_NEEDED) {
+    connssl->connecting_state = ssl_connect_2_reading;
+    return CURLE_OK;
+  }
+
+  /* check if the handshake is complete */
+  if(sspi_status == SEC_E_OK) {
+    connssl->connecting_state = ssl_connect_3;
+    infof(data, "schannel: SSL/TLS handshake complete\n");
+  }
+
+#ifdef _WIN32_WCE
+  /* Windows CE doesn't do any server certificate validation.
+     We have to do it manually. */
+  if(data->set.ssl.verifypeer)
+    return verify_certificate(conn, sockindex);
+#endif
+
+  return CURLE_OK;
+}
+
+static CURLcode
+schannel_connect_step3(struct connectdata *conn, int sockindex)
+{
+  CURLcode retcode = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct curl_schannel_cred *old_cred = NULL;
+  int incache;
+
+  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+  infof(data, "schannel: SSL/TLS connection with %s port %hu (step 3/3)\n",
+        conn->host.name, conn->remote_port);
+
+  if(!connssl->cred)
+    return CURLE_SSL_CONNECT_ERROR;
+
+  /* check if the required context attributes are met */
+  if(connssl->ret_flags != connssl->req_flags) {
+    if(!(connssl->ret_flags & ISC_RET_SEQUENCE_DETECT))
+      failf(data, "schannel: failed to setup sequence detection");
+    if(!(connssl->ret_flags & ISC_RET_REPLAY_DETECT))
+      failf(data, "schannel: failed to setup replay detection");
+    if(!(connssl->ret_flags & ISC_RET_CONFIDENTIALITY))
+      failf(data, "schannel: failed to setup confidentiality");
+    if(!(connssl->ret_flags & ISC_RET_ALLOCATED_MEMORY))
+      failf(data, "schannel: failed to setup memory allocation");
+    if(!(connssl->ret_flags & ISC_RET_STREAM))
+      failf(data, "schannel: failed to setup stream orientation");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* increment the reference counter of the credential/session handle */
+  if(connssl->cred && connssl->ctxt) {
+    connssl->cred->refcount++;
+    infof(data, "schannel: incremented credential handle refcount = %d\n",
+          connssl->cred->refcount);
+  }
+
+  /* save the current session data for possible re-use */
+  incache = !(Curl_ssl_getsessionid(conn, (void**)&old_cred, NULL));
+  if(incache) {
+    if(old_cred != connssl->cred) {
+      infof(data, "schannel: old credential handle is stale, removing\n");
+      Curl_ssl_delsessionid(conn, (void*)old_cred);
+      incache = FALSE;
+    }
+  }
+  if(!incache) {
+    retcode = Curl_ssl_addsessionid(conn, (void*)connssl->cred,
+                                    sizeof(struct curl_schannel_cred));
+    if(retcode) {
+      failf(data, "schannel: failed to store credential handle");
+      return retcode;
+    }
+    else {
+      connssl->cred->cached = TRUE;
+      infof(data, "schannel: stored credential handle in session cache\n");
+    }
+  }
+
+  connssl->connecting_state = ssl_connect_done;
+
+  return CURLE_OK;
+}
+
+static CURLcode
+schannel_connect_common(struct connectdata *conn, int sockindex,
+                        bool nonblocking, bool *done)
+{
+  CURLcode retcode;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  curl_socket_t sockfd = conn->sock[sockindex];
+  long timeout_ms;
+  int what;
+
+  /* check if the connection has already been established */
+  if(ssl_connection_complete == connssl->state) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  if(ssl_connect_1 == connssl->connecting_state) {
+    /* check out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL/TLS connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+    retcode = schannel_connect_step1(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  while(ssl_connect_2 == connssl->connecting_state ||
+        ssl_connect_2_reading == connssl->connecting_state ||
+        ssl_connect_2_writing == connssl->connecting_state) {
+
+    /* check out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL/TLS connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+    /* if ssl is expecting something, check if it's available. */
+    if(connssl->connecting_state == ssl_connect_2_reading
+       || connssl->connecting_state == ssl_connect_2_writing) {
+
+      curl_socket_t writefd = ssl_connect_2_writing ==
+        connssl->connecting_state ? sockfd : CURL_SOCKET_BAD;
+      curl_socket_t readfd = ssl_connect_2_reading ==
+        connssl->connecting_state ? sockfd : CURL_SOCKET_BAD;
+
+      what = Curl_socket_ready(readfd, writefd, nonblocking ? 0 : timeout_ms);
+      if(what < 0) {
+        /* fatal error */
+        failf(data, "select/poll on SSL/TLS socket, errno: %d", SOCKERRNO);
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      else if(0 == what) {
+        if(nonblocking) {
+          *done = FALSE;
+          return CURLE_OK;
+        }
+        else {
+          /* timeout */
+          failf(data, "SSL/TLS connection timeout");
+          return CURLE_OPERATION_TIMEDOUT;
+        }
+      }
+      /* socket is readable or writable */
+    }
+
+    /* Run transaction, and return to the caller if it failed or if
+     * this connection is part of a multi handle and this loop would
+     * execute again. This permits the owner of a multi handle to
+     * abort a connection attempt before step2 has completed while
+     * ensuring that a client using select() or epoll() will always
+     * have a valid fdset to wait on.
+     */
+    retcode = schannel_connect_step2(conn, sockindex);
+    if(retcode || (nonblocking &&
+                   (ssl_connect_2 == connssl->connecting_state ||
+                    ssl_connect_2_reading == connssl->connecting_state ||
+                    ssl_connect_2_writing == connssl->connecting_state)))
+      return retcode;
+
+  } /* repeat step2 until all transactions are done. */
+
+  if(ssl_connect_3 == connssl->connecting_state) {
+    retcode = schannel_connect_step3(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  if(ssl_connect_done == connssl->connecting_state) {
+    connssl->state = ssl_connection_complete;
+    conn->recv[sockindex] = schannel_recv;
+    conn->send[sockindex] = schannel_send;
+    *done = TRUE;
+  }
+  else
+    *done = FALSE;
+
+  /* reset our connection state machine */
+  connssl->connecting_state = ssl_connect_1;
+
+  return CURLE_OK;
+}
+
+static ssize_t
+schannel_send(struct connectdata *conn, int sockindex,
+              const void *buf, size_t len, CURLcode *err)
+{
+  ssize_t written = -1;
+  size_t data_len = 0;
+  unsigned char *data = NULL;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  SecBuffer outbuf[4];
+  SecBufferDesc outbuf_desc;
+  SECURITY_STATUS sspi_status = SEC_E_OK;
+  CURLcode code;
+
+  /* check if the maximum stream sizes were queried */
+  if(connssl->stream_sizes.cbMaximumMessage == 0) {
+    sspi_status = s_pSecFn->QueryContextAttributes(
+                              &connssl->ctxt->ctxt_handle,
+                              SECPKG_ATTR_STREAM_SIZES,
+                              &connssl->stream_sizes);
+    if(sspi_status != SEC_E_OK) {
+      *err = CURLE_SEND_ERROR;
+      return -1;
+    }
+  }
+
+  /* check if the buffer is longer than the maximum message length */
+  if(len > connssl->stream_sizes.cbMaximumMessage) {
+    *err = CURLE_SEND_ERROR;
+    return -1;
+  }
+
+  /* calculate the complete message length and allocate a buffer for it */
+  data_len = connssl->stream_sizes.cbHeader + len +
+              connssl->stream_sizes.cbTrailer;
+  data = (unsigned char*) malloc(data_len);
+  if(data == NULL) {
+    *err = CURLE_OUT_OF_MEMORY;
+    return -1;
+  }
+
+  /* setup output buffers (header, data, trailer, empty) */
+  InitSecBuffer(&outbuf[0], SECBUFFER_STREAM_HEADER,
+                data, connssl->stream_sizes.cbHeader);
+  InitSecBuffer(&outbuf[1], SECBUFFER_DATA,
+                data + connssl->stream_sizes.cbHeader, curlx_uztoul(len));
+  InitSecBuffer(&outbuf[2], SECBUFFER_STREAM_TRAILER,
+                data + connssl->stream_sizes.cbHeader + len,
+                connssl->stream_sizes.cbTrailer);
+  InitSecBuffer(&outbuf[3], SECBUFFER_EMPTY, NULL, 0);
+  InitSecBufferDesc(&outbuf_desc, outbuf, 4);
+
+  /* copy data into output buffer */
+  memcpy(outbuf[1].pvBuffer, buf, len);
+
+  /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375390.aspx */
+  sspi_status = s_pSecFn->EncryptMessage(&connssl->ctxt->ctxt_handle, 0,
+                                         &outbuf_desc, 0);
+
+  /* check if the message was encrypted */
+  if(sspi_status == SEC_E_OK) {
+    written = 0;
+
+    /* send the encrypted message including header, data and trailer */
+    len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;
+
+    /*
+       It's important to send the full message which includes the header,
+       encrypted payload, and trailer.  Until the client receives all the
+       data a coherent message has not been delivered and the client
+       can't read any of it.
+
+       If we wanted to buffer the unwritten encrypted bytes, we would
+       tell the client that all data it has requested to be sent has been
+       sent. The unwritten encrypted bytes would be the first bytes to
+       send on the next invocation.
+       Here's the catch with this - if we tell the client that all the
+       bytes have been sent, will the client call this method again to
+       send the buffered data?  Looking at who calls this function, it
+       seems the answer is NO.
+    */
+
+    /* send entire message or fail */
+    while(len > (size_t)written) {
+      ssize_t this_write;
+      long timeleft;
+      int what;
+
+      this_write = 0;
+
+      timeleft = Curl_timeleft(conn->data, NULL, FALSE);
+      if(timeleft < 0) {
+        /* we already got the timeout */
+        failf(conn->data, "schannel: timed out sending data "
+              "(bytes sent: %zd)", written);
+        *err = CURLE_OPERATION_TIMEDOUT;
+        written = -1;
+        break;
+      }
+
+      what = Curl_socket_ready(CURL_SOCKET_BAD, conn->sock[sockindex],
+                               timeleft);
+      if(what < 0) {
+        /* fatal error */
+        failf(conn->data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        *err = CURLE_SEND_ERROR;
+        written = -1;
+        break;
+      }
+      else if(0 == what) {
+        failf(conn->data, "schannel: timed out sending data "
+              "(bytes sent: %zd)", written);
+        *err = CURLE_OPERATION_TIMEDOUT;
+        written = -1;
+        break;
+      }
+      /* socket is writable */
+
+      code = Curl_write_plain(conn, conn->sock[sockindex], data + written,
+                              len - written, &this_write);
+      if(code == CURLE_AGAIN)
+        continue;
+      else if(code != CURLE_OK) {
+        *err = code;
+        written = -1;
+        break;
+      }
+
+      written += this_write;
+    }
+  }
+  else if(sspi_status == SEC_E_INSUFFICIENT_MEMORY) {
+    *err = CURLE_OUT_OF_MEMORY;
+  }
+  else{
+    *err = CURLE_SEND_ERROR;
+  }
+
+  Curl_safefree(data);
+
+  if(len == (size_t)written)
+    /* Encrypted message including header, data and trailer entirely sent.
+       The return value is the number of unencrypted bytes that were sent. */
+    written = outbuf[1].cbBuffer;
+
+  return written;
+}
+
+static ssize_t
+schannel_recv(struct connectdata *conn, int sockindex,
+              char *buf, size_t len, CURLcode *err)
+{
+  size_t size = 0;
+  ssize_t nread = 0, ret = -1;
+  CURLcode retcode;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  bool done = FALSE;
+  SecBuffer inbuf[4];
+  SecBufferDesc inbuf_desc;
+  SECURITY_STATUS sspi_status = SEC_E_OK;
+
+  infof(data, "schannel: client wants to read %zu bytes\n", len);
+  *err = CURLE_OK;
+
+  /* buffer to store previously received and decrypted data */
+  if(connssl->decdata_buffer == NULL) {
+    connssl->decdata_offset = 0;
+    connssl->decdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE;
+    connssl->decdata_buffer = malloc(connssl->decdata_length);
+    if(connssl->decdata_buffer == NULL) {
+      failf(data, "schannel: unable to allocate memory");
+      *err = CURLE_OUT_OF_MEMORY;
+      return -1;
+    }
+  }
+
+  /* increase buffer in order to fit the requested amount of data */
+  while(connssl->encdata_length - connssl->encdata_offset <
+        CURL_SCHANNEL_BUFFER_FREE_SIZE || connssl->encdata_length < len) {
+    /* increase internal encrypted data buffer */
+    connssl->encdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
+    connssl->encdata_buffer = realloc(connssl->encdata_buffer,
+                                      connssl->encdata_length);
+
+    if(connssl->encdata_buffer == NULL) {
+      failf(data, "schannel: unable to re-allocate memory");
+      *err = CURLE_OUT_OF_MEMORY;
+      return -1;
+    }
+  }
+
+  /* read encrypted data from socket */
+  infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
+        connssl->encdata_offset, connssl->encdata_length);
+  size = connssl->encdata_length - connssl->encdata_offset;
+  if(size > 0) {
+    *err = Curl_read_plain(conn->sock[sockindex],
+                  (char *) (connssl->encdata_buffer + connssl->encdata_offset),
+                           size, &nread);
+    /* check for received data */
+    if(*err != CURLE_OK)
+      ret = -1;
+    else {
+      if(nread > 0)
+        /* increase encrypted data buffer offset */
+        connssl->encdata_offset += nread;
+      ret = nread;
+    }
+    infof(data, "schannel: encrypted data got %zd\n", ret);
+  }
+
+  infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
+        connssl->encdata_offset, connssl->encdata_length);
+
+  /* check if we still have some data in our buffers */
+  while(connssl->encdata_offset > 0 && sspi_status == SEC_E_OK &&
+        connssl->decdata_offset < len) {
+    /* prepare data buffer for DecryptMessage call */
+    InitSecBuffer(&inbuf[0], SECBUFFER_DATA, connssl->encdata_buffer,
+                  curlx_uztoul(connssl->encdata_offset));
+
+    /* we need 3 more empty input buffers for possible output */
+    InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);
+    InitSecBuffer(&inbuf[2], SECBUFFER_EMPTY, NULL, 0);
+    InitSecBuffer(&inbuf[3], SECBUFFER_EMPTY, NULL, 0);
+
+    InitSecBufferDesc(&inbuf_desc, inbuf, 4);
+
+    /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx */
+    sspi_status = s_pSecFn->DecryptMessage(&connssl->ctxt->ctxt_handle,
+                                           &inbuf_desc, 0, NULL);
+
+    /* check if we need more data */
+    if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) {
+      infof(data, "schannel: failed to decrypt data, need more data\n");
+      *err = CURLE_AGAIN;
+      return -1;
+    }
+
+    /* check if everything went fine (server may want to renegotiate
+       context) */
+    if(sspi_status == SEC_E_OK || sspi_status == SEC_I_RENEGOTIATE ||
+                                  sspi_status == SEC_I_CONTEXT_EXPIRED) {
+      /* check for successfully decrypted data */
+      if(inbuf[1].BufferType == SECBUFFER_DATA) {
+        infof(data, "schannel: decrypted data length: %lu\n",
+              inbuf[1].cbBuffer);
+
+        /* increase buffer in order to fit the received amount of data */
+        size = inbuf[1].cbBuffer > CURL_SCHANNEL_BUFFER_FREE_SIZE ?
+               inbuf[1].cbBuffer : CURL_SCHANNEL_BUFFER_FREE_SIZE;
+        while(connssl->decdata_length - connssl->decdata_offset < size ||
+              connssl->decdata_length < len) {
+          /* increase internal decrypted data buffer */
+          connssl->decdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
+          connssl->decdata_buffer = realloc(connssl->decdata_buffer,
+                                            connssl->decdata_length);
+
+          if(connssl->decdata_buffer == NULL) {
+            failf(data, "schannel: unable to re-allocate memory");
+            *err = CURLE_OUT_OF_MEMORY;
+            return -1;
+          }
+        }
+
+        /* copy decrypted data to internal buffer */
+        size = inbuf[1].cbBuffer;
+        if(size > 0) {
+          memcpy(connssl->decdata_buffer + connssl->decdata_offset,
+                 inbuf[1].pvBuffer, size);
+          connssl->decdata_offset += size;
+        }
+
+        infof(data, "schannel: decrypted data added: %zu\n", size);
+        infof(data, "schannel: decrypted data cached: offset %zu length %zu\n",
+              connssl->decdata_offset, connssl->decdata_length);
+      }
+
+      /* check for remaining encrypted data */
+      if(inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) {
+        infof(data, "schannel: encrypted data length: %lu\n",
+              inbuf[3].cbBuffer);
+
+        /* check if the remaining data is less than the total amount
+         * and therefore begins after the already processed data
+        */
+        if(connssl->encdata_offset > inbuf[3].cbBuffer) {
+          /* move remaining encrypted data forward to the beginning of
+             buffer */
+          memmove(connssl->encdata_buffer,
+                  (connssl->encdata_buffer + connssl->encdata_offset) -
+                    inbuf[3].cbBuffer, inbuf[3].cbBuffer);
+          connssl->encdata_offset = inbuf[3].cbBuffer;
+        }
+
+        infof(data, "schannel: encrypted data cached: offset %zu length %zu\n",
+              connssl->encdata_offset, connssl->encdata_length);
+      }
+      else{
+        /* reset encrypted buffer offset, because there is no data remaining */
+        connssl->encdata_offset = 0;
+      }
+    }
+
+    /* check if server wants to renegotiate the connection context */
+    if(sspi_status == SEC_I_RENEGOTIATE) {
+      infof(data, "schannel: remote party requests SSL/TLS renegotiation\n");
+
+      /* begin renegotiation */
+      infof(data, "schannel: renegotiating SSL/TLS connection\n");
+      connssl->state = ssl_connection_negotiating;
+      connssl->connecting_state = ssl_connect_2_writing;
+      retcode = schannel_connect_common(conn, sockindex, FALSE, &done);
+      if(retcode)
+        *err = retcode;
+      else {
+        infof(data, "schannel: SSL/TLS connection renegotiated\n");
+        /* now retry receiving data */
+        return schannel_recv(conn, sockindex, buf, len, err);
+      }
+    }
+  }
+
+  infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n",
+        connssl->decdata_offset, connssl->decdata_length);
+
+  /* copy requested decrypted data to supplied buffer */
+  size = len < connssl->decdata_offset ? len : connssl->decdata_offset;
+  if(size > 0) {
+    memcpy(buf, connssl->decdata_buffer, size);
+    ret = size;
+
+    /* move remaining decrypted data forward to the beginning of buffer */
+    memmove(connssl->decdata_buffer, connssl->decdata_buffer + size,
+            connssl->decdata_offset - size);
+    connssl->decdata_offset -= size;
+
+    infof(data, "schannel: decrypted data returned %zd\n", size);
+    infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n",
+          connssl->decdata_offset, connssl->decdata_length);
+  }
+
+  /* check if the server closed the connection */
+  if(ret <= 0 && ( /* special check for Windows 2000 Professional */
+      sspi_status == SEC_I_CONTEXT_EXPIRED || (sspi_status == SEC_E_OK &&
+        connssl->encdata_offset > 0 && connssl->encdata_buffer[0] == 0x15))) {
+    infof(data, "schannel: server closed the connection\n");
+    *err = CURLE_OK;
+    return 0;
+  }
+
+  /* check if something went wrong and we need to return an error */
+  if(ret < 0 && sspi_status != SEC_E_OK) {
+    infof(data, "schannel: failed to read data from server: %s\n",
+          Curl_sspi_strerror(conn, sspi_status));
+    *err = CURLE_RECV_ERROR;
+    return -1;
+  }
+
+  return ret;
+}
+
+CURLcode
+Curl_schannel_connect_nonblocking(struct connectdata *conn, int sockindex,
+                                  bool *done)
+{
+  return schannel_connect_common(conn, sockindex, TRUE, done);
+}
+
+CURLcode
+Curl_schannel_connect(struct connectdata *conn, int sockindex)
+{
+  CURLcode retcode;
+  bool done = FALSE;
+
+  retcode = schannel_connect_common(conn, sockindex, FALSE, &done);
+  if(retcode)
+    return retcode;
+
+  DEBUGASSERT(done);
+
+  return CURLE_OK;
+}
+
+bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex)
+{
+  const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  if(connssl->use) /* SSL/TLS is in use */
+    return (connssl->encdata_offset > 0 ||
+            connssl->decdata_offset > 0 ) ? TRUE : FALSE;
+  else
+    return FALSE;
+}
+
+void Curl_schannel_close(struct connectdata *conn, int sockindex)
+{
+  if(conn->ssl[sockindex].use)
+    /* if the SSL/TLS channel hasn't been shut down yet, do that now. */
+    Curl_ssl_shutdown(conn, sockindex);
+}
+
+int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
+{
+  /* See http://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx
+   * Shutting Down an Schannel Connection
+   */
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu\n",
+        conn->host.name, conn->remote_port);
+
+  if(connssl->cred && connssl->ctxt) {
+    SecBufferDesc BuffDesc;
+    SecBuffer Buffer;
+    SECURITY_STATUS sspi_status;
+    SecBuffer outbuf;
+    SecBufferDesc outbuf_desc;
+    CURLcode code;
+    TCHAR *host_name;
+    DWORD dwshut = SCHANNEL_SHUTDOWN;
+
+    InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut));
+    InitSecBufferDesc(&BuffDesc, &Buffer, 1);
+
+    sspi_status = s_pSecFn->ApplyControlToken(&connssl->ctxt->ctxt_handle,
+                                              &BuffDesc);
+
+    if(sspi_status != SEC_E_OK)
+      failf(data, "schannel: ApplyControlToken failure: %s",
+            Curl_sspi_strerror(conn, sspi_status));
+
+    host_name = Curl_convert_UTF8_to_tchar(conn->host.name);
+    if(!host_name)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* setup output buffer */
+    InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
+    InitSecBufferDesc(&outbuf_desc, &outbuf, 1);
+
+    sspi_status = s_pSecFn->InitializeSecurityContext(
+         &connssl->cred->cred_handle,
+         &connssl->ctxt->ctxt_handle,
+         host_name,
+         connssl->req_flags,
+         0,
+         0,
+         NULL,
+         0,
+         &connssl->ctxt->ctxt_handle,
+         &outbuf_desc,
+         &connssl->ret_flags,
+         &connssl->ctxt->time_stamp);
+
+    Curl_unicodefree(host_name);
+
+    if((sspi_status == SEC_E_OK) || (sspi_status == SEC_I_CONTEXT_EXPIRED)) {
+      /* send close message which is in output buffer */
+      ssize_t written;
+      code = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,
+                              outbuf.cbBuffer, &written);
+
+      s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);
+      if((code != CURLE_OK) || (outbuf.cbBuffer != (size_t)written)) {
+        infof(data, "schannel: failed to send close msg: %s"
+              " (bytes written: %zd)\n", curl_easy_strerror(code), written);
+      }
+    }
+
+    /* free SSPI Schannel API security context handle */
+    if(connssl->ctxt) {
+      infof(data, "schannel: clear security context handle\n");
+      s_pSecFn->DeleteSecurityContext(&connssl->ctxt->ctxt_handle);
+      Curl_safefree(connssl->ctxt);
+    }
+
+    /* free SSPI Schannel API credential handle */
+    if(connssl->cred) {
+      /* decrement the reference counter of the credential/session handle */
+      if(connssl->cred->refcount > 0) {
+        connssl->cred->refcount--;
+        infof(data, "schannel: decremented credential handle refcount = %d\n",
+              connssl->cred->refcount);
+      }
+
+      /* if the handle was not cached and the refcount is zero */
+      if(!connssl->cred->cached && connssl->cred->refcount == 0) {
+        infof(data, "schannel: clear credential handle\n");
+        s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle);
+        Curl_safefree(connssl->cred);
+      }
+    }
+  }
+
+  /* free internal buffer for received encrypted data */
+  if(connssl->encdata_buffer != NULL) {
+    Curl_safefree(connssl->encdata_buffer);
+    connssl->encdata_length = 0;
+    connssl->encdata_offset = 0;
+  }
+
+  /* free internal buffer for received decrypted data */
+  if(connssl->decdata_buffer != NULL) {
+    Curl_safefree(connssl->decdata_buffer);
+    connssl->decdata_length = 0;
+    connssl->decdata_offset = 0;
+  }
+
+  return CURLE_OK;
+}
+
+void Curl_schannel_session_free(void *ptr)
+{
+  struct curl_schannel_cred *cred = ptr;
+
+  if(cred && cred->cached && cred->refcount == 0) {
+    s_pSecFn->FreeCredentialsHandle(&cred->cred_handle);
+    Curl_safefree(cred);
+  }
+}
+
+int Curl_schannel_init(void)
+{
+  return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0);
+}
+
+void Curl_schannel_cleanup(void)
+{
+  Curl_sspi_global_cleanup();
+}
+
+size_t Curl_schannel_version(char *buffer, size_t size)
+{
+  size = snprintf(buffer, size, "WinSSL");
+
+  return size;
+}
+
+int Curl_schannel_random(unsigned char *entropy, size_t length)
+{
+  HCRYPTPROV hCryptProv = 0;
+
+  if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL,
+                          CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+    return 1;
+
+  if(!CryptGenRandom(hCryptProv, (DWORD)length, entropy)) {
+    CryptReleaseContext(hCryptProv, 0UL);
+    return 1;
+  }
+
+  CryptReleaseContext(hCryptProv, 0UL);
+  return 0;
+}
+
+#ifdef _WIN32_WCE
+static CURLcode verify_certificate(struct connectdata *conn, int sockindex)
+{
+  SECURITY_STATUS status;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  CURLcode result = CURLE_OK;
+  CERT_CONTEXT *pCertContextServer = NULL;
+  const CERT_CHAIN_CONTEXT *pChainContext = NULL;
+
+  status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle,
+                                            SECPKG_ATTR_REMOTE_CERT_CONTEXT,
+                                            &pCertContextServer);
+
+  if((status != SEC_E_OK) || (pCertContextServer == NULL)) {
+    failf(data, "schannel: Failed to read remote certificate context: %s",
+          Curl_sspi_strerror(conn, status));
+    result = CURLE_PEER_FAILED_VERIFICATION;
+  }
+
+  if(result == CURLE_OK) {
+    CERT_CHAIN_PARA ChainPara;
+    memset(&ChainPara, 0, sizeof(ChainPara));
+    ChainPara.cbSize = sizeof(ChainPara);
+
+    if(!CertGetCertificateChain(NULL,
+                                pCertContextServer,
+                                NULL,
+                                pCertContextServer->hCertStore,
+                                &ChainPara,
+                                0,
+                                NULL,
+                                &pChainContext)) {
+      failf(data, "schannel: CertGetCertificateChain failed: %s",
+            Curl_sspi_strerror(conn, GetLastError()));
+      pChainContext = NULL;
+      result = CURLE_PEER_FAILED_VERIFICATION;
+    }
+
+    if(result == CURLE_OK) {
+      CERT_SIMPLE_CHAIN *pSimpleChain = pChainContext->rgpChain[0];
+      DWORD dwTrustErrorMask = ~(DWORD)(CERT_TRUST_IS_NOT_TIME_NESTED|
+                                 CERT_TRUST_REVOCATION_STATUS_UNKNOWN);
+      dwTrustErrorMask &= pSimpleChain->TrustStatus.dwErrorStatus;
+      if(dwTrustErrorMask) {
+        if(dwTrustErrorMask & CERT_TRUST_IS_PARTIAL_CHAIN)
+          failf(data, "schannel: CertGetCertificateChain trust error"
+                      " CERT_TRUST_IS_PARTIAL_CHAIN");
+        if(dwTrustErrorMask & CERT_TRUST_IS_UNTRUSTED_ROOT)
+          failf(data, "schannel: CertGetCertificateChain trust error"
+                      " CERT_TRUST_IS_UNTRUSTED_ROOT");
+        if(dwTrustErrorMask & CERT_TRUST_IS_NOT_TIME_VALID)
+          failf(data, "schannel: CertGetCertificateChain trust error"
+                      " CERT_TRUST_IS_NOT_TIME_VALID");
+        failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x",
+              dwTrustErrorMask);
+        result = CURLE_PEER_FAILED_VERIFICATION;
+      }
+    }
+  }
+
+  if(result == CURLE_OK) {
+    if(data->set.ssl.verifyhost) {
+      TCHAR cert_hostname_buff[128];
+      xcharp_u hostname;
+      xcharp_u cert_hostname;
+      DWORD len;
+
+      cert_hostname.const_tchar_ptr = cert_hostname_buff;
+      hostname.tchar_ptr = Curl_convert_UTF8_to_tchar(conn->host.name);
+
+      len = CertGetNameString(pCertContextServer,
+                              CERT_NAME_DNS_TYPE,
+                              0,
+                              NULL,
+                              cert_hostname.tchar_ptr,
+                              128);
+      if(len > 0 && *cert_hostname.tchar_ptr == '*') {
+        /* this is a wildcard cert.  try matching the last len - 1 chars */
+        int hostname_len = strlen(conn->host.name);
+        cert_hostname.tchar_ptr++;
+        if(_tcsicmp(cert_hostname.const_tchar_ptr,
+                    hostname.const_tchar_ptr + hostname_len - len + 2) != 0)
+          result = CURLE_PEER_FAILED_VERIFICATION;
+      }
+      else if(len == 0 || _tcsicmp(hostname.const_tchar_ptr,
+                                   cert_hostname.const_tchar_ptr) != 0) {
+        result = CURLE_PEER_FAILED_VERIFICATION;
+      }
+      if(result == CURLE_PEER_FAILED_VERIFICATION) {
+        char *_cert_hostname;
+        _cert_hostname = Curl_convert_tchar_to_UTF8(cert_hostname.tchar_ptr);
+        failf(data, "schannel: CertGetNameString() certificate hostname "
+              "(%s) did not match connection (%s)",
+              _cert_hostname, conn->host.name);
+        Curl_unicodefree(_cert_hostname);
+      }
+      Curl_unicodefree(hostname.tchar_ptr);
+    }
+  }
+
+  if(pChainContext)
+    CertFreeCertificateChain(pChainContext);
+
+  if(pCertContextServer)
+    CertFreeCertificateContext(pCertContextServer);
+
+  return result;
+}
+#endif /* _WIN32_WCE */
+
+#endif /* USE_SCHANNEL */
diff --git a/Utilities/cmcurl/lib/vtls/curl_schannel.h b/Utilities/cmcurl/lib/vtls/curl_schannel.h
new file mode 100644
index 0000000..700516b
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/curl_schannel.h
@@ -0,0 +1,137 @@
+#ifndef HEADER_CURL_SCHANNEL_H
+#define HEADER_CURL_SCHANNEL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al.
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_SCHANNEL
+
+#include "urldata.h"
+
+#ifndef UNISP_NAME_A
+#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
+#endif
+
+#ifndef UNISP_NAME_W
+#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
+#endif
+
+#ifndef UNISP_NAME
+#ifdef UNICODE
+#define UNISP_NAME  UNISP_NAME_W
+#else
+#define UNISP_NAME  UNISP_NAME_A
+#endif
+#endif
+
+#ifndef SP_PROT_SSL2_CLIENT
+#define SP_PROT_SSL2_CLIENT             0x00000008
+#endif
+
+#ifndef SP_PROT_SSL3_CLIENT
+#define SP_PROT_SSL3_CLIENT             0x00000008
+#endif
+
+#ifndef SP_PROT_TLS1_CLIENT
+#define SP_PROT_TLS1_CLIENT             0x00000080
+#endif
+
+#ifndef SP_PROT_TLS1_0_CLIENT
+#define SP_PROT_TLS1_0_CLIENT           SP_PROT_TLS1_CLIENT
+#endif
+
+#ifndef SP_PROT_TLS1_1_CLIENT
+#define SP_PROT_TLS1_1_CLIENT           0x00000200
+#endif
+
+#ifndef SP_PROT_TLS1_2_CLIENT
+#define SP_PROT_TLS1_2_CLIENT           0x00000800
+#endif
+
+#ifndef SECBUFFER_ALERT
+#define SECBUFFER_ALERT                 17
+#endif
+
+#ifndef ISC_RET_REPLAY_DETECT
+#define ISC_RET_REPLAY_DETECT           0x00000004
+#endif
+
+#ifndef ISC_RET_SEQUENCE_DETECT
+#define ISC_RET_SEQUENCE_DETECT         0x00000008
+#endif
+
+#ifndef ISC_RET_CONFIDENTIALITY
+#define ISC_RET_CONFIDENTIALITY         0x00000010
+#endif
+
+#ifndef ISC_RET_ALLOCATED_MEMORY
+#define ISC_RET_ALLOCATED_MEMORY        0x00000100
+#endif
+
+#ifndef ISC_RET_STREAM
+#define ISC_RET_STREAM                  0x00008000
+#endif
+
+
+#define CURL_SCHANNEL_BUFFER_INIT_SIZE   4096
+#define CURL_SCHANNEL_BUFFER_FREE_SIZE   1024
+#define CURL_SCHANNEL_BUFFER_STEP_FACTOR 2
+
+
+CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex);
+
+CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
+                                           int sockindex,
+                                           bool *done);
+
+bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex);
+void Curl_schannel_close(struct connectdata *conn, int sockindex);
+int Curl_schannel_shutdown(struct connectdata *conn, int sockindex);
+void Curl_schannel_session_free(void *ptr);
+
+int Curl_schannel_init(void);
+void Curl_schannel_cleanup(void);
+size_t Curl_schannel_version(char *buffer, size_t size);
+
+int Curl_schannel_random(unsigned char *entropy, size_t length);
+
+/* API setup for Schannel */
+#define curlssl_init Curl_schannel_init
+#define curlssl_cleanup Curl_schannel_cleanup
+#define curlssl_connect Curl_schannel_connect
+#define curlssl_connect_nonblocking Curl_schannel_connect_nonblocking
+#define curlssl_session_free Curl_schannel_session_free
+#define curlssl_close_all(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_close Curl_schannel_close
+#define curlssl_shutdown Curl_schannel_shutdown
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_schannel_version
+#define curlssl_check_cxn(x) (x=x, -1)
+#define curlssl_data_pending Curl_schannel_data_pending
+#define CURL_SSL_BACKEND CURLSSLBACKEND_SCHANNEL
+#define curlssl_random(x,y,z) ((void)x, Curl_schannel_random(y,z))
+
+#endif /* USE_SCHANNEL */
+#endif /* HEADER_CURL_SCHANNEL_H */
diff --git a/Utilities/cmcurl/lib/vtls/cyassl.c b/Utilities/cmcurl/lib/vtls/cyassl.c
new file mode 100644
index 0000000..9b5c7c6
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/cyassl.c
@@ -0,0 +1,655 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all CyaSSL-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ *
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_CYASSL
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "cyassl.h"
+#include "vtls.h"
+#include "parsedate.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "rawstr.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+#include "curl_memory.h"
+
+#include <cyassl/ssl.h>
+#ifdef HAVE_CYASSL_ERROR_SSL_H
+#include <cyassl/error-ssl.h>
+#else
+#include <cyassl/error.h>
+#endif
+#include <cyassl/ctaocrypt/random.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+static Curl_recv cyassl_recv;
+static Curl_send cyassl_send;
+
+
+static int do_file_type(const char *type)
+{
+  if(!type || !type[0])
+    return SSL_FILETYPE_PEM;
+  if(Curl_raw_equal(type, "PEM"))
+    return SSL_FILETYPE_PEM;
+  if(Curl_raw_equal(type, "DER"))
+    return SSL_FILETYPE_ASN1;
+  return -1;
+}
+
+/*
+ * This function loads all the client/CA certificates and CRLs. Setup the TLS
+ * layer and do all necessary magic.
+ */
+static CURLcode
+cyassl_connect_step1(struct connectdata *conn,
+                     int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data* conssl = &conn->ssl[sockindex];
+  SSL_METHOD* req_method = NULL;
+  void* ssl_sessionid = NULL;
+  curl_socket_t sockfd = conn->sock[sockindex];
+
+  if(conssl->state == ssl_connection_complete)
+    return CURLE_OK;
+
+  /* CyaSSL doesn't support SSLv2 */
+  if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
+    failf(data, "CyaSSL does not support SSLv2");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* check to see if we've been told to use an explicit SSL/TLS version */
+  switch(data->set.ssl.version) {
+  case CURL_SSLVERSION_DEFAULT:
+    /* we try to figure out version */
+    req_method = SSLv23_client_method();
+    break;
+  case CURL_SSLVERSION_TLSv1:
+    infof(data, "CyaSSL cannot be configured to use TLS 1.0-1.2, "
+          "TLS 1.0 is used exclusively\n");
+    req_method = TLSv1_client_method();
+    break;
+  case CURL_SSLVERSION_TLSv1_0:
+    req_method = TLSv1_client_method();
+    break;
+  case CURL_SSLVERSION_TLSv1_1:
+    req_method = TLSv1_1_client_method();
+    break;
+  case CURL_SSLVERSION_TLSv1_2:
+    req_method = TLSv1_2_client_method();
+    break;
+  case CURL_SSLVERSION_SSLv3:
+    req_method = SSLv3_client_method();
+    break;
+  default:
+    req_method = TLSv1_client_method();
+  }
+
+  if(!req_method) {
+    failf(data, "SSL: couldn't create a method!");
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  if(conssl->ctx)
+    SSL_CTX_free(conssl->ctx);
+  conssl->ctx = SSL_CTX_new(req_method);
+
+  if(!conssl->ctx) {
+    failf(data, "SSL: couldn't create a context!");
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+#ifndef NO_FILESYSTEM
+  /* load trusted cacert */
+  if(data->set.str[STRING_SSL_CAFILE]) {
+    if(!SSL_CTX_load_verify_locations(conssl->ctx,
+                                      data->set.str[STRING_SSL_CAFILE],
+                                      data->set.str[STRING_SSL_CAPATH])) {
+      if(data->set.ssl.verifypeer) {
+        /* Fail if we insist on successfully verifying the server. */
+        failf(data,"error setting certificate verify locations:\n"
+              "  CAfile: %s\n  CApath: %s",
+              data->set.str[STRING_SSL_CAFILE]?
+              data->set.str[STRING_SSL_CAFILE]: "none",
+              data->set.str[STRING_SSL_CAPATH]?
+              data->set.str[STRING_SSL_CAPATH] : "none");
+        return CURLE_SSL_CACERT_BADFILE;
+      }
+      else {
+        /* Just continue with a warning if no strict certificate
+           verification is required. */
+        infof(data, "error setting certificate verify locations,"
+              " continuing anyway:\n");
+      }
+    }
+    else {
+      /* Everything is fine. */
+      infof(data, "successfully set certificate verify locations:\n");
+    }
+    infof(data,
+          "  CAfile: %s\n"
+          "  CApath: %s\n",
+          data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
+          "none",
+          data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
+          "none");
+  }
+
+  /* Load the client certificate, and private key */
+  if(data->set.str[STRING_CERT] && data->set.str[STRING_KEY]) {
+    int file_type = do_file_type(data->set.str[STRING_CERT_TYPE]);
+
+    if(SSL_CTX_use_certificate_file(conssl->ctx, data->set.str[STRING_CERT],
+                                     file_type) != 1) {
+      failf(data, "unable to use client certificate (no key or wrong pass"
+            " phrase?)");
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+
+    file_type = do_file_type(data->set.str[STRING_KEY_TYPE]);
+    if(SSL_CTX_use_PrivateKey_file(conssl->ctx, data->set.str[STRING_KEY],
+                                    file_type) != 1) {
+      failf(data, "unable to set private key");
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+#else
+  if(CyaSSL_no_filesystem_verify(conssl->ctx)!= SSL_SUCCESS) {
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+#endif /* NO_FILESYSTEM */
+
+  /* SSL always tries to verify the peer, this only says whether it should
+   * fail to connect if the verification fails, or if it should continue
+   * anyway. In the latter case the result of the verification is checked with
+   * SSL_get_verify_result() below. */
+  SSL_CTX_set_verify(conssl->ctx,
+                     data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
+                     NULL);
+
+  /* Let's make an SSL structure */
+  if(conssl->handle)
+    SSL_free(conssl->handle);
+  conssl->handle = SSL_new(conssl->ctx);
+  if(!conssl->handle) {
+    failf(data, "SSL: couldn't create a context (handle)!");
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Check if there's a cached ID we can/should use here! */
+  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
+    /* we got a session id, use it! */
+    if(!SSL_set_session(conssl->handle, ssl_sessionid)) {
+      failf(data, "SSL: SSL_set_session failed: %s",
+            ERR_error_string(SSL_get_error(conssl->handle, 0),NULL));
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+    /* Informational message */
+    infof (data, "SSL re-using session ID\n");
+  }
+
+  /* pass the raw socket into the SSL layer */
+  if(!SSL_set_fd(conssl->handle, (int)sockfd)) {
+    failf(data, "SSL: SSL_set_fd failed");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  conssl->connecting_state = ssl_connect_2;
+  return CURLE_OK;
+}
+
+
+static CURLcode
+cyassl_connect_step2(struct connectdata *conn,
+                     int sockindex)
+{
+  int ret = -1;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data* conssl = &conn->ssl[sockindex];
+
+  infof(data, "CyaSSL: Connecting to %s:%d\n",
+        conn->host.name, conn->remote_port);
+
+  conn->recv[sockindex] = cyassl_recv;
+  conn->send[sockindex] = cyassl_send;
+
+  /* Enable RFC2818 checks */
+  if(data->set.ssl.verifyhost) {
+    ret = CyaSSL_check_domain_name(conssl->handle, conn->host.name);
+    if(ret == SSL_FAILURE)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
+  ret = SSL_connect(conssl->handle);
+  if(ret != 1) {
+    char error_buffer[80];
+    int  detail = SSL_get_error(conssl->handle, ret);
+
+    if(SSL_ERROR_WANT_READ == detail) {
+      conssl->connecting_state = ssl_connect_2_reading;
+      return CURLE_OK;
+    }
+    else if(SSL_ERROR_WANT_WRITE == detail) {
+      conssl->connecting_state = ssl_connect_2_writing;
+      return CURLE_OK;
+    }
+    /* There is no easy way to override only the CN matching.
+     * This will enable the override of both mismatching SubjectAltNames
+     * as also mismatching CN fields */
+    else if(DOMAIN_NAME_MISMATCH == detail) {
+#if 1
+      failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n",
+            conn->host.dispname);
+      return CURLE_PEER_FAILED_VERIFICATION;
+#else
+      /* When the CyaSSL_check_domain_name() is used and you desire to continue
+       * on a DOMAIN_NAME_MISMATCH, i.e. 'data->set.ssl.verifyhost == 0',
+       * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only
+       * way to do this is currently to switch the CyaSSL_check_domain_name()
+       * in and out based on the 'data->set.ssl.verifyhost' value. */
+      if(data->set.ssl.verifyhost) {
+        failf(data,
+              "\tsubject alt name(s) or common name do not match \"%s\"\n",
+              conn->host.dispname);
+        return CURLE_PEER_FAILED_VERIFICATION;
+      }
+      else {
+        infof(data,
+              "\tsubject alt name(s) and/or common name do not match \"%s\"\n",
+              conn->host.dispname);
+        return CURLE_OK;
+      }
+#endif
+    }
+#if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */
+    else if(ASN_NO_SIGNER_E == detail) {
+      if(data->set.ssl.verifypeer) {
+        failf(data, "\tCA signer not available for verification\n");
+        return CURLE_SSL_CACERT_BADFILE;
+      }
+      else {
+        /* Just continue with a warning if no strict certificate
+           verification is required. */
+        infof(data, "CA signer not available for verification, "
+                    "continuing anyway\n");
+      }
+    }
+#endif
+    else {
+      failf(data, "SSL_connect failed with error %d: %s", detail,
+          ERR_error_string(detail, error_buffer));
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+
+  conssl->connecting_state = ssl_connect_3;
+  infof(data, "SSL connected\n");
+
+  return CURLE_OK;
+}
+
+
+static CURLcode
+cyassl_connect_step3(struct connectdata *conn,
+                     int sockindex)
+{
+  CURLcode retcode = CURLE_OK;
+  void *old_ssl_sessionid=NULL;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  int incache;
+  SSL_SESSION *our_ssl_sessionid;
+
+  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+  our_ssl_sessionid = SSL_get_session(connssl->handle);
+
+  incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
+  if(incache) {
+    if(old_ssl_sessionid != our_ssl_sessionid) {
+      infof(data, "old SSL session ID is stale, removing\n");
+      Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+      incache = FALSE;
+    }
+  }
+  if(!incache) {
+    retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
+                                    0 /* unknown size */);
+    if(retcode) {
+      failf(data, "failed to store ssl session");
+      return retcode;
+    }
+  }
+
+  connssl->connecting_state = ssl_connect_done;
+
+  return retcode;
+}
+
+
+static ssize_t cyassl_send(struct connectdata *conn,
+                           int sockindex,
+                           const void *mem,
+                           size_t len,
+                           CURLcode *curlcode)
+{
+  char error_buffer[80];
+  int  memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
+  int  rc     = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
+
+  if(rc < 0) {
+    int err = SSL_get_error(conn->ssl[sockindex].handle, rc);
+
+    switch(err) {
+    case SSL_ERROR_WANT_READ:
+    case SSL_ERROR_WANT_WRITE:
+      /* there's data pending, re-invoke SSL_write() */
+      *curlcode = CURLE_AGAIN;
+      return -1;
+    default:
+      failf(conn->data, "SSL write: %s, errno %d",
+            ERR_error_string(err, error_buffer),
+            SOCKERRNO);
+      *curlcode = CURLE_SEND_ERROR;
+      return -1;
+    }
+  }
+  return rc;
+}
+
+void Curl_cyassl_close_all(struct SessionHandle *data)
+{
+  (void)data;
+}
+
+void Curl_cyassl_close(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *conssl = &conn->ssl[sockindex];
+
+  if(conssl->handle) {
+    (void)SSL_shutdown(conssl->handle);
+    SSL_free (conssl->handle);
+    conssl->handle = NULL;
+  }
+  if(conssl->ctx) {
+    SSL_CTX_free (conssl->ctx);
+    conssl->ctx = NULL;
+  }
+}
+
+static ssize_t cyassl_recv(struct connectdata *conn,
+                           int num,
+                           char *buf,
+                           size_t buffersize,
+                           CURLcode *curlcode)
+{
+  char error_buffer[80];
+  int  buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
+  int  nread    = SSL_read(conn->ssl[num].handle, buf, buffsize);
+
+  if(nread < 0) {
+    int err = SSL_get_error(conn->ssl[num].handle, nread);
+
+    switch(err) {
+    case SSL_ERROR_ZERO_RETURN: /* no more data */
+      break;
+    case SSL_ERROR_WANT_READ:
+    case SSL_ERROR_WANT_WRITE:
+      /* there's data pending, re-invoke SSL_read() */
+      *curlcode = CURLE_AGAIN;
+      return -1;
+    default:
+      failf(conn->data, "SSL read: %s, errno %d",
+            ERR_error_string(err, error_buffer),
+            SOCKERRNO);
+      *curlcode = CURLE_RECV_ERROR;
+      return -1;
+    }
+  }
+  return nread;
+}
+
+
+void Curl_cyassl_session_free(void *ptr)
+{
+  (void)ptr;
+  /* CyaSSL reuses sessions on own, no free */
+}
+
+
+size_t Curl_cyassl_version(char *buffer, size_t size)
+{
+#ifdef CYASSL_VERSION
+  return snprintf(buffer, size, "CyaSSL/%s", CYASSL_VERSION);
+#else
+  return snprintf(buffer, size, "CyaSSL/%s", "<1.8.8");
+#endif
+}
+
+
+int Curl_cyassl_init(void)
+{
+  if(CyaSSL_Init() == 0)
+    return 1;
+
+  return -1;
+}
+
+
+bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex)
+{
+  if(conn->ssl[connindex].handle)   /* SSL is in use */
+    return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
+  else
+    return FALSE;
+}
+
+
+/*
+ * This function is called to shut down the SSL layer but keep the
+ * socket open (CCC - Clear Command Channel)
+ */
+int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex)
+{
+  int retval = 0;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  if(connssl->handle) {
+    SSL_free (connssl->handle);
+    connssl->handle = NULL;
+  }
+  return retval;
+}
+
+
+static CURLcode
+cyassl_connect_common(struct connectdata *conn,
+                      int sockindex,
+                      bool nonblocking,
+                      bool *done)
+{
+  CURLcode retcode;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  curl_socket_t sockfd = conn->sock[sockindex];
+  long timeout_ms;
+  int what;
+
+  /* check if the connection has already been established */
+  if(ssl_connection_complete == connssl->state) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  if(ssl_connect_1==connssl->connecting_state) {
+    /* Find out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+    retcode = cyassl_connect_step1(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  while(ssl_connect_2 == connssl->connecting_state ||
+        ssl_connect_2_reading == connssl->connecting_state ||
+        ssl_connect_2_writing == connssl->connecting_state) {
+
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+    /* if ssl is expecting something, check if it's available. */
+    if(connssl->connecting_state == ssl_connect_2_reading
+       || connssl->connecting_state == ssl_connect_2_writing) {
+
+      curl_socket_t writefd = ssl_connect_2_writing==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+      curl_socket_t readfd = ssl_connect_2_reading==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+      what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
+      if(what < 0) {
+        /* fatal error */
+        failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      else if(0 == what) {
+        if(nonblocking) {
+          *done = FALSE;
+          return CURLE_OK;
+        }
+        else {
+          /* timeout */
+          failf(data, "SSL connection timeout");
+          return CURLE_OPERATION_TIMEDOUT;
+        }
+      }
+      /* socket is readable or writable */
+    }
+
+    /* Run transaction, and return to the caller if it failed or if
+     * this connection is part of a multi handle and this loop would
+     * execute again. This permits the owner of a multi handle to
+     * abort a connection attempt before step2 has completed while
+     * ensuring that a client using select() or epoll() will always
+     * have a valid fdset to wait on.
+     */
+    retcode = cyassl_connect_step2(conn, sockindex);
+    if(retcode || (nonblocking &&
+                   (ssl_connect_2 == connssl->connecting_state ||
+                    ssl_connect_2_reading == connssl->connecting_state ||
+                    ssl_connect_2_writing == connssl->connecting_state)))
+      return retcode;
+
+  } /* repeat step2 until all transactions are done. */
+
+  if(ssl_connect_3==connssl->connecting_state) {
+    retcode = cyassl_connect_step3(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  if(ssl_connect_done==connssl->connecting_state) {
+    connssl->state = ssl_connection_complete;
+    conn->recv[sockindex] = cyassl_recv;
+    conn->send[sockindex] = cyassl_send;
+    *done = TRUE;
+  }
+  else
+    *done = FALSE;
+
+  /* Reset our connect state machine */
+  connssl->connecting_state = ssl_connect_1;
+
+  return CURLE_OK;
+}
+
+
+CURLcode
+Curl_cyassl_connect_nonblocking(struct connectdata *conn,
+                                int sockindex,
+                                bool *done)
+{
+  return cyassl_connect_common(conn, sockindex, TRUE, done);
+}
+
+
+CURLcode
+Curl_cyassl_connect(struct connectdata *conn,
+                    int sockindex)
+{
+  CURLcode retcode;
+  bool done = FALSE;
+
+  retcode = cyassl_connect_common(conn, sockindex, FALSE, &done);
+  if(retcode)
+    return retcode;
+
+  DEBUGASSERT(done);
+
+  return CURLE_OK;
+}
+
+int Curl_cyassl_random(struct SessionHandle *data,
+                       unsigned char *entropy,
+                       size_t length)
+{
+  RNG rng;
+  (void)data;
+  if(InitRng(&rng))
+    return 1;
+  if(RNG_GenerateBlock(&rng, entropy, length))
+    return 1;
+  return 0;
+}
+
+#endif
diff --git a/Utilities/cmcurl/lib/vtls/cyassl.h b/Utilities/cmcurl/lib/vtls/cyassl.h
new file mode 100644
index 0000000..b10b607
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/cyassl.h
@@ -0,0 +1,69 @@
+#ifndef HEADER_CURL_CYASSL_H
+#define HEADER_CURL_CYASSL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_CYASSL
+
+CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex);
+bool Curl_cyassl_data_pending(const struct connectdata* conn,int connindex);
+int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex);
+
+/* tell CyaSSL to close down all open information regarding connections (and
+   thus session ID caching etc) */
+void Curl_cyassl_close_all(struct SessionHandle *data);
+
+ /* close a SSL connection */
+void Curl_cyassl_close(struct connectdata *conn, int sockindex);
+
+void Curl_cyassl_session_free(void *ptr);
+size_t Curl_cyassl_version(char *buffer, size_t size);
+int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex);
+int Curl_cyassl_init(void);
+CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
+                                         int sockindex,
+                                         bool *done);
+int Curl_cyassl_random(struct SessionHandle *data,
+                       unsigned char *entropy,
+                       size_t length);
+
+/* API setup for CyaSSL */
+#define curlssl_init Curl_cyassl_init
+#define curlssl_cleanup() Curl_nop_stmt
+#define curlssl_connect Curl_cyassl_connect
+#define curlssl_connect_nonblocking Curl_cyassl_connect_nonblocking
+#define curlssl_session_free(x)  Curl_cyassl_session_free(x)
+#define curlssl_close_all Curl_cyassl_close_all
+#define curlssl_close Curl_cyassl_close
+#define curlssl_shutdown(x,y) Curl_cyassl_shutdown(x,y)
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_cyassl_version
+#define curlssl_check_cxn(x) (x=x, -1)
+#define curlssl_data_pending(x,y) Curl_cyassl_data_pending(x,y)
+#define curlssl_random(x,y,z) Curl_cyassl_random(x,y,z)
+#define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL
+
+#endif /* USE_CYASSL */
+#endif /* HEADER_CURL_CYASSL_H */
diff --git a/Utilities/cmcurl/lib/vtls/gskit.c b/Utilities/cmcurl/lib/vtls/gskit.c
new file mode 100644
index 0000000..0f8b08f
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/gskit.c
@@ -0,0 +1,1053 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_GSKIT
+
+#include <gskssl.h>
+#include <qsoasync.h>
+
+/* Some symbols are undefined/unsupported on OS400 versions < V7R1. */
+#ifndef GSK_SSL_EXTN_SERVERNAME_REQUEST
+#define GSK_SSL_EXTN_SERVERNAME_REQUEST         230
+#endif
+
+#ifndef GSK_TLSV10_CIPHER_SPECS
+#define GSK_TLSV10_CIPHER_SPECS                 236
+#endif
+
+#ifndef GSK_TLSV11_CIPHER_SPECS
+#define GSK_TLSV11_CIPHER_SPECS                 237
+#endif
+
+#ifndef GSK_TLSV12_CIPHER_SPECS
+#define GSK_TLSV12_CIPHER_SPECS                 238
+#endif
+
+#ifndef GSK_PROTOCOL_TLSV11
+#define GSK_PROTOCOL_TLSV11                     437
+#endif
+
+#ifndef GSK_PROTOCOL_TLSV12
+#define GSK_PROTOCOL_TLSV12                     438
+#endif
+
+#ifndef GSK_FALSE
+#define GSK_FALSE                               0
+#endif
+
+#ifndef GSK_TRUE
+#define GSK_TRUE                                1
+#endif
+
+
+#ifdef HAVE_LIMITS_H
+#  include <limits.h>
+#endif
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "sendf.h"
+#include "gskit.h"
+#include "vtls.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "strequal.h"
+#include "x509asn1.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+
+/* SSL version flags. */
+#define CURL_GSKPROTO_SSLV2     0
+#define CURL_GSKPROTO_SSLV2_MASK        (1 << CURL_GSKPROTO_SSLV2)
+#define CURL_GSKPROTO_SSLV3     1
+#define CURL_GSKPROTO_SSLV3_MASK        (1 << CURL_GSKPROTO_SSLV3)
+#define CURL_GSKPROTO_TLSV10    2
+#define CURL_GSKPROTO_TLSV10_MASK        (1 << CURL_GSKPROTO_TLSV10)
+#define CURL_GSKPROTO_TLSV11    3
+#define CURL_GSKPROTO_TLSV11_MASK        (1 << CURL_GSKPROTO_TLSV11)
+#define CURL_GSKPROTO_TLSV12    4
+#define CURL_GSKPROTO_TLSV12_MASK        (1 << CURL_GSKPROTO_TLSV12)
+#define CURL_GSKPROTO_LAST      5
+
+
+/* Supported ciphers. */
+typedef struct {
+  const char *name;            /* Cipher name. */
+  const char *gsktoken;        /* Corresponding token for GSKit String. */
+  unsigned int versions;       /* SSL version flags. */
+}  gskit_cipher;
+
+static const gskit_cipher  ciphertable[] = {
+  { "null-md5",         "01",
+      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+  { "null-sha",         "02",
+      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+  { "exp-rc4-md5",      "03",
+      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK },
+  { "rc4-md5",          "04",
+      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+  { "rc4-sha",          "05",
+      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+  { "exp-rc2-cbc-md5",  "06",
+      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK },
+  { "exp-des-cbc-sha",  "09",
+      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+      CURL_GSKPROTO_TLSV11_MASK },
+  { "des-cbc3-sha",     "0A",
+      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+  { "aes128-sha",       "2F",
+      CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
+      CURL_GSKPROTO_TLSV12_MASK },
+  { "aes256-sha",       "35",
+      CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
+      CURL_GSKPROTO_TLSV12_MASK },
+  { "null-sha256",      "3B",   CURL_GSKPROTO_TLSV12_MASK },
+  { "aes128-sha256",    "3D",   CURL_GSKPROTO_TLSV12_MASK },
+  { "aes256-sha256",    "3D",   CURL_GSKPROTO_TLSV12_MASK },
+  { "rc4-md5",          "1",    CURL_GSKPROTO_SSLV2_MASK },
+  { "exp-rc4-md5",      "2",    CURL_GSKPROTO_SSLV2_MASK },
+  { "rc2-md5",          "3",    CURL_GSKPROTO_SSLV2_MASK },
+  { "exp-rc2-md5",      "4",    CURL_GSKPROTO_SSLV2_MASK },
+  { "des-cbc-md5",      "6",    CURL_GSKPROTO_SSLV2_MASK },
+  { "des-cbc3-md5",     "7",    CURL_GSKPROTO_SSLV2_MASK },
+  { (const char *) NULL, (const char *) NULL, 0       }
+};
+
+
+static bool is_separator(char c)
+{
+  /* Return whether character is a cipher list separator. */
+  switch (c) {
+  case ' ':
+  case '\t':
+  case ':':
+  case ',':
+  case ';':
+    return true;
+  }
+  return false;
+}
+
+
+static CURLcode gskit_status(struct SessionHandle *data, int rc,
+                             const char *procname, CURLcode defcode)
+{
+  CURLcode cc;
+
+  /* Process GSKit status and map it to a CURLcode. */
+  switch (rc) {
+  case GSK_OK:
+  case GSK_OS400_ASYNCHRONOUS_SOC_INIT:
+    return CURLE_OK;
+  case GSK_KEYRING_OPEN_ERROR:
+  case GSK_OS400_ERROR_NO_ACCESS:
+    return CURLE_SSL_CACERT_BADFILE;
+  case GSK_INSUFFICIENT_STORAGE:
+    return CURLE_OUT_OF_MEMORY;
+  case GSK_ERROR_BAD_V2_CIPHER:
+  case GSK_ERROR_BAD_V3_CIPHER:
+  case GSK_ERROR_NO_CIPHERS:
+    return CURLE_SSL_CIPHER;
+  case GSK_OS400_ERROR_NOT_TRUSTED_ROOT:
+  case GSK_ERROR_CERT_VALIDATION:
+    return CURLE_PEER_FAILED_VERIFICATION;
+  case GSK_OS400_ERROR_TIMED_OUT:
+    return CURLE_OPERATION_TIMEDOUT;
+  case GSK_WOULD_BLOCK:
+    return CURLE_AGAIN;
+  case GSK_OS400_ERROR_NOT_REGISTERED:
+    break;
+  case GSK_ERROR_IO:
+    switch (errno) {
+    case ENOMEM:
+      return CURLE_OUT_OF_MEMORY;
+    default:
+      failf(data, "%s I/O error: %s", procname, strerror(errno));
+      break;
+    }
+    break;
+  default:
+    failf(data, "%s: %s", procname, gsk_strerror(rc));
+    break;
+  }
+  return defcode;
+}
+
+
+static CURLcode set_enum(struct SessionHandle *data, gsk_handle h,
+                GSK_ENUM_ID id, GSK_ENUM_VALUE value, bool unsupported_ok)
+{
+  int rc = gsk_attribute_set_enum(h, id, value);
+
+  switch (rc) {
+  case GSK_OK:
+    return CURLE_OK;
+  case GSK_ERROR_IO:
+    failf(data, "gsk_attribute_set_enum() I/O error: %s", strerror(errno));
+    break;
+  case GSK_ATTRIBUTE_INVALID_ID:
+    if(unsupported_ok)
+      return CURLE_UNSUPPORTED_PROTOCOL;
+  default:
+    failf(data, "gsk_attribute_set_enum(): %s", gsk_strerror(rc));
+    break;
+  }
+  return CURLE_SSL_CONNECT_ERROR;
+}
+
+
+static CURLcode set_buffer(struct SessionHandle *data, gsk_handle h,
+                        GSK_BUF_ID id, const char *buffer, bool unsupported_ok)
+{
+  int rc = gsk_attribute_set_buffer(h, id, buffer, 0);
+
+  switch (rc) {
+  case GSK_OK:
+    return CURLE_OK;
+  case GSK_ERROR_IO:
+    failf(data, "gsk_attribute_set_buffer() I/O error: %s", strerror(errno));
+    break;
+  case GSK_ATTRIBUTE_INVALID_ID:
+    if(unsupported_ok)
+      return CURLE_UNSUPPORTED_PROTOCOL;
+  default:
+    failf(data, "gsk_attribute_set_buffer(): %s", gsk_strerror(rc));
+    break;
+  }
+  return CURLE_SSL_CONNECT_ERROR;
+}
+
+
+static CURLcode set_numeric(struct SessionHandle *data,
+                            gsk_handle h, GSK_NUM_ID id, int value)
+{
+  int rc = gsk_attribute_set_numeric_value(h, id, value);
+
+  switch (rc) {
+  case GSK_OK:
+    return CURLE_OK;
+  case GSK_ERROR_IO:
+    failf(data, "gsk_attribute_set_numeric_value() I/O error: %s",
+          strerror(errno));
+    break;
+  default:
+    failf(data, "gsk_attribute_set_numeric_value(): %s", gsk_strerror(rc));
+    break;
+  }
+  return CURLE_SSL_CONNECT_ERROR;
+}
+
+
+static CURLcode set_callback(struct SessionHandle *data,
+                             gsk_handle h, GSK_CALLBACK_ID id, void *info)
+{
+  int rc = gsk_attribute_set_callback(h, id, info);
+
+  switch (rc) {
+  case GSK_OK:
+    return CURLE_OK;
+  case GSK_ERROR_IO:
+    failf(data, "gsk_attribute_set_callback() I/O error: %s", strerror(errno));
+    break;
+  default:
+    failf(data, "gsk_attribute_set_callback(): %s", gsk_strerror(rc));
+    break;
+  }
+  return CURLE_SSL_CONNECT_ERROR;
+}
+
+
+static CURLcode set_ciphers(struct SessionHandle *data,
+                                        gsk_handle h, unsigned int *protoflags)
+{
+  const char *cipherlist = data->set.str[STRING_SSL_CIPHER_LIST];
+  const char *clp;
+  const gskit_cipher *ctp;
+  int i;
+  int l;
+  bool unsupported;
+  CURLcode cc;
+  struct {
+    char *buf;
+    char *ptr;
+  } ciphers[CURL_GSKPROTO_LAST];
+
+  /* Compile cipher list into GSKit-compatible cipher lists. */
+
+  if(!cipherlist)
+    return CURLE_OK;
+  while(is_separator(*cipherlist))     /* Skip initial separators. */
+    cipherlist++;
+  if(!*cipherlist)
+    return CURLE_OK;
+
+  /* We allocate GSKit buffers of the same size as the input string: since
+     GSKit tokens are always shorter than their cipher names, allocated buffers
+     will always be large enough to accomodate the result. */
+  l = strlen(cipherlist) + 1;
+  memset((char *) ciphers, 0, sizeof ciphers);
+  for(i = 0; i < CURL_GSKPROTO_LAST; i++) {
+    ciphers[i].buf = malloc(l);
+    if(!ciphers[i].buf) {
+      while(i--)
+        free(ciphers[i].buf);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    ciphers[i].ptr = ciphers[i].buf;
+    *ciphers[i].ptr = '\0';
+  }
+
+  /* Process each cipher in input string. */
+  unsupported = FALSE;
+  cc = CURLE_OK;
+  for(;;) {
+    for(clp = cipherlist; *cipherlist && !is_separator(*cipherlist);)
+      cipherlist++;
+    l = cipherlist - clp;
+    if(!l)
+      break;
+    /* Search the cipher in our table. */
+    for(ctp = ciphertable; ctp->name; ctp++)
+      if(strnequal(ctp->name, clp, l) && !ctp->name[l])
+        break;
+    if(!ctp->name) {
+      failf(data, "Unknown cipher %.*s", l, clp);
+      cc = CURLE_SSL_CIPHER;
+    }
+    else {
+      unsupported |= !(ctp->versions & (CURL_GSKPROTO_SSLV2_MASK |
+                        CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK));
+      for(i = 0; i < CURL_GSKPROTO_LAST; i++) {
+        if(ctp->versions & (1 << i)) {
+          strcpy(ciphers[i].ptr, ctp->gsktoken);
+          ciphers[i].ptr += strlen(ctp->gsktoken);
+        }
+      }
+    }
+
+   /* Advance to next cipher name or end of string. */
+    while(is_separator(*cipherlist))
+      cipherlist++;
+  }
+
+  /* Disable protocols with empty cipher lists. */
+  for(i = 0; i < CURL_GSKPROTO_LAST; i++) {
+    if(!(*protoflags & (1 << i)) || !ciphers[i].buf[0]) {
+      *protoflags &= ~(1 << i);
+      ciphers[i].buf[0] = '\0';
+    }
+  }
+
+  /* Try to set-up TLSv1.1 and TLSv2.1 ciphers. */
+  if(*protoflags & CURL_GSKPROTO_TLSV11_MASK) {
+    cc = set_buffer(data, h, GSK_TLSV11_CIPHER_SPECS,
+                    ciphers[CURL_GSKPROTO_TLSV11].buf, TRUE);
+    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
+      cc = CURLE_OK;
+      if(unsupported) {
+        failf(data, "TLSv1.1-only ciphers are not yet supported");
+        cc = CURLE_SSL_CIPHER;
+      }
+    }
+  }
+  if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_TLSV12_MASK)) {
+    cc = set_buffer(data, h, GSK_TLSV12_CIPHER_SPECS,
+                    ciphers[CURL_GSKPROTO_TLSV12].buf, TRUE);
+    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
+      cc = CURLE_OK;
+      if(unsupported) {
+        failf(data, "TLSv1.2-only ciphers are not yet supported");
+        cc = CURLE_SSL_CIPHER;
+      }
+    }
+  }
+
+  /* Try to set-up TLSv1.0 ciphers. If not successful, concatenate them to
+     the SSLv3 ciphers. OS/400 prior to version 7.1 will understand it. */
+  if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_TLSV10_MASK)) {
+    cc = set_buffer(data, h, GSK_TLSV10_CIPHER_SPECS,
+                    ciphers[CURL_GSKPROTO_TLSV10].buf, TRUE);
+    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
+      cc = CURLE_OK;
+      strcpy(ciphers[CURL_GSKPROTO_SSLV3].ptr,
+             ciphers[CURL_GSKPROTO_TLSV10].ptr);
+    }
+  }
+
+  /* Set-up other ciphers. */
+  if(cc == CURLE_OK &&  (*protoflags & CURL_GSKPROTO_SSLV3_MASK))
+    cc = set_buffer(data, h, GSK_V3_CIPHER_SPECS,
+                    ciphers[CURL_GSKPROTO_SSLV3].buf, FALSE);
+  if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_SSLV2_MASK))
+    cc = set_buffer(data, h, GSK_V2_CIPHER_SPECS,
+                    ciphers[CURL_GSKPROTO_SSLV2].buf, FALSE);
+
+  /* Clean-up. */
+  for(i = 0; i < CURL_GSKPROTO_LAST; i++)
+    free(ciphers[i].buf);
+
+  return cc;
+}
+
+
+int Curl_gskit_init(void)
+{
+  /* No initialisation needed. */
+
+  return 1;
+}
+
+
+void Curl_gskit_cleanup(void)
+{
+  /* Nothing to do. */
+}
+
+
+static CURLcode init_environment(struct SessionHandle *data,
+                                 gsk_handle *envir, const char *appid,
+                                 const char *file, const char *label,
+                                 const char *password)
+{
+  int rc;
+  CURLcode c;
+  gsk_handle h;
+
+  /* Creates the GSKit environment. */
+
+  rc = gsk_environment_open(&h);
+  switch (rc) {
+  case GSK_OK:
+    break;
+  case GSK_INSUFFICIENT_STORAGE:
+    return CURLE_OUT_OF_MEMORY;
+  default:
+    failf(data, "gsk_environment_open(): %s", gsk_strerror(rc));
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  c = set_enum(data, h, GSK_SESSION_TYPE, GSK_CLIENT_SESSION, FALSE);
+  if(c == CURLE_OK && appid)
+    c = set_buffer(data, h, GSK_OS400_APPLICATION_ID, appid, FALSE);
+  if(c == CURLE_OK && file)
+    c = set_buffer(data, h, GSK_KEYRING_FILE, file, FALSE);
+  if(c == CURLE_OK && label)
+    c = set_buffer(data, h, GSK_KEYRING_LABEL, label, FALSE);
+  if(c == CURLE_OK && password)
+    c = set_buffer(data, h, GSK_KEYRING_PW, password, FALSE);
+
+  if(c == CURLE_OK) {
+    /* Locate CAs, Client certificate and key according to our settings.
+       Note: this call may be blocking for some tenths of seconds. */
+    c = gskit_status(data, gsk_environment_init(h),
+                     "gsk_environment_init()", CURLE_SSL_CERTPROBLEM);
+    if(c == CURLE_OK) {
+      *envir = h;
+      return c;
+    }
+  }
+  /* Error: rollback. */
+  gsk_environment_close(&h);
+  return c;
+}
+
+
+static void cancel_async_handshake(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  Qso_OverlappedIO_t cstat;
+
+  if(QsoCancelOperation(conn->sock[sockindex], 0) > 0)
+    QsoWaitForIOCompletion(connssl->iocport, &cstat, (struct timeval *) NULL);
+}
+
+
+static void close_async_handshake(struct ssl_connect_data *connssl)
+{
+  QsoDestroyIOCompletionPort(connssl->iocport);
+  connssl->iocport = -1;
+}
+
+
+static void close_one(struct ssl_connect_data *conn,
+                      struct SessionHandle *data)
+{
+  if(conn->handle) {
+    gskit_status(data, gsk_secure_soc_close(&conn->handle),
+              "gsk_secure_soc_close()", 0);
+    conn->handle = (gsk_handle) NULL;
+  }
+  if(conn->iocport >= 0)
+    close_async_handshake(conn);
+}
+
+
+static ssize_t gskit_send(struct connectdata *conn, int sockindex,
+                           const void *mem, size_t len, CURLcode *curlcode)
+{
+  struct SessionHandle *data = conn->data;
+  CURLcode cc;
+  int written;
+
+  cc = gskit_status(data,
+                    gsk_secure_soc_write(conn->ssl[sockindex].handle,
+                                         (char *) mem, (int) len, &written),
+                    "gsk_secure_soc_write()", CURLE_SEND_ERROR);
+  if(cc != CURLE_OK) {
+    *curlcode = cc;
+    written = -1;
+  }
+  return (ssize_t) written; /* number of bytes */
+}
+
+
+static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf,
+                           size_t buffersize, CURLcode *curlcode)
+{
+  struct SessionHandle *data = conn->data;
+  int buffsize;
+  int nread;
+  CURLcode cc;
+
+  buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
+  cc = gskit_status(data, gsk_secure_soc_read(conn->ssl[num].handle,
+                                              buf, buffsize, &nread),
+                    "gsk_secure_soc_read()", CURLE_RECV_ERROR);
+  if(cc != CURLE_OK) {
+    *curlcode = cc;
+    nread = -1;
+  }
+  return (ssize_t) nread;
+}
+
+
+static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  gsk_handle envir;
+  CURLcode cc;
+  int rc;
+  char *keyringfile;
+  char *keyringpwd;
+  char *keyringlabel;
+  char *sni;
+  unsigned int protoflags;
+  long timeout;
+  Qso_OverlappedIO_t commarea;
+
+  /* Create SSL environment, start (preferably asynchronous) handshake. */
+
+  connssl->handle = (gsk_handle) NULL;
+  connssl->iocport = -1;
+
+  /* GSKit supports two ways of specifying an SSL context: either by
+   *  application identifier (that should have been defined at the system
+   *  level) or by keyring file, password and certificate label.
+   * Local certificate name (CURLOPT_SSLCERT) is used to hold either the
+   *  application identifier of the certificate label.
+   * Key password (CURLOPT_KEYPASSWD) holds the keyring password.
+   * It is not possible to have different keyrings for the CAs and the
+   *  local certificate. We thus use the CA file (CURLOPT_CAINFO) to identify
+   *  the keyring file.
+   * If no key password is given and the keyring is the system keyring,
+   *  application identifier mode is tried first, as recommended in IBM doc.
+   */
+
+  keyringfile = data->set.str[STRING_SSL_CAFILE];
+  keyringpwd = data->set.str[STRING_KEY_PASSWD];
+  keyringlabel = data->set.str[STRING_CERT];
+  envir = (gsk_handle) NULL;
+
+  if(keyringlabel && *keyringlabel && !keyringpwd &&
+      !strcmp(keyringfile, CURL_CA_BUNDLE)) {
+    /* Try application identifier mode. */
+    init_environment(data, &envir, keyringlabel, (const char *) NULL,
+                     (const char *) NULL, (const char *) NULL);
+  }
+
+  if(!envir) {
+    /* Use keyring mode. */
+    cc = init_environment(data, &envir, (const char *) NULL,
+                          keyringfile, keyringlabel, keyringpwd);
+    if(cc != CURLE_OK)
+      return cc;
+  }
+
+  /* Create secure session. */
+  cc = gskit_status(data, gsk_secure_soc_open(envir, &connssl->handle),
+                    "gsk_secure_soc_open()", CURLE_SSL_CONNECT_ERROR);
+  gsk_environment_close(&envir);
+  if(cc != CURLE_OK)
+    return cc;
+
+  /* Determine which SSL/TLS version should be enabled. */
+  protoflags = CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+               CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK;
+  sni = conn->host.name;
+  switch (data->set.ssl.version) {
+  case CURL_SSLVERSION_SSLv2:
+    protoflags = CURL_GSKPROTO_SSLV2_MASK;
+    sni = (char *) NULL;
+    break;
+  case CURL_SSLVERSION_SSLv3:
+    protoflags = CURL_GSKPROTO_SSLV2_MASK;
+    sni = (char *) NULL;
+    break;
+  case CURL_SSLVERSION_TLSv1:
+    protoflags = CURL_GSKPROTO_TLSV10_MASK |
+                 CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK;
+    break;
+  case CURL_SSLVERSION_TLSv1_0:
+    protoflags = CURL_GSKPROTO_TLSV10_MASK;
+    break;
+  case CURL_SSLVERSION_TLSv1_1:
+    protoflags = CURL_GSKPROTO_TLSV11_MASK;
+    break;
+  case CURL_SSLVERSION_TLSv1_2:
+    protoflags = CURL_GSKPROTO_TLSV12_MASK;
+    break;
+  }
+
+  /* Process SNI. Ignore if not supported (on OS400 < V7R1). */
+  if(sni) {
+    cc = set_buffer(data, connssl->handle,
+                    GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE);
+    if(cc == CURLE_UNSUPPORTED_PROTOCOL)
+      cc = CURLE_OK;
+  }
+
+  /* Set session parameters. */
+  if(cc == CURLE_OK) {
+    /* Compute the handshake timeout. Since GSKit granularity is 1 second,
+       we round up the required value. */
+    timeout = Curl_timeleft(data, NULL, TRUE);
+    if(timeout < 0)
+      cc = CURLE_OPERATION_TIMEDOUT;
+    else
+      cc = set_numeric(data, connssl->handle, GSK_HANDSHAKE_TIMEOUT,
+                       (timeout + 999) / 1000);
+  }
+  if(cc == CURLE_OK)
+    cc = set_numeric(data, connssl->handle, GSK_FD, conn->sock[sockindex]);
+  if(cc == CURLE_OK)
+    cc = set_ciphers(data, connssl->handle, &protoflags);
+  if(!protoflags) {
+    failf(data, "No SSL protocol/cipher combination enabled");
+    cc = CURLE_SSL_CIPHER;
+  }
+  if(cc == CURLE_OK)
+      cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV2,
+                    (protoflags & CURL_GSKPROTO_SSLV2_MASK)?
+                    GSK_PROTOCOL_SSLV2_ON: GSK_PROTOCOL_SSLV2_OFF, FALSE);
+  if(cc == CURLE_OK)
+    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV3,
+                  (protoflags & CURL_GSKPROTO_SSLV3_MASK)?
+                  GSK_PROTOCOL_SSLV3_ON: GSK_PROTOCOL_SSLV3_OFF, FALSE);
+  if(cc == CURLE_OK)
+    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV1,
+                  (protoflags & CURL_GSKPROTO_TLSV10_MASK)?
+                  GSK_PROTOCOL_TLSV1_ON: GSK_PROTOCOL_TLSV1_OFF, FALSE);
+  if(cc == CURLE_OK) {
+    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV11,
+                   (protoflags & CURL_GSKPROTO_TLSV11_MASK)?
+                   GSK_TRUE: GSK_FALSE, TRUE);
+    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
+      cc = CURLE_OK;
+      if(protoflags == CURL_GSKPROTO_TLSV11_MASK) {
+        failf(data, "TLS 1.1 not yet supported");
+        cc = CURLE_SSL_CIPHER;
+      }
+    }
+  }
+  if(cc == CURLE_OK) {
+    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV12,
+                  (protoflags & CURL_GSKPROTO_TLSV12_MASK)?
+                  GSK_TRUE: GSK_FALSE, TRUE);
+    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
+      cc = CURLE_OK;
+      if(protoflags == CURL_GSKPROTO_TLSV12_MASK) {
+        failf(data, "TLS 1.2 not yet supported");
+        cc = CURLE_SSL_CIPHER;
+      }
+    }
+  }
+  if(cc == CURLE_OK)
+    cc = set_enum(data, connssl->handle, GSK_SERVER_AUTH_TYPE,
+                  data->set.ssl.verifypeer? GSK_SERVER_AUTH_FULL:
+                  GSK_SERVER_AUTH_PASSTHRU, FALSE);
+
+  if(cc == CURLE_OK) {
+    /* Start handshake. Try asynchronous first. */
+    memset(&commarea, 0, sizeof commarea);
+    connssl->iocport = QsoCreateIOCompletionPort();
+    if(connssl->iocport != -1) {
+      cc = gskit_status(data, gsk_secure_soc_startInit(connssl->handle,
+                        connssl->iocport, &commarea),
+                        "gsk_secure_soc_startInit()", CURLE_SSL_CONNECT_ERROR);
+      if(cc == CURLE_OK) {
+        connssl->connecting_state = ssl_connect_2;
+        return CURLE_OK;
+      }
+      else
+        close_async_handshake(connssl);
+    }
+    else if(errno != ENOBUFS)
+      cc = gskit_status(data, GSK_ERROR_IO, "QsoCreateIOCompletionPort()", 0);
+    else {
+      /* No more completion port available. Use synchronous IO. */
+      cc = gskit_status(data, gsk_secure_soc_init(connssl->handle),
+                       "gsk_secure_soc_init()", CURLE_SSL_CONNECT_ERROR);
+      if(cc == CURLE_OK) {
+        connssl->connecting_state = ssl_connect_3;
+        return CURLE_OK;
+      }
+    }
+  }
+
+  /* Error: rollback. */
+  close_one(connssl, data);
+  return cc;
+}
+
+
+static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex,
+                                    bool nonblocking)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  Qso_OverlappedIO_t cstat;
+  long timeout_ms;
+  struct timeval stmv;
+  CURLcode cc;
+
+  /* Poll or wait for end of SSL asynchronous handshake. */
+
+  for(;;) {
+    timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
+    if(timeout_ms < 0)
+      timeout_ms = 0;
+    stmv.tv_sec = timeout_ms / 1000;
+    stmv.tv_usec = (timeout_ms - stmv.tv_sec * 1000) * 1000;
+    switch (QsoWaitForIOCompletion(connssl->iocport, &cstat, &stmv)) {
+    case 1:             /* Operation complete. */
+      break;
+    case -1:            /* An error occurred: handshake still in progress. */
+      if(errno == EINTR) {
+        if(nonblocking)
+          return CURLE_OK;
+        continue;       /* Retry. */
+      }
+      if(errno != ETIME) {
+        failf(data, "QsoWaitForIOCompletion() I/O error: %s", strerror(errno));
+        cancel_async_handshake(conn, sockindex);
+        close_async_handshake(connssl);
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      /* FALL INTO... */
+    case 0:             /* Handshake in progress, timeout occurred. */
+      if(nonblocking)
+        return CURLE_OK;
+      cancel_async_handshake(conn, sockindex);
+      close_async_handshake(connssl);
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+    break;
+  }
+  cc = gskit_status(data, cstat.returnValue, "SSL handshake",
+                    CURLE_SSL_CONNECT_ERROR);
+  if(cc == CURLE_OK)
+    connssl->connecting_state = ssl_connect_3;
+  close_async_handshake(connssl);
+  return cc;
+}
+
+
+static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  const gsk_cert_data_elem *cdev;
+  int cdec;
+  const gsk_cert_data_elem *p;
+  const char *cert = (const char *) NULL;
+  const char *certend;
+  int i;
+  CURLcode cc;
+
+  /* SSL handshake done: gather certificate info and verify host. */
+
+  if(gskit_status(data, gsk_attribute_get_cert_info(connssl->handle,
+                                                    GSK_PARTNER_CERT_INFO,
+                                                    &cdev, &cdec),
+                  "gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) ==
+     CURLE_OK) {
+    infof(data, "Server certificate:\n");
+    p = cdev;
+    for(i = 0; i++ < cdec; p++)
+      switch (p->cert_data_id) {
+      case CERT_BODY_DER:
+        cert = p->cert_data_p;
+        certend = cert + cdev->cert_data_l;
+        break;
+      case CERT_DN_PRINTABLE:
+        infof(data, "\t subject: %.*s\n", p->cert_data_l, p->cert_data_p);
+        break;
+      case CERT_ISSUER_DN_PRINTABLE:
+        infof(data, "\t issuer: %.*s\n", p->cert_data_l, p->cert_data_p);
+        break;
+      case CERT_VALID_FROM:
+        infof(data, "\t start date: %.*s\n", p->cert_data_l, p->cert_data_p);
+        break;
+      case CERT_VALID_TO:
+        infof(data, "\t expire date: %.*s\n", p->cert_data_l, p->cert_data_p);
+        break;
+    }
+  }
+
+  /* Verify host. */
+  cc = Curl_verifyhost(conn, cert, certend);
+  if(cc != CURLE_OK)
+    return cc;
+
+  /* The only place GSKit can get the whole CA chain is a validation
+     callback where no user data pointer is available. Therefore it's not
+     possible to copy this chain into our structures for CAINFO.
+     However the server certificate may be available, thus we can return
+     info about it. */
+  if(data->set.ssl.certinfo) {
+    if(Curl_ssl_init_certinfo(data, 1))
+      return CURLE_OUT_OF_MEMORY;
+    if(cert) {
+      cc = Curl_extract_certinfo(conn, 0, cert, certend);
+      if(cc != CURLE_OK)
+        return cc;
+    }
+  }
+
+  connssl->connecting_state = ssl_connect_done;
+  return CURLE_OK;
+}
+
+
+static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex,
+                                     bool nonblocking, bool *done)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  long timeout_ms;
+  Qso_OverlappedIO_t cstat;
+  CURLcode cc = CURLE_OK;
+
+  *done = connssl->state == ssl_connection_complete;
+  if(*done)
+    return CURLE_OK;
+
+  /* Step 1: create session, start handshake. */
+  if(connssl->connecting_state == ssl_connect_1) {
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      cc = CURLE_OPERATION_TIMEDOUT;
+    }
+    else
+      cc = gskit_connect_step1(conn, sockindex);
+  }
+
+  /* Step 2: check if handshake is over. */
+  if(cc == CURLE_OK && connssl->connecting_state == ssl_connect_2) {
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      cc = CURLE_OPERATION_TIMEDOUT;
+    }
+    else
+      cc = gskit_connect_step2(conn, sockindex, nonblocking);
+  }
+
+  /* Step 3: gather certificate info, verify host. */
+  if(cc == CURLE_OK && connssl->connecting_state == ssl_connect_3)
+    cc = gskit_connect_step3(conn, sockindex);
+
+  if(cc != CURLE_OK)
+    close_one(connssl, data);
+  else if(connssl->connecting_state == ssl_connect_done) {
+    connssl->state = ssl_connection_complete;
+    connssl->connecting_state = ssl_connect_1;
+    conn->recv[sockindex] = gskit_recv;
+    conn->send[sockindex] = gskit_send;
+    *done = TRUE;
+  }
+
+  return cc;
+}
+
+
+CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
+                                        int sockindex,
+                                        bool *done)
+{
+  CURLcode cc;
+
+  cc = gskit_connect_common(conn, sockindex, TRUE, done);
+  if(*done || cc != CURLE_OK)
+    conn->ssl[sockindex].connecting_state = ssl_connect_1;
+  return cc;
+}
+
+
+CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex)
+{
+  CURLcode retcode;
+  bool done;
+
+  conn->ssl[sockindex].connecting_state = ssl_connect_1;
+  retcode = gskit_connect_common(conn, sockindex, FALSE, &done);
+  if(retcode)
+    return retcode;
+
+  DEBUGASSERT(done);
+
+  return CURLE_OK;
+}
+
+
+void Curl_gskit_close(struct connectdata *conn, int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  if(connssl->use)
+    close_one(connssl, data);
+}
+
+
+int Curl_gskit_close_all(struct SessionHandle *data)
+{
+  /* Unimplemented. */
+  (void) data;
+  return 0;
+}
+
+
+int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  ssize_t nread;
+  int what;
+  int rc;
+  char buf[120];
+
+  if(!connssl->handle)
+    return 0;
+
+  if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
+    return 0;
+
+  close_one(connssl, data);
+  rc = 0;
+  what = Curl_socket_ready(conn->sock[sockindex],
+                           CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+
+  for(;;) {
+    if(what < 0) {
+      /* anything that gets here is fatally bad */
+      failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+      rc = -1;
+      break;
+    }
+
+    if(!what) {                                /* timeout */
+      failf(data, "SSL shutdown timeout");
+      break;
+    }
+
+    /* Something to read, let's do it and hope that it is the close
+       notify alert from the server. No way to gsk_secure_soc_read() now, so
+       use read(). */
+
+    nread = read(conn->sock[sockindex], buf, sizeof(buf));
+
+    if(nread < 0) {
+      failf(data, "read: %s", strerror(errno));
+      rc = -1;
+    }
+
+    if(nread <= 0)
+      break;
+
+    what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
+  }
+
+  return rc;
+}
+
+
+size_t Curl_gskit_version(char *buffer, size_t size)
+{
+  strncpy(buffer, "GSKit", size);
+  return strlen(buffer);
+}
+
+
+int Curl_gskit_check_cxn(struct connectdata *cxn)
+{
+  int err;
+  int errlen;
+
+  /* The only thing that can be tested here is at the socket level. */
+
+  if(!cxn->ssl[FIRSTSOCKET].handle)
+    return 0; /* connection has been closed */
+
+  err = 0;
+  errlen = sizeof err;
+
+  if(getsockopt(cxn->sock[FIRSTSOCKET], SOL_SOCKET, SO_ERROR,
+                 (unsigned char *) &err, &errlen) ||
+     errlen != sizeof err || err)
+    return 0; /* connection has been closed */
+
+  return -1;  /* connection status unknown */
+}
+
+#endif /* USE_GSKIT */
diff --git a/Utilities/cmcurl/lib/vtls/gskit.h b/Utilities/cmcurl/lib/vtls/gskit.h
new file mode 100644
index 0000000..a4caa6f
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/gskit.h
@@ -0,0 +1,65 @@
+#ifndef HEADER_CURL_GSKIT_H
+#define HEADER_CURL_GSKIT_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+/*
+ * This header should only be needed to get included by vtls.c and gskit.c
+ */
+
+#include "urldata.h"
+
+#ifdef USE_GSKIT
+int Curl_gskit_init(void);
+void Curl_gskit_cleanup(void);
+CURLcode Curl_gskit_connect(struct connectdata * conn, int sockindex);
+CURLcode Curl_gskit_connect_nonblocking(struct connectdata * conn,
+                                        int sockindex, bool * done);
+void Curl_gskit_close(struct connectdata *conn, int sockindex);
+int Curl_gskit_close_all(struct SessionHandle * data);
+int Curl_gskit_shutdown(struct connectdata * conn, int sockindex);
+
+size_t Curl_gskit_version(char * buffer, size_t size);
+int Curl_gskit_check_cxn(struct connectdata * cxn);
+
+/* API setup for GSKit */
+#define curlssl_init Curl_gskit_init
+#define curlssl_cleanup Curl_gskit_cleanup
+#define curlssl_connect Curl_gskit_connect
+#define curlssl_connect_nonblocking Curl_gskit_connect_nonblocking
+
+/*  No session handling for GSKit */
+#define curlssl_session_free(x) Curl_nop_stmt
+#define curlssl_close_all Curl_gskit_close_all
+#define curlssl_close Curl_gskit_close
+#define curlssl_shutdown(x,y) Curl_gskit_shutdown(x,y)
+#define curlssl_set_engine(x,y) CURLE_NOT_BUILT_IN
+#define curlssl_set_engine_default(x) CURLE_NOT_BUILT_IN
+#define curlssl_engines_list(x) NULL
+#define curlssl_version Curl_gskit_version
+#define curlssl_check_cxn(x) Curl_gskit_check_cxn(x)
+#define curlssl_data_pending(x,y) 0
+#define CURL_SSL_BACKEND CURLSSLBACKEND_GSKIT
+#endif /* USE_GSKIT */
+
+#endif /* HEADER_CURL_GSKIT_H */
diff --git a/Utilities/cmcurl/lib/vtls/gtls.c b/Utilities/cmcurl/lib/vtls/gtls.c
new file mode 100644
index 0000000..d64f95d
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/gtls.c
@@ -0,0 +1,1323 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all GnuTLS-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ *
+ * Note: don't use the GnuTLS' *_t variable type names in this source code,
+ * since they were not present in 1.0.X.
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_GNUTLS
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#ifdef USE_GNUTLS_NETTLE
+#include <gnutls/crypto.h>
+#include <nettle/md5.h>
+#else
+#include <gcrypt.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "gtls.h"
+#include "vtls.h"
+#include "parsedate.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "rawstr.h"
+#include "warnless.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ Some hackish cast macros based on:
+ http://library.gnome.org/devel/glib/unstable/glib-Type-Conversion-Macros.html
+*/
+#ifndef GNUTLS_POINTER_TO_INT_CAST
+#define GNUTLS_POINTER_TO_INT_CAST(p) ((int) (long) (p))
+#endif
+#ifndef GNUTLS_INT_TO_POINTER_CAST
+#define GNUTLS_INT_TO_POINTER_CAST(i) ((void*) (long) (i))
+#endif
+
+/* Enable GnuTLS debugging by defining GTLSDEBUG */
+/*#define GTLSDEBUG */
+
+#ifdef GTLSDEBUG
+static void tls_log_func(int level, const char *str)
+{
+    fprintf(stderr, "|<%d>| %s", level, str);
+}
+#endif
+static bool gtls_inited = FALSE;
+
+#if defined(GNUTLS_VERSION_NUMBER)
+#  if (GNUTLS_VERSION_NUMBER >= 0x020c00)
+#    undef gnutls_transport_set_lowat
+#    define gnutls_transport_set_lowat(A,B) Curl_nop_stmt
+#    define USE_GNUTLS_PRIORITY_SET_DIRECT 1
+#  endif
+#  if (GNUTLS_VERSION_NUMBER >= 0x020c03)
+#    define GNUTLS_MAPS_WINSOCK_ERRORS 1
+#  endif
+
+#  ifdef USE_NGHTTP2
+#    undef HAS_ALPN
+#    if (GNUTLS_VERSION_NUMBER >= 0x030200)
+#      define HAS_ALPN
+#    endif
+#  endif
+#endif
+
+/*
+ * Custom push and pull callback functions used by GNU TLS to read and write
+ * to the socket.  These functions are simple wrappers to send() and recv()
+ * (although here using the sread/swrite macros as defined by
+ * curl_setup_once.h).
+ * We use custom functions rather than the GNU TLS defaults because it allows
+ * us to get specific about the fourth "flags" argument, and to use arbitrary
+ * private data with gnutls_transport_set_ptr if we wish.
+ *
+ * When these custom push and pull callbacks fail, GNU TLS checks its own
+ * session-specific error variable, and when not set also its own global
+ * errno variable, in order to take appropriate action. GNU TLS does not
+ * require that the transport is actually a socket. This implies that for
+ * Windows builds these callbacks should ideally set the session-specific
+ * error variable using function gnutls_transport_set_errno or as a last
+ * resort global errno variable using gnutls_transport_set_global_errno,
+ * with a transport agnostic error value. This implies that some winsock
+ * error translation must take place in these callbacks.
+ *
+ * Paragraph above applies to GNU TLS versions older than 2.12.3, since
+ * this version GNU TLS does its own internal winsock error translation
+ * using system_errno() function.
+ */
+
+#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
+#  define gtls_EINTR  4
+#  define gtls_EIO    5
+#  define gtls_EAGAIN 11
+static int gtls_mapped_sockerrno(void)
+{
+  switch(SOCKERRNO) {
+  case WSAEWOULDBLOCK:
+    return gtls_EAGAIN;
+  case WSAEINTR:
+    return gtls_EINTR;
+  default:
+    break;
+  }
+  return gtls_EIO;
+}
+#endif
+
+static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
+{
+  ssize_t ret = swrite(GNUTLS_POINTER_TO_INT_CAST(s), buf, len);
+#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
+  if(ret < 0)
+    gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
+#endif
+  return ret;
+}
+
+static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
+{
+  ssize_t ret = sread(GNUTLS_POINTER_TO_INT_CAST(s), buf, len);
+#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
+  if(ret < 0)
+    gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
+#endif
+  return ret;
+}
+
+/* Curl_gtls_init()
+ *
+ * Global GnuTLS init, called from Curl_ssl_init(). This calls functions that
+ * are not thread-safe and thus this function itself is not thread-safe and
+ * must only be called from within curl_global_init() to keep the thread
+ * situation under control!
+ */
+int Curl_gtls_init(void)
+{
+  int ret = 1;
+  if(!gtls_inited) {
+    ret = gnutls_global_init()?0:1;
+#ifdef GTLSDEBUG
+    gnutls_global_set_log_function(tls_log_func);
+    gnutls_global_set_log_level(2);
+#endif
+    gtls_inited = TRUE;
+  }
+  return ret;
+}
+
+int Curl_gtls_cleanup(void)
+{
+  if(gtls_inited) {
+    gnutls_global_deinit();
+    gtls_inited = FALSE;
+  }
+  return 1;
+}
+
+static void showtime(struct SessionHandle *data,
+                     const char *text,
+                     time_t stamp)
+{
+  struct tm buffer;
+  const struct tm *tm = &buffer;
+  CURLcode result = Curl_gmtime(stamp, &buffer);
+  if(result)
+    return;
+
+  snprintf(data->state.buffer,
+           BUFSIZE,
+           "\t %s: %s, %02d %s %4d %02d:%02d:%02d GMT\n",
+           text,
+           Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+           tm->tm_mday,
+           Curl_month[tm->tm_mon],
+           tm->tm_year + 1900,
+           tm->tm_hour,
+           tm->tm_min,
+           tm->tm_sec);
+  infof(data, "%s\n", data->state.buffer);
+}
+
+static gnutls_datum_t load_file (const char *file)
+{
+  FILE *f;
+  gnutls_datum_t loaded_file = { NULL, 0 };
+  long filelen;
+  void *ptr;
+
+  if(!(f = fopen(file, "r")))
+    return loaded_file;
+  if(fseek(f, 0, SEEK_END) != 0
+     || (filelen = ftell(f)) < 0
+     || fseek(f, 0, SEEK_SET) != 0
+     || !(ptr = malloc((size_t)filelen)))
+    goto out;
+  if(fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) {
+    free(ptr);
+    goto out;
+  }
+
+  loaded_file.data = ptr;
+  loaded_file.size = (unsigned int)filelen;
+out:
+  fclose(f);
+  return loaded_file;
+}
+
+static void unload_file(gnutls_datum_t data) {
+  free(data.data);
+}
+
+
+/* this function does a SSL/TLS (re-)handshake */
+static CURLcode handshake(struct connectdata *conn,
+                          int sockindex,
+                          bool duringconnect,
+                          bool nonblocking)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  gnutls_session_t session = conn->ssl[sockindex].session;
+  curl_socket_t sockfd = conn->sock[sockindex];
+  long timeout_ms;
+  int rc;
+  int what;
+
+  for(;;) {
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(data, NULL, duringconnect);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+    /* if ssl is expecting something, check if it's available. */
+    if(connssl->connecting_state == ssl_connect_2_reading
+       || connssl->connecting_state == ssl_connect_2_writing) {
+
+      curl_socket_t writefd = ssl_connect_2_writing==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+      curl_socket_t readfd = ssl_connect_2_reading==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+      what = Curl_socket_ready(readfd, writefd,
+                               nonblocking?0:
+                               timeout_ms?timeout_ms:1000);
+      if(what < 0) {
+        /* fatal error */
+        failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      else if(0 == what) {
+        if(nonblocking)
+          return CURLE_OK;
+        else if(timeout_ms) {
+          /* timeout */
+          failf(data, "SSL connection timeout at %ld", timeout_ms);
+          return CURLE_OPERATION_TIMEDOUT;
+        }
+      }
+      /* socket is readable or writable */
+    }
+
+    rc = gnutls_handshake(session);
+
+    if((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED)) {
+      connssl->connecting_state =
+        gnutls_record_get_direction(session)?
+        ssl_connect_2_writing:ssl_connect_2_reading;
+      continue;
+      if(nonblocking)
+        return CURLE_OK;
+    }
+    else if((rc < 0) && !gnutls_error_is_fatal(rc)) {
+      const char *strerr = NULL;
+
+      if(rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
+        int alert = gnutls_alert_get(session);
+        strerr = gnutls_alert_get_name(alert);
+      }
+
+      if(strerr == NULL)
+        strerr = gnutls_strerror(rc);
+
+      failf(data, "gnutls_handshake() warning: %s", strerr);
+    }
+    else if(rc < 0) {
+      const char *strerr = NULL;
+
+      if(rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+        int alert = gnutls_alert_get(session);
+        strerr = gnutls_alert_get_name(alert);
+      }
+
+      if(strerr == NULL)
+        strerr = gnutls_strerror(rc);
+
+      failf(data, "gnutls_handshake() failed: %s", strerr);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+
+    /* Reset our connect state machine */
+    connssl->connecting_state = ssl_connect_1;
+    return CURLE_OK;
+  }
+}
+
+static gnutls_x509_crt_fmt_t do_file_type(const char *type)
+{
+  if(!type || !type[0])
+    return GNUTLS_X509_FMT_PEM;
+  if(Curl_raw_equal(type, "PEM"))
+    return GNUTLS_X509_FMT_PEM;
+  if(Curl_raw_equal(type, "DER"))
+    return GNUTLS_X509_FMT_DER;
+  return -1;
+}
+
+static CURLcode
+gtls_connect_step1(struct connectdata *conn,
+                   int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  gnutls_session_t session;
+  int rc;
+  void *ssl_sessionid;
+  size_t ssl_idsize;
+  bool sni = TRUE; /* default is SNI enabled */
+#ifdef ENABLE_IPV6
+  struct in6_addr addr;
+#else
+  struct in_addr addr;
+#endif
+#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
+  static const int cipher_priority[] = {
+  /* These two ciphers were added to GnuTLS as late as ver. 3.0.1,
+     but this code path is only ever used for ver. < 2.12.0.
+     GNUTLS_CIPHER_AES_128_GCM,
+     GNUTLS_CIPHER_AES_256_GCM,
+  */
+    GNUTLS_CIPHER_AES_128_CBC,
+    GNUTLS_CIPHER_AES_256_CBC,
+    GNUTLS_CIPHER_CAMELLIA_128_CBC,
+    GNUTLS_CIPHER_CAMELLIA_256_CBC,
+    GNUTLS_CIPHER_3DES_CBC,
+  };
+  static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
+  static int protocol_priority[] = { 0, 0, 0, 0 };
+#else
+#define GNUTLS_CIPHERS "NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509"
+/* If GnuTLS was compiled without support for SRP it will error out if SRP is
+   requested in the priority string, so treat it specially
+ */
+#define GNUTLS_SRP "+SRP"
+  const char* prioritylist;
+  const char *err = NULL;
+#endif
+#ifdef HAS_ALPN
+  int protocols_size = 2;
+  gnutls_datum_t protocols[2];
+#endif
+
+  if(conn->ssl[sockindex].state == ssl_connection_complete)
+    /* to make us tolerant against being called more than once for the
+       same connection */
+    return CURLE_OK;
+
+  if(!gtls_inited)
+    Curl_gtls_init();
+
+  /* GnuTLS only supports SSLv3 and TLSv1 */
+  if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
+    failf(data, "GnuTLS does not support SSLv2");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+  else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3)
+    sni = FALSE; /* SSLv3 has no SNI */
+
+  /* allocate a cred struct */
+  rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
+  if(rc != GNUTLS_E_SUCCESS) {
+    failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+#ifdef USE_TLS_SRP
+  if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
+    infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
+
+    rc = gnutls_srp_allocate_client_credentials(
+           &conn->ssl[sockindex].srp_client_cred);
+    if(rc != GNUTLS_E_SUCCESS) {
+      failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
+            gnutls_strerror(rc));
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    rc = gnutls_srp_set_client_credentials(conn->ssl[sockindex].
+                                           srp_client_cred,
+                                           data->set.ssl.username,
+                                           data->set.ssl.password);
+    if(rc != GNUTLS_E_SUCCESS) {
+      failf(data, "gnutls_srp_set_client_cred() failed: %s",
+            gnutls_strerror(rc));
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    }
+  }
+#endif
+
+  if(data->set.ssl.CAfile) {
+    /* set the trusted CA cert bundle file */
+    gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred,
+                                        GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+
+    rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
+                                                data->set.ssl.CAfile,
+                                                GNUTLS_X509_FMT_PEM);
+    if(rc < 0) {
+      infof(data, "error reading ca cert file %s (%s)\n",
+            data->set.ssl.CAfile, gnutls_strerror(rc));
+      if(data->set.ssl.verifypeer)
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+    else
+      infof(data, "found %d certificates in %s\n",
+            rc, data->set.ssl.CAfile);
+  }
+
+  if(data->set.ssl.CRLfile) {
+    /* set the CRL list file */
+    rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred,
+                                              data->set.ssl.CRLfile,
+                                              GNUTLS_X509_FMT_PEM);
+    if(rc < 0) {
+      failf(data, "error reading crl file %s (%s)",
+            data->set.ssl.CRLfile, gnutls_strerror(rc));
+      return CURLE_SSL_CRL_BADFILE;
+    }
+    else
+      infof(data, "found %d CRL in %s\n",
+            rc, data->set.ssl.CRLfile);
+  }
+
+  /* Initialize TLS session as a client */
+  rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
+  if(rc != GNUTLS_E_SUCCESS) {
+    failf(data, "gnutls_init() failed: %d", rc);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* convenient assign */
+  session = conn->ssl[sockindex].session;
+
+  if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
+#ifdef ENABLE_IPV6
+     (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
+#endif
+     sni &&
+     (gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name,
+                             strlen(conn->host.name)) < 0))
+    infof(data, "WARNING: failed to configure server name indication (SNI) "
+          "TLS extension\n");
+
+  /* Use default priorities */
+  rc = gnutls_set_default_priority(session);
+  if(rc != GNUTLS_E_SUCCESS)
+    return CURLE_SSL_CONNECT_ERROR;
+
+#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
+  rc = gnutls_cipher_set_priority(session, cipher_priority);
+  if(rc != GNUTLS_E_SUCCESS)
+    return CURLE_SSL_CONNECT_ERROR;
+
+  /* Sets the priority on the certificate types supported by gnutls. Priority
+   is higher for types specified before others. After specifying the types
+   you want, you must append a 0. */
+  rc = gnutls_certificate_type_set_priority(session, cert_type_priority);
+  if(rc != GNUTLS_E_SUCCESS)
+    return CURLE_SSL_CONNECT_ERROR;
+
+  if(data->set.ssl.cipher_list != NULL) {
+    failf(data, "can't pass a custom cipher list to older GnuTLS"
+          " versions");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  switch (data->set.ssl.version) {
+    case CURL_SSLVERSION_SSLv3:
+      protocol_priority[0] = GNUTLS_SSL3;
+      break;
+    case CURL_SSLVERSION_DEFAULT:
+    case CURL_SSLVERSION_TLSv1:
+      protocol_priority[0] = GNUTLS_TLS1_0;
+      protocol_priority[1] = GNUTLS_TLS1_1;
+      protocol_priority[2] = GNUTLS_TLS1_2;
+      break;
+    case CURL_SSLVERSION_TLSv1_0:
+      protocol_priority[0] = GNUTLS_TLS1_0;
+      break;
+    case CURL_SSLVERSION_TLSv1_1:
+      protocol_priority[0] = GNUTLS_TLS1_1;
+      break;
+    case CURL_SSLVERSION_TLSv1_2:
+      protocol_priority[0] = GNUTLS_TLS1_2;
+    break;
+      case CURL_SSLVERSION_SSLv2:
+    default:
+      failf(data, "GnuTLS does not support SSLv2");
+      return CURLE_SSL_CONNECT_ERROR;
+      break;
+  }
+  rc = gnutls_protocol_set_priority(session, protocol_priority);
+  if(rc != GNUTLS_E_SUCCESS) {
+    failf(data, "Did you pass a valid GnuTLS cipher list?");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+#else
+  /* Ensure +SRP comes at the *end* of all relevant strings so that it can be
+   * removed if a run-time error indicates that SRP is not supported by this
+   * GnuTLS version */
+  switch (data->set.ssl.version) {
+    case CURL_SSLVERSION_SSLv3:
+      prioritylist = GNUTLS_CIPHERS ":-VERS-TLS-ALL:+VERS-SSL3.0";
+      sni = false;
+      break;
+    case CURL_SSLVERSION_DEFAULT:
+    case CURL_SSLVERSION_TLSv1:
+      prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:" GNUTLS_SRP;
+      break;
+    case CURL_SSLVERSION_TLSv1_0:
+      prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
+                     "+VERS-TLS1.0:" GNUTLS_SRP;
+      break;
+    case CURL_SSLVERSION_TLSv1_1:
+      prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
+                     "+VERS-TLS1.1:" GNUTLS_SRP;
+      break;
+    case CURL_SSLVERSION_TLSv1_2:
+      prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
+                     "+VERS-TLS1.2:" GNUTLS_SRP;
+      break;
+    case CURL_SSLVERSION_SSLv2:
+    default:
+      failf(data, "GnuTLS does not support SSLv2");
+      return CURLE_SSL_CONNECT_ERROR;
+      break;
+  }
+  rc = gnutls_priority_set_direct(session, prioritylist, &err);
+  if((rc == GNUTLS_E_INVALID_REQUEST) && err) {
+    if(!strcmp(err, GNUTLS_SRP)) {
+      /* This GnuTLS was probably compiled without support for SRP.
+       * Note that fact and try again without it. */
+      int validprioritylen = curlx_uztosi(err - prioritylist);
+      char *prioritycopy = strdup(prioritylist);
+      if(!prioritycopy)
+        return CURLE_OUT_OF_MEMORY;
+
+      infof(data, "This GnuTLS does not support SRP\n");
+      if(validprioritylen)
+        /* Remove the :+SRP */
+        prioritycopy[validprioritylen - 1] = 0;
+      rc = gnutls_priority_set_direct(session, prioritycopy, &err);
+      free(prioritycopy);
+    }
+  }
+  if(rc != GNUTLS_E_SUCCESS) {
+    failf(data, "Error %d setting GnuTLS cipher list starting with %s",
+          rc, err);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+#endif
+
+#ifdef HAS_ALPN
+  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+    if(data->set.ssl_enable_alpn) {
+      protocols[0].data = NGHTTP2_PROTO_VERSION_ID;
+      protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN;
+      protocols[1].data = ALPN_HTTP_1_1;
+      protocols[1].size = ALPN_HTTP_1_1_LENGTH;
+      gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
+      infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
+            ALPN_HTTP_1_1);
+    }
+    else {
+      infof(data, "SSL, can't negotiate HTTP/2.0 without ALPN\n");
+    }
+  }
+#endif
+
+  if(data->set.str[STRING_CERT]) {
+    if(gnutls_certificate_set_x509_key_file(
+         conn->ssl[sockindex].cred,
+         data->set.str[STRING_CERT],
+         data->set.str[STRING_KEY] ?
+         data->set.str[STRING_KEY] : data->set.str[STRING_CERT],
+         do_file_type(data->set.str[STRING_CERT_TYPE]) ) !=
+       GNUTLS_E_SUCCESS) {
+      failf(data, "error reading X.509 key or certificate file");
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+
+#ifdef USE_TLS_SRP
+  /* put the credentials to the current session */
+  if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
+    rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
+                                conn->ssl[sockindex].srp_client_cred);
+    if(rc != GNUTLS_E_SUCCESS)
+      failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
+  }
+  else
+#endif
+    rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+                                conn->ssl[sockindex].cred);
+
+  /* set the connection handle (file descriptor for the socket) */
+  gnutls_transport_set_ptr(session,
+                           GNUTLS_INT_TO_POINTER_CAST(conn->sock[sockindex]));
+
+  /* register callback functions to send and receive data. */
+  gnutls_transport_set_push_function(session, Curl_gtls_push);
+  gnutls_transport_set_pull_function(session, Curl_gtls_pull);
+
+  /* lowat must be set to zero when using custom push and pull functions. */
+  gnutls_transport_set_lowat(session, 0);
+
+  /* This might be a reconnect, so we check for a session ID in the cache
+     to speed up things */
+
+  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize)) {
+    /* we got a session id, use it! */
+    gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
+
+    /* Informational message */
+    infof (data, "SSL re-using session ID\n");
+  }
+
+  return CURLE_OK;
+}
+
+static Curl_recv gtls_recv;
+static Curl_send gtls_send;
+
+static CURLcode
+gtls_connect_step3(struct connectdata *conn,
+                   int sockindex)
+{
+  unsigned int cert_list_size;
+  const gnutls_datum_t *chainp;
+  unsigned int verify_status;
+  gnutls_x509_crt_t x509_cert,x509_issuer;
+  gnutls_datum_t issuerp;
+  char certbuf[256] = ""; /* big enough? */
+  size_t size;
+  unsigned int algo;
+  unsigned int bits;
+  time_t certclock;
+  const char *ptr;
+  struct SessionHandle *data = conn->data;
+  gnutls_session_t session = conn->ssl[sockindex].session;
+  int rc;
+  int incache;
+  void *ssl_sessionid;
+#ifdef HAS_ALPN
+  gnutls_datum_t proto;
+#endif
+  CURLcode result = CURLE_OK;
+
+  /* This function will return the peer's raw certificate (chain) as sent by
+     the peer. These certificates are in raw format (DER encoded for
+     X.509). In case of a X.509 then a certificate list may be present. The
+     first certificate in the list is the peer's certificate, following the
+     issuer's certificate, then the issuer's issuer etc. */
+
+  chainp = gnutls_certificate_get_peers(session, &cert_list_size);
+  if(!chainp) {
+    if(data->set.ssl.verifypeer ||
+       data->set.ssl.verifyhost ||
+       data->set.ssl.issuercert) {
+#ifdef USE_TLS_SRP
+      if(data->set.ssl.authtype == CURL_TLSAUTH_SRP
+         && data->set.ssl.username != NULL
+         && !data->set.ssl.verifypeer
+         && gnutls_cipher_get(session)) {
+        /* no peer cert, but auth is ok if we have SRP user and cipher and no
+           peer verify */
+      }
+      else {
+#endif
+        failf(data, "failed to get server cert");
+        return CURLE_PEER_FAILED_VERIFICATION;
+#ifdef USE_TLS_SRP
+      }
+#endif
+    }
+    infof(data, "\t common name: WARNING couldn't obtain\n");
+  }
+
+  if(data->set.ssl.verifypeer) {
+    /* This function will try to verify the peer's certificate and return its
+       status (trusted, invalid etc.). The value of status should be one or
+       more of the gnutls_certificate_status_t enumerated elements bitwise
+       or'd. To avoid denial of service attacks some default upper limits
+       regarding the certificate key size and chain size are set. To override
+       them use gnutls_certificate_set_verify_limits(). */
+
+    rc = gnutls_certificate_verify_peers2(session, &verify_status);
+    if(rc < 0) {
+      failf(data, "server cert verify failed: %d", rc);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+
+    /* verify_status is a bitmask of gnutls_certificate_status bits */
+    if(verify_status & GNUTLS_CERT_INVALID) {
+      if(data->set.ssl.verifypeer) {
+        failf(data, "server certificate verification failed. CAfile: %s "
+              "CRLfile: %s", data->set.ssl.CAfile?data->set.ssl.CAfile:"none",
+              data->set.ssl.CRLfile?data->set.ssl.CRLfile:"none");
+        return CURLE_SSL_CACERT;
+      }
+      else
+        infof(data, "\t server certificate verification FAILED\n");
+    }
+    else
+      infof(data, "\t server certificate verification OK\n");
+  }
+  else
+    infof(data, "\t server certificate verification SKIPPED\n");
+
+  /* initialize an X.509 certificate structure. */
+  gnutls_x509_crt_init(&x509_cert);
+
+  if(chainp)
+    /* convert the given DER or PEM encoded Certificate to the native
+       gnutls_x509_crt_t format */
+    gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
+
+  if(data->set.ssl.issuercert) {
+    gnutls_x509_crt_init(&x509_issuer);
+    issuerp = load_file(data->set.ssl.issuercert);
+    gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM);
+    rc = gnutls_x509_crt_check_issuer(x509_cert,x509_issuer);
+    unload_file(issuerp);
+    if(rc <= 0) {
+      failf(data, "server certificate issuer check failed (IssuerCert: %s)",
+            data->set.ssl.issuercert?data->set.ssl.issuercert:"none");
+      return CURLE_SSL_ISSUER_ERROR;
+    }
+    infof(data,"\t server certificate issuer check OK (Issuer Cert: %s)\n",
+          data->set.ssl.issuercert?data->set.ssl.issuercert:"none");
+  }
+
+  size=sizeof(certbuf);
+  rc = gnutls_x509_crt_get_dn_by_oid(x509_cert, GNUTLS_OID_X520_COMMON_NAME,
+                                     0, /* the first and only one */
+                                     FALSE,
+                                     certbuf,
+                                     &size);
+  if(rc) {
+    infof(data, "error fetching CN from cert:%s\n",
+          gnutls_strerror(rc));
+  }
+
+  /* This function will check if the given certificate's subject matches the
+     given hostname. This is a basic implementation of the matching described
+     in RFC2818 (HTTPS), which takes into account wildcards, and the subject
+     alternative name PKIX extension. Returns non zero on success, and zero on
+     failure. */
+  rc = gnutls_x509_crt_check_hostname(x509_cert, conn->host.name);
+#if GNUTLS_VERSION_NUMBER < 0x030306
+  /* Before 3.3.6, gnutls_x509_crt_check_hostname() didn't check IP
+     addresses. */
+  if(!rc) {
+#ifdef ENABLE_IPV6
+    #define use_addr in6_addr
+#else
+    #define use_addr in_addr
+#endif
+    unsigned char addrbuf[sizeof(struct use_addr)];
+    unsigned char certaddr[sizeof(struct use_addr)];
+    size_t addrlen = 0, certaddrlen;
+    int i;
+    int ret = 0;
+
+    if(Curl_inet_pton(AF_INET, conn->host.name, addrbuf) > 0)
+      addrlen = 4;
+#ifdef ENABLE_IPV6
+    else if(Curl_inet_pton(AF_INET6, conn->host.name, addrbuf) > 0)
+      addrlen = 16;
+#endif
+
+    if(addrlen) {
+      for(i=0; ; i++) {
+        certaddrlen = sizeof(certaddr);
+        ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
+                                                   &certaddrlen, NULL);
+        /* If this happens, it wasn't an IP address. */
+        if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+          continue;
+        if(ret < 0)
+          break;
+        if(ret != GNUTLS_SAN_IPADDRESS)
+          continue;
+        if(certaddrlen == addrlen && !memcmp(addrbuf, certaddr, addrlen)) {
+          rc = 1;
+          break;
+        }
+      }
+    }
+  }
+#endif
+  if(!rc) {
+    if(data->set.ssl.verifyhost) {
+      failf(data, "SSL: certificate subject name (%s) does not match "
+            "target host name '%s'", certbuf, conn->host.dispname);
+      gnutls_x509_crt_deinit(x509_cert);
+      return CURLE_PEER_FAILED_VERIFICATION;
+    }
+    else
+      infof(data, "\t common name: %s (does not match '%s')\n",
+            certbuf, conn->host.dispname);
+  }
+  else
+    infof(data, "\t common name: %s (matched)\n", certbuf);
+
+  /* Check for time-based validity */
+  certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
+
+  if(certclock == (time_t)-1) {
+    if(data->set.ssl.verifypeer) {
+      failf(data, "server cert expiration date verify failed");
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+    else
+      infof(data, "\t server certificate expiration date verify FAILED\n");
+  }
+  else {
+    if(certclock < time(NULL)) {
+      if(data->set.ssl.verifypeer) {
+        failf(data, "server certificate expiration date has passed.");
+        return CURLE_PEER_FAILED_VERIFICATION;
+      }
+      else
+        infof(data, "\t server certificate expiration date FAILED\n");
+    }
+    else
+      infof(data, "\t server certificate expiration date OK\n");
+  }
+
+  certclock = gnutls_x509_crt_get_activation_time(x509_cert);
+
+  if(certclock == (time_t)-1) {
+    if(data->set.ssl.verifypeer) {
+      failf(data, "server cert activation date verify failed");
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+    else
+      infof(data, "\t server certificate activation date verify FAILED\n");
+  }
+  else {
+    if(certclock > time(NULL)) {
+      if(data->set.ssl.verifypeer) {
+        failf(data, "server certificate not activated yet.");
+        return CURLE_PEER_FAILED_VERIFICATION;
+      }
+      else
+        infof(data, "\t server certificate activation date FAILED\n");
+    }
+    else
+      infof(data, "\t server certificate activation date OK\n");
+  }
+
+  /* Show:
+
+  - ciphers used
+  - subject
+  - start date
+  - expire date
+  - common name
+  - issuer
+
+  */
+
+  /* public key algorithm's parameters */
+  algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);
+  infof(data, "\t certificate public key: %s\n",
+        gnutls_pk_algorithm_get_name(algo));
+
+  /* version of the X.509 certificate. */
+  infof(data, "\t certificate version: #%d\n",
+        gnutls_x509_crt_get_version(x509_cert));
+
+
+  size = sizeof(certbuf);
+  gnutls_x509_crt_get_dn(x509_cert, certbuf, &size);
+  infof(data, "\t subject: %s\n", certbuf);
+
+  certclock = gnutls_x509_crt_get_activation_time(x509_cert);
+  showtime(data, "start date", certclock);
+
+  certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
+  showtime(data, "expire date", certclock);
+
+  size = sizeof(certbuf);
+  gnutls_x509_crt_get_issuer_dn(x509_cert, certbuf, &size);
+  infof(data, "\t issuer: %s\n", certbuf);
+
+  gnutls_x509_crt_deinit(x509_cert);
+
+  /* compression algorithm (if any) */
+  ptr = gnutls_compression_get_name(gnutls_compression_get(session));
+  /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */
+  infof(data, "\t compression: %s\n", ptr);
+
+  /* the name of the cipher used. ie 3DES. */
+  ptr = gnutls_cipher_get_name(gnutls_cipher_get(session));
+  infof(data, "\t cipher: %s\n", ptr);
+
+  /* the MAC algorithms name. ie SHA1 */
+  ptr = gnutls_mac_get_name(gnutls_mac_get(session));
+  infof(data, "\t MAC: %s\n", ptr);
+
+#ifdef HAS_ALPN
+  if(data->set.ssl_enable_alpn) {
+    rc = gnutls_alpn_get_selected_protocol(session, &proto);
+    if(rc == 0) {
+      infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
+          proto.data);
+
+      if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
+        memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
+        NGHTTP2_PROTO_VERSION_ID_LEN) == 0) {
+        conn->negnpn = NPN_HTTP2;
+      }
+      else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
+          proto.data, ALPN_HTTP_1_1_LENGTH) == 0) {
+        conn->negnpn = NPN_HTTP1_1;
+      }
+    }
+    else {
+      infof(data, "ALPN, server did not agree to a protocol\n");
+    }
+  }
+#endif
+
+  conn->ssl[sockindex].state = ssl_connection_complete;
+  conn->recv[sockindex] = gtls_recv;
+  conn->send[sockindex] = gtls_send;
+
+  {
+    /* we always unconditionally get the session id here, as even if we
+       already got it from the cache and asked to use it in the connection, it
+       might've been rejected and then a new one is in use now and we need to
+       detect that. */
+    void *connect_sessionid;
+    size_t connect_idsize = 0;
+
+    /* get the session ID data size */
+    gnutls_session_get_data(session, NULL, &connect_idsize);
+    connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
+
+    if(connect_sessionid) {
+      /* extract session ID to the allocated buffer */
+      gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
+
+      incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL));
+      if(incache) {
+        /* there was one before in the cache, so instead of risking that the
+           previous one was rejected, we just kill that and store the new */
+        Curl_ssl_delsessionid(conn, ssl_sessionid);
+      }
+
+      /* store this session id */
+      result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize);
+      if(result) {
+        free(connect_sessionid);
+        result = CURLE_OUT_OF_MEMORY;
+      }
+    }
+    else
+      result = CURLE_OUT_OF_MEMORY;
+  }
+
+  return result;
+}
+
+
+/*
+ * This function is called after the TCP connect has completed. Setup the TLS
+ * layer and do all necessary magic.
+ */
+/* We use connssl->connecting_state to keep track of the connection status;
+   there are three states: 'ssl_connect_1' (not started yet or complete),
+   'ssl_connect_2_reading' (waiting for data from server), and
+   'ssl_connect_2_writing' (waiting to be able to write).
+ */
+static CURLcode
+gtls_connect_common(struct connectdata *conn,
+                    int sockindex,
+                    bool nonblocking,
+                    bool *done)
+{
+  int rc;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  /* Initiate the connection, if not already done */
+  if(ssl_connect_1==connssl->connecting_state) {
+    rc = gtls_connect_step1 (conn, sockindex);
+    if(rc)
+      return rc;
+  }
+
+  rc = handshake(conn, sockindex, TRUE, nonblocking);
+  if(rc)
+    /* handshake() sets its own error message with failf() */
+    return rc;
+
+  /* Finish connecting once the handshake is done */
+  if(ssl_connect_1==connssl->connecting_state) {
+    rc = gtls_connect_step3(conn, sockindex);
+    if(rc)
+      return rc;
+  }
+
+  *done = ssl_connect_1==connssl->connecting_state;
+
+  return CURLE_OK;
+}
+
+CURLcode
+Curl_gtls_connect_nonblocking(struct connectdata *conn,
+                              int sockindex,
+                              bool *done)
+{
+  return gtls_connect_common(conn, sockindex, TRUE, done);
+}
+
+CURLcode
+Curl_gtls_connect(struct connectdata *conn,
+                  int sockindex)
+
+{
+  CURLcode retcode;
+  bool done = FALSE;
+
+  retcode = gtls_connect_common(conn, sockindex, FALSE, &done);
+  if(retcode)
+    return retcode;
+
+  DEBUGASSERT(done);
+
+  return CURLE_OK;
+}
+
+static ssize_t gtls_send(struct connectdata *conn,
+                         int sockindex,
+                         const void *mem,
+                         size_t len,
+                         CURLcode *curlcode)
+{
+  ssize_t rc = gnutls_record_send(conn->ssl[sockindex].session, mem, len);
+
+  if(rc < 0 ) {
+    *curlcode = (rc == GNUTLS_E_AGAIN)
+      ? CURLE_AGAIN
+      : CURLE_SEND_ERROR;
+
+    rc = -1;
+  }
+
+  return rc;
+}
+
+void Curl_gtls_close_all(struct SessionHandle *data)
+{
+  /* FIX: make the OpenSSL code more generic and use parts of it here */
+  (void)data;
+}
+
+static void close_one(struct connectdata *conn,
+                      int idx)
+{
+  if(conn->ssl[idx].session) {
+    gnutls_bye(conn->ssl[idx].session, GNUTLS_SHUT_RDWR);
+    gnutls_deinit(conn->ssl[idx].session);
+    conn->ssl[idx].session = NULL;
+  }
+  if(conn->ssl[idx].cred) {
+    gnutls_certificate_free_credentials(conn->ssl[idx].cred);
+    conn->ssl[idx].cred = NULL;
+  }
+#ifdef USE_TLS_SRP
+  if(conn->ssl[idx].srp_client_cred) {
+    gnutls_srp_free_client_credentials(conn->ssl[idx].srp_client_cred);
+    conn->ssl[idx].srp_client_cred = NULL;
+  }
+#endif
+}
+
+void Curl_gtls_close(struct connectdata *conn, int sockindex)
+{
+  close_one(conn, sockindex);
+}
+
+/*
+ * This function is called to shut down the SSL layer but keep the
+ * socket open (CCC - Clear Command Channel)
+ */
+int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
+{
+  ssize_t result;
+  int retval = 0;
+  struct SessionHandle *data = conn->data;
+  int done = 0;
+  char buf[120];
+
+  /* This has only been tested on the proftpd server, and the mod_tls code
+     sends a close notify alert without waiting for a close notify alert in
+     response. Thus we wait for a close notify alert from the server, but
+     we do not send one. Let's hope other servers do the same... */
+
+  if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
+      gnutls_bye(conn->ssl[sockindex].session, GNUTLS_SHUT_WR);
+
+  if(conn->ssl[sockindex].session) {
+    while(!done) {
+      int what = Curl_socket_ready(conn->sock[sockindex],
+                                   CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+      if(what > 0) {
+        /* Something to read, let's do it and hope that it is the close
+           notify alert from the server */
+        result = gnutls_record_recv(conn->ssl[sockindex].session,
+                                    buf, sizeof(buf));
+        switch(result) {
+        case 0:
+          /* This is the expected response. There was no data but only
+             the close notify alert */
+          done = 1;
+          break;
+        case GNUTLS_E_AGAIN:
+        case GNUTLS_E_INTERRUPTED:
+          infof(data, "GNUTLS_E_AGAIN || GNUTLS_E_INTERRUPTED\n");
+          break;
+        default:
+          retval = -1;
+          done = 1;
+          break;
+        }
+      }
+      else if(0 == what) {
+        /* timeout */
+        failf(data, "SSL shutdown timeout");
+        done = 1;
+        break;
+      }
+      else {
+        /* anything that gets here is fatally bad */
+        failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        retval = -1;
+        done = 1;
+      }
+    }
+    gnutls_deinit(conn->ssl[sockindex].session);
+  }
+  gnutls_certificate_free_credentials(conn->ssl[sockindex].cred);
+
+#ifdef USE_TLS_SRP
+  if(data->set.ssl.authtype == CURL_TLSAUTH_SRP
+     && data->set.ssl.username != NULL)
+    gnutls_srp_free_client_credentials(conn->ssl[sockindex].srp_client_cred);
+#endif
+
+  conn->ssl[sockindex].cred = NULL;
+  conn->ssl[sockindex].session = NULL;
+
+  return retval;
+}
+
+static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
+                         int num,                  /* socketindex */
+                         char *buf,                /* store read data here */
+                         size_t buffersize,        /* max amount to read */
+                         CURLcode *curlcode)
+{
+  ssize_t ret;
+
+  ret = gnutls_record_recv(conn->ssl[num].session, buf, buffersize);
+  if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
+    *curlcode = CURLE_AGAIN;
+    return -1;
+  }
+
+  if(ret == GNUTLS_E_REHANDSHAKE) {
+    /* BLOCKING call, this is bad but a work-around for now. Fixing this "the
+       proper way" takes a whole lot of work. */
+    CURLcode rc = handshake(conn, num, FALSE, FALSE);
+    if(rc)
+      /* handshake() writes error message on its own */
+      *curlcode = rc;
+    else
+      *curlcode = CURLE_AGAIN; /* then return as if this was a wouldblock */
+    return -1;
+  }
+
+  if(ret < 0) {
+    failf(conn->data, "GnuTLS recv error (%d): %s",
+          (int)ret, gnutls_strerror((int)ret));
+    *curlcode = CURLE_RECV_ERROR;
+    return -1;
+  }
+
+  return ret;
+}
+
+void Curl_gtls_session_free(void *ptr)
+{
+  free(ptr);
+}
+
+size_t Curl_gtls_version(char *buffer, size_t size)
+{
+  return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
+}
+
+#ifndef USE_GNUTLS_NETTLE
+static int Curl_gtls_seed(struct SessionHandle *data)
+{
+  /* we have the "SSL is seeded" boolean static to prevent multiple
+     time-consuming seedings in vain */
+  static bool ssl_seeded = FALSE;
+
+  /* Quickly add a bit of entropy */
+  gcry_fast_random_poll();
+
+  if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
+     data->set.str[STRING_SSL_EGDSOCKET]) {
+
+    /* TODO: to a good job seeding the RNG
+       This may involve the gcry_control function and these options:
+       GCRYCTL_SET_RANDOM_SEED_FILE
+       GCRYCTL_SET_RNDEGD_SOCKET
+    */
+    ssl_seeded = TRUE;
+  }
+  return 0;
+}
+#endif
+
+/* data might be NULL! */
+int Curl_gtls_random(struct SessionHandle *data,
+                     unsigned char *entropy,
+                     size_t length)
+{
+#if defined(USE_GNUTLS_NETTLE)
+  (void)data;
+  gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);
+#elif defined(USE_GNUTLS)
+  if(data)
+    Curl_gtls_seed(data); /* Initiate the seed if not already done */
+  gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
+#endif
+  return 0;
+}
+
+void Curl_gtls_md5sum(unsigned char *tmp, /* input */
+                      size_t tmplen,
+                      unsigned char *md5sum, /* output */
+                      size_t md5len)
+{
+#if defined(USE_GNUTLS_NETTLE)
+  struct md5_ctx MD5pw;
+  md5_init(&MD5pw);
+  md5_update(&MD5pw, (unsigned int)tmplen, tmp);
+  md5_digest(&MD5pw, (unsigned int)md5len, md5sum);
+#elif defined(USE_GNUTLS)
+  gcry_md_hd_t MD5pw;
+  gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
+  gcry_md_write(MD5pw, tmp, tmplen);
+  memcpy(md5sum, gcry_md_read (MD5pw, 0), md5len);
+  gcry_md_close(MD5pw);
+#endif
+}
+
+#endif /* USE_GNUTLS */
diff --git a/Utilities/cmcurl/lib/vtls/gtls.h b/Utilities/cmcurl/lib/vtls/gtls.h
new file mode 100644
index 0000000..cd6152c
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/gtls.h
@@ -0,0 +1,79 @@
+#ifndef HEADER_CURL_GTLS_H
+#define HEADER_CURL_GTLS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_GNUTLS
+
+#include "urldata.h"
+
+int Curl_gtls_init(void);
+int Curl_gtls_cleanup(void);
+CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex);
+CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn,
+                                       int sockindex,
+                                       bool *done);
+
+/* tell GnuTLS to close down all open information regarding connections (and
+   thus session ID caching etc) */
+void Curl_gtls_close_all(struct SessionHandle *data);
+
+ /* close a SSL connection */
+void Curl_gtls_close(struct connectdata *conn, int sockindex);
+
+void Curl_gtls_session_free(void *ptr);
+size_t Curl_gtls_version(char *buffer, size_t size);
+int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
+int Curl_gtls_random(struct SessionHandle *data,
+                     unsigned char *entropy,
+                     size_t length);
+void Curl_gtls_md5sum(unsigned char *tmp, /* input */
+                      size_t tmplen,
+                      unsigned char *md5sum, /* output */
+                      size_t md5len);
+
+/* this backend provides these functions: */
+#define have_curlssl_md5sum 1
+
+/* API setup for GnuTLS */
+#define curlssl_init Curl_gtls_init
+#define curlssl_cleanup Curl_gtls_cleanup
+#define curlssl_connect Curl_gtls_connect
+#define curlssl_connect_nonblocking Curl_gtls_connect_nonblocking
+#define curlssl_session_free(x)  Curl_gtls_session_free(x)
+#define curlssl_close_all Curl_gtls_close_all
+#define curlssl_close Curl_gtls_close
+#define curlssl_shutdown(x,y) Curl_gtls_shutdown(x,y)
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_gtls_version
+#define curlssl_check_cxn(x) (x=x, -1)
+#define curlssl_data_pending(x,y) (x=x, y=y, 0)
+#define curlssl_random(x,y,z) Curl_gtls_random(x,y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_gtls_md5sum(a,b,c,d)
+#define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
+
+#endif /* USE_GNUTLS */
+#endif /* HEADER_CURL_GTLS_H */
diff --git a/Utilities/cmcurl/lib/vtls/nss.c b/Utilities/cmcurl/lib/vtls/nss.c
new file mode 100644
index 0000000..83b3e32
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/nss.c
@@ -0,0 +1,1943 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all NSS-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_NSS
+
+#include "urldata.h"
+#include "sendf.h"
+#include "formdata.h" /* for the boundary function */
+#include "url.h" /* for the ssl config check function */
+#include "connect.h"
+#include "strequal.h"
+#include "select.h"
+#include "vtls.h"
+#include "llist.h"
+
+#define _MPRINTF_REPLACE /* use the internal *printf() functions */
+#include <curl/mprintf.h>
+
+#include "nssg.h"
+#include <nspr.h>
+#include <nss.h>
+#include <ssl.h>
+#include <sslerr.h>
+#include <secerr.h>
+#include <secmod.h>
+#include <sslproto.h>
+#include <prtypes.h>
+#include <pk11pub.h>
+#include <prio.h>
+#include <secitem.h>
+#include <secport.h>
+#include <certdb.h>
+#include <base64.h>
+#include <cert.h>
+#include <prerror.h>
+
+#include "curl_memory.h"
+#include "rawstr.h"
+#include "warnless.h"
+#include "x509asn1.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#define SSL_DIR "/etc/pki/nssdb"
+
+/* enough to fit the string "PEM Token #[0|1]" */
+#define SLOTSIZE 13
+
+PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
+
+PRLock * nss_initlock = NULL;
+PRLock * nss_crllock = NULL;
+struct curl_llist *nss_crl_list = NULL;
+NSSInitContext * nss_context = NULL;
+
+volatile int initialized = 0;
+
+typedef struct {
+  const char *name;
+  int num;
+} cipher_s;
+
+#define PK11_SETATTRS(_attr, _idx, _type, _val, _len) do {  \
+  CK_ATTRIBUTE *ptr = (_attr) + ((_idx)++);                 \
+  ptr->type = (_type);                                      \
+  ptr->pValue = (_val);                                     \
+  ptr->ulValueLen = (_len);                                 \
+} WHILE_FALSE
+
+#define CERT_NewTempCertificate __CERT_NewTempCertificate
+
+#define NUM_OF_CIPHERS sizeof(cipherlist)/sizeof(cipherlist[0])
+static const cipher_s cipherlist[] = {
+  /* SSL2 cipher suites */
+  {"rc4",                        SSL_EN_RC4_128_WITH_MD5},
+  {"rc4-md5",                    SSL_EN_RC4_128_WITH_MD5},
+  {"rc4export",                  SSL_EN_RC4_128_EXPORT40_WITH_MD5},
+  {"rc2",                        SSL_EN_RC2_128_CBC_WITH_MD5},
+  {"rc2export",                  SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5},
+  {"des",                        SSL_EN_DES_64_CBC_WITH_MD5},
+  {"desede3",                    SSL_EN_DES_192_EDE3_CBC_WITH_MD5},
+  /* SSL3/TLS cipher suites */
+  {"rsa_rc4_128_md5",            SSL_RSA_WITH_RC4_128_MD5},
+  {"rsa_rc4_128_sha",            SSL_RSA_WITH_RC4_128_SHA},
+  {"rsa_3des_sha",               SSL_RSA_WITH_3DES_EDE_CBC_SHA},
+  {"rsa_des_sha",                SSL_RSA_WITH_DES_CBC_SHA},
+  {"rsa_rc4_40_md5",             SSL_RSA_EXPORT_WITH_RC4_40_MD5},
+  {"rsa_rc2_40_md5",             SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5},
+  {"rsa_null_md5",               SSL_RSA_WITH_NULL_MD5},
+  {"rsa_null_sha",               SSL_RSA_WITH_NULL_SHA},
+  {"fips_3des_sha",              SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA},
+  {"fips_des_sha",               SSL_RSA_FIPS_WITH_DES_CBC_SHA},
+  {"fortezza",                   SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA},
+  {"fortezza_rc4_128_sha",       SSL_FORTEZZA_DMS_WITH_RC4_128_SHA},
+  {"fortezza_null",              SSL_FORTEZZA_DMS_WITH_NULL_SHA},
+  /* TLS 1.0: Exportable 56-bit Cipher Suites. */
+  {"rsa_des_56_sha",             TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
+  {"rsa_rc4_56_sha",             TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
+  /* AES ciphers. */
+  {"dhe_dss_aes_128_cbc_sha",    TLS_DHE_DSS_WITH_AES_128_CBC_SHA},
+  {"dhe_dss_aes_256_cbc_sha",    TLS_DHE_DSS_WITH_AES_256_CBC_SHA},
+  {"dhe_rsa_aes_128_cbc_sha",    TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
+  {"dhe_rsa_aes_256_cbc_sha",    TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
+  {"rsa_aes_128_sha",            TLS_RSA_WITH_AES_128_CBC_SHA},
+  {"rsa_aes_256_sha",            TLS_RSA_WITH_AES_256_CBC_SHA},
+  /* ECC ciphers. */
+  {"ecdh_ecdsa_null_sha",        TLS_ECDH_ECDSA_WITH_NULL_SHA},
+  {"ecdh_ecdsa_rc4_128_sha",     TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
+  {"ecdh_ecdsa_3des_sha",        TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA},
+  {"ecdh_ecdsa_aes_128_sha",     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA},
+  {"ecdh_ecdsa_aes_256_sha",     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA},
+  {"ecdhe_ecdsa_null_sha",       TLS_ECDHE_ECDSA_WITH_NULL_SHA},
+  {"ecdhe_ecdsa_rc4_128_sha",    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
+  {"ecdhe_ecdsa_3des_sha",       TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA},
+  {"ecdhe_ecdsa_aes_128_sha",    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
+  {"ecdhe_ecdsa_aes_256_sha",    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
+  {"ecdh_rsa_null_sha",          TLS_ECDH_RSA_WITH_NULL_SHA},
+  {"ecdh_rsa_128_sha",           TLS_ECDH_RSA_WITH_RC4_128_SHA},
+  {"ecdh_rsa_3des_sha",          TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA},
+  {"ecdh_rsa_aes_128_sha",       TLS_ECDH_RSA_WITH_AES_128_CBC_SHA},
+  {"ecdh_rsa_aes_256_sha",       TLS_ECDH_RSA_WITH_AES_256_CBC_SHA},
+  {"echde_rsa_null",             TLS_ECDHE_RSA_WITH_NULL_SHA},
+  {"ecdhe_rsa_rc4_128_sha",      TLS_ECDHE_RSA_WITH_RC4_128_SHA},
+  {"ecdhe_rsa_3des_sha",         TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA},
+  {"ecdhe_rsa_aes_128_sha",      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
+  {"ecdhe_rsa_aes_256_sha",      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
+  {"ecdh_anon_null_sha",         TLS_ECDH_anon_WITH_NULL_SHA},
+  {"ecdh_anon_rc4_128sha",       TLS_ECDH_anon_WITH_RC4_128_SHA},
+  {"ecdh_anon_3des_sha",         TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
+  {"ecdh_anon_aes_128_sha",      TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
+  {"ecdh_anon_aes_256_sha",      TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
+#ifdef TLS_RSA_WITH_NULL_SHA256
+  /* new HMAC-SHA256 cipher suites specified in RFC */
+  {"rsa_null_sha_256",                TLS_RSA_WITH_NULL_SHA256},
+  {"rsa_aes_128_cbc_sha_256",         TLS_RSA_WITH_AES_128_CBC_SHA256},
+  {"rsa_aes_256_cbc_sha_256",         TLS_RSA_WITH_AES_256_CBC_SHA256},
+  {"dhe_rsa_aes_128_cbc_sha_256",     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
+  {"dhe_rsa_aes_256_cbc_sha_256",     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
+  {"ecdhe_ecdsa_aes_128_cbc_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
+  {"ecdhe_rsa_aes_128_cbc_sha_256",   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
+#endif
+#ifdef TLS_RSA_WITH_AES_128_GCM_SHA256
+  /* AES GCM cipher suites in RFC 5288 and RFC 5289 */
+  {"rsa_aes_128_gcm_sha_256",         TLS_RSA_WITH_AES_128_GCM_SHA256},
+  {"dhe_rsa_aes_128_gcm_sha_256",     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
+  {"dhe_dss_aes_128_gcm_sha_256",     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256},
+  {"ecdhe_ecdsa_aes_128_gcm_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+  {"ecdh_ecdsa_aes_128_gcm_sha_256",  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256},
+  {"ecdhe_rsa_aes_128_gcm_sha_256",   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+  {"ecdh_rsa_aes_128_gcm_sha_256",    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256},
+#endif
+};
+
+static const char* pem_library = "libnsspem.so";
+SECMODModule* mod = NULL;
+
+/* NSPR I/O layer we use to detect blocking direction during SSL handshake */
+static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER;
+static PRIOMethods nspr_io_methods;
+
+static const char* nss_error_to_name(PRErrorCode code)
+{
+  const char *name = PR_ErrorToName(code);
+  if(name)
+    return name;
+
+  return "unknown error";
+}
+
+static void nss_print_error_message(struct SessionHandle *data, PRUint32 err)
+{
+  failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT));
+}
+
+static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
+                             char *cipher_list)
+{
+  unsigned int i;
+  PRBool cipher_state[NUM_OF_CIPHERS];
+  PRBool found;
+  char *cipher;
+
+  /* First disable all ciphers. This uses a different max value in case
+   * NSS adds more ciphers later we don't want them available by
+   * accident
+   */
+  for(i=0; i<SSL_NumImplementedCiphers; i++) {
+    SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
+  }
+
+  /* Set every entry in our list to false */
+  for(i=0; i<NUM_OF_CIPHERS; i++) {
+    cipher_state[i] = PR_FALSE;
+  }
+
+  cipher = cipher_list;
+
+  while(cipher_list && (cipher_list[0])) {
+    while((*cipher) && (ISSPACE(*cipher)))
+      ++cipher;
+
+    if((cipher_list = strchr(cipher, ','))) {
+      *cipher_list++ = '\0';
+    }
+
+    found = PR_FALSE;
+
+    for(i=0; i<NUM_OF_CIPHERS; i++) {
+      if(Curl_raw_equal(cipher, cipherlist[i].name)) {
+        cipher_state[i] = PR_TRUE;
+        found = PR_TRUE;
+        break;
+      }
+    }
+
+    if(found == PR_FALSE) {
+      failf(data, "Unknown cipher in list: %s", cipher);
+      return SECFailure;
+    }
+
+    if(cipher_list) {
+      cipher = cipher_list;
+    }
+  }
+
+  /* Finally actually enable the selected ciphers */
+  for(i=0; i<NUM_OF_CIPHERS; i++) {
+    if(!cipher_state[i])
+      continue;
+
+    if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
+      failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
+      return SECFailure;
+    }
+  }
+
+  return SECSuccess;
+}
+
+/*
+ * Get the number of ciphers that are enabled. We use this to determine
+ * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers.
+ */
+static int num_enabled_ciphers(void)
+{
+  PRInt32 policy = 0;
+  int count = 0;
+  unsigned int i;
+
+  for(i=0; i<NUM_OF_CIPHERS; i++) {
+    SSL_CipherPolicyGet(cipherlist[i].num, &policy);
+    if(policy)
+      count++;
+  }
+  return count;
+}
+
+/*
+ * Determine whether the nickname passed in is a filename that needs to
+ * be loaded as a PEM or a regular NSS nickname.
+ *
+ * returns 1 for a file
+ * returns 0 for not a file (NSS nickname)
+ */
+static int is_file(const char *filename)
+{
+  struct_stat st;
+
+  if(filename == NULL)
+    return 0;
+
+  if(stat(filename, &st) == 0)
+    if(S_ISREG(st.st_mode))
+      return 1;
+
+  return 0;
+}
+
+/* Check if the given string is filename or nickname of a certificate.  If the
+ * given string is recognized as filename, return NULL.  If the given string is
+ * recognized as nickname, return a duplicated string.  The returned string
+ * should be later deallocated using free().  If the OOM failure occurs, we
+ * return NULL, too.
+ */
+static char* dup_nickname(struct SessionHandle *data, enum dupstring cert_kind)
+{
+  const char *str = data->set.str[cert_kind];
+  const char *n;
+
+  if(!is_file(str))
+    /* no such file exists, use the string as nickname */
+    return strdup(str);
+
+  /* search the last slash; we require at least one slash in a file name */
+  n = strrchr(str, '/');
+  if(!n) {
+    infof(data, "warning: certificate file name \"%s\" handled as nickname; "
+          "please use \"./%s\" to force file name\n", str, str);
+    return strdup(str);
+  }
+
+  /* we'll use the PEM reader to read the certificate from file */
+  return NULL;
+}
+
+/* Call PK11_CreateGenericObject() with the given obj_class and filename.  If
+ * the call succeeds, append the object handle to the list of objects so that
+ * the object can be destroyed in Curl_nss_close(). */
+static CURLcode nss_create_object(struct ssl_connect_data *ssl,
+                                  CK_OBJECT_CLASS obj_class,
+                                  const char *filename, bool cacert)
+{
+  PK11SlotInfo *slot;
+  PK11GenericObject *obj;
+  CK_BBOOL cktrue = CK_TRUE;
+  CK_BBOOL ckfalse = CK_FALSE;
+  CK_ATTRIBUTE attrs[/* max count of attributes */ 4];
+  int attr_cnt = 0;
+  CURLcode err = (cacert)
+    ? CURLE_SSL_CACERT_BADFILE
+    : CURLE_SSL_CERTPROBLEM;
+
+  const int slot_id = (cacert) ? 0 : 1;
+  char *slot_name = aprintf("PEM Token #%d", slot_id);
+  if(!slot_name)
+    return CURLE_OUT_OF_MEMORY;
+
+  slot = PK11_FindSlotByName(slot_name);
+  free(slot_name);
+  if(!slot)
+    return err;
+
+  PK11_SETATTRS(attrs, attr_cnt, CKA_CLASS, &obj_class, sizeof(obj_class));
+  PK11_SETATTRS(attrs, attr_cnt, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL));
+  PK11_SETATTRS(attrs, attr_cnt, CKA_LABEL, (unsigned char *)filename,
+                strlen(filename) + 1);
+
+  if(CKO_CERTIFICATE == obj_class) {
+    CK_BBOOL *pval = (cacert) ? (&cktrue) : (&ckfalse);
+    PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));
+  }
+
+  obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE);
+  PK11_FreeSlot(slot);
+  if(!obj)
+    return err;
+
+  if(!Curl_llist_insert_next(ssl->obj_list, ssl->obj_list->tail, obj)) {
+    PK11_DestroyGenericObject(obj);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  if(!cacert && CKO_CERTIFICATE == obj_class)
+    /* store reference to a client certificate */
+    ssl->obj_clicert = obj;
+
+  return CURLE_OK;
+}
+
+/* Destroy the NSS object whose handle is given by ptr.  This function is
+ * a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy
+ * NSS objects in Curl_nss_close() */
+static void nss_destroy_object(void *user, void *ptr)
+{
+  PK11GenericObject *obj = (PK11GenericObject *)ptr;
+  (void) user;
+  PK11_DestroyGenericObject(obj);
+}
+
+/* same as nss_destroy_object() but for CRL items */
+static void nss_destroy_crl_item(void *user, void *ptr)
+{
+  SECItem *crl_der = (SECItem *)ptr;
+  (void) user;
+  SECITEM_FreeItem(crl_der, PR_TRUE);
+}
+
+static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
+                              const char *filename, PRBool cacert)
+{
+  CURLcode err = (cacert)
+    ? CURLE_SSL_CACERT_BADFILE
+    : CURLE_SSL_CERTPROBLEM;
+
+  /* libnsspem.so leaks memory if the requested file does not exist.  For more
+   * details, go to <https://bugzilla.redhat.com/734760>. */
+  if(is_file(filename))
+    err = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
+
+  if(CURLE_OK == err && !cacert) {
+    /* we have successfully loaded a client certificate */
+    CERTCertificate *cert;
+    char *nickname = NULL;
+    char *n = strrchr(filename, '/');
+    if(n)
+      n++;
+
+    /* The following undocumented magic helps to avoid a SIGSEGV on call
+     * of PK11_ReadRawAttribute() from SelectClientCert() when using an
+     * immature version of libnsspem.so.  For more details, go to
+     * <https://bugzilla.redhat.com/733685>. */
+    nickname = aprintf("PEM Token #1:%s", n);
+    if(nickname) {
+      cert = PK11_FindCertFromNickname(nickname, NULL);
+      if(cert)
+        CERT_DestroyCertificate(cert);
+
+      free(nickname);
+    }
+  }
+
+  return err;
+}
+
+/* add given CRL to cache if it is not already there */
+static CURLcode nss_cache_crl(SECItem *crl_der)
+{
+  CERTCertDBHandle *db = CERT_GetDefaultCertDB();
+  CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0);
+  if(crl) {
+    /* CRL already cached */
+    SEC_DestroyCrl(crl);
+    SECITEM_FreeItem(crl_der, PR_TRUE);
+    return CURLE_SSL_CRL_BADFILE;
+  }
+
+  /* acquire lock before call of CERT_CacheCRL() and accessing nss_crl_list */
+  PR_Lock(nss_crllock);
+
+  /* store the CRL item so that we can free it in Curl_nss_cleanup() */
+  if(!Curl_llist_insert_next(nss_crl_list, nss_crl_list->tail, crl_der)) {
+    SECITEM_FreeItem(crl_der, PR_TRUE);
+    PR_Unlock(nss_crllock);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  if(SECSuccess != CERT_CacheCRL(db, crl_der)) {
+    /* unable to cache CRL */
+    PR_Unlock(nss_crllock);
+    return CURLE_SSL_CRL_BADFILE;
+  }
+
+  /* we need to clear session cache, so that the CRL could take effect */
+  SSL_ClearSessionCache();
+  PR_Unlock(nss_crllock);
+  return CURLE_OK;
+}
+
+static CURLcode nss_load_crl(const char* crlfilename)
+{
+  PRFileDesc *infile;
+  PRFileInfo  info;
+  SECItem filedata = { 0, NULL, 0 };
+  SECItem *crl_der = NULL;
+  char *body;
+
+  infile = PR_Open(crlfilename, PR_RDONLY, 0);
+  if(!infile)
+    return CURLE_SSL_CRL_BADFILE;
+
+  if(PR_SUCCESS != PR_GetOpenFileInfo(infile, &info))
+    goto fail;
+
+  if(!SECITEM_AllocItem(NULL, &filedata, info.size + /* zero ended */ 1))
+    goto fail;
+
+  if(info.size != PR_Read(infile, filedata.data, info.size))
+    goto fail;
+
+  crl_der = SECITEM_AllocItem(NULL, NULL, 0U);
+  if(!crl_der)
+    goto fail;
+
+  /* place a trailing zero right after the visible data */
+  body = (char*)filedata.data;
+  body[--filedata.len] = '\0';
+
+  body = strstr(body, "-----BEGIN");
+  if(body) {
+    /* assume ASCII */
+    char *trailer;
+    char *begin = PORT_Strchr(body, '\n');
+    if(!begin)
+      begin = PORT_Strchr(body, '\r');
+    if(!begin)
+      goto fail;
+
+    trailer = strstr(++begin, "-----END");
+    if(!trailer)
+      goto fail;
+
+    /* retrieve DER from ASCII */
+    *trailer = '\0';
+    if(ATOB_ConvertAsciiToItem(crl_der, begin))
+      goto fail;
+
+    SECITEM_FreeItem(&filedata, PR_FALSE);
+  }
+  else
+    /* assume DER */
+    *crl_der = filedata;
+
+  PR_Close(infile);
+  return nss_cache_crl(crl_der);
+
+fail:
+  PR_Close(infile);
+  SECITEM_FreeItem(crl_der, PR_TRUE);
+  SECITEM_FreeItem(&filedata, PR_FALSE);
+  return CURLE_SSL_CRL_BADFILE;
+}
+
+static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
+                             char *key_file)
+{
+  PK11SlotInfo *slot;
+  SECStatus status;
+  CURLcode rv;
+  struct ssl_connect_data *ssl = conn->ssl;
+  (void)sockindex; /* unused */
+
+  rv = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE);
+  if(CURLE_OK != rv) {
+    PR_SetError(SEC_ERROR_BAD_KEY, 0);
+    return rv;
+  }
+
+  slot = PK11_FindSlotByName("PEM Token #1");
+  if(!slot)
+    return CURLE_SSL_CERTPROBLEM;
+
+  /* This will force the token to be seen as re-inserted */
+  SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
+  PK11_IsPresent(slot);
+
+  status = PK11_Authenticate(slot, PR_TRUE,
+                             conn->data->set.str[STRING_KEY_PASSWD]);
+  PK11_FreeSlot(slot);
+  return (SECSuccess == status)
+    ? CURLE_OK
+    : CURLE_SSL_CERTPROBLEM;
+}
+
+static int display_error(struct connectdata *conn, PRInt32 err,
+                         const char *filename)
+{
+  switch(err) {
+  case SEC_ERROR_BAD_PASSWORD:
+    failf(conn->data, "Unable to load client key: Incorrect password");
+    return 1;
+  case SEC_ERROR_UNKNOWN_CERT:
+    failf(conn->data, "Unable to load certificate %s", filename);
+    return 1;
+  default:
+    break;
+  }
+  return 0; /* The caller will print a generic error */
+}
+
+static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
+                           char *cert_file, char *key_file)
+{
+  struct SessionHandle *data = conn->data;
+  CURLcode rv;
+
+  if(cert_file) {
+    rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
+    if(CURLE_OK != rv) {
+      const PRErrorCode err = PR_GetError();
+      if(!display_error(conn, err, cert_file)) {
+        const char *err_name = nss_error_to_name(err);
+        failf(data, "unable to load client cert: %d (%s)", err, err_name);
+      }
+
+      return rv;
+    }
+  }
+
+  if(key_file || (is_file(cert_file))) {
+    if(key_file)
+      rv = nss_load_key(conn, sockindex, key_file);
+    else
+      /* In case the cert file also has the key */
+      rv = nss_load_key(conn, sockindex, cert_file);
+    if(CURLE_OK != rv) {
+      const PRErrorCode err = PR_GetError();
+      if(!display_error(conn, err, key_file)) {
+        const char *err_name = nss_error_to_name(err);
+        failf(data, "unable to load client key: %d (%s)", err, err_name);
+      }
+
+      return rv;
+    }
+  }
+
+  return CURLE_OK;
+}
+
+static char * nss_get_password(PK11SlotInfo * slot, PRBool retry, void *arg)
+{
+  (void)slot; /* unused */
+  if(retry || NULL == arg)
+    return NULL;
+  else
+    return (char *)PORT_Strdup((char *)arg);
+}
+
+/* bypass the default SSL_AuthCertificate() hook in case we do not want to
+ * verify peer */
+static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
+                                    PRBool isServer)
+{
+  struct connectdata *conn = (struct connectdata *)arg;
+  if(!conn->data->set.ssl.verifypeer) {
+    infof(conn->data, "skipping SSL peer certificate verification\n");
+    return SECSuccess;
+  }
+
+  return SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);
+}
+
+/**
+ * Inform the application that the handshake is complete.
+ */
+static void HandshakeCallback(PRFileDesc *sock, void *arg)
+{
+#ifdef USE_NGHTTP2
+  struct connectdata *conn = (struct connectdata*) arg;
+  unsigned int buflenmax = 50;
+  unsigned char buf[50];
+  unsigned int buflen;
+  SSLNextProtoState state;
+
+  if(!conn->data->set.ssl_enable_npn && !conn->data->set.ssl_enable_alpn) {
+    return;
+  }
+
+  if(SSL_GetNextProto(sock, &state, buf, &buflen, buflenmax) == SECSuccess) {
+
+    switch(state) {
+      case SSL_NEXT_PROTO_NO_SUPPORT:
+      case SSL_NEXT_PROTO_NO_OVERLAP:
+        infof(conn->data, "TLS, neither ALPN nor NPN succeeded\n");
+        return;
+#ifdef SSL_ENABLE_ALPN
+      case SSL_NEXT_PROTO_SELECTED:
+        infof(conn->data, "ALPN, server accepted to use %.*s\n", buflen, buf);
+        break;
+#endif
+      case SSL_NEXT_PROTO_NEGOTIATED:
+        infof(conn->data, "NPN, server accepted to use %.*s\n", buflen, buf);
+        break;
+    }
+
+    if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN &&
+       memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)
+       == 0) {
+      conn->negnpn = NPN_HTTP2;
+    }
+    else if(buflen == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1, buf,
+                                                     ALPN_HTTP_1_1_LENGTH)) {
+      conn->negnpn = NPN_HTTP1_1;
+    }
+  }
+#else
+  (void)sock;
+  (void)arg;
+#endif
+}
+
+static void display_cert_info(struct SessionHandle *data,
+                              CERTCertificate *cert)
+{
+  char *subject, *issuer, *common_name;
+  PRExplodedTime printableTime;
+  char timeString[256];
+  PRTime notBefore, notAfter;
+
+  subject = CERT_NameToAscii(&cert->subject);
+  issuer = CERT_NameToAscii(&cert->issuer);
+  common_name = CERT_GetCommonName(&cert->subject);
+  infof(data, "\tsubject: %s\n", subject);
+
+  CERT_GetCertTimes(cert, &notBefore, &notAfter);
+  PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime);
+  PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
+  infof(data, "\tstart date: %s\n", timeString);
+  PR_ExplodeTime(notAfter, PR_GMTParameters, &printableTime);
+  PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
+  infof(data, "\texpire date: %s\n", timeString);
+  infof(data, "\tcommon name: %s\n", common_name);
+  infof(data, "\tissuer: %s\n", issuer);
+
+  PR_Free(subject);
+  PR_Free(issuer);
+  PR_Free(common_name);
+}
+
+static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
+{
+  SSLChannelInfo channel;
+  SSLCipherSuiteInfo suite;
+  CERTCertificate *cert;
+  CERTCertificate *cert2;
+  CERTCertificate *cert3;
+  PRTime now;
+  int i;
+
+  if(SSL_GetChannelInfo(sock, &channel, sizeof channel) ==
+     SECSuccess && channel.length == sizeof channel &&
+     channel.cipherSuite) {
+    if(SSL_GetCipherSuiteInfo(channel.cipherSuite,
+                              &suite, sizeof suite) == SECSuccess) {
+      infof(conn->data, "SSL connection using %s\n", suite.cipherSuiteName);
+    }
+  }
+
+  cert = SSL_PeerCertificate(sock);
+
+  if(cert) {
+    infof(conn->data, "Server certificate:\n");
+
+    if(!conn->data->set.ssl.certinfo) {
+      display_cert_info(conn->data, cert);
+      CERT_DestroyCertificate(cert);
+    }
+    else {
+      /* Count certificates in chain. */
+      now = PR_Now();
+      i = 1;
+      if(!cert->isRoot) {
+        cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
+        while(cert2) {
+          i++;
+          if(cert2->isRoot) {
+            CERT_DestroyCertificate(cert2);
+            break;
+          }
+          cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA);
+          CERT_DestroyCertificate(cert2);
+          cert2 = cert3;
+        }
+      }
+      Curl_ssl_init_certinfo(conn->data, i);
+      for(i = 0; cert; cert = cert2) {
+        Curl_extract_certinfo(conn, i++, (char *)cert->derCert.data,
+                              (char *)cert->derCert.data + cert->derCert.len);
+        if(cert->isRoot) {
+          CERT_DestroyCertificate(cert);
+          break;
+        }
+        cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
+        CERT_DestroyCertificate(cert);
+      }
+    }
+  }
+
+  return;
+}
+
+static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
+{
+  struct connectdata *conn = (struct connectdata *)arg;
+  struct SessionHandle *data = conn->data;
+  PRErrorCode err = PR_GetError();
+  CERTCertificate *cert;
+
+  /* remember the cert verification result */
+  data->set.ssl.certverifyresult = err;
+
+  if(err == SSL_ERROR_BAD_CERT_DOMAIN && !data->set.ssl.verifyhost)
+    /* we are asked not to verify the host name */
+    return SECSuccess;
+
+  /* print only info about the cert, the error is printed off the callback */
+  cert = SSL_PeerCertificate(sock);
+  if(cert) {
+    infof(data, "Server certificate:\n");
+    display_cert_info(data, cert);
+    CERT_DestroyCertificate(cert);
+  }
+
+  return SECFailure;
+}
+
+/**
+ *
+ * Check that the Peer certificate's issuer certificate matches the one found
+ * by issuer_nickname.  This is not exactly the way OpenSSL and GNU TLS do the
+ * issuer check, so we provide comments that mimic the OpenSSL
+ * X509_check_issued function (in x509v3/v3_purp.c)
+ */
+static SECStatus check_issuer_cert(PRFileDesc *sock,
+                                   char *issuer_nickname)
+{
+  CERTCertificate *cert,*cert_issuer,*issuer;
+  SECStatus res=SECSuccess;
+  void *proto_win = NULL;
+
+  /*
+    PRArenaPool   *tmpArena = NULL;
+    CERTAuthKeyID *authorityKeyID = NULL;
+    SECITEM       *caname = NULL;
+  */
+
+  cert = SSL_PeerCertificate(sock);
+  cert_issuer = CERT_FindCertIssuer(cert,PR_Now(),certUsageObjectSigner);
+
+  proto_win = SSL_RevealPinArg(sock);
+  issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win);
+
+  if((!cert_issuer) || (!issuer))
+    res = SECFailure;
+  else if(SECITEM_CompareItem(&cert_issuer->derCert,
+                              &issuer->derCert)!=SECEqual)
+    res = SECFailure;
+
+  CERT_DestroyCertificate(cert);
+  CERT_DestroyCertificate(issuer);
+  CERT_DestroyCertificate(cert_issuer);
+  return res;
+}
+
+/**
+ *
+ * Callback to pick the SSL client certificate.
+ */
+static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
+                                  struct CERTDistNamesStr *caNames,
+                                  struct CERTCertificateStr **pRetCert,
+                                  struct SECKEYPrivateKeyStr **pRetKey)
+{
+  struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
+  struct SessionHandle *data = connssl->data;
+  const char *nickname = connssl->client_nickname;
+
+  if(connssl->obj_clicert) {
+    /* use the cert/key provided by PEM reader */
+    static const char pem_slotname[] = "PEM Token #1";
+    SECItem cert_der = { 0, NULL, 0 };
+    void *proto_win = SSL_RevealPinArg(sock);
+    struct CERTCertificateStr *cert;
+    struct SECKEYPrivateKeyStr *key;
+
+    PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);
+    if(NULL == slot) {
+      failf(data, "NSS: PK11 slot not found: %s", pem_slotname);
+      return SECFailure;
+    }
+
+    if(PK11_ReadRawAttribute(PK11_TypeGeneric, connssl->obj_clicert, CKA_VALUE,
+                             &cert_der) != SECSuccess) {
+      failf(data, "NSS: CKA_VALUE not found in PK11 generic object");
+      PK11_FreeSlot(slot);
+      return SECFailure;
+    }
+
+    cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
+    SECITEM_FreeItem(&cert_der, PR_FALSE);
+    if(NULL == cert) {
+      failf(data, "NSS: client certificate from file not found");
+      PK11_FreeSlot(slot);
+      return SECFailure;
+    }
+
+    key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
+    PK11_FreeSlot(slot);
+    if(NULL == key) {
+      failf(data, "NSS: private key from file not found");
+      CERT_DestroyCertificate(cert);
+      return SECFailure;
+    }
+
+    infof(data, "NSS: client certificate from file\n");
+    display_cert_info(data, cert);
+
+    *pRetCert = cert;
+    *pRetKey = key;
+    return SECSuccess;
+  }
+
+  /* use the default NSS hook */
+  if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames,
+                                          pRetCert, pRetKey)
+      || NULL == *pRetCert) {
+
+    if(NULL == nickname)
+      failf(data, "NSS: client certificate not found (nickname not "
+            "specified)");
+    else
+      failf(data, "NSS: client certificate not found: %s", nickname);
+
+    return SECFailure;
+  }
+
+  /* get certificate nickname if any */
+  nickname = (*pRetCert)->nickname;
+  if(NULL == nickname)
+    nickname = "[unknown]";
+
+  if(NULL == *pRetKey) {
+    failf(data, "NSS: private key not found for certificate: %s", nickname);
+    return SECFailure;
+  }
+
+  infof(data, "NSS: using client certificate: %s\n", nickname);
+  display_cert_info(data, *pRetCert);
+  return SECSuccess;
+}
+
+/* This function is supposed to decide, which error codes should be used
+ * to conclude server is TLS intolerant.
+ *
+ * taken from xulrunner - nsNSSIOLayer.cpp
+ */
+static PRBool
+isTLSIntoleranceError(PRInt32 err)
+{
+  switch (err) {
+  case SSL_ERROR_BAD_MAC_ALERT:
+  case SSL_ERROR_BAD_MAC_READ:
+  case SSL_ERROR_HANDSHAKE_FAILURE_ALERT:
+  case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT:
+  case SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE:
+  case SSL_ERROR_ILLEGAL_PARAMETER_ALERT:
+  case SSL_ERROR_NO_CYPHER_OVERLAP:
+  case SSL_ERROR_BAD_SERVER:
+  case SSL_ERROR_BAD_BLOCK_PADDING:
+  case SSL_ERROR_UNSUPPORTED_VERSION:
+  case SSL_ERROR_PROTOCOL_VERSION_ALERT:
+  case SSL_ERROR_RX_MALFORMED_FINISHED:
+  case SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE:
+  case SSL_ERROR_DECODE_ERROR_ALERT:
+  case SSL_ERROR_RX_UNKNOWN_ALERT:
+    return PR_TRUE;
+  default:
+    return PR_FALSE;
+  }
+}
+
+/* update blocking direction in case of PR_WOULD_BLOCK_ERROR */
+static void nss_update_connecting_state(ssl_connect_state state, void *secret)
+{
+  struct ssl_connect_data *connssl = (struct ssl_connect_data *)secret;
+  if(PR_GetError() != PR_WOULD_BLOCK_ERROR)
+    /* an unrelated error is passing by */
+    return;
+
+  switch(connssl->connecting_state) {
+  case ssl_connect_2:
+  case ssl_connect_2_reading:
+  case ssl_connect_2_writing:
+    break;
+  default:
+    /* we are not called from an SSL handshake */
+    return;
+  }
+
+  /* update the state accordingly */
+  connssl->connecting_state = state;
+}
+
+/* recv() wrapper we use to detect blocking direction during SSL handshake */
+static PRInt32 nspr_io_recv(PRFileDesc *fd, void *buf, PRInt32 amount,
+                            PRIntn flags, PRIntervalTime timeout)
+{
+  const PRRecvFN recv_fn = fd->lower->methods->recv;
+  const PRInt32 rv = recv_fn(fd->lower, buf, amount, flags, timeout);
+  if(rv < 0)
+    /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */
+    nss_update_connecting_state(ssl_connect_2_reading, fd->secret);
+  return rv;
+}
+
+/* send() wrapper we use to detect blocking direction during SSL handshake */
+static PRInt32 nspr_io_send(PRFileDesc *fd, const void *buf, PRInt32 amount,
+                            PRIntn flags, PRIntervalTime timeout)
+{
+  const PRSendFN send_fn = fd->lower->methods->send;
+  const PRInt32 rv = send_fn(fd->lower, buf, amount, flags, timeout);
+  if(rv < 0)
+    /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */
+    nss_update_connecting_state(ssl_connect_2_writing, fd->secret);
+  return rv;
+}
+
+/* close() wrapper to avoid assertion failure due to fd->secret != NULL */
+static PRStatus nspr_io_close(PRFileDesc *fd)
+{
+  const PRCloseFN close_fn = PR_GetDefaultIOMethods()->close;
+  fd->secret = NULL;
+  return close_fn(fd);
+}
+
+static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
+{
+  NSSInitParameters initparams;
+
+  if(nss_context != NULL)
+    return CURLE_OK;
+
+  memset((void *) &initparams, '\0', sizeof(initparams));
+  initparams.length = sizeof(initparams);
+
+  if(cert_dir) {
+    char *certpath = aprintf("sql:%s", cert_dir);
+    if(!certpath)
+      return CURLE_OUT_OF_MEMORY;
+
+    infof(data, "Initializing NSS with certpath: %s\n", certpath);
+    nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
+            NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
+    free(certpath);
+
+    if(nss_context != NULL)
+      return CURLE_OK;
+
+    infof(data, "Unable to initialize NSS database\n");
+  }
+
+  infof(data, "Initializing NSS with certpath: none\n");
+  nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
+         | NSS_INIT_NOCERTDB   | NSS_INIT_NOMODDB       | NSS_INIT_FORCEOPEN
+         | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
+  if(nss_context != NULL)
+    return CURLE_OK;
+
+  infof(data, "Unable to initialize NSS\n");
+  return CURLE_SSL_CACERT_BADFILE;
+}
+
+static CURLcode nss_init(struct SessionHandle *data)
+{
+  char *cert_dir;
+  struct_stat st;
+  CURLcode rv;
+
+  if(initialized)
+    return CURLE_OK;
+
+  /* list of all CRL items we need to destroy in Curl_nss_cleanup() */
+  nss_crl_list = Curl_llist_alloc(nss_destroy_crl_item);
+  if(!nss_crl_list)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* First we check if $SSL_DIR points to a valid dir */
+  cert_dir = getenv("SSL_DIR");
+  if(cert_dir) {
+    if((stat(cert_dir, &st) != 0) ||
+        (!S_ISDIR(st.st_mode))) {
+      cert_dir = NULL;
+    }
+  }
+
+  /* Now we check if the default location is a valid dir */
+  if(!cert_dir) {
+    if((stat(SSL_DIR, &st) == 0) &&
+        (S_ISDIR(st.st_mode))) {
+      cert_dir = (char *)SSL_DIR;
+    }
+  }
+
+  if(nspr_io_identity == PR_INVALID_IO_LAYER) {
+    /* allocate an identity for our own NSPR I/O layer */
+    nspr_io_identity = PR_GetUniqueIdentity("libcurl");
+    if(nspr_io_identity == PR_INVALID_IO_LAYER)
+      return CURLE_OUT_OF_MEMORY;
+
+    /* the default methods just call down to the lower I/O layer */
+    memcpy(&nspr_io_methods, PR_GetDefaultIOMethods(), sizeof nspr_io_methods);
+
+    /* override certain methods in the table by our wrappers */
+    nspr_io_methods.recv  = nspr_io_recv;
+    nspr_io_methods.send  = nspr_io_send;
+    nspr_io_methods.close = nspr_io_close;
+  }
+
+  rv = nss_init_core(data, cert_dir);
+  if(rv)
+    return rv;
+
+  if(num_enabled_ciphers() == 0)
+    NSS_SetDomesticPolicy();
+
+  initialized = 1;
+  return CURLE_OK;
+}
+
+/**
+ * Global SSL init
+ *
+ * @retval 0 error initializing SSL
+ * @retval 1 SSL initialized successfully
+ */
+int Curl_nss_init(void)
+{
+  /* curl_global_init() is not thread-safe so this test is ok */
+  if(nss_initlock == NULL) {
+    PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
+    nss_initlock = PR_NewLock();
+    nss_crllock = PR_NewLock();
+  }
+
+  /* We will actually initialize NSS later */
+
+  return 1;
+}
+
+CURLcode Curl_nss_force_init(struct SessionHandle *data)
+{
+  CURLcode rv;
+  if(!nss_initlock) {
+    failf(data,
+          "unable to initialize NSS, curl_global_init() should have been "
+          "called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL");
+    return CURLE_FAILED_INIT;
+  }
+
+  PR_Lock(nss_initlock);
+  rv = nss_init(data);
+  PR_Unlock(nss_initlock);
+  return rv;
+}
+
+/* Global cleanup */
+void Curl_nss_cleanup(void)
+{
+  /* This function isn't required to be threadsafe and this is only done
+   * as a safety feature.
+   */
+  PR_Lock(nss_initlock);
+  if(initialized) {
+    /* Free references to client certificates held in the SSL session cache.
+     * Omitting this hampers destruction of the security module owning
+     * the certificates. */
+    SSL_ClearSessionCache();
+
+    if(mod && SECSuccess == SECMOD_UnloadUserModule(mod)) {
+      SECMOD_DestroyModule(mod);
+      mod = NULL;
+    }
+    NSS_ShutdownContext(nss_context);
+    nss_context = NULL;
+  }
+
+  /* destroy all CRL items */
+  Curl_llist_destroy(nss_crl_list, NULL);
+  nss_crl_list = NULL;
+
+  PR_Unlock(nss_initlock);
+
+  PR_DestroyLock(nss_initlock);
+  PR_DestroyLock(nss_crllock);
+  nss_initlock = NULL;
+
+  initialized = 0;
+}
+
+/*
+ * This function uses SSL_peek to determine connection status.
+ *
+ * Return codes:
+ *     1 means the connection is still in place
+ *     0 means the connection has been closed
+ *    -1 means the connection status is unknown
+ */
+int
+Curl_nss_check_cxn(struct connectdata *conn)
+{
+  int rc;
+  char buf;
+
+  rc =
+    PR_Recv(conn->ssl[FIRSTSOCKET].handle, (void *)&buf, 1, PR_MSG_PEEK,
+            PR_SecondsToInterval(1));
+  if(rc > 0)
+    return 1; /* connection still in place */
+
+  if(rc == 0)
+    return 0; /* connection has been closed */
+
+  return -1;  /* connection status unknown */
+}
+
+/*
+ * This function is called when an SSL connection is closed.
+ */
+void Curl_nss_close(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  if(connssl->handle) {
+    /* NSS closes the socket we previously handed to it, so we must mark it
+       as closed to avoid double close */
+    fake_sclose(conn->sock[sockindex]);
+    conn->sock[sockindex] = CURL_SOCKET_BAD;
+
+    if((connssl->client_nickname != NULL) || (connssl->obj_clicert != NULL))
+      /* A server might require different authentication based on the
+       * particular path being requested by the client.  To support this
+       * scenario, we must ensure that a connection will never reuse the
+       * authentication data from a previous connection. */
+      SSL_InvalidateSession(connssl->handle);
+
+    if(connssl->client_nickname != NULL) {
+      free(connssl->client_nickname);
+      connssl->client_nickname = NULL;
+    }
+    /* destroy all NSS objects in order to avoid failure of NSS shutdown */
+    Curl_llist_destroy(connssl->obj_list, NULL);
+    connssl->obj_list = NULL;
+    connssl->obj_clicert = NULL;
+
+    PR_Close(connssl->handle);
+    connssl->handle = NULL;
+  }
+}
+
+/*
+ * This function is called when the 'data' struct is going away. Close
+ * down everything and free all resources!
+ */
+int Curl_nss_close_all(struct SessionHandle *data)
+{
+  (void)data;
+  return 0;
+}
+
+/* return true if NSS can provide error code (and possibly msg) for the
+   error */
+static bool is_nss_error(CURLcode err)
+{
+  switch(err) {
+  case CURLE_PEER_FAILED_VERIFICATION:
+  case CURLE_SSL_CACERT:
+  case CURLE_SSL_CERTPROBLEM:
+  case CURLE_SSL_CONNECT_ERROR:
+  case CURLE_SSL_ISSUER_ERROR:
+    return true;
+
+  default:
+    return false;
+  }
+}
+
+/* return true if the given error code is related to a client certificate */
+static bool is_cc_error(PRInt32 err)
+{
+  switch(err) {
+  case SSL_ERROR_BAD_CERT_ALERT:
+  case SSL_ERROR_EXPIRED_CERT_ALERT:
+  case SSL_ERROR_REVOKED_CERT_ALERT:
+    return true;
+
+  default:
+    return false;
+  }
+}
+
+static Curl_recv nss_recv;
+static Curl_send nss_send;
+
+static CURLcode nss_load_ca_certificates(struct connectdata *conn,
+                                         int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  const char *cafile = data->set.ssl.CAfile;
+  const char *capath = data->set.ssl.CApath;
+
+  if(cafile) {
+    CURLcode rv = nss_load_cert(&conn->ssl[sockindex], cafile, PR_TRUE);
+    if(CURLE_OK != rv)
+      return rv;
+  }
+
+  if(capath) {
+    struct_stat st;
+    if(stat(capath, &st) == -1)
+      return CURLE_SSL_CACERT_BADFILE;
+
+    if(S_ISDIR(st.st_mode)) {
+      PRDirEntry *entry;
+      PRDir *dir = PR_OpenDir(capath);
+      if(!dir)
+        return CURLE_SSL_CACERT_BADFILE;
+
+      while((entry = PR_ReadDir(dir, PR_SKIP_BOTH | PR_SKIP_HIDDEN))) {
+        char *fullpath = aprintf("%s/%s", capath, entry->name);
+        if(!fullpath) {
+          PR_CloseDir(dir);
+          return CURLE_OUT_OF_MEMORY;
+        }
+
+        if(CURLE_OK != nss_load_cert(&conn->ssl[sockindex], fullpath, PR_TRUE))
+          /* This is purposefully tolerant of errors so non-PEM files can
+           * be in the same directory */
+          infof(data, "failed to load '%s' from CURLOPT_CAPATH\n", fullpath);
+
+        free(fullpath);
+      }
+
+      PR_CloseDir(dir);
+    }
+    else
+      infof(data, "warning: CURLOPT_CAPATH not a directory (%s)\n", capath);
+  }
+
+  infof(data, "  CAfile: %s\n  CApath: %s\n",
+      cafile ? cafile : "none",
+      capath ? capath : "none");
+
+  return CURLE_OK;
+}
+
+static CURLcode nss_init_sslver(SSLVersionRange *sslver,
+                                struct SessionHandle *data)
+{
+  switch (data->set.ssl.version) {
+  default:
+  case CURL_SSLVERSION_DEFAULT:
+    sslver->min = SSL_LIBRARY_VERSION_3_0;
+    if(data->state.ssl_connect_retry) {
+      infof(data, "TLS disabled due to previous handshake failure\n");
+      sslver->max = SSL_LIBRARY_VERSION_3_0;
+      return CURLE_OK;
+    }
+  /* intentional fall-through to default to highest TLS version if possible */
+
+  case CURL_SSLVERSION_TLSv1:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
+#elif defined SSL_LIBRARY_VERSION_TLS_1_1
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_1;
+#else
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+#endif
+    return CURLE_OK;
+
+  case CURL_SSLVERSION_SSLv2:
+    sslver->min = SSL_LIBRARY_VERSION_2;
+    sslver->max = SSL_LIBRARY_VERSION_2;
+    return CURLE_OK;
+
+  case CURL_SSLVERSION_SSLv3:
+    sslver->min = SSL_LIBRARY_VERSION_3_0;
+    sslver->max = SSL_LIBRARY_VERSION_3_0;
+    return CURLE_OK;
+
+  case CURL_SSLVERSION_TLSv1_0:
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_0;
+    return CURLE_OK;
+
+  case CURL_SSLVERSION_TLSv1_1:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_1
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_1;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_1;
+    return CURLE_OK;
+#endif
+    break;
+
+  case CURL_SSLVERSION_TLSv1_2:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+    sslver->min = SSL_LIBRARY_VERSION_TLS_1_2;
+    sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
+    return CURLE_OK;
+#endif
+    break;
+  }
+
+  failf(data, "TLS minor version cannot be set");
+  return CURLE_SSL_CONNECT_ERROR;
+}
+
+static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
+                                 struct SessionHandle *data,
+                                 CURLcode curlerr)
+{
+  SSLVersionRange sslver;
+  PRErrorCode err = 0;
+
+  /* reset the flag to avoid an infinite loop */
+  data->state.ssl_connect_retry = FALSE;
+
+  if(is_nss_error(curlerr)) {
+    /* read NSPR error code */
+    err = PR_GetError();
+    if(is_cc_error(err))
+      curlerr = CURLE_SSL_CERTPROBLEM;
+
+    /* print the error number and error string */
+    infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
+
+    /* print a human-readable message describing the error if available */
+    nss_print_error_message(data, err);
+  }
+
+  /* cleanup on connection failure */
+  Curl_llist_destroy(connssl->obj_list, NULL);
+  connssl->obj_list = NULL;
+
+  if(connssl->handle
+      && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
+      && (sslver.min == SSL_LIBRARY_VERSION_3_0)
+      && (sslver.max != SSL_LIBRARY_VERSION_3_0)
+      && isTLSIntoleranceError(err)) {
+    /* schedule reconnect through Curl_retry_request() */
+    data->state.ssl_connect_retry = TRUE;
+    infof(data, "Error in TLS handshake, trying SSLv3...\n");
+    return CURLE_OK;
+  }
+
+  return curlerr;
+}
+
+/* Switch the SSL socket into non-blocking mode. */
+static CURLcode nss_set_nonblock(struct ssl_connect_data *connssl,
+                                 struct SessionHandle *data)
+{
+  static PRSocketOptionData sock_opt;
+  sock_opt.option = PR_SockOpt_Nonblocking;
+  sock_opt.value.non_blocking = PR_TRUE;
+
+  if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
+    return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR);
+
+  return CURLE_OK;
+}
+
+static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+{
+  PRFileDesc *model = NULL;
+  PRFileDesc *nspr_io = NULL;
+  PRFileDesc *nspr_io_stub = NULL;
+  PRBool ssl_no_cache;
+  PRBool ssl_cbc_random_iv;
+  struct SessionHandle *data = conn->data;
+  curl_socket_t sockfd = conn->sock[sockindex];
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  CURLcode curlerr;
+
+  SSLVersionRange sslver = {
+    SSL_LIBRARY_VERSION_TLS_1_0,  /* min */
+    SSL_LIBRARY_VERSION_TLS_1_0   /* max */
+  };
+
+#ifdef USE_NGHTTP2
+#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
+  unsigned int alpn_protos_len = NGHTTP2_PROTO_VERSION_ID_LEN +
+      ALPN_HTTP_1_1_LENGTH + 2;
+  unsigned char alpn_protos[NGHTTP2_PROTO_VERSION_ID_LEN + ALPN_HTTP_1_1_LENGTH
+      + 2];
+  int cur = 0;
+#endif
+#endif
+
+
+  if(connssl->state == ssl_connection_complete)
+    return CURLE_OK;
+
+  connssl->data = data;
+
+  /* list of all NSS objects we need to destroy in Curl_nss_close() */
+  connssl->obj_list = Curl_llist_alloc(nss_destroy_object);
+  if(!connssl->obj_list)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* FIXME. NSS doesn't support multiple databases open at the same time. */
+  PR_Lock(nss_initlock);
+  curlerr = nss_init(conn->data);
+  if(CURLE_OK != curlerr) {
+    PR_Unlock(nss_initlock);
+    goto error;
+  }
+
+  curlerr = CURLE_SSL_CONNECT_ERROR;
+
+  if(!mod) {
+    char *configstring = aprintf("library=%s name=PEM", pem_library);
+    if(!configstring) {
+      PR_Unlock(nss_initlock);
+      goto error;
+    }
+    mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
+    free(configstring);
+
+    if(!mod || !mod->loaded) {
+      if(mod) {
+        SECMOD_DestroyModule(mod);
+        mod = NULL;
+      }
+      infof(data, "WARNING: failed to load NSS PEM library %s. Using "
+            "OpenSSL PEM certificates will not work.\n", pem_library);
+    }
+  }
+
+  PK11_SetPasswordFunc(nss_get_password);
+  PR_Unlock(nss_initlock);
+
+  model = PR_NewTCPSocket();
+  if(!model)
+    goto error;
+  model = SSL_ImportFD(NULL, model);
+
+  if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
+    goto error;
+  if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
+    goto error;
+  if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE) != SECSuccess)
+    goto error;
+
+  /* do not use SSL cache if disabled or we are not going to verify peer */
+  ssl_no_cache = (conn->ssl_config.sessionid && data->set.ssl.verifypeer) ?
+    PR_FALSE : PR_TRUE;
+  if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
+    goto error;
+
+  /* enable/disable the requested SSL version(s) */
+  if(nss_init_sslver(&sslver, data) != CURLE_OK)
+    goto error;
+  if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
+    goto error;
+
+  ssl_cbc_random_iv = !data->set.ssl_enable_beast;
+#ifdef SSL_CBC_RANDOM_IV
+  /* unless the user explicitly asks to allow the protocol vulnerability, we
+     use the work-around */
+  if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess)
+    infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n",
+          ssl_cbc_random_iv);
+#else
+  if(ssl_cbc_random_iv)
+    infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n");
+#endif
+
+  /* reset the flag to avoid an infinite loop */
+  data->state.ssl_connect_retry = FALSE;
+
+  if(data->set.ssl.cipher_list) {
+    if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
+      curlerr = CURLE_SSL_CIPHER;
+      goto error;
+    }
+  }
+
+  if(!data->set.ssl.verifypeer && data->set.ssl.verifyhost)
+    infof(data, "warning: ignoring value of ssl.verifyhost\n");
+
+  /* bypass the default SSL_AuthCertificate() hook in case we do not want to
+   * verify peer */
+  if(SSL_AuthCertificateHook(model, nss_auth_cert_hook, conn) != SECSuccess)
+    goto error;
+
+  data->set.ssl.certverifyresult=0; /* not checked yet */
+  if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
+    goto error;
+
+  if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
+    goto error;
+
+  if(data->set.ssl.verifypeer) {
+    const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
+    if(CURLE_OK != rv) {
+      curlerr = rv;
+      goto error;
+    }
+  }
+
+  if(data->set.ssl.CRLfile) {
+    const CURLcode rv = nss_load_crl(data->set.ssl.CRLfile);
+    if(CURLE_OK != rv) {
+      curlerr = rv;
+      goto error;
+    }
+    infof(data, "  CRLfile: %s\n", data->set.ssl.CRLfile);
+  }
+
+  if(data->set.str[STRING_CERT]) {
+    char *nickname = dup_nickname(data, STRING_CERT);
+    if(nickname) {
+      /* we are not going to use libnsspem.so to read the client cert */
+      connssl->obj_clicert = NULL;
+    }
+    else {
+      CURLcode rv = cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
+                               data->set.str[STRING_KEY]);
+      if(CURLE_OK != rv) {
+        /* failf() is already done in cert_stuff() */
+        curlerr = rv;
+        goto error;
+      }
+    }
+
+    /* store the nickname for SelectClientCert() called during handshake */
+    connssl->client_nickname = nickname;
+  }
+  else
+    connssl->client_nickname = NULL;
+
+  if(SSL_GetClientAuthDataHook(model, SelectClientCert,
+                               (void *)connssl) != SECSuccess) {
+    curlerr = CURLE_SSL_CERTPROBLEM;
+    goto error;
+  }
+
+  /* wrap OS file descriptor by NSPR's file descriptor abstraction */
+  nspr_io = PR_ImportTCPSocket(sockfd);
+  if(!nspr_io)
+    goto error;
+
+  /* create our own NSPR I/O layer */
+  nspr_io_stub = PR_CreateIOLayerStub(nspr_io_identity, &nspr_io_methods);
+  if(!nspr_io_stub) {
+    PR_Close(nspr_io);
+    goto error;
+  }
+
+  /* make the per-connection data accessible from NSPR I/O callbacks */
+  nspr_io_stub->secret = (void *)connssl;
+
+  /* push our new layer to the NSPR I/O stack */
+  if(PR_PushIOLayer(nspr_io, PR_TOP_IO_LAYER, nspr_io_stub) != PR_SUCCESS) {
+    PR_Close(nspr_io);
+    PR_Close(nspr_io_stub);
+    goto error;
+  }
+
+  /* import our model socket onto the current I/O stack */
+  connssl->handle = SSL_ImportFD(model, nspr_io);
+  if(!connssl->handle) {
+    PR_Close(nspr_io);
+    goto error;
+  }
+
+  PR_Close(model); /* We don't need this any more */
+  model = NULL;
+
+  /* This is the password associated with the cert that we're using */
+  if(data->set.str[STRING_KEY_PASSWD]) {
+    SSL_SetPKCS11PinArg(connssl->handle, data->set.str[STRING_KEY_PASSWD]);
+  }
+
+#ifdef USE_NGHTTP2
+  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+#ifdef SSL_ENABLE_NPN
+    if(data->set.ssl_enable_npn) {
+      if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, PR_TRUE) != SECSuccess)
+        goto error;
+    }
+#endif
+
+#ifdef SSL_ENABLE_ALPN
+    if(data->set.ssl_enable_alpn) {
+      if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, PR_TRUE)
+          != SECSuccess)
+        goto error;
+    }
+#endif
+
+#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
+    if(data->set.ssl_enable_npn || data->set.ssl_enable_alpn) {
+      alpn_protos[cur] = NGHTTP2_PROTO_VERSION_ID_LEN;
+      cur++;
+      memcpy(&alpn_protos[cur], NGHTTP2_PROTO_VERSION_ID,
+          NGHTTP2_PROTO_VERSION_ID_LEN);
+      cur += NGHTTP2_PROTO_VERSION_ID_LEN;
+      alpn_protos[cur] = ALPN_HTTP_1_1_LENGTH;
+      cur++;
+      memcpy(&alpn_protos[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
+
+      if(SSL_SetNextProtoNego(connssl->handle, alpn_protos, alpn_protos_len)
+          != SECSuccess)
+        goto error;
+    }
+    else {
+      infof(data, "SSL, can't negotiate HTTP/2.0 with neither NPN nor ALPN\n");
+    }
+#endif
+  }
+#endif
+
+
+  /* Force handshake on next I/O */
+  SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE);
+
+  SSL_SetURL(connssl->handle, conn->host.name);
+
+  return CURLE_OK;
+
+error:
+  if(model)
+    PR_Close(model);
+
+  return nss_fail_connect(connssl, data, curlerr);
+}
+
+static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  CURLcode curlerr = CURLE_SSL_CONNECT_ERROR;
+  PRUint32 timeout;
+
+  /* check timeout situation */
+  const long time_left = Curl_timeleft(data, NULL, TRUE);
+  if(time_left < 0L) {
+    failf(data, "timed out before SSL handshake");
+    curlerr = CURLE_OPERATION_TIMEDOUT;
+    goto error;
+  }
+
+  /* Force the handshake now */
+  timeout = PR_MillisecondsToInterval((PRUint32) time_left);
+  if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
+    if(PR_GetError() == PR_WOULD_BLOCK_ERROR)
+      /* blocking direction is updated by nss_update_connecting_state() */
+      return CURLE_AGAIN;
+    else if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
+      curlerr = CURLE_PEER_FAILED_VERIFICATION;
+    else if(conn->data->set.ssl.certverifyresult!=0)
+      curlerr = CURLE_SSL_CACERT;
+    goto error;
+  }
+
+  connssl->state = ssl_connection_complete;
+  conn->recv[sockindex] = nss_recv;
+  conn->send[sockindex] = nss_send;
+
+  display_conn_info(conn, connssl->handle);
+
+  if(data->set.str[STRING_SSL_ISSUERCERT]) {
+    SECStatus ret = SECFailure;
+    char *nickname = dup_nickname(data, STRING_SSL_ISSUERCERT);
+    if(nickname) {
+      /* we support only nicknames in case of STRING_SSL_ISSUERCERT for now */
+      ret = check_issuer_cert(connssl->handle, nickname);
+      free(nickname);
+    }
+
+    if(SECFailure == ret) {
+      infof(data,"SSL certificate issuer check failed\n");
+      curlerr = CURLE_SSL_ISSUER_ERROR;
+      goto error;
+    }
+    else {
+      infof(data, "SSL certificate issuer check ok\n");
+    }
+  }
+
+  return CURLE_OK;
+
+error:
+  return nss_fail_connect(connssl, data, curlerr);
+}
+
+static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
+                                   bool *done)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  const bool blocking = (done == NULL);
+  CURLcode rv;
+
+  if(connssl->connecting_state == ssl_connect_1) {
+    rv = nss_setup_connect(conn, sockindex);
+    if(rv)
+      /* we do not expect CURLE_AGAIN from nss_setup_connect() */
+      return rv;
+
+    if(!blocking) {
+      /* in non-blocking mode, set NSS non-blocking mode before handshake */
+      rv = nss_set_nonblock(connssl, data);
+      if(rv)
+        return rv;
+    }
+
+    connssl->connecting_state = ssl_connect_2;
+  }
+
+  rv = nss_do_connect(conn, sockindex);
+  switch(rv) {
+  case CURLE_OK:
+    break;
+  case CURLE_AGAIN:
+    if(!blocking)
+      /* CURLE_AGAIN in non-blocking mode is not an error */
+      return CURLE_OK;
+    /* fall through */
+  default:
+    return rv;
+  }
+
+  if(blocking) {
+    /* in blocking mode, set NSS non-blocking mode _after_ SSL handshake */
+    rv = nss_set_nonblock(connssl, data);
+    if(rv)
+      return rv;
+  }
+  else
+    /* signal completed SSL handshake */
+    *done = TRUE;
+
+  connssl->connecting_state = ssl_connect_done;
+  return CURLE_OK;
+}
+
+CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+{
+  return nss_connect_common(conn, sockindex, /* blocking */ NULL);
+}
+
+CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
+                                      int sockindex, bool *done)
+{
+  return nss_connect_common(conn, sockindex, done);
+}
+
+static ssize_t nss_send(struct connectdata *conn,  /* connection data */
+                        int sockindex,             /* socketindex */
+                        const void *mem,           /* send this data */
+                        size_t len,                /* amount to write */
+                        CURLcode *curlcode)
+{
+  ssize_t rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0,
+                       PR_INTERVAL_NO_WAIT);
+  if(rc < 0) {
+    PRInt32 err = PR_GetError();
+    if(err == PR_WOULD_BLOCK_ERROR)
+      *curlcode = CURLE_AGAIN;
+    else {
+      /* print the error number and error string */
+      const char *err_name = nss_error_to_name(err);
+      infof(conn->data, "SSL write: error %d (%s)\n", err, err_name);
+
+      /* print a human-readable message describing the error if available */
+      nss_print_error_message(conn->data, err);
+
+      *curlcode = (is_cc_error(err))
+        ? CURLE_SSL_CERTPROBLEM
+        : CURLE_SEND_ERROR;
+    }
+    return -1;
+  }
+  return rc; /* number of bytes */
+}
+
+static ssize_t nss_recv(struct connectdata * conn, /* connection data */
+                        int num,                   /* socketindex */
+                        char *buf,                 /* store read data here */
+                        size_t buffersize,         /* max amount to read */
+                        CURLcode *curlcode)
+{
+  ssize_t nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0,
+                          PR_INTERVAL_NO_WAIT);
+  if(nread < 0) {
+    /* failed SSL read */
+    PRInt32 err = PR_GetError();
+
+    if(err == PR_WOULD_BLOCK_ERROR)
+      *curlcode = CURLE_AGAIN;
+    else {
+      /* print the error number and error string */
+      const char *err_name = nss_error_to_name(err);
+      infof(conn->data, "SSL read: errno %d (%s)\n", err, err_name);
+
+      /* print a human-readable message describing the error if available */
+      nss_print_error_message(conn->data, err);
+
+      *curlcode = (is_cc_error(err))
+        ? CURLE_SSL_CERTPROBLEM
+        : CURLE_RECV_ERROR;
+    }
+    return -1;
+  }
+  return nread;
+}
+
+size_t Curl_nss_version(char *buffer, size_t size)
+{
+  return snprintf(buffer, size, "NSS/%s", NSS_VERSION);
+}
+
+int Curl_nss_seed(struct SessionHandle *data)
+{
+  /* make sure that NSS is initialized */
+  return !!Curl_nss_force_init(data);
+}
+
+/* data might be NULL */
+int Curl_nss_random(struct SessionHandle *data,
+                    unsigned char *entropy,
+                    size_t length)
+{
+  if(data)
+    Curl_nss_seed(data);  /* Initiate the seed if not already done */
+  if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) {
+    /* no way to signal a failure from here, we have to abort */
+    failf(data, "PK11_GenerateRandom() failed, calling abort()...");
+    abort();
+  }
+  return 0;
+}
+
+void Curl_nss_md5sum(unsigned char *tmp, /* input */
+                     size_t tmplen,
+                     unsigned char *md5sum, /* output */
+                     size_t md5len)
+{
+  PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
+  unsigned int MD5out;
+  PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen));
+  PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len));
+  PK11_DestroyContext(MD5pw, PR_TRUE);
+}
+
+#endif /* USE_NSS */
diff --git a/Utilities/cmcurl/lib/vtls/nssg.h b/Utilities/cmcurl/lib/vtls/nssg.h
new file mode 100644
index 0000000..311f873
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/nssg.h
@@ -0,0 +1,89 @@
+#ifndef HEADER_CURL_NSSG_H
+#define HEADER_CURL_NSSG_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_NSS
+/*
+ * This header should only be needed to get included by vtls.c and nss.c
+ */
+
+#include "urldata.h"
+
+CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex);
+CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
+                                      int sockindex,
+                                      bool *done);
+/* close a SSL connection */
+void Curl_nss_close(struct connectdata *conn, int sockindex);
+
+/* tell NSS to close down all open information regarding connections (and
+   thus session ID caching etc) */
+int Curl_nss_close_all(struct SessionHandle *data);
+
+int Curl_nss_init(void);
+void Curl_nss_cleanup(void);
+
+size_t Curl_nss_version(char *buffer, size_t size);
+int Curl_nss_check_cxn(struct connectdata *cxn);
+int Curl_nss_seed(struct SessionHandle *data);
+
+/* initialize NSS library if not already */
+CURLcode Curl_nss_force_init(struct SessionHandle *data);
+
+int Curl_nss_random(struct SessionHandle *data,
+                    unsigned char *entropy,
+                    size_t length);
+
+void Curl_nss_md5sum(unsigned char *tmp, /* input */
+                     size_t tmplen,
+                     unsigned char *md5sum, /* output */
+                     size_t md5len);
+
+/* this backend provides these functions: */
+#define have_curlssl_md5sum 1
+
+/* API setup for NSS */
+#define curlssl_init Curl_nss_init
+#define curlssl_cleanup Curl_nss_cleanup
+#define curlssl_connect Curl_nss_connect
+#define curlssl_connect_nonblocking Curl_nss_connect_nonblocking
+
+/* NSS has its own session ID cache */
+#define curlssl_session_free(x) Curl_nop_stmt
+#define curlssl_close_all Curl_nss_close_all
+#define curlssl_close Curl_nss_close
+/* NSS has no shutdown function provided and thus always fail */
+#define curlssl_shutdown(x,y) (x=x, y=y, 1)
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_nss_version
+#define curlssl_check_cxn(x) Curl_nss_check_cxn(x)
+#define curlssl_data_pending(x,y) (x=x, y=y, 0)
+#define curlssl_random(x,y,z) Curl_nss_random(x,y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_nss_md5sum(a,b,c,d)
+#define CURL_SSL_BACKEND CURLSSLBACKEND_NSS
+
+#endif /* USE_NSS */
+#endif /* HEADER_CURL_NSSG_H */
diff --git a/Utilities/cmcurl/lib/vtls/openssl.c b/Utilities/cmcurl/lib/vtls/openssl.c
new file mode 100644
index 0000000..da92854
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/openssl.c
@@ -0,0 +1,2918 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ */
+
+/*
+ * The original SSLeay-using code for curl was written by Linas Vepstas and
+ * Sampo Kellomaki 1998.
+ */
+
+#include "curl_setup.h"
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "formdata.h" /* for the boundary function */
+#include "url.h" /* for the ssl config check function */
+#include "inet_pton.h"
+#include "openssl.h"
+#include "connect.h"
+#include "slist.h"
+#include "strequal.h"
+#include "select.h"
+#include "vtls.h"
+#include "rawstr.h"
+#include "hostcheck.h"
+
+#define _MPRINTF_REPLACE /* use the internal *printf() functions */
+#include <curl/mprintf.h>
+
+#ifdef USE_SSLEAY
+
+#ifdef USE_OPENSSL
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+#include <openssl/md5.h>
+#include <openssl/conf.h>
+#else
+#include <rand.h>
+#include <x509v3.h>
+#include <md5.h>
+#endif
+
+#include "warnless.h"
+#include "curl_memory.h"
+#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifndef OPENSSL_VERSION_NUMBER
+#error "OPENSSL_VERSION_NUMBER not defined"
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090581fL
+#define HAVE_SSL_GET1_SESSION 1
+#else
+#undef HAVE_SSL_GET1_SESSION
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x00904100L
+#define HAVE_USERDATA_IN_PWD_CALLBACK 1
+#else
+#undef HAVE_USERDATA_IN_PWD_CALLBACK
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x00907001L
+/* ENGINE_load_private_key() takes four arguments */
+#define HAVE_ENGINE_LOAD_FOUR_ARGS
+#include <openssl/ui.h>
+#else
+/* ENGINE_load_private_key() takes three arguments */
+#undef HAVE_ENGINE_LOAD_FOUR_ARGS
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x00903001L) && defined(HAVE_OPENSSL_PKCS12_H)
+/* OpenSSL has PKCS 12 support */
+#define HAVE_PKCS12_SUPPORT
+#else
+/* OpenSSL/SSLEay does not have PKCS12 support */
+#undef HAVE_PKCS12_SUPPORT
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x00906001L
+#define HAVE_ERR_ERROR_STRING_N 1
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+#define SSL_METHOD_QUAL const
+#else
+#define SSL_METHOD_QUAL
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+/* 0.9.6 didn't have X509_STORE_set_flags() */
+#define HAVE_X509_STORE_SET_FLAGS 1
+#else
+#define X509_STORE_set_flags(x,y) Curl_nop_stmt
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#define HAVE_ERR_REMOVE_THREAD_STATE 1
+#endif
+
+#ifndef HAVE_SSLV2_CLIENT_METHOD
+#undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
+#define OPENSSL_NO_SSL2
+#endif
+
+/*
+ * Number of bytes to read from the random number seed file. This must be
+ * a finite value (because some entropy "files" like /dev/urandom have
+ * an infinite length), but must be large enough to provide enough
+ * entopy to properly seed OpenSSL's PRNG.
+ */
+#define RAND_LOAD_LENGTH 1024
+
+#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
+static char global_passwd[64];
+#endif
+
+static int passwd_callback(char *buf, int num, int encrypting
+#ifdef HAVE_USERDATA_IN_PWD_CALLBACK
+                           /* This was introduced in 0.9.4, we can set this
+                              using SSL_CTX_set_default_passwd_cb_userdata()
+                              */
+                           , void *global_passwd
+#endif
+                           )
+{
+  DEBUGASSERT(0 == encrypting);
+
+  if(!encrypting) {
+    int klen = curlx_uztosi(strlen((char *)global_passwd));
+    if(num > klen) {
+      memcpy(buf, global_passwd, klen+1);
+      return klen;
+    }
+  }
+  return 0;
+}
+
+/*
+ * rand_enough() is a function that returns TRUE if we have seeded the random
+ * engine properly. We use some preprocessor magic to provide a seed_enough()
+ * macro to use, just to prevent a compiler warning on this function if we
+ * pass in an argument that is never used.
+ */
+
+#ifdef HAVE_RAND_STATUS
+#define seed_enough(x) rand_enough()
+static bool rand_enough(void)
+{
+  return (0 != RAND_status()) ? TRUE : FALSE;
+}
+#else
+#define seed_enough(x) rand_enough(x)
+static bool rand_enough(int nread)
+{
+  /* this is a very silly decision to make */
+  return (nread > 500) ? TRUE : FALSE;
+}
+#endif
+
+static int ossl_seed(struct SessionHandle *data)
+{
+  char *buf = data->state.buffer; /* point to the big buffer */
+  int nread=0;
+
+  /* Q: should we add support for a random file name as a libcurl option?
+     A: Yes, it is here */
+
+#ifndef RANDOM_FILE
+  /* if RANDOM_FILE isn't defined, we only perform this if an option tells
+     us to! */
+  if(data->set.ssl.random_file)
+#define RANDOM_FILE "" /* doesn't matter won't be used */
+#endif
+  {
+    /* let the option override the define */
+    nread += RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
+                             data->set.str[STRING_SSL_RANDOM_FILE]:
+                             RANDOM_FILE),
+                            RAND_LOAD_LENGTH);
+    if(seed_enough(nread))
+      return nread;
+  }
+
+#if defined(HAVE_RAND_EGD)
+  /* only available in OpenSSL 0.9.5 and later */
+  /* EGD_SOCKET is set at configure time or not at all */
+#ifndef EGD_SOCKET
+  /* If we don't have the define set, we only do this if the egd-option
+     is set */
+  if(data->set.str[STRING_SSL_EGDSOCKET])
+#define EGD_SOCKET "" /* doesn't matter won't be used */
+#endif
+  {
+    /* If there's an option and a define, the option overrides the
+       define */
+    int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
+                       data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
+    if(-1 != ret) {
+      nread += ret;
+      if(seed_enough(nread))
+        return nread;
+    }
+  }
+#endif
+
+  /* If we get here, it means we need to seed the PRNG using a "silly"
+     approach! */
+  do {
+    unsigned char randb[64];
+    int len = sizeof(randb);
+    RAND_bytes(randb, len);
+    RAND_add(randb, len, (len >> 1));
+  } while(!RAND_status());
+
+  /* generates a default path for the random seed file */
+  buf[0]=0; /* blank it first */
+  RAND_file_name(buf, BUFSIZE);
+  if(buf[0]) {
+    /* we got a file name to try */
+    nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
+    if(seed_enough(nread))
+      return nread;
+  }
+
+  infof(data, "libcurl is now using a weak random seed!\n");
+  return nread;
+}
+
+static int Curl_ossl_seed(struct SessionHandle *data)
+{
+  /* we have the "SSL is seeded" boolean static to prevent multiple
+     time-consuming seedings in vain */
+  static bool ssl_seeded = FALSE;
+
+  if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
+     data->set.str[STRING_SSL_EGDSOCKET]) {
+    ossl_seed(data);
+    ssl_seeded = TRUE;
+  }
+  return 0;
+}
+
+
+#ifndef SSL_FILETYPE_ENGINE
+#define SSL_FILETYPE_ENGINE 42
+#endif
+#ifndef SSL_FILETYPE_PKCS12
+#define SSL_FILETYPE_PKCS12 43
+#endif
+static int do_file_type(const char *type)
+{
+  if(!type || !type[0])
+    return SSL_FILETYPE_PEM;
+  if(Curl_raw_equal(type, "PEM"))
+    return SSL_FILETYPE_PEM;
+  if(Curl_raw_equal(type, "DER"))
+    return SSL_FILETYPE_ASN1;
+  if(Curl_raw_equal(type, "ENG"))
+    return SSL_FILETYPE_ENGINE;
+  if(Curl_raw_equal(type, "P12"))
+    return SSL_FILETYPE_PKCS12;
+  return -1;
+}
+
+#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_LOAD_FOUR_ARGS)
+/*
+ * Supply default password to the engine user interface conversation.
+ * The password is passed by OpenSSL engine from ENGINE_load_private_key()
+ * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
+ */
+static int ssl_ui_reader(UI *ui, UI_STRING *uis)
+{
+  const char *password;
+  switch(UI_get_string_type(uis)) {
+  case UIT_PROMPT:
+  case UIT_VERIFY:
+    password = (const char*)UI_get0_user_data(ui);
+    if(NULL != password &&
+       UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD) {
+      UI_set_result(ui, uis, password);
+      return 1;
+    }
+  default:
+    break;
+  }
+  return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
+}
+
+/*
+ * Suppress interactive request for a default password if available.
+ */
+static int ssl_ui_writer(UI *ui, UI_STRING *uis)
+{
+  switch(UI_get_string_type(uis)) {
+  case UIT_PROMPT:
+  case UIT_VERIFY:
+    if(NULL != UI_get0_user_data(ui) &&
+       UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD) {
+      return 1;
+    }
+  default:
+    break;
+  }
+  return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
+}
+#endif
+
+static
+int cert_stuff(struct connectdata *conn,
+               SSL_CTX* ctx,
+               char *cert_file,
+               const char *cert_type,
+               char *key_file,
+               const char *key_type)
+{
+  struct SessionHandle *data = conn->data;
+
+  int file_type = do_file_type(cert_type);
+
+  if(cert_file != NULL || file_type == SSL_FILETYPE_ENGINE) {
+    SSL *ssl;
+    X509 *x509;
+    int cert_done = 0;
+
+    if(data->set.str[STRING_KEY_PASSWD]) {
+#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
+      /*
+       * If password has been given, we store that in the global
+       * area (*shudder*) for a while:
+       */
+      size_t len = strlen(data->set.str[STRING_KEY_PASSWD]);
+      if(len < sizeof(global_passwd))
+        memcpy(global_passwd, data->set.str[STRING_KEY_PASSWD], len+1);
+      else
+        global_passwd[0] = '\0';
+#else
+      /*
+       * We set the password in the callback userdata
+       */
+      SSL_CTX_set_default_passwd_cb_userdata(ctx,
+                                             data->set.str[STRING_KEY_PASSWD]);
+#endif
+      /* Set passwd callback: */
+      SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
+    }
+
+
+#define SSL_CLIENT_CERT_ERR \
+    "unable to use client certificate (no key found or wrong pass phrase?)"
+
+    switch(file_type) {
+    case SSL_FILETYPE_PEM:
+      /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
+      if(SSL_CTX_use_certificate_chain_file(ctx,
+                                            cert_file) != 1) {
+        failf(data, SSL_CLIENT_CERT_ERR);
+        return 0;
+      }
+      break;
+
+    case SSL_FILETYPE_ASN1:
+      /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
+         we use the case above for PEM so this can only be performed with
+         ASN1 files. */
+      if(SSL_CTX_use_certificate_file(ctx,
+                                      cert_file,
+                                      file_type) != 1) {
+        failf(data, SSL_CLIENT_CERT_ERR);
+        return 0;
+      }
+      break;
+    case SSL_FILETYPE_ENGINE:
+#if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
+      {
+        if(data->state.engine) {
+          const char *cmd_name = "LOAD_CERT_CTRL";
+          struct {
+            const char *cert_id;
+            X509 *cert;
+          } params;
+
+          params.cert_id = cert_file;
+          params.cert = NULL;
+
+          /* Does the engine supports LOAD_CERT_CTRL ? */
+          if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
+                          0, (void *)cmd_name, NULL)) {
+            failf(data, "ssl engine does not support loading certificates");
+            return 0;
+          }
+
+          /* Load the certificate from the engine */
+          if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
+                              0, &params, NULL, 1)) {
+            failf(data, "ssl engine cannot load client cert with id"
+                  " '%s' [%s]", cert_file,
+                  ERR_error_string(ERR_get_error(), NULL));
+            return 0;
+          }
+
+          if(!params.cert) {
+            failf(data, "ssl engine didn't initialized the certificate "
+                  "properly.");
+            return 0;
+          }
+
+          if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
+            failf(data, "unable to set client certificate");
+            X509_free(params.cert);
+            return 0;
+          }
+          X509_free(params.cert); /* we don't need the handle any more... */
+        }
+        else {
+          failf(data, "crypto engine not set, can't load certificate");
+          return 0;
+        }
+      }
+      break;
+#else
+      failf(data, "file type ENG for certificate not implemented");
+      return 0;
+#endif
+
+    case SSL_FILETYPE_PKCS12:
+    {
+#ifdef HAVE_PKCS12_SUPPORT
+      FILE *f;
+      PKCS12 *p12;
+      EVP_PKEY *pri;
+      STACK_OF(X509) *ca = NULL;
+      int i;
+
+      f = fopen(cert_file,"rb");
+      if(!f) {
+        failf(data, "could not open PKCS12 file '%s'", cert_file);
+        return 0;
+      }
+      p12 = d2i_PKCS12_fp(f, NULL);
+      fclose(f);
+
+      if(!p12) {
+        failf(data, "error reading PKCS12 file '%s'", cert_file );
+        return 0;
+      }
+
+      PKCS12_PBE_add();
+
+      if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509,
+                       &ca)) {
+        failf(data,
+              "could not parse PKCS12 file, check password, OpenSSL error %s",
+              ERR_error_string(ERR_get_error(), NULL) );
+        PKCS12_free(p12);
+        return 0;
+      }
+
+      PKCS12_free(p12);
+
+      if(SSL_CTX_use_certificate(ctx, x509) != 1) {
+        failf(data, SSL_CLIENT_CERT_ERR);
+        goto fail;
+      }
+
+      if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
+        failf(data, "unable to use private key from PKCS12 file '%s'",
+              cert_file);
+        goto fail;
+      }
+
+      if(!SSL_CTX_check_private_key (ctx)) {
+        failf(data, "private key from PKCS12 file '%s' "
+              "does not match certificate in same file", cert_file);
+        goto fail;
+      }
+      /* Set Certificate Verification chain */
+      if(ca && sk_X509_num(ca)) {
+        for(i = 0; i < sk_X509_num(ca); i++) {
+          /*
+           * Note that sk_X509_pop() is used below to make sure the cert is
+           * removed from the stack properly before getting passed to
+           * SSL_CTX_add_extra_chain_cert(). Previously we used
+           * sk_X509_value() instead, but then we'd clean it in the subsequent
+           * sk_X509_pop_free() call.
+           */
+          X509 *x = sk_X509_pop(ca);
+          if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
+            failf(data, "cannot add certificate to certificate chain");
+            goto fail;
+          }
+          /* SSL_CTX_add_client_CA() seems to work with either sk_* function,
+           * presumably because it duplicates what we pass to it.
+           */
+          if(!SSL_CTX_add_client_CA(ctx, x)) {
+            failf(data, "cannot add certificate to client CA list");
+            goto fail;
+          }
+        }
+      }
+
+      cert_done = 1;
+  fail:
+      EVP_PKEY_free(pri);
+      X509_free(x509);
+      sk_X509_pop_free(ca, X509_free);
+
+      if(!cert_done)
+        return 0; /* failure! */
+      break;
+#else
+      failf(data, "file type P12 for certificate not supported");
+      return 0;
+#endif
+    }
+    default:
+      failf(data, "not supported file type '%s' for certificate", cert_type);
+      return 0;
+    }
+
+    file_type = do_file_type(key_type);
+
+    switch(file_type) {
+    case SSL_FILETYPE_PEM:
+      if(cert_done)
+        break;
+      if(key_file == NULL)
+        /* cert & key can only be in PEM case in the same file */
+        key_file=cert_file;
+    case SSL_FILETYPE_ASN1:
+      if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
+        failf(data, "unable to set private key file: '%s' type %s",
+              key_file, key_type?key_type:"PEM");
+        return 0;
+      }
+      break;
+    case SSL_FILETYPE_ENGINE:
+#ifdef HAVE_OPENSSL_ENGINE_H
+      {                         /* XXXX still needs some work */
+        EVP_PKEY *priv_key = NULL;
+        if(data->state.engine) {
+#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
+          UI_METHOD *ui_method =
+            UI_create_method((char *)"cURL user interface");
+          if(NULL == ui_method) {
+            failf(data, "unable do create OpenSSL user-interface method");
+            return 0;
+          }
+          UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
+          UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
+          UI_method_set_reader(ui_method, ssl_ui_reader);
+          UI_method_set_writer(ui_method, ssl_ui_writer);
+#endif
+          /* the typecast below was added to please mingw32 */
+          priv_key = (EVP_PKEY *)
+            ENGINE_load_private_key(data->state.engine,key_file,
+#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
+                                    ui_method,
+#endif
+                                    data->set.str[STRING_KEY_PASSWD]);
+#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
+          UI_destroy_method(ui_method);
+#endif
+          if(!priv_key) {
+            failf(data, "failed to load private key from crypto engine");
+            return 0;
+          }
+          if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
+            failf(data, "unable to set private key");
+            EVP_PKEY_free(priv_key);
+            return 0;
+          }
+          EVP_PKEY_free(priv_key);  /* we don't need the handle any more... */
+        }
+        else {
+          failf(data, "crypto engine not set, can't load private key");
+          return 0;
+        }
+      }
+      break;
+#else
+      failf(data, "file type ENG for private key not supported");
+      return 0;
+#endif
+    case SSL_FILETYPE_PKCS12:
+      if(!cert_done) {
+        failf(data, "file type P12 for private key not supported");
+        return 0;
+      }
+      break;
+    default:
+      failf(data, "not supported file type for private key");
+      return 0;
+    }
+
+    ssl=SSL_new(ctx);
+    if(NULL == ssl) {
+      failf(data,"unable to create an SSL structure");
+      return 0;
+    }
+
+    x509=SSL_get_certificate(ssl);
+
+    /* This version was provided by Evan Jordan and is supposed to not
+       leak memory as the previous version: */
+    if(x509 != NULL) {
+      EVP_PKEY *pktmp = X509_get_pubkey(x509);
+      EVP_PKEY_copy_parameters(pktmp,SSL_get_privatekey(ssl));
+      EVP_PKEY_free(pktmp);
+    }
+
+    SSL_free(ssl);
+
+    /* If we are using DSA, we can copy the parameters from
+     * the private key */
+
+
+    /* Now we know that a key and cert have been set against
+     * the SSL context */
+    if(!SSL_CTX_check_private_key(ctx)) {
+      failf(data, "Private key does not match the certificate public key");
+      return 0;
+    }
+#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
+    /* erase it now */
+    memset(global_passwd, 0, sizeof(global_passwd));
+#endif
+  }
+  return 1;
+}
+
+/* returns non-zero on failure */
+static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
+{
+#if 0
+  return X509_NAME_oneline(a, buf, size);
+#else
+  BIO *bio_out = BIO_new(BIO_s_mem());
+  BUF_MEM *biomem;
+  int rc;
+
+  if(!bio_out)
+    return 1; /* alloc failed! */
+
+  rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
+  BIO_get_mem_ptr(bio_out, &biomem);
+
+  if((size_t)biomem->length < size)
+    size = biomem->length;
+  else
+    size--; /* don't overwrite the buffer end */
+
+  memcpy(buf, biomem->data, size);
+  buf[size]=0;
+
+  BIO_free(bio_out);
+
+  return !rc;
+#endif
+}
+
+static
+int cert_verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+  X509 *err_cert;
+  char buf[256];
+
+  err_cert=X509_STORE_CTX_get_current_cert(ctx);
+  (void)x509_name_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
+  return ok;
+}
+
+/* Return error string for last OpenSSL error
+ */
+static char *SSL_strerror(unsigned long error, char *buf, size_t size)
+{
+#ifdef HAVE_ERR_ERROR_STRING_N
+  /* OpenSSL 0.9.6 and later has a function named
+     ERRO_error_string_n() that takes the size of the buffer as a
+     third argument */
+  ERR_error_string_n(error, buf, size);
+#else
+  (void) size;
+  ERR_error_string(error, buf);
+#endif
+  return buf;
+}
+
+#endif /* USE_SSLEAY */
+
+#ifdef USE_SSLEAY
+/**
+ * Global SSL init
+ *
+ * @retval 0 error initializing SSL
+ * @retval 1 SSL initialized successfully
+ */
+int Curl_ossl_init(void)
+{
+#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
+  ENGINE_load_builtin_engines();
+#endif
+
+  /* Lets get nice error messages */
+  SSL_load_error_strings();
+
+  /* Init the global ciphers and digests */
+  if(!SSLeay_add_ssl_algorithms())
+    return 0;
+
+  OpenSSL_add_all_algorithms();
+
+
+  /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately
+     that function makes an exit() call on wrongly formatted config files
+     which makes it hard to use in some situations. OPENSSL_config() itself
+     calls CONF_modules_load_file() and we use that instead and we ignore
+     its return code! */
+
+  (void)CONF_modules_load_file(NULL, NULL,
+                               CONF_MFLAGS_DEFAULT_SECTION|
+                               CONF_MFLAGS_IGNORE_MISSING_FILE);
+
+  return 1;
+}
+
+#endif /* USE_SSLEAY */
+
+#ifdef USE_SSLEAY
+
+/* Global cleanup */
+void Curl_ossl_cleanup(void)
+{
+  /* Free ciphers and digests lists */
+  EVP_cleanup();
+
+#ifdef HAVE_ENGINE_CLEANUP
+  /* Free engine list */
+  ENGINE_cleanup();
+#endif
+
+#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
+  /* Free OpenSSL ex_data table */
+  CRYPTO_cleanup_all_ex_data();
+#endif
+
+  /* Free OpenSSL error strings */
+  ERR_free_strings();
+
+  /* Free thread local error state, destroying hash upon zero refcount */
+#ifdef HAVE_ERR_REMOVE_THREAD_STATE
+  ERR_remove_thread_state(NULL);
+#else
+  ERR_remove_state(0);
+#endif
+}
+
+/*
+ * This function uses SSL_peek to determine connection status.
+ *
+ * Return codes:
+ *     1 means the connection is still in place
+ *     0 means the connection has been closed
+ *    -1 means the connection status is unknown
+ */
+int Curl_ossl_check_cxn(struct connectdata *conn)
+{
+  int rc;
+  char buf;
+
+  rc = SSL_peek(conn->ssl[FIRSTSOCKET].handle, (void*)&buf, 1);
+  if(rc > 0)
+    return 1; /* connection still in place */
+
+  if(rc == 0)
+    return 0; /* connection has been closed */
+
+  return -1; /* connection status unknown */
+}
+
+/* Selects an OpenSSL crypto engine
+ */
+CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  ENGINE *e;
+
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+  e = ENGINE_by_id(engine);
+#else
+  /* avoid memory leak */
+  for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
+    const char *e_id = ENGINE_get_id(e);
+    if(!strcmp(engine, e_id))
+      break;
+  }
+#endif
+
+  if(!e) {
+    failf(data, "SSL Engine '%s' not found", engine);
+    return CURLE_SSL_ENGINE_NOTFOUND;
+  }
+
+  if(data->state.engine) {
+    ENGINE_finish(data->state.engine);
+    ENGINE_free(data->state.engine);
+    data->state.engine = NULL;
+  }
+  if(!ENGINE_init(e)) {
+    char buf[256];
+
+    ENGINE_free(e);
+    failf(data, "Failed to initialise SSL Engine '%s':\n%s",
+          engine, SSL_strerror(ERR_get_error(), buf, sizeof(buf)));
+    return CURLE_SSL_ENGINE_INITFAILED;
+  }
+  data->state.engine = e;
+  return CURLE_OK;
+#else
+  (void)engine;
+  failf(data, "SSL Engine not supported");
+  return CURLE_SSL_ENGINE_NOTFOUND;
+#endif
+}
+
+/* Sets engine as default for all SSL operations
+ */
+CURLcode Curl_ossl_set_engine_default(struct SessionHandle *data)
+{
+#ifdef HAVE_OPENSSL_ENGINE_H
+  if(data->state.engine) {
+    if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
+      infof(data,"set default crypto engine '%s'\n",
+            ENGINE_get_id(data->state.engine));
+    }
+    else {
+      failf(data, "set default crypto engine '%s' failed",
+            ENGINE_get_id(data->state.engine));
+      return CURLE_SSL_ENGINE_SETFAILED;
+    }
+  }
+#else
+  (void) data;
+#endif
+  return CURLE_OK;
+}
+
+/* Return list of OpenSSL crypto engine names.
+ */
+struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data)
+{
+  struct curl_slist *list = NULL;
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  struct curl_slist *beg;
+  ENGINE *e;
+
+  for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
+    beg = curl_slist_append(list, ENGINE_get_id(e));
+    if(!beg) {
+      curl_slist_free_all(list);
+      return NULL;
+    }
+    list = beg;
+  }
+#endif
+  (void) data;
+  return list;
+}
+
+
+/*
+ * This function is called when an SSL connection is closed.
+ */
+void Curl_ossl_close(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  if(connssl->handle) {
+    (void)SSL_shutdown(connssl->handle);
+    SSL_set_connect_state(connssl->handle);
+
+    SSL_free (connssl->handle);
+    connssl->handle = NULL;
+  }
+  if(connssl->ctx) {
+    SSL_CTX_free (connssl->ctx);
+    connssl->ctx = NULL;
+  }
+}
+
+/*
+ * This function is called to shut down the SSL layer but keep the
+ * socket open (CCC - Clear Command Channel)
+ */
+int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
+{
+  int retval = 0;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
+                    to be at least 120 bytes long. */
+  unsigned long sslerror;
+  ssize_t nread;
+  int buffsize;
+  int err;
+  int done = 0;
+
+  /* This has only been tested on the proftpd server, and the mod_tls code
+     sends a close notify alert without waiting for a close notify alert in
+     response. Thus we wait for a close notify alert from the server, but
+     we do not send one. Let's hope other servers do the same... */
+
+  if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
+      (void)SSL_shutdown(connssl->handle);
+
+  if(connssl->handle) {
+    buffsize = (int)sizeof(buf);
+    while(!done) {
+      int what = Curl_socket_ready(conn->sock[sockindex],
+                                   CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+      if(what > 0) {
+        ERR_clear_error();
+
+        /* Something to read, let's do it and hope that it is the close
+           notify alert from the server */
+        nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf,
+                                  buffsize);
+        err = SSL_get_error(conn->ssl[sockindex].handle, (int)nread);
+
+        switch(err) {
+        case SSL_ERROR_NONE: /* this is not an error */
+        case SSL_ERROR_ZERO_RETURN: /* no more data */
+          /* This is the expected response. There was no data but only
+             the close notify alert */
+          done = 1;
+          break;
+        case SSL_ERROR_WANT_READ:
+          /* there's data pending, re-invoke SSL_read() */
+          infof(data, "SSL_ERROR_WANT_READ\n");
+          break;
+        case SSL_ERROR_WANT_WRITE:
+          /* SSL wants a write. Really odd. Let's bail out. */
+          infof(data, "SSL_ERROR_WANT_WRITE\n");
+          done = 1;
+          break;
+        default:
+          /* openssl/ssl.h says "look at error stack/return value/errno" */
+          sslerror = ERR_get_error();
+          failf(conn->data, "SSL read: %s, errno %d",
+                ERR_error_string(sslerror, buf),
+                SOCKERRNO);
+          done = 1;
+          break;
+        }
+      }
+      else if(0 == what) {
+        /* timeout */
+        failf(data, "SSL shutdown timeout");
+        done = 1;
+      }
+      else {
+        /* anything that gets here is fatally bad */
+        failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        retval = -1;
+        done = 1;
+      }
+    } /* while()-loop for the select() */
+
+    if(data->set.verbose) {
+#ifdef HAVE_SSL_GET_SHUTDOWN
+      switch(SSL_get_shutdown(connssl->handle)) {
+      case SSL_SENT_SHUTDOWN:
+        infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
+        break;
+      case SSL_RECEIVED_SHUTDOWN:
+        infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
+        break;
+      case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
+        infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
+              "SSL_RECEIVED__SHUTDOWN\n");
+        break;
+      }
+#endif
+    }
+
+    SSL_free (connssl->handle);
+    connssl->handle = NULL;
+  }
+  return retval;
+}
+
+void Curl_ossl_session_free(void *ptr)
+{
+  /* free the ID */
+  SSL_SESSION_free(ptr);
+}
+
+/*
+ * This function is called when the 'data' struct is going away. Close
+ * down everything and free all resources!
+ */
+int Curl_ossl_close_all(struct SessionHandle *data)
+{
+#ifdef HAVE_OPENSSL_ENGINE_H
+  if(data->state.engine) {
+    ENGINE_finish(data->state.engine);
+    ENGINE_free(data->state.engine);
+    data->state.engine = NULL;
+  }
+#else
+  (void)data;
+#endif
+  return 0;
+}
+
+static int asn1_output(const ASN1_UTCTIME *tm,
+                       char *buf,
+                       size_t sizeofbuf)
+{
+  const char *asn1_string;
+  int gmt=FALSE;
+  int i;
+  int year=0,month=0,day=0,hour=0,minute=0,second=0;
+
+  i=tm->length;
+  asn1_string=(const char *)tm->data;
+
+  if(i < 10)
+    return 1;
+  if(asn1_string[i-1] == 'Z')
+    gmt=TRUE;
+  for(i=0; i<10; i++)
+    if((asn1_string[i] > '9') || (asn1_string[i] < '0'))
+      return 2;
+
+  year= (asn1_string[0]-'0')*10+(asn1_string[1]-'0');
+  if(year < 50)
+    year+=100;
+
+  month= (asn1_string[2]-'0')*10+(asn1_string[3]-'0');
+  if((month > 12) || (month < 1))
+    return 3;
+
+  day= (asn1_string[4]-'0')*10+(asn1_string[5]-'0');
+  hour= (asn1_string[6]-'0')*10+(asn1_string[7]-'0');
+  minute=  (asn1_string[8]-'0')*10+(asn1_string[9]-'0');
+
+  if((asn1_string[10] >= '0') && (asn1_string[10] <= '9') &&
+     (asn1_string[11] >= '0') && (asn1_string[11] <= '9'))
+    second= (asn1_string[10]-'0')*10+(asn1_string[11]-'0');
+
+  snprintf(buf, sizeofbuf,
+           "%04d-%02d-%02d %02d:%02d:%02d %s",
+           year+1900, month, day, hour, minute, second, (gmt?"GMT":""));
+
+  return 0;
+}
+
+/* ====================================================== */
+
+
+/* Quote from RFC2818 section 3.1 "Server Identity"
+
+   If a subjectAltName extension of type dNSName is present, that MUST
+   be used as the identity. Otherwise, the (most specific) Common Name
+   field in the Subject field of the certificate MUST be used. Although
+   the use of the Common Name is existing practice, it is deprecated and
+   Certification Authorities are encouraged to use the dNSName instead.
+
+   Matching is performed using the matching rules specified by
+   [RFC2459].  If more than one identity of a given type is present in
+   the certificate (e.g., more than one dNSName name, a match in any one
+   of the set is considered acceptable.) Names may contain the wildcard
+   character * which is considered to match any single domain name
+   component or component fragment. E.g., *.a.com matches foo.a.com but
+   not bar.foo.a.com. f*.com matches foo.com but not bar.com.
+
+   In some cases, the URI is specified as an IP address rather than a
+   hostname. In this case, the iPAddress subjectAltName must be present
+   in the certificate and must exactly match the IP in the URI.
+
+*/
+static CURLcode verifyhost(struct connectdata *conn,
+                           X509 *server_cert)
+{
+  int matched = -1; /* -1 is no alternative match yet, 1 means match and 0
+                       means mismatch */
+  int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
+  size_t addrlen = 0;
+  struct SessionHandle *data = conn->data;
+  STACK_OF(GENERAL_NAME) *altnames;
+#ifdef ENABLE_IPV6
+  struct in6_addr addr;
+#else
+  struct in_addr addr;
+#endif
+  CURLcode res = CURLE_OK;
+
+#ifdef ENABLE_IPV6
+  if(conn->bits.ipv6_ip &&
+     Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
+    target = GEN_IPADD;
+    addrlen = sizeof(struct in6_addr);
+  }
+  else
+#endif
+    if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
+      target = GEN_IPADD;
+      addrlen = sizeof(struct in_addr);
+    }
+
+  /* get a "list" of alternative names */
+  altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
+
+  if(altnames) {
+    int numalts;
+    int i;
+
+    /* get amount of alternatives, RFC2459 claims there MUST be at least
+       one, but we don't depend on it... */
+    numalts = sk_GENERAL_NAME_num(altnames);
+
+    /* loop through all alternatives while none has matched */
+    for(i=0; (i<numalts) && (matched != 1); i++) {
+      /* get a handle to alternative name number i */
+      const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
+
+      /* only check alternatives of the same type the target is */
+      if(check->type == target) {
+        /* get data and length */
+        const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
+        size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
+
+        switch(target) {
+        case GEN_DNS: /* name/pattern comparison */
+          /* The OpenSSL man page explicitly says: "In general it cannot be
+             assumed that the data returned by ASN1_STRING_data() is null
+             terminated or does not contain embedded nulls." But also that
+             "The actual format of the data will depend on the actual string
+             type itself: for example for and IA5String the data will be ASCII"
+
+             Gisle researched the OpenSSL sources:
+             "I checked the 0.9.6 and 0.9.8 sources before my patch and
+             it always 0-terminates an IA5String."
+          */
+          if((altlen == strlen(altptr)) &&
+             /* if this isn't true, there was an embedded zero in the name
+                string and we cannot match it. */
+             Curl_cert_hostcheck(altptr, conn->host.name))
+            matched = 1;
+          else
+            matched = 0;
+          break;
+
+        case GEN_IPADD: /* IP address comparison */
+          /* compare alternative IP address if the data chunk is the same size
+             our server IP address is */
+          if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
+            matched = 1;
+          else
+            matched = 0;
+          break;
+        }
+      }
+    }
+    GENERAL_NAMES_free(altnames);
+  }
+
+  if(matched == 1)
+    /* an alternative name matched the server hostname */
+    infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
+  else if(matched == 0) {
+    /* an alternative name field existed, but didn't match and then
+       we MUST fail */
+    infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
+    failf(data, "SSL: no alternative certificate subject name matches "
+          "target host name '%s'", conn->host.dispname);
+    res = CURLE_PEER_FAILED_VERIFICATION;
+  }
+  else {
+    /* we have to look to the last occurrence of a commonName in the
+       distinguished one to get the most significant one. */
+    int j,i=-1 ;
+
+/* The following is done because of a bug in 0.9.6b */
+
+    unsigned char *nulstr = (unsigned char *)"";
+    unsigned char *peer_CN = nulstr;
+
+    X509_NAME *name = X509_get_subject_name(server_cert) ;
+    if(name)
+      while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i))>=0)
+        i=j;
+
+    /* we have the name entry and we will now convert this to a string
+       that we can use for comparison. Doing this we support BMPstring,
+       UTF8 etc. */
+
+    if(i>=0) {
+      ASN1_STRING *tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
+
+      /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
+         is already UTF-8 encoded. We check for this case and copy the raw
+         string manually to avoid the problem. This code can be made
+         conditional in the future when OpenSSL has been fixed. Work-around
+         brought by Alexis S. L. Carvalho. */
+      if(tmp) {
+        if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
+          j = ASN1_STRING_length(tmp);
+          if(j >= 0) {
+            peer_CN = OPENSSL_malloc(j+1);
+            if(peer_CN) {
+              memcpy(peer_CN, ASN1_STRING_data(tmp), j);
+              peer_CN[j] = '\0';
+            }
+          }
+        }
+        else /* not a UTF8 name */
+          j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
+
+        if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
+          /* there was a terminating zero before the end of string, this
+             cannot match and we return failure! */
+          failf(data, "SSL: illegal cert name field");
+          res = CURLE_PEER_FAILED_VERIFICATION;
+        }
+      }
+    }
+
+    if(peer_CN == nulstr)
+       peer_CN = NULL;
+    else {
+      /* convert peer_CN from UTF8 */
+      CURLcode rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
+      /* Curl_convert_from_utf8 calls failf if unsuccessful */
+      if(rc) {
+        OPENSSL_free(peer_CN);
+        return rc;
+      }
+    }
+
+    if(res)
+      /* error already detected, pass through */
+      ;
+    else if(!peer_CN) {
+      failf(data,
+            "SSL: unable to obtain common name from peer certificate");
+      res = CURLE_PEER_FAILED_VERIFICATION;
+    }
+    else if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
+      failf(data, "SSL: certificate subject name '%s' does not match "
+            "target host name '%s'", peer_CN, conn->host.dispname);
+      res = CURLE_PEER_FAILED_VERIFICATION;
+    }
+    else {
+      infof(data, "\t common name: %s (matched)\n", peer_CN);
+    }
+    if(peer_CN)
+      OPENSSL_free(peer_CN);
+  }
+  return res;
+}
+#endif /* USE_SSLEAY */
+
+/* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
+   and thus this cannot be done there. */
+#ifdef SSL_CTRL_SET_MSG_CALLBACK
+
+static const char *ssl_msg_type(int ssl_ver, int msg)
+{
+  if(ssl_ver == SSL2_VERSION_MAJOR) {
+    switch (msg) {
+      case SSL2_MT_ERROR:
+        return "Error";
+      case SSL2_MT_CLIENT_HELLO:
+        return "Client hello";
+      case SSL2_MT_CLIENT_MASTER_KEY:
+        return "Client key";
+      case SSL2_MT_CLIENT_FINISHED:
+        return "Client finished";
+      case SSL2_MT_SERVER_HELLO:
+        return "Server hello";
+      case SSL2_MT_SERVER_VERIFY:
+        return "Server verify";
+      case SSL2_MT_SERVER_FINISHED:
+        return "Server finished";
+      case SSL2_MT_REQUEST_CERTIFICATE:
+        return "Request CERT";
+      case SSL2_MT_CLIENT_CERTIFICATE:
+        return "Client CERT";
+    }
+  }
+  else if(ssl_ver == SSL3_VERSION_MAJOR) {
+    switch (msg) {
+      case SSL3_MT_HELLO_REQUEST:
+        return "Hello request";
+      case SSL3_MT_CLIENT_HELLO:
+        return "Client hello";
+      case SSL3_MT_SERVER_HELLO:
+        return "Server hello";
+      case SSL3_MT_CERTIFICATE:
+        return "CERT";
+      case SSL3_MT_SERVER_KEY_EXCHANGE:
+        return "Server key exchange";
+      case SSL3_MT_CLIENT_KEY_EXCHANGE:
+        return "Client key exchange";
+      case SSL3_MT_CERTIFICATE_REQUEST:
+        return "Request CERT";
+      case SSL3_MT_SERVER_DONE:
+        return "Server finished";
+      case SSL3_MT_CERTIFICATE_VERIFY:
+        return "CERT verify";
+      case SSL3_MT_FINISHED:
+        return "Finished";
+    }
+  }
+  return "Unknown";
+}
+
+static const char *tls_rt_type(int type)
+{
+  return (
+    type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " :
+    type == SSL3_RT_ALERT              ? "TLS alert, "         :
+    type == SSL3_RT_HANDSHAKE          ? "TLS handshake, "     :
+    type == SSL3_RT_APPLICATION_DATA   ? "TLS app data, "      :
+                                         "TLS Unknown, ");
+}
+
+
+/*
+ * Our callback from the SSL/TLS layers.
+ */
+static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
+                          const void *buf, size_t len, const SSL *ssl,
+                          struct connectdata *conn)
+{
+  struct SessionHandle *data;
+  const char *msg_name, *tls_rt_name;
+  char ssl_buf[1024];
+  int  ver, msg_type, txt_len;
+
+  if(!conn || !conn->data || !conn->data->set.fdebug ||
+     (direction != 0 && direction != 1))
+    return;
+
+  data = conn->data;
+  ssl_ver >>= 8;
+  ver = (ssl_ver == SSL2_VERSION_MAJOR ? '2' :
+         ssl_ver == SSL3_VERSION_MAJOR ? '3' : '?');
+
+  /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
+   * always pass-up content-type as 0. But the interesting message-type
+   * is at 'buf[0]'.
+   */
+  if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0)
+    tls_rt_name = tls_rt_type(content_type);
+  else
+    tls_rt_name = "";
+
+  msg_type = *(char*)buf;
+  msg_name = ssl_msg_type(ssl_ver, msg_type);
+
+  txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "SSLv%c, %s%s (%d):\n",
+                     ver, tls_rt_name, msg_name, msg_type);
+  Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
+
+  Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
+             CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
+  (void) ssl;
+}
+#endif
+
+#ifdef USE_SSLEAY
+/* ====================================================== */
+
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#  define use_sni(x)  sni = (x)
+#else
+#  define use_sni(x)  Curl_nop_stmt
+#endif
+
+#ifdef USE_NGHTTP2
+
+#undef HAS_ALPN
+#if defined(HAVE_SSL_CTX_SET_ALPN_PROTOS) && \
+  defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB)
+#  define HAS_ALPN 1
+#endif
+
+#if !defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || \
+  defined(OPENSSL_NO_NEXTPROTONEG)
+#  if !defined(HAS_ALPN)
+#    error http2 builds require OpenSSL with NPN or ALPN support
+#  endif
+#endif
+
+
+/*
+ * in is a list of lenght prefixed strings. this function has to select
+ * the protocol we want to use from the list and write its string into out.
+ */
+static int
+select_next_proto_cb(SSL *ssl,
+                     unsigned char **out, unsigned char *outlen,
+                     const unsigned char *in, unsigned int inlen,
+                     void *arg)
+{
+  struct connectdata *conn = (struct connectdata*) arg;
+  int retval = nghttp2_select_next_protocol(out, outlen, in, inlen);
+  (void)ssl;
+
+  if(retval == 1) {
+    infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
+          NGHTTP2_PROTO_VERSION_ID);
+    conn->negnpn = NPN_HTTP2;
+  }
+  else if(retval == 0) {
+    infof(conn->data, "NPN, negotiated HTTP1.1\n");
+    conn->negnpn = NPN_HTTP1_1;
+  }
+  else {
+    infof(conn->data, "NPN, no overlap, use HTTP1.1\n",
+          NGHTTP2_PROTO_VERSION_ID);
+    *out = (unsigned char*)"http/1.1";
+    *outlen = sizeof("http/1.1") - 1;
+    conn->negnpn = NPN_HTTP1_1;
+  }
+
+  return SSL_TLSEXT_ERR_OK;
+}
+#endif
+
+static const char *
+get_ssl_version_txt(SSL_SESSION *session)
+{
+  if(NULL == session)
+    return "";
+
+  switch(session->ssl_version) {
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+  case TLS1_2_VERSION:
+    return "TLSv1.2";
+  case TLS1_1_VERSION:
+    return "TLSv1.1";
+#endif
+  case TLS1_VERSION:
+    return "TLSv1.0";
+  case SSL3_VERSION:
+    return "SSLv3";
+  case SSL2_VERSION:
+    return "SSLv2";
+  }
+  return "unknown";
+}
+
+
+static CURLcode
+ossl_connect_step1(struct connectdata *conn,
+                   int sockindex)
+{
+  CURLcode retcode = CURLE_OK;
+  char *ciphers;
+  struct SessionHandle *data = conn->data;
+  SSL_METHOD_QUAL SSL_METHOD *req_method=NULL;
+  void *ssl_sessionid=NULL;
+  X509_LOOKUP *lookup=NULL;
+  curl_socket_t sockfd = conn->sock[sockindex];
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  long ctx_options;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+  bool sni;
+#ifdef ENABLE_IPV6
+  struct in6_addr addr;
+#else
+  struct in_addr addr;
+#endif
+#endif
+#ifdef HAS_ALPN
+  unsigned char protocols[128];
+#endif
+
+  DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
+
+  /* Make funny stuff to get random input */
+  Curl_ossl_seed(data);
+
+  data->set.ssl.certverifyresult = !X509_V_OK;
+
+  /* check to see if we've been told to use an explicit SSL/TLS version */
+
+  switch(data->set.ssl.version) {
+  default:
+  case CURL_SSLVERSION_DEFAULT:
+  case CURL_SSLVERSION_TLSv1:
+  case CURL_SSLVERSION_TLSv1_0:
+  case CURL_SSLVERSION_TLSv1_1:
+  case CURL_SSLVERSION_TLSv1_2:
+    /* it will be handled later with the context options */
+    req_method = SSLv23_client_method();
+    use_sni(TRUE);
+    break;
+  case CURL_SSLVERSION_SSLv2:
+#ifdef OPENSSL_NO_SSL2
+    failf(data, "OpenSSL was built without SSLv2 support");
+    return CURLE_NOT_BUILT_IN;
+#else
+#ifdef USE_TLS_SRP
+    if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
+      return CURLE_SSL_CONNECT_ERROR;
+#endif
+    req_method = SSLv2_client_method();
+    use_sni(FALSE);
+    break;
+#endif
+  case CURL_SSLVERSION_SSLv3:
+#ifdef USE_TLS_SRP
+    if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
+      return CURLE_SSL_CONNECT_ERROR;
+#endif
+    req_method = SSLv3_client_method();
+    use_sni(FALSE);
+    break;
+  }
+
+  if(connssl->ctx)
+    SSL_CTX_free(connssl->ctx);
+  connssl->ctx = SSL_CTX_new(req_method);
+
+  if(!connssl->ctx) {
+    failf(data, "SSL: couldn't create a context: %s",
+          ERR_error_string(ERR_peek_error(), NULL));
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+#ifdef SSL_MODE_RELEASE_BUFFERS
+  SSL_CTX_set_mode(connssl->ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
+#ifdef SSL_CTRL_SET_MSG_CALLBACK
+  if(data->set.fdebug && data->set.verbose) {
+    /* the SSL trace callback is only used for verbose logging so we only
+       inform about failures of setting it */
+    if(!SSL_CTX_callback_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK,
+                               (void (*)(void))ssl_tls_trace)) {
+      infof(data, "SSL: couldn't set callback!\n");
+    }
+    else if(!SSL_CTX_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK_ARG, 0,
+                          conn)) {
+      infof(data, "SSL: couldn't set callback argument!\n");
+    }
+  }
+#endif
+
+  /* OpenSSL contains code to work-around lots of bugs and flaws in various
+     SSL-implementations. SSL_CTX_set_options() is used to enabled those
+     work-arounds. The man page for this option states that SSL_OP_ALL enables
+     all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
+     enable the bug workaround options if compatibility with somewhat broken
+     implementations is desired."
+
+     The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
+     disable "rfc4507bis session ticket support".  rfc4507bis was later turned
+     into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077
+
+     The enabled extension concerns the session management. I wonder how often
+     libcurl stops a connection and then resumes a TLS session. also, sending
+     the session data is some overhead. .I suggest that you just use your
+     proposed patch (which explicitly disables TICKET).
+
+     If someone writes an application with libcurl and openssl who wants to
+     enable the feature, one can do this in the SSL callback.
+
+     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
+     interoperability with web server Netscape Enterprise Server 2.0.1 which
+     was released back in 1996.
+
+     Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
+     become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
+     CVE-2010-4180 when using previous OpenSSL versions we no longer enable
+     this option regardless of OpenSSL version and SSL_OP_ALL definition.
+
+     OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
+     (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
+     SSL_OP_ALL that _disables_ that work-around despite the fact that
+     SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
+     keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
+     must not be set.
+  */
+
+  ctx_options = SSL_OP_ALL;
+
+#ifdef SSL_OP_NO_TICKET
+  ctx_options |= SSL_OP_NO_TICKET;
+#endif
+
+#ifdef SSL_OP_NO_COMPRESSION
+  ctx_options |= SSL_OP_NO_COMPRESSION;
+#endif
+
+#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+  /* mitigate CVE-2010-4180 */
+  ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
+#endif
+
+#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+  /* unless the user explicitly ask to allow the protocol vulnerability we
+     use the work-around */
+  if(!conn->data->set.ssl_enable_beast)
+    ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+
+  switch(data->set.ssl.version) {
+  case CURL_SSLVERSION_DEFAULT:
+    ctx_options |= SSL_OP_NO_SSLv2;
+#ifdef USE_TLS_SRP
+    if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
+      infof(data, "Set version TLSv1.x for SRP authorisation\n");
+      ctx_options |= SSL_OP_NO_SSLv3;
+    }
+#endif
+    break;
+
+  case CURL_SSLVERSION_SSLv3:
+    ctx_options |= SSL_OP_NO_SSLv2;
+    ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+    ctx_options |= SSL_OP_NO_TLSv1_1;
+    ctx_options |= SSL_OP_NO_TLSv1_2;
+#endif
+    break;
+
+  case CURL_SSLVERSION_TLSv1:
+    ctx_options |= SSL_OP_NO_SSLv2;
+    ctx_options |= SSL_OP_NO_SSLv3;
+    break;
+
+  case CURL_SSLVERSION_TLSv1_0:
+    ctx_options |= SSL_OP_NO_SSLv2;
+    ctx_options |= SSL_OP_NO_SSLv3;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+    ctx_options |= SSL_OP_NO_TLSv1_1;
+    ctx_options |= SSL_OP_NO_TLSv1_2;
+#endif
+    break;
+
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+  case CURL_SSLVERSION_TLSv1_1:
+    ctx_options |= SSL_OP_NO_SSLv2;
+    ctx_options |= SSL_OP_NO_SSLv3;
+    ctx_options |= SSL_OP_NO_TLSv1;
+    ctx_options |= SSL_OP_NO_TLSv1_2;
+    break;
+
+  case CURL_SSLVERSION_TLSv1_2:
+    ctx_options |= SSL_OP_NO_SSLv2;
+    ctx_options |= SSL_OP_NO_SSLv3;
+    ctx_options |= SSL_OP_NO_TLSv1;
+    ctx_options |= SSL_OP_NO_TLSv1_1;
+    break;
+#endif
+
+#ifndef OPENSSL_NO_SSL2
+  case CURL_SSLVERSION_SSLv2:
+    ctx_options |= SSL_OP_NO_SSLv3;
+    ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+    ctx_options |= SSL_OP_NO_TLSv1_1;
+    ctx_options |= SSL_OP_NO_TLSv1_2;
+#endif
+    break;
+#endif
+
+  default:
+    failf(data, "Unsupported SSL protocol version");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  SSL_CTX_set_options(connssl->ctx, ctx_options);
+
+#ifdef USE_NGHTTP2
+  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+    if(data->set.ssl_enable_npn) {
+      SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb,
+          conn);
+    }
+
+#ifdef HAS_ALPN
+    if(data->set.ssl_enable_alpn) {
+      protocols[0] = NGHTTP2_PROTO_VERSION_ID_LEN;
+      memcpy(&protocols[1], NGHTTP2_PROTO_VERSION_ID,
+          NGHTTP2_PROTO_VERSION_ID_LEN);
+
+      protocols[NGHTTP2_PROTO_VERSION_ID_LEN+1] = ALPN_HTTP_1_1_LENGTH;
+      memcpy(&protocols[NGHTTP2_PROTO_VERSION_ID_LEN+2], ALPN_HTTP_1_1,
+          ALPN_HTTP_1_1_LENGTH);
+
+      /* expects length prefixed preference ordered list of protocols in wire
+       * format
+       */
+      SSL_CTX_set_alpn_protos(connssl->ctx, protocols,
+          NGHTTP2_PROTO_VERSION_ID_LEN + ALPN_HTTP_1_1_LENGTH + 2);
+
+      infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
+            ALPN_HTTP_1_1);
+    }
+#endif
+  }
+#endif
+
+  if(data->set.str[STRING_CERT] || data->set.str[STRING_CERT_TYPE]) {
+    if(!cert_stuff(conn,
+                   connssl->ctx,
+                   data->set.str[STRING_CERT],
+                   data->set.str[STRING_CERT_TYPE],
+                   data->set.str[STRING_KEY],
+                   data->set.str[STRING_KEY_TYPE])) {
+      /* failf() is already done in cert_stuff() */
+      return CURLE_SSL_CERTPROBLEM;
+    }
+  }
+
+  ciphers = data->set.str[STRING_SSL_CIPHER_LIST];
+  if(!ciphers)
+    ciphers = (char *)DEFAULT_CIPHER_SELECTION;
+  if(!SSL_CTX_set_cipher_list(connssl->ctx, ciphers)) {
+    failf(data, "failed setting cipher list: %s", ciphers);
+    return CURLE_SSL_CIPHER;
+  }
+
+#ifdef USE_TLS_SRP
+  if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
+    infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
+
+    if(!SSL_CTX_set_srp_username(connssl->ctx, data->set.ssl.username)) {
+      failf(data, "Unable to set SRP user name");
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    }
+    if(!SSL_CTX_set_srp_password(connssl->ctx,data->set.ssl.password)) {
+      failf(data, "failed setting SRP password");
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    }
+    if(!data->set.str[STRING_SSL_CIPHER_LIST]) {
+      infof(data, "Setting cipher list SRP\n");
+
+      if(!SSL_CTX_set_cipher_list(connssl->ctx, "SRP")) {
+        failf(data, "failed setting SRP cipher list");
+        return CURLE_SSL_CIPHER;
+      }
+    }
+  }
+#endif
+  if(data->set.str[STRING_SSL_CAFILE] || data->set.str[STRING_SSL_CAPATH]) {
+    /* tell SSL where to find CA certificates that are used to verify
+       the servers certificate. */
+    if(!SSL_CTX_load_verify_locations(connssl->ctx,
+                                       data->set.str[STRING_SSL_CAFILE],
+                                       data->set.str[STRING_SSL_CAPATH])) {
+      if(data->set.ssl.verifypeer) {
+        /* Fail if we insist on successfully verifying the server. */
+        failf(data,"error setting certificate verify locations:\n"
+              "  CAfile: %s\n  CApath: %s",
+              data->set.str[STRING_SSL_CAFILE]?
+              data->set.str[STRING_SSL_CAFILE]: "none",
+              data->set.str[STRING_SSL_CAPATH]?
+              data->set.str[STRING_SSL_CAPATH] : "none");
+        return CURLE_SSL_CACERT_BADFILE;
+      }
+      else {
+        /* Just continue with a warning if no strict  certificate verification
+           is required. */
+        infof(data, "error setting certificate verify locations,"
+              " continuing anyway:\n");
+      }
+    }
+    else {
+      /* Everything is fine. */
+      infof(data, "successfully set certificate verify locations:\n");
+    }
+    infof(data,
+          "  CAfile: %s\n"
+          "  CApath: %s\n",
+          data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
+          "none",
+          data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
+          "none");
+  }
+
+  if(data->set.str[STRING_SSL_CRLFILE]) {
+    /* tell SSL where to find CRL file that is used to check certificate
+     * revocation */
+    lookup=X509_STORE_add_lookup(SSL_CTX_get_cert_store(connssl->ctx),
+                                 X509_LOOKUP_file());
+    if(!lookup ||
+       (!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
+                            X509_FILETYPE_PEM)) ) {
+      failf(data,"error loading CRL file: %s",
+            data->set.str[STRING_SSL_CRLFILE]);
+      return CURLE_SSL_CRL_BADFILE;
+    }
+    else {
+      /* Everything is fine. */
+      infof(data, "successfully load CRL file:\n");
+      X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
+                           X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+    }
+    infof(data,
+          "  CRLfile: %s\n", data->set.str[STRING_SSL_CRLFILE] ?
+          data->set.str[STRING_SSL_CRLFILE]: "none");
+  }
+
+  /* SSL always tries to verify the peer, this only says whether it should
+   * fail to connect if the verification fails, or if it should continue
+   * anyway. In the latter case the result of the verification is checked with
+   * SSL_get_verify_result() below. */
+  SSL_CTX_set_verify(connssl->ctx,
+                     data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
+                     cert_verify_callback);
+
+  /* give application a chance to interfere with SSL set up. */
+  if(data->set.ssl.fsslctx) {
+    retcode = (*data->set.ssl.fsslctx)(data, connssl->ctx,
+                                       data->set.ssl.fsslctxp);
+    if(retcode) {
+      failf(data,"error signaled by ssl ctx callback");
+      return retcode;
+    }
+  }
+
+  /* Lets make an SSL structure */
+  if(connssl->handle)
+    SSL_free(connssl->handle);
+  connssl->handle = SSL_new(connssl->ctx);
+  if(!connssl->handle) {
+    failf(data, "SSL: couldn't create a context (handle)!");
+    return CURLE_OUT_OF_MEMORY;
+  }
+  SSL_set_connect_state(connssl->handle);
+
+  connssl->server_cert = 0x0;
+
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+  if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
+#ifdef ENABLE_IPV6
+     (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
+#endif
+     sni &&
+     !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
+    infof(data, "WARNING: failed to configure server name indication (SNI) "
+          "TLS extension\n");
+#endif
+
+  /* Check if there's a cached ID we can/should use here! */
+  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
+    /* we got a session id, use it! */
+    if(!SSL_set_session(connssl->handle, ssl_sessionid)) {
+      failf(data, "SSL: SSL_set_session failed: %s",
+            ERR_error_string(ERR_get_error(),NULL));
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+    /* Informational message */
+    infof (data, "SSL re-using session ID\n");
+  }
+
+  /* pass the raw socket into the SSL layers */
+  if(!SSL_set_fd(connssl->handle, (int)sockfd)) {
+    failf(data, "SSL: SSL_set_fd failed: %s",
+          ERR_error_string(ERR_get_error(),NULL));
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  connssl->connecting_state = ssl_connect_2;
+  return CURLE_OK;
+}
+
+static CURLcode
+ossl_connect_step2(struct connectdata *conn, int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  int err;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
+             || ssl_connect_2_reading == connssl->connecting_state
+             || ssl_connect_2_writing == connssl->connecting_state);
+
+  ERR_clear_error();
+
+  err = SSL_connect(connssl->handle);
+
+  /* 1  is fine
+     0  is "not successful but was shut down controlled"
+     <0 is "handshake was not successful, because a fatal error occurred" */
+  if(1 != err) {
+    int detail = SSL_get_error(connssl->handle, err);
+
+    if(SSL_ERROR_WANT_READ == detail) {
+      connssl->connecting_state = ssl_connect_2_reading;
+      return CURLE_OK;
+    }
+    else if(SSL_ERROR_WANT_WRITE == detail) {
+      connssl->connecting_state = ssl_connect_2_writing;
+      return CURLE_OK;
+    }
+    else {
+      /* untreated error */
+      unsigned long errdetail;
+      char error_buffer[256]; /* OpenSSL documents that this must be at least
+                                 256 bytes long. */
+      CURLcode rc;
+      const char *cert_problem = NULL;
+      long lerr;
+
+      connssl->connecting_state = ssl_connect_2; /* the connection failed,
+                                                    we're not waiting for
+                                                    anything else. */
+
+      errdetail = ERR_get_error(); /* Gets the earliest error code from the
+                                      thread's error queue and removes the
+                                      entry. */
+
+      switch(errdetail) {
+      case 0x1407E086:
+        /* 1407E086:
+           SSL routines:
+           SSL2_SET_CERTIFICATE:
+           certificate verify failed */
+        /* fall-through */
+      case 0x14090086:
+        /* 14090086:
+           SSL routines:
+           SSL3_GET_SERVER_CERTIFICATE:
+           certificate verify failed */
+        rc = CURLE_SSL_CACERT;
+
+        lerr = SSL_get_verify_result(connssl->handle);
+        if(lerr != X509_V_OK) {
+          snprintf(error_buffer, sizeof(error_buffer),
+                   "SSL certificate problem: %s",
+                   X509_verify_cert_error_string(lerr));
+        }
+        else
+          cert_problem = "SSL certificate problem, verify that the CA cert is"
+            " OK.";
+
+        break;
+      default:
+        rc = CURLE_SSL_CONNECT_ERROR;
+        SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
+        break;
+      }
+
+      /* detail is already set to the SSL error above */
+
+      /* If we e.g. use SSLv2 request-method and the server doesn't like us
+       * (RST connection etc.), OpenSSL gives no explanation whatsoever and
+       * the SO_ERROR is also lost.
+       */
+      if(CURLE_SSL_CONNECT_ERROR == rc && errdetail == 0) {
+        failf(data, "Unknown SSL protocol error in connection to %s:%ld ",
+              conn->host.name, conn->remote_port);
+        return rc;
+      }
+      /* Could be a CERT problem */
+
+      failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
+      return rc;
+    }
+  }
+  else {
+    /* we have been connected fine, we're not waiting for anything else. */
+    connssl->connecting_state = ssl_connect_3;
+
+    /* Informational message */
+    infof (data, "SSL connection using %s / %s\n",
+           get_ssl_version_txt(SSL_get_session(connssl->handle)),
+           SSL_get_cipher(connssl->handle));
+
+#ifdef HAS_ALPN
+    /* Sets data and len to negotiated protocol, len is 0 if no protocol was
+     * negotiated
+     */
+    if(data->set.ssl_enable_alpn) {
+      const unsigned char* neg_protocol;
+      unsigned int len;
+      SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len);
+      if(len != 0) {
+        infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
+
+        if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
+           memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len) == 0) {
+             conn->negnpn = NPN_HTTP2;
+        }
+        else if(len == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
+            neg_protocol, ALPN_HTTP_1_1_LENGTH) == 0) {
+          conn->negnpn = NPN_HTTP1_1;
+        }
+      }
+      else {
+        infof(data, "ALPN, server did not agree to a protocol\n");
+      }
+    }
+#endif
+
+    return CURLE_OK;
+  }
+}
+
+static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
+{
+  int i, ilen;
+
+  if((ilen = (int)len) < 0)
+    return 1; /* buffer too big */
+
+  i = i2t_ASN1_OBJECT(buf, ilen, a);
+
+  if(i >= ilen)
+    return 1; /* buffer too small */
+
+  return 0;
+}
+
+static void pubkey_show(struct SessionHandle *data,
+                        int num,
+                        const char *type,
+                        const char *name,
+                        unsigned char *raw,
+                        int len)
+{
+  size_t left;
+  int i;
+  char namebuf[32];
+  char *buffer;
+
+  left = len*3 + 1;
+  buffer = malloc(left);
+  if(buffer) {
+    char *ptr=buffer;
+    snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
+    for(i=0; i< len; i++) {
+      snprintf(ptr, left, "%02x:", raw[i]);
+      ptr += 3;
+      left -= 3;
+    }
+    infof(data, "   %s: %s\n", namebuf, buffer);
+    Curl_ssl_push_certinfo(data, num, namebuf, buffer);
+    free(buffer);
+  }
+}
+
+#define print_pubkey_BN(_type, _name, _num)    \
+do {                              \
+  if(pubkey->pkey._type->_name != NULL) { \
+    int len = BN_num_bytes(pubkey->pkey._type->_name);  \
+    if(len < CERTBUFFERSIZE) {                                    \
+      BN_bn2bin(pubkey->pkey._type->_name, (unsigned char*)bufp); \
+      bufp[len] = 0;                                                    \
+      pubkey_show(data, _num, #_type, #_name, (unsigned char*)bufp, len); \
+    } \
+  } \
+} WHILE_FALSE
+
+static int X509V3_ext(struct SessionHandle *data,
+                      int certnum,
+                      STACK_OF(X509_EXTENSION) *exts)
+{
+  int i;
+  size_t j;
+
+  if(sk_X509_EXTENSION_num(exts) <= 0)
+    /* no extensions, bail out */
+    return 1;
+
+  for(i=0; i<sk_X509_EXTENSION_num(exts); i++) {
+    ASN1_OBJECT *obj;
+    X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+    BUF_MEM *biomem;
+    char buf[512];
+    char *ptr=buf;
+    char namebuf[128];
+    BIO *bio_out = BIO_new(BIO_s_mem());
+
+    if(!bio_out)
+      return 1;
+
+    obj = X509_EXTENSION_get_object(ext);
+
+    asn1_object_dump(obj, namebuf, sizeof(namebuf));
+
+    infof(data, "%s: %s\n", namebuf,
+          X509_EXTENSION_get_critical(ext)?"(critical)":"");
+
+    if(!X509V3_EXT_print(bio_out, ext, 0, 0))
+      M_ASN1_OCTET_STRING_print(bio_out, ext->value);
+
+    BIO_get_mem_ptr(bio_out, &biomem);
+
+    /* biomem->length bytes at biomem->data, this little loop here is only
+       done for the infof() call, we send the "raw" data to the certinfo
+       function */
+    for(j=0; j<(size_t)biomem->length; j++) {
+      const char *sep="";
+      if(biomem->data[j] == '\n') {
+        sep=", ";
+        j++; /* skip the newline */
+      };
+      while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
+        j++;
+      if(j<(size_t)biomem->length)
+        ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
+                      biomem->data[j]);
+    }
+    infof(data, "  %s\n", buf);
+
+    Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
+
+    BIO_free(bio_out);
+
+  }
+  return 0; /* all is fine */
+}
+
+
+static void X509_signature(struct SessionHandle *data,
+                           int numcert,
+                           ASN1_STRING *sig)
+{
+  char buf[1024];
+  char *ptr = buf;
+  int i;
+  for(i=0; i<sig->length; i++)
+    ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%02x:", sig->data[i]);
+
+  infof(data, " Signature: %s\n", buf);
+  Curl_ssl_push_certinfo(data, numcert, "Signature", buf);
+}
+
+static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
+{
+  BIO *bio_out = BIO_new(BIO_s_mem());
+  BUF_MEM *biomem;
+
+  /* this outputs the cert in this 64 column wide style with newlines and
+     -----BEGIN CERTIFICATE----- texts and more */
+  PEM_write_bio_X509(bio_out, x);
+
+  BIO_get_mem_ptr(bio_out, &biomem);
+
+  Curl_ssl_push_certinfo_len(data, numcert,
+                             "Cert", biomem->data, biomem->length);
+
+  BIO_free(bio_out);
+
+}
+
+/*
+ * This size was previously 512 which has been reported "too small" without
+ * any specifics, so it was enlarged to allow more data to get shown uncut.
+ * The "perfect" size is yet to figure out.
+ */
+#define CERTBUFFERSIZE 8192
+
+static CURLcode get_cert_chain(struct connectdata *conn,
+                               struct ssl_connect_data *connssl)
+
+{
+  STACK_OF(X509) *sk;
+  int i;
+  char *bufp;
+  struct SessionHandle *data = conn->data;
+  int numcerts;
+
+  bufp = malloc(CERTBUFFERSIZE);
+  if(!bufp)
+    return CURLE_OUT_OF_MEMORY;
+
+  sk = SSL_get_peer_cert_chain(connssl->handle);
+  if(!sk) {
+    free(bufp);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  numcerts = sk_X509_num(sk);
+  if(Curl_ssl_init_certinfo(data, numcerts)) {
+    free(bufp);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  infof(data, "--- Certificate chain\n");
+  for(i=0; i<numcerts; i++) {
+    long value;
+    ASN1_INTEGER *num;
+    ASN1_TIME *certdate;
+
+    /* get the certs in "importance order" */
+#if 0
+    X509 *x = sk_X509_value(sk, numcerts - i - 1);
+#else
+    X509 *x = sk_X509_value(sk, i);
+#endif
+
+    X509_CINF *cinf;
+    EVP_PKEY *pubkey=NULL;
+    int j;
+    char *ptr;
+
+    (void)x509_name_oneline(X509_get_subject_name(x), bufp, CERTBUFFERSIZE);
+    infof(data, "%2d Subject: %s\n", i, bufp);
+    Curl_ssl_push_certinfo(data, i, "Subject", bufp);
+
+    (void)x509_name_oneline(X509_get_issuer_name(x), bufp, CERTBUFFERSIZE);
+    infof(data, "   Issuer: %s\n", bufp);
+    Curl_ssl_push_certinfo(data, i, "Issuer", bufp);
+
+    value = X509_get_version(x);
+    infof(data, "   Version: %lu (0x%lx)\n", value+1, value);
+    snprintf(bufp, CERTBUFFERSIZE, "%lx", value);
+    Curl_ssl_push_certinfo(data, i, "Version", bufp); /* hex */
+
+    num=X509_get_serialNumber(x);
+    if(num->length <= 4) {
+      value = ASN1_INTEGER_get(num);
+      infof(data,"   Serial Number: %ld (0x%lx)\n", value, value);
+      snprintf(bufp, CERTBUFFERSIZE, "%lx", value);
+    }
+    else {
+      int left = CERTBUFFERSIZE;
+
+      ptr = bufp;
+      *ptr++ = 0;
+      if(num->type == V_ASN1_NEG_INTEGER)
+        *ptr++='-';
+
+      for(j=0; (j<num->length) && (left>=4); j++) {
+        /* TODO: length restrictions */
+        snprintf(ptr, 3, "%02x%c",num->data[j],
+                 ((j+1 == num->length)?'\n':':'));
+        ptr += 3;
+        left-=4;
+      }
+      if(num->length)
+        infof(data,"   Serial Number: %s\n", bufp);
+      else
+        bufp[0]=0;
+    }
+    if(bufp[0])
+      Curl_ssl_push_certinfo(data, i, "Serial Number", bufp); /* hex */
+
+    cinf = x->cert_info;
+
+    j = asn1_object_dump(cinf->signature->algorithm, bufp, CERTBUFFERSIZE);
+    if(!j) {
+      infof(data, "   Signature Algorithm: %s\n", bufp);
+      Curl_ssl_push_certinfo(data, i, "Signature Algorithm", bufp);
+    }
+
+    certdate = X509_get_notBefore(x);
+    asn1_output(certdate, bufp, CERTBUFFERSIZE);
+    infof(data, "   Start date: %s\n", bufp);
+    Curl_ssl_push_certinfo(data, i, "Start date", bufp);
+
+    certdate = X509_get_notAfter(x);
+    asn1_output(certdate, bufp, CERTBUFFERSIZE);
+    infof(data, "   Expire date: %s\n", bufp);
+    Curl_ssl_push_certinfo(data, i, "Expire date", bufp);
+
+    j = asn1_object_dump(cinf->key->algor->algorithm, bufp, CERTBUFFERSIZE);
+    if(!j) {
+      infof(data, "   Public Key Algorithm: %s\n", bufp);
+      Curl_ssl_push_certinfo(data, i, "Public Key Algorithm", bufp);
+    }
+
+    pubkey = X509_get_pubkey(x);
+    if(!pubkey)
+      infof(data, "   Unable to load public key\n");
+    else {
+      switch(pubkey->type) {
+      case EVP_PKEY_RSA:
+        infof(data,  "   RSA Public Key (%d bits)\n",
+              BN_num_bits(pubkey->pkey.rsa->n));
+        snprintf(bufp, CERTBUFFERSIZE, "%d", BN_num_bits(pubkey->pkey.rsa->n));
+        Curl_ssl_push_certinfo(data, i, "RSA Public Key", bufp);
+
+        print_pubkey_BN(rsa, n, i);
+        print_pubkey_BN(rsa, e, i);
+        print_pubkey_BN(rsa, d, i);
+        print_pubkey_BN(rsa, p, i);
+        print_pubkey_BN(rsa, q, i);
+        print_pubkey_BN(rsa, dmp1, i);
+        print_pubkey_BN(rsa, dmq1, i);
+        print_pubkey_BN(rsa, iqmp, i);
+        break;
+      case EVP_PKEY_DSA:
+        print_pubkey_BN(dsa, p, i);
+        print_pubkey_BN(dsa, q, i);
+        print_pubkey_BN(dsa, g, i);
+        print_pubkey_BN(dsa, priv_key, i);
+        print_pubkey_BN(dsa, pub_key, i);
+        break;
+      case EVP_PKEY_DH:
+        print_pubkey_BN(dh, p, i);
+        print_pubkey_BN(dh, g, i);
+        print_pubkey_BN(dh, priv_key, i);
+        print_pubkey_BN(dh, pub_key, i);
+        break;
+#if 0
+      case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
+        /* left TODO */
+        break;
+#endif
+      }
+      EVP_PKEY_free(pubkey);
+    }
+
+    X509V3_ext(data, i, cinf->extensions);
+
+    X509_signature(data, i, x->signature);
+
+    dumpcert(data, x, i);
+  }
+
+  free(bufp);
+
+  return CURLE_OK;
+}
+
+/*
+ * Get the server cert, verify it and show it etc, only call failf() if the
+ * 'strict' argument is TRUE as otherwise all this is for informational
+ * purposes only!
+ *
+ * We check certificates to authenticate the server; otherwise we risk
+ * man-in-the-middle attack.
+ */
+static CURLcode servercert(struct connectdata *conn,
+                           struct ssl_connect_data *connssl,
+                           bool strict)
+{
+  CURLcode retcode = CURLE_OK;
+  int rc;
+  long lerr;
+  ASN1_TIME *certdate;
+  struct SessionHandle *data = conn->data;
+  X509 *issuer;
+  FILE *fp;
+  char *buffer = data->state.buffer;
+
+  if(data->set.ssl.certinfo)
+    /* we've been asked to gather certificate info! */
+    (void)get_cert_chain(conn, connssl);
+
+  connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
+  if(!connssl->server_cert) {
+    if(strict)
+      failf(data, "SSL: couldn't get peer certificate!");
+    return CURLE_PEER_FAILED_VERIFICATION;
+  }
+  infof (data, "Server certificate:\n");
+
+  rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert),
+                         buffer, BUFSIZE);
+  infof(data, "\t subject: %s\n", rc?"[NONE]":buffer);
+
+  certdate = X509_get_notBefore(connssl->server_cert);
+  asn1_output(certdate, buffer, BUFSIZE);
+  infof(data, "\t start date: %s\n", buffer);
+
+  certdate = X509_get_notAfter(connssl->server_cert);
+  asn1_output(certdate, buffer, BUFSIZE);
+  infof(data, "\t expire date: %s\n", buffer);
+
+  if(data->set.ssl.verifyhost) {
+    retcode = verifyhost(conn, connssl->server_cert);
+    if(retcode) {
+      X509_free(connssl->server_cert);
+      connssl->server_cert = NULL;
+      return retcode;
+    }
+  }
+
+  rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert),
+                         buffer, BUFSIZE);
+  if(rc) {
+    if(strict)
+      failf(data, "SSL: couldn't get X509-issuer name!");
+    retcode = CURLE_SSL_CONNECT_ERROR;
+  }
+  else {
+    infof(data, "\t issuer: %s\n", buffer);
+
+    /* We could do all sorts of certificate verification stuff here before
+       deallocating the certificate. */
+
+    /* e.g. match issuer name with provided issuer certificate */
+    if(data->set.str[STRING_SSL_ISSUERCERT]) {
+      fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r");
+      if(!fp) {
+        if(strict)
+          failf(data, "SSL: Unable to open issuer cert (%s)",
+                data->set.str[STRING_SSL_ISSUERCERT]);
+        X509_free(connssl->server_cert);
+        connssl->server_cert = NULL;
+        return CURLE_SSL_ISSUER_ERROR;
+      }
+      issuer = PEM_read_X509(fp,NULL,ZERO_NULL,NULL);
+      if(!issuer) {
+        if(strict)
+          failf(data, "SSL: Unable to read issuer cert (%s)",
+                data->set.str[STRING_SSL_ISSUERCERT]);
+        X509_free(connssl->server_cert);
+        X509_free(issuer);
+        fclose(fp);
+        return CURLE_SSL_ISSUER_ERROR;
+      }
+      fclose(fp);
+      if(X509_check_issued(issuer,connssl->server_cert) != X509_V_OK) {
+        if(strict)
+          failf(data, "SSL: Certificate issuer check failed (%s)",
+                data->set.str[STRING_SSL_ISSUERCERT]);
+        X509_free(connssl->server_cert);
+        X509_free(issuer);
+        connssl->server_cert = NULL;
+        return CURLE_SSL_ISSUER_ERROR;
+      }
+      infof(data, "\t SSL certificate issuer check ok (%s)\n",
+            data->set.str[STRING_SSL_ISSUERCERT]);
+      X509_free(issuer);
+    }
+
+    lerr = data->set.ssl.certverifyresult=
+      SSL_get_verify_result(connssl->handle);
+    if(data->set.ssl.certverifyresult != X509_V_OK) {
+      if(data->set.ssl.verifypeer) {
+        /* We probably never reach this, because SSL_connect() will fail
+           and we return earlier if verifypeer is set? */
+        if(strict)
+          failf(data, "SSL certificate verify result: %s (%ld)",
+                X509_verify_cert_error_string(lerr), lerr);
+        retcode = CURLE_PEER_FAILED_VERIFICATION;
+      }
+      else
+        infof(data, "\t SSL certificate verify result: %s (%ld),"
+              " continuing anyway.\n",
+              X509_verify_cert_error_string(lerr), lerr);
+    }
+    else
+      infof(data, "\t SSL certificate verify ok.\n");
+  }
+
+  X509_free(connssl->server_cert);
+  connssl->server_cert = NULL;
+  connssl->connecting_state = ssl_connect_done;
+
+  return retcode;
+}
+
+
+static CURLcode
+ossl_connect_step3(struct connectdata *conn,
+                   int sockindex)
+{
+  CURLcode retcode = CURLE_OK;
+  void *old_ssl_sessionid=NULL;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  int incache;
+  SSL_SESSION *our_ssl_sessionid;
+
+  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+#ifdef HAVE_SSL_GET1_SESSION
+  our_ssl_sessionid = SSL_get1_session(connssl->handle);
+
+  /* SSL_get1_session() will increment the reference
+     count and the session will stay in memory until explicitly freed with
+     SSL_SESSION_free(3), regardless of its state.
+     This function was introduced in openssl 0.9.5a. */
+#else
+  our_ssl_sessionid = SSL_get_session(connssl->handle);
+
+  /* if SSL_get1_session() is unavailable, use SSL_get_session().
+     This is an inferior option because the session can be flushed
+     at any time by openssl. It is included only so curl compiles
+     under versions of openssl < 0.9.5a.
+
+     WARNING: How curl behaves if it's session is flushed is
+     untested.
+  */
+#endif
+
+  incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
+  if(incache) {
+    if(old_ssl_sessionid != our_ssl_sessionid) {
+      infof(data, "old SSL session ID is stale, removing\n");
+      Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+      incache = FALSE;
+    }
+  }
+  if(!incache) {
+    retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
+                                    0 /* unknown size */);
+    if(retcode) {
+      failf(data, "failed to store ssl session");
+      return retcode;
+    }
+  }
+#ifdef HAVE_SSL_GET1_SESSION
+  else {
+    /* Session was incache, so refcount already incremented earlier.
+     * Avoid further increments with each SSL_get1_session() call.
+     * This does not free the session as refcount remains > 0
+     */
+    SSL_SESSION_free(our_ssl_sessionid);
+  }
+#endif
+
+  /*
+   * We check certificates to authenticate the server; otherwise we risk
+   * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
+   * verify the peer ignore faults and failures from the server cert
+   * operations.
+   */
+
+  if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
+    (void)servercert(conn, connssl, FALSE);
+  else
+    retcode = servercert(conn, connssl, TRUE);
+
+  if(CURLE_OK == retcode)
+    connssl->connecting_state = ssl_connect_done;
+  return retcode;
+}
+
+static Curl_recv ossl_recv;
+static Curl_send ossl_send;
+
+static CURLcode
+ossl_connect_common(struct connectdata *conn,
+                    int sockindex,
+                    bool nonblocking,
+                    bool *done)
+{
+  CURLcode retcode;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  curl_socket_t sockfd = conn->sock[sockindex];
+  long timeout_ms;
+  int what;
+
+  /* check if the connection has already been established */
+  if(ssl_connection_complete == connssl->state) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  if(ssl_connect_1==connssl->connecting_state) {
+    /* Find out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+    retcode = ossl_connect_step1(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  while(ssl_connect_2 == connssl->connecting_state ||
+        ssl_connect_2_reading == connssl->connecting_state ||
+        ssl_connect_2_writing == connssl->connecting_state) {
+
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+    /* if ssl is expecting something, check if it's available. */
+    if(connssl->connecting_state == ssl_connect_2_reading
+        || connssl->connecting_state == ssl_connect_2_writing) {
+
+      curl_socket_t writefd = ssl_connect_2_writing==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+      curl_socket_t readfd = ssl_connect_2_reading==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+      what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
+      if(what < 0) {
+        /* fatal error */
+        failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      else if(0 == what) {
+        if(nonblocking) {
+          *done = FALSE;
+          return CURLE_OK;
+        }
+        else {
+          /* timeout */
+          failf(data, "SSL connection timeout");
+          return CURLE_OPERATION_TIMEDOUT;
+        }
+      }
+      /* socket is readable or writable */
+    }
+
+    /* Run transaction, and return to the caller if it failed or if this
+     * connection is done nonblocking and this loop would execute again. This
+     * permits the owner of a multi handle to abort a connection attempt
+     * before step2 has completed while ensuring that a client using select()
+     * or epoll() will always have a valid fdset to wait on.
+     */
+    retcode = ossl_connect_step2(conn, sockindex);
+    if(retcode || (nonblocking &&
+                   (ssl_connect_2 == connssl->connecting_state ||
+                    ssl_connect_2_reading == connssl->connecting_state ||
+                    ssl_connect_2_writing == connssl->connecting_state)))
+      return retcode;
+
+  } /* repeat step2 until all transactions are done. */
+
+
+  if(ssl_connect_3==connssl->connecting_state) {
+    retcode = ossl_connect_step3(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  if(ssl_connect_done==connssl->connecting_state) {
+    connssl->state = ssl_connection_complete;
+    conn->recv[sockindex] = ossl_recv;
+    conn->send[sockindex] = ossl_send;
+    *done = TRUE;
+  }
+  else
+    *done = FALSE;
+
+  /* Reset our connect state machine */
+  connssl->connecting_state = ssl_connect_1;
+
+  return CURLE_OK;
+}
+
+CURLcode
+Curl_ossl_connect_nonblocking(struct connectdata *conn,
+                              int sockindex,
+                              bool *done)
+{
+  return ossl_connect_common(conn, sockindex, TRUE, done);
+}
+
+CURLcode
+Curl_ossl_connect(struct connectdata *conn,
+                  int sockindex)
+{
+  CURLcode retcode;
+  bool done = FALSE;
+
+  retcode = ossl_connect_common(conn, sockindex, FALSE, &done);
+  if(retcode)
+    return retcode;
+
+  DEBUGASSERT(done);
+
+  return CURLE_OK;
+}
+
+bool Curl_ossl_data_pending(const struct connectdata *conn,
+                            int connindex)
+{
+  if(conn->ssl[connindex].handle)
+    /* SSL is in use */
+    return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
+  else
+    return FALSE;
+}
+
+static ssize_t ossl_send(struct connectdata *conn,
+                         int sockindex,
+                         const void *mem,
+                         size_t len,
+                         CURLcode *curlcode)
+{
+  /* SSL_write() is said to return 'int' while write() and send() returns
+     'size_t' */
+  int err;
+  char error_buffer[120]; /* OpenSSL documents that this must be at least 120
+                             bytes long. */
+  unsigned long sslerror;
+  int memlen;
+  int rc;
+
+  ERR_clear_error();
+
+  memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
+  rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
+
+  if(rc <= 0) {
+    err = SSL_get_error(conn->ssl[sockindex].handle, rc);
+
+    switch(err) {
+    case SSL_ERROR_WANT_READ:
+    case SSL_ERROR_WANT_WRITE:
+      /* The operation did not complete; the same TLS/SSL I/O function
+         should be called again later. This is basically an EWOULDBLOCK
+         equivalent. */
+      *curlcode = CURLE_AGAIN;
+      return -1;
+    case SSL_ERROR_SYSCALL:
+      failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
+            SOCKERRNO);
+      *curlcode = CURLE_SEND_ERROR;
+      return -1;
+    case SSL_ERROR_SSL:
+      /*  A failure in the SSL library occurred, usually a protocol error.
+          The OpenSSL error queue contains more information on the error. */
+      sslerror = ERR_get_error();
+      failf(conn->data, "SSL_write() error: %s",
+            ERR_error_string(sslerror, error_buffer));
+      *curlcode = CURLE_SEND_ERROR;
+      return -1;
+    }
+    /* a true error */
+    failf(conn->data, "SSL_write() return error %d", err);
+    *curlcode = CURLE_SEND_ERROR;
+    return -1;
+  }
+  *curlcode = CURLE_OK;
+  return (ssize_t)rc; /* number of bytes */
+}
+
+static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
+                         int num,                  /* socketindex */
+                         char *buf,                /* store read data here */
+                         size_t buffersize,        /* max amount to read */
+                         CURLcode *curlcode)
+{
+  char error_buffer[120]; /* OpenSSL documents that this must be at
+                             least 120 bytes long. */
+  unsigned long sslerror;
+  ssize_t nread;
+  int buffsize;
+
+  ERR_clear_error();
+
+  buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
+  nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize);
+  if(nread <= 0) {
+    /* failed SSL_read */
+    int err = SSL_get_error(conn->ssl[num].handle, (int)nread);
+
+    switch(err) {
+    case SSL_ERROR_NONE: /* this is not an error */
+    case SSL_ERROR_ZERO_RETURN: /* no more data */
+      break;
+    case SSL_ERROR_WANT_READ:
+    case SSL_ERROR_WANT_WRITE:
+      /* there's data pending, re-invoke SSL_read() */
+      *curlcode = CURLE_AGAIN;
+      return -1;
+    default:
+      /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
+         value/errno" */
+      /* http://www.openssl.org/docs/crypto/ERR_get_error.html */
+      sslerror = ERR_get_error();
+      if((nread < 0) || sslerror) {
+        /* If the return code was negative or there actually is an error in the
+           queue */
+        failf(conn->data, "SSL read: %s, errno %d",
+              ERR_error_string(sslerror, error_buffer),
+              SOCKERRNO);
+        *curlcode = CURLE_RECV_ERROR;
+        return -1;
+      }
+    }
+  }
+  return nread;
+}
+
+size_t Curl_ossl_version(char *buffer, size_t size)
+{
+#ifdef YASSL_VERSION
+  /* yassl provides an OpenSSL API compatibility layer so it looks identical
+     to OpenSSL in all other aspects */
+  return snprintf(buffer, size, "yassl/%s", YASSL_VERSION);
+#else /* YASSL_VERSION */
+
+#if(SSLEAY_VERSION_NUMBER >= 0x905000)
+  {
+    char sub[3];
+    unsigned long ssleay_value;
+    sub[2]='\0';
+    sub[1]='\0';
+    ssleay_value=SSLeay();
+    if(ssleay_value < 0x906000) {
+      ssleay_value=SSLEAY_VERSION_NUMBER;
+      sub[0]='\0';
+    }
+    else {
+      if(ssleay_value&0xff0) {
+        int minor_ver = (ssleay_value >> 4) & 0xff;
+        if(minor_ver > 26) {
+          /* handle extended version introduced for 0.9.8za */
+          sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
+          sub[0] = 'z';
+        }
+        else {
+          sub[0]=(char)(((ssleay_value>>4)&0xff) + 'a' -1);
+        }
+      }
+      else
+        sub[0]='\0';
+    }
+
+    return snprintf(buffer, size, "%s/%lx.%lx.%lx%s",
+#ifdef OPENSSL_IS_BORINGSSL
+                    "BoringSSL"
+#else
+#ifdef LIBRESSL_VERSION_NUMBER
+                    "LibreSSL"
+#else
+                    "OpenSSL"
+#endif
+#endif
+                    , (ssleay_value>>28)&0xf,
+                    (ssleay_value>>20)&0xff,
+                    (ssleay_value>>12)&0xff,
+                    sub);
+  }
+
+#else /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
+
+#if(SSLEAY_VERSION_NUMBER >= 0x900000)
+  return snprintf(buffer, size, "OpenSSL/%lx.%lx.%lx",
+                  (SSLEAY_VERSION_NUMBER>>28)&0xff,
+                  (SSLEAY_VERSION_NUMBER>>20)&0xff,
+                  (SSLEAY_VERSION_NUMBER>>12)&0xf);
+
+#else /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
+  {
+    char sub[2];
+    sub[1]='\0';
+    if(SSLEAY_VERSION_NUMBER&0x0f) {
+      sub[0]=(SSLEAY_VERSION_NUMBER&0x0f) + 'a' -1;
+    }
+    else
+      sub[0]='\0';
+
+    return snprintf(buffer, size, "SSL/%x.%x.%x%s",
+                    (SSLEAY_VERSION_NUMBER>>12)&0xff,
+                    (SSLEAY_VERSION_NUMBER>>8)&0xf,
+                    (SSLEAY_VERSION_NUMBER>>4)&0xf, sub);
+  }
+#endif /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
+#endif /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
+
+#endif /* YASSL_VERSION */
+}
+
+/* can be called with data == NULL */
+int Curl_ossl_random(struct SessionHandle *data, unsigned char *entropy,
+                     size_t length)
+{
+  if(data)
+    Curl_ossl_seed(data); /* Initiate the seed if not already done */
+  RAND_bytes(entropy, curlx_uztosi(length));
+  return 0; /* 0 as in no problem */
+}
+
+void Curl_ossl_md5sum(unsigned char *tmp, /* input */
+                      size_t tmplen,
+                      unsigned char *md5sum /* output */,
+                      size_t unused)
+{
+  MD5_CTX MD5pw;
+  (void)unused;
+  MD5_Init(&MD5pw);
+  MD5_Update(&MD5pw, tmp, tmplen);
+  MD5_Final(md5sum, &MD5pw);
+}
+#endif /* USE_SSLEAY */
diff --git a/Utilities/cmcurl/ssluse.h b/Utilities/cmcurl/lib/vtls/openssl.h
index 5bb7090..1a55ffc 100644
--- a/Utilities/cmcurl/ssluse.h
+++ b/Utilities/cmcurl/lib/vtls/openssl.h
@@ -1,5 +1,5 @@
-#ifndef __SSLUSE_H
-#define __SSLUSE_H
+#ifndef HEADER_CURL_SSLUSE_H
+#define HEADER_CURL_SSLUSE_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,22 +20,29 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
 
+#include "curl_setup.h"
+
+#ifdef USE_SSLEAY
 /*
- * This header should only be needed to get included by sslgen.c and ssluse.c
+ * This header should only be needed to get included by vtls.c and openssl.c
  */
 
 #include "urldata.h"
+
 CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex);
 CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
                                        int sockindex,
                                        bool *done);
-void Curl_ossl_close(struct connectdata *conn); /* close a SSL connection */
+
+/* close a SSL connection */
+void Curl_ossl_close(struct connectdata *conn, int sockindex);
+
 /* tell OpenSSL to close down all open information regarding connections (and
    thus session ID caching etc) */
 int Curl_ossl_close_all(struct SessionHandle *data);
+
 /* Sets an OpenSSL engine */
 CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine);
 
@@ -52,20 +59,43 @@ struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data);
 int Curl_ossl_init(void);
 void Curl_ossl_cleanup(void);
 
-ssize_t Curl_ossl_send(struct connectdata *conn,
-                       int sockindex,
-                       void *mem,
-                       size_t len);
-ssize_t Curl_ossl_recv(struct connectdata *conn, /* connection data */
-                       int num,                  /* socketindex */
-                       char *buf,                /* store read data here */
-                       size_t buffersize,        /* max amount to read */
-                       bool *wouldblock);
-
 size_t Curl_ossl_version(char *buffer, size_t size);
 int Curl_ossl_check_cxn(struct connectdata *cxn);
-int Curl_ossl_seed(struct SessionHandle *data);
-
 int Curl_ossl_shutdown(struct connectdata *conn, int sockindex);
+bool Curl_ossl_data_pending(const struct connectdata *conn,
+                            int connindex);
+
+/* return 0 if a find random is filled in */
+int Curl_ossl_random(struct SessionHandle *data, unsigned char *entropy,
+                     size_t length);
+void Curl_ossl_md5sum(unsigned char *tmp, /* input */
+                      size_t tmplen,
+                      unsigned char *md5sum /* output */,
+                      size_t unused);
+
+/* this backend provides these functions: */
+#define have_curlssl_md5sum 1
+
+/* API setup for OpenSSL */
+#define curlssl_init Curl_ossl_init
+#define curlssl_cleanup Curl_ossl_cleanup
+#define curlssl_connect Curl_ossl_connect
+#define curlssl_connect_nonblocking Curl_ossl_connect_nonblocking
+#define curlssl_session_free(x) Curl_ossl_session_free(x)
+#define curlssl_close_all Curl_ossl_close_all
+#define curlssl_close Curl_ossl_close
+#define curlssl_shutdown(x,y) Curl_ossl_shutdown(x,y)
+#define curlssl_set_engine(x,y) Curl_ossl_set_engine(x,y)
+#define curlssl_set_engine_default(x) Curl_ossl_set_engine_default(x)
+#define curlssl_engines_list(x) Curl_ossl_engines_list(x)
+#define curlssl_version Curl_ossl_version
+#define curlssl_check_cxn Curl_ossl_check_cxn
+#define curlssl_data_pending(x,y) Curl_ossl_data_pending(x,y)
+#define curlssl_random(x,y,z) Curl_ossl_random(x,y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_ossl_md5sum(a,b,c,d)
+#define CURL_SSL_BACKEND CURLSSLBACKEND_OPENSSL
+
+#define DEFAULT_CIPHER_SELECTION "ALL!EXPORT!EXPORT40!EXPORT56!aNULL!LOW!RC4"
 
-#endif
+#endif /* USE_SSLEAY */
+#endif /* HEADER_CURL_SSLUSE_H */
diff --git a/Utilities/cmcurl/lib/vtls/polarssl.c b/Utilities/cmcurl/lib/vtls/polarssl.c
new file mode 100644
index 0000000..5332b92
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/polarssl.c
@@ -0,0 +1,746 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all PolarSSL-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ *
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_POLARSSL
+
+#include <polarssl/net.h>
+#include <polarssl/ssl.h>
+#include <polarssl/certs.h>
+#include <polarssl/x509.h>
+#include <polarssl/version.h>
+
+#if POLARSSL_VERSION_NUMBER < 0x01030000
+#error too old PolarSSL
+#endif
+
+#include <polarssl/error.h>
+#include <polarssl/entropy.h>
+#include <polarssl/ctr_drbg.h>
+
+#include "urldata.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "polarssl.h"
+#include "vtls.h"
+#include "parsedate.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "rawstr.h"
+#include "polarssl_threadlock.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* apply threading? */
+#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
+#define THREADING_SUPPORT
+#endif
+
+#if defined(THREADING_SUPPORT)
+static entropy_context entropy;
+
+static int  entropy_init_initialized  = 0;
+
+/* start of entropy_init_mutex() */
+static void entropy_init_mutex(entropy_context *ctx)
+{
+  /* lock 0 = entropy_init_mutex() */
+  polarsslthreadlock_lock_function(0);
+  if(entropy_init_initialized == 0) {
+    entropy_init(ctx);
+    entropy_init_initialized = 1;
+  }
+  polarsslthreadlock_unlock_function(0);
+}
+/* end of entropy_init_mutex() */
+
+/* start of entropy_func_mutex() */
+static int entropy_func_mutex(void *data, unsigned char *output, size_t len)
+{
+    int ret;
+    /* lock 1 = entropy_func_mutex() */
+    polarsslthreadlock_lock_function(1);
+    ret = entropy_func(data, output, len);
+    polarsslthreadlock_unlock_function(1);
+
+    return ret;
+}
+/* end of entropy_func_mutex() */
+
+#endif /* THREADING_SUPPORT */
+
+/* Define this to enable lots of debugging for PolarSSL */
+#undef POLARSSL_DEBUG
+
+#ifdef POLARSSL_DEBUG
+static void polarssl_debug(void *context, int level, const char *line)
+{
+  struct SessionHandle *data = NULL;
+
+  if(!context)
+    return;
+
+  data = (struct SessionHandle *)context;
+
+  infof(data, "%s", line);
+  (void) level;
+}
+#else
+#endif
+
+/* ALPN for http2? */
+#ifdef USE_NGHTTP2
+#  undef HAS_ALPN
+#  ifdef POLARSSL_SSL_ALPN
+#    define HAS_ALPN
+#  endif
+#endif
+
+static Curl_recv polarssl_recv;
+static Curl_send polarssl_send;
+
+
+static CURLcode
+polarssl_connect_step1(struct connectdata *conn,
+                     int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+
+  bool sni = TRUE; /* default is SNI enabled */
+  int ret = -1;
+#ifdef ENABLE_IPV6
+  struct in6_addr addr;
+#else
+  struct in_addr addr;
+#endif
+  void *old_session = NULL;
+  size_t old_session_size = 0;
+  char errorbuf[128];
+  errorbuf[0]=0;
+
+  /* PolarSSL only supports SSLv3 and TLSv1 */
+  if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
+    failf(data, "PolarSSL does not support SSLv2");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+  else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3)
+    sni = FALSE; /* SSLv3 has no SNI */
+
+#ifdef THREADING_SUPPORT
+  entropy_init_mutex(&entropy);
+
+  if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func_mutex, &entropy,
+                               connssl->ssn.id, connssl->ssn.length)) != 0) {
+#ifdef POLARSSL_ERROR_C
+     error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+     failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
+                                                            -ret, errorbuf);
+  }
+#else
+  entropy_init(&connssl->entropy);
+
+  if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func, &connssl->entropy,
+                                connssl->ssn.id, connssl->ssn.length)) != 0) {
+#ifdef POLARSSL_ERROR_C
+     error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+     failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
+                                                            -ret, errorbuf);
+  }
+#endif /* THREADING_SUPPORT */
+
+  /* Load the trusted CA */
+  memset(&connssl->cacert, 0, sizeof(x509_crt));
+
+  if(data->set.str[STRING_SSL_CAFILE]) {
+    ret = x509_crt_parse_file(&connssl->cacert,
+                              data->set.str[STRING_SSL_CAFILE]);
+
+    if(ret<0) {
+#ifdef POLARSSL_ERROR_C
+      error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+      failf(data, "Error reading ca cert file %s - PolarSSL: (-0x%04X) %s",
+            data->set.str[STRING_SSL_CAFILE], -ret, errorbuf);
+
+      if(data->set.ssl.verifypeer)
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+  }
+
+  if(data->set.str[STRING_SSL_CAPATH]) {
+    ret = x509_crt_parse_path(&connssl->cacert,
+                              data->set.str[STRING_SSL_CAPATH]);
+
+    if(ret<0) {
+#ifdef POLARSSL_ERROR_C
+      error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+      failf(data, "Error reading ca cert path %s - PolarSSL: (-0x%04X) %s",
+            data->set.str[STRING_SSL_CAPATH], -ret, errorbuf);
+
+      if(data->set.ssl.verifypeer)
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+  }
+
+  /* Load the client certificate */
+  memset(&connssl->clicert, 0, sizeof(x509_crt));
+
+  if(data->set.str[STRING_CERT]) {
+    ret = x509_crt_parse_file(&connssl->clicert,
+                              data->set.str[STRING_CERT]);
+
+    if(ret) {
+#ifdef POLARSSL_ERROR_C
+      error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+      failf(data, "Error reading client cert file %s - PolarSSL: (-0x%04X) %s",
+            data->set.str[STRING_CERT], -ret, errorbuf);
+
+      return CURLE_SSL_CERTPROBLEM;
+    }
+  }
+
+  /* Load the client private key */
+  if(data->set.str[STRING_KEY]) {
+    pk_context pk;
+    pk_init(&pk);
+    ret = pk_parse_keyfile(&pk, data->set.str[STRING_KEY],
+                           data->set.str[STRING_KEY_PASSWD]);
+    if(ret == 0 && !pk_can_do(&pk, POLARSSL_PK_RSA))
+      ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
+    if(ret == 0)
+      rsa_copy(&connssl->rsa, pk_rsa(pk));
+    else
+      rsa_free(&connssl->rsa);
+    pk_free(&pk);
+
+    if(ret) {
+#ifdef POLARSSL_ERROR_C
+      error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+      failf(data, "Error reading private key %s - PolarSSL: (-0x%04X) %s",
+            data->set.str[STRING_KEY], -ret, errorbuf);
+
+      return CURLE_SSL_CERTPROBLEM;
+    }
+  }
+
+  /* Load the CRL */
+  memset(&connssl->crl, 0, sizeof(x509_crl));
+
+  if(data->set.str[STRING_SSL_CRLFILE]) {
+    ret = x509_crl_parse_file(&connssl->crl,
+                              data->set.str[STRING_SSL_CRLFILE]);
+
+    if(ret) {
+#ifdef POLARSSL_ERROR_C
+      error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+      failf(data, "Error reading CRL file %s - PolarSSL: (-0x%04X) %s",
+            data->set.str[STRING_SSL_CRLFILE], -ret, errorbuf);
+
+      return CURLE_SSL_CRL_BADFILE;
+    }
+  }
+
+  infof(data, "PolarSSL: Connecting to %s:%d\n",
+        conn->host.name, conn->remote_port);
+
+  if(ssl_init(&connssl->ssl)) {
+    failf(data, "PolarSSL: ssl_init failed");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  switch(data->set.ssl.version) {
+  case CURL_SSLVERSION_SSLv3:
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_0);
+    infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n");
+    break;
+  case CURL_SSLVERSION_TLSv1_0:
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_1);
+    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0\n");
+    break;
+  case CURL_SSLVERSION_TLSv1_1:
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_2);
+    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1\n");
+    break;
+  case CURL_SSLVERSION_TLSv1_2:
+    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,
+                        SSL_MINOR_VERSION_3);
+    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2\n");
+    break;
+  }
+
+  ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
+  ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);
+
+  ssl_set_rng(&connssl->ssl, ctr_drbg_random,
+              &connssl->ctr_drbg);
+  ssl_set_bio(&connssl->ssl,
+              net_recv, &conn->sock[sockindex],
+              net_send, &conn->sock[sockindex]);
+
+  ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
+  if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
+    memcpy(&connssl->ssn, old_session, old_session_size);
+    infof(data, "PolarSSL re-using session\n");
+  }
+
+  ssl_set_session(&connssl->ssl,
+                  &connssl->ssn);
+
+  ssl_set_ca_chain(&connssl->ssl,
+                   &connssl->cacert,
+                   &connssl->crl,
+                   conn->host.name);
+
+  ssl_set_own_cert_rsa(&connssl->ssl,
+                       &connssl->clicert, &connssl->rsa);
+
+  if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&
+#ifdef ENABLE_IPV6
+     !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&
+#endif
+     sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) {
+     infof(data, "WARNING: failed to configure "
+                 "server name indication (SNI) TLS extension\n");
+  }
+
+#ifdef HAS_ALPN
+  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+    if(data->set.ssl_enable_alpn) {
+      static const char* protocols[] = {
+        NGHTTP2_PROTO_VERSION_ID, ALPN_HTTP_1_1, NULL
+      };
+      ssl_set_alpn_protocols(&connssl->ssl, protocols);
+      infof(data, "ALPN, offering %s, %s\n", protocols[0],
+            protocols[1]);
+    }
+  }
+#endif
+
+#ifdef POLARSSL_DEBUG
+  ssl_set_dbg(&connssl->ssl, polarssl_debug, data);
+#endif
+
+  connssl->connecting_state = ssl_connect_2;
+
+  return CURLE_OK;
+}
+
+static CURLcode
+polarssl_connect_step2(struct connectdata *conn,
+                     int sockindex)
+{
+  int ret;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+  char buffer[1024];
+
+#ifdef HAS_ALPN
+  const char* next_protocol;
+#endif
+
+  char errorbuf[128];
+  errorbuf[0] = 0;
+
+  conn->recv[sockindex] = polarssl_recv;
+  conn->send[sockindex] = polarssl_send;
+
+  for(;;) {
+    if(!(ret = ssl_handshake(&connssl->ssl)))
+      break;
+    else if(ret != POLARSSL_ERR_NET_WANT_READ &&
+            ret != POLARSSL_ERR_NET_WANT_WRITE) {
+#ifdef POLARSSL_ERROR_C
+     error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+     failf(data, "ssl_handshake returned - PolarSSL: (-0x%04X) %s",
+                                                    -ret, errorbuf);
+
+     return CURLE_SSL_CONNECT_ERROR;
+    }
+    else {
+      if(ret == POLARSSL_ERR_NET_WANT_READ) {
+        connssl->connecting_state = ssl_connect_2_reading;
+        return CURLE_OK;
+      }
+      if(ret == POLARSSL_ERR_NET_WANT_WRITE) {
+        connssl->connecting_state = ssl_connect_2_writing;
+        return CURLE_OK;
+      }
+      failf(data, "SSL_connect failed with error %d.", ret);
+      return CURLE_SSL_CONNECT_ERROR;
+
+    }
+  }
+
+  infof(data, "PolarSSL: Handshake complete, cipher is %s\n",
+        ssl_get_ciphersuite(&conn->ssl[sockindex].ssl)
+    );
+
+  ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl);
+
+  if(ret && data->set.ssl.verifypeer) {
+    if(ret & BADCERT_EXPIRED)
+      failf(data, "Cert verify failed: BADCERT_EXPIRED");
+
+    if(ret & BADCERT_REVOKED) {
+      failf(data, "Cert verify failed: BADCERT_REVOKED");
+      return CURLE_SSL_CACERT;
+    }
+
+    if(ret & BADCERT_CN_MISMATCH)
+      failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
+
+    if(ret & BADCERT_NOT_TRUSTED)
+      failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");
+
+    return CURLE_PEER_FAILED_VERIFICATION;
+  }
+
+  if(ssl_get_peer_cert(&(connssl->ssl))) {
+    /* If the session was resumed, there will be no peer certs */
+    memset(buffer, 0, sizeof(buffer));
+
+    if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ",
+                     ssl_get_peer_cert(&(connssl->ssl))) != -1)
+      infof(data, "Dumping cert info:\n%s\n", buffer);
+  }
+
+#ifdef HAS_ALPN
+  if(data->set.ssl_enable_alpn) {
+    next_protocol = ssl_get_alpn_protocol(&connssl->ssl);
+
+    if(next_protocol != NULL) {
+      infof(data, "ALPN, server accepted to use %s\n", next_protocol);
+
+      if(strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID,
+                  NGHTTP2_PROTO_VERSION_ID_LEN)) {
+        conn->negnpn = NPN_HTTP2;
+      }
+      else if(strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) {
+        conn->negnpn = NPN_HTTP1_1;
+      }
+    }
+    else {
+      infof(data, "ALPN, server did not agree to a protocol\n");
+    }
+  }
+#endif
+
+  connssl->connecting_state = ssl_connect_3;
+  infof(data, "SSL connected\n");
+
+  return CURLE_OK;
+}
+
+static CURLcode
+polarssl_connect_step3(struct connectdata *conn,
+                     int sockindex)
+{
+  CURLcode retcode = CURLE_OK;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  void *old_ssl_sessionid = NULL;
+  ssl_session *our_ssl_sessionid = &conn->ssl[sockindex].ssn ;
+  int incache;
+
+  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+  /* Save the current session data for possible re-use */
+  incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
+  if(incache) {
+    if(old_ssl_sessionid != our_ssl_sessionid) {
+      infof(data, "old SSL session ID is stale, removing\n");
+      Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+      incache = FALSE;
+    }
+  }
+  if(!incache) {
+    void *new_session = malloc(sizeof(ssl_session));
+
+    if(new_session) {
+      memcpy(new_session, our_ssl_sessionid,
+             sizeof(ssl_session));
+
+      retcode = Curl_ssl_addsessionid(conn, new_session,
+                                   sizeof(ssl_session));
+    }
+    else {
+      retcode = CURLE_OUT_OF_MEMORY;
+    }
+
+    if(retcode) {
+      failf(data, "failed to store ssl session");
+      return retcode;
+    }
+  }
+
+  connssl->connecting_state = ssl_connect_done;
+
+  return CURLE_OK;
+}
+
+static ssize_t polarssl_send(struct connectdata *conn,
+                             int sockindex,
+                             const void *mem,
+                             size_t len,
+                             CURLcode *curlcode)
+{
+  int ret = -1;
+
+  ret = ssl_write(&conn->ssl[sockindex].ssl,
+                  (unsigned char *)mem, len);
+
+  if(ret < 0) {
+    *curlcode = (ret == POLARSSL_ERR_NET_WANT_WRITE) ?
+      CURLE_AGAIN : CURLE_SEND_ERROR;
+    ret = -1;
+  }
+
+  return ret;
+}
+
+void Curl_polarssl_close_all(struct SessionHandle *data)
+{
+  (void)data;
+}
+
+void Curl_polarssl_close(struct connectdata *conn, int sockindex)
+{
+  rsa_free(&conn->ssl[sockindex].rsa);
+  x509_crt_free(&conn->ssl[sockindex].clicert);
+  x509_crt_free(&conn->ssl[sockindex].cacert);
+  x509_crl_free(&conn->ssl[sockindex].crl);
+  ssl_free(&conn->ssl[sockindex].ssl);
+}
+
+static ssize_t polarssl_recv(struct connectdata *conn,
+                             int num,
+                             char *buf,
+                             size_t buffersize,
+                             CURLcode *curlcode)
+{
+  int ret = -1;
+  ssize_t len = -1;
+
+  memset(buf, 0, buffersize);
+  ret = ssl_read(&conn->ssl[num].ssl, (unsigned char *)buf, buffersize);
+
+  if(ret <= 0) {
+    if(ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY)
+      return 0;
+
+    *curlcode = (ret == POLARSSL_ERR_NET_WANT_READ) ?
+      CURLE_AGAIN : CURLE_RECV_ERROR;
+    return -1;
+  }
+
+  len = ret;
+
+  return len;
+}
+
+void Curl_polarssl_session_free(void *ptr)
+{
+  free(ptr);
+}
+
+size_t Curl_polarssl_version(char *buffer, size_t size)
+{
+  unsigned int version = version_get_number();
+  return snprintf(buffer, size, "PolarSSL/%d.%d.%d", version>>24,
+                  (version>>16)&0xff, (version>>8)&0xff);
+}
+
+static CURLcode
+polarssl_connect_common(struct connectdata *conn,
+                        int sockindex,
+                        bool nonblocking,
+                        bool *done)
+{
+  CURLcode retcode;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  curl_socket_t sockfd = conn->sock[sockindex];
+  long timeout_ms;
+  int what;
+
+  /* check if the connection has already been established */
+  if(ssl_connection_complete == connssl->state) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  if(ssl_connect_1==connssl->connecting_state) {
+    /* Find out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+    retcode = polarssl_connect_step1(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  while(ssl_connect_2 == connssl->connecting_state ||
+        ssl_connect_2_reading == connssl->connecting_state ||
+        ssl_connect_2_writing == connssl->connecting_state) {
+
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+    /* if ssl is expecting something, check if it's available. */
+    if(connssl->connecting_state == ssl_connect_2_reading
+       || connssl->connecting_state == ssl_connect_2_writing) {
+
+      curl_socket_t writefd = ssl_connect_2_writing==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+      curl_socket_t readfd = ssl_connect_2_reading==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+      what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
+      if(what < 0) {
+        /* fatal error */
+        failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      else if(0 == what) {
+        if(nonblocking) {
+          *done = FALSE;
+          return CURLE_OK;
+        }
+        else {
+          /* timeout */
+          failf(data, "SSL connection timeout");
+          return CURLE_OPERATION_TIMEDOUT;
+        }
+      }
+      /* socket is readable or writable */
+    }
+
+    /* Run transaction, and return to the caller if it failed or if
+     * this connection is part of a multi handle and this loop would
+     * execute again. This permits the owner of a multi handle to
+     * abort a connection attempt before step2 has completed while
+     * ensuring that a client using select() or epoll() will always
+     * have a valid fdset to wait on.
+     */
+    retcode = polarssl_connect_step2(conn, sockindex);
+    if(retcode || (nonblocking &&
+                   (ssl_connect_2 == connssl->connecting_state ||
+                    ssl_connect_2_reading == connssl->connecting_state ||
+                    ssl_connect_2_writing == connssl->connecting_state)))
+      return retcode;
+
+  } /* repeat step2 until all transactions are done. */
+
+  if(ssl_connect_3==connssl->connecting_state) {
+    retcode = polarssl_connect_step3(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  if(ssl_connect_done==connssl->connecting_state) {
+    connssl->state = ssl_connection_complete;
+    conn->recv[sockindex] = polarssl_recv;
+    conn->send[sockindex] = polarssl_send;
+    *done = TRUE;
+  }
+  else
+    *done = FALSE;
+
+  /* Reset our connect state machine */
+  connssl->connecting_state = ssl_connect_1;
+
+  return CURLE_OK;
+}
+
+CURLcode
+Curl_polarssl_connect_nonblocking(struct connectdata *conn,
+                                int sockindex,
+                                bool *done)
+{
+  return polarssl_connect_common(conn, sockindex, TRUE, done);
+}
+
+
+CURLcode
+Curl_polarssl_connect(struct connectdata *conn,
+                    int sockindex)
+{
+  CURLcode retcode;
+  bool done = FALSE;
+
+  retcode = polarssl_connect_common(conn, sockindex, FALSE, &done);
+  if(retcode)
+    return retcode;
+
+  DEBUGASSERT(done);
+
+  return CURLE_OK;
+}
+
+/*
+ * return 0 error initializing SSL
+ * return 1 SSL initialized successfully
+ */
+int polarssl_init(void)
+{
+  return polarsslthreadlock_thread_setup();
+}
+
+void polarssl_cleanup(void)
+{
+  (void)polarsslthreadlock_thread_cleanup();
+}
+
+#endif /* USE_POLARSSL */
diff --git a/Utilities/cmcurl/lib/vtls/polarssl.h b/Utilities/cmcurl/lib/vtls/polarssl.h
new file mode 100644
index 0000000..9ab7e47
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/polarssl.h
@@ -0,0 +1,73 @@
+#ifndef HEADER_CURL_POLARSSL_H
+#define HEADER_CURL_POLARSSL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_POLARSSL
+
+/* Called on first use PolarSSL, setup threading if supported */
+int  polarssl_init(void);
+void polarssl_cleanup(void);
+
+
+CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex);
+
+CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn,
+                                           int sockindex,
+                                           bool *done);
+
+/* tell PolarSSL to close down all open information regarding connections (and
+   thus session ID caching etc) */
+void Curl_polarssl_close_all(struct SessionHandle *data);
+
+ /* close a SSL connection */
+void Curl_polarssl_close(struct connectdata *conn, int sockindex);
+
+void Curl_polarssl_session_free(void *ptr);
+size_t Curl_polarssl_version(char *buffer, size_t size);
+int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex);
+
+/* API setup for PolarSSL */
+#define curlssl_init() polarssl_init()
+#define curlssl_cleanup() polarssl_cleanup()
+#define curlssl_connect Curl_polarssl_connect
+#define curlssl_connect_nonblocking Curl_polarssl_connect_nonblocking
+#define curlssl_session_free(x)  Curl_polarssl_session_free(x)
+#define curlssl_close_all Curl_polarssl_close_all
+#define curlssl_close Curl_polarssl_close
+#define curlssl_shutdown(x,y) 0
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_polarssl_version
+#define curlssl_check_cxn(x) (x=x, -1)
+#define curlssl_data_pending(x,y) (x=x, y=y, 0)
+#define CURL_SSL_BACKEND CURLSSLBACKEND_POLARSSL
+
+/* This might cause libcurl to use a weeker random!
+   TODO: implement proper use of Polarssl's CTR-DRBG or HMAC-DRBG and use that
+*/
+#define curlssl_random(x,y,z) (x=x, y=y, z=z, CURLE_NOT_BUILT_IN)
+
+#endif /* USE_POLARSSL */
+#endif /* HEADER_CURL_POLARSSL_H */
diff --git a/Utilities/cmcurl/lib/vtls/polarssl_threadlock.c b/Utilities/cmcurl/lib/vtls/polarssl_threadlock.c
new file mode 100644
index 0000000..ad18715
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/polarssl_threadlock.c
@@ -0,0 +1,156 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#if defined(USE_POLARSSL) && \
+    (defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32))
+
+#if defined(USE_THREADS_POSIX)
+#  ifdef HAVE_PTHREAD_H
+#    include <pthread.h>
+#  endif
+#elif defined(USE_THREADS_WIN32)
+#  ifdef HAVE_PROCESS_H
+#    include <process.h>
+#  endif
+#endif
+
+#include "polarssl_threadlock.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* number of thread locks */
+#define NUMT                    2
+
+/* This array will store all of the mutexes available to PolarSSL. */
+static POLARSSL_MUTEX_T *mutex_buf = NULL;
+
+int polarsslthreadlock_thread_setup(void)
+{
+  int i;
+  int ret;
+
+  mutex_buf = malloc(NUMT * sizeof(POLARSSL_MUTEX_T));
+  if(!mutex_buf)
+    return 0;     /* error, no number of threads defined */
+
+#ifdef HAVE_PTHREAD_H
+  for(i = 0;  i < NUMT;  i++) {
+    ret = pthread_mutex_init(&mutex_buf[i], NULL);
+    if(ret)
+      return 0; /* pthread_mutex_init failed */
+  }
+#elif defined(HAVE_PROCESS_H)
+  for(i = 0;  i < NUMT;  i++) {
+    mutex_buf[i] = CreateMutex(0, FALSE, 0);
+    if(mutex_buf[i] == 0)
+      return 0;  /* CreateMutex failed */
+  }
+#endif /* HAVE_PTHREAD_H */
+
+  return 1; /* OK */
+}
+
+int polarsslthreadlock_thread_cleanup(void)
+{
+  int i;
+  int ret;
+
+  if(!mutex_buf)
+    return 0; /* error, no threads locks defined */
+
+#ifdef HAVE_PTHREAD_H
+  for(i = 0; i < NUMT; i++) {
+    ret = pthread_mutex_destroy(&mutex_buf[i]);
+    if(ret)
+      return 0; /* pthread_mutex_destroy failed */
+  }
+#elif defined(HAVE_PROCESS_H)
+  for(i = 0; i < NUMT; i++) {
+    ret = CloseHandle(mutex_buf[i]);
+    if(!ret)
+      return 0; /* CloseHandle failed */
+  }
+#endif /* HAVE_PTHREAD_H */
+  free(mutex_buf);
+  mutex_buf = NULL;
+
+  return 1; /* OK */
+}
+
+int polarsslthreadlock_lock_function(int n)
+{
+  int ret;
+#ifdef HAVE_PTHREAD_H
+  if(n < NUMT) {
+    ret = pthread_mutex_lock(&mutex_buf[n]);
+    if(ret) {
+      DEBUGF(fprintf(stderr,
+                     "Error: polarsslthreadlock_lock_function failed\n"));
+      return 0; /* pthread_mutex_lock failed */
+    }
+  }
+#elif defined(HAVE_PROCESS_H)
+  if(n < NUMT) {
+    ret = (WaitForSingleObject(mutex_buf[n], INFINITE)==WAIT_FAILED?1:0);
+    if(ret) {
+      DEBUGF(fprintf(stderr,
+                     "Error: polarsslthreadlock_lock_function failed\n"));
+      return 0; /* pthread_mutex_lock failed */
+    }
+  }
+#endif /* HAVE_PTHREAD_H */
+  return 1; /* OK */
+}
+
+int polarsslthreadlock_unlock_function(int n)
+{
+  int ret;
+#ifdef HAVE_PTHREAD_H
+  if(n < NUMT) {
+    ret = pthread_mutex_unlock(&mutex_buf[n]);
+    if(ret) {
+      DEBUGF(fprintf(stderr,
+                     "Error: polarsslthreadlock_unlock_function failed\n"));
+      return 0; /* pthread_mutex_unlock failed */
+    }
+  }
+#elif defined(HAVE_PROCESS_H)
+  if(n < NUMT) {
+    ret = ReleaseMutex(mutex_buf[n]);
+    if(!ret) {
+      DEBUGF(fprintf(stderr,
+                     "Error: polarsslthreadlock_unlock_function failed\n"));
+      return 0; /* pthread_mutex_lock failed */
+    }
+  }
+#endif /* HAVE_PTHREAD_H */
+  return 1; /* OK */
+}
+
+#endif /* USE_POLARSSL */
diff --git a/Utilities/cmcurl/lib/vtls/polarssl_threadlock.h b/Utilities/cmcurl/lib/vtls/polarssl_threadlock.h
new file mode 100644
index 0000000..b67b3f9
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/polarssl_threadlock.h
@@ -0,0 +1,53 @@
+#ifndef HEADER_CURL_POLARSSL_THREADLOCK_H
+#define HEADER_CURL_POLARSSL_THREADLOCK_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_POLARSSL
+
+#if defined(USE_THREADS_POSIX)
+#  define POLARSSL_MUTEX_T       pthread_mutex_t
+#elif defined(USE_THREADS_WIN32)
+#  define POLARSSL_MUTEX_T       HANDLE
+#endif
+
+#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
+
+int polarsslthreadlock_thread_setup(void);
+int polarsslthreadlock_thread_cleanup(void);
+int polarsslthreadlock_lock_function(int n);
+int polarsslthreadlock_unlock_function(int n);
+
+#else
+
+#define polarsslthreadlock_thread_setup() 1
+#define polarsslthreadlock_thread_cleanup() 1
+#define polarsslthreadlock_lock_function(x) 1
+#define polarsslthreadlock_unlock_function(x) 1
+
+#endif /* USE_THREADS_POSIX || USE_THREADS_WIN32 */
+
+#endif /* USE_POLARSSL */
+
+#endif /* HEADER_CURL_POLARSSL_THREADLOCK_H */
diff --git a/Utilities/cmcurl/lib/vtls/qssl.c b/Utilities/cmcurl/lib/vtls/qssl.c
new file mode 100644
index 0000000..4c32053
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/qssl.c
@@ -0,0 +1,527 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_QSOSSL
+
+#include <qsossl.h>
+
+#ifdef HAVE_LIMITS_H
+#  include <limits.h>
+#endif
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "sendf.h"
+#include "qssl.h"
+#include "vtls.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "x509asn1.h"
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+
+int Curl_qsossl_init(void)
+
+{
+  /* Nothing to do here. We must have connection data to initialize ssl, so
+   * defer.
+   */
+
+  return 1;
+}
+
+
+void Curl_qsossl_cleanup(void)
+
+{
+  /* Nothing to do. */
+}
+
+
+static CURLcode Curl_qsossl_init_session(struct SessionHandle * data)
+
+{
+  int rc;
+  char * certname;
+  SSLInit initstr;
+  SSLInitApp initappstr;
+
+  /* Initialize the job for SSL according to the current parameters.
+   * QsoSSL offers two ways to do it: SSL_Init_Application() that uses an
+   *  application identifier to select certificates in the main certificate
+   *  store, and SSL_Init() that uses named keyring files and a password.
+   * It is not possible to have different keyrings for the CAs and the
+   *  local certificate. We thus use the certificate name to identify the
+   *  keyring if given, else the CA file name.
+   * If the key file name is given, it is taken as the password for the
+   *  keyring in certificate file.
+   * We first try to SSL_Init_Application(), then SSL_Init() if it failed.
+   */
+
+  certname = data->set.str[STRING_CERT];
+
+  if(!certname) {
+    certname = data->set.str[STRING_SSL_CAFILE];
+
+    if(!certname)
+      return CURLE_OK;          /* Use previous setup. */
+    }
+
+  memset((char *) &initappstr, 0, sizeof initappstr);
+  initappstr.applicationID = certname;
+  initappstr.applicationIDLen = strlen(certname);
+  initappstr.protocol = SSL_VERSION_CURRENT;    /* TLSV1 compat. SSLV[23]. */
+  initappstr.sessionType = SSL_REGISTERED_AS_CLIENT;
+  rc = SSL_Init_Application(&initappstr);
+
+  if(rc == SSL_ERROR_NOT_REGISTERED) {
+    initstr.keyringFileName = certname;
+    initstr.keyringPassword = data->set.str[STRING_KEY];
+    initstr.cipherSuiteList = NULL;    /* Use default. */
+    initstr.cipherSuiteListLen = 0;
+    rc = SSL_Init(&initstr);
+    }
+
+  switch (rc) {
+
+  case 0:                             /* No error. */
+    break;
+
+  case SSL_ERROR_IO:
+    failf(data, "SSL_Init() I/O error: %s", strerror(errno));
+    return CURLE_SSL_CONNECT_ERROR;
+
+  case SSL_ERROR_BAD_CIPHER_SUITE:
+    return CURLE_SSL_CIPHER;
+
+  case SSL_ERROR_KEYPASSWORD_EXPIRED:
+  case SSL_ERROR_NOT_REGISTERED:
+    return CURLE_SSL_CONNECT_ERROR;
+
+  case SSL_ERROR_NO_KEYRING:
+    return CURLE_SSL_CACERT;
+
+  case SSL_ERROR_CERT_EXPIRED:
+    return CURLE_SSL_CERTPROBLEM;
+
+  default:
+    failf(data, "SSL_Init(): %s", SSL_Strerror(rc, NULL));
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  return CURLE_OK;
+}
+
+
+static CURLcode Curl_qsossl_create(struct connectdata * conn, int sockindex)
+
+{
+  SSLHandle * h;
+  struct ssl_connect_data * connssl = &conn->ssl[sockindex];
+
+  h = SSL_Create(conn->sock[sockindex], SSL_ENCRYPT);
+
+  if(!h) {
+    failf(conn->data, "SSL_Create() I/O error: %s", strerror(errno));
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  connssl->handle = h;
+  return CURLE_OK;
+}
+
+
+static int Curl_qsossl_trap_cert(SSLHandle * h)
+
+{
+  return 1;       /* Accept certificate. */
+}
+
+
+static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex)
+
+{
+  int rc;
+  struct SessionHandle * data = conn->data;
+  struct ssl_connect_data * connssl = &conn->ssl[sockindex];
+  SSLHandle * h = connssl->handle;
+  long timeout_ms;
+
+  h->exitPgm = data->set.ssl.verifypeer? NULL: Curl_qsossl_trap_cert;
+
+  /* figure out how long time we should wait at maximum */
+  timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+  if(timeout_ms < 0) {
+    /* time-out, bail out, go home */
+    failf(data, "Connection time-out");
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  /* SSL_Handshake() timeout resolution is second, so round up. */
+  h->timeout = (timeout_ms + 1000 - 1) / 1000;
+
+  /* Set-up protocol. */
+
+  switch (data->set.ssl.version) {
+
+  default:
+  case CURL_SSLVERSION_DEFAULT:
+    h->protocol = SSL_VERSION_CURRENT;          /* TLSV1 compat. SSLV[23]. */
+    break;
+
+  case CURL_SSLVERSION_TLSv1:
+    h->protocol = TLS_VERSION_1;
+    break;
+
+  case CURL_SSLVERSION_SSLv2:
+    h->protocol = SSL_VERSION_2;
+    break;
+
+  case CURL_SSLVERSION_SSLv3:
+    h->protocol = SSL_VERSION_3;
+    break;
+
+  case CURL_SSLVERSION_TLSv1_0:
+  case CURL_SSLVERSION_TLSv1_1:
+  case CURL_SSLVERSION_TLSv1_2:
+    failf(data, "TLS minor version cannot be set");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  h->peerCert = NULL;
+  h->peerCertLen = 0;
+  rc = SSL_Handshake(h, SSL_HANDSHAKE_AS_CLIENT);
+
+  switch (rc) {
+
+  case 0:                             /* No error. */
+    break;
+
+  case SSL_ERROR_BAD_CERTIFICATE:
+  case SSL_ERROR_BAD_CERT_SIG:
+  case SSL_ERROR_NOT_TRUSTED_ROOT:
+    return CURLE_PEER_FAILED_VERIFICATION;
+
+  case SSL_ERROR_BAD_CIPHER_SUITE:
+  case SSL_ERROR_NO_CIPHERS:
+    return CURLE_SSL_CIPHER;
+
+  case SSL_ERROR_CERTIFICATE_REJECTED:
+  case SSL_ERROR_CERT_EXPIRED:
+  case SSL_ERROR_NO_CERTIFICATE:
+    return CURLE_SSL_CERTPROBLEM;
+
+  case SSL_ERROR_IO:
+    failf(data, "SSL_Handshake() I/O error: %s", strerror(errno));
+    return CURLE_SSL_CONNECT_ERROR;
+
+  default:
+    failf(data, "SSL_Handshake(): %s", SSL_Strerror(rc, NULL));
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* Verify host. */
+  rc = Curl_verifyhost(conn, h->peerCert, h->peerCert + h->peerCertLen);
+  if(rc != CURLE_OK)
+    return rc;
+
+  /* Gather certificate info. */
+  if(data->set.ssl.certinfo) {
+    if(Curl_ssl_init_certinfo(data, 1))
+      return CURLE_OUT_OF_MEMORY;
+    if(h->peerCert) {
+      rc = Curl_extract_certinfo(conn, 0, h->peerCert,
+                                 h->peerCert + h->peerCertLen);
+      if(rc != CURLE_OK)
+        return rc;
+    }
+  }
+
+  return CURLE_OK;
+}
+
+
+static Curl_recv qsossl_recv;
+static Curl_send qsossl_send;
+
+CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex)
+
+{
+  struct SessionHandle * data = conn->data;
+  struct ssl_connect_data * connssl = &conn->ssl[sockindex];
+  int rc;
+
+  rc = Curl_qsossl_init_session(data);
+
+  if(rc == CURLE_OK) {
+    rc = Curl_qsossl_create(conn, sockindex);
+
+    if(rc == CURLE_OK) {
+      rc = Curl_qsossl_handshake(conn, sockindex);
+      if(rc != CURLE_OK)
+        SSL_Destroy(connssl->handle);
+    }
+  }
+
+  if(rc == CURLE_OK) {
+    conn->recv[sockindex] = qsossl_recv;
+    conn->send[sockindex] = qsossl_send;
+    connssl->state = ssl_connection_complete;
+  }
+  else {
+    connssl->handle = NULL;
+    connssl->use = FALSE;
+    connssl->state = ssl_connection_none;
+  }
+
+  return rc;
+}
+
+
+static int Curl_qsossl_close_one(struct ssl_connect_data * conn,
+                                 struct SessionHandle * data)
+
+{
+  int rc;
+
+  if(!conn->handle)
+    return 0;
+
+  rc = SSL_Destroy(conn->handle);
+
+  if(rc) {
+    if(rc == SSL_ERROR_IO) {
+      failf(data, "SSL_Destroy() I/O error: %s", strerror(errno));
+      return -1;
+    }
+
+    /* An SSL error. */
+    failf(data, "SSL_Destroy() returned error %s", SSL_Strerror(rc, NULL));
+    return -1;
+  }
+
+  conn->handle = NULL;
+  return 0;
+}
+
+
+void Curl_qsossl_close(struct connectdata *conn, int sockindex)
+
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  if(connssl->use)
+    (void) Curl_qsossl_close_one(connssl, data);
+}
+
+
+int Curl_qsossl_close_all(struct SessionHandle * data)
+
+{
+  /* Unimplemented. */
+  (void) data;
+  return 0;
+}
+
+
+int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex)
+
+{
+  struct ssl_connect_data * connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  ssize_t nread;
+  int what;
+  int rc;
+  char buf[120];
+
+  if(!connssl->handle)
+    return 0;
+
+  if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
+    return 0;
+
+  if(Curl_qsossl_close_one(connssl, data))
+    return -1;
+
+  rc = 0;
+
+  what = Curl_socket_ready(conn->sock[sockindex],
+                           CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+
+  for(;;) {
+    if(what < 0) {
+      /* anything that gets here is fatally bad */
+      failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+      rc = -1;
+      break;
+    }
+
+    if(!what) {                                /* timeout */
+      failf(data, "SSL shutdown timeout");
+      break;
+    }
+
+    /* Something to read, let's do it and hope that it is the close
+       notify alert from the server. No way to SSL_Read now, so use read(). */
+
+    nread = read(conn->sock[sockindex], buf, sizeof(buf));
+
+    if(nread < 0) {
+      failf(data, "read: %s", strerror(errno));
+      rc = -1;
+    }
+
+    if(nread <= 0)
+      break;
+
+    what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
+  }
+
+  return rc;
+}
+
+
+static ssize_t qsossl_send(struct connectdata * conn, int sockindex,
+                           const void * mem, size_t len, CURLcode * curlcode)
+
+{
+  /* SSL_Write() is said to return 'int' while write() and send() returns
+     'size_t' */
+  int rc;
+
+  rc = SSL_Write(conn->ssl[sockindex].handle, (void *) mem, (int) len);
+
+  if(rc < 0) {
+    switch(rc) {
+
+    case SSL_ERROR_BAD_STATE:
+      /* The operation did not complete; the same SSL I/O function
+         should be called again later. This is basically an EWOULDBLOCK
+         equivalent. */
+      *curlcode = CURLE_AGAIN;
+      return -1;
+
+    case SSL_ERROR_IO:
+      switch (errno) {
+      case EWOULDBLOCK:
+      case EINTR:
+        *curlcode = CURLE_AGAIN;
+        return -1;
+        }
+
+      failf(conn->data, "SSL_Write() I/O error: %s", strerror(errno));
+      *curlcode = CURLE_SEND_ERROR;
+      return -1;
+    }
+
+    /* An SSL error. */
+    failf(conn->data, "SSL_Write() returned error %s",
+          SSL_Strerror(rc, NULL));
+    *curlcode = CURLE_SEND_ERROR;
+    return -1;
+  }
+
+  return (ssize_t) rc; /* number of bytes */
+}
+
+
+static ssize_t qsossl_recv(struct connectdata * conn, int num, char * buf,
+                           size_t buffersize, CURLcode * curlcode)
+
+{
+  char error_buffer[120]; /* OpenSSL documents that this must be at
+                             least 120 bytes long. */
+  unsigned long sslerror;
+  int buffsize;
+  int nread;
+
+  buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
+  nread = SSL_Read(conn->ssl[num].handle, buf, buffsize);
+
+  if(nread < 0) {
+    /* failed SSL_read */
+
+    switch (nread) {
+
+    case SSL_ERROR_BAD_STATE:
+      /* there's data pending, re-invoke SSL_Read(). */
+      *curlcode = CURLE_AGAIN;
+      return -1;
+
+    case SSL_ERROR_IO:
+      switch (errno) {
+      case EWOULDBLOCK:
+        *curlcode = CURLE_AGAIN;
+        return -1;
+        }
+
+      failf(conn->data, "SSL_Read() I/O error: %s", strerror(errno));
+      *curlcode = CURLE_RECV_ERROR;
+      return -1;
+
+    default:
+      failf(conn->data, "SSL read error: %s", SSL_Strerror(nread, NULL));
+      *curlcode = CURLE_RECV_ERROR;
+      return -1;
+    }
+  }
+  return (ssize_t) nread;
+}
+
+
+size_t Curl_qsossl_version(char * buffer, size_t size)
+
+{
+  strncpy(buffer, "IBM OS/400 SSL", size);
+  return strlen(buffer);
+}
+
+
+int Curl_qsossl_check_cxn(struct connectdata * cxn)
+
+{
+  int err;
+  int errlen;
+
+  /* The only thing that can be tested here is at the socket level. */
+
+  if(!cxn->ssl[FIRSTSOCKET].handle)
+    return 0; /* connection has been closed */
+
+  err = 0;
+  errlen = sizeof err;
+
+  if(getsockopt(cxn->sock[FIRSTSOCKET], SOL_SOCKET, SO_ERROR,
+                 (unsigned char *) &err, &errlen) ||
+      errlen != sizeof err || err)
+    return 0; /* connection has been closed */
+
+  return -1;  /* connection status unknown */
+}
+
+#endif /* USE_QSOSSL */
diff --git a/Utilities/cmcurl/lib/vtls/qssl.h b/Utilities/cmcurl/lib/vtls/qssl.h
new file mode 100644
index 0000000..9764eec
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/qssl.h
@@ -0,0 +1,62 @@
+#ifndef HEADER_CURL_QSSL_H
+#define HEADER_CURL_QSSL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+/*
+ * This header should only be needed to get included by vtls.c and qssl.c
+ */
+
+#include "urldata.h"
+
+#ifdef USE_QSOSSL
+int Curl_qsossl_init(void);
+void Curl_qsossl_cleanup(void);
+CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex);
+void Curl_qsossl_close(struct connectdata *conn, int sockindex);
+int Curl_qsossl_close_all(struct SessionHandle * data);
+int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex);
+
+size_t Curl_qsossl_version(char * buffer, size_t size);
+int Curl_qsossl_check_cxn(struct connectdata * cxn);
+
+/* API setup for QsoSSL */
+#define curlssl_init Curl_qsossl_init
+#define curlssl_cleanup Curl_qsossl_cleanup
+#define curlssl_connect Curl_qsossl_connect
+
+/*  No session handling for QsoSSL */
+#define curlssl_session_free(x) Curl_nop_stmt
+#define curlssl_close_all Curl_qsossl_close_all
+#define curlssl_close Curl_qsossl_close
+#define curlssl_shutdown(x,y) Curl_qsossl_shutdown(x,y)
+#define curlssl_set_engine(x,y) CURLE_NOT_BUILT_IN
+#define curlssl_set_engine_default(x) CURLE_NOT_BUILT_IN
+#define curlssl_engines_list(x) NULL
+#define curlssl_version Curl_qsossl_version
+#define curlssl_check_cxn(x) Curl_qsossl_check_cxn(x)
+#define curlssl_data_pending(x,y) 0
+#define CURL_SSL_BACKEND CURLSSLBACKEND_QSOSSL
+#endif /* USE_QSOSSL */
+
+#endif /* HEADER_CURL_QSSL_H */
diff --git a/Utilities/cmcurl/lib/vtls/vtls.c b/Utilities/cmcurl/lib/vtls/vtls.c
new file mode 100644
index 0000000..88511b8
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/vtls.c
@@ -0,0 +1,705 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* This file is for implementing all "generic" SSL functions that all libcurl
+   internals should use. It is then responsible for calling the proper
+   "backend" function.
+
+   SSL-functions in libcurl should call functions in this source file, and not
+   to any specific SSL-layer.
+
+   Curl_ssl_ - prefix for generic ones
+   Curl_ossl_ - prefix for OpenSSL ones
+   Curl_gtls_ - prefix for GnuTLS ones
+   Curl_nss_ - prefix for NSS ones
+   Curl_qssl_ - prefix for QsoSSL ones
+   Curl_gskit_ - prefix for GSKit ones
+   Curl_polarssl_ - prefix for PolarSSL ones
+   Curl_cyassl_ - prefix for CyaSSL ones
+   Curl_schannel_ - prefix for Schannel SSPI ones
+   Curl_darwinssl_ - prefix for SecureTransport (Darwin) ones
+
+   Note that this source code uses curlssl_* functions, and they are all
+   defines/macros #defined by the lib-specific header files.
+
+   "SSL/TLS Strong Encryption: An Introduction"
+   http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html
+*/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include "urldata.h"
+
+#include "vtls.h" /* generic SSL protos etc */
+#include "openssl.h" /* OpenSSL versions */
+#include "gtls.h"   /* GnuTLS versions */
+#include "nssg.h"   /* NSS versions */
+#include "qssl.h"   /* QSOSSL versions */
+#include "gskit.h"  /* Global Secure ToolKit versions */
+#include "polarssl.h" /* PolarSSL versions */
+#include "axtls.h"  /* axTLS versions */
+#include "cyassl.h"  /* CyaSSL versions */
+#include "curl_schannel.h" /* Schannel SSPI version */
+#include "curl_darwinssl.h" /* SecureTransport (Darwin) version */
+#include "slist.h"
+#include "sendf.h"
+#include "rawstr.h"
+#include "url.h"
+#include "curl_memory.h"
+#include "progress.h"
+#include "share.h"
+#include "timeval.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* convenience macro to check if this handle is using a shared SSL session */
+#define SSLSESSION_SHARED(data) (data->share &&                        \
+                                 (data->share->specifier &             \
+                                  (1<<CURL_LOCK_DATA_SSL_SESSION)))
+
+static bool safe_strequal(char* str1, char* str2)
+{
+  if(str1 && str2)
+    /* both pointers point to something then compare them */
+    return (0 != Curl_raw_equal(str1, str2)) ? TRUE : FALSE;
+  else
+    /* if both pointers are NULL then treat them as equal */
+    return (!str1 && !str2) ? TRUE : FALSE;
+}
+
+bool
+Curl_ssl_config_matches(struct ssl_config_data* data,
+                        struct ssl_config_data* needle)
+{
+  if((data->version == needle->version) &&
+     (data->verifypeer == needle->verifypeer) &&
+     (data->verifyhost == needle->verifyhost) &&
+     safe_strequal(data->CApath, needle->CApath) &&
+     safe_strequal(data->CAfile, needle->CAfile) &&
+     safe_strequal(data->random_file, needle->random_file) &&
+     safe_strequal(data->egdsocket, needle->egdsocket) &&
+     safe_strequal(data->cipher_list, needle->cipher_list))
+    return TRUE;
+
+  return FALSE;
+}
+
+bool
+Curl_clone_ssl_config(struct ssl_config_data *source,
+                      struct ssl_config_data *dest)
+{
+  dest->sessionid = source->sessionid;
+  dest->verifyhost = source->verifyhost;
+  dest->verifypeer = source->verifypeer;
+  dest->version = source->version;
+
+  if(source->CAfile) {
+    dest->CAfile = strdup(source->CAfile);
+    if(!dest->CAfile)
+      return FALSE;
+  }
+  else
+    dest->CAfile = NULL;
+
+  if(source->CApath) {
+    dest->CApath = strdup(source->CApath);
+    if(!dest->CApath)
+      return FALSE;
+  }
+  else
+    dest->CApath = NULL;
+
+  if(source->cipher_list) {
+    dest->cipher_list = strdup(source->cipher_list);
+    if(!dest->cipher_list)
+      return FALSE;
+  }
+  else
+    dest->cipher_list = NULL;
+
+  if(source->egdsocket) {
+    dest->egdsocket = strdup(source->egdsocket);
+    if(!dest->egdsocket)
+      return FALSE;
+  }
+  else
+    dest->egdsocket = NULL;
+
+  if(source->random_file) {
+    dest->random_file = strdup(source->random_file);
+    if(!dest->random_file)
+      return FALSE;
+  }
+  else
+    dest->random_file = NULL;
+
+  return TRUE;
+}
+
+void Curl_free_ssl_config(struct ssl_config_data* sslc)
+{
+  Curl_safefree(sslc->CAfile);
+  Curl_safefree(sslc->CApath);
+  Curl_safefree(sslc->cipher_list);
+  Curl_safefree(sslc->egdsocket);
+  Curl_safefree(sslc->random_file);
+}
+
+
+/*
+ * Curl_rand() returns a random unsigned integer, 32bit.
+ *
+ * This non-SSL function is put here only because this file is the only one
+ * with knowledge of what the underlying SSL libraries provide in terms of
+ * randomizers.
+ *
+ * NOTE: 'data' may be passed in as NULL when coming from external API without
+ * easy handle!
+ *
+ */
+
+unsigned int Curl_rand(struct SessionHandle *data)
+{
+  unsigned int r;
+  static unsigned int randseed;
+  static bool seeded = FALSE;
+
+#ifdef CURLDEBUG
+  char *force_entropy = getenv("CURL_ENTROPY");
+  if(force_entropy) {
+    if(!seeded) {
+      size_t elen = strlen(force_entropy);
+      size_t clen = sizeof(randseed);
+      size_t min = elen < clen ? elen : clen;
+      memcpy((char *)&randseed, force_entropy, min);
+      seeded = TRUE;
+    }
+    else
+      randseed++;
+    return randseed;
+  }
+#endif
+
+  /* data may be NULL! */
+  if(!Curl_ssl_random(data, (unsigned char *)&r, sizeof(r)))
+    return r;
+
+  /* If Curl_ssl_random() returns non-zero it couldn't offer randomness and we
+     instead perform a "best effort" */
+
+#ifdef RANDOM_FILE
+  if(!seeded) {
+    /* if there's a random file to read a seed from, use it */
+    int fd = open(RANDOM_FILE, O_RDONLY);
+    if(fd > -1) {
+      /* read random data into the randseed variable */
+      ssize_t nread = read(fd, &randseed, sizeof(randseed));
+      if(nread == sizeof(randseed))
+        seeded = TRUE;
+      close(fd);
+    }
+  }
+#endif
+
+  if(!seeded) {
+    struct timeval now = curlx_tvnow();
+    infof(data, "WARNING: Using weak random seed\n");
+    randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;
+    randseed = randseed * 1103515245 + 12345;
+    randseed = randseed * 1103515245 + 12345;
+    randseed = randseed * 1103515245 + 12345;
+    seeded = TRUE;
+  }
+
+  /* Return an unsigned 32-bit pseudo-random number. */
+  r = randseed = randseed * 1103515245 + 12345;
+  return (r << 16) | ((r >> 16) & 0xFFFF);
+}
+
+int Curl_ssl_backend(void)
+{
+  return (int)CURL_SSL_BACKEND;
+}
+
+#ifdef USE_SSL
+
+/* "global" init done? */
+static bool init_ssl=FALSE;
+
+/**
+ * Global SSL init
+ *
+ * @retval 0 error initializing SSL
+ * @retval 1 SSL initialized successfully
+ */
+int Curl_ssl_init(void)
+{
+  /* make sure this is only done once */
+  if(init_ssl)
+    return 1;
+  init_ssl = TRUE; /* never again */
+
+  return curlssl_init();
+}
+
+
+/* Global cleanup */
+void Curl_ssl_cleanup(void)
+{
+  if(init_ssl) {
+    /* only cleanup if we did a previous init */
+    curlssl_cleanup();
+    init_ssl = FALSE;
+  }
+}
+
+CURLcode
+Curl_ssl_connect(struct connectdata *conn, int sockindex)
+{
+  CURLcode res;
+  /* mark this is being ssl-enabled from here on. */
+  conn->ssl[sockindex].use = TRUE;
+  conn->ssl[sockindex].state = ssl_connection_negotiating;
+
+  res = curlssl_connect(conn, sockindex);
+
+  if(!res)
+    Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
+
+  return res;
+}
+
+CURLcode
+Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
+                             bool *done)
+{
+  CURLcode res;
+  /* mark this is being ssl requested from here on. */
+  conn->ssl[sockindex].use = TRUE;
+#ifdef curlssl_connect_nonblocking
+  res = curlssl_connect_nonblocking(conn, sockindex, done);
+#else
+  *done = TRUE; /* fallback to BLOCKING */
+  res = curlssl_connect(conn, sockindex);
+#endif /* non-blocking connect support */
+  if(!res && *done)
+    Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
+  return res;
+}
+
+/*
+ * Check if there's a session ID for the given connection in the cache, and if
+ * there's one suitable, it is provided. Returns TRUE when no entry matched.
+ */
+int Curl_ssl_getsessionid(struct connectdata *conn,
+                          void **ssl_sessionid,
+                          size_t *idsize) /* set 0 if unknown */
+{
+  struct curl_ssl_session *check;
+  struct SessionHandle *data = conn->data;
+  size_t i;
+  long *general_age;
+  bool no_match = TRUE;
+
+  *ssl_sessionid = NULL;
+
+  if(!conn->ssl_config.sessionid)
+    /* session ID re-use is disabled */
+    return TRUE;
+
+  /* Lock if shared */
+  if(SSLSESSION_SHARED(data)) {
+    Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
+    general_age = &data->share->sessionage;
+  }
+  else
+    general_age = &data->state.sessionage;
+
+  for(i = 0; i < data->set.ssl.max_ssl_sessions; i++) {
+    check = &data->state.session[i];
+    if(!check->sessionid)
+      /* not session ID means blank entry */
+      continue;
+    if(Curl_raw_equal(conn->host.name, check->name) &&
+       (conn->remote_port == check->remote_port) &&
+       Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
+      /* yes, we have a session ID! */
+      (*general_age)++;          /* increase general age */
+      check->age = *general_age; /* set this as used in this age */
+      *ssl_sessionid = check->sessionid;
+      if(idsize)
+        *idsize = check->idsize;
+      no_match = FALSE;
+      break;
+    }
+  }
+
+  /* Unlock */
+  if(SSLSESSION_SHARED(data))
+    Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
+
+  return no_match;
+}
+
+/*
+ * Kill a single session ID entry in the cache.
+ */
+void Curl_ssl_kill_session(struct curl_ssl_session *session)
+{
+  if(session->sessionid) {
+    /* defensive check */
+
+    /* free the ID the SSL-layer specific way */
+    curlssl_session_free(session->sessionid);
+
+    session->sessionid = NULL;
+    session->age = 0; /* fresh */
+
+    Curl_free_ssl_config(&session->ssl_config);
+
+    Curl_safefree(session->name);
+  }
+}
+
+/*
+ * Delete the given session ID from the cache.
+ */
+void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
+{
+  size_t i;
+  struct SessionHandle *data=conn->data;
+
+  if(SSLSESSION_SHARED(data))
+    Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
+
+  for(i = 0; i < data->set.ssl.max_ssl_sessions; i++) {
+    struct curl_ssl_session *check = &data->state.session[i];
+
+    if(check->sessionid == ssl_sessionid) {
+      Curl_ssl_kill_session(check);
+      break;
+    }
+  }
+
+  if(SSLSESSION_SHARED(data))
+    Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
+}
+
+/*
+ * Store session id in the session cache. The ID passed on to this function
+ * must already have been extracted and allocated the proper way for the SSL
+ * layer. Curl_XXXX_session_free() will be called to free/kill the session ID
+ * later on.
+ */
+CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
+                               void *ssl_sessionid,
+                               size_t idsize)
+{
+  size_t i;
+  struct SessionHandle *data=conn->data; /* the mother of all structs */
+  struct curl_ssl_session *store = &data->state.session[0];
+  long oldest_age=data->state.session[0].age; /* zero if unused */
+  char *clone_host;
+  long *general_age;
+
+  /* Even though session ID re-use might be disabled, that only disables USING
+     IT. We still store it here in case the re-using is again enabled for an
+     upcoming transfer */
+
+  clone_host = strdup(conn->host.name);
+  if(!clone_host)
+    return CURLE_OUT_OF_MEMORY; /* bail out */
+
+  /* Now we should add the session ID and the host name to the cache, (remove
+     the oldest if necessary) */
+
+  /* If using shared SSL session, lock! */
+  if(SSLSESSION_SHARED(data)) {
+    Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
+    general_age = &data->share->sessionage;
+  }
+  else {
+    general_age = &data->state.sessionage;
+  }
+
+  /* find an empty slot for us, or find the oldest */
+  for(i = 1; (i < data->set.ssl.max_ssl_sessions) &&
+        data->state.session[i].sessionid; i++) {
+    if(data->state.session[i].age < oldest_age) {
+      oldest_age = data->state.session[i].age;
+      store = &data->state.session[i];
+    }
+  }
+  if(i == data->set.ssl.max_ssl_sessions)
+    /* cache is full, we must "kill" the oldest entry! */
+    Curl_ssl_kill_session(store);
+  else
+    store = &data->state.session[i]; /* use this slot */
+
+  /* now init the session struct wisely */
+  store->sessionid = ssl_sessionid;
+  store->idsize = idsize;
+  store->age = *general_age;    /* set current age */
+  if(store->name)
+    /* free it if there's one already present */
+    free(store->name);
+  store->name = clone_host;               /* clone host name */
+  store->remote_port = conn->remote_port; /* port number */
+
+
+  /* Unlock */
+  if(SSLSESSION_SHARED(data))
+    Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
+
+  if(!Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config)) {
+    store->sessionid = NULL; /* let caller free sessionid */
+    free(clone_host);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  return CURLE_OK;
+}
+
+
+void Curl_ssl_close_all(struct SessionHandle *data)
+{
+  size_t i;
+  /* kill the session ID cache if not shared */
+  if(data->state.session && !SSLSESSION_SHARED(data)) {
+    for(i = 0; i < data->set.ssl.max_ssl_sessions; i++)
+      /* the single-killer function handles empty table slots */
+      Curl_ssl_kill_session(&data->state.session[i]);
+
+    /* free the cache data */
+    Curl_safefree(data->state.session);
+  }
+
+  curlssl_close_all(data);
+}
+
+void Curl_ssl_close(struct connectdata *conn, int sockindex)
+{
+  DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
+  curlssl_close(conn, sockindex);
+}
+
+CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
+{
+  if(curlssl_shutdown(conn, sockindex))
+    return CURLE_SSL_SHUTDOWN_FAILED;
+
+  conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */
+  conn->ssl[sockindex].state = ssl_connection_none;
+
+  conn->recv[sockindex] = Curl_recv_plain;
+  conn->send[sockindex] = Curl_send_plain;
+
+  return CURLE_OK;
+}
+
+/* Selects an SSL crypto engine
+ */
+CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
+{
+  return curlssl_set_engine(data, engine);
+}
+
+/* Selects the default SSL crypto engine
+ */
+CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
+{
+  return curlssl_set_engine_default(data);
+}
+
+/* Return list of OpenSSL crypto engine names. */
+struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
+{
+  return curlssl_engines_list(data);
+}
+
+/*
+ * This sets up a session ID cache to the specified size. Make sure this code
+ * is agnostic to what underlying SSL technology we use.
+ */
+CURLcode Curl_ssl_initsessions(struct SessionHandle *data, size_t amount)
+{
+  struct curl_ssl_session *session;
+
+  if(data->state.session)
+    /* this is just a precaution to prevent multiple inits */
+    return CURLE_OK;
+
+  session = calloc(amount, sizeof(struct curl_ssl_session));
+  if(!session)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* store the info in the SSL section */
+  data->set.ssl.max_ssl_sessions = amount;
+  data->state.session = session;
+  data->state.sessionage = 1; /* this is brand new */
+  return CURLE_OK;
+}
+
+size_t Curl_ssl_version(char *buffer, size_t size)
+{
+  return curlssl_version(buffer, size);
+}
+
+/*
+ * This function tries to determine connection status.
+ *
+ * Return codes:
+ *     1 means the connection is still in place
+ *     0 means the connection has been closed
+ *    -1 means the connection status is unknown
+ */
+int Curl_ssl_check_cxn(struct connectdata *conn)
+{
+  return curlssl_check_cxn(conn);
+}
+
+bool Curl_ssl_data_pending(const struct connectdata *conn,
+                           int connindex)
+{
+  return curlssl_data_pending(conn, connindex);
+}
+
+void Curl_ssl_free_certinfo(struct SessionHandle *data)
+{
+  int i;
+  struct curl_certinfo *ci = &data->info.certs;
+  if(ci->num_of_certs) {
+    /* free all individual lists used */
+    for(i=0; i<ci->num_of_certs; i++) {
+      curl_slist_free_all(ci->certinfo[i]);
+      ci->certinfo[i] = NULL;
+    }
+    free(ci->certinfo); /* free the actual array too */
+    ci->certinfo = NULL;
+    ci->num_of_certs = 0;
+  }
+}
+
+int Curl_ssl_init_certinfo(struct SessionHandle * data,
+                           int num)
+{
+  struct curl_certinfo * ci = &data->info.certs;
+  struct curl_slist * * table;
+
+  /* Initialize the certificate information structures. Return 0 if OK, else 1.
+   */
+  Curl_ssl_free_certinfo(data);
+  ci->num_of_certs = num;
+  table = calloc((size_t) num, sizeof(struct curl_slist *));
+  if(!table)
+    return 1;
+
+  ci->certinfo = table;
+  return 0;
+}
+
+/*
+ * 'value' is NOT a zero terminated string
+ */
+CURLcode Curl_ssl_push_certinfo_len(struct SessionHandle *data,
+                                    int certnum,
+                                    const char *label,
+                                    const char *value,
+                                    size_t valuelen)
+{
+  struct curl_certinfo * ci = &data->info.certs;
+  char * output;
+  struct curl_slist * nl;
+  CURLcode res = CURLE_OK;
+  size_t labellen = strlen(label);
+  size_t outlen = labellen + 1 + valuelen + 1; /* label:value\0 */
+
+  output = malloc(outlen);
+  if(!output)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* sprintf the label and colon */
+  snprintf(output, outlen, "%s:", label);
+
+  /* memcpy the value (it might not be zero terminated) */
+  memcpy(&output[labellen+1], value, valuelen);
+
+  /* zero terminate the output */
+  output[labellen + 1 + valuelen] = 0;
+
+  nl = Curl_slist_append_nodup(ci->certinfo[certnum], output);
+  if(!nl) {
+    free(output);
+    curl_slist_free_all(ci->certinfo[certnum]);
+    res = CURLE_OUT_OF_MEMORY;
+  }
+
+  ci->certinfo[certnum] = nl;
+  return res;
+}
+
+/*
+ * This is a convenience function for push_certinfo_len that takes a zero
+ * terminated value.
+ */
+CURLcode Curl_ssl_push_certinfo(struct SessionHandle *data,
+                                int certnum,
+                                const char *label,
+                                const char *value)
+{
+  size_t valuelen = strlen(value);
+
+  return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen);
+}
+
+int Curl_ssl_random(struct SessionHandle *data,
+                     unsigned char *entropy,
+                     size_t length)
+{
+  return curlssl_random(data, entropy, length);
+}
+
+#ifdef have_curlssl_md5sum
+void Curl_ssl_md5sum(unsigned char *tmp, /* input */
+                     size_t tmplen,
+                     unsigned char *md5sum, /* output */
+                     size_t md5len)
+{
+  curlssl_md5sum(tmp, tmplen, md5sum, md5len);
+}
+#endif
+
+#endif /* USE_SSL */
diff --git a/Utilities/cmcurl/lib/vtls/vtls.h b/Utilities/cmcurl/lib/vtls/vtls.h
new file mode 100644
index 0000000..e21fdef
--- /dev/null
+++ b/Utilities/cmcurl/lib/vtls/vtls.h
@@ -0,0 +1,132 @@
+#ifndef HEADER_CURL_VTLS_H
+#define HEADER_CURL_VTLS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifndef MD5_DIGEST_LENGTH
+#define MD5_DIGEST_LENGTH 16 /* fixed size */
+#endif
+
+/* see http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 */
+#define ALPN_HTTP_1_1_LENGTH 8
+#define ALPN_HTTP_1_1 "http/1.1"
+
+bool Curl_ssl_config_matches(struct ssl_config_data* data,
+                             struct ssl_config_data* needle);
+bool Curl_clone_ssl_config(struct ssl_config_data* source,
+                           struct ssl_config_data* dest);
+void Curl_free_ssl_config(struct ssl_config_data* sslc);
+
+unsigned int Curl_rand(struct SessionHandle *);
+
+int Curl_ssl_backend(void);
+
+#ifdef USE_SSL
+int Curl_ssl_init(void);
+void Curl_ssl_cleanup(void);
+CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
+CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
+                                      int sockindex,
+                                      bool *done);
+/* tell the SSL stuff to close down all open information regarding
+   connections (and thus session ID caching etc) */
+void Curl_ssl_close_all(struct SessionHandle *data);
+void Curl_ssl_close(struct connectdata *conn, int sockindex);
+CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
+CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine);
+/* Sets engine as default for all SSL operations */
+CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data);
+struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data);
+
+/* init the SSL session ID cache */
+CURLcode Curl_ssl_initsessions(struct SessionHandle *, size_t);
+size_t Curl_ssl_version(char *buffer, size_t size);
+bool Curl_ssl_data_pending(const struct connectdata *conn,
+                           int connindex);
+int Curl_ssl_check_cxn(struct connectdata *conn);
+
+/* Certificate information list handling. */
+
+void Curl_ssl_free_certinfo(struct SessionHandle *data);
+int Curl_ssl_init_certinfo(struct SessionHandle * data, int num);
+CURLcode Curl_ssl_push_certinfo_len(struct SessionHandle * data, int certnum,
+                                    const char * label, const char * value,
+                                    size_t valuelen);
+CURLcode Curl_ssl_push_certinfo(struct SessionHandle * data, int certnum,
+                                const char * label, const char * value);
+
+/* Functions to be used by SSL library adaptation functions */
+
+/* extract a session ID */
+int Curl_ssl_getsessionid(struct connectdata *conn,
+                          void **ssl_sessionid,
+                          size_t *idsize) /* set 0 if unknown */;
+/* add a new session ID */
+CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
+                               void *ssl_sessionid,
+                               size_t idsize);
+/* Kill a single session ID entry in the cache */
+void Curl_ssl_kill_session(struct curl_ssl_session *session);
+/* delete a session from the cache */
+void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid);
+
+/* get N random bytes into the buffer, return 0 if a find random is filled
+   in */
+int Curl_ssl_random(struct SessionHandle *data, unsigned char *buffer,
+                    size_t length);
+void Curl_ssl_md5sum(unsigned char *tmp, /* input */
+                     size_t tmplen,
+                     unsigned char *md5sum, /* output */
+                     size_t md5len);
+
+#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
+
+#ifdef have_curlssl_md5sum
+#define HAVE_CURL_SSL_MD5SUM
+#endif
+
+#else
+/* When SSL support is not present, just define away these function calls */
+#define Curl_ssl_init() 1
+#define Curl_ssl_cleanup() Curl_nop_stmt
+#define Curl_ssl_connect(x,y) CURLE_NOT_BUILT_IN
+#define Curl_ssl_close_all(x) Curl_nop_stmt
+#define Curl_ssl_close(x,y) Curl_nop_stmt
+#define Curl_ssl_shutdown(x,y) CURLE_NOT_BUILT_IN
+#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
+#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
+#define Curl_ssl_engines_list(x) NULL
+#define Curl_ssl_send(a,b,c,d,e) -1
+#define Curl_ssl_recv(a,b,c,d,e) -1
+#define Curl_ssl_initsessions(x,y) CURLE_OK
+#define Curl_ssl_version(x,y) 0
+#define Curl_ssl_data_pending(x,y) 0
+#define Curl_ssl_check_cxn(x) 0
+#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
+#define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN
+#define Curl_ssl_kill_session(x) Curl_nop_stmt
+#define Curl_ssl_random(x,y,z) CURLE_NOT_BUILT_IN
+#define CURL_SSL_BACKEND CURLSSLBACKEND_NONE
+#endif
+
+#endif /* HEADER_CURL_VTLS_H */
diff --git a/Utilities/cmcurl/lib/warnless.c b/Utilities/cmcurl/lib/warnless.c
new file mode 100644
index 0000000..8c130d3
--- /dev/null
+++ b/Utilities/cmcurl/lib/warnless.c
@@ -0,0 +1,486 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(__INTEL_COMPILER) && defined(__unix__)
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#endif /* __INTEL_COMPILER && __unix__ */
+
+#define BUILDING_WARNLESS_C 1
+
+#include "warnless.h"
+
+#define CURL_MASK_SCHAR  0x7F
+#define CURL_MASK_UCHAR  0xFF
+
+#if (SIZEOF_SHORT == 2)
+#  define CURL_MASK_SSHORT  0x7FFF
+#  define CURL_MASK_USHORT  0xFFFF
+#elif (SIZEOF_SHORT == 4)
+#  define CURL_MASK_SSHORT  0x7FFFFFFF
+#  define CURL_MASK_USHORT  0xFFFFFFFF
+#elif (SIZEOF_SHORT == 8)
+#  define CURL_MASK_SSHORT  0x7FFFFFFFFFFFFFFF
+#  define CURL_MASK_USHORT  0xFFFFFFFFFFFFFFFF
+#else
+#  error "SIZEOF_SHORT not defined"
+#endif
+
+#if (SIZEOF_INT == 2)
+#  define CURL_MASK_SINT  0x7FFF
+#  define CURL_MASK_UINT  0xFFFF
+#elif (SIZEOF_INT == 4)
+#  define CURL_MASK_SINT  0x7FFFFFFF
+#  define CURL_MASK_UINT  0xFFFFFFFF
+#elif (SIZEOF_INT == 8)
+#  define CURL_MASK_SINT  0x7FFFFFFFFFFFFFFF
+#  define CURL_MASK_UINT  0xFFFFFFFFFFFFFFFF
+#elif (SIZEOF_INT == 16)
+#  define CURL_MASK_SINT  0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+#  define CURL_MASK_UINT  0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+#else
+#  error "SIZEOF_INT not defined"
+#endif
+
+#if (CURL_SIZEOF_LONG == 2)
+#  define CURL_MASK_SLONG  0x7FFFL
+#  define CURL_MASK_ULONG  0xFFFFUL
+#elif (CURL_SIZEOF_LONG == 4)
+#  define CURL_MASK_SLONG  0x7FFFFFFFL
+#  define CURL_MASK_ULONG  0xFFFFFFFFUL
+#elif (CURL_SIZEOF_LONG == 8)
+#  define CURL_MASK_SLONG  0x7FFFFFFFFFFFFFFFL
+#  define CURL_MASK_ULONG  0xFFFFFFFFFFFFFFFFUL
+#elif (CURL_SIZEOF_LONG == 16)
+#  define CURL_MASK_SLONG  0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL
+#  define CURL_MASK_ULONG  0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFUL
+#else
+#  error "CURL_SIZEOF_LONG not defined"
+#endif
+
+#if (CURL_SIZEOF_CURL_OFF_T == 2)
+#  define CURL_MASK_SCOFFT  CURL_OFF_T_C(0x7FFF)
+#  define CURL_MASK_UCOFFT  CURL_OFF_TU_C(0xFFFF)
+#elif (CURL_SIZEOF_CURL_OFF_T == 4)
+#  define CURL_MASK_SCOFFT  CURL_OFF_T_C(0x7FFFFFFF)
+#  define CURL_MASK_UCOFFT  CURL_OFF_TU_C(0xFFFFFFFF)
+#elif (CURL_SIZEOF_CURL_OFF_T == 8)
+#  define CURL_MASK_SCOFFT  CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF)
+#  define CURL_MASK_UCOFFT  CURL_OFF_TU_C(0xFFFFFFFFFFFFFFFF)
+#elif (CURL_SIZEOF_CURL_OFF_T == 16)
+#  define CURL_MASK_SCOFFT  CURL_OFF_T_C(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)
+#  define CURL_MASK_UCOFFT  CURL_OFF_TU_C(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)
+#else
+#  error "CURL_SIZEOF_CURL_OFF_T not defined"
+#endif
+
+#if (SIZEOF_SIZE_T == SIZEOF_SHORT)
+#  define CURL_MASK_SSIZE_T  CURL_MASK_SSHORT
+#  define CURL_MASK_USIZE_T  CURL_MASK_USHORT
+#elif (SIZEOF_SIZE_T == SIZEOF_INT)
+#  define CURL_MASK_SSIZE_T  CURL_MASK_SINT
+#  define CURL_MASK_USIZE_T  CURL_MASK_UINT
+#elif (SIZEOF_SIZE_T == CURL_SIZEOF_LONG)
+#  define CURL_MASK_SSIZE_T  CURL_MASK_SLONG
+#  define CURL_MASK_USIZE_T  CURL_MASK_ULONG
+#elif (SIZEOF_SIZE_T == CURL_SIZEOF_CURL_OFF_T)
+#  define CURL_MASK_SSIZE_T  CURL_MASK_SCOFFT
+#  define CURL_MASK_USIZE_T  CURL_MASK_UCOFFT
+#else
+#  error "SIZEOF_SIZE_T not defined"
+#endif
+
+/*
+** unsigned long to unsigned short
+*/
+
+unsigned short curlx_ultous(unsigned long ulnum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(ulnum <= (unsigned long) CURL_MASK_USHORT);
+  return (unsigned short)(ulnum & (unsigned long) CURL_MASK_USHORT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned long to unsigned char
+*/
+
+unsigned char curlx_ultouc(unsigned long ulnum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(ulnum <= (unsigned long) CURL_MASK_UCHAR);
+  return (unsigned char)(ulnum & (unsigned long) CURL_MASK_UCHAR);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned long to signed int
+*/
+
+int curlx_ultosi(unsigned long ulnum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(ulnum <= (unsigned long) CURL_MASK_SINT);
+  return (int)(ulnum & (unsigned long) CURL_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned size_t to signed curl_off_t
+*/
+
+curl_off_t curlx_uztoso(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(uznum <= (size_t) CURL_MASK_SCOFFT);
+  return (curl_off_t)(uznum & (size_t) CURL_MASK_SCOFFT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned size_t to signed int
+*/
+
+int curlx_uztosi(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(uznum <= (size_t) CURL_MASK_SINT);
+  return (int)(uznum & (size_t) CURL_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned size_t to unsigned long
+*/
+
+unsigned long curlx_uztoul(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+# pragma warning(push)
+# pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+#if (CURL_SIZEOF_LONG < SIZEOF_SIZE_T)
+  DEBUGASSERT(uznum <= (size_t) CURL_MASK_ULONG);
+#endif
+  return (unsigned long)(uznum & (size_t) CURL_MASK_ULONG);
+
+#ifdef __INTEL_COMPILER
+# pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned size_t to unsigned int
+*/
+
+unsigned int curlx_uztoui(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+# pragma warning(push)
+# pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+#if (SIZEOF_INT < SIZEOF_SIZE_T)
+  DEBUGASSERT(uznum <= (size_t) CURL_MASK_UINT);
+#endif
+  return (unsigned int)(uznum & (size_t) CURL_MASK_UINT);
+
+#ifdef __INTEL_COMPILER
+# pragma warning(pop)
+#endif
+}
+
+/*
+** signed long to signed int
+*/
+
+int curlx_sltosi(long slnum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(slnum >= 0);
+#if (SIZEOF_INT < CURL_SIZEOF_LONG)
+  DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_SINT);
+#endif
+  return (int)(slnum & (long) CURL_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed long to unsigned int
+*/
+
+unsigned int curlx_sltoui(long slnum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(slnum >= 0);
+#if (SIZEOF_INT < CURL_SIZEOF_LONG)
+  DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_UINT);
+#endif
+  return (unsigned int)(slnum & (long) CURL_MASK_UINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed long to unsigned short
+*/
+
+unsigned short curlx_sltous(long slnum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(slnum >= 0);
+  DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_USHORT);
+  return (unsigned short)(slnum & (long) CURL_MASK_USHORT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned size_t to signed ssize_t
+*/
+
+ssize_t curlx_uztosz(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(uznum <= (size_t) CURL_MASK_SSIZE_T);
+  return (ssize_t)(uznum & (size_t) CURL_MASK_SSIZE_T);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed curl_off_t to unsigned size_t
+*/
+
+size_t curlx_sotouz(curl_off_t sonum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(sonum >= 0);
+  return (size_t)(sonum & (curl_off_t) CURL_MASK_USIZE_T);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed ssize_t to signed int
+*/
+
+int curlx_sztosi(ssize_t sznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(sznum >= 0);
+#if (SIZEOF_INT < SIZEOF_SIZE_T)
+  DEBUGASSERT((size_t) sznum <= (size_t) CURL_MASK_SINT);
+#endif
+  return (int)(sznum & (ssize_t) CURL_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed int to unsigned size_t
+*/
+
+size_t curlx_sitouz(int sinum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(sinum >= 0);
+  return (size_t) sinum;
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+#ifdef USE_WINSOCK
+
+/*
+** curl_socket_t to signed int
+*/
+
+int curlx_sktosi(curl_socket_t s)
+{
+  return (int)((ssize_t) s);
+}
+
+/*
+** signed int to curl_socket_t
+*/
+
+curl_socket_t curlx_sitosk(int i)
+{
+  return (curl_socket_t)((ssize_t) i);
+}
+
+#endif /* USE_WINSOCK */
+
+#if defined(WIN32) || defined(_WIN32)
+
+ssize_t curlx_read(int fd, void *buf, size_t count)
+{
+  return (ssize_t)read(fd, buf, curlx_uztoui(count));
+}
+
+ssize_t curlx_write(int fd, const void *buf, size_t count)
+{
+  return (ssize_t)write(fd, buf, curlx_uztoui(count));
+}
+
+#endif /* WIN32 || _WIN32 */
+
+#if defined(__INTEL_COMPILER) && defined(__unix__)
+
+int curlx_FD_ISSET(int fd, fd_set *fdset)
+{
+  #pragma warning(push)
+  #pragma warning(disable:1469) /* clobber ignored */
+  return FD_ISSET(fd, fdset);
+  #pragma warning(pop)
+}
+
+void curlx_FD_SET(int fd, fd_set *fdset)
+{
+  #pragma warning(push)
+  #pragma warning(disable:1469) /* clobber ignored */
+  FD_SET(fd, fdset);
+  #pragma warning(pop)
+}
+
+void curlx_FD_ZERO(fd_set *fdset)
+{
+  #pragma warning(push)
+  #pragma warning(disable:593) /* variable was set but never used */
+  FD_ZERO(fdset);
+  #pragma warning(pop)
+}
+
+unsigned short curlx_htons(unsigned short usnum)
+{
+#if (__INTEL_COMPILER == 910) && defined(__i386__)
+  return (unsigned short)(((usnum << 8) & 0xFF00) | ((usnum >> 8) & 0x00FF));
+#else
+  #pragma warning(push)
+  #pragma warning(disable:810) /* conversion may lose significant bits */
+  return htons(usnum);
+  #pragma warning(pop)
+#endif
+}
+
+unsigned short curlx_ntohs(unsigned short usnum)
+{
+#if (__INTEL_COMPILER == 910) && defined(__i386__)
+  return (unsigned short)(((usnum << 8) & 0xFF00) | ((usnum >> 8) & 0x00FF));
+#else
+  #pragma warning(push)
+  #pragma warning(disable:810) /* conversion may lose significant bits */
+  return ntohs(usnum);
+  #pragma warning(pop)
+#endif
+}
+
+#endif /* __INTEL_COMPILER && __unix__ */
diff --git a/Utilities/cmcurl/lib/warnless.h b/Utilities/cmcurl/lib/warnless.h
new file mode 100644
index 0000000..ad77d3c
--- /dev/null
+++ b/Utilities/cmcurl/lib/warnless.h
@@ -0,0 +1,107 @@
+#ifndef HEADER_CURL_WARNLESS_H
+#define HEADER_CURL_WARNLESS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#ifdef USE_WINSOCK
+#include <curl/curl.h> /* for curl_socket_t */
+#endif
+
+unsigned short curlx_ultous(unsigned long ulnum);
+
+unsigned char curlx_ultouc(unsigned long ulnum);
+
+int curlx_ultosi(unsigned long ulnum);
+
+int curlx_uztosi(size_t uznum);
+
+curl_off_t curlx_uztoso(size_t uznum);
+
+unsigned long curlx_uztoul(size_t uznum);
+
+unsigned int curlx_uztoui(size_t uznum);
+
+int curlx_sltosi(long slnum);
+
+unsigned int curlx_sltoui(long slnum);
+
+unsigned short curlx_sltous(long slnum);
+
+ssize_t curlx_uztosz(size_t uznum);
+
+size_t curlx_sotouz(curl_off_t sonum);
+
+int curlx_sztosi(ssize_t sznum);
+
+size_t curlx_sitouz(int sinum);
+
+#ifdef USE_WINSOCK
+
+int curlx_sktosi(curl_socket_t s);
+
+curl_socket_t curlx_sitosk(int i);
+
+#endif /* USE_WINSOCK */
+
+#if defined(WIN32) || defined(_WIN32)
+
+ssize_t curlx_read(int fd, void *buf, size_t count);
+
+ssize_t curlx_write(int fd, const void *buf, size_t count);
+
+#ifndef BUILDING_WARNLESS_C
+#  undef  read
+#  define read(fd, buf, count)  curlx_read(fd, buf, count)
+#  undef  write
+#  define write(fd, buf, count) curlx_write(fd, buf, count)
+#endif
+
+#endif /* WIN32 || _WIN32 */
+
+#if defined(__INTEL_COMPILER) && defined(__unix__)
+
+int curlx_FD_ISSET(int fd, fd_set *fdset);
+
+void curlx_FD_SET(int fd, fd_set *fdset);
+
+void curlx_FD_ZERO(fd_set *fdset);
+
+unsigned short curlx_htons(unsigned short usnum);
+
+unsigned short curlx_ntohs(unsigned short usnum);
+
+#ifndef BUILDING_WARNLESS_C
+#  undef  FD_ISSET
+#  define FD_ISSET(a,b) curlx_FD_ISSET((a),(b))
+#  undef  FD_SET
+#  define FD_SET(a,b)   curlx_FD_SET((a),(b))
+#  undef  FD_ZERO
+#  define FD_ZERO(a)    curlx_FD_ZERO((a))
+#  undef  htons
+#  define htons(a)      curlx_htons((a))
+#  undef  ntohs
+#  define ntohs(a)      curlx_ntohs((a))
+#endif
+
+#endif /* __INTEL_COMPILER && __unix__ */
+
+#endif /* HEADER_CURL_WARNLESS_H */
diff --git a/Utilities/cmcurl/lib/wildcard.c b/Utilities/cmcurl/lib/wildcard.c
new file mode 100644
index 0000000..7130d5e
--- /dev/null
+++ b/Utilities/cmcurl/lib/wildcard.c
@@ -0,0 +1,77 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "wildcard.h"
+#include "llist.h"
+#include "fileinfo.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+CURLcode Curl_wildcard_init(struct WildcardData *wc)
+{
+  DEBUGASSERT(wc->filelist == NULL);
+  /* now allocate only wc->filelist, everything else
+     will be allocated if it is needed. */
+  wc->filelist = Curl_llist_alloc(Curl_fileinfo_dtor);
+  if(!wc->filelist) {;
+    return CURLE_OUT_OF_MEMORY;
+  }
+  return CURLE_OK;
+}
+
+void Curl_wildcard_dtor(struct WildcardData *wc)
+{
+  if(!wc)
+    return;
+
+  if(wc->tmp_dtor) {
+    wc->tmp_dtor(wc->tmp);
+    wc->tmp_dtor = ZERO_NULL;
+    wc->tmp = NULL;
+  }
+  DEBUGASSERT(wc->tmp == NULL);
+
+  if(wc->filelist) {
+    Curl_llist_destroy(wc->filelist, NULL);
+    wc->filelist = NULL;
+  }
+
+  if(wc->path) {
+    free(wc->path);
+    wc->path = NULL;
+  }
+
+  if(wc->pattern) {
+    free(wc->pattern);
+    wc->pattern = NULL;
+  }
+
+  wc->customptr = NULL;
+  wc->state = CURLWC_INIT;
+}
diff --git a/Utilities/cmcurl/lib/wildcard.h b/Utilities/cmcurl/lib/wildcard.h
new file mode 100644
index 0000000..16c80ec
--- /dev/null
+++ b/Utilities/cmcurl/lib/wildcard.h
@@ -0,0 +1,58 @@
+#ifndef HEADER_CURL_WILDCARD_H
+#define HEADER_CURL_WILDCARD_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include <curl/curl.h>
+
+/* list of wildcard process states */
+typedef enum {
+  CURLWC_INIT = 0,
+  CURLWC_MATCHING, /* library is trying to get list of addresses for
+                      downloading */
+  CURLWC_DOWNLOADING,
+  CURLWC_CLEAN, /* deallocate resources and reset settings */
+  CURLWC_SKIP,  /* skip over concrete file */
+  CURLWC_ERROR, /* error cases */
+  CURLWC_DONE   /* if is wildcard->state == CURLWC_DONE wildcard loop
+                   will end */
+} curl_wildcard_states;
+
+typedef void (*curl_wildcard_tmp_dtor)(void *ptr);
+
+/* struct keeping information about wildcard download process */
+struct WildcardData {
+  curl_wildcard_states state;
+  char *path; /* path to the directory, where we trying wildcard-match */
+  char *pattern; /* wildcard pattern */
+  struct curl_llist *filelist; /* llist with struct Curl_fileinfo */
+  void *tmp; /* pointer to protocol specific temporary data */
+  curl_wildcard_tmp_dtor tmp_dtor;
+  void *customptr;  /* for CURLOPT_CHUNK_DATA pointer */
+};
+
+CURLcode Curl_wildcard_init(struct WildcardData *wc);
+void Curl_wildcard_dtor(struct WildcardData *wc);
+
+struct SessionHandle;
+
+#endif /* HEADER_CURL_WILDCARD_H */
diff --git a/Utilities/cmcurl/lib/x509asn1.c b/Utilities/cmcurl/lib/x509asn1.c
new file mode 100644
index 0000000..1f87155
--- /dev/null
+++ b/Utilities/cmcurl/lib/x509asn1.c
@@ -0,0 +1,1183 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS)
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "strequal.h"
+#include "hostcheck.h"
+#include "vtls/vtls.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "curl_base64.h"
+#include "x509asn1.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+
+/* ASN.1 OIDs. */
+static const char       cnOID[] = "2.5.4.3";    /* Common name. */
+static const char       sanOID[] = "2.5.29.17"; /* Subject alternative name. */
+
+static const curl_OID   OIDtable[] = {
+  { "1.2.840.10040.4.1",        "dsa" },
+  { "1.2.840.10040.4.3",        "dsa-with-sha1" },
+  { "1.2.840.10045.2.1",        "ecPublicKey" },
+  { "1.2.840.10045.3.0.1",      "c2pnb163v1" },
+  { "1.2.840.10045.4.1",        "ecdsa-with-SHA1" },
+  { "1.2.840.10046.2.1",        "dhpublicnumber" },
+  { "1.2.840.113549.1.1.1",     "rsaEncryption" },
+  { "1.2.840.113549.1.1.2",     "md2WithRSAEncryption" },
+  { "1.2.840.113549.1.1.4",     "md5WithRSAEncryption" },
+  { "1.2.840.113549.1.1.5",     "sha1WithRSAEncryption" },
+  { "1.2.840.113549.1.1.10",    "RSASSA-PSS" },
+  { "1.2.840.113549.1.1.14",    "sha224WithRSAEncryption" },
+  { "1.2.840.113549.1.1.11",    "sha256WithRSAEncryption" },
+  { "1.2.840.113549.1.1.12",    "sha384WithRSAEncryption" },
+  { "1.2.840.113549.1.1.13",    "sha512WithRSAEncryption" },
+  { "1.2.840.113549.2.2",       "md2" },
+  { "1.2.840.113549.2.5",       "md5" },
+  { "1.3.14.3.2.26",            "sha1" },
+  { cnOID,                      "CN" },
+  { "2.5.4.4",                  "SN" },
+  { "2.5.4.5",                  "serialNumber" },
+  { "2.5.4.6",                  "C" },
+  { "2.5.4.7",                  "L" },
+  { "2.5.4.8",                  "ST" },
+  { "2.5.4.9",                  "streetAddress" },
+  { "2.5.4.10",                 "O" },
+  { "2.5.4.11",                 "OU" },
+  { "2.5.4.12",                 "title" },
+  { "2.5.4.13",                 "description" },
+  { "2.5.4.17",                 "postalCode" },
+  { "2.5.4.41",                 "name" },
+  { "2.5.4.42",                 "givenName" },
+  { "2.5.4.43",                 "initials" },
+  { "2.5.4.44",                 "generationQualifier" },
+  { "2.5.4.45",                 "X500UniqueIdentifier" },
+  { "2.5.4.46",                 "dnQualifier" },
+  { "2.5.4.65",                 "pseudonym" },
+  { "1.2.840.113549.1.9.1",     "emailAddress" },
+  { "2.5.4.72",                 "role" },
+  { sanOID,                     "subjectAltName" },
+  { "2.5.29.18",                "issuerAltName" },
+  { "2.5.29.19",                "basicConstraints" },
+  { "2.16.840.1.101.3.4.2.4",   "sha224" },
+  { "2.16.840.1.101.3.4.2.1",   "sha256" },
+  { "2.16.840.1.101.3.4.2.2",   "sha384" },
+  { "2.16.840.1.101.3.4.2.3",   "sha512" },
+  { (const char *) NULL,        (const char *) NULL }
+};
+
+/*
+ * Lightweight ASN.1 parser.
+ * In particular, it does not check for syntactic/lexical errors.
+ * It is intended to support certificate information gathering for SSL backends
+ * that offer a mean to get certificates as a whole, but do not supply
+ * entry points to get particular certificate sub-fields.
+ * Please note there is no pretention here to rewrite a full SSL library.
+ */
+
+
+const char * Curl_getASN1Element(curl_asn1Element * elem,
+                                 const char * beg, const char * end)
+{
+  unsigned char b;
+  unsigned long len;
+  curl_asn1Element lelem;
+
+  /* Get a single ASN.1 element into `elem', parse ASN.1 string at `beg'
+     ending at `end'.
+     Returns a pointer in source string after the parsed element, or NULL
+     if an error occurs. */
+
+  if(beg >= end || !*beg)
+    return (const char *) NULL;
+
+  /* Process header byte. */
+  b = (unsigned char) *beg++;
+  elem->constructed = (b & 0x20) != 0;
+  elem->class = (b >> 6) & 3;
+  b &= 0x1F;
+  if(b == 0x1F)
+    return (const char *) NULL; /* Long tag values not supported here. */
+  elem->tag = b;
+
+  /* Process length. */
+  if(beg >= end)
+    return (const char *) NULL;
+  b = (unsigned char) *beg++;
+  if(!(b & 0x80))
+    len = b;
+  else if(!(b &= 0x7F)) {
+    /* Unspecified length. Since we have all the data, we can determine the
+       effective length by skipping element until an end element is found. */
+    if(!elem->constructed)
+      return (const char *) NULL;
+    elem->beg = beg;
+    while(beg < end && *beg) {
+      beg = Curl_getASN1Element(&lelem, beg, end);
+      if(!beg)
+        return (const char *) NULL;
+    }
+    if(beg >= end)
+      return (const char *) NULL;
+    elem->end = beg;
+    return beg + 1;
+  }
+  else if(beg + b > end)
+    return (const char *) NULL; /* Does not fit in source. */
+  else {
+    /* Get long length. */
+    len = 0;
+    do {
+      if(len & 0xFF000000L)
+        return (const char *) NULL;  /* Lengths > 32 bits are not supported. */
+      len = (len << 8) | (unsigned char) *beg++;
+    } while(--b);
+  }
+  if((unsigned long) (end - beg) < len)
+    return (const char *) NULL;  /* Element data does not fit in source. */
+  elem->beg = beg;
+  elem->end = beg + len;
+  return elem->end;
+}
+
+static const curl_OID * searchOID(const char * oid)
+{
+  const curl_OID * op;
+
+  /* Search the null terminated OID or OID identifier in local table.
+     Return the table entry pointer or NULL if not found. */
+
+  for(op = OIDtable; op->numoid; op++)
+    if(!strcmp(op->numoid, oid) || curl_strequal(op->textoid, oid))
+      return op;
+
+  return (const curl_OID *) NULL;
+}
+
+static const char * bool2str(const char * beg, const char * end)
+{
+  /* Convert an ASN.1 Boolean value into its string representation.
+     Return the dynamically allocated string, or NULL if source is not an
+     ASN.1 Boolean value. */
+
+  if(end - beg != 1)
+    return (const char *) NULL;
+  return strdup(*beg? "TRUE": "FALSE");
+}
+
+static const char * octet2str(const char * beg, const char * end)
+{
+  size_t n = end - beg;
+  char * buf;
+
+  /* Convert an ASN.1 octet string to a printable string.
+     Return the dynamically allocated string, or NULL if an error occurs. */
+
+  buf = malloc(3 * n + 1);
+  if(buf)
+    for(n = 0; beg < end; n += 3)
+      snprintf(buf + n, 4, "%02x:", *(const unsigned char *) beg++);
+  return buf;
+}
+
+static const char * bit2str(const char * beg, const char * end)
+
+{
+  /* Convert an ASN.1 bit string to a printable string.
+     Return the dynamically allocated string, or NULL if an error occurs. */
+
+  if(++beg > end)
+    return (const char *) NULL;
+  return octet2str(beg, end);
+}
+
+static const char * int2str(const char * beg, const char * end)
+{
+  long val = 0;
+  size_t n = end - beg;
+
+  /* Convert an ASN.1 integer value into its string representation.
+     Return the dynamically allocated string, or NULL if source is not an
+     ASN.1 integer value. */
+
+  if(!n)
+    return (const char *) NULL;
+
+  if(n > 4)
+    return octet2str(beg, end);
+
+  /* Represent integers <= 32-bit as a single value. */
+  if(*beg & 0x80)
+    val = ~val;
+
+  do
+    val = (val << 8) | *(const unsigned char *) beg++;
+  while(beg < end);
+  return curl_maprintf("%s%lx", (val < 0 || val >= 10)? "0x": "", val);
+}
+
+static ssize_t
+utf8asn1str(char * * to, int type, const char * from, const char * end)
+{
+  size_t inlength = end - from;
+  int size = 1;
+  size_t outlength;
+  int charsize;
+  unsigned int wc;
+  char * buf;
+
+  /* Perform a lazy conversion from an ASN.1 typed string to UTF8. Allocate the
+     destination buffer dynamically. The allocation size will normally be too
+     large: this is to avoid buffer overflows.
+     Terminate the string with a nul byte and return the converted
+     string length. */
+
+  *to = (char *) NULL;
+  switch (type) {
+  case CURL_ASN1_BMP_STRING:
+    size = 2;
+    break;
+  case CURL_ASN1_UNIVERSAL_STRING:
+    size = 4;
+    break;
+  case CURL_ASN1_NUMERIC_STRING:
+  case CURL_ASN1_PRINTABLE_STRING:
+  case CURL_ASN1_TELETEX_STRING:
+  case CURL_ASN1_IA5_STRING:
+  case CURL_ASN1_VISIBLE_STRING:
+  case CURL_ASN1_UTF8_STRING:
+    break;
+  default:
+    return -1;  /* Conversion not supported. */
+  }
+
+  if(inlength % size)
+    return -1;  /* Length inconsistent with character size. */
+  buf = malloc(4 * (inlength / size) + 1);
+  if(!buf)
+    return -1;  /* Not enough memory. */
+
+  if(type == CURL_ASN1_UTF8_STRING) {
+    /* Just copy. */
+    outlength = inlength;
+    if(outlength)
+      memcpy(buf, from, outlength);
+  }
+  else {
+    for(outlength = 0; from < end;) {
+      wc = 0;
+      switch (size) {
+      case 4:
+        wc = (wc << 8) | *(const unsigned char *) from++;
+        wc = (wc << 8) | *(const unsigned char *) from++;
+      case 2:
+        wc = (wc << 8) | *(const unsigned char *) from++;
+      default: /* case 1: */
+        wc = (wc << 8) | *(const unsigned char *) from++;
+      }
+      charsize = 1;
+      if(wc >= 0x00000080) {
+        if(wc >= 0x00000800) {
+          if(wc >= 0x00010000) {
+            if(wc >= 0x00200000) {
+              free(buf);
+              return -1;        /* Invalid char. size for target encoding. */
+            }
+            buf[outlength + 3] = (char) (0x80 | (wc & 0x3F));
+            wc = (wc >> 6) | 0x00010000;
+            charsize++;
+          }
+          buf[outlength + 2] = (char) (0x80 | (wc & 0x3F));
+          wc = (wc >> 6) | 0x00000800;
+          charsize++;
+        }
+        buf[outlength + 1] = (char) (0x80 | (wc & 0x3F));
+        wc = (wc >> 6) | 0x000000C0;
+        charsize++;
+      }
+      buf[outlength] = (char) wc;
+      outlength += charsize;
+    }
+  }
+  buf[outlength] = '\0';
+  *to = buf;
+  return outlength;
+}
+
+static const char * string2str(int type, const char * beg, const char * end)
+{
+  char * buf;
+
+  /* Convert an ASN.1 String into its UTF-8 string representation.
+     Return the dynamically allocated string, or NULL if an error occurs. */
+
+  if(utf8asn1str(&buf, type, beg, end) < 0)
+    return (const char *) NULL;
+  return buf;
+}
+
+static int encodeUint(char * buf, int n, unsigned int x)
+{
+  int i = 0;
+  unsigned int y = x / 10;
+
+  /* Decimal ASCII encode unsigned integer `x' in the `n'-byte buffer at `buf'.
+     Return the total number of encoded digits, even if larger than `n'. */
+
+  if(y) {
+    i += encodeUint(buf, n, y);
+    x -= y * 10;
+  }
+  if(i < n)
+    buf[i] = (char) ('0' + x);
+  i++;
+  if(i < n)
+    buf[i] = '\0';      /* Store a terminator if possible. */
+  return i;
+}
+
+static int encodeOID(char * buf, int n, const char * beg, const char * end)
+{
+  int i = 0;
+  unsigned int x;
+  unsigned int y;
+
+  /* Convert an ASN.1 OID into its dotted string representation.
+     Store the result in th `n'-byte buffer at `buf'.
+     Return the converted string length, or -1 if an error occurs. */
+
+  /* Process the first two numbers. */
+  y = *(const unsigned char *) beg++;
+  x = y / 40;
+  y -= x * 40;
+  i += encodeUint(buf + i, n - i, x);
+  if(i < n)
+    buf[i] = '.';
+  i++;
+  i += encodeUint(buf + i, n - i, y);
+
+  /* Process the trailing numbers. */
+  while(beg < end) {
+    if(i < n)
+      buf[i] = '.';
+    i++;
+    x = 0;
+    do {
+      if(x & 0xFF000000)
+        return -1;
+      y = *(const unsigned char *) beg++;
+      x = (x << 7) | (y & 0x7F);
+    } while(y & 0x80);
+    i += encodeUint(buf + i, n - i, x);
+  }
+  if(i < n)
+    buf[i] = '\0';
+  return i;
+}
+
+static const char * OID2str(const char * beg, const char * end, bool symbolic)
+{
+  char * buf = (char *) NULL;
+  const curl_OID * op;
+  int n;
+
+  /* Convert an ASN.1 OID into its dotted or symbolic string representation.
+     Return the dynamically allocated string, or NULL if an error occurs. */
+
+  if(beg < end) {
+    n = encodeOID((char *) NULL, -1, beg, end);
+    if(n >= 0) {
+      buf = malloc(n + 1);
+      if(buf) {
+        encodeOID(buf, n, beg, end);
+        buf[n] = '\0';
+
+        if(symbolic) {
+          op = searchOID(buf);
+          if(op) {
+            free(buf);
+            buf = strdup(op->textoid);
+          }
+        }
+      }
+    }
+  }
+  return buf;
+}
+
+static const char * GTime2str(const char * beg, const char * end)
+{
+  const char * tzp;
+  const char * fracp;
+  char sec1, sec2;
+  size_t fracl;
+  size_t tzl;
+  const char * sep = "";
+
+  /* Convert an ASN.1 Generalized time to a printable string.
+     Return the dynamically allocated string, or NULL if an error occurs. */
+
+  for(fracp = beg; fracp < end && *fracp >= '0' && *fracp <= '9'; fracp++)
+    ;
+
+  /* Get seconds digits. */
+  sec1 = '0';
+  switch (fracp - beg - 12) {
+  case 0:
+    sec2 = '0';
+    break;
+  case 2:
+    sec1 = fracp[-2];
+  case 1:
+    sec2 = fracp[-1];
+    break;
+  default:
+    return (const char *) NULL;
+  }
+
+  /* Scan for timezone, measure fractional seconds. */
+  tzp = fracp;
+  fracl = 0;
+  if(fracp < end && (*fracp == '.' || *fracp == ',')) {
+    fracp++;
+    do
+      tzp++;
+    while(tzp < end && *tzp >= '0' && *tzp <= '9');
+    /* Strip leading zeroes in fractional seconds. */
+    for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--)
+      ;
+  }
+
+  /* Process timezone. */
+  if(tzp >= end)
+    ;           /* Nothing to do. */
+  else if(*tzp == 'Z') {
+    tzp = " GMT";
+    end = tzp + 4;
+  }
+  else {
+    sep = " ";
+    tzp++;
+  }
+
+  tzl = end - tzp;
+  return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s",
+                       beg, beg + 4, beg + 6,
+                       beg + 8, beg + 10, sec1, sec2,
+                       fracl? ".": "", fracl, fracp,
+                       sep, tzl, tzp);
+}
+
+static const char * UTime2str(const char * beg, const char * end)
+{
+  const char * tzp;
+  size_t tzl;
+  const char * sec;
+
+  /* Convert an ASN.1 UTC time to a printable string.
+     Return the dynamically allocated string, or NULL if an error occurs. */
+
+  for(tzp = beg; tzp < end && *tzp >= '0' && *tzp <= '9'; tzp++)
+    ;
+  /* Get the seconds. */
+  sec = beg + 10;
+  switch (tzp - sec) {
+  case 0:
+    sec = "00";
+  case 2:
+    break;
+  default:
+    return (const char *) NULL;
+  }
+
+  /* Process timezone. */
+  if(tzp >= end)
+    return (const char *) NULL;
+  if(*tzp == 'Z') {
+    tzp = "GMT";
+    end = tzp + 3;
+  }
+  else
+    tzp++;
+
+  tzl = end - tzp;
+  return curl_maprintf("%u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s",
+                       20 - (*beg >= '5'), beg, beg + 2, beg + 4,
+                       beg + 6, beg + 8, sec,
+                       tzl, tzp);
+}
+
+const char * Curl_ASN1tostr(curl_asn1Element * elem, int type)
+{
+  static const char zero = '\0';
+
+  /* Convert an ASN.1 element to a printable string.
+     Return the dynamically allocated string, or NULL if an error occurs. */
+
+  if(elem->constructed)
+    return (const char *) NULL; /* No conversion of structured elements. */
+
+  if(!type)
+    type = elem->tag;   /* Type not forced: use element tag as type. */
+
+  switch (type) {
+  case CURL_ASN1_BOOLEAN:
+    return bool2str(elem->beg, elem->end);
+  case CURL_ASN1_INTEGER:
+  case CURL_ASN1_ENUMERATED:
+    return int2str(elem->beg, elem->end);
+  case CURL_ASN1_BIT_STRING:
+    return bit2str(elem->beg, elem->end);
+  case CURL_ASN1_OCTET_STRING:
+    return octet2str(elem->beg, elem->end);
+  case CURL_ASN1_NULL:
+    return strdup(&zero);
+  case CURL_ASN1_OBJECT_IDENTIFIER:
+    return OID2str(elem->beg, elem->end, TRUE);
+  case CURL_ASN1_UTC_TIME:
+    return UTime2str(elem->beg, elem->end);
+  case CURL_ASN1_GENERALIZED_TIME:
+    return GTime2str(elem->beg, elem->end);
+  case CURL_ASN1_UTF8_STRING:
+  case CURL_ASN1_NUMERIC_STRING:
+  case CURL_ASN1_PRINTABLE_STRING:
+  case CURL_ASN1_TELETEX_STRING:
+  case CURL_ASN1_IA5_STRING:
+  case CURL_ASN1_VISIBLE_STRING:
+  case CURL_ASN1_UNIVERSAL_STRING:
+  case CURL_ASN1_BMP_STRING:
+    return string2str(type, elem->beg, elem->end);
+  }
+
+  return (const char *) NULL;   /* Unsupported. */
+}
+
+static ssize_t encodeDN(char * buf, size_t n, curl_asn1Element * dn)
+{
+  curl_asn1Element rdn;
+  curl_asn1Element atv;
+  curl_asn1Element oid;
+  curl_asn1Element value;
+  size_t l = 0;
+  const char * p1;
+  const char * p2;
+  const char * p3;
+  const char * str;
+
+  /* ASCII encode distinguished name at `dn' into the `n'-byte buffer at `buf'.
+     Return the total string length, even if larger than `n'. */
+
+  for(p1 = dn->beg; p1 < dn->end;) {
+    p1 = Curl_getASN1Element(&rdn, p1, dn->end);
+    for(p2 = rdn.beg; p2 < rdn.end;) {
+      p2 = Curl_getASN1Element(&atv, p2, rdn.end);
+      p3 = Curl_getASN1Element(&oid, atv.beg, atv.end);
+      Curl_getASN1Element(&value, p3, atv.end);
+      str = Curl_ASN1tostr(&oid, 0);
+      if(!str)
+        return -1;
+
+      /* Encode delimiter.
+         If attribute has a short uppercase name, delimiter is ", ". */
+      if(l) {
+        for(p3 = str; isupper(*p3); p3++)
+          ;
+        for(p3 = (*p3 || p3 - str > 2)? "/": ", "; *p3; p3++) {
+          if(l < n)
+            buf[l] = *p3;
+          l++;
+        }
+      }
+
+      /* Encode attribute name. */
+      for(p3 = str; *p3; p3++) {
+        if(l < n)
+          buf[l] = *p3;
+        l++;
+      }
+      free((char *) str);
+
+      /* Generate equal sign. */
+      if(l < n)
+        buf[l] = '=';
+      l++;
+
+      /* Generate value. */
+      str = Curl_ASN1tostr(&value, 0);
+      if(!str)
+        return -1;
+      for(p3 = str; *p3; p3++) {
+        if(l < n)
+          buf[l] = *p3;
+        l++;
+      }
+      free((char *) str);
+    }
+  }
+
+  return l;
+}
+
+const char * Curl_DNtostr(curl_asn1Element * dn)
+{
+  char * buf = (char *) NULL;
+  ssize_t n = encodeDN(buf, 0, dn);
+
+  /* Convert an ASN.1 distinguished name into a printable string.
+     Return the dynamically allocated string, or NULL if an error occurs. */
+
+  if(n >= 0) {
+    buf = malloc(n + 1);
+    if(buf) {
+      encodeDN(buf, n + 1, dn);
+      buf[n] = '\0';
+    }
+  }
+  return (const char *) buf;
+}
+
+/*
+ * X509 parser.
+ */
+
+void Curl_parseX509(curl_X509certificate * cert,
+                    const char * beg, const char * end)
+{
+  curl_asn1Element elem;
+  curl_asn1Element tbsCertificate;
+  const char * ccp;
+  static const char defaultVersion = 0;  /* v1. */
+
+  /* ASN.1 parse an X509 certificate into structure subfields.
+     Syntax is assumed to have already been checked by the SSL backend.
+     See RFC 5280. */
+
+  cert->certificate.beg = beg;
+  cert->certificate.end = end;
+
+  /* Get the sequence content. */
+  Curl_getASN1Element(&elem, beg, end);
+  beg = elem.beg;
+  end = elem.end;
+
+  /* Get tbsCertificate. */
+  beg = Curl_getASN1Element(&tbsCertificate, beg, end);
+  /* Skip the signatureAlgorithm. */
+  beg = Curl_getASN1Element(&cert->signatureAlgorithm, beg, end);
+  /* Get the signatureValue. */
+  Curl_getASN1Element(&cert->signature, beg, end);
+
+  /* Parse TBSCertificate. */
+  beg = tbsCertificate.beg;
+  end = tbsCertificate.end;
+  /* Get optional version, get serialNumber. */
+  cert->version.beg = &defaultVersion;
+  cert->version.end = &defaultVersion + sizeof defaultVersion;;
+  beg = Curl_getASN1Element(&elem, beg, end);
+  if(elem.tag == 0) {
+    Curl_getASN1Element(&cert->version, elem.beg, elem.end);
+    beg = Curl_getASN1Element(&elem, beg, end);
+  }
+  cert->serialNumber = elem;
+  /* Get signature algorithm. */
+  beg = Curl_getASN1Element(&cert->signatureAlgorithm, beg, end);
+  /* Get issuer. */
+  beg = Curl_getASN1Element(&cert->issuer, beg, end);
+  /* Get notBefore and notAfter. */
+  beg = Curl_getASN1Element(&elem, beg, end);
+  ccp = Curl_getASN1Element(&cert->notBefore, elem.beg, elem.end);
+  Curl_getASN1Element(&cert->notAfter, ccp, elem.end);
+  /* Get subject. */
+  beg = Curl_getASN1Element(&cert->subject, beg, end);
+  /* Get subjectPublicKeyAlgorithm and subjectPublicKey. */
+  beg = Curl_getASN1Element(&elem, beg, end);
+  ccp = Curl_getASN1Element(&cert->subjectPublicKeyAlgorithm,
+                            elem.beg, elem.end);
+  Curl_getASN1Element(&cert->subjectPublicKey, ccp, elem.end);
+  /* Get optional issuerUiqueID, subjectUniqueID and extensions. */
+  cert->issuerUniqueID.tag = cert->subjectUniqueID.tag = 0;
+  cert->extensions.tag = elem.tag = 0;
+  cert->issuerUniqueID.beg = cert->issuerUniqueID.end = "";
+  cert->subjectUniqueID.beg = cert->subjectUniqueID.end = "";
+  cert->extensions.beg = cert->extensions.end = "";
+  if(beg < end)
+    beg = Curl_getASN1Element(&elem, beg, end);
+  if(elem.tag == 1) {
+    cert->issuerUniqueID = elem;
+    if(beg < end)
+      beg = Curl_getASN1Element(&elem, beg, end);
+  }
+  if(elem.tag == 2) {
+    cert->subjectUniqueID = elem;
+    if(beg < end)
+      beg = Curl_getASN1Element(&elem, beg, end);
+  }
+  if(elem.tag == 3)
+    Curl_getASN1Element(&cert->extensions, elem.beg, elem.end);
+}
+
+static size_t copySubstring(char * to, const char * from)
+{
+  size_t i;
+
+  /* Copy at most 64-characters, terminate with a newline and returns the
+     effective number of stored characters. */
+
+  for(i = 0; i < 64; i++) {
+    to[i] = *from;
+    if(!*from++)
+      break;
+  }
+
+  to[i++] = '\n';
+  return i;
+}
+
+static const char * dumpAlgo(curl_asn1Element * param,
+                             const char * beg, const char * end)
+{
+  curl_asn1Element oid;
+
+  /* Get algorithm parameters and return algorithm name. */
+
+  beg = Curl_getASN1Element(&oid, beg, end);
+  param->tag = 0;
+  param->beg = param->end = end;
+  if(beg < end)
+    Curl_getASN1Element(param, beg, end);
+  return OID2str(oid.beg, oid.end, TRUE);
+}
+
+static void do_pubkey_field(struct SessionHandle * data, int certnum,
+                            const char * label, curl_asn1Element * elem)
+{
+  const char * output;
+
+  /* Generate a certificate information record for the public key. */
+
+  output = Curl_ASN1tostr(elem, 0);
+  if(output) {
+    if(data->set.ssl.certinfo)
+      Curl_ssl_push_certinfo(data, certnum, label, output);
+    if(!certnum)
+      infof(data, "   %s: %s\n", label, output);
+    free((char *) output);
+  }
+}
+
+static void do_pubkey(struct SessionHandle * data, int certnum,
+                      const char * algo, curl_asn1Element * param,
+                      curl_asn1Element * pubkey)
+{
+  curl_asn1Element elem;
+  curl_asn1Element pk;
+  const char * p;
+  const char * q;
+  unsigned long len;
+  unsigned int i;
+
+  /* Generate all information records for the public key. */
+
+  /* Get the public key (single element). */
+  Curl_getASN1Element(&pk, pubkey->beg + 1, pubkey->end);
+
+  if(curl_strequal(algo, "rsaEncryption")) {
+    p = Curl_getASN1Element(&elem, pk.beg, pk.end);
+    /* Compute key length. */
+    for(q = elem.beg; !*q && q < elem.end; q++)
+      ;
+    len = (elem.end - q) * 8;
+    if(len)
+      for(i = *(unsigned char *) q; !(i & 0x80); i <<= 1)
+        len--;
+    if(len > 32)
+      elem.beg = q;     /* Strip leading zero bytes. */
+    if(!certnum)
+      infof(data, "   RSA Public Key (%lu bits)\n", len);
+    if(data->set.ssl.certinfo) {
+      q = curl_maprintf("%lu", len);
+      if(q) {
+        Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q);
+        free((char *) q);
+      }
+    }
+    /* Generate coefficients. */
+    do_pubkey_field(data, certnum, "rsa(n)", &elem);
+    Curl_getASN1Element(&elem, p, pk.end);
+    do_pubkey_field(data, certnum, "rsa(e)", &elem);
+  }
+  else if(curl_strequal(algo, "dsa")) {
+    p = Curl_getASN1Element(&elem, param->beg, param->end);
+    do_pubkey_field(data, certnum, "dsa(p)", &elem);
+    p = Curl_getASN1Element(&elem, p, param->end);
+    do_pubkey_field(data, certnum, "dsa(q)", &elem);
+    Curl_getASN1Element(&elem, p, param->end);
+    do_pubkey_field(data, certnum, "dsa(g)", &elem);
+    do_pubkey_field(data, certnum, "dsa(pub_key)", &pk);
+  }
+  else if(curl_strequal(algo, "dhpublicnumber")) {
+    p = Curl_getASN1Element(&elem, param->beg, param->end);
+    do_pubkey_field(data, certnum, "dh(p)", &elem);
+    Curl_getASN1Element(&elem, param->beg, param->end);
+    do_pubkey_field(data, certnum, "dh(g)", &elem);
+    do_pubkey_field(data, certnum, "dh(pub_key)", &pk);
+  }
+#if 0 /* Patent-encumbered. */
+  else if(curl_strequal(algo, "ecPublicKey")) {
+    /* Left TODO. */
+  }
+#endif
+}
+
+CURLcode Curl_extract_certinfo(struct connectdata * conn,
+                               int certnum,
+                               const char * beg,
+                               const char * end)
+{
+  curl_X509certificate cert;
+  struct SessionHandle * data = conn->data;
+  curl_asn1Element param;
+  const char * ccp;
+  char * cp1;
+  size_t cl1;
+  char * cp2;
+  CURLcode cc;
+  unsigned long version;
+  size_t i;
+  size_t j;
+
+  if(!data->set.ssl.certinfo)
+    if(certnum)
+      return CURLE_OK;
+
+  /* Prepare the certificate information for curl_easy_getinfo(). */
+
+  /* Extract the certificate ASN.1 elements. */
+  Curl_parseX509(&cert, beg, end);
+
+  /* Subject. */
+  ccp = Curl_DNtostr(&cert.subject);
+  if(!ccp)
+    return CURLE_OUT_OF_MEMORY;
+  if(data->set.ssl.certinfo)
+    Curl_ssl_push_certinfo(data, certnum, "Subject", ccp);
+  if(!certnum)
+    infof(data, "%2d Subject: %s\n", certnum, ccp);
+  free((char *) ccp);
+
+  /* Issuer. */
+  ccp = Curl_DNtostr(&cert.issuer);
+  if(!ccp)
+    return CURLE_OUT_OF_MEMORY;
+  if(data->set.ssl.certinfo)
+    Curl_ssl_push_certinfo(data, certnum, "Issuer", ccp);
+  if(!certnum)
+    infof(data, "   Issuer: %s\n", ccp);
+  free((char *) ccp);
+
+  /* Version (always fits in less than 32 bits). */
+  version = 0;
+  for(ccp = cert.version.beg; ccp < cert.version.end; ccp++)
+    version = (version << 8) | *(const unsigned char *) ccp;
+  if(data->set.ssl.certinfo) {
+    ccp = curl_maprintf("%lx", version);
+    if(!ccp)
+      return CURLE_OUT_OF_MEMORY;
+    Curl_ssl_push_certinfo(data, certnum, "Version", ccp);
+    free((char *) ccp);
+  }
+  if(!certnum)
+    infof(data, "   Version: %lu (0x%lx)\n", version + 1, version);
+
+  /* Serial number. */
+  ccp = Curl_ASN1tostr(&cert.serialNumber, 0);
+  if(!ccp)
+    return CURLE_OUT_OF_MEMORY;
+  if(data->set.ssl.certinfo)
+    Curl_ssl_push_certinfo(data, certnum, "Serial Number", ccp);
+  if(!certnum)
+    infof(data, "   Serial Number: %s\n", ccp);
+  free((char *) ccp);
+
+  /* Signature algorithm .*/
+  ccp = dumpAlgo(&param, cert.signatureAlgorithm.beg,
+                 cert.signatureAlgorithm.end);
+  if(!ccp)
+    return CURLE_OUT_OF_MEMORY;
+  if(data->set.ssl.certinfo)
+    Curl_ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp);
+  if(!certnum)
+    infof(data, "   Signature Algorithm: %s\n", ccp);
+  free((char *) ccp);
+
+  /* Start Date. */
+  ccp = Curl_ASN1tostr(&cert.notBefore, 0);
+  if(!ccp)
+    return CURLE_OUT_OF_MEMORY;
+  if(data->set.ssl.certinfo)
+    Curl_ssl_push_certinfo(data, certnum, "Start Date", ccp);
+  if(!certnum)
+    infof(data, "   Start Date: %s\n", ccp);
+  free((char *) ccp);
+
+  /* Expire Date. */
+  ccp = Curl_ASN1tostr(&cert.notAfter, 0);
+  if(!ccp)
+    return CURLE_OUT_OF_MEMORY;
+  if(data->set.ssl.certinfo)
+    Curl_ssl_push_certinfo(data, certnum, "Expire Date", ccp);
+  if(!certnum)
+    infof(data, "   Expire Date: %s\n", ccp);
+  free((char *) ccp);
+
+  /* Public Key Algorithm. */
+  ccp = dumpAlgo(&param, cert.subjectPublicKeyAlgorithm.beg,
+                 cert.subjectPublicKeyAlgorithm.end);
+  if(!ccp)
+    return CURLE_OUT_OF_MEMORY;
+  if(data->set.ssl.certinfo)
+    Curl_ssl_push_certinfo(data, certnum, "Public Key Algorithm", ccp);
+  if(!certnum)
+    infof(data, "   Public Key Algorithm: %s\n", ccp);
+  do_pubkey(data, certnum, ccp, &param, &cert.subjectPublicKey);
+  free((char *) ccp);
+
+/* TODO: extensions. */
+
+  /* Signature. */
+  ccp = Curl_ASN1tostr(&cert.signature, 0);
+  if(!ccp)
+    return CURLE_OUT_OF_MEMORY;
+  if(data->set.ssl.certinfo)
+    Curl_ssl_push_certinfo(data, certnum, "Signature", ccp);
+  if(!certnum)
+    infof(data, "   Signature: %s\n", ccp);
+  free((char *) ccp);
+
+  /* Generate PEM certificate. */
+  cc = Curl_base64_encode(data, cert.certificate.beg,
+                          cert.certificate.end - cert.certificate.beg,
+                          &cp1, &cl1);
+  if(cc != CURLE_OK)
+    return cc;
+  /* Compute the number of characters in final certificate string. Format is:
+     -----BEGIN CERTIFICATE-----\n
+     <max 64 base64 characters>\n
+     .
+     .
+     .
+     -----END CERTIFICATE-----\n
+   */
+  i = 28 + cl1 + (cl1 + 64 - 1) / 64 + 26;
+  cp2 = malloc(i + 1);
+  if(!cp2) {
+    free(cp1);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  /* Build the certificate string. */
+  i = copySubstring(cp2, "-----BEGIN CERTIFICATE-----");
+  for(j = 0; j < cl1; j += 64)
+    i += copySubstring(cp2 + i, cp1 + j);
+  i += copySubstring(cp2 + i, "-----END CERTIFICATE-----");
+  cp2[i] = '\0';
+  free(cp1);
+  if(data->set.ssl.certinfo)
+    Curl_ssl_push_certinfo(data, certnum, "Cert", cp2);
+  if(!certnum)
+    infof(data, "%s\n", cp2);
+  free(cp2);
+  return CURLE_OK;
+}
+
+#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */
+
+#if defined(USE_QSOSSL) || defined(USE_GSKIT)
+
+static const char * checkOID(const char * beg, const char * end,
+                             const char * oid)
+{
+  curl_asn1Element e;
+  const char * ccp;
+  const char * p;
+  bool matched;
+
+  /* Check if first ASN.1 element at `beg' is the given OID.
+     Return a pointer in the source after the OID if found, else NULL. */
+
+  ccp = Curl_getASN1Element(&e, beg, end);
+  if(!ccp || e.tag != CURL_ASN1_OBJECT_IDENTIFIER)
+    return (const char *) NULL;
+
+  p = OID2str(e.beg, e.end, FALSE);
+  if(!p)
+    return (const char *) NULL;
+
+  matched = !strcmp(p, oid);
+  free((char *) p);
+  return matched? ccp: (const char *) NULL;
+}
+
+CURLcode Curl_verifyhost(struct connectdata * conn,
+                         const char * beg, const char * end)
+{
+  struct SessionHandle * data = conn->data;
+  curl_X509certificate cert;
+  curl_asn1Element dn;
+  curl_asn1Element elem;
+  curl_asn1Element ext;
+  curl_asn1Element name;
+  int i;
+  const char * p;
+  const char * q;
+  char * dnsname;
+  int matched = -1;
+  size_t addrlen = (size_t) -1;
+  ssize_t len;
+#ifdef ENABLE_IPV6
+  struct in6_addr addr;
+#else
+  struct in_addr addr;
+#endif
+
+  /* Verify that connection server matches info in X509 certificate at
+     `beg'..`end'. */
+
+  if(!data->set.ssl.verifyhost)
+    return CURLE_OK;
+
+  if(!beg)
+    return CURLE_PEER_FAILED_VERIFICATION;
+  Curl_parseX509(&cert, beg, end);
+
+  /* Get the server IP address. */
+#ifdef ENABLE_IPV6
+  if(conn->bits.ipv6_ip && Curl_inet_pton(AF_INET6, conn->host.name, &addr))
+    addrlen = sizeof(struct in6_addr);
+  else
+#endif
+  if(Curl_inet_pton(AF_INET, conn->host.name, &addr))
+    addrlen = sizeof(struct in_addr);
+
+  /* Process extensions. */
+  for(p = cert.extensions.beg; p < cert.extensions.end && matched != 1;) {
+    p = Curl_getASN1Element(&ext, p, cert.extensions.end);
+    /* Check if extension is a subjectAlternativeName. */
+    ext.beg = checkOID(ext.beg, ext.end, sanOID);
+    if(ext.beg) {
+      ext.beg = Curl_getASN1Element(&elem, ext.beg, ext.end);
+      /* Skip critical if present. */
+      if(elem.tag == CURL_ASN1_BOOLEAN)
+        ext.beg = Curl_getASN1Element(&elem, ext.beg, ext.end);
+      /* Parse the octet string contents: is a single sequence. */
+      Curl_getASN1Element(&elem, elem.beg, elem.end);
+      /* Check all GeneralNames. */
+      for(q = elem.beg; matched != 1 && q < elem.end;) {
+        q = Curl_getASN1Element(&name, q, elem.end);
+        switch (name.tag) {
+        case 2: /* DNS name. */
+          i = 0;
+          len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING,
+                            name.beg, name.end);
+          if(len > 0)
+            if(strlen(dnsname) == (size_t) len)
+              i = Curl_cert_hostcheck((const char *) dnsname, conn->host.name);
+          if(dnsname)
+            free(dnsname);
+          if(!i)
+            return CURLE_PEER_FAILED_VERIFICATION;
+          matched = i;
+          break;
+
+        case 7: /* IP address. */
+          matched = (size_t) (name.end - q) == addrlen &&
+                    !memcmp(&addr, q, addrlen);
+          break;
+        }
+      }
+    }
+  }
+
+  switch (matched) {
+  case 1:
+    /* an alternative name matched the server hostname */
+    infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
+    return CURLE_OK;
+  case 0:
+    /* an alternative name field existed, but didn't match and then
+       we MUST fail */
+    infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
+    return CURLE_PEER_FAILED_VERIFICATION;
+  }
+
+  /* Process subject. */
+  name.beg = name.end = "";
+  q = cert.subject.beg;
+  /* we have to look to the last occurrence of a commonName in the
+     distinguished one to get the most significant one. */
+  while(q < cert.subject.end) {
+    q = Curl_getASN1Element(&dn, q, cert.subject.end);
+    for(p = dn.beg; p < dn.end;) {
+      p = Curl_getASN1Element(&elem, p, dn.end);
+      /* We have a DN's AttributeTypeAndValue: check it in case it's a CN. */
+      elem.beg = checkOID(elem.beg, elem.end, cnOID);
+      if(elem.beg)
+        name = elem;    /* Latch CN. */
+    }
+  }
+
+  /* Check the CN if found. */
+  if(!Curl_getASN1Element(&elem, name.beg, name.end))
+    failf(data, "SSL: unable to obtain common name from peer certificate");
+  else {
+    len = utf8asn1str(&dnsname, elem.tag, elem.beg, elem.end);
+    if(len < 0) {
+      free(dnsname);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    if(strlen(dnsname) != (size_t) len)         /* Nul byte in string ? */
+      failf(data, "SSL: illegal cert name field");
+    else if(Curl_cert_hostcheck((const char *) dnsname, conn->host.name)) {
+      infof(data, "\t common name: %s (matched)\n", dnsname);
+      free(dnsname);
+      return CURLE_OK;
+    }
+    else
+      failf(data, "SSL: certificate subject name '%s' does not match "
+            "target host name '%s'", dnsname, conn->host.dispname);
+    free(dnsname);
+  }
+
+  return CURLE_PEER_FAILED_VERIFICATION;
+}
+
+#endif /* USE_QSOSSL or USE_GSKIT */
diff --git a/Utilities/cmcurl/lib/x509asn1.h b/Utilities/cmcurl/lib/x509asn1.h
new file mode 100644
index 0000000..1741d6d
--- /dev/null
+++ b/Utilities/cmcurl/lib/x509asn1.h
@@ -0,0 +1,129 @@
+#ifndef HEADER_CURL_X509ASN1_H
+#define HEADER_CURL_X509ASN1_H
+
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS)
+
+#include "urldata.h"
+
+/*
+ * Constants.
+ */
+
+/* ASN.1 classes. */
+#define CURL_ASN1_UNIVERSAL             0
+#define CURL_ASN1_APPLICATION           1
+#define CURL_ASN1_CONTEXT_SPECIFIC      2
+#define CURL_ASN1_PRIVATE               3
+
+/* ASN.1 types. */
+#define CURL_ASN1_BOOLEAN               1
+#define CURL_ASN1_INTEGER               2
+#define CURL_ASN1_BIT_STRING            3
+#define CURL_ASN1_OCTET_STRING          4
+#define CURL_ASN1_NULL                  5
+#define CURL_ASN1_OBJECT_IDENTIFIER     6
+#define CURL_ASN1_OBJECT_DESCRIPTOR     7
+#define CURL_ASN1_INSTANCE_OF           8
+#define CURL_ASN1_REAL                  9
+#define CURL_ASN1_ENUMERATED            10
+#define CURL_ASN1_EMBEDDED              11
+#define CURL_ASN1_UTF8_STRING           12
+#define CURL_ASN1_RELATIVE_OID          13
+#define CURL_ASN1_SEQUENCE              16
+#define CURL_ASN1_SET                   17
+#define CURL_ASN1_NUMERIC_STRING        18
+#define CURL_ASN1_PRINTABLE_STRING      19
+#define CURL_ASN1_TELETEX_STRING        20
+#define CURL_ASN1_VIDEOTEX_STRING       21
+#define CURL_ASN1_IA5_STRING            22
+#define CURL_ASN1_UTC_TIME              23
+#define CURL_ASN1_GENERALIZED_TIME      24
+#define CURL_ASN1_GRAPHIC_STRING        25
+#define CURL_ASN1_VISIBLE_STRING        26
+#define CURL_ASN1_GENERAL_STRING        27
+#define CURL_ASN1_UNIVERSAL_STRING      28
+#define CURL_ASN1_CHARACTER_STRING      29
+#define CURL_ASN1_BMP_STRING            30
+
+
+/*
+ * Types.
+ */
+
+/* ASN.1 parsed element. */
+typedef struct {
+  const char *  beg;            /* Pointer to element data. */
+  const char *  end;            /* Pointer to 1st byte after element data. */
+  unsigned char class;          /* ASN.1 element class. */
+  unsigned char tag;            /* ASN.1 element tag. */
+  bool          constructed;    /* Element is constructed. */
+}  curl_asn1Element;
+
+
+/* ASN.1 OID table entry. */
+typedef struct {
+  const char *  numoid;         /* Dotted-numeric OID. */
+  const char *  textoid;        /* OID name. */
+}  curl_OID;
+
+
+/* X509 certificate: RFC 5280. */
+typedef struct {
+  curl_asn1Element      certificate;
+  curl_asn1Element      version;
+  curl_asn1Element      serialNumber;
+  curl_asn1Element      signatureAlgorithm;
+  curl_asn1Element      signature;
+  curl_asn1Element      issuer;
+  curl_asn1Element      notBefore;
+  curl_asn1Element      notAfter;
+  curl_asn1Element      subject;
+  curl_asn1Element      subjectPublicKeyAlgorithm;
+  curl_asn1Element      subjectPublicKey;
+  curl_asn1Element      issuerUniqueID;
+  curl_asn1Element      subjectUniqueID;
+  curl_asn1Element      extensions;
+}  curl_X509certificate;
+
+
+/*
+ * Prototypes.
+ */
+
+const char * Curl_getASN1Element(curl_asn1Element * elem,
+                                 const char * beg, const char * end);
+const char * Curl_ASN1tostr(curl_asn1Element * elem, int type);
+const char * Curl_DNtostr(curl_asn1Element * dn);
+void Curl_parseX509(curl_X509certificate * cert,
+                    const char * beg, const char * end);
+CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
+                               const char * beg, const char * end);
+CURLcode Curl_verifyhost(struct connectdata * conn,
+                         const char * beg, const char * end);
+
+#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */
+#endif /* HEADER_CURL_X509ASN1_H */
diff --git a/Utilities/cmcurl/md5.h b/Utilities/cmcurl/md5.h
deleted file mode 100644
index 63cc70e..0000000
--- a/Utilities/cmcurl/md5.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#ifndef __MD5_H
-#define __MD5_H
-/***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-void Curl_md5it(unsigned char *output,
-                const unsigned char *input);
-
-#endif
diff --git a/Utilities/cmcurl/memdebug.c b/Utilities/cmcurl/memdebug.c
deleted file mode 100644
index a8cca44..0000000
--- a/Utilities/cmcurl/memdebug.c
+++ /dev/null
@@ -1,298 +0,0 @@
-#ifdef CURLDEBUG
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <curl/curl.h>
-
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#define _MPRINTF_REPLACE
-#include <curl/mprintf.h>
-#include "urldata.h"
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#define MEMDEBUG_NODEFINES /* don't redefine the standard functions */
-#include "memory.h"
-#include "memdebug.h"
-
-struct memdebug {
-  size_t size;
-  double mem[1];
-  /* I'm hoping this is the thing with the strictest alignment
-   * requirements.  That also means we waste some space :-( */
-};
-
-/*
- * Note that these debug functions are very simple and they are meant to
- * remain so. For advanced analysis, record a log file and write perl scripts
- * to analyze them!
- *
- * Don't use these with multithreaded test programs!
- */
-
-#define logfile curl_debuglogfile
-FILE *curl_debuglogfile = NULL;
-static bool memlimit = FALSE; /* enable memory limit */
-static long memsize = 0;  /* set number of mallocs allowed */
-
-/* this sets the log file name */
-void curl_memdebug(const char *logname)
-{
-  if (!logfile) {
-    if(logname)
-      logfile = fopen(logname, "w");
-    else
-      logfile = stderr;
-  }
-}
-
-/* This function sets the number of malloc() calls that should return
-   successfully! */
-void curl_memlimit(long limit)
-{
-  if (!memlimit) {
-    memlimit = TRUE;
-    memsize = limit;
-  }
-}
-
-/* returns TRUE if this isn't allowed! */
-static bool countcheck(const char *func, int line, const char *source)
-{
-  /* if source is NULL, then the call is made internally and this check
-     should not be made */
-  if(memlimit && source) {
-    if(!memsize) {
-      if(logfile && source)
-        fprintf(logfile, "LIMIT %s:%d %s reached memlimit\n",
-                source, line, func);
-      if(source)
-        fprintf(stderr, "LIMIT %s:%d %s reached memlimit\n",
-                source, line, func);
-      errno = ENOMEM;
-      return TRUE; /* RETURN ERROR! */
-    }
-    else
-      memsize--; /* countdown */
-
-    /* log the countdown */
-    if(logfile && source)
-      fprintf(logfile, "LIMIT %s:%d %ld ALLOCS left\n",
-              source, line, memsize);
-
-  }
-
-  return FALSE; /* allow this */
-}
-
-void *curl_domalloc(size_t wantedsize, int line, const char *source)
-{
-  struct memdebug *mem;
-  size_t size;
-
-  if(countcheck("malloc", line, source))
-    return NULL;
-
-  /* alloc at least 64 bytes */
-  size = sizeof(struct memdebug)+wantedsize;
-
-  mem=(struct memdebug *)(Curl_cmalloc)(size);
-  if(mem) {
-    /* fill memory with junk */
-    memset(mem->mem, 0xA5, wantedsize);
-    mem->size = wantedsize;
-  }
-
-  if(logfile && source)
-    fprintf(logfile, "MEM %s:%d malloc(%zd) = %p\n",
-            source, line, wantedsize, mem ? mem->mem : 0);
-  return (mem ? mem->mem : NULL);
-}
-
-void *curl_docalloc(size_t wanted_elements, size_t wanted_size,
-                    int line, const char *source)
-{
-  struct memdebug *mem;
-  size_t size, user_size;
-
-  if(countcheck("calloc", line, source))
-    return NULL;
-
-  /* alloc at least 64 bytes */
-  user_size = wanted_size * wanted_elements;
-  size = sizeof(struct memdebug) + user_size;
-
-  mem = (struct memdebug *)(Curl_cmalloc)(size);
-  if(mem) {
-    /* fill memory with zeroes */
-    memset(mem->mem, 0, user_size);
-    mem->size = user_size;
-  }
-
-  if(logfile && source)
-    fprintf(logfile, "MEM %s:%d calloc(%u,%u) = %p\n",
-            source, line, wanted_elements, wanted_size, mem ? mem->mem : 0);
-  return (mem ? mem->mem : NULL);
-}
-
-char *curl_dostrdup(const char *str, int line, const char *source)
-{
-  char *mem;
-  size_t len;
-
-  curlassert(str != NULL);
-
-  if(countcheck("strdup", line, source))
-    return NULL;
-
-  len=strlen(str)+1;
-
-  mem=curl_domalloc(len, 0, NULL); /* NULL prevents logging */
-  if (mem)
-  memcpy(mem, str, len);
-
-  if(logfile)
-    fprintf(logfile, "MEM %s:%d strdup(%p) (%zd) = %p\n",
-            source, line, str, len, mem);
-
-  return mem;
-}
-
-/* We provide a realloc() that accepts a NULL as pointer, which then
-   performs a malloc(). In order to work with ares. */
-void *curl_dorealloc(void *ptr, size_t wantedsize,
-                     int line, const char *source)
-{
-  struct memdebug *mem=NULL;
-
-  size_t size = sizeof(struct memdebug)+wantedsize;
-
-  if(countcheck("realloc", line, source))
-    return NULL;
-
-  if(ptr)
-    mem = (struct memdebug *)((char *)ptr - offsetof(struct memdebug, mem));
-
-  mem=(struct memdebug *)(Curl_crealloc)(mem, size);
-  if(logfile)
-    fprintf(logfile, "MEM %s:%d realloc(%p, %zd) = %p\n",
-            source, line, ptr, wantedsize, mem?mem->mem:NULL);
-
-  if(mem) {
-    mem->size = wantedsize;
-    return mem->mem;
-  }
-
-  return NULL;
-}
-
-void curl_dofree(void *ptr, int line, const char *source)
-{
-  struct memdebug *mem;
-
-  curlassert(ptr != NULL);
-
-  mem = (struct memdebug *)((char *)ptr - offsetof(struct memdebug, mem));
-
-  /* destroy  */
-  memset(mem->mem, 0x13, mem->size);
-
-  /* free for real */
-  (Curl_cfree)(mem);
-
-  if(logfile)
-    fprintf(logfile, "MEM %s:%d free(%p)\n", source, line, ptr);
-}
-
-int curl_socket(int domain, int type, int protocol, int line,
-                const char *source)
-{
-  int sockfd=(socket)(domain, type, protocol);
-  if(logfile && (sockfd!=-1))
-    fprintf(logfile, "FD %s:%d socket() = %d\n",
-            source, line, sockfd);
-  return sockfd;
-}
-
-int curl_accept(int s, void *saddr, void *saddrlen,
-                int line, const char *source)
-{
-  struct sockaddr *addr = (struct sockaddr *)saddr;
-  socklen_t *addrlen = (socklen_t *)saddrlen;
-  int sockfd=(accept)(s, addr, addrlen);
-  if(logfile)
-    fprintf(logfile, "FD %s:%d accept() = %d\n",
-            source, line, sockfd);
-  return sockfd;
-}
-
-/* this is our own defined way to close sockets on *ALL* platforms */
-int curl_sclose(int sockfd, int line, const char *source)
-{
-  int res=sclose(sockfd);
-  if(logfile)
-    fprintf(logfile, "FD %s:%d sclose(%d)\n",
-            source, line, sockfd);
-  return res;
-}
-
-FILE *curl_fopen(const char *file, const char *mode,
-                 int line, const char *source)
-{
-  FILE *res=(fopen)(file, mode);
-  if(logfile)
-    fprintf(logfile, "FILE %s:%d fopen(\"%s\",\"%s\") = %p\n",
-            source, line, file, mode, res);
-  return res;
-}
-
-int curl_fclose(FILE *file, int line, const char *source)
-{
-  int res;
-
-  curlassert(file != NULL);
-
-  res=(fclose)(file);
-  if(logfile)
-    fprintf(logfile, "FILE %s:%d fclose(%p)\n",
-            source, line, file);
-  return res;
-}
-#else
-#ifdef VMS
-int VOID_VAR_MEMDEBUG;
-#else
-/* we provide a fake do-nothing function here to avoid compiler warnings */
-void curl_memdebug(void) {}
-#endif /* VMS */
-#endif /* CURLDEBUG */
diff --git a/Utilities/cmcurl/memory.h b/Utilities/cmcurl/memory.h
deleted file mode 100644
index 076d20a..0000000
--- a/Utilities/cmcurl/memory.h
+++ /dev/null
@@ -1,50 +0,0 @@
-#ifndef _CURL_MEMORY_H
-#define _CURL_MEMORY_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include <curl/curl.h> /* for the typedefs */
-
-extern curl_malloc_callback Curl_cmalloc;
-extern curl_free_callback Curl_cfree;
-extern curl_realloc_callback Curl_crealloc;
-extern curl_strdup_callback Curl_cstrdup;
-extern curl_calloc_callback Curl_ccalloc;
-
-#ifndef CURLDEBUG
-/* Only do this define-mania if we're not using the memdebug system, as that
-   has preference on this magic. */
-#undef strdup
-#define strdup(ptr) Curl_cstrdup(ptr)
-#undef malloc
-#define malloc(size) Curl_cmalloc(size)
-#undef calloc
-#define calloc(nbelem,size) Curl_ccalloc(nbelem, size)
-#undef realloc
-#define realloc(ptr,size) Curl_crealloc(ptr, size)
-#undef free
-#define free(ptr) Curl_cfree(ptr)
-
-#endif
-
-#endif /* _CURL_MEMORY_H */
diff --git a/Utilities/cmcurl/multi.c b/Utilities/cmcurl/multi.c
deleted file mode 100644
index 869d568..0000000
--- a/Utilities/cmcurl/multi.c
+++ /dev/null
@@ -1,1988 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include <curl/curl.h>
-
-#include "urldata.h"
-#include "transfer.h"
-#include "url.h"
-#include "connect.h"
-#include "progress.h"
-#include "memory.h"
-#include "easyif.h"
-#include "multiif.h"
-#include "sendf.h"
-#include "timeval.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-struct Curl_message {
-  /* the 'CURLMsg' is the part that is visible to the external user */
-  struct CURLMsg extmsg;
-  struct Curl_message *next;
-};
-
-typedef enum {
-  CURLM_STATE_INIT,        /* start in this state */
-  CURLM_STATE_CONNECT,     /* resolve/connect has been sent off */
-  CURLM_STATE_WAITRESOLVE, /* awaiting the resolve to finalize */
-  CURLM_STATE_WAITCONNECT, /* awaiting the connect to finalize */
-  CURLM_STATE_PROTOCONNECT, /* completing the protocol-specific connect
-                               phase */
-  CURLM_STATE_WAITDO,      /* wait for our turn to send the request */
-  CURLM_STATE_DO,          /* start send off the request (part 1) */
-  CURLM_STATE_DOING,       /* sending off the request (part 1) */
-  CURLM_STATE_DO_MORE,     /* send off the request (part 2) */
-  CURLM_STATE_DO_DONE,     /* done sending off request */
-  CURLM_STATE_WAITPERFORM, /* wait for our turn to read the response */
-  CURLM_STATE_PERFORM,     /* transfer data */
-  CURLM_STATE_TOOFAST,     /* wait because limit-rate exceeded */
-  CURLM_STATE_DONE,        /* post data transfer operation */
-  CURLM_STATE_COMPLETED,   /* operation complete */
-  CURLM_STATE_CANCELLED,   /* cancelled */
-
-  CURLM_STATE_LAST /* not a true state, never use this */
-} CURLMstate;
-
-/* we support N sockets per easy handle. Set the corresponding bit to what
-   action we should wait for */
-#define MAX_SOCKSPEREASYHANDLE 5
-#define GETSOCK_READABLE (0x00ff)
-#define GETSOCK_WRITABLE (0xff00)
-
-struct closure {
-  struct closure *next; /* a simple one-way list of structs */
-  struct SessionHandle *easy_handle;
-};
-
-struct Curl_one_easy {
-  /* first, two fields for the linked list of these */
-  struct Curl_one_easy *next;
-  struct Curl_one_easy *prev;
-
-  struct SessionHandle *easy_handle; /* the easy handle for this unit */
-  struct connectdata *easy_conn;     /* the "unit's" connection */
-
-  CURLMstate state;  /* the handle's state */
-  CURLcode result;   /* previous result */
-
-  struct Curl_message *msg; /* A pointer to one single posted message.
-                               Cleanup should be done on this pointer NOT on
-                               the linked list in Curl_multi.  This message
-                               will be deleted when this handle is removed
-                               from the multi-handle */
-  int msg_num; /* number of messages left in 'msg' to return */
-
-  /* Array with the plain socket numbers this handle takes care of, in no
-     particular order. Note that all sockets are added to the sockhash, where
-     the state etc are also kept. This array is mostly used to detect when a
-     socket is to be removed from the hash. See singlesocket(). */
-  curl_socket_t sockets[MAX_SOCKSPEREASYHANDLE];
-  int numsocks;
-};
-
-#define CURL_MULTI_HANDLE 0x000bab1e
-
-#define GOOD_MULTI_HANDLE(x) \
-  ((x)&&(((struct Curl_multi *)x)->type == CURL_MULTI_HANDLE))
-#define GOOD_EASY_HANDLE(x) \
- (((struct SessionHandle *)x)->magic == CURLEASY_MAGIC_NUMBER)
-
-/* This is the struct known as CURLM on the outside */
-struct Curl_multi {
-  /* First a simple identifier to easier detect if a user mix up
-     this multi handle with an easy handle. Set this to CURL_MULTI_HANDLE. */
-  long type;
-
-  /* We have a linked list with easy handles */
-  struct Curl_one_easy easy;
-
-  int num_easy; /* amount of entries in the linked list above. */
-  int num_msgs; /* amount of messages in the easy handles */
-  int num_alive; /* amount of easy handles that are added but have not yet
-                    reached COMPLETE state */
-
-  /* callback function and user data pointer for the *socket() API */
-  curl_socket_callback socket_cb;
-  void *socket_userp;
-
-  /* Hostname cache */
-  struct curl_hash *hostcache;
-
-  /* timetree points to the splay-tree of time nodes to figure out expire
-     times of all currently set timers */
-  struct Curl_tree *timetree;
-
-  /* 'sockhash' is the lookup hash for socket descriptor => easy handles (note
-     the pluralis form, there can be more than one easy handle waiting on the
-     same actual socket) */
-  struct curl_hash *sockhash;
-
-  /* Whether pipelining is enabled for this multi handle */
-  bool pipelining_enabled;
-
-  /* shared connection cache */
-  struct conncache *connc;
-
-  /* list of easy handles kept around for doing nice connection closures */
-  struct closure *closure;
-
-  /* timer callback and user data pointer for the *socket() API */
-  curl_multi_timer_callback timer_cb;
-  void *timer_userp;
-  time_t timer_lastcall; /* the fixed time for the timeout for the previous
-                            callback */
-};
-
-static bool multi_conn_using(struct Curl_multi *multi,
-                             struct SessionHandle *data);
-static void singlesocket(struct Curl_multi *multi,
-                         struct Curl_one_easy *easy);
-static void add_closure(struct Curl_multi *multi,
-                        struct SessionHandle *data);
-static int update_timer(struct Curl_multi *multi);
-
-#ifdef CURLDEBUG
-static const char *statename[]={
-  "INIT",
-  "CONNECT",
-  "WAITRESOLVE",
-  "WAITCONNECT",
-  "PROTOCONNECT",
-  "WAITDO",
-  "DO",
-  "DOING",
-  "DO_MORE",
-  "DO_DONE",
-  "WAITPERFORM",
-  "PERFORM",
-  "TOOFAST",
-  "DONE",
-  "COMPLETED",
-  "CANCELLED"
-};
-
-void curl_multi_dump(CURLM *multi_handle);
-#endif
-
-/* always use this function to change state, to make debugging easier */
-static void multistate(struct Curl_one_easy *easy, CURLMstate state)
-{
-#ifdef CURLDEBUG
-  long index = -1;
-#endif
-  CURLMstate oldstate = easy->state;
-
-  if(oldstate == state)
-    /* don't bother when the new state is the same as the old state */
-    return;
-
-  easy->state = state;
-
-#ifdef CURLDEBUG
-  if(easy->state > CURLM_STATE_CONNECT &&
-     easy->state < CURLM_STATE_COMPLETED)
-    index = easy->easy_conn->connectindex;
-
-  infof(easy->easy_handle,
-        "STATE: %s => %s handle %p; (connection #%ld) \n",
-        statename[oldstate], statename[easy->state],
-        (char *)easy, index);
-#endif
-  if(state == CURLM_STATE_COMPLETED)
-    /* changing to COMPLETED means there's one less easy handle 'alive' */
-    easy->easy_handle->multi->num_alive--;
-}
-
-/*
- * We add one of these structs to the sockhash for a particular socket
- */
-
-struct Curl_sh_entry {
-  struct SessionHandle *easy;
-  time_t timestamp;
-  long inuse;
-  int action;  /* what action READ/WRITE this socket waits for */
-  curl_socket_t socket; /* mainly to ease debugging */
-  void *socketp; /* settable by users with curl_multi_assign() */
-};
-/* bits for 'action' having no bits means this socket is not expecting any
-   action */
-#define SH_READ  1
-#define SH_WRITE 2
-
-/* make sure this socket is present in the hash for this handle */
-static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh,
-                                         curl_socket_t s,
-                                         struct SessionHandle *data)
-{
-  struct Curl_sh_entry *there =
-    Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t));
-  struct Curl_sh_entry *check;
-
-  if(there)
-    /* it is present, return fine */
-    return there;
-
-  /* not present, add it */
-  check = calloc(sizeof(struct Curl_sh_entry), 1);
-  if(!check)
-    return NULL; /* major failure */
-  check->easy = data;
-  check->socket = s;
-
-  /* make/add new hash entry */
-  if(NULL == Curl_hash_add(sh, (char *)&s, sizeof(curl_socket_t), check)) {
-    free(check);
-    return NULL; /* major failure */
-  }
-
-  return check; /* things are good in sockhash land */
-}
-
-
-/* delete the given socket + handle from the hash */
-static void sh_delentry(struct curl_hash *sh, curl_socket_t s)
-{
-  struct Curl_sh_entry *there =
-    Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t));
-
-  if(there) {
-    /* this socket is in the hash */
-    /* We remove the hash entry. (This'll end up in a call to
-       sh_freeentry().) */
-    Curl_hash_delete(sh, (char *)&s, sizeof(curl_socket_t));
-  }
-}
-
-/*
- * free a sockhash entry
- */
-static void sh_freeentry(void *freethis)
-{
-  struct Curl_sh_entry *p = (struct Curl_sh_entry *) freethis;
-
-  free(p);
-}
-
-/*
- * sh_init() creates a new socket hash and returns the handle for it.
- *
- * Quote from README.multi_socket:
- *
- * "Some tests at 7000 and 9000 connections showed that the socket hash lookup
- * is somewhat of a bottle neck. Its current implementation may be a bit too
- * limiting. It simply has a fixed-size array, and on each entry in the array
- * it has a linked list with entries. So the hash only checks which list to
- * scan through. The code I had used so for used a list with merely 7 slots
- * (as that is what the DNS hash uses) but with 7000 connections that would
- * make an average of 1000 nodes in each list to run through. I upped that to
- * 97 slots (I believe a prime is suitable) and noticed a significant speed
- * increase.  I need to reconsider the hash implementation or use a rather
- * large default value like this. At 9000 connections I was still below 10us
- * per call."
- *
- */
-static struct curl_hash *sh_init(void)
-{
-  return Curl_hash_alloc(97, sh_freeentry);
-}
-
-CURLM *curl_multi_init(void)
-{
-  struct Curl_multi *multi = (void *)calloc(sizeof(struct Curl_multi), 1);
-
-  if(!multi)
-    return NULL;
-
-  multi->type = CURL_MULTI_HANDLE;
-
-  multi->hostcache = Curl_mk_dnscache();
-  if(!multi->hostcache) {
-    /* failure, free mem and bail out */
-    free(multi);
-    return NULL;
-  }
-
-  multi->sockhash = sh_init();
-  if(!multi->sockhash) {
-    /* failure, free mem and bail out */
-    Curl_hash_destroy(multi->hostcache);
-    free(multi);
-    return NULL;
-  }
-
-  multi->connc = Curl_mk_connc(CONNCACHE_MULTI, -1);
-  if(!multi->connc) {
-    Curl_hash_destroy(multi->hostcache);
-    free(multi);
-    return NULL;
-  }
-
-  return (CURLM *) multi;
-}
-
-CURLMcode curl_multi_add_handle(CURLM *multi_handle,
-                                CURL *easy_handle)
-{
-  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-  struct Curl_one_easy *easy;
-  struct closure *cl;
-  struct closure *prev=NULL;
-
-  /* First, make some basic checks that the CURLM handle is a good handle */
-  if(!GOOD_MULTI_HANDLE(multi))
-    return CURLM_BAD_HANDLE;
-
-  /* Verify that we got a somewhat good easy handle too */
-  if(!GOOD_EASY_HANDLE(easy_handle))
-    return CURLM_BAD_EASY_HANDLE;
-
-  /* Prevent users to add the same handle more than once! */
-  if(((struct SessionHandle *)easy_handle)->multi)
-    /* possibly we should create a new unique error code for this condition */
-    return CURLM_BAD_EASY_HANDLE;
-
-  /* Now, time to add an easy handle to the multi stack */
-  easy = (struct Curl_one_easy *)calloc(sizeof(struct Curl_one_easy), 1);
-  if(!easy)
-    return CURLM_OUT_OF_MEMORY;
-
-  cl = multi->closure;
-  while(cl) {
-    struct closure *next = cl->next;
-    if(cl->easy_handle == (struct SessionHandle *)easy_handle) {
-      /* remove this handle from the closure list */
-      free(cl);
-      if(prev)
-        prev->next = next;
-      else
-        multi->closure = next;
-      break; /* no need to continue since this handle can only be present once
-                in the list */
-    }
-    cl = next;
-  }
-
-  /* set the easy handle */
-  easy->easy_handle = easy_handle;
-  multistate(easy, CURLM_STATE_INIT);
-
-  /* for multi interface connections, we share DNS cache automatically if the
-     easy handle's one is currently private. */
-  if (easy->easy_handle->dns.hostcache &&
-      (easy->easy_handle->dns.hostcachetype == HCACHE_PRIVATE)) {
-    Curl_hash_destroy(easy->easy_handle->dns.hostcache);
-    easy->easy_handle->dns.hostcache = NULL;
-    easy->easy_handle->dns.hostcachetype = HCACHE_NONE;
-  }
-
-  if (!easy->easy_handle->dns.hostcache ||
-      (easy->easy_handle->dns.hostcachetype == HCACHE_NONE)) {
-    easy->easy_handle->dns.hostcache = multi->hostcache;
-    easy->easy_handle->dns.hostcachetype = HCACHE_MULTI;
-  }
-
-  if(easy->easy_handle->state.connc) {
-    if(easy->easy_handle->state.connc->type == CONNCACHE_PRIVATE) {
-      /* kill old private version */
-      Curl_rm_connc(easy->easy_handle->state.connc);
-      /* point out our shared one instead */
-      easy->easy_handle->state.connc = multi->connc;
-    }
-    /* else it is already using multi? */
-  }
-  else
-    /* point out our shared one */
-    easy->easy_handle->state.connc = multi->connc;
-
-  /* Make sure the type is setup correctly */
-  easy->easy_handle->state.connc->type = CONNCACHE_MULTI;
-
-  /* We add this new entry first in the list. We make our 'next' point to the
-     previous next and our 'prev' point back to the 'first' struct */
-  easy->next = multi->easy.next;
-  easy->prev = &multi->easy;
-
-  /* make 'easy' the first node in the chain */
-  multi->easy.next = easy;
-
-  /* if there was a next node, make sure its 'prev' pointer links back to
-     the new node */
-  if(easy->next)
-    easy->next->prev = easy;
-
-  Curl_easy_addmulti(easy_handle, multi_handle);
-
-  /* make the SessionHandle struct refer back to this struct */
-  easy->easy_handle->set.one_easy = easy;
-
-  /* increase the node-counter */
-  multi->num_easy++;
-
-  if((multi->num_easy * 4) > multi->connc->num) {
-    /* We want the connection cache to have plenty room. Before we supported
-       the shared cache every single easy handle had 5 entries in their cache
-       by default. */
-    CURLcode res = Curl_ch_connc(easy_handle, multi->connc,
-                                 multi->connc->num*4);
-    if(res != CURLE_OK)
-      /* TODO: we need to do some cleaning up here! */
-      return CURLM_OUT_OF_MEMORY;
-  }
-
-  /* increase the alive-counter */
-  multi->num_alive++;
-
-  update_timer(multi);
-  return CURLM_OK;
-}
-
-#if 0
-/* Debug-function, used like this:
- *
- * Curl_hash_print(multi->sockhash, debug_print_sock_hash);
- *
- * Enable the hash print function first by editing hash.c
- */
-static void debug_print_sock_hash(void *p)
-{
-  struct Curl_sh_entry *sh = (struct Curl_sh_entry *)p;
-
-  fprintf(stderr, " [easy %p/magic %x/socket %d]",
-          (void *)sh->easy, sh->easy->magic, sh->socket);
-}
-#endif
-
-CURLMcode curl_multi_remove_handle(CURLM *multi_handle,
-                                   CURL *curl_handle)
-{
-  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-  struct Curl_one_easy *easy;
-
-  /* First, make some basic checks that the CURLM handle is a good handle */
-  if(!GOOD_MULTI_HANDLE(multi))
-    return CURLM_BAD_HANDLE;
-
-  /* Verify that we got a somewhat good easy handle too */
-  if(!GOOD_EASY_HANDLE(curl_handle))
-    return CURLM_BAD_EASY_HANDLE;
-
-  /* scan through the list and remove the 'curl_handle' */
-  easy = multi->easy.next;
-  while(easy) {
-    if(easy->easy_handle == (struct SessionHandle *)curl_handle)
-      break;
-    easy=easy->next;
-  }
-
-  if(easy) {
-    bool premature = (bool)(easy->state != CURLM_STATE_COMPLETED);
-
-    /* If the 'state' is not INIT or COMPLETED, we might need to do something
-       nice to put the easy_handle in a good known state when this returns. */
-    if(premature)
-      /* this handle is "alive" so we need to count down the total number of
-         alive connections when this is removed */
-      multi->num_alive--;
-
-    if (easy->easy_handle->state.is_in_pipeline &&
-        easy->state > CURLM_STATE_DO) {
-      /* If the handle is in a pipeline and has finished sending off its
-         request, we need to remember the fact that we want to remove this
-         handle but do the actual removal at a later time */
-      easy->easy_handle->state.cancelled = TRUE;
-      return CURLM_OK;
-    }
-
-    /* The timer must be shut down before easy->multi is set to NULL,
-       else the timenode will remain in the splay tree after
-       curl_easy_cleanup is called. */
-    Curl_expire(easy->easy_handle, 0);
-
-    if(easy->easy_handle->dns.hostcachetype == HCACHE_MULTI) {
-      /* clear out the usage of the shared DNS cache */
-      easy->easy_handle->dns.hostcache = NULL;
-      easy->easy_handle->dns.hostcachetype = HCACHE_NONE;
-    }
-
-    /* if we have a connection we must call Curl_done() here so that we
-       don't leave a half-baked one around */
-    if(easy->easy_conn) {
-      /* Set up the association right */
-      easy->easy_conn->data = easy->easy_handle;
-
-      /* Curl_done() clears the conn->data field to lose the association
-         between the easy handle and the connection */
-      Curl_done(&easy->easy_conn, easy->result, premature);
-
-      if(easy->easy_conn)
-        /* the connection is still alive, set back the association to enable
-           the check below to trigger TRUE */
-        easy->easy_conn->data = easy->easy_handle;
-    }
-
-    /* If this easy_handle was the last one in charge for one or more
-       connections a the shared connection cache, we might need to keep this
-       handle around until either A) the connection is closed and killed
-       properly, or B) another easy_handle uses the connection.
-
-       The reason why we need to have a easy_handle associated with a live
-       connection is simply that some connections will need a handle to get
-       closed down properly. Currently, the only connections that need to keep
-       a easy_handle handle around are using FTP(S). Such connections have
-       the PROT_CLOSEACTION bit set.
-
-       Thus, we need to check for all connections in the shared cache that
-       points to this handle and are using PROT_CLOSEACTION. If there's any,
-       we need to add this handle to the list of "easy handles kept around for
-       nice connection closures".
-     */
-    if(multi_conn_using(multi, easy->easy_handle)) {
-      /* There's at least one connection using this handle so we must keep
-         this handle around. We also keep the connection cache pointer
-         pointing to the shared one since that will be used on close as
-         well. */
-      easy->easy_handle->state.shared_conn = multi;
-
-      /* this handle is still being used by a shared connection cache and
-         thus we leave it around for now */
-      add_closure(multi, easy->easy_handle);
-    }
-
-    if(easy->easy_handle->state.connc->type == CONNCACHE_MULTI) {
-      /* if this was using the shared connection cache we clear the pointer
-         to that since we're not part of that handle anymore */
-      easy->easy_handle->state.connc = NULL;
-
-      /* and modify the connectindex since this handle can't point to the
-         connection cache anymore */
-      if(easy->easy_conn)
-        easy->easy_conn->connectindex = -1;
-    }
-
-    /* change state without using multistate(), only to make singlesocket() do
-       what we want */
-    easy->state = CURLM_STATE_COMPLETED;
-    singlesocket(multi, easy); /* to let the application know what sockets
-                                  that vanish with this handle */
-
-    Curl_easy_addmulti(easy->easy_handle, NULL); /* clear the association
-                                                    to this multi handle */
-
-    /* make the previous node point to our next */
-    if(easy->prev)
-      easy->prev->next = easy->next;
-    /* make our next point to our previous node */
-    if(easy->next)
-      easy->next->prev = easy->prev;
-
-    easy->easy_handle->set.one_easy = NULL; /* detached */
-
-    /* NOTE NOTE NOTE
-       We do not touch the easy handle here! */
-    if (easy->msg)
-      free(easy->msg);
-    free(easy);
-
-    multi->num_easy--; /* one less to care about now */
-
-    update_timer(multi);
-    return CURLM_OK;
-  }
-  else
-    return CURLM_BAD_EASY_HANDLE; /* twasn't found */
-}
-
-bool Curl_multi_canPipeline(struct Curl_multi* multi)
-{
-  return multi->pipelining_enabled;
-}
-
-static int waitconnect_getsock(struct connectdata *conn,
-                               curl_socket_t *sock,
-                               int numsocks)
-{
-  if(!numsocks)
-    return GETSOCK_BLANK;
-
-  sock[0] = conn->sock[FIRSTSOCKET];
-  return GETSOCK_WRITESOCK(0);
-}
-
-static int domore_getsock(struct connectdata *conn,
-                          curl_socket_t *sock,
-                          int numsocks)
-{
-  if(!numsocks)
-    return GETSOCK_BLANK;
-
-  /* When in DO_MORE state, we could be either waiting for us
-     to connect to a remote site, or we could wait for that site
-     to connect to us. It makes a difference in the way: if we
-     connect to the site we wait for the socket to become writable, if
-     the site connects to us we wait for it to become readable */
-  sock[0] = conn->sock[SECONDARYSOCKET];
-
-  return GETSOCK_WRITESOCK(0);
-}
-
-/* returns bitmapped flags for this handle and its sockets */
-static int multi_getsock(struct Curl_one_easy *easy,
-                         curl_socket_t *socks, /* points to numsocks number
-                                                 of sockets */
-                         int numsocks)
-{
-  if (easy->easy_handle->state.pipe_broke) {
-    return 0;
-  }
-
-  if (easy->state > CURLM_STATE_CONNECT &&
-      easy->state < CURLM_STATE_COMPLETED) {
-    /* Set up ownership correctly */
-    easy->easy_conn->data = easy->easy_handle;
-  }
-
-  switch(easy->state) {
-  case CURLM_STATE_TOOFAST:  /* returns 0, so will not select. */
-  default:
-    /* this will get called with CURLM_STATE_COMPLETED when a handle is
-       removed */
-    return 0;
-
-  case CURLM_STATE_WAITRESOLVE:
-    return Curl_resolv_getsock(easy->easy_conn, socks, numsocks);
-
-  case CURLM_STATE_PROTOCONNECT:
-    return Curl_protocol_getsock(easy->easy_conn, socks, numsocks);
-
-  case CURLM_STATE_DOING:
-    return Curl_doing_getsock(easy->easy_conn, socks, numsocks);
-
-  case CURLM_STATE_WAITCONNECT:
-    return waitconnect_getsock(easy->easy_conn, socks, numsocks);
-
-  case CURLM_STATE_DO_MORE:
-    return domore_getsock(easy->easy_conn, socks, numsocks);
-
-  case CURLM_STATE_PERFORM:
-  case CURLM_STATE_WAITPERFORM:
-    return Curl_single_getsock(easy->easy_conn, socks, numsocks);
-  }
-
-}
-
-CURLMcode curl_multi_fdset(CURLM *multi_handle,
-                           fd_set *read_fd_set, fd_set *write_fd_set,
-                           fd_set *exc_fd_set, int *max_fd)
-{
-  /* Scan through all the easy handles to get the file descriptors set.
-     Some easy handles may not have connected to the remote host yet,
-     and then we must make sure that is done. */
-  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-  struct Curl_one_easy *easy;
-  int this_max_fd=-1;
-  curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE];
-  int bitmap;
-  int i;
-  (void)exc_fd_set; /* not used */
-
-  if(!GOOD_MULTI_HANDLE(multi))
-    return CURLM_BAD_HANDLE;
-
-  easy=multi->easy.next;
-  while(easy) {
-    bitmap = multi_getsock(easy, sockbunch, MAX_SOCKSPEREASYHANDLE);
-
-    for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) {
-      curl_socket_t s = CURL_SOCKET_BAD;
-
-      if(bitmap & GETSOCK_READSOCK(i)) {
-        FD_SET(sockbunch[i], read_fd_set);
-        s = sockbunch[i];
-      }
-      if(bitmap & GETSOCK_WRITESOCK(i)) {
-        FD_SET(sockbunch[i], write_fd_set);
-        s = sockbunch[i];
-      }
-      if(s == CURL_SOCKET_BAD)
-        /* this socket is unused, break out of loop */
-        break;
-      else {
-        if((int)s > this_max_fd)
-          this_max_fd = (int)s;
-      }
-    }
-
-    easy = easy->next; /* check next handle */
-  }
-
-  *max_fd = this_max_fd;
-
-  return CURLM_OK;
-}
-
-static CURLMcode multi_runsingle(struct Curl_multi *multi,
-                                 struct Curl_one_easy *easy)
-{
-  struct Curl_message *msg = NULL;
-  bool connected;
-  bool async;
-  bool protocol_connect = 0;
-  bool dophase_done;
-  bool done;
-  CURLMcode result = CURLM_OK;
-  struct Curl_transfer_keeper *k;
-
-  do {
-
-    if(!GOOD_EASY_HANDLE(easy->easy_handle))
-      return CURLM_BAD_EASY_HANDLE;
-
-    if (easy->easy_handle->state.pipe_broke) {
-      infof(easy->easy_handle, "Pipe broke: handle 0x%x, url = %s\n",
-            easy, easy->easy_handle->reqdata.path);
-      if(easy->easy_handle->state.is_in_pipeline) {
-        /* Head back to the CONNECT state */
-        multistate(easy, CURLM_STATE_CONNECT);
-        result = CURLM_CALL_MULTI_PERFORM;
-        easy->result = CURLE_OK;
-      } else {
-        easy->result = CURLE_COULDNT_CONNECT;
-        multistate(easy, CURLM_STATE_COMPLETED);
-      }
-
-      easy->easy_handle->state.pipe_broke = FALSE;
-      easy->easy_conn = NULL;
-      break;
-    }
-
-    if (easy->state > CURLM_STATE_CONNECT &&
-        easy->state < CURLM_STATE_COMPLETED) {
-      /* Make sure we set the connection's current owner */
-      easy->easy_conn->data = easy->easy_handle;
-    }
-
-    if (CURLM_STATE_WAITCONNECT <= easy->state &&
-        easy->state <= CURLM_STATE_DO &&
-        easy->easy_handle->change.url_changed) {
-      char *gotourl;
-      Curl_posttransfer(easy->easy_handle);
-
-      easy->result = Curl_done(&easy->easy_conn, CURLE_OK, FALSE);
-      /* We make sure that the pipe broken flag is reset
-         because in this case, it isn't an actual break */
-      easy->easy_handle->state.pipe_broke = FALSE;
-      if(CURLE_OK == easy->result) {
-        gotourl = strdup(easy->easy_handle->change.url);
-        if(gotourl) {
-          easy->easy_handle->change.url_changed = FALSE;
-          easy->result = Curl_follow(easy->easy_handle, gotourl, FALSE);
-          if(CURLE_OK == easy->result)
-            multistate(easy, CURLM_STATE_CONNECT);
-          else
-            free(gotourl);
-        }
-        else {
-          easy->result = CURLE_OUT_OF_MEMORY;
-          multistate(easy, CURLM_STATE_COMPLETED);
-          break;
-        }
-      }
-    }
-
-    easy->easy_handle->change.url_changed = FALSE;
-
-    switch(easy->state) {
-    case CURLM_STATE_INIT:
-      /* init this transfer. */
-      easy->result=Curl_pretransfer(easy->easy_handle);
-
-      if(CURLE_OK == easy->result) {
-        /* after init, go CONNECT */
-        multistate(easy, CURLM_STATE_CONNECT);
-        result = CURLM_CALL_MULTI_PERFORM;
-
-        easy->easy_handle->state.used_interface = Curl_if_multi;
-      }
-      break;
-
-    case CURLM_STATE_CONNECT:
-      /* Connect. We get a connection identifier filled in. */
-      Curl_pgrsTime(easy->easy_handle, TIMER_STARTSINGLE);
-      easy->result = Curl_connect(easy->easy_handle, &easy->easy_conn,
-                                  &async, &protocol_connect);
-
-      if(CURLE_OK == easy->result) {
-        /* Add this handle to the send pipeline */
-        Curl_addHandleToPipeline(easy->easy_handle,
-                                 easy->easy_conn->send_pipe);
-
-        if(async)
-          /* We're now waiting for an asynchronous name lookup */
-          multistate(easy, CURLM_STATE_WAITRESOLVE);
-        else {
-          /* after the connect has been sent off, go WAITCONNECT unless the
-             protocol connect is already done and we can go directly to
-             WAITDO! */
-          result = CURLM_CALL_MULTI_PERFORM;
-
-          if(protocol_connect) {
-            multistate(easy, CURLM_STATE_WAITDO);
-          } else {
-            multistate(easy, CURLM_STATE_WAITCONNECT);
-          }
-        }
-      }
-      break;
-
-    case CURLM_STATE_WAITRESOLVE:
-      /* awaiting an asynch name resolve to complete */
-    {
-      struct Curl_dns_entry *dns = NULL;
-
-      /* check if we have the name resolved by now */
-      easy->result = Curl_is_resolved(easy->easy_conn, &dns);
-
-      if(dns) {
-        /* Perform the next step in the connection phase, and then move on
-           to the WAITCONNECT state */
-        easy->result = Curl_async_resolved(easy->easy_conn,
-                                           &protocol_connect);
-
-        if(CURLE_OK != easy->result)
-          /* if Curl_async_resolved() returns failure, the connection struct
-             is already freed and gone */
-          easy->easy_conn = NULL;           /* no more connection */
-        else {
-          /* call again please so that we get the next socket setup */
-          result = CURLM_CALL_MULTI_PERFORM;
-          if(protocol_connect)
-            multistate(easy, CURLM_STATE_DO);
-          else
-            multistate(easy, CURLM_STATE_WAITCONNECT);
-        }
-      }
-
-      if(CURLE_OK != easy->result) {
-        /* failure detected */
-        Curl_disconnect(easy->easy_conn); /* disconnect properly */
-        easy->easy_conn = NULL;           /* no more connection */
-        break;
-      }
-    }
-    break;
-
-    case CURLM_STATE_WAITCONNECT:
-      /* awaiting a completion of an asynch connect */
-      easy->result = Curl_is_connected(easy->easy_conn,
-                                       FIRSTSOCKET,
-                                       &connected);
-      if(connected)
-        easy->result = Curl_protocol_connect(easy->easy_conn,
-                                             &protocol_connect);
-
-      if(CURLE_OK != easy->result) {
-        /* failure detected */
-        Curl_disconnect(easy->easy_conn); /* close the connection */
-        easy->easy_conn = NULL;           /* no more connection */
-        break;
-      }
-
-      if(connected) {
-        if(!protocol_connect) {
-          /* We have a TCP connection, but 'protocol_connect' may be false
-             and then we continue to 'STATE_PROTOCONNECT'. If protocol
-             connect is TRUE, we move on to STATE_DO. */
-          multistate(easy, CURLM_STATE_PROTOCONNECT);
-        }
-        else {
-          /* after the connect has completed, go WAITDO */
-          multistate(easy, CURLM_STATE_WAITDO);
-
-          result = CURLM_CALL_MULTI_PERFORM;
-        }
-      }
-      break;
-
-    case CURLM_STATE_PROTOCONNECT:
-      /* protocol-specific connect phase */
-      easy->result = Curl_protocol_connecting(easy->easy_conn,
-                                              &protocol_connect);
-      if(protocol_connect) {
-        /* after the connect has completed, go WAITDO */
-        multistate(easy, CURLM_STATE_WAITDO);
-        result = CURLM_CALL_MULTI_PERFORM;
-      }
-      else if(easy->result) {
-        /* failure detected */
-        Curl_posttransfer(easy->easy_handle);
-        Curl_done(&easy->easy_conn, easy->result, FALSE);
-        Curl_disconnect(easy->easy_conn); /* close the connection */
-        easy->easy_conn = NULL;           /* no more connection */
-      }
-      break;
-
-    case CURLM_STATE_WAITDO:
-      /* Wait for our turn to DO when we're pipelining requests */
-#ifdef CURLDEBUG
-      infof(easy->easy_handle, "Conn %d send pipe %d inuse %d athead %d\n",
-            easy->easy_conn->connectindex,
-            easy->easy_conn->send_pipe->size,
-            easy->easy_conn->writechannel_inuse,
-            Curl_isHandleAtHead(easy->easy_handle,
-                                easy->easy_conn->send_pipe));
-#endif
-      if (!easy->easy_conn->writechannel_inuse &&
-          Curl_isHandleAtHead(easy->easy_handle,
-                              easy->easy_conn->send_pipe)) {
-        /* Grab the channel */
-        easy->easy_conn->writechannel_inuse = TRUE;
-        multistate(easy, CURLM_STATE_DO);
-        result = CURLM_CALL_MULTI_PERFORM;
-      }
-      break;
-
-    case CURLM_STATE_DO:
-      if(easy->easy_handle->set.connect_only) {
-        /* keep connection open for application to use the socket */
-        easy->easy_conn->bits.close = FALSE;
-        multistate(easy, CURLM_STATE_DONE);
-        easy->result = CURLE_OK;
-        result = CURLM_OK;
-      }
-      else {
-        /* Perform the protocol's DO action */
-        easy->result = Curl_do(&easy->easy_conn,
-                               &dophase_done);
-
-        if(CURLE_OK == easy->result) {
-
-          if(!dophase_done) {
-            /* DO was not completed in one function call, we must continue
-               DOING... */
-            multistate(easy, CURLM_STATE_DOING);
-            result = CURLM_OK;
-          }
-
-          /* after DO, go DO_DONE... or DO_MORE */
-          else if(easy->easy_conn->bits.do_more) {
-            /* we're supposed to do more, but we need to sit down, relax
-               and wait a little while first */
-            multistate(easy, CURLM_STATE_DO_MORE);
-            result = CURLM_OK;
-          }
-          else {
-            /* we're done with the DO, now DO_DONE */
-            easy->result = Curl_readwrite_init(easy->easy_conn);
-            if(CURLE_OK == easy->result) {
-              multistate(easy, CURLM_STATE_DO_DONE);
-              result = CURLM_CALL_MULTI_PERFORM;
-            }
-          }
-        }
-        else {
-          /* failure detected */
-          Curl_posttransfer(easy->easy_handle);
-          Curl_done(&easy->easy_conn, easy->result, FALSE);
-          Curl_disconnect(easy->easy_conn); /* close the connection */
-          easy->easy_conn = NULL;           /* no more connection */
-        }
-      }
-      break;
-
-    case CURLM_STATE_DOING:
-      /* we continue DOING until the DO phase is complete */
-      easy->result = Curl_protocol_doing(easy->easy_conn,
-                                         &dophase_done);
-      if(CURLE_OK == easy->result) {
-        if(dophase_done) {
-          /* after DO, go PERFORM... or DO_MORE */
-          if(easy->easy_conn->bits.do_more) {
-            /* we're supposed to do more, but we need to sit down, relax
-               and wait a little while first */
-            multistate(easy, CURLM_STATE_DO_MORE);
-            result = CURLM_OK;
-          }
-          else {
-            /* we're done with the DO, now DO_DONE */
-            easy->result = Curl_readwrite_init(easy->easy_conn);
-            if(CURLE_OK == easy->result) {
-              multistate(easy, CURLM_STATE_DO_DONE);
-              result = CURLM_CALL_MULTI_PERFORM;
-            }
-          }
-        } /* dophase_done */
-      }
-      else {
-        /* failure detected */
-        Curl_posttransfer(easy->easy_handle);
-        Curl_done(&easy->easy_conn, easy->result, FALSE);
-        Curl_disconnect(easy->easy_conn); /* close the connection */
-        easy->easy_conn = NULL;           /* no more connection */
-      }
-      break;
-
-    case CURLM_STATE_DO_MORE:
-      /* Ready to do more? */
-      easy->result = Curl_is_connected(easy->easy_conn,
-                                       SECONDARYSOCKET,
-                                       &connected);
-      if(connected) {
-        /*
-         * When we are connected, DO MORE and then go DO_DONE
-         */
-        easy->result = Curl_do_more(easy->easy_conn);
-
-        if(CURLE_OK == easy->result)
-          easy->result = Curl_readwrite_init(easy->easy_conn);
-        else
-          /* Remove ourselves from the send pipeline */
-          Curl_removeHandleFromPipeline(easy->easy_handle,
-                                        easy->easy_conn->send_pipe);
-
-        if(CURLE_OK == easy->result) {
-          multistate(easy, CURLM_STATE_DO_DONE);
-          result = CURLM_CALL_MULTI_PERFORM;
-        }
-      }
-      break;
-
-    case CURLM_STATE_DO_DONE:
-      /* Remove ourselves from the send pipeline */
-      Curl_removeHandleFromPipeline(easy->easy_handle,
-                                    easy->easy_conn->send_pipe);
-      /* Add ourselves to the recv pipeline */
-      Curl_addHandleToPipeline(easy->easy_handle,
-                               easy->easy_conn->recv_pipe);
-      multistate(easy, CURLM_STATE_WAITPERFORM);
-      result = CURLM_CALL_MULTI_PERFORM;
-      break;
-
-    case CURLM_STATE_WAITPERFORM:
-#ifdef CURLDEBUG
-      infof(easy->easy_handle, "Conn %d recv pipe %d inuse %d athead %d\n",
-            easy->easy_conn->connectindex,
-            easy->easy_conn->recv_pipe->size,
-            easy->easy_conn->readchannel_inuse,
-            Curl_isHandleAtHead(easy->easy_handle,
-                                easy->easy_conn->recv_pipe));
-#endif
-      /* Wait for our turn to PERFORM */
-      if (!easy->easy_conn->readchannel_inuse &&
-          Curl_isHandleAtHead(easy->easy_handle,
-                              easy->easy_conn->recv_pipe)) {
-        /* Grab the channel */
-        easy->easy_conn->readchannel_inuse = TRUE;
-        multistate(easy, CURLM_STATE_PERFORM);
-        result = CURLM_CALL_MULTI_PERFORM;
-      }
-      break;
-
-    case CURLM_STATE_TOOFAST: /* limit-rate exceeded in either direction */
-      /* if both rates are within spec, resume transfer */
-      Curl_pgrsUpdate(easy->easy_conn);
-      if ( ( ( easy->easy_handle->set.max_send_speed == 0 ) ||
-             ( easy->easy_handle->progress.ulspeed <
-               easy->easy_handle->set.max_send_speed ) )  &&
-           ( ( easy->easy_handle->set.max_recv_speed == 0 ) ||
-             ( easy->easy_handle->progress.dlspeed <
-               easy->easy_handle->set.max_recv_speed ) )
-        )
-      multistate(easy, CURLM_STATE_PERFORM);
-      break;
-
-    case CURLM_STATE_PERFORM:
-      /* check if over speed */
-      if ( (  ( easy->easy_handle->set.max_send_speed > 0 ) &&
-              ( easy->easy_handle->progress.ulspeed >
-                easy->easy_handle->set.max_send_speed ) )  ||
-           (  ( easy->easy_handle->set.max_recv_speed > 0 ) &&
-              ( easy->easy_handle->progress.dlspeed >
-                easy->easy_handle->set.max_recv_speed ) )
-        ) {
-        /* Transfer is over the speed limit. Change state.  TODO: Call
-         * Curl_expire() with the time left until we're targeted to be below
-         * the speed limit again. */
-        multistate(easy, CURLM_STATE_TOOFAST );
-        break;
-      }
-
-      /* read/write data if it is ready to do so */
-      easy->result = Curl_readwrite(easy->easy_conn, &done);
-
-      k = &easy->easy_handle->reqdata.keep;
-
-      if (!(k->keepon & KEEP_READ)) {
-          /* We're done reading */
-          easy->easy_conn->readchannel_inuse = FALSE;
-      }
-
-      if (!(k->keepon & KEEP_WRITE)) {
-          /* We're done writing */
-          easy->easy_conn->writechannel_inuse = FALSE;
-      }
-
-      if(easy->result)  {
-        /* The transfer phase returned error, we mark the connection to get
-         * closed to prevent being re-used. This is becasue we can't
-         * possibly know if the connection is in a good shape or not now. */
-        easy->easy_conn->bits.close = TRUE;
-
-        if(CURL_SOCKET_BAD != easy->easy_conn->sock[SECONDARYSOCKET]) {
-          /* if we failed anywhere, we must clean up the secondary socket if
-             it was used */
-          sclose(easy->easy_conn->sock[SECONDARYSOCKET]);
-          easy->easy_conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
-        }
-        Curl_posttransfer(easy->easy_handle);
-        Curl_done(&easy->easy_conn, easy->result, FALSE);
-      }
-      else if(TRUE == done) {
-        char *newurl;
-        bool retry = Curl_retry_request(easy->easy_conn, &newurl);
-
-        /* call this even if the readwrite function returned error */
-        Curl_posttransfer(easy->easy_handle);
-
-        /* When we follow redirects, must to go back to the CONNECT state */
-        if(easy->easy_handle->reqdata.newurl || retry) {
-          Curl_removeHandleFromPipeline(easy->easy_handle,
-                                        easy->easy_conn->recv_pipe);
-          if(!retry) {
-            /* if the URL is a follow-location and not just a retried request
-               then figure out the URL here */
-            newurl = easy->easy_handle->reqdata.newurl;
-            easy->easy_handle->reqdata.newurl = NULL;
-          }
-          easy->result = Curl_done(&easy->easy_conn, CURLE_OK, FALSE);
-          if(easy->result == CURLE_OK)
-            easy->result = Curl_follow(easy->easy_handle, newurl, retry);
-          if(CURLE_OK == easy->result) {
-            multistate(easy, CURLM_STATE_CONNECT);
-            result = CURLM_CALL_MULTI_PERFORM;
-          }
-          else
-            /* Since we "took it", we are in charge of freeing this on
-               failure */
-            free(newurl);
-        }
-        else {
-          /* after the transfer is done, go DONE */
-          multistate(easy, CURLM_STATE_DONE);
-          result = CURLM_CALL_MULTI_PERFORM;
-        }
-      }
-
-      break;
-
-    case CURLM_STATE_DONE:
-      /* Remove ourselves from the receive pipeline */
-      Curl_removeHandleFromPipeline(easy->easy_handle,
-                                    easy->easy_conn->recv_pipe);
-      easy->easy_handle->state.is_in_pipeline = FALSE;
-
-      if (easy->easy_conn->bits.stream_was_rewound) {
-          /* This request read past its response boundary so we quickly
-             let the other requests consume those bytes since there is no
-             guarantee that the socket will become active again */
-          result = CURLM_CALL_MULTI_PERFORM;
-      }
-
-      if (!easy->easy_handle->state.cancelled) {
-        /* post-transfer command */
-        easy->result = Curl_done(&easy->easy_conn, CURLE_OK, FALSE);
-
-        /* after we have DONE what we're supposed to do, go COMPLETED, and
-           it doesn't matter what the Curl_done() returned! */
-        multistate(easy, CURLM_STATE_COMPLETED);
-      }
-
-      break;
-
-    case CURLM_STATE_COMPLETED:
-      if (easy->easy_handle->state.cancelled)
-        /* Go into the CANCELLED state if we were cancelled */
-        multistate(easy, CURLM_STATE_CANCELLED);
-
-      /* this is a completed transfer, it is likely to still be connected */
-
-      /* This node should be delinked from the list now and we should post
-         an information message that we are complete. */
-      break;
-
-    case CURLM_STATE_CANCELLED:
-      /* Cancelled transfer, wait to be cleaned up */
-      break;
-
-    default:
-      return CURLM_INTERNAL_ERROR;
-    }
-
-    if(CURLM_STATE_COMPLETED != easy->state) {
-      if(CURLE_OK != easy->result) {
-        /*
-         * If an error was returned, and we aren't in completed state now,
-         * then we go to completed and consider this transfer aborted.
-         */
-        easy->easy_handle->state.is_in_pipeline = FALSE;
-        easy->easy_handle->state.pipe_broke = FALSE;
-
-        if(easy->easy_conn) {
-          /* if this has a connection, unsubscribe from the pipelines */
-          easy->easy_conn->writechannel_inuse = FALSE;
-          easy->easy_conn->readchannel_inuse = FALSE;
-        }
-        multistate(easy, CURLM_STATE_COMPLETED);
-      }
-    }
-
-  } while (easy->easy_handle->change.url_changed);
-
-  if ((CURLM_STATE_COMPLETED == easy->state) && !easy->msg) {
-    if(easy->easy_handle->dns.hostcachetype == HCACHE_MULTI) {
-      /* clear out the usage of the shared DNS cache */
-      easy->easy_handle->dns.hostcache = NULL;
-      easy->easy_handle->dns.hostcachetype = HCACHE_NONE;
-    }
-
-    /* now add a node to the Curl_message linked list with this info */
-    msg = (struct Curl_message *)malloc(sizeof(struct Curl_message));
-
-    if(!msg)
-      return CURLM_OUT_OF_MEMORY;
-
-    msg->extmsg.msg = CURLMSG_DONE;
-    msg->extmsg.easy_handle = easy->easy_handle;
-    msg->extmsg.data.result = easy->result;
-    msg->next = NULL;
-
-    easy->msg = msg;
-    easy->msg_num = 1; /* there is one unread message here */
-
-    multi->num_msgs++; /* increase message counter */
-  }
-
-  return result;
-}
-
-
-CURLMcode curl_multi_perform(CURLM *multi_handle, int *running_handles)
-{
-  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-  struct Curl_one_easy *easy;
-  CURLMcode returncode=CURLM_OK;
-  struct Curl_tree *t;
-
-  if(!GOOD_MULTI_HANDLE(multi))
-    return CURLM_BAD_HANDLE;
-
-  easy=multi->easy.next;
-  while(easy) {
-    CURLMcode result;
-
-    if (easy->easy_handle->state.cancelled &&
-        easy->state == CURLM_STATE_CANCELLED) {
-      /* Remove cancelled handles once it's safe to do so */
-      Curl_multi_rmeasy(multi_handle, easy->easy_handle);
-      easy->easy_handle = NULL;
-      easy = easy->next;
-      continue;
-    }
-
-    result = multi_runsingle(multi, easy);
-    if(result)
-      returncode = result;
-
-    easy = easy->next; /* operate on next handle */
-  }
-
-  /*
-   * Simply remove all expired timers from the splay since handles are dealt
-   * with unconditionally by this function and curl_multi_timeout() requires
-   * that already passed/handled expire times are removed from the splay.
-   */
-  do {
-    struct timeval now = Curl_tvnow();
-    int key = now.tv_sec; /* drop the usec part */
-
-    multi->timetree = Curl_splaygetbest(key, multi->timetree, &t);
-    if (t) {
-      struct SessionHandle *d = t->payload;
-      struct timeval* tv = &d->state.expiretime;
-
-      /* clear the expire times within the handles that we remove from the
-         splay tree */
-      tv->tv_sec = 0;
-      tv->tv_usec = 0;
-    }
-
-  } while(t);
-
-  *running_handles = multi->num_alive;
-
-  if ( CURLM_OK == returncode )
-    update_timer(multi);
-  return returncode;
-}
-
-/* This is called when an easy handle is cleanup'ed that is part of a multi
-   handle */
-void Curl_multi_rmeasy(void *multi_handle, CURL *easy_handle)
-{
-  curl_multi_remove_handle(multi_handle, easy_handle);
-}
-
-
-CURLMcode curl_multi_cleanup(CURLM *multi_handle)
-{
-  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-  struct Curl_one_easy *easy;
-  struct Curl_one_easy *nexteasy;
-  int i;
-  struct closure *cl;
-  struct closure *n;
-
-  if(GOOD_MULTI_HANDLE(multi)) {
-    multi->type = 0; /* not good anymore */
-    Curl_hash_destroy(multi->hostcache);
-    Curl_hash_destroy(multi->sockhash);
-
-    /* go over all connections that have close actions */
-    for(i=0; i< multi->connc->num; i++) {
-      if(multi->connc->connects[i] &&
-         multi->connc->connects[i]->protocol & PROT_CLOSEACTION) {
-        Curl_disconnect(multi->connc->connects[i]);
-        multi->connc->connects[i] = NULL;
-      }
-    }
-    /* now walk through the list of handles we kept around only to be
-       able to close connections "properly" */
-    cl = multi->closure;
-    while(cl) {
-      cl->easy_handle->state.shared_conn = NULL; /* no more shared */
-      if(cl->easy_handle->state.closed)
-        /* close handle only if curl_easy_cleanup() already has been called
-           for this easy handle */
-        Curl_close(cl->easy_handle);
-      n = cl->next;
-      free(cl);
-      cl= n;
-    }
-
-    Curl_rm_connc(multi->connc);
-
-    /* remove all easy handles */
-    easy = multi->easy.next;
-    while(easy) {
-      nexteasy=easy->next;
-      if(easy->easy_handle->dns.hostcachetype == HCACHE_MULTI) {
-        /* clear out the usage of the shared DNS cache */
-        easy->easy_handle->dns.hostcache = NULL;
-        easy->easy_handle->dns.hostcachetype = HCACHE_NONE;
-      }
-
-      /* Clear the pointer to the connection cache */
-      easy->easy_handle->state.connc = NULL;
-
-      Curl_easy_addmulti(easy->easy_handle, NULL); /* clear the association */
-
-      if (easy->msg)
-        free(easy->msg);
-      free(easy);
-      easy = nexteasy;
-    }
-
-    free(multi);
-
-    return CURLM_OK;
-  }
-  else
-    return CURLM_BAD_HANDLE;
-}
-
-CURLMsg *curl_multi_info_read(CURLM *multi_handle, int *msgs_in_queue)
-{
-  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-
-  *msgs_in_queue = 0; /* default to none */
-
-  if(GOOD_MULTI_HANDLE(multi)) {
-    struct Curl_one_easy *easy;
-
-    if(!multi->num_msgs)
-      return NULL; /* no messages left to return */
-
-    easy=multi->easy.next;
-    while(easy) {
-      if(easy->msg_num) {
-        easy->msg_num--;
-        break;
-      }
-      easy = easy->next;
-    }
-    if(!easy)
-      return NULL; /* this means internal count confusion really */
-
-    multi->num_msgs--;
-    *msgs_in_queue = multi->num_msgs;
-
-    return &easy->msg->extmsg;
-  }
-  else
-    return NULL;
-}
-
-/*
- * singlesocket() checks what sockets we deal with and their "action state"
- * and if we have a different state in any of those sockets from last time we
- * call the callback accordingly.
- */
-static void singlesocket(struct Curl_multi *multi,
-                         struct Curl_one_easy *easy)
-{
-  curl_socket_t socks[MAX_SOCKSPEREASYHANDLE];
-  int i;
-  struct Curl_sh_entry *entry;
-  curl_socket_t s;
-  int num;
-  unsigned int curraction;
-
-  memset(&socks, 0, sizeof(socks));
-  for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++)
-    socks[i] = CURL_SOCKET_BAD;
-
-  /* Fill in the 'current' struct with the state as it is now: what sockets to
-     supervise and for what actions */
-  curraction = multi_getsock(easy, socks, MAX_SOCKSPEREASYHANDLE);
-
-  /* We have 0 .. N sockets already and we get to know about the 0 .. M
-     sockets we should have from now on. Detect the differences, remove no
-     longer supervised ones and add new ones */
-
-  /* walk over the sockets we got right now */
-  for(i=0; (i< MAX_SOCKSPEREASYHANDLE) &&
-        (curraction & (GETSOCK_READSOCK(i) | GETSOCK_WRITESOCK(i)));
-      i++) {
-    int action = CURL_POLL_NONE;
-
-    s = socks[i];
-
-    /* get it from the hash */
-    entry = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
-
-    if(curraction & GETSOCK_READSOCK(i))
-      action |= CURL_POLL_IN;
-    if(curraction & GETSOCK_WRITESOCK(i))
-      action |= CURL_POLL_OUT;
-
-    if(entry) {
-      /* yeps, already present so check if it has the same action set */
-      if(entry->action == action)
-        /* same, continue */
-        continue;
-    }
-    else {
-      /* this is a socket we didn't have before, add it! */
-      entry = sh_addentry(multi->sockhash, s, easy->easy_handle);
-      if(!entry)
-        /* fatal */
-        return;
-    }
-
-    multi->socket_cb(easy->easy_handle,
-                     s,
-                     action,
-                     multi->socket_userp,
-                     entry ? entry->socketp : NULL);
-
-    entry->action = action; /* store the current action state */
-  }
-
-  num = i; /* number of sockets */
-
-  /* when we've walked over all the sockets we should have right now, we must
-     make sure to detect sockets that are removed */
-  for(i=0; i< easy->numsocks; i++) {
-    int j;
-    s = easy->sockets[i];
-    for(j=0; j<num; j++) {
-      if(s == socks[j]) {
-        /* this is still supervised */
-        s = CURL_SOCKET_BAD;
-        break;
-      }
-    }
-    if(s != CURL_SOCKET_BAD) {
-      /* this socket has been removed. Remove it */
-
-      entry = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
-      if(entry) {
-        /* just a precaution, this socket really SHOULD be in the hash already
-           but in case it isn't, we don't have to tell the app to remove it
-           either since it never got to know about it */
-        multi->socket_cb(easy->easy_handle,
-                         s,
-                         CURL_POLL_REMOVE,
-                         multi->socket_userp,
-                         entry ? entry->socketp : NULL);
-
-        sh_delentry(multi->sockhash, s);
-      }
-    }
-  }
-
-  memcpy(easy->sockets, socks, num*sizeof(curl_socket_t));
-  easy->numsocks = num;
-}
-
-static CURLMcode multi_socket(struct Curl_multi *multi,
-                              bool checkall,
-                              curl_socket_t s,
-                              int *running_handles)
-{
-  CURLMcode result = CURLM_OK;
-  struct SessionHandle *data = NULL;
-  struct Curl_tree *t;
-
-  if(checkall) {
-    struct Curl_one_easy *easyp;
-    /* *perform() deals with running_handles on its own */
-    result = curl_multi_perform(multi, running_handles);
-
-    /* walk through each easy handle and do the socket state change magic
-       and callbacks */
-    easyp=multi->easy.next;
-    while(easyp) {
-      singlesocket(multi, easyp);
-      easyp = easyp->next;
-    }
-
-    /* or should we fall-through and do the timer-based stuff? */
-    return result;
-  }
-  else if (s != CURL_SOCKET_TIMEOUT) {
-
-    struct Curl_sh_entry *entry =
-      Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
-
-    if(!entry)
-      /* unmatched socket, major problemo! */
-      return CURLM_BAD_SOCKET; /* better return code? */
-
-    data = entry->easy;
-
-    if(data->magic != CURLEASY_MAGIC_NUMBER)
-      /* bad bad bad bad bad bad bad */
-      return CURLM_INTERNAL_ERROR;
-
-    result = multi_runsingle(multi, data->set.one_easy);
-
-    if(result == CURLM_OK)
-      /* get the socket(s) and check if the state has been changed since
-         last */
-      singlesocket(multi, data->set.one_easy);
-
-    /* Now we fall-through and do the timer-based stuff, since we don't want
-       to force the user to have to deal with timeouts as long as at least one
-       connection in fact has traffic. */
-
-    data = NULL; /* set data to NULL again to avoid calling multi_runsingle()
-                    in case there's no need to */
-  }
-
-  /*
-   * The loop following here will go on as long as there are expire-times left
-   * to process in the splay and 'data' will be re-assigned for every expired
-   * handle we deal with.
-   */
-  do {
-    int key;
-    struct timeval now;
-
-    /* the first loop lap 'data' can be NULL */
-    if(data) {
-      result = multi_runsingle(multi, data->set.one_easy);
-
-      if(result == CURLM_OK)
-        /* get the socket(s) and check if the state has been changed since
-           last */
-        singlesocket(multi, data->set.one_easy);
-    }
-
-    /* Check if there's one (more) expired timer to deal with! This function
-       extracts a matching node if there is one */
-
-    now = Curl_tvnow();
-    key = now.tv_sec; /* drop the usec part */
-
-    multi->timetree = Curl_splaygetbest(key, multi->timetree, &t);
-    if(t) {
-      /* assign 'data' to be the easy handle we just removed from the splay
-         tree */
-      data = t->payload;
-      /* clear the expire time within the handle we removed from the
-         splay tree */
-      data->state.expiretime.tv_sec = 0;
-      data->state.expiretime.tv_usec = 0;
-    }
-
-  } while(t);
-
-  *running_handles = multi->num_alive;
-  return result;
-}
-
-CURLMcode curl_multi_setopt(CURLM *multi_handle,
-                            CURLMoption option, ...)
-{
-  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-  CURLMcode res = CURLM_OK;
-  va_list param;
-
-  if(!GOOD_MULTI_HANDLE(multi))
-    return CURLM_BAD_HANDLE;
-
-  va_start(param, option);
-
-  switch(option) {
-  case CURLMOPT_SOCKETFUNCTION:
-    multi->socket_cb = va_arg(param, curl_socket_callback);
-    break;
-  case CURLMOPT_SOCKETDATA:
-    multi->socket_userp = va_arg(param, void *);
-    break;
-  case CURLMOPT_PIPELINING:
-    multi->pipelining_enabled = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLMOPT_TIMERFUNCTION:
-    multi->timer_cb = va_arg(param, curl_multi_timer_callback);
-    break;
-  case CURLMOPT_TIMERDATA:
-    multi->timer_userp = va_arg(param, void *);
-    break;
-  default:
-    res = CURLM_UNKNOWN_OPTION;
-    break;
-  }
-  va_end(param);
-  return res;
-}
-
-
-CURLMcode curl_multi_socket(CURLM *multi_handle, curl_socket_t s,
-                            int *running_handles)
-{
-  CURLMcode result = multi_socket((struct Curl_multi *)multi_handle, FALSE, s,
-                                  running_handles);
-  if (CURLM_OK == result)
-    update_timer((struct Curl_multi *)multi_handle);
-  return result;
-}
-
-CURLMcode curl_multi_socket_all(CURLM *multi_handle, int *running_handles)
-
-{
-  CURLMcode result = multi_socket((struct Curl_multi *)multi_handle,
-                                  TRUE, CURL_SOCKET_BAD, running_handles);
-  if (CURLM_OK == result)
-    update_timer((struct Curl_multi *)multi_handle);
-  return result;
-}
-
-static CURLMcode multi_timeout(struct Curl_multi *multi,
-                               long *timeout_ms)
-{
-  if(multi->timetree) {
-    /* we have a tree of expire times */
-    struct timeval now = Curl_tvnow();
-
-    /* splay the lowest to the bottom */
-    multi->timetree = Curl_splay(0, multi->timetree);
-
-    /* At least currently, the splay key is a time_t for the expire time */
-    *timeout_ms = (multi->timetree->key - now.tv_sec) * 1000 -
-      now.tv_usec/1000;
-    if(*timeout_ms < 0)
-      /* 0 means immediately */
-      *timeout_ms = 0;
-  }
-  else
-    *timeout_ms = -1;
-
-  return CURLM_OK;
-}
-
-CURLMcode curl_multi_timeout(CURLM *multi_handle,
-                             long *timeout_ms)
-{
-  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-
-  /* First, make some basic checks that the CURLM handle is a good handle */
-  if(!GOOD_MULTI_HANDLE(multi))
-    return CURLM_BAD_HANDLE;
-
-  return multi_timeout(multi, timeout_ms);
-}
-
-/*
- * Tell the application it should update its timers, if it subscribes to the
- * update timer callback.
- */
-static int update_timer(struct Curl_multi *multi)
-{
-  long timeout_ms;
-  if (!multi->timer_cb)
-    return 0;
-  if ( multi_timeout(multi, &timeout_ms) != CURLM_OK )
-    return -1;
-  if ( timeout_ms < 0 )
-    return 0;
-
-  /* When multi_timeout() is done, multi->timetree points to the node with the
-   * timeout we got the (relative) time-out time for. We can thus easily check
-   * if this is the same (fixed) time as we got in a previous call and then
-   * avoid calling the callback again. */
-  if(multi->timetree->key == multi->timer_lastcall)
-    return 0;
-
-  multi->timer_lastcall = multi->timetree->key;
-
-  return multi->timer_cb((CURLM*)multi, timeout_ms, multi->timer_userp);
-}
-
-/* given a number of milliseconds from now to use to set the 'act before
-   this'-time for the transfer, to be extracted by curl_multi_timeout() */
-void Curl_expire(struct SessionHandle *data, long milli)
-{
-  struct Curl_multi *multi = data->multi;
-  struct timeval *nowp = &data->state.expiretime;
-  int rc;
-
-  /* this is only interesting for multi-interface using libcurl, and only
-     while there is still a multi interface struct remaining! */
-  if(!multi)
-    return;
-
-  if(!milli) {
-    /* No timeout, clear the time data. */
-    if(nowp->tv_sec) {
-      /* Since this is an cleared time, we must remove the previous entry from
-         the splay tree */
-      rc = Curl_splayremovebyaddr(multi->timetree,
-                                  &data->state.timenode,
-                                  &multi->timetree);
-      if(rc)
-        infof(data, "Internal error clearing splay node = %d\n", rc);
-      infof(data, "Expire cleared\n");
-      nowp->tv_sec = 0;
-      nowp->tv_usec = 0;
-    }
-  }
-  else {
-    struct timeval set;
-    int rest;
-
-    set = Curl_tvnow();
-    set.tv_sec += milli/1000;
-    set.tv_usec += (milli%1000)*1000;
-
-    rest = (int)(set.tv_usec - 1000000);
-    if(rest > 0) {
-      /* bigger than a full microsec */
-      set.tv_sec++;
-      set.tv_usec -= 1000000;
-    }
-
-    if(nowp->tv_sec) {
-      /* This means that the struct is added as a node in the splay tree.
-         Compare if the new time is earlier, and only remove-old/add-new if it
-         is. */
-      long diff = curlx_tvdiff(set, *nowp);
-      if(diff > 0)
-        /* the new expire time was later so we don't change this */
-        return;
-
-      /* Since this is an updated time, we must remove the previous entry from
-         the splay tree first and then re-add the new value */
-      rc = Curl_splayremovebyaddr(multi->timetree,
-                                  &data->state.timenode,
-                                  &multi->timetree);
-      if(rc)
-        infof(data, "Internal error removing splay node = %d\n", rc);
-    }
-
-    *nowp = set;
-#if 0
-    infof(data, "Expire at %ld / %ld (%ldms)\n",
-          (long)nowp->tv_sec, (long)nowp->tv_usec, milli);
-#endif
-    data->state.timenode.payload = data;
-    multi->timetree = Curl_splayinsert((int)nowp->tv_sec,
-                                       multi->timetree,
-                                       &data->state.timenode);
-  }
-#if 0
-  Curl_splayprint(multi->timetree, 0, TRUE);
-#endif
-}
-
-CURLMcode curl_multi_assign(CURLM *multi_handle,
-                            curl_socket_t s, void *hashp)
-{
-  struct Curl_sh_entry *there = NULL;
-  struct Curl_multi *multi = (struct Curl_multi *)multi_handle;
-
-  if(s != CURL_SOCKET_BAD)
-    there = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(curl_socket_t));
-
-  if(!there)
-    return CURLM_BAD_SOCKET;
-
-  there->socketp = hashp;
-
-  return CURLM_OK;
-}
-
-static bool multi_conn_using(struct Curl_multi *multi,
-                             struct SessionHandle *data)
-{
-  /* any live CLOSEACTION-connections pointing to the give 'data' ? */
-  int i;
-
-  for(i=0; i< multi->connc->num; i++) {
-    if(multi->connc->connects[i] &&
-       (multi->connc->connects[i]->data == data) &&
-       multi->connc->connects[i]->protocol & PROT_CLOSEACTION)
-      return TRUE;
-  }
-
-  return FALSE;
-}
-
-/* Add the given data pointer to the list of 'closure handles' that are kept
-   around only to be able to close some connections nicely - just make sure
-   that this handle isn't already added, like for the cases when an easy
-   handle is removed, added and removed again... */
-static void add_closure(struct Curl_multi *multi,
-                        struct SessionHandle *data)
-{
-  int i;
-  struct closure *cl = (struct closure *)calloc(sizeof(struct closure), 1);
-  struct closure *p=NULL;
-  struct closure *n;
-  if(cl) {
-    cl->easy_handle = data;
-    cl->next = multi->closure;
-    multi->closure = cl;
-  }
-
-  p = multi->closure;
-  cl = p->next; /* start immediately on the second since the first is the one
-                   we just added and it is _very_ likely to actually exist
-                   used in the cache since that's the whole purpose of adding
-                   it to this list! */
-
-  /* When adding, scan through all the other currently kept handles and see if
-     there are any connections still referring to them and kill them if not. */
-  while(cl) {
-    bool inuse = FALSE;
-    for(i=0; i< multi->connc->num; i++) {
-      if(multi->connc->connects[i] &&
-         (multi->connc->connects[i]->data == cl->easy_handle)) {
-        inuse = TRUE;
-        break;
-      }
-    }
-
-    n = cl->next;
-
-    if(!inuse) {
-      /* cl->easy_handle is now killable */
-      infof(data, "Delayed kill of easy handle %p\n", cl->easy_handle);
-      /* unmark it as not having a connection around that uses it anymore */
-      cl->easy_handle->state.shared_conn= NULL;
-      Curl_close(cl->easy_handle);
-      if(p)
-        p->next = n;
-      else
-        multi->closure = n;
-      free(cl);
-    }
-    else
-      p = cl;
-
-    cl = n;
-  }
-
-}
-
-#ifdef CURLDEBUG
-void curl_multi_dump(CURLM *multi_handle)
-{
-  struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-  struct Curl_one_easy *easy;
-  int i;
-  fprintf(stderr, "* Multi status: %d handles, %d alive\n",
-          multi->num_easy, multi->num_alive);
-  for(easy=multi->easy.next; easy; easy = easy->next) {
-    if(easy->state != CURLM_STATE_COMPLETED) {
-      /* only display handles that are not completed */
-      fprintf(stderr, "handle %p, state %s, %d sockets\n",
-              (void *)easy->easy_handle,
-              statename[easy->state], easy->numsocks);
-      for(i=0; i < easy->numsocks; i++) {
-        curl_socket_t s = easy->sockets[i];
-        struct Curl_sh_entry *entry =
-          Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
-
-        fprintf(stderr, "%d ", (int)s);
-        if(!entry) {
-          fprintf(stderr, "INTERNAL CONFUSION\n");
-          continue;
-        }
-        fprintf(stderr, "[%s %s] ",
-                entry->action&CURL_POLL_IN?"RECVING":"",
-                entry->action&CURL_POLL_OUT?"SENDING":"");
-      }
-      if(easy->numsocks)
-        fprintf(stderr, "\n");
-    }
-  }
-}
-#endif
diff --git a/Utilities/cmcurl/netrc.h b/Utilities/cmcurl/netrc.h
deleted file mode 100644
index 939c552..0000000
--- a/Utilities/cmcurl/netrc.h
+++ /dev/null
@@ -1,34 +0,0 @@
-#ifndef __NETRC_H
-#define __NETRC_H
-/***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-int Curl_parsenetrc(char *host,
-                    char *login,
-                    char *password,
-                    char *filename);
-  /* Assume: password[0]=0, host[0] != 0.
-   * If login[0] = 0, search for login and password within a machine section
-   * in the netrc.
-   * If login[0] != 0, search for password within machine and login.
-   */
-#endif
diff --git a/Utilities/cmcurl/progress.c b/Utilities/cmcurl/progress.c
deleted file mode 100644
index 5ba829a..0000000
--- a/Utilities/cmcurl/progress.c
+++ /dev/null
@@ -1,424 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <string.h>
-#include <time.h>
-
-#if defined(__EMX__)
-#include <stdlib.h>
-#endif
-
-#include <curl/curl.h>
-#include "urldata.h"
-#include "sendf.h"
-#include "progress.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* Provide a string that is 2 + 1 + 2 + 1 + 2 = 8 letters long (plus the zero
-   byte) */
-static void time2str(char *r, long t)
-{
-  long h;
-  if(!t) {
-    strcpy(r, "--:--:--");
-    return;
-  }
-  h = (t/3600);
-  if(h <= 99) {
-    long m = (t-(h*3600))/60;
-    long s = (t-(h*3600)-(m*60));
-    snprintf(r, 9, "%2ld:%02ld:%02ld",h,m,s);
-  }
-  else {
-    /* this equals to more than 99 hours, switch to a more suitable output
-       format to fit within the limits. */
-    if(h/24 <= 999)
-      snprintf(r, 9, "%3ldd %02ldh", h/24, h-(h/24)*24);
-    else
-      snprintf(r, 9, "%7ldd", h/24);
-  }
-}
-
-/* The point of this function would be to return a string of the input data,
-   but never longer than 5 columns (+ one zero byte).
-   Add suffix k, M, G when suitable... */
-static char *max5data(curl_off_t bytes, char *max5)
-{
-#define ONE_KILOBYTE 1024
-#define ONE_MEGABYTE (1024* ONE_KILOBYTE)
-#define ONE_GIGABYTE (1024* ONE_MEGABYTE)
-#define ONE_TERRABYTE ((curl_off_t)1024* ONE_GIGABYTE)
-#define ONE_PETABYTE ((curl_off_t)1024* ONE_TERRABYTE)
-
-  if(bytes < 100000) {
-    snprintf(max5, 6, "%5" FORMAT_OFF_T, bytes);
-  }
-  else if(bytes < (10000*ONE_KILOBYTE)) {
-    snprintf(max5, 6, "%4" FORMAT_OFF_T "k", (curl_off_t)(bytes/ONE_KILOBYTE));
-  }
-  else if(bytes < (100*ONE_MEGABYTE)) {
-    /* 'XX.XM' is good as long as we're less than 100 megs */
-    snprintf(max5, 6, "%2d.%0dM",
-             (int)(bytes/ONE_MEGABYTE),
-             (int)(bytes%ONE_MEGABYTE)/(ONE_MEGABYTE/10) );
-  }
-#if SIZEOF_CURL_OFF_T > 4
-  else if(bytes < ( (curl_off_t)10000*ONE_MEGABYTE))
-    /* 'XXXXM' is good until we're at 10000MB or above */
-    snprintf(max5, 6, "%4" FORMAT_OFF_T "M", (curl_off_t)(bytes/ONE_MEGABYTE));
-
-  else if(bytes < (curl_off_t)100*ONE_GIGABYTE)
-    /* 10000 MB - 100 GB, we show it as XX.XG */
-    snprintf(max5, 6, "%2d.%0dG",
-             (int)(bytes/ONE_GIGABYTE),
-             (int)(bytes%ONE_GIGABYTE)/(ONE_GIGABYTE/10) );
-
-  else if(bytes < (curl_off_t)10000 * ONE_GIGABYTE)
-    /* up to 10000GB, display without decimal: XXXXG */
-    snprintf(max5, 6, "%4dG", (int)(bytes/ONE_GIGABYTE));
-
-  else if(bytes < (curl_off_t)10000 * ONE_TERRABYTE)
-    /* up to 10000TB, display without decimal: XXXXT */
-    snprintf(max5, 6, "%4dT", (int)(bytes/ONE_TERRABYTE));
-  else {
-    /* up to 10000PB, display without decimal: XXXXP */
-    snprintf(max5, 6, "%4dP", (int)(bytes/ONE_PETABYTE));
-
-    /* 16384 petabytes (16 exabytes) is maximum a 64 bit number can hold,
-       but this type is signed so 8192PB will be max.*/
-  }
-
-#else
-  else
-    snprintf(max5, 6, "%4" FORMAT_OFF_T "M", (curl_off_t)(bytes/ONE_MEGABYTE));
-#endif
-
-  return max5;
-}
-
-/*
-
-   New proposed interface, 9th of February 2000:
-
-   pgrsStartNow() - sets start time
-   pgrsSetDownloadSize(x) - known expected download size
-   pgrsSetUploadSize(x) - known expected upload size
-   pgrsSetDownloadCounter() - amount of data currently downloaded
-   pgrsSetUploadCounter() - amount of data currently uploaded
-   pgrsUpdate() - show progress
-   pgrsDone() - transfer complete
-
-*/
-
-void Curl_pgrsDone(struct connectdata *conn)
-{
-  struct SessionHandle *data = conn->data;
-  data->progress.lastshow=0;
-  Curl_pgrsUpdate(conn); /* the final (forced) update */
-
-  data->progress.speeder_c = 0; /* reset the progress meter display */
-}
-
-/* reset all times except redirect */
-void Curl_pgrsResetTimes(struct SessionHandle *data)
-{
-  data->progress.t_nslookup = 0.0;
-  data->progress.t_connect = 0.0;
-  data->progress.t_pretransfer = 0.0;
-  data->progress.t_starttransfer = 0.0;
-}
-
-void Curl_pgrsTime(struct SessionHandle *data, timerid timer)
-{
-  switch(timer) {
-  default:
-  case TIMER_NONE:
-    /* mistake filter */
-    break;
-  case TIMER_STARTSINGLE:
-    /* This is set at the start of a single fetch */
-    data->progress.t_startsingle = Curl_tvnow();
-    break;
-
-  case TIMER_NAMELOOKUP:
-    data->progress.t_nslookup =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.t_startsingle);
-    break;
-  case TIMER_CONNECT:
-    data->progress.t_connect =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.t_startsingle);
-    break;
-  case TIMER_PRETRANSFER:
-    data->progress.t_pretransfer =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.t_startsingle);
-    break;
-  case TIMER_STARTTRANSFER:
-    data->progress.t_starttransfer =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.t_startsingle);
-    break;
-  case TIMER_POSTRANSFER:
-    /* this is the normal end-of-transfer thing */
-    break;
-  case TIMER_REDIRECT:
-    data->progress.t_redirect =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.start);
-    break;
-  }
-}
-
-void Curl_pgrsStartNow(struct SessionHandle *data)
-{
-  data->progress.speeder_c = 0; /* reset the progress meter display */
-  data->progress.start = Curl_tvnow();
-}
-
-void Curl_pgrsSetDownloadCounter(struct SessionHandle *data, curl_off_t size)
-{
-  data->progress.downloaded = size;
-}
-
-void Curl_pgrsSetUploadCounter(struct SessionHandle *data, curl_off_t size)
-{
-  data->progress.uploaded = size;
-}
-
-void Curl_pgrsSetDownloadSize(struct SessionHandle *data, curl_off_t size)
-{
-  data->progress.size_dl = size;
-  if(size > 0)
-    data->progress.flags |= PGRS_DL_SIZE_KNOWN;
-  else
-    data->progress.flags &= ~PGRS_DL_SIZE_KNOWN;
-}
-
-void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size)
-{
-  data->progress.size_ul = size;
-  if(size > 0)
-    data->progress.flags |= PGRS_UL_SIZE_KNOWN;
-  else
-    data->progress.flags &= ~PGRS_UL_SIZE_KNOWN;
-}
-
-int Curl_pgrsUpdate(struct connectdata *conn)
-{
-  struct timeval now;
-  int result;
-  char max5[6][10];
-  int dlpercen=0;
-  int ulpercen=0;
-  int total_percen=0;
-  curl_off_t total_transfer;
-  curl_off_t total_expected_transfer;
-  long timespent;
-  struct SessionHandle *data = conn->data;
-  int nowindex = data->progress.speeder_c% CURR_TIME;
-  int checkindex;
-  int countindex; /* amount of seconds stored in the speeder array */
-  char time_left[10];
-  char time_total[10];
-  char time_spent[10];
-  long ulestimate=0;
-  long dlestimate=0;
-  long total_estimate;
-
-  if(data->progress.flags & PGRS_HIDE)
-    ; /* We do enter this function even if we don't wanna see anything, since
-         this is were lots of the calculations are being made that will be used
-         even when not displayed! */
-  else if(!(data->progress.flags & PGRS_HEADERS_OUT)) {
-    if (!data->progress.callback) {
-      if(data->reqdata.resume_from)
-        fprintf(data->set.err,
-                "** Resuming transfer from byte position %" FORMAT_OFF_T
-                "\n",
-                data->reqdata.resume_from);
-      fprintf(data->set.err,
-              "  %% Total    %% Received %% Xferd  Average Speed   Time    Time     Time  Current\n"
-              "                                 Dload  Upload   Total   Spent    Left  Speed\n");
-    }
-    data->progress.flags |= PGRS_HEADERS_OUT; /* headers are shown */
-  }
-
-  now = Curl_tvnow(); /* what time is it */
-
-  /* The time spent so far (from the start) */
-  data->progress.timespent = Curl_tvdiff_secs(now, data->progress.start);
-  timespent = (long)data->progress.timespent;
-
-  /* The average download speed this far */
-  data->progress.dlspeed = (curl_off_t)
-    ((double)data->progress.downloaded/
-     (data->progress.timespent>0?data->progress.timespent:1));
-
-  /* The average upload speed this far */
-  data->progress.ulspeed = (curl_off_t)
-    ((double)data->progress.uploaded/
-     (data->progress.timespent>0?data->progress.timespent:1));
-
-  if(data->progress.lastshow == Curl_tvlong(now))
-    return 0; /* never update this more than once a second if the end isn't
-                 reached */
-  data->progress.lastshow = now.tv_sec;
-
-  /* Let's do the "current speed" thing, which should use the fastest
-     of the dl/ul speeds. Store the fasted speed at entry 'nowindex'. */
-  data->progress.speeder[ nowindex ] =
-    data->progress.downloaded>data->progress.uploaded?
-    data->progress.downloaded:data->progress.uploaded;
-
-  /* remember the exact time for this moment */
-  data->progress.speeder_time [ nowindex ] = now;
-
-  /* advance our speeder_c counter, which is increased every time we get
-     here and we expect it to never wrap as 2^32 is a lot of seconds! */
-  data->progress.speeder_c++;
-
-  /* figure out how many index entries of data we have stored in our speeder
-     array. With N_ENTRIES filled in, we have about N_ENTRIES-1 seconds of
-     transfer. Imagine, after one second we have filled in two entries,
-     after two seconds we've filled in three entries etc. */
-  countindex = ((data->progress.speeder_c>=CURR_TIME)?
-                CURR_TIME:data->progress.speeder_c) - 1;
-
-  /* first of all, we don't do this if there's no counted seconds yet */
-  if(countindex) {
-    long span_ms;
-
-    /* Get the index position to compare with the 'nowindex' position.
-       Get the oldest entry possible. While we have less than CURR_TIME
-       entries, the first entry will remain the oldest. */
-    checkindex = (data->progress.speeder_c>=CURR_TIME)?
-      data->progress.speeder_c%CURR_TIME:0;
-
-    /* Figure out the exact time for the time span */
-    span_ms = Curl_tvdiff(now,
-                          data->progress.speeder_time[checkindex]);
-    if(0 == span_ms)
-      span_ms=1; /* at least one millisecond MUST have passed */
-
-    /* Calculate the average speed the last 'span_ms' milliseconds */
-    {
-      curl_off_t amount = data->progress.speeder[nowindex]-
-        data->progress.speeder[checkindex];
-
-      if(amount > 4294967 /* 0xffffffff/1000 */)
-        /* the 'amount' value is bigger than would fit in 32 bits if
-           multiplied with 1000, so we use the double math for this */
-        data->progress.current_speed = (curl_off_t)
-          ((double)amount/((double)span_ms/1000.0));
-      else
-        /* the 'amount' value is small enough to fit within 32 bits even
-           when multiplied with 1000 */
-        data->progress.current_speed = amount*1000/span_ms;
-    }
-  }
-  else
-    /* the first second we use the main average */
-    data->progress.current_speed =
-      (data->progress.ulspeed>data->progress.dlspeed)?
-      data->progress.ulspeed:data->progress.dlspeed;
-
-  if(data->progress.flags & PGRS_HIDE)
-    return 0;
-
-  else if(data->set.fprogress) {
-    /* There's a callback set, so we call that instead of writing
-       anything ourselves. This really is the way to go. */
-    result= data->set.fprogress(data->set.progress_client,
-                                (double)data->progress.size_dl,
-                                (double)data->progress.downloaded,
-                                (double)data->progress.size_ul,
-                                (double)data->progress.uploaded);
-    if(result)
-      failf(data, "Callback aborted");
-    return result;
-  }
-
-  /* Figure out the estimated time of arrival for the upload */
-  if((data->progress.flags & PGRS_UL_SIZE_KNOWN) &&
-     (data->progress.ulspeed>0) &&
-     (data->progress.size_ul > 100) ) {
-    ulestimate = (long)(data->progress.size_ul / data->progress.ulspeed);
-    ulpercen = (int)(100*(data->progress.uploaded/100) /
-                      (data->progress.size_ul/100) );
-  }
-
-  /* ... and the download */
-  if((data->progress.flags & PGRS_DL_SIZE_KNOWN) &&
-     (data->progress.dlspeed>0) &&
-     (data->progress.size_dl>100)) {
-    dlestimate = (long)(data->progress.size_dl / data->progress.dlspeed);
-    dlpercen = (int)(100*(data->progress.downloaded/100) /
-                      (data->progress.size_dl/100));
-  }
-
-  /* Now figure out which of them that is slower and use for the for
-     total estimate! */
-  total_estimate = ulestimate>dlestimate?ulestimate:dlestimate;
-
-  /* create the three time strings */
-  time2str(time_left, total_estimate > 0?(total_estimate - timespent):0);
-  time2str(time_total, total_estimate);
-  time2str(time_spent, timespent);
-
-  /* Get the total amount of data expected to get transfered */
-  total_expected_transfer =
-    (data->progress.flags & PGRS_UL_SIZE_KNOWN?
-     data->progress.size_ul:data->progress.uploaded)+
-    (data->progress.flags & PGRS_DL_SIZE_KNOWN?
-     data->progress.size_dl:data->progress.downloaded);
-
-  /* We have transfered this much so far */
-  total_transfer = data->progress.downloaded + data->progress.uploaded;
-
-  /* Get the percentage of data transfered so far */
-  if(total_expected_transfer > 100)
-    total_percen=(int)(100*(total_transfer/100) /
-                       (total_expected_transfer/100) );
-
-  fprintf(data->set.err,
-          "\r%3d %s  %3d %s  %3d %s  %s  %s %s %s %s %s",
-          total_percen,  /* 3 letters */                /* total % */
-          max5data(total_expected_transfer, max5[2]),   /* total size */
-          dlpercen,      /* 3 letters */                /* rcvd % */
-          max5data(data->progress.downloaded, max5[0]), /* rcvd size */
-          ulpercen,      /* 3 letters */                /* xfer % */
-          max5data(data->progress.uploaded, max5[1]),   /* xfer size */
-          max5data(data->progress.dlspeed, max5[3]),    /* avrg dl speed */
-          max5data(data->progress.ulspeed, max5[4]),    /* avrg ul speed */
-          time_total,    /* 8 letters */                /* total time */
-          time_spent,    /* 8 letters */                /* time spent */
-          time_left,     /* 8 letters */                /* time left */
-          max5data(data->progress.current_speed, max5[5]) /* current speed */
-          );
-
-  /* we flush the output stream to make it appear as soon as possible */
-  fflush(data->set.err);
-
-  return 0;
-}
diff --git a/Utilities/cmcurl/security.c b/Utilities/cmcurl/security.c
deleted file mode 100644
index 4c9aed8..0000000
--- a/Utilities/cmcurl/security.c
+++ /dev/null
@@ -1,493 +0,0 @@
-/* This source code was modified by Martin Hedenfalk <mhe@stacken.kth.se> for
- * use in Curl. His latest changes were done 2000-09-18.
- *
- * It has since been patched and modified a lot by Daniel Stenberg
- * <daniel@haxx.se> to make it better applied to curl conditions, and to make
- * it not use globals, pollute name space and more. This source code awaits a
- * rewrite to work around the paragraph 2 in the BSD licenses as explained
- * below.
- *
- * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.  */
-
-#include "setup.h"
-
-#ifndef CURL_DISABLE_FTP
-#ifdef HAVE_KRB4
-
-#define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */
-#include <curl/mprintf.h>
-
-#include <stdlib.h>
-#include <string.h>
-#include <netdb.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "urldata.h"
-#include "krb4.h"
-#include "base64.h"
-#include "sendf.h"
-#include "ftp.h"
-#include "memory.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#define min(a, b)   ((a) < (b) ? (a) : (b))
-
-static const struct {
-    enum protection_level level;
-    const char *name;
-} level_names[] = {
-    { prot_clear, "clear" },
-    { prot_safe, "safe" },
-    { prot_confidential, "confidential" },
-    { prot_private, "private" }
-};
-
-static enum protection_level
-name_to_level(const char *name)
-{
-  int i;
-  for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++)
-    if(curl_strnequal(level_names[i].name, name, strlen(name)))
-      return level_names[i].level;
-  return (enum protection_level)-1;
-}
-
-static const struct Curl_sec_client_mech * const mechs[] = {
-#ifdef KRB5
-  /* not supported */
-#endif
-#ifdef HAVE_KRB4
-    &Curl_krb4_client_mech,
-#endif
-    NULL
-};
-
-int
-Curl_sec_getc(struct connectdata *conn, FILE *F)
-{
-  if(conn->sec_complete && conn->data_prot) {
-    char c;
-    if(Curl_sec_read(conn, fileno(F), &c, 1) <= 0)
-      return EOF;
-    return c;
-  }
-  else
-    return getc(F);
-}
-
-static int
-block_read(int fd, void *buf, size_t len)
-{
-  unsigned char *p = buf;
-  int b;
-  while(len) {
-    b = read(fd, p, len);
-    if (b == 0)
-      return 0;
-    else if (b < 0)
-      return -1;
-    len -= b;
-    p += b;
-  }
-  return p - (unsigned char*)buf;
-}
-
-static int
-block_write(int fd, void *buf, size_t len)
-{
-  unsigned char *p = buf;
-  int b;
-  while(len) {
-    b = write(fd, p, len);
-    if(b < 0)
-      return -1;
-    len -= b;
-    p += b;
-  }
-  return p - (unsigned char*)buf;
-}
-
-static int
-sec_get_data(struct connectdata *conn,
-             int fd, struct krb4buffer *buf)
-{
-  int len;
-  int b;
-
-  b = block_read(fd, &len, sizeof(len));
-  if (b == 0)
-    return 0;
-  else if (b < 0)
-    return -1;
-  len = ntohl(len);
-  buf->data = realloc(buf->data, len);
-  b = block_read(fd, buf->data, len);
-  if (b == 0)
-    return 0;
-  else if (b < 0)
-    return -1;
-  buf->size = (conn->mech->decode)(conn->app_data, buf->data, len,
-                                   conn->data_prot, conn);
-  buf->index = 0;
-  return 0;
-}
-
-static size_t
-buffer_read(struct krb4buffer *buf, void *data, size_t len)
-{
-    len = min(len, buf->size - buf->index);
-    memcpy(data, (char*)buf->data + buf->index, len);
-    buf->index += len;
-    return len;
-}
-
-static size_t
-buffer_write(struct krb4buffer *buf, void *data, size_t len)
-{
-    if(buf->index + len > buf->size) {
-        void *tmp;
-        if(buf->data == NULL)
-            tmp = malloc(1024);
-        else
-            tmp = realloc(buf->data, buf->index + len);
-        if(tmp == NULL)
-            return -1;
-        buf->data = tmp;
-        buf->size = buf->index + len;
-    }
-    memcpy((char*)buf->data + buf->index, data, len);
-    buf->index += len;
-    return len;
-}
-
-int
-Curl_sec_read(struct connectdata *conn, int fd, void *buffer, int length)
-{
-    size_t len;
-    int rx = 0;
-
-    if(conn->sec_complete == 0 || conn->data_prot == 0)
-      return read(fd, buffer, length);
-
-    if(conn->in_buffer.eof_flag){
-      conn->in_buffer.eof_flag = 0;
-      return 0;
-    }
-
-    len = buffer_read(&conn->in_buffer, buffer, length);
-    length -= len;
-    rx += len;
-    buffer = (char*)buffer + len;
-
-    while(length) {
-      if(sec_get_data(conn, fd, &conn->in_buffer) < 0)
-        return -1;
-      if(conn->in_buffer.size == 0) {
-        if(rx)
-          conn->in_buffer.eof_flag = 1;
-        return rx;
-      }
-      len = buffer_read(&conn->in_buffer, buffer, length);
-      length -= len;
-      rx += len;
-      buffer = (char*)buffer + len;
-    }
-    return rx;
-}
-
-static int
-sec_send(struct connectdata *conn, int fd, char *from, int length)
-{
-  int bytes;
-  void *buf;
-  bytes = (conn->mech->encode)(conn->app_data, from, length, conn->data_prot,
-                               &buf, conn);
-  bytes = htonl(bytes);
-  block_write(fd, &bytes, sizeof(bytes));
-  block_write(fd, buf, ntohl(bytes));
-  free(buf);
-  return length;
-}
-
-int
-Curl_sec_fflush_fd(struct connectdata *conn, int fd)
-{
-  if(conn->data_prot != prot_clear) {
-    if(conn->out_buffer.index > 0){
-      Curl_sec_write(conn, fd,
-                conn->out_buffer.data, conn->out_buffer.index);
-      conn->out_buffer.index = 0;
-    }
-    sec_send(conn, fd, NULL, 0);
-  }
-  return 0;
-}
-
-int
-Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length)
-{
-  int len = conn->buffer_size;
-  int tx = 0;
-
-  if(conn->data_prot == prot_clear)
-    return write(fd, buffer, length);
-
-  len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len);
-  while(length){
-    if(length < len)
-      len = length;
-    sec_send(conn, fd, buffer, len);
-    length -= len;
-    buffer += len;
-    tx += len;
-  }
-  return tx;
-}
-
-ssize_t
-Curl_sec_send(struct connectdata *conn, int num, char *buffer, int length)
-{
-  curl_socket_t fd = conn->sock[num];
-  return (ssize_t)Curl_sec_write(conn, fd, buffer, length);
-}
-
-int
-Curl_sec_putc(struct connectdata *conn, int c, FILE *F)
-{
-  char ch = c;
-  if(conn->data_prot == prot_clear)
-    return putc(c, F);
-
-  buffer_write(&conn->out_buffer, &ch, 1);
-  if(c == '\n' || conn->out_buffer.index >= 1024 /* XXX */) {
-    Curl_sec_write(conn, fileno(F), conn->out_buffer.data,
-                   conn->out_buffer.index);
-    conn->out_buffer.index = 0;
-  }
-  return c;
-}
-
-int
-Curl_sec_read_msg(struct connectdata *conn, char *s, int level)
-{
-  int len;
-  unsigned char *buf;
-  int code;
-
-  len = Curl_base64_decode(s + 4, &buf); /* XXX */
-  if(len > 0)
-    len = (conn->mech->decode)(conn->app_data, buf, len, level, conn);
-  else
-    return -1;
-
-  if(len < 0) {
-    free(buf);
-    return -1;
-  }
-
-  buf[len] = '\0';
-
-  if(buf[3] == '-')
-    code = 0;
-  else
-    sscanf((char *)buf, "%d", &code);
-  if(buf[len-1] == '\n')
-    buf[len-1] = '\0';
-  strcpy(s, (char *)buf);
-  free(buf);
-  return code;
-}
-
-enum protection_level
-Curl_set_command_prot(struct connectdata *conn, enum protection_level level)
-{
-  enum protection_level old = conn->command_prot;
-  conn->command_prot = level;
-  return old;
-}
-
-static int
-sec_prot_internal(struct connectdata *conn, int level)
-{
-  char *p;
-  unsigned int s = 1048576;
-  ssize_t nread;
-
-  if(!conn->sec_complete){
-    infof(conn->data, "No security data exchange has taken place.\n");
-    return -1;
-  }
-
-  if(level){
-    int code;
-    if(Curl_ftpsendf(conn, "PBSZ %u", s))
-      return -1;
-
-    if(Curl_GetFTPResponse(&nread, conn, &code))
-      return -1;
-
-    if(code/100 != '2'){
-      failf(conn->data, "Failed to set protection buffer size.");
-      return -1;
-    }
-    conn->buffer_size = s;
-
-    p = strstr(conn->data->state.buffer, "PBSZ=");
-    if(p)
-      sscanf(p, "PBSZ=%u", &s);
-    if(s < conn->buffer_size)
-      conn->buffer_size = s;
-  }
-
-  if(Curl_ftpsendf(conn, "PROT %c", level["CSEP"]))
-    return -1;
-
-  if(Curl_GetFTPResponse(&nread, conn, NULL))
-    return -1;
-
-  if(conn->data->state.buffer[0] != '2'){
-    failf(conn->data, "Failed to set protection level.");
-    return -1;
-  }
-
-  conn->data_prot = (enum protection_level)level;
-  return 0;
-}
-
-void
-Curl_sec_set_protection_level(struct connectdata *conn)
-{
-  if(conn->sec_complete && conn->data_prot != conn->request_data_prot)
-    sec_prot_internal(conn, conn->request_data_prot);
-}
-
-
-int
-Curl_sec_request_prot(struct connectdata *conn, const char *level)
-{
-  int l = name_to_level(level);
-  if(l == -1)
-    return -1;
-  conn->request_data_prot = (enum protection_level)l;
-  return 0;
-}
-
-int
-Curl_sec_login(struct connectdata *conn)
-{
-  int ret;
-  const struct Curl_sec_client_mech * const *m;
-  ssize_t nread;
-  struct SessionHandle *data=conn->data;
-  int ftpcode;
-
-  for(m = mechs; *m && (*m)->name; m++) {
-    void *tmp;
-
-    tmp = realloc(conn->app_data, (*m)->size);
-    if (tmp == NULL) {
-      failf (data, "realloc %u failed", (*m)->size);
-      return -1;
-    }
-    conn->app_data = tmp;
-
-    if((*m)->init && (*(*m)->init)(conn->app_data) != 0) {
-      infof(data, "Skipping %s...\n", (*m)->name);
-      continue;
-    }
-    infof(data, "Trying %s...\n", (*m)->name);
-
-    if(Curl_ftpsendf(conn, "AUTH %s", (*m)->name))
-      return -1;
-
-    if(Curl_GetFTPResponse(&nread, conn, &ftpcode))
-      return -1;
-
-    if(conn->data->state.buffer[0] != '3'){
-      switch(ftpcode) {
-      case 504:
-        infof(data,
-              "%s is not supported by the server.\n", (*m)->name);
-        break;
-      case 534:
-        infof(data, "%s rejected as security mechanism.\n", (*m)->name);
-        break;
-      default:
-        if(conn->data->state.buffer[0] == '5') {
-          infof(data, "The server doesn't support the FTP "
-                "security extensions.\n");
-          return -1;
-        }
-        break;
-      }
-      continue;
-    }
-
-    ret = (*(*m)->auth)(conn->app_data, conn);
-
-    if(ret == AUTH_CONTINUE)
-      continue;
-    else if(ret != AUTH_OK){
-      /* mechanism is supposed to output error string */
-      return -1;
-    }
-    conn->mech = *m;
-    conn->sec_complete = 1;
-    conn->command_prot = prot_safe;
-    break;
-  }
-
-  return *m == NULL;
-}
-
-void
-Curl_sec_end(struct connectdata *conn)
-{
-  if (conn->mech != NULL) {
-    if(conn->mech->end)
-      (conn->mech->end)(conn->app_data);
-    memset(conn->app_data, 0, conn->mech->size);
-    free(conn->app_data);
-    conn->app_data = NULL;
-  }
-  conn->sec_complete = 0;
-  conn->data_prot = (enum protection_level)0;
-  conn->mech=NULL;
-}
-
-#endif /* HAVE_KRB4 */
-#endif /* CURL_DISABLE_FTP */
diff --git a/Utilities/cmcurl/select.c b/Utilities/cmcurl/select.c
deleted file mode 100644
index 82f9dc2..0000000
--- a/Utilities/cmcurl/select.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <errno.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-
-#ifndef HAVE_SELECT
-#error "We can't compile without select() support!"
-#endif
-
-#if defined(__BEOS__)
-/* BeOS has FD_SET defined in socket.h */
-#include <socket.h>
-#endif
-
-#ifdef __MSDOS__
-#include <dos.h>  /* delay() */
-#endif
-
-#include <curl/curl.h>
-
-#include "urldata.h"
-#include "connect.h"
-#include "select.h"
-
-#if defined(USE_WINSOCK) || defined(TPF)
-#define VERIFY_SOCK(x)  /* sockets are not in range [0..FD_SETSIZE] */
-#else
-#define VALID_SOCK(s) (((s) >= 0) && ((s) < FD_SETSIZE))
-#define VERIFY_SOCK(x) do { \
-  if(!VALID_SOCK(x)) { \
-    errno = EINVAL; \
-    return -1; \
-  } \
-} while(0)
-#endif
-
-/*
- * This is an internal function used for waiting for read or write
- * events on single file descriptors.  It attempts to replace select()
- * in order to avoid limits with FD_SETSIZE.
- *
- * Return values:
- *   -1 = system call error
- *    0 = timeout
- *    CSELECT_IN | CSELECT_OUT | CSELECT_ERR
- */
-int Curl_select(curl_socket_t readfd, curl_socket_t writefd, int timeout_ms)
-{
-#if (defined(HAVE_POLL) && !defined(_POLL_EMUL_H_)) || defined(CURL_HAVE_WSAPOLL)
-  struct pollfd pfd[2];
-  int num;
-  int r;
-  int ret;
-
-  num = 0;
-  if (readfd != CURL_SOCKET_BAD) {
-    pfd[num].fd = readfd;
-    pfd[num].events = POLLIN;
-    num++;
-  }
-  if (writefd != CURL_SOCKET_BAD) {
-    pfd[num].fd = writefd;
-    pfd[num].events = POLLOUT;
-    num++;
-  }
-
-#if defined(HAVE_POLL) && !defined(_POLL_EMUL_H_)
-  do {
-    r = poll(pfd, num, timeout_ms);
-  } while((r == -1) && (errno == EINTR));
-#else
-  r = WSAPoll(pfd, num, timeout_ms);
-#endif
-
-  if (r < 0)
-    return -1;
-  if (r == 0)
-    return 0;
-
-  ret = 0;
-  num = 0;
-  if (readfd != CURL_SOCKET_BAD) {
-    if (pfd[num].revents & (POLLIN|POLLHUP))
-      ret |= CSELECT_IN;
-    if (pfd[num].revents & POLLERR) {
-#ifdef __CYGWIN__
-      /* Cygwin 1.5.21 needs this hack to pass test 160 */
-      if (errno == EINPROGRESS)
-        ret |= CSELECT_IN;
-      else
-#endif
-        ret |= CSELECT_ERR;
-    }
-    num++;
-  }
-  if (writefd != CURL_SOCKET_BAD) {
-    if (pfd[num].revents & POLLOUT)
-      ret |= CSELECT_OUT;
-    if (pfd[num].revents & (POLLERR|POLLHUP))
-      ret |= CSELECT_ERR;
-  }
-
-  return ret;
-#else
-  struct timeval timeout;
-  fd_set fds_read;
-  fd_set fds_write;
-  fd_set fds_err;
-  curl_socket_t maxfd;
-  int r;
-  int ret;
-
-  timeout.tv_sec = timeout_ms / 1000;
-  timeout.tv_usec = (timeout_ms % 1000) * 1000;
-
-  if((readfd == CURL_SOCKET_BAD) && (writefd == CURL_SOCKET_BAD)) {
-    /* According to POSIX we should pass in NULL pointers if we don't want to
-       wait for anything in particular but just use the timeout function.
-       Windows however returns immediately if done so. I copied the MSDOS
-       delay() use from src/main.c that already had this work-around. */
-#ifdef WIN32
-    Sleep(timeout_ms);
-#elif defined(__MSDOS__)
-    delay(timeout_ms);
-#else
-    select(0, NULL, NULL, NULL, &timeout);
-#endif
-    return 0;
-  }
-
-  FD_ZERO(&fds_err);
-  maxfd = (curl_socket_t)-1;
-
-  FD_ZERO(&fds_read);
-  if (readfd != CURL_SOCKET_BAD) {
-    VERIFY_SOCK(readfd);
-    FD_SET(readfd, &fds_read);
-    FD_SET(readfd, &fds_err);
-    maxfd = readfd;
-  }
-
-  FD_ZERO(&fds_write);
-  if (writefd != CURL_SOCKET_BAD) {
-    VERIFY_SOCK(writefd);
-    FD_SET(writefd, &fds_write);
-    FD_SET(writefd, &fds_err);
-    if (writefd > maxfd)
-      maxfd = writefd;
-  }
-
-  do {
-    r = select((int)maxfd + 1, &fds_read, &fds_write, &fds_err, &timeout);
-  } while((r == -1) && (Curl_sockerrno() == EINTR));
-
-  if (r < 0)
-    return -1;
-  if (r == 0)
-    return 0;
-
-  ret = 0;
-  if (readfd != CURL_SOCKET_BAD) {
-    if (FD_ISSET(readfd, &fds_read))
-      ret |= CSELECT_IN;
-    if (FD_ISSET(readfd, &fds_err))
-      ret |= CSELECT_ERR;
-  }
-  if (writefd != CURL_SOCKET_BAD) {
-    if (FD_ISSET(writefd, &fds_write))
-      ret |= CSELECT_OUT;
-    if (FD_ISSET(writefd, &fds_err))
-      ret |= CSELECT_ERR;
-  }
-
-  return ret;
-#endif
-}
-
-/*
- * This is a wrapper around poll().  If poll() does not exist, then
- * select() is used instead.  An error is returned if select() is
- * being used and a file descriptor too large for FD_SETSIZE.
- *
- * Return values:
- *   -1 = system call error or fd >= FD_SETSIZE
- *    0 = timeout
- *    1 = number of structures with non zero revent fields
- */
-int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms)
-{
-  int r;
-#if defined(HAVE_POLL) && !defined(_POLL_EMUL_H_)
-  do {
-    r = poll(ufds, nfds, timeout_ms);
-  } while((r == -1) && (errno == EINTR));
-#elif defined(CURL_HAVE_WSAPOLL)
-  r = WSAPoll(ufds, nfds, timeout_ms);
-#else
-  struct timeval timeout;
-  struct timeval *ptimeout;
-  fd_set fds_read;
-  fd_set fds_write;
-  fd_set fds_err;
-  curl_socket_t maxfd;
-  unsigned int i;
-
-  FD_ZERO(&fds_read);
-  FD_ZERO(&fds_write);
-  FD_ZERO(&fds_err);
-  maxfd = (curl_socket_t)-1;
-
-  for (i = 0; i < nfds; i++) {
-    if (ufds[i].fd == CURL_SOCKET_BAD)
-      continue;
-#ifndef USE_WINSOCK  /* winsock sockets are not in range [0..FD_SETSIZE] */
-    if (ufds[i].fd >= FD_SETSIZE) {
-      errno = EINVAL;
-      return -1;
-    }
-#endif
-    if (ufds[i].fd > maxfd)
-      maxfd = ufds[i].fd;
-    if (ufds[i].events & POLLIN)
-      FD_SET(ufds[i].fd, &fds_read);
-    if (ufds[i].events & POLLOUT)
-      FD_SET(ufds[i].fd, &fds_write);
-    if (ufds[i].events & POLLERR)
-      FD_SET(ufds[i].fd, &fds_err);
-  }
-
-  if (timeout_ms < 0) {
-    ptimeout = NULL;      /* wait forever */
-  } else {
-    timeout.tv_sec = timeout_ms / 1000;
-    timeout.tv_usec = (timeout_ms % 1000) * 1000;
-    ptimeout = &timeout;
-  }
-
-  do {
-    r = select((int)maxfd + 1, &fds_read, &fds_write, &fds_err, ptimeout);
-  } while((r == -1) && (Curl_sockerrno() == EINTR));
-
-  if (r < 0)
-    return -1;
-  if (r == 0)
-    return 0;
-
-  r = 0;
-  for (i = 0; i < nfds; i++) {
-    ufds[i].revents = 0;
-    if (ufds[i].fd == CURL_SOCKET_BAD)
-      continue;
-    if (FD_ISSET(ufds[i].fd, &fds_read))
-      ufds[i].revents |= POLLIN;
-    if (FD_ISSET(ufds[i].fd, &fds_write))
-      ufds[i].revents |= POLLOUT;
-    if (FD_ISSET(ufds[i].fd, &fds_err))
-      ufds[i].revents |= POLLERR;
-    if (ufds[i].revents != 0)
-      r++;
-  }
-#endif
-  return r;
-}
-
-#ifdef TPF
-/*
- * This is a replacement for select() on the TPF platform.
- * It is used whenever libcurl calls select().
- * The call below to tpf_process_signals() is required because
- * TPF's select calls are not signal interruptible.
- *
- * Return values are the same as select's.
- */
-int tpf_select_libcurl(int maxfds, fd_set* reads, fd_set* writes,
-                       fd_set* excepts, struct timeval* tv)
-{
-   int rc;
-
-   rc = tpf_select_bsd(maxfds, reads, writes, excepts, tv);
-   tpf_process_signals();
-   return(rc);
-}
-#endif /* TPF */
diff --git a/Utilities/cmcurl/setup.h b/Utilities/cmcurl/setup.h
deleted file mode 100644
index 5ae881f..0000000
--- a/Utilities/cmcurl/setup.h
+++ /dev/null
@@ -1,390 +0,0 @@
-#ifndef __LIB_CURL_SETUP_H
-#define __LIB_CURL_SETUP_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#ifdef HTTP_ONLY
-#define CURL_DISABLE_TFTP
-#define CURL_DISABLE_FTP
-#define CURL_DISABLE_LDAP
-#define CURL_DISABLE_TELNET
-#define CURL_DISABLE_DICT
-#define CURL_DISABLE_FILE
-#endif /* HTTP_ONLY */
-
-#if !defined(WIN32) && defined(__WIN32__)
-/* Borland fix */
-#define WIN32
-#endif
-
-#if !defined(WIN32) && defined(_WIN32)
-/* VS2005 on x64 fix */
-#define WIN32
-#endif
-
-#if defined(__clang__)
-# pragma clang diagnostic ignored "-Wcast-align"
-#endif
-
-/*
- * Include configuration script results or hand-crafted
- * configuration file for platforms which lack config tool.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#else
-
-/*
-#ifdef _WIN32_WCE
-#include "config-win32ce.h"
-#else
-#ifdef WIN32
-#include "config-win32.h"
-#endif
-#endif
-*/
-
-#ifdef macintosh
-#include "config-mac.h"
-#endif
-
-#ifdef AMIGA
-#include "amigaos.h"
-#endif
-
-#ifdef TPF
-#include "config-tpf.h" /* hand-modified TPF config.h */
-/* change which select is used for libcurl */
-#define select(a,b,c,d,e) tpf_select_libcurl(a,b,c,d,e)
-#endif
-
-#endif /* HAVE_CONFIG_H */
-
-/*
- * Include header files for windows builds before redefining anything.
- * Use this preproessor block only to include or exclude windows.h,
- * winsock2.h, ws2tcpip.h or winsock.h. Any other windows thing belongs
- * to any other further and independant block.  Under Cygwin things work
- * just as under linux (e.g. <sys/socket.h>) and the winsock headers should
- * never be included when __CYGWIN__ is defined.  configure script takes
- * care of this, not defining HAVE_WINDOWS_H, HAVE_WINSOCK_H, HAVE_WINSOCK2_H,
- * neither HAVE_WS2TCPIP_H when __CYGWIN__ is defined.
- */
-
-#ifdef HAVE_WINDOWS_H
-#  ifndef WIN32_LEAN_AND_MEAN
-#    define WIN32_LEAN_AND_MEAN
-#  endif
-#  include <windows.h>
-#  ifdef HAVE_WINSOCK2_H
-#    include <winsock2.h>
-#    ifdef HAVE_WS2TCPIP_H
-#       include <ws2tcpip.h>
-#    endif
-#  else
-#    ifdef HAVE_WINSOCK_H
-#      include <winsock.h>
-#    endif
-#  endif
-#endif
-
-/*
- * Define USE_WINSOCK to 2 if we have and use WINSOCK2 API, else
- * define USE_WINSOCK to 1 if we have and use WINSOCK  API, else
- * undefine USE_WINSOCK.
- */
-
-#undef USE_WINSOCK
-
-#ifdef HAVE_WINSOCK2_H
-#  define USE_WINSOCK 2
-#else
-#  ifdef HAVE_WINSOCK_H
-#    define USE_WINSOCK 1
-#  endif
-#endif
-
-
-#ifndef TRUE
-#define TRUE 1
-#endif
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-#if !defined(__cplusplus) && !defined(__BEOS__) && !defined(__ECOS) && !defined(typedef_bool)
-typedef unsigned char bool;
-#define typedef_bool
-#endif
-
-#ifdef HAVE_LONGLONG
-#define LONG_LONG long long
-#define ENABLE_64BIT
-#else
-#ifdef _MSC_VER
-#define LONG_LONG __int64
-#define ENABLE_64BIT
-#endif /* _MSC_VER */
-#endif /* HAVE_LONGLONG */
-
-#ifndef SIZEOF_CURL_OFF_T
-/* If we don't know the size here, we assume a conservative size: 4. When
-   building libcurl, the actual size of this variable should be define in the
-   config*.h file. */
-#define SIZEOF_CURL_OFF_T 4
-#endif
-
-/* We set up our internal preferred (CURL_)FORMAT_OFF_T here */
-#if SIZEOF_CURL_OFF_T > 4
-#define FORMAT_OFF_T "lld"
-#else
-#define FORMAT_OFF_T "ld"
-#endif /* SIZEOF_CURL_OFF_T */
-
-#ifndef _REENTRANT
-/* Solaris needs _REENTRANT set for a few function prototypes and things to
-   appear in the #include files. We need to #define it before all #include
-   files. Unixware needs it to build proper reentrant code. Others may also
-   need it. */
-#define _REENTRANT
-#endif
-
-#include <stdio.h>
-#ifdef HAVE_ASSERT_H
-#include <assert.h>
-#endif
-#include <errno.h>
-
-#ifdef __TANDEM /* for nsr-tandem-nsk systems */
-#include <floss.h>
-#endif
-
-#ifndef STDC_HEADERS /* no standard C headers! */
-#include <curl/stdcheaders.h>
-#endif
-
-/*
- * PellesC cludge section (yikes);
- *  - It has 'ssize_t', but it is in <unistd.h>. The way the headers
- *    on Win32 are included, forces me to include this header here.
- *  - sys_nerr, EINTR is missing in v4.0 or older.
- */
-#ifdef __POCC__
-  #include <sys/types.h>
-  #include <unistd.h>
-  #if (__POCC__ <= 400)
-  #define sys_nerr EILSEQ  /* for strerror.c */
-  #define EINTR    -1      /* for select.c */
-  #endif
-#endif
-
-/*
- * Salford-C cludge section (mostly borrowed from wxWidgets).
- */
-#ifdef __SALFORDC__
-  #pragma suppress 353             /* Possible nested comments */
-  #pragma suppress 593             /* Define not used */
-  #pragma suppress 61              /* enum has no name */
-  #pragma suppress 106             /* unnamed, unused parameter */
-  #include <clib.h>
-#endif
-
-#if defined(CURLDEBUG) && defined(HAVE_ASSERT_H)
-#define curlassert(x) assert(x)
-#else
-/* does nothing without CURLDEBUG defined */
-#define curlassert(x)
-#endif
-
-
-/* To make large file support transparent even on Windows */
-#if defined(WIN32) && (SIZEOF_CURL_OFF_T > 4)
-#include <sys/stat.h>   /* must come first before we redefine stat() */
-#include <io.h>
-#define lseek(x,y,z) _lseeki64(x, y, z)
-#define struct_stat struct _stati64
-#define stat(file,st) _stati64(file,st)
-#define fstat(fd,st) _fstati64(fd,st)
-#else
-#define struct_stat struct stat
-#endif /* Win32 with large file support */
-
-
-/* Below we define some functions. They should
-   1. close a socket
-
-   4. set the SIGALRM signal timeout
-   5. set dir/file naming defines
-   */
-
-#ifdef WIN32
-
-#if !defined(__CYGWIN__)
-#define sclose(x) closesocket(x)
-
-#undef HAVE_ALARM
-#else
-     /* gcc-for-win is still good :) */
-#define sclose(x) close(x)
-#define HAVE_ALARM
-#endif /* !GNU or mingw */
-
-#define DIR_CHAR      "\\"
-#define DOT_CHAR      "_"
-
-#else /* WIN32 */
-
-#ifdef MSDOS  /* Watt-32 */
-#include <sys/ioctl.h>
-#define sclose(x)         close_s(x)
-#define select(n,r,w,x,t) select_s(n,r,w,x,t)
-#define ioctl(x,y,z) ioctlsocket(x,y,(char *)(z))
-#define IOCTL_3_ARGS
-#include <tcp.h>
-#ifdef word
-#undef word
-#endif
-
-#else /* MSDOS */
-
-#ifdef __VMS
-#define IOCTL_3_ARGS 1
-#endif
-
-#ifdef __BEOS__
-#define sclose(x) closesocket(x)
-#else /* __BEOS__ */
-#define sclose(x) close(x)
-#endif /* __BEOS__ */
-
-#define HAVE_ALARM
-
-#endif /* MSDOS */
-
-#ifdef _AMIGASF
-#undef HAVE_ALARM
-#undef sclose
-#define sclose(x) CloseSocket(x)
-#endif
-
-#define DIR_CHAR      "/"
-#ifndef DOT_CHAR
-#define DOT_CHAR      "."
-#endif
-
-#ifdef MSDOS
-#undef DOT_CHAR
-#define DOT_CHAR      "_"
-#endif
-
-#ifndef fileno /* sunos 4 have this as a macro! */
-int fileno( FILE *stream);
-#endif
-
-#endif /* WIN32 */
-
-#if defined(WIN32) && !defined(__CYGWIN__) && !defined(USE_ARES) && \
-    !defined(__LCC__)  /* lcc-win32 doesn't have _beginthreadex() */
-#ifdef ENABLE_IPV6
-#define USE_THREADING_GETADDRINFO
-#else
-#define USE_THREADING_GETHOSTBYNAME  /* Cygwin uses alarm() function */
-#endif
-#endif
-
-/* "cl -ML" or "cl -MLd" implies a single-threaded runtime library where
-   _beginthreadex() is not available */
-#if (defined(_MSC_VER) && !defined(__POCC__)) && !defined(_MT) && !defined(USE_ARES)
-#undef USE_THREADING_GETADDRINFO
-#undef USE_THREADING_GETHOSTBYNAME
-#define CURL_NO__BEGINTHREADEX
-#endif
-
-/*
- * msvc 6.0 does not have struct sockaddr_storage and
- * does not define IPPROTO_ESP in winsock2.h. But both
- * are available if PSDK is properly installed.
- */
-
-#ifdef _MSC_VER
-#if !defined(HAVE_WINSOCK2_H) || ((_MSC_VER < 1300) && !defined(IPPROTO_ESP))
-#undef HAVE_STRUCT_SOCKADDR_STORAGE
-#endif
-#endif
-
-#ifdef mpeix
-#define IOCTL_3_ARGS
-#endif
-
-#ifdef NETWARE
-#undef HAVE_ALARM
-#endif
-
-#if defined(HAVE_LIBIDN) && defined(HAVE_TLD_H)
-/* The lib was present and the tld.h header (which is missing in libidn 0.3.X
-   but we only work with libidn 0.4.1 or later) */
-#define USE_LIBIDN
-#endif
-
-#ifndef SIZEOF_TIME_T
-/* assume default size of time_t to be 32 bit */
-#define SIZEOF_TIME_T 4
-#endif
-
-#define LIBIDN_REQUIRED_VERSION "0.4.1"
-
-#ifdef __UCLIBC__
-#define HAVE_INET_NTOA_R_2_ARGS 1
-#endif
-
-#if defined(USE_GNUTLS) || defined(USE_SSLEAY)
-#define USE_SSL    /* Either OpenSSL || GnuTLS */
-#endif
-
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM)
-#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI)
-#define USE_NTLM
-#endif
-#endif
-
-#ifdef CURLDEBUG
-#define DEBUGF(x) x
-#else
-#define DEBUGF(x)
-#endif
-
-/* non-configure builds may define CURL_WANTS_CA_BUNDLE_ENV */
-#if defined(CURL_WANTS_CA_BUNDLE_ENV) && !defined(CURL_CA_BUNDLE)
-#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")
-#endif
-
-/*
- * Include macros and defines that should only be processed once.
- */
-
-#ifndef __SETUP_ONCE_H
-#include "setup_once.h"
-#endif
-
-#endif /* __LIB_CURL_SETUP_H */
diff --git a/Utilities/cmcurl/setup_once.h b/Utilities/cmcurl/setup_once.h
deleted file mode 100644
index ee68641..0000000
--- a/Utilities/cmcurl/setup_once.h
+++ /dev/null
@@ -1,153 +0,0 @@
-#ifndef __SETUP_ONCE_H
-#define __SETUP_ONCE_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-
-/********************************************************************
- *                              NOTICE                              *
- *                             ========                             *
- *                                                                  *
- *  Content of header files lib/setup_once.h and ares/setup_once.h  *
- *  must be kept in sync. Modify the other one if you change this.  *
- *                                                                  *
- ********************************************************************/
-
-
-/*
- * If we have the MSG_NOSIGNAL define, make sure we use
- * it as the fourth argument of function send()
- */
-
-#ifdef HAVE_MSG_NOSIGNAL
-#define SEND_4TH_ARG MSG_NOSIGNAL
-#else
-#define SEND_4TH_ARG 0
-#endif
-
-
-/*
- * The definitions for the return type and arguments types
- * of functions recv() and send() belong and come from the
- * configuration file. Do not define them in any other place.
- *
- * HAVE_RECV is defined if you have a function named recv()
- * which is used to read incoming data from sockets. If your
- * function has another name then don't define HAVE_RECV.
- *
- * If HAVE_RECV is defined then RECV_TYPE_ARG1, RECV_TYPE_ARG2,
- * RECV_TYPE_ARG3, RECV_TYPE_ARG4 and RECV_TYPE_RETV must also
- * be defined.
- *
- * HAVE_SEND is defined if you have a function named send()
- * which is used to write outgoing data on a connected socket.
- * If yours has another name then don't define HAVE_SEND.
- *
- * If HAVE_SEND is defined then SEND_TYPE_ARG1, SEND_QUAL_ARG2,
- * SEND_TYPE_ARG2, SEND_TYPE_ARG3, SEND_TYPE_ARG4 and
- * SEND_TYPE_RETV must also be defined.
- */
-
-#ifdef HAVE_RECV
-#if !defined(RECV_TYPE_ARG1) || \
-    !defined(RECV_TYPE_ARG2) || \
-    !defined(RECV_TYPE_ARG3) || \
-    !defined(RECV_TYPE_ARG4) || \
-    !defined(RECV_TYPE_RETV)
-  /* */
-  Error Missing_definition_of_return_and_arguments_types_of_recv
-  /* */
-#else
-#define sread(x,y,z) (ssize_t)recv((RECV_TYPE_ARG1)(x), \
-                                   (RECV_TYPE_ARG2)(y), \
-                                   (RECV_TYPE_ARG3)(z), \
-                                   (RECV_TYPE_ARG4)(0))
-#endif
-#else /* HAVE_RECV */
-#ifndef sread
-  /* */
-  Error Missing_definition_of_macro_sread
-  /* */
-#endif
-#endif /* HAVE_RECV */
-
-#ifdef HAVE_SEND
-#if !defined(SEND_TYPE_ARG1) || \
-    !defined(SEND_QUAL_ARG2) || \
-    !defined(SEND_TYPE_ARG2) || \
-    !defined(SEND_TYPE_ARG3) || \
-    !defined(SEND_TYPE_ARG4) || \
-    !defined(SEND_TYPE_RETV)
-  /* */
-  Error Missing_definition_of_return_and_arguments_types_of_send
-  /* */
-#else
-#define swrite(x,y,z) (ssize_t)send((SEND_TYPE_ARG1)(x), \
-                                    (SEND_TYPE_ARG2)(y), \
-                                    (SEND_TYPE_ARG3)(z), \
-                                    (SEND_TYPE_ARG4)(SEND_4TH_ARG))
-#endif
-#else /* HAVE_SEND */
-#ifndef swrite
-  /* */
-  Error Missing_definition_of_macro_swrite
-  /* */
-#endif
-#endif /* HAVE_SEND */
-
-
-/*
- * Uppercase macro versions of ANSI/ISO is*() functions/macros which
- * avoid negative number inputs with argument byte codes > 127.
- */
-
-#define ISSPACE(x)  (isspace((int)  ((unsigned char)x)))
-#define ISDIGIT(x)  (isdigit((int)  ((unsigned char)x)))
-#define ISALNUM(x)  (isalnum((int)  ((unsigned char)x)))
-#define ISXDIGIT(x) (isxdigit((int) ((unsigned char)x)))
-#define ISGRAPH(x)  (isgraph((int)  ((unsigned char)x)))
-#define ISALPHA(x)  (isalpha((int)  ((unsigned char)x)))
-#define ISPRINT(x)  (isprint((int)  ((unsigned char)x)))
-
-
-/*
- * Typedef to 'int' if sig_atomic_t is not an available 'typedefed' type.
- */
-
-#ifndef HAVE_SIG_ATOMIC_T
-typedef int sig_atomic_t;
-#define HAVE_SIG_ATOMIC_T
-#endif
-
-
-/*
- * Default return type for signal handlers.
- */
-
-#ifndef RETSIGTYPE
-#define RETSIGTYPE void
-#endif
-
-
-#endif /* __SETUP_ONCE_H */
-
diff --git a/Utilities/cmcurl/socks.c b/Utilities/cmcurl/socks.c
deleted file mode 100644
index e0e947b..0000000
--- a/Utilities/cmcurl/socks.c
+++ /dev/null
@@ -1,592 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include <string.h>
-
-#ifdef NEED_MALLOC_H
-#include <malloc.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "strequal.h"
-#include "select.h"
-#include "connect.h"
-#include "timeval.h"
-#include "socks.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/*
- * Helper read-from-socket functions. Does the same as Curl_read() but it
- * blocks until all bytes amount of buffersize will be read. No more, no less.
- *
- * This is STUPID BLOCKING behaviour which we frown upon, but right now this
- * is what we have...
- */
-static int blockread_all(struct connectdata *conn, /* connection data */
-                         curl_socket_t sockfd,     /* read from this socket */
-                         char *buf,                /* store read data here */
-                         ssize_t buffersize,       /* max amount to read */
-                         ssize_t *n,               /* amount bytes read */
-                         long conn_timeout)        /* timeout for data wait
-                                                      relative to
-                                                      conn->created */
-{
-  ssize_t nread;
-  ssize_t allread = 0;
-  int result;
-  struct timeval tvnow;
-  long conntime;
-  *n = 0;
-  do {
-    tvnow = Curl_tvnow();
-    /* calculating how long connection is establishing */
-    conntime = Curl_tvdiff(tvnow, conn->created);
-    if(conntime > conn_timeout) {
-      /* we already got the timeout */
-      result = ~CURLE_OK;
-      break;
-    }
-    if(Curl_select(sockfd, CURL_SOCKET_BAD,
-                   (int)(conn_timeout - conntime)) <= 0) {
-      result = ~CURLE_OK;
-      break;
-    }
-    result = Curl_read(conn, sockfd, buf, buffersize, &nread);
-    if(result)
-      break;
-
-    if(buffersize == nread) {
-      allread += nread;
-      *n = allread;
-      result = CURLE_OK;
-      break;
-    }
-    buffersize -= nread;
-    buf += nread;
-    allread += nread;
-  } while(1);
-  return result;
-}
-
-/*
-* This function logs in to a SOCKS4 proxy and sends the specifics to the final
-* destination server.
-*
-* Reference :
-*   http://socks.permeo.com/protocol/socks4.protocol
-*
-* Note :
-*   Nonsupport "SOCKS 4A (Simple Extension to SOCKS 4 Protocol)"
-*   Nonsupport "Identification Protocol (RFC1413)"
-*/
-CURLcode Curl_SOCKS4(const char *proxy_name,
-                     struct connectdata *conn)
-{
-  unsigned char socksreq[262]; /* room for SOCKS4 request incl. user id */
-  int result;
-  CURLcode code;
-  curl_socket_t sock = conn->sock[FIRSTSOCKET];
-  long timeout;
-  struct SessionHandle *data = conn->data;
-
-  /* get timeout */
-  if(data->set.timeout && data->set.connecttimeout) {
-    if (data->set.timeout < data->set.connecttimeout)
-      timeout = data->set.timeout*1000;
-    else
-      timeout = data->set.connecttimeout*1000;
-  }
-  else if(data->set.timeout)
-    timeout = data->set.timeout*1000;
-  else if(data->set.connecttimeout)
-    timeout = data->set.connecttimeout*1000;
-  else
-    timeout = DEFAULT_CONNECT_TIMEOUT;
-
-  Curl_nonblock(sock, FALSE);
-
-  /*
-   * Compose socks4 request
-   *
-   * Request format
-   *
-   *     +----+----+----+----+----+----+----+----+----+----+....+----+
-   *     | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL|
-   *     +----+----+----+----+----+----+----+----+----+----+....+----+
-   * # of bytes:  1    1      2              4           variable       1
-   */
-
-  socksreq[0] = 4; /* version (SOCKS4) */
-  socksreq[1] = 1; /* connect */
-  *((unsigned short*)&socksreq[2]) = htons(conn->remote_port);
-
-  /* DNS resolve */
-  {
-    struct Curl_dns_entry *dns;
-    Curl_addrinfo *hp=NULL;
-    int rc;
-
-    rc = Curl_resolv(conn, conn->host.name, (int)conn->remote_port, &dns);
-
-    if(rc == CURLRESOLV_ERROR)
-      return CURLE_COULDNT_RESOLVE_PROXY;
-
-    if(rc == CURLRESOLV_PENDING)
-      /* this requires that we're in "wait for resolve" state */
-      rc = Curl_wait_for_resolv(conn, &dns);
-
-    /*
-     * We cannot use 'hostent' as a struct that Curl_resolv() returns.  It
-     * returns a Curl_addrinfo pointer that may not always look the same.
-     */
-    if(dns)
-      hp=dns->addr;
-    if (hp) {
-      char buf[64];
-      unsigned short ip[4];
-      Curl_printable_address(hp, buf, sizeof(buf));
-
-      if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
-                      &ip[0], &ip[1], &ip[2], &ip[3])) {
-        /* Set DSTIP */
-        socksreq[4] = (unsigned char)ip[0];
-        socksreq[5] = (unsigned char)ip[1];
-        socksreq[6] = (unsigned char)ip[2];
-        socksreq[7] = (unsigned char)ip[3];
-      }
-      else
-        hp = NULL; /* fail! */
-
-      Curl_resolv_unlock(data, dns); /* not used anymore from now on */
-
-    }
-    if(!hp) {
-      failf(data, "Failed to resolve \"%s\" for SOCKS4 connect.",
-            conn->host.name);
-      return CURLE_COULDNT_RESOLVE_HOST;
-    }
-  }
-
-  /*
-   * This is currently not supporting "Identification Protocol (RFC1413)".
-   */
-  socksreq[8] = 0; /* ensure empty userid is NUL-terminated */
-  if(proxy_name) {
-    size_t plen = strlen(proxy_name);
-    if(plen >= sizeof(socksreq) - 8) {
-      failf(data, "Too long SOCKS proxy name, can't use!\n");
-      return CURLE_COULDNT_CONNECT;
-    }
-    /* copy the proxy name WITH trailing zero */
-    memcpy(socksreq + 8, proxy_name, plen+1);
-  }
-
-  /*
-   * Make connection
-   */
-  {
-    ssize_t actualread;
-    ssize_t written;
-    int packetsize = 9 +
-      (int)strlen((char*)socksreq + 8); /* size including NUL */
-
-    /* Send request */
-    code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
-    if ((code != CURLE_OK) || (written != packetsize)) {
-      failf(data, "Failed to send SOCKS4 connect request.");
-      return CURLE_COULDNT_CONNECT;
-    }
-
-    packetsize = 8; /* receive data size */
-
-    /* Receive response */
-    result = blockread_all(conn, sock, (char *)socksreq, packetsize,
-                           &actualread, timeout);
-    if ((result != CURLE_OK) || (actualread != packetsize)) {
-      failf(data, "Failed to receive SOCKS4 connect request ack.");
-      return CURLE_COULDNT_CONNECT;
-    }
-
-    /*
-     * Response format
-     *
-     *     +----+----+----+----+----+----+----+----+
-     *     | VN | CD | DSTPORT |      DSTIP        |
-     *     +----+----+----+----+----+----+----+----+
-     * # of bytes:  1    1      2              4
-     *
-     * VN is the version of the reply code and should be 0. CD is the result
-     * code with one of the following values:
-     *
-     * 90: request granted
-     * 91: request rejected or failed
-     * 92: request rejected because SOCKS server cannot connect to
-     *     identd on the client
-     * 93: request rejected because the client program and identd
-     *     report different user-ids
-     */
-
-    /* wrong version ? */
-    if (socksreq[0] != 0) {
-      failf(data,
-            "SOCKS4 reply has wrong version, version should be 4.");
-      return CURLE_COULDNT_CONNECT;
-    }
-
-    /* Result */
-    switch(socksreq[1])
-    {
-    case 90:
-      infof(data, "SOCKS4 request granted.\n");
-      break;
-    case 91:
-      failf(data,
-            "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
-            ", request rejected or failed.",
-            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
-            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
-            socksreq[1]);
-      return CURLE_COULDNT_CONNECT;
-    case 92:
-      failf(data,
-            "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
-            ", request rejected because SOCKS server cannot connect to "
-            "identd on the client.",
-            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
-            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
-            socksreq[1]);
-      return CURLE_COULDNT_CONNECT;
-    case 93:
-      failf(data,
-            "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
-            ", request rejected because the client program and identd "
-            "report different user-ids.",
-            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
-            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
-            socksreq[1]);
-      return CURLE_COULDNT_CONNECT;
-    default:
-      failf(data,
-            "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
-            ", Unknown.",
-            (unsigned char)socksreq[4], (unsigned char)socksreq[5],
-            (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-            (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
-            socksreq[1]);
-      return CURLE_COULDNT_CONNECT;
-    }
-  }
-
-  Curl_nonblock(sock, TRUE);
-
-  return CURLE_OK; /* Proxy was successful! */
-}
-
-/*
- * This function logs in to a SOCKS5 proxy and sends the specifics to the final
- * destination server.
- */
-CURLcode Curl_SOCKS5(const char *proxy_name,
-                     const char *proxy_password,
-                     struct connectdata *conn)
-{
-  /*
-    According to the RFC1928, section "6.  Replies". This is what a SOCK5
-    replies:
-
-        +----+-----+-------+------+----------+----------+
-        |VER | REP |  RSV  | ATYP | BND.ADDR | BND.PORT |
-        +----+-----+-------+------+----------+----------+
-        | 1  |  1  | X'00' |  1   | Variable |    2     |
-        +----+-----+-------+------+----------+----------+
-
-    Where:
-
-    o  VER    protocol version: X'05'
-    o  REP    Reply field:
-    o  X'00' succeeded
-  */
-
-  unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
-  ssize_t actualread;
-  ssize_t written;
-  int result;
-  CURLcode code;
-  curl_socket_t sock = conn->sock[FIRSTSOCKET];
-  struct SessionHandle *data = conn->data;
-  long timeout;
-
-  /* get timeout */
-  if(data->set.timeout && data->set.connecttimeout) {
-    if (data->set.timeout < data->set.connecttimeout)
-      timeout = data->set.timeout*1000;
-    else
-      timeout = data->set.connecttimeout*1000;
-  }
-  else if(data->set.timeout)
-    timeout = data->set.timeout*1000;
-  else if(data->set.connecttimeout)
-    timeout = data->set.connecttimeout*1000;
-  else
-    timeout = DEFAULT_CONNECT_TIMEOUT;
-
-  Curl_nonblock(sock, TRUE);
-
-  /* wait until socket gets connected */
-  result = Curl_select(CURL_SOCKET_BAD, sock, (int)timeout);
-
-  if(-1 == result) {
-    failf(conn->data, "SOCKS5: no connection here");
-    return CURLE_COULDNT_CONNECT;
-  }
-  else if(0 == result) {
-    failf(conn->data, "SOCKS5: connection timeout");
-    return CURLE_OPERATION_TIMEDOUT;
-  }
-
-  if(result & CSELECT_ERR) {
-    failf(conn->data, "SOCKS5: error occured during connection");
-    return CURLE_COULDNT_CONNECT;
-  }
-
-  socksreq[0] = 5; /* version */
-  socksreq[1] = (char)(proxy_name ? 2 : 1); /* number of methods (below) */
-  socksreq[2] = 0; /* no authentication */
-  socksreq[3] = 2; /* username/password */
-
-  Curl_nonblock(sock, FALSE);
-
-  code = Curl_write(conn, sock, (char *)socksreq, (2 + (int)socksreq[1]),
-                      &written);
-  if ((code != CURLE_OK) || (written != (2 + (int)socksreq[1]))) {
-    failf(data, "Unable to send initial SOCKS5 request.");
-    return CURLE_COULDNT_CONNECT;
-  }
-
-  Curl_nonblock(sock, TRUE);
-
-  result = Curl_select(sock, CURL_SOCKET_BAD, (int)timeout);
-
-  if(-1 == result) {
-    failf(conn->data, "SOCKS5 nothing to read");
-    return CURLE_COULDNT_CONNECT;
-  }
-  else if(0 == result) {
-    failf(conn->data, "SOCKS5 read timeout");
-    return CURLE_OPERATION_TIMEDOUT;
-  }
-
-  if(result & CSELECT_ERR) {
-    failf(conn->data, "SOCKS5 read error occured");
-    return CURLE_RECV_ERROR;
-  }
-
-  Curl_nonblock(sock, FALSE);
-
-  result=blockread_all(conn, sock, (char *)socksreq, 2, &actualread, timeout);
-  if ((result != CURLE_OK) || (actualread != 2)) {
-    failf(data, "Unable to receive initial SOCKS5 response.");
-    return CURLE_COULDNT_CONNECT;
-  }
-
-  if (socksreq[0] != 5) {
-    failf(data, "Received invalid version in initial SOCKS5 response.");
-    return CURLE_COULDNT_CONNECT;
-  }
-  if (socksreq[1] == 0) {
-    /* Nothing to do, no authentication needed */
-    ;
-  }
-  else if (socksreq[1] == 2) {
-    /* Needs user name and password */
-    size_t userlen, pwlen;
-    int len;
-    if(proxy_name && proxy_password) {
-      userlen = strlen(proxy_name);
-      pwlen = proxy_password?strlen(proxy_password):0;
-    }
-    else {
-      userlen = 0;
-      pwlen = 0;
-    }
-
-    /*   username/password request looks like
-     * +----+------+----------+------+----------+
-     * |VER | ULEN |  UNAME   | PLEN |  PASSWD  |
-     * +----+------+----------+------+----------+
-     * | 1  |  1   | 1 to 255 |  1   | 1 to 255 |
-     * +----+------+----------+------+----------+
-     */
-    len = 0;
-    socksreq[len++] = 1;    /* username/pw subnegotiation version */
-    socksreq[len++] = (char) userlen;
-    memcpy(socksreq + len, proxy_name, (int) userlen);
-    len += userlen;
-    socksreq[len++] = (char) pwlen;
-    memcpy(socksreq + len, proxy_password, (int) pwlen);
-    len += pwlen;
-
-    code = Curl_write(conn, sock, (char *)socksreq, len, &written);
-    if ((code != CURLE_OK) || (len != written)) {
-      failf(data, "Failed to send SOCKS5 sub-negotiation request.");
-      return CURLE_COULDNT_CONNECT;
-    }
-
-    result=blockread_all(conn, sock, (char *)socksreq, 2, &actualread,
-                         timeout);
-    if ((result != CURLE_OK) || (actualread != 2)) {
-      failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
-      return CURLE_COULDNT_CONNECT;
-    }
-
-    /* ignore the first (VER) byte */
-    if (socksreq[1] != 0) { /* status */
-      failf(data, "User was rejected by the SOCKS5 server (%d %d).",
-            socksreq[0], socksreq[1]);
-      return CURLE_COULDNT_CONNECT;
-    }
-
-    /* Everything is good so far, user was authenticated! */
-  }
-  else {
-    /* error */
-    if (socksreq[1] == 1) {
-      failf(data,
-            "SOCKS5 GSSAPI per-message authentication is not supported.");
-      return CURLE_COULDNT_CONNECT;
-    }
-    else if (socksreq[1] == 255) {
-      if (!proxy_name || !*proxy_name) {
-        failf(data,
-              "No authentication method was acceptable. (It is quite likely"
-              " that the SOCKS5 server wanted a username/password, since none"
-              " was supplied to the server on this connection.)");
-      }
-      else {
-        failf(data, "No authentication method was acceptable.");
-      }
-      return CURLE_COULDNT_CONNECT;
-    }
-    else {
-      failf(data,
-            "Undocumented SOCKS5 mode attempted to be used by server.");
-      return CURLE_COULDNT_CONNECT;
-    }
-  }
-
-  /* Authentication is complete, now specify destination to the proxy */
-  socksreq[0] = 5; /* version (SOCKS5) */
-  socksreq[1] = 1; /* connect */
-  socksreq[2] = 0; /* must be zero */
-  socksreq[3] = 1; /* IPv4 = 1 */
-
-  {
-    struct Curl_dns_entry *dns;
-    Curl_addrinfo *hp=NULL;
-    int rc = Curl_resolv(conn, conn->host.name, (int)conn->remote_port, &dns);
-
-    if(rc == CURLRESOLV_ERROR)
-      return CURLE_COULDNT_RESOLVE_HOST;
-
-    if(rc == CURLRESOLV_PENDING)
-      /* this requires that we're in "wait for resolve" state */
-      rc = Curl_wait_for_resolv(conn, &dns);
-
-    /*
-     * We cannot use 'hostent' as a struct that Curl_resolv() returns.  It
-     * returns a Curl_addrinfo pointer that may not always look the same.
-     */
-    if(dns)
-      hp=dns->addr;
-    if (hp) {
-      char buf[64];
-      unsigned short ip[4];
-      Curl_printable_address(hp, buf, sizeof(buf));
-
-      if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
-                      &ip[0], &ip[1], &ip[2], &ip[3])) {
-        socksreq[4] = (unsigned char)ip[0];
-        socksreq[5] = (unsigned char)ip[1];
-        socksreq[6] = (unsigned char)ip[2];
-        socksreq[7] = (unsigned char)ip[3];
-      }
-      else
-        hp = NULL; /* fail! */
-
-      Curl_resolv_unlock(data, dns); /* not used anymore from now on */
-    }
-    if(!hp) {
-      failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.",
-            conn->host.name);
-      return CURLE_COULDNT_RESOLVE_HOST;
-    }
-  }
-
-  *((unsigned short*)&socksreq[8]) = htons(conn->remote_port);
-
-  {
-    const int packetsize = 10;
-
-    code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
-    if ((code != CURLE_OK) || (written != packetsize)) {
-      failf(data, "Failed to send SOCKS5 connect request.");
-      return CURLE_COULDNT_CONNECT;
-    }
-
-    result = blockread_all(conn, sock, (char *)socksreq, packetsize,
-                           &actualread, timeout);
-    if ((result != CURLE_OK) || (actualread != packetsize)) {
-      failf(data, "Failed to receive SOCKS5 connect request ack.");
-      return CURLE_COULDNT_CONNECT;
-    }
-
-    if (socksreq[0] != 5) { /* version */
-      failf(data,
-            "SOCKS5 reply has wrong version, version should be 5.");
-      return CURLE_COULDNT_CONNECT;
-    }
-    if (socksreq[1] != 0) { /* Anything besides 0 is an error */
-        failf(data,
-              "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
-              (unsigned char)socksreq[4], (unsigned char)socksreq[5],
-              (unsigned char)socksreq[6], (unsigned char)socksreq[7],
-              (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
-              socksreq[1]);
-        return CURLE_COULDNT_CONNECT;
-    }
-  }
-
-  Curl_nonblock(sock, TRUE);
-  return CURLE_OK; /* Proxy was successful! */
-}
diff --git a/Utilities/cmcurl/speedcheck.h b/Utilities/cmcurl/speedcheck.h
deleted file mode 100644
index 62475f6..0000000
--- a/Utilities/cmcurl/speedcheck.h
+++ /dev/null
@@ -1,34 +0,0 @@
-#ifndef __SPEEDCHECK_H
-#define __SPEEDCHECK_H
-/***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#include "timeval.h"
-
-void Curl_speedinit(struct SessionHandle *data);
-CURLcode Curl_speedcheck(struct SessionHandle *data,
-                         struct timeval now);
-
-#endif
diff --git a/Utilities/cmcurl/ssh.c b/Utilities/cmcurl/ssh.c
deleted file mode 100644
index 24cba1b..0000000
--- a/Utilities/cmcurl/ssh.c
+++ /dev/null
@@ -1,979 +0,0 @@
-/***************************************************************************
-*                                  _   _ ____  _
-*  Project                     ___| | | |  _ \| |
-*                             / __| | | | |_) | |
-*                            | (__| |_| |  _ <| |___
-*                             \___|\___/|_| \_\_____|
-*
-* Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
-*
-* This software is licensed as described in the file COPYING, which
-* you should have received as part of this distribution. The terms
-* are also available at http://curl.haxx.se/docs/copyright.html.
-*
-* You may opt to use, copy, modify, merge, publish, distribute and/or sell
-* copies of the Software, and permit persons to whom the Software is
-* furnished to do so, under the terms of the COPYING file.
-*
-* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-* KIND, either express or implied.
-*
-* $Id$
-***************************************************************************/
-
-/* #define CURL_LIBSSH2_DEBUG */
-
-#include "setup.h"
-
-#ifdef USE_LIBSSH2
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <ctype.h>
-#include <limits.h>
-
-#include <libssh2.h>
-#include <libssh2_sftp.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#ifdef HAVE_TIME_H
-#include <time.h>
-#endif
-
-#ifdef WIN32
-
-#else /* probably some kind of unix */
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#include <sys/types.h>
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_UTSNAME_H
-#include <sys/utsname.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef  VMS
-#include <in.h>
-#include <inet.h>
-#endif
-#endif
-
-#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
-#undef in_addr_t
-#define in_addr_t unsigned long
-#endif
-
-#include <curl/curl.h>
-#include "urldata.h"
-#include "sendf.h"
-#include "easyif.h" /* for Curl_convert_... prototypes */
-
-#include "if2ip.h"
-#include "hostip.h"
-#include "progress.h"
-#include "transfer.h"
-#include "escape.h"
-#include "http.h" /* for HTTP proxy tunnel stuff */
-#include "ssh.h"
-#include "url.h"
-#include "speedcheck.h"
-#include "getinfo.h"
-
-#include "strtoofft.h"
-#include "strequal.h"
-#include "sslgen.h"
-#include "connect.h"
-#include "strerror.h"
-#include "memory.h"
-#include "inet_ntop.h"
-#include "select.h"
-#include "parsedate.h" /* for the week day and month names */
-#include "sockaddr.h" /* required for Curl_sockaddr_storage */
-#include "multiif.h"
-
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#if defined(WIN32) || defined(MSDOS) || defined(__EMX__)
-#define DIRSEP '\\'
-#else
-#define DIRSEP '/'
-#endif
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
-#ifdef CURLDEBUG
-#include "memdebug.h"
-#endif
-
-#ifndef LIBSSH2_SFTP_S_IRUSR
-/* Here's a work-around for those of you who happend to run a libssh2 version
-   that is 0.14 or older. We should remove this kludge as soon as we can
-   require a more recent libssh2 release. */
-#ifndef S_IRGRP
-#define S_IRGRP  0
-#endif
-
-#ifndef S_IROTH
-#define S_IROTH 0
-#endif
-
-#define LIBSSH2_SFTP_S_IRUSR S_IRUSR
-#define LIBSSH2_SFTP_S_IWUSR S_IWUSR
-#define LIBSSH2_SFTP_S_IRGRP S_IRGRP
-#define LIBSSH2_SFTP_S_IROTH S_IROTH
-#define LIBSSH2_SFTP_S_IRUSR S_IRUSR
-#define LIBSSH2_SFTP_S_IWUSR S_IWUSR
-#define LIBSSH2_SFTP_S_IRGRP S_IRGRP
-#define LIBSSH2_SFTP_S_IROTH S_IROTH
-#define LIBSSH2_SFTP_S_IFMT S_IFMT
-#define LIBSSH2_SFTP_S_IFDIR S_IFDIR
-#define LIBSSH2_SFTP_S_IFLNK S_IFLNK
-#define LIBSSH2_SFTP_S_IFSOCK S_IFSOCK
-#define LIBSSH2_SFTP_S_IFCHR S_IFCHR
-#define LIBSSH2_SFTP_S_IFBLK S_IFBLK
-#define LIBSSH2_SFTP_S_IXUSR S_IXUSR
-#define LIBSSH2_SFTP_S_IWGRP S_IWGRP
-#define LIBSSH2_SFTP_S_IXGRP S_IXGRP
-#define LIBSSH2_SFTP_S_IWOTH S_IWOTH
-#define LIBSSH2_SFTP_S_IXOTH S_IXOTH
-#endif
-
-static LIBSSH2_ALLOC_FUNC(libssh2_malloc);
-static LIBSSH2_REALLOC_FUNC(libssh2_realloc);
-static LIBSSH2_FREE_FUNC(libssh2_free);
-
-static void
-kbd_callback(const char *name, int name_len, const char *instruction,
-             int instruction_len, int num_prompts,
-             const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
-             LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
-             void **abstract)
-{
-  struct SSHPROTO *ssh = (struct SSHPROTO *)*abstract;
-
-#ifdef CURL_LIBSSH2_DEBUG
-  fprintf(stderr, "name=%s\n", name);
-  fprintf(stderr, "name_len=%d\n", name_len);
-  fprintf(stderr, "instruction=%s\n", instruction);
-  fprintf(stderr, "instruction_len=%d\n", instruction_len);
-  fprintf(stderr, "num_prompts=%d\n", num_prompts);
-#else
-  (void)name;
-  (void)name_len;
-  (void)instruction;
-  (void)instruction_len;
-#endif  /* CURL_LIBSSH2_DEBUG */
-  if (num_prompts == 1) {
-    responses[0].text = strdup(ssh->passwd);
-    responses[0].length = strlen(ssh->passwd);
-  }
-  (void)prompts;
-  (void)abstract;
-} /* kbd_callback */
-
-static CURLcode libssh2_error_to_CURLE(struct connectdata *conn)
-{
-  int errorcode;
-  struct SSHPROTO *scp = conn->data->reqdata.proto.ssh;
-
-  /* Get the libssh2 error code and string */
-  errorcode = libssh2_session_last_error(scp->ssh_session, &scp->errorstr,
-                                         NULL, 0);
-  if (errorcode == LIBSSH2_FX_OK)
-    return CURLE_OK;
-
-  infof(conn->data, "libssh2 error %d, '%s'\n", errorcode, scp->errorstr);
-
-  /* TODO: map some of the libssh2 errors to the more appropriate CURLcode
-     error code, and possibly add a few new SSH-related one. We must however
-     not return or even depend on libssh2 errors in the public libcurl API */
-
-  return CURLE_SSH;
-}
-
-static LIBSSH2_ALLOC_FUNC(libssh2_malloc)
-{
-  return malloc(count);
-  (void)abstract;
-}
-
-static LIBSSH2_REALLOC_FUNC(libssh2_realloc)
-{
-  return realloc(ptr, count);
-  (void)abstract;
-}
-
-static LIBSSH2_FREE_FUNC(libssh2_free)
-{
-  free(ptr);
-  (void)abstract;
-}
-
-static CURLcode ssh_init(struct connectdata *conn)
-{
-  struct SessionHandle *data = conn->data;
-  struct SSHPROTO *ssh;
-  if (data->reqdata.proto.ssh)
-    return CURLE_OK;
-
-  ssh = (struct SSHPROTO *)calloc(sizeof(struct SSHPROTO), 1);
-  if (!ssh)
-    return CURLE_OUT_OF_MEMORY;
-
-  data->reqdata.proto.ssh = ssh;
-
-  /* get some initial data into the ssh struct */
-  ssh->bytecountp = &data->reqdata.keep.bytecount;
-
-  /* no need to duplicate them, this connectdata struct won't change */
-  ssh->user = conn->user;
-  ssh->passwd = conn->passwd;
-
-  ssh->errorstr = NULL;
-
-  ssh->ssh_session = NULL;
-  ssh->ssh_channel = NULL;
-  ssh->sftp_session = NULL;
-  ssh->sftp_handle = NULL;
-
-  return CURLE_OK;
-}
-
-/*
- * Curl_ssh_connect() gets called from Curl_protocol_connect() to allow us to
- * do protocol-specific actions at connect-time.
- */
-CURLcode Curl_ssh_connect(struct connectdata *conn, bool *done)
-{
-  int i;
-  struct SSHPROTO *ssh;
-  const char *fingerprint;
-  const char *authlist;
-  char *home;
-  char rsa_pub[PATH_MAX];
-  char rsa[PATH_MAX];
-  char tempHome[PATH_MAX];
-  curl_socket_t sock;
-  char *real_path;
-  char *working_path;
-  int working_path_len;
-  bool authed = FALSE;
-  CURLcode result;
-  struct SessionHandle *data = conn->data;
-
-  rsa_pub[0] = rsa[0] = '\0';
-
-  result = ssh_init(conn);
-  if (result)
-    return result;
-
-  ssh = data->reqdata.proto.ssh;
-
-  working_path = curl_easy_unescape(data, data->reqdata.path, 0,
-                                    &working_path_len);
-  if (!working_path)
-    return CURLE_OUT_OF_MEMORY;
-
-#ifdef CURL_LIBSSH2_DEBUG
-  if (ssh->user) {
-    infof(data, "User: %s\n", ssh->user);
-  }
-  if (ssh->passwd) {
-    infof(data, "Password: %s\n", ssh->passwd);
-  }
-#endif /* CURL_LIBSSH2_DEBUG */
-  sock = conn->sock[FIRSTSOCKET];
-  ssh->ssh_session = libssh2_session_init_ex(libssh2_malloc, libssh2_free,
-                                            libssh2_realloc, ssh);
-  if (ssh->ssh_session == NULL) {
-    failf(data, "Failure initialising ssh session\n");
-    Curl_safefree(ssh->path);
-    return CURLE_FAILED_INIT;
-  }
-#ifdef CURL_LIBSSH2_DEBUG
-  infof(data, "SSH socket: %d\n", sock);
-#endif /* CURL_LIBSSH2_DEBUG */
-
-  if (libssh2_session_startup(ssh->ssh_session, sock)) {
-    failf(data, "Failure establishing ssh session\n");
-    libssh2_session_free(ssh->ssh_session);
-    ssh->ssh_session = NULL;
-    Curl_safefree(ssh->path);
-    return CURLE_FAILED_INIT;
-  }
-
-  /*
-   * Before we authenticate we should check the hostkey's fingerprint against
-   * our known hosts. How that is handled (reading from file, whatever) is
-   * up to us. As for know not much is implemented, besides showing how to
-   * get the fingerprint.
-   */
-  fingerprint = libssh2_hostkey_hash(ssh->ssh_session,
-                                     LIBSSH2_HOSTKEY_HASH_MD5);
-
-#ifdef CURL_LIBSSH2_DEBUG
-  /* The fingerprint points to static storage (!), don't free() it. */
-  infof(data, "Fingerprint: ");
-  for (i = 0; i < 16; i++) {
-    infof(data, "%02X ", (unsigned char) fingerprint[i]);
-  }
-  infof(data, "\n");
-#endif /* CURL_LIBSSH2_DEBUG */
-
-  /* TBD - methods to check the host keys need to be done */
-
-  /*
-   * Figure out authentication methods
-   * NB: As soon as we have provided a username to an openssh server we must
-   * never change it later. Thus, always specify the correct username here,
-   * even though the libssh2 docs kind of indicate that it should be possible
-   * to get a 'generic' list (not user-specific) of authentication methods,
-   * presumably with a blank username. That won't work in my experience.
-   * So always specify it here.
-   */
-  authlist = libssh2_userauth_list(ssh->ssh_session, ssh->user,
-                                   strlen(ssh->user));
-
-  /*
-   * Check the supported auth types in the order I feel is most secure with the
-   * requested type of authentication
-   */
-  if ((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&
-      (strstr(authlist, "publickey") != NULL)) {
-    /* To ponder about: should really the lib be messing about with the HOME
-       environment variable etc? */
-    home = curl_getenv("HOME");
-
-    if (data->set.ssh_public_key)
-      snprintf(rsa_pub, sizeof(rsa_pub), "%s", data->set.ssh_public_key);
-    else if (home)
-      snprintf(rsa_pub, sizeof(rsa_pub), "%s/.ssh/id_dsa.pub", home);
-
-    if (data->set.ssh_private_key)
-      snprintf(rsa, sizeof(rsa), "%s", data->set.ssh_private_key);
-    else if (home)
-      snprintf(rsa, sizeof(rsa), "%s/.ssh/id_dsa", home);
-
-    curl_free(home);
-
-    if (rsa_pub[0]) {
-      /* The function below checks if the files exists, no need to stat() here.
-      */
-      if (libssh2_userauth_publickey_fromfile(ssh->ssh_session, ssh->user,
-                                              rsa_pub, rsa, "") == 0) {
-        authed = TRUE;
-      }
-    }
-  }
-  if (!authed &&
-      (data->set.ssh_auth_types & CURLSSH_AUTH_PASSWORD) &&
-      (strstr(authlist, "password") != NULL)) {
-    if (!libssh2_userauth_password(ssh->ssh_session, ssh->user, ssh->passwd))
-      authed = TRUE;
-  }
-  if (!authed && (data->set.ssh_auth_types & CURLSSH_AUTH_HOST) &&
-      (strstr(authlist, "hostbased") != NULL)) {
-  }
-  if (!authed && (data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD)
-      && (strstr(authlist, "keyboard-interactive") != NULL)) {
-    /* Authentication failed. Continue with keyboard-interactive now. */
-    if (libssh2_userauth_keyboard_interactive_ex(ssh->ssh_session, ssh->user,
-                                                 strlen(ssh->user),
-                                                 &kbd_callback) == 0) {
-      authed = TRUE;
-    }
-  }
-
-  if (!authed) {
-    failf(data, "Authentication failure\n");
-    libssh2_session_free(ssh->ssh_session);
-    ssh->ssh_session = NULL;
-    Curl_safefree(ssh->path);
-    return CURLE_FAILED_INIT;
-  }
-
-  /*
-   * At this point we have an authenticated ssh session.
-   */
-  conn->sockfd = sock;
-  conn->writesockfd = CURL_SOCKET_BAD;
-
-  if (conn->protocol == PROT_SFTP) {
-    /*
-     * Start the libssh2 sftp session
-     */
-    ssh->sftp_session = libssh2_sftp_init(ssh->ssh_session);
-    if (ssh->sftp_session == NULL) {
-      failf(data, "Failure initialising sftp session\n");
-      libssh2_sftp_shutdown(ssh->sftp_session);
-      ssh->sftp_session = NULL;
-      libssh2_session_free(ssh->ssh_session);
-      ssh->ssh_session = NULL;
-      return CURLE_FAILED_INIT;
-    }
-
-    /*
-     * Get the "home" directory
-     */
-    i = libssh2_sftp_realpath(ssh->sftp_session, ".", tempHome, PATH_MAX-1);
-    if (i > 0) {
-      /* It seems that this string is not always NULL terminated */
-      tempHome[i] = '\0';
-      ssh->homedir = (char *)strdup(tempHome);
-      if (!ssh->homedir) {
-        libssh2_sftp_shutdown(ssh->sftp_session);
-        ssh->sftp_session = NULL;
-        libssh2_session_free(ssh->ssh_session);
-        ssh->ssh_session = NULL;
-        return CURLE_OUT_OF_MEMORY;
-      }
-    }
-    else {
-      /* Return the error type */
-      i = libssh2_sftp_last_error(ssh->sftp_session);
-      DEBUGF(infof(data, "error = %d\n", i));
-    }
-  }
-
-  /* Check for /~/ , indicating realative to the users home directory */
-  if (conn->protocol == PROT_SCP) {
-    real_path = (char *)malloc(working_path_len+1);
-    if (real_path == NULL) {
-      Curl_safefree(working_path);
-      libssh2_session_free(ssh->ssh_session);
-      ssh->ssh_session = NULL;
-      return CURLE_OUT_OF_MEMORY;
-    }
-    if (working_path[1] == '~')
-      /* It is referenced to the home directory, so strip the leading '/' */
-      memcpy(real_path, working_path+1, 1 + working_path_len-1);
-    else
-      memcpy(real_path, working_path, 1 + working_path_len);
-  }
-  else if (conn->protocol == PROT_SFTP) {
-    if (working_path[1] == '~') {
-      real_path = (char *)malloc(strlen(ssh->homedir) +
-                                 working_path_len + 1);
-      if (real_path == NULL) {
-        libssh2_sftp_shutdown(ssh->sftp_session);
-        ssh->sftp_session = NULL;
-        libssh2_session_free(ssh->ssh_session);
-        ssh->ssh_session = NULL;
-        Curl_safefree(working_path);
-        return CURLE_OUT_OF_MEMORY;
-      }
-      /* It is referenced to the home directory, so strip the leading '/' */
-      memcpy(real_path, ssh->homedir, strlen(ssh->homedir));
-      real_path[strlen(ssh->homedir)] = '/';
-      real_path[strlen(ssh->homedir)+1] = '\0';
-      if (working_path_len > 3) {
-        memcpy(real_path+strlen(ssh->homedir)+1, working_path + 3,
-               1 + working_path_len -3);
-      }
-    }
-    else {
-      real_path = (char *)malloc(working_path_len+1);
-      if (real_path == NULL) {
-        libssh2_session_free(ssh->ssh_session);
-        ssh->ssh_session = NULL;
-        Curl_safefree(working_path);
-        return CURLE_OUT_OF_MEMORY;
-      }
-      memcpy(real_path, working_path, 1+working_path_len);
-    }
-  }
-  else
-    return CURLE_FAILED_INIT;
-
-  Curl_safefree(working_path);
-  ssh->path = real_path;
-
-  *done = TRUE;
-  return CURLE_OK;
-}
-
-CURLcode Curl_scp_do(struct connectdata *conn, bool *done)
-{
-  struct stat sb;
-  struct SSHPROTO *scp = conn->data->reqdata.proto.ssh;
-  CURLcode res = CURLE_OK;
-
-  *done = TRUE; /* unconditionally */
-
-  if (conn->data->set.upload) {
-    /*
-     * NOTE!!!  libssh2 requires that the destination path is a full path
-     *          that includes the destination file and name OR ends in a "/" .
-     *          If this is not done the destination file will be named the
-     *          same name as the last directory in the path.
-     */
-    scp->ssh_channel = libssh2_scp_send_ex(scp->ssh_session, scp->path,
-                                           LIBSSH2_SFTP_S_IRUSR|
-                                           LIBSSH2_SFTP_S_IWUSR|
-                                           LIBSSH2_SFTP_S_IRGRP|
-                                           LIBSSH2_SFTP_S_IROTH,
-                                           conn->data->set.infilesize, 0, 0);
-    if (!scp->ssh_channel)
-      return CURLE_FAILED_INIT;
-
-    /* upload data */
-    res = Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
-  }
-  else {
-    /*
-     * We must check the remote file, if it is a directory no vaules will
-     * be set in sb
-     */
-    curl_off_t bytecount;
-    memset(&sb, 0, sizeof(struct stat));
-    scp->ssh_channel = libssh2_scp_recv(scp->ssh_session, scp->path, &sb);
-    if (!scp->ssh_channel) {
-      if ((sb.st_mode == 0) && (sb.st_atime == 0) && (sb.st_mtime == 0) &&
-          (sb.st_size == 0)) {
-        /* Since sb is still empty, it is likely the file was not found */
-        return CURLE_REMOTE_FILE_NOT_FOUND;
-      }
-      return libssh2_error_to_CURLE(conn);
-    }
-    /* download data */
-    bytecount = (curl_off_t) sb.st_size;
-    conn->data->reqdata.maxdownload =  (curl_off_t) sb.st_size;
-    res = Curl_setup_transfer(conn, FIRSTSOCKET,
-                              bytecount, FALSE, NULL, -1, NULL);
-  }
-
-  return res;
-}
-
-CURLcode Curl_scp_done(struct connectdata *conn, CURLcode status,
-                       bool premature)
-{
-  struct SSHPROTO *scp = conn->data->reqdata.proto.ssh;
-  (void)premature; /* not used */
-
-  Curl_safefree(scp->path);
-  scp->path = NULL;
-
-  if (scp->ssh_channel) {
-    if (libssh2_channel_close(scp->ssh_channel) < 0) {
-      infof(conn->data, "Failed to stop libssh2 channel subsystem\n");
-    }
-  }
-
-  if (scp->ssh_session) {
-    libssh2_session_disconnect(scp->ssh_session, "Shutdown");
-    libssh2_session_free(scp->ssh_session);
-    scp->ssh_session = NULL;
-  }
-
-  free(conn->data->reqdata.proto.ssh);
-  conn->data->reqdata.proto.ssh = NULL;
-  Curl_pgrsDone(conn);
-
-  (void)status; /* unused */
-
-  return CURLE_OK;
-}
-
-/* return number of received (decrypted) bytes */
-ssize_t Curl_scp_send(struct connectdata *conn, int sockindex,
-                      void *mem, size_t len)
-{
-  ssize_t nwrite;
-
-  /* libssh2_channel_write() returns int
-   *
-   * NOTE: we should not store nor rely on connection-related data to be
-   * in the SessionHandle struct
-   */
-  nwrite = (ssize_t)
-    libssh2_channel_write(conn->data->reqdata.proto.ssh->ssh_channel,
-                          mem, len);
-  (void)sockindex;
-  return nwrite;
-}
-
-/*
- * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
- * a regular CURLcode value.
- */
-ssize_t Curl_scp_recv(struct connectdata *conn, int sockindex,
-                  char *mem, size_t len)
-{
-  ssize_t nread;
-
-  /* libssh2_channel_read() returns int
-   *
-   * NOTE: we should not store nor rely on connection-related data to be
-   * in the SessionHandle struct
-   */
-
-  nread = (ssize_t)
-    libssh2_channel_read(conn->data->reqdata.proto.ssh->ssh_channel,
-                         mem, len);
-  (void)sockindex;
-  return nread;
-}
-
-/*
- * =============== SFTP ===============
- */
-
-CURLcode Curl_sftp_do(struct connectdata *conn, bool *done)
-{
-  LIBSSH2_SFTP_ATTRIBUTES attrs;
-  struct SSHPROTO *sftp = conn->data->reqdata.proto.ssh;
-  CURLcode res = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  curl_off_t bytecount = 0;
-  char *buf = data->state.buffer;
-
-  *done = TRUE; /* unconditionally */
-
-  if (data->set.upload) {
-    /*
-     * NOTE!!!  libssh2 requires that the destination path is a full path
-     *          that includes the destination file and name OR ends in a "/" .
-     *          If this is not done the destination file will be named the
-     *          same name as the last directory in the path.
-     */
-    sftp->sftp_handle =
-      libssh2_sftp_open(sftp->sftp_session, sftp->path,
-                        LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT,
-                        LIBSSH2_SFTP_S_IRUSR|LIBSSH2_SFTP_S_IWUSR|
-                        LIBSSH2_SFTP_S_IRGRP|LIBSSH2_SFTP_S_IROTH);
-    if (!sftp->sftp_handle)
-      return CURLE_FAILED_INIT;
-
-    /* upload data */
-    res = Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
-  }
-  else {
-    if (sftp->path[strlen(sftp->path)-1] == '/') {
-      /*
-       * This is a directory that we are trying to get, so produce a
-       * directory listing
-       *
-       * **BLOCKING behaviour** This should be made into a state machine and
-       * get a separate function called from Curl_sftp_recv() when there is
-       * data to read from the network, instead of "hanging" here.
-       */
-      char filename[PATH_MAX+1];
-      int len, totalLen, currLen;
-      char *line;
-
-      sftp->sftp_handle =
-        libssh2_sftp_opendir(sftp->sftp_session, sftp->path);
-      if (!sftp->sftp_handle)
-        return CURLE_SSH;
-
-      while ((len = libssh2_sftp_readdir(sftp->sftp_handle, filename,
-                                         PATH_MAX, &attrs)) > 0) {
-        filename[len] = '\0';
-
-        if (data->set.ftp_list_only) {
-          if ((attrs.flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) &&
-              ((attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
-               LIBSSH2_SFTP_S_IFDIR)) {
-            infof(data, "%s\n", filename);
-          }
-        }
-        else {
-          totalLen = 80 + len;
-          line = (char *)malloc(totalLen);
-          if (!line)
-            return CURLE_OUT_OF_MEMORY;
-
-          if (!(attrs.flags & LIBSSH2_SFTP_ATTR_UIDGID))
-            attrs.uid = attrs.gid =0;
-
-          currLen = snprintf(line, totalLen, "----------   1 %5d %5d",
-                             attrs.uid, attrs.gid);
-
-          if (attrs.flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) {
-            if ((attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
-                LIBSSH2_SFTP_S_IFDIR) {
-              line[0] = 'd';
-            }
-            else if ((attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
-                     LIBSSH2_SFTP_S_IFLNK) {
-              line[0] = 'l';
-            }
-            else if ((attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
-                     LIBSSH2_SFTP_S_IFSOCK) {
-              line[0] = 's';
-            }
-            else if ((attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
-                     LIBSSH2_SFTP_S_IFCHR) {
-              line[0] = 'c';
-            }
-            else if ((attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
-                     LIBSSH2_SFTP_S_IFBLK) {
-              line[0] = 'b';
-            }
-            if (attrs.permissions & LIBSSH2_SFTP_S_IRUSR) {
-              line[1] = 'r';
-            }
-            if (attrs.permissions & LIBSSH2_SFTP_S_IWUSR) {
-              line[2] = 'w';
-            }
-            if (attrs.permissions & LIBSSH2_SFTP_S_IXUSR) {
-              line[3] = 'x';
-            }
-            if (attrs.permissions & LIBSSH2_SFTP_S_IRGRP) {
-              line[4] = 'r';
-            }
-            if (attrs.permissions & LIBSSH2_SFTP_S_IWGRP) {
-              line[5] = 'w';
-            }
-            if (attrs.permissions & LIBSSH2_SFTP_S_IXGRP) {
-              line[6] = 'x';
-            }
-            if (attrs.permissions & LIBSSH2_SFTP_S_IROTH) {
-              line[7] = 'r';
-            }
-            if (attrs.permissions & LIBSSH2_SFTP_S_IWOTH) {
-              line[8] = 'w';
-            }
-            if (attrs.permissions & LIBSSH2_SFTP_S_IXOTH) {
-              line[9] = 'x';
-            }
-          }
-          if (attrs.flags & LIBSSH2_SFTP_ATTR_SIZE) {
-            currLen += snprintf(line+currLen, totalLen-currLen, "%11lld",
-                                attrs.filesize);
-          }
-          if (attrs.flags & LIBSSH2_SFTP_ATTR_ACMODTIME) {
-            const char *months[12] = {
-              "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-              "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
-            struct tm *nowParts;
-            time_t now, remoteTime;
-
-            now = time(NULL);
-            remoteTime = (time_t)attrs.mtime;
-            nowParts = localtime(&remoteTime);
-
-            if ((time_t)attrs.mtime > (now - (3600 * 24 * 180))) {
-              currLen += snprintf(line+currLen, totalLen-currLen,
-                                  " %s %2d %2d:%02d", months[nowParts->tm_mon],
-                                  nowParts->tm_mday, nowParts->tm_hour,
-                                  nowParts->tm_min);
-            }
-            else {
-              currLen += snprintf(line+currLen, totalLen-currLen,
-                                  " %s %2d %5d", months[nowParts->tm_mon],
-                                  nowParts->tm_mday, 1900+nowParts->tm_year);
-            }
-          }
-          currLen += snprintf(line+currLen, totalLen-currLen, " %s", filename);
-          if ((attrs.flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) &&
-              ((attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
-               LIBSSH2_SFTP_S_IFLNK)) {
-            char linkPath[PATH_MAX + 1];
-
-            snprintf(linkPath, PATH_MAX, "%s%s", sftp->path, filename);
-            len = libssh2_sftp_readlink(sftp->sftp_session, linkPath, filename,
-                                        PATH_MAX);
-            line = realloc(line, totalLen + 4 + len);
-            if (!line)
-              return CURLE_OUT_OF_MEMORY;
-
-            currLen += snprintf(line+currLen, totalLen-currLen, " -> %s",
-                                filename);
-          }
-
-          currLen += snprintf(line+currLen, totalLen-currLen, "\n");
-          res = Curl_client_write(conn, CLIENTWRITE_BODY, line, 0);
-          free(line);
-        }
-      }
-      libssh2_sftp_closedir(sftp->sftp_handle);
-      sftp->sftp_handle = NULL;
-
-      /* no data to transfer */
-      res = Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
-    }
-    else {
-      /*
-       * Work on getting the specified file
-       */
-      sftp->sftp_handle =
-        libssh2_sftp_open(sftp->sftp_session, sftp->path, LIBSSH2_FXF_READ,
-                          LIBSSH2_SFTP_S_IRUSR|LIBSSH2_SFTP_S_IWUSR|
-                          LIBSSH2_SFTP_S_IRGRP|LIBSSH2_SFTP_S_IROTH);
-      if (!sftp->sftp_handle)
-        return CURLE_SSH;
-
-      if (libssh2_sftp_stat(sftp->sftp_session, sftp->path, &attrs)) {
-        /*
-         * libssh2_sftp_open() didn't return an error, so maybe the server
-         * just doesn't support stat()
-         */
-        data->reqdata.size = -1;
-        data->reqdata.maxdownload = -1;
-      }
-      else {
-        data->reqdata.size = attrs.filesize;
-        data->reqdata.maxdownload = attrs.filesize;
-        Curl_pgrsSetDownloadSize(data, attrs.filesize);
-      }
-
-      Curl_pgrsTime(data, TIMER_STARTTRANSFER);
-
-      /* Now download data. The libssh2 0.14 doesn't offer any way to do this
-         without using this BLOCKING approach, so here's room for improvement
-         once libssh2 can return EWOULDBLOCK to us. */
-#if 0
-      /* code left here just because this is what this function will use the
-         day libssh2 is improved */
-      res = Curl_setup_transfer(conn, FIRSTSOCKET,
-                                bytecount, FALSE, NULL, -1, NULL);
-#endif
-      while (res == CURLE_OK) {
-        size_t nread;
-        /* NOTE: most *read() functions return ssize_t but this returns size_t
-           which normally is unsigned! */
-        nread = libssh2_sftp_read(data->reqdata.proto.ssh->sftp_handle,
-                                  buf, BUFSIZE-1);
-
-        if (nread > 0)
-          buf[nread] = 0;
-
-        /* this check can be changed to a <= 0 when nread is changed to a
-           signed variable type */
-        if ((nread == 0) || (nread == (size_t)~0))
-          break;
-
-        bytecount += nread;
-
-        res = Curl_client_write(conn, CLIENTWRITE_BODY, buf, nread);
-        if(res)
-          return res;
-
-        Curl_pgrsSetDownloadCounter(data, bytecount);
-
-        if(Curl_pgrsUpdate(conn))
-          res = CURLE_ABORTED_BY_CALLBACK;
-        else {
-          struct timeval now = Curl_tvnow();
-          res = Curl_speedcheck(data, now);
-        }
-      }
-      if(Curl_pgrsUpdate(conn))
-        res = CURLE_ABORTED_BY_CALLBACK;
-
-      /* no (more) data to transfer */
-      res = Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
-    }
-  }
-
-  return res;
-}
-
-CURLcode Curl_sftp_done(struct connectdata *conn, CURLcode status,
-                        bool premature)
-{
-  struct SSHPROTO *sftp = conn->data->reqdata.proto.ssh;
-  (void)premature; /* not used */
-
-  Curl_safefree(sftp->path);
-  sftp->path = NULL;
-
-  Curl_safefree(sftp->homedir);
-  sftp->homedir = NULL;
-
-  if (sftp->sftp_handle) {
-    if (libssh2_sftp_close(sftp->sftp_handle) < 0) {
-      infof(conn->data, "Failed to close libssh2 file\n");
-    }
-  }
-
-  if (sftp->sftp_session) {
-    if (libssh2_sftp_shutdown(sftp->sftp_session) < 0) {
-      infof(conn->data, "Failed to stop libssh2 sftp subsystem\n");
-    }
-  }
-
-  if (sftp->ssh_channel) {
-    if (libssh2_channel_close(sftp->ssh_channel) < 0) {
-      infof(conn->data, "Failed to stop libssh2 channel subsystem\n");
-    }
-  }
-
-  if (sftp->ssh_session) {
-    libssh2_session_disconnect(sftp->ssh_session, "Shutdown");
-    libssh2_session_free(sftp->ssh_session);
-    sftp->ssh_session = NULL;
-  }
-
-  free(conn->data->reqdata.proto.ssh);
-  conn->data->reqdata.proto.ssh = NULL;
-  Curl_pgrsDone(conn);
-
-  (void)status; /* unused */
-
-  return CURLE_OK;
-}
-
-/* return number of received (decrypted) bytes */
-ssize_t Curl_sftp_send(struct connectdata *conn, int sockindex,
-                       void *mem, size_t len)
-{
-  ssize_t nwrite;
-
-  /* libssh2_sftp_write() returns size_t !*/
-
-  nwrite = (ssize_t)
-    libssh2_sftp_write(conn->data->reqdata.proto.ssh->sftp_handle, mem, len);
-  (void)sockindex;
-  return nwrite;
-}
-
-/*
- * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
- * a regular CURLcode value.
- */
-ssize_t Curl_sftp_recv(struct connectdata *conn, int sockindex,
-                   char *mem, size_t len)
-{
-  ssize_t nread;
-
-  /* libssh2_sftp_read() returns size_t !*/
-
-  nread = (ssize_t)
-    libssh2_sftp_read(conn->data->reqdata.proto.ssh->sftp_handle, mem, len);
-  (void)sockindex;
-  return nread;
-}
-
-#endif /* USE_LIBSSH2 */
diff --git a/Utilities/cmcurl/ssh.h b/Utilities/cmcurl/ssh.h
deleted file mode 100644
index d914490..0000000
--- a/Utilities/cmcurl/ssh.h
+++ /dev/null
@@ -1,49 +0,0 @@
-#ifndef __SSH_H
-#define __SSH_H
-
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#ifdef USE_LIBSSH2
-
-CURLcode Curl_ssh_connect(struct connectdata *conn, bool *done);
-
-CURLcode Curl_scp_do(struct connectdata *conn, bool *done);
-CURLcode Curl_scp_done(struct connectdata *conn, CURLcode, bool premature);
-
-ssize_t Curl_scp_send(struct connectdata *conn, int sockindex,
-                      void *mem, size_t len);
-ssize_t Curl_scp_recv(struct connectdata *conn, int sockindex,
-                      char *mem, size_t len);
-
-CURLcode Curl_sftp_do(struct connectdata *conn, bool *done);
-CURLcode Curl_sftp_done(struct connectdata *conn, CURLcode, bool premature);
-
-ssize_t Curl_sftp_send(struct connectdata *conn, int sockindex,
-                       void *mem, size_t len);
-ssize_t Curl_sftp_recv(struct connectdata *conn, int sockindex,
-                       char *mem, size_t len);
-
-#endif /* USE_LIBSSH2 */
-
-#endif /* __SSH_H */
diff --git a/Utilities/cmcurl/sslgen.c b/Utilities/cmcurl/sslgen.c
deleted file mode 100644
index f110a51..0000000
--- a/Utilities/cmcurl/sslgen.c
+++ /dev/null
@@ -1,618 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-/* This file is for "generic" SSL functions that all libcurl internals should
-   use. It is responsible for calling the proper 'ossl' function in ssluse.c
-   (OpenSSL based) or the 'gtls' function in gtls.c (GnuTLS based).
-
-   SSL-functions in libcurl should call functions in this source file, and not
-   to any specific SSL-layer.
-
-   Curl_ssl_ - prefix for generic ones
-   Curl_ossl_ - prefix for OpenSSL ones
-   Curl_gtls_ - prefix for GnuTLS ones
-
-   "SSL/TLS Strong Encryption: An Introduction"
-   http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html
-*/
-
-#include "setup.h"
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#include "urldata.h"
-#define SSLGEN_C
-#include "sslgen.h" /* generic SSL protos etc */
-#include "ssluse.h" /* OpenSSL versions */
-#include "gtls.h"   /* GnuTLS versions */
-#include "sendf.h"
-#include "strequal.h"
-#include "url.h"
-#include "memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/* "global" init done? */
-static bool init_ssl=FALSE;
-
-static bool safe_strequal(char* str1, char* str2);
-
-static bool safe_strequal(char* str1, char* str2)
-{
-  if(str1 && str2)
-    /* both pointers point to something then compare them */
-    return (bool)(0 != strequal(str1, str2));
-  else
-    /* if both pointers are NULL then treat them as equal */
-    return (bool)(!str1 && !str2);
-}
-
-bool
-Curl_ssl_config_matches(struct ssl_config_data* data,
-                        struct ssl_config_data* needle)
-{
-  if((data->version == needle->version) &&
-     (data->verifypeer == needle->verifypeer) &&
-     (data->verifyhost == needle->verifyhost) &&
-     safe_strequal(data->CApath, needle->CApath) &&
-     safe_strequal(data->CAfile, needle->CAfile) &&
-     safe_strequal(data->random_file, needle->random_file) &&
-     safe_strequal(data->egdsocket, needle->egdsocket) &&
-     safe_strequal(data->cipher_list, needle->cipher_list))
-    return TRUE;
-
-  return FALSE;
-}
-
-bool
-Curl_clone_ssl_config(struct ssl_config_data *source,
-                      struct ssl_config_data *dest)
-{
-  dest->verifyhost = source->verifyhost;
-  dest->verifypeer = source->verifypeer;
-  dest->version = source->version;
-
-  if(source->CAfile) {
-    dest->CAfile = strdup(source->CAfile);
-    if(!dest->CAfile)
-      return FALSE;
-  }
-
-  if(source->CApath) {
-    dest->CApath = strdup(source->CApath);
-    if(!dest->CApath)
-      return FALSE;
-  }
-
-  if(source->cipher_list) {
-    dest->cipher_list = strdup(source->cipher_list);
-    if(!dest->cipher_list)
-      return FALSE;
-  }
-
-  if(source->egdsocket) {
-    dest->egdsocket = strdup(source->egdsocket);
-    if(!dest->egdsocket)
-      return FALSE;
-  }
-
-  if(source->random_file) {
-    dest->random_file = strdup(source->random_file);
-    if(!dest->random_file)
-      return FALSE;
-  }
-
-  return TRUE;
-}
-
-void Curl_free_ssl_config(struct ssl_config_data* sslc)
-{
-  if(sslc->CAfile)
-    free(sslc->CAfile);
-
-  if(sslc->CApath)
-    free(sslc->CApath);
-
-  if(sslc->cipher_list)
-    free(sslc->cipher_list);
-
-  if(sslc->egdsocket)
-    free(sslc->egdsocket);
-
-  if(sslc->random_file)
-    free(sslc->random_file);
-}
-
-/**
- * Global SSL init
- *
- * @retval 0 error initializing SSL
- * @retval 1 SSL initialized successfully
- */
-int Curl_ssl_init(void)
-{
-  /* make sure this is only done once */
-  if(init_ssl)
-    return 1;
-  init_ssl = TRUE; /* never again */
-
-#ifdef USE_SSLEAY
-  return Curl_ossl_init();
-#else
-#ifdef USE_GNUTLS
-  return Curl_gtls_init();
-#else
-  /* no SSL support */
-  return 1;
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-}
-
-
-/* Global cleanup */
-void Curl_ssl_cleanup(void)
-{
-  if(init_ssl) {
-    /* only cleanup if we did a previous init */
-#ifdef USE_SSLEAY
-    Curl_ossl_cleanup();
-#else
-#ifdef USE_GNUTLS
-    Curl_gtls_cleanup();
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-    init_ssl = FALSE;
-  }
-}
-
-CURLcode
-Curl_ssl_connect(struct connectdata *conn, int sockindex)
-{
-#ifdef USE_SSL
-  /* mark this is being ssl enabled from here on. */
-  conn->ssl[sockindex].use = TRUE;
-
-#ifdef USE_SSLEAY
-  return Curl_ossl_connect(conn, sockindex);
-#else
-#ifdef USE_GNUTLS
-  return Curl_gtls_connect(conn, sockindex);
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-
-#else
-  /* without SSL */
-  (void)conn;
-  (void)sockindex;
-  return CURLE_OK;
-#endif /* USE_SSL */
-}
-
-CURLcode
-Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
-                             bool *done)
-{
-#if defined(USE_SSL) && defined(USE_SSLEAY)
-  /* mark this is being ssl enabled from here on. */
-  conn->ssl[sockindex].use = TRUE;
-  return Curl_ossl_connect_nonblocking(conn, sockindex, done);
-
-#else
-  /* not implemented!
-     fallback to BLOCKING call. */
-  *done = TRUE;
-  return Curl_ssl_connect(conn, sockindex);
-#endif
-}
-
-#ifdef USE_SSL
-
-/*
- * Check if there's a session ID for the given connection in the cache, and if
- * there's one suitable, it is provided. Returns TRUE when no entry matched.
- */
-int Curl_ssl_getsessionid(struct connectdata *conn,
-                          void **ssl_sessionid,
-                          size_t *idsize) /* set 0 if unknown */
-{
-  struct curl_ssl_session *check;
-  struct SessionHandle *data = conn->data;
-  long i;
-
-  if(!conn->ssl_config.sessionid)
-    /* session ID re-use is disabled */
-    return TRUE;
-
-  for(i=0; i< data->set.ssl.numsessions; i++) {
-    check = &data->state.session[i];
-    if(!check->sessionid)
-      /* not session ID means blank entry */
-      continue;
-    if(curl_strequal(conn->host.name, check->name) &&
-       (conn->remote_port == check->remote_port) &&
-       Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
-      /* yes, we have a session ID! */
-      data->state.sessionage++;            /* increase general age */
-      check->age = data->state.sessionage; /* set this as used in this age */
-      *ssl_sessionid = check->sessionid;
-      if(idsize)
-        *idsize = check->idsize;
-      return FALSE;
-    }
-  }
-  *ssl_sessionid = NULL;
-  return TRUE;
-}
-
-/*
- * Kill a single session ID entry in the cache.
- */
-static int kill_session(struct curl_ssl_session *session)
-{
-  if(session->sessionid) {
-    /* defensive check */
-
-    /* free the ID the SSL-layer specific way */
-#ifdef USE_SSLEAY
-    Curl_ossl_session_free(session->sessionid);
-#else
-    Curl_gtls_session_free(session->sessionid);
-#endif
-    session->sessionid=NULL;
-    session->age = 0; /* fresh */
-
-    Curl_free_ssl_config(&session->ssl_config);
-
-    Curl_safefree(session->name);
-    session->name = NULL; /* no name */
-
-    return 0; /* ok */
-  }
-  else
-    return 1;
-}
-
-/*
- * Store session id in the session cache. The ID passed on to this function
- * must already have been extracted and allocated the proper way for the SSL
- * layer. Curl_XXXX_session_free() will be called to free/kill the session ID
- * later on.
- */
-CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
-                               void *ssl_sessionid,
-                               size_t idsize)
-{
-  int i;
-  struct SessionHandle *data=conn->data; /* the mother of all structs */
-  struct curl_ssl_session *store = &data->state.session[0];
-  long oldest_age=data->state.session[0].age; /* zero if unused */
-  char *clone_host;
-
-  /* Even though session ID re-use might be disabled, that only disables USING
-     IT. We still store it here in case the re-using is again enabled for an
-     upcoming transfer */
-
-  clone_host = strdup(conn->host.name);
-  if(!clone_host)
-    return CURLE_OUT_OF_MEMORY; /* bail out */
-
-  /* Now we should add the session ID and the host name to the cache, (remove
-     the oldest if necessary) */
-
-  /* find an empty slot for us, or find the oldest */
-  for(i=1; (i<data->set.ssl.numsessions) &&
-        data->state.session[i].sessionid; i++) {
-    if(data->state.session[i].age < oldest_age) {
-      oldest_age = data->state.session[i].age;
-      store = &data->state.session[i];
-    }
-  }
-  if(i == data->set.ssl.numsessions)
-    /* cache is full, we must "kill" the oldest entry! */
-    kill_session(store);
-  else
-    store = &data->state.session[i]; /* use this slot */
-
-  /* now init the session struct wisely */
-  store->sessionid = ssl_sessionid;
-  store->idsize = idsize;
-  store->age = data->state.sessionage;    /* set current age */
-  store->name = clone_host;               /* clone host name */
-  store->remote_port = conn->remote_port; /* port number */
-
-  if (!Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config))
-    return CURLE_OUT_OF_MEMORY;
-
-  return CURLE_OK;
-}
-
-
-#endif
-
-void Curl_ssl_close_all(struct SessionHandle *data)
-{
-#ifdef USE_SSL
-  int i;
-  /* kill the session ID cache */
-  if(data->state.session) {
-    for(i=0; i< data->set.ssl.numsessions; i++)
-      /* the single-killer function handles empty table slots */
-      kill_session(&data->state.session[i]);
-
-    /* free the cache data */
-    free(data->state.session);
-    data->state.session = NULL;
-  }
-#ifdef USE_SSLEAY
-  Curl_ossl_close_all(data);
-#else
-#ifdef USE_GNUTLS
-  Curl_gtls_close_all(data);
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-#else /* USE_SSL */
-  (void)data;
-#endif /* USE_SSL */
-}
-
-void Curl_ssl_close(struct connectdata *conn)
-{
-  if(conn->ssl[FIRSTSOCKET].use) {
-#ifdef USE_SSLEAY
-    Curl_ossl_close(conn);
-#else
-#ifdef USE_GNUTLS
-    Curl_gtls_close(conn);
-#else
-  (void)conn;
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-  }
-}
-
-CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
-{
-  if(conn->ssl[sockindex].use) {
-#ifdef USE_SSLEAY
-    if(Curl_ossl_shutdown(conn, sockindex))
-      return CURLE_SSL_SHUTDOWN_FAILED;
-#else
-#ifdef USE_GNUTLS
-    if(Curl_gtls_shutdown(conn, sockindex))
-      return CURLE_SSL_SHUTDOWN_FAILED;
-#else
-    (void)conn;
-    (void)sockindex;
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-  }
-  return CURLE_OK;
-}
-
-/* Selects an (Open)SSL crypto engine
- */
-CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
-{
-#ifdef USE_SSLEAY
-  return Curl_ossl_set_engine(data, engine);
-#else
-#ifdef USE_GNUTLS
-  /* FIX: add code here */
-  (void)data;
-  (void)engine;
-  return CURLE_FAILED_INIT;
-#else
-  /* no SSL layer */
-  (void)data;
-  (void)engine;
-  return CURLE_FAILED_INIT;
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-}
-
-/* Selects an (Open?)SSL crypto engine
- */
-CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
-{
-#ifdef USE_SSLEAY
-  return Curl_ossl_set_engine_default(data);
-#else
-#ifdef USE_GNUTLS
-  /* FIX: add code here */
-  (void)data;
-  return CURLE_FAILED_INIT;
-#else
-  /* No SSL layer */
-  (void)data;
-  return CURLE_FAILED_INIT;
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-}
-
-/* Return list of OpenSSL crypto engine names. */
-struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
-{
-#ifdef USE_SSLEAY
-  return Curl_ossl_engines_list(data);
-#else
-#ifdef USE_GNUTLS
-  /* FIX: add code here? */
-  (void)data;
-  return NULL;
-#else
-  (void)data;
-  return NULL;
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-}
-
-/* return number of sent (non-SSL) bytes */
-ssize_t Curl_ssl_send(struct connectdata *conn,
-                      int sockindex,
-                      void *mem,
-                      size_t len)
-{
-#ifdef USE_SSLEAY
-  return Curl_ossl_send(conn, sockindex, mem, len);
-#else
-#ifdef USE_GNUTLS
-  return Curl_gtls_send(conn, sockindex, mem, len);
-#else
-  (void)conn;
-  (void)sockindex;
-  (void)mem;
-  (void)len;
-  return 0;
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-}
-
-/* return number of received (decrypted) bytes */
-
-/*
- * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
- * a regular CURLcode value.
- */
-ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
-                      int sockindex,            /* socketindex */
-                      char *mem,                /* store read data here */
-                      size_t len)               /* max amount to read */
-{
-#ifdef USE_SSL
-  ssize_t nread;
-  bool block = FALSE;
-
-#ifdef USE_SSLEAY
-  nread = Curl_ossl_recv(conn, sockindex, mem, len, &block);
-#else
-#ifdef USE_GNUTLS
-  nread = Curl_gtls_recv(conn, sockindex, mem, len, &block);
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-  if(nread == -1) {
-    if(!block)
-      return 0; /* this is a true error, not EWOULDBLOCK */
-    else
-      return -1;
-  }
-
-  return (int)nread;
-
-#else /* USE_SSL */
-  (void)conn;
-  (void)sockindex;
-  (void)mem;
-  (void)len;
-  return 0;
-#endif /* USE_SSL */
-}
-
-
-/*
- * This sets up a session ID cache to the specified size. Make sure this code
- * is agnostic to what underlying SSL technology we use.
- */
-CURLcode Curl_ssl_initsessions(struct SessionHandle *data, long amount)
-{
-#ifdef USE_SSL
-  struct curl_ssl_session *session;
-
-  if(data->state.session)
-    /* this is just a precaution to prevent multiple inits */
-    return CURLE_OK;
-
-  session = (struct curl_ssl_session *)
-    calloc(sizeof(struct curl_ssl_session), amount);
-  if(!session)
-    return CURLE_OUT_OF_MEMORY;
-
-  /* store the info in the SSL section */
-  data->set.ssl.numsessions = amount;
-  data->state.session = session;
-  data->state.sessionage = 1; /* this is brand new */
-#else
-  /* without SSL, do nothing */
-  (void)data;
-  (void)amount;
-#endif
-
-  return CURLE_OK;
-}
-
-size_t Curl_ssl_version(char *buffer, size_t size)
-{
-#ifdef USE_SSLEAY
-  return Curl_ossl_version(buffer, size);
-#else
-#ifdef USE_GNUTLS
-  return Curl_gtls_version(buffer, size);
-#else
-  (void)buffer;
-  (void)size;
-  return 0; /* no SSL support */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-}
-
-
-/*
- * This function tries to determine connection status.
- *
- * Return codes:
- *     1 means the connection is still in place
- *     0 means the connection has been closed
- *    -1 means the connection status is unknown
- */
-int Curl_ssl_check_cxn(struct connectdata *conn)
-{
-#ifdef USE_SSLEAY
-  return Curl_ossl_check_cxn(conn);
-#else
-  (void)conn;
-  /* TODO: we lack implementation of this for GnuTLS */
-  return -1; /* connection status unknown */
-#endif /* USE_SSLEAY */
-}
-
-bool Curl_ssl_data_pending(struct connectdata *conn,
-                           int connindex)
-{
-#ifdef USE_SSLEAY
-  /* OpenSSL-specific */
-  if(conn->ssl[connindex].handle)
-    /* SSL is in use */
-    return SSL_pending(conn->ssl[connindex].handle);
-#else
-  (void)conn;
-  (void)connindex;
-#endif
-  return FALSE; /* nothing pending */
-
-}
diff --git a/Utilities/cmcurl/sslgen.h b/Utilities/cmcurl/sslgen.h
deleted file mode 100644
index c24d46b..0000000
--- a/Utilities/cmcurl/sslgen.h
+++ /dev/null
@@ -1,84 +0,0 @@
-#ifndef __SSLGEN_H
-#define __SSLGEN_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-bool Curl_ssl_config_matches(struct ssl_config_data* data,
-                             struct ssl_config_data* needle);
-bool Curl_clone_ssl_config(struct ssl_config_data* source,
-                           struct ssl_config_data* dest);
-void Curl_free_ssl_config(struct ssl_config_data* sslc);
-
-int Curl_ssl_init(void);
-void Curl_ssl_cleanup(void);
-CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
-CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
-                                      int sockindex,
-                                      bool *done);
-void Curl_ssl_close(struct connectdata *conn);
-/* tell the SSL stuff to close down all open information regarding
-   connections (and thus session ID caching etc) */
-void Curl_ssl_close_all(struct SessionHandle *data);
-CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine);
-/* Sets engine as default for all SSL operations */
-CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data);
-ssize_t Curl_ssl_send(struct connectdata *conn,
-                      int sockindex,
-                      void *mem,
-                      size_t len);
-ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
-                      int sockindex,            /* socketindex */
-                      char *mem,                /* store read data here */
-                      size_t len);              /* max amount to read */
-
-/* init the SSL session ID cache */
-CURLcode Curl_ssl_initsessions(struct SessionHandle *, long);
-/* extract a session ID */
-int Curl_ssl_getsessionid(struct connectdata *conn,
-                          void **ssl_sessionid,
-                          size_t *idsize) /* set 0 if unknown */;
-/* add a new session ID */
-CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
-                               void *ssl_sessionid,
-                               size_t idsize);
-
-
-struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data);
-
-size_t Curl_ssl_version(char *buffer, size_t size);
-
-int Curl_ssl_check_cxn(struct connectdata *conn);
-
-CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
-
-bool Curl_ssl_data_pending(struct connectdata *conn,
-                           int connindex);
-
-#if !defined(USE_SSL) && !defined(SSLGEN_C)
-/* set up blank macros for none-SSL builds */
-#define Curl_ssl_close_all(x)
-#endif
-
-#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
-
-#endif
diff --git a/Utilities/cmcurl/ssluse.c b/Utilities/cmcurl/ssluse.c
deleted file mode 100644
index 6709278..0000000
--- a/Utilities/cmcurl/ssluse.c
+++ /dev/null
@@ -1,1950 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-/*
- * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
- * but sslgen.c should ever call or use these functions.
- */
-
-/*
- * The original SSLeay-using code for curl was written by Linas Vepstas and
- * Sampo Kellomaki 1998.
- */
-
-#include "setup.h"
-
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "formdata.h" /* for the boundary function */
-#include "url.h" /* for the ssl config check function */
-#include "inet_pton.h"
-#include "ssluse.h"
-#include "connect.h" /* Curl_sockerrno() proto */
-#include "strequal.h"
-#include "select.h"
-#include "sslgen.h"
-
-#define _MPRINTF_REPLACE /* use the internal *printf() functions */
-#include <curl/mprintf.h>
-
-#ifdef USE_SSLEAY
-
-#ifdef USE_OPENSSL
-#include <openssl/rand.h>
-#include <openssl/x509v3.h>
-#else
-#include <rand.h>
-#include <x509v3.h>
-#endif
-
-#include "memory.h"
-#include "easyif.h" /* for Curl_convert_from_utf8 prototype */
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#ifndef min
-#define min(a, b)   ((a) < (b) ? (a) : (b))
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x0090581fL
-#define HAVE_SSL_GET1_SESSION 1
-#else
-#undef HAVE_SSL_GET1_SESSION
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00904100L
-#define HAVE_USERDATA_IN_PWD_CALLBACK 1
-#else
-#undef HAVE_USERDATA_IN_PWD_CALLBACK
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907001L
-/* ENGINE_load_private_key() takes four arguments */
-#define HAVE_ENGINE_LOAD_FOUR_ARGS
-#else
-/* ENGINE_load_private_key() takes three arguments */
-#undef HAVE_ENGINE_LOAD_FOUR_ARGS
-#endif
-
-#if (OPENSSL_VERSION_NUMBER >= 0x00903001L) && defined(HAVE_OPENSSL_PKCS12_H)
-/* OpenSSL has PKCS 12 support */
-#define HAVE_PKCS12_SUPPORT
-#else
-/* OpenSSL/SSLEay does not have PKCS12 support */
-#undef HAVE_PKCS12_SUPPORT
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00906001L
-#define HAVE_ERR_ERROR_STRING_N 1
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00909000L
-#define SSL_METHOD_QUAL const
-#else
-#define SSL_METHOD_QUAL
-#endif
-
-/*
- * Number of bytes to read from the random number seed file. This must be
- * a finite value (because some entropy "files" like /dev/urandom have
- * an infinite length), but must be large enough to provide enough
- * entopy to properly seed OpenSSL's PRNG.
- */
-#define RAND_LOAD_LENGTH 1024
-
-#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
-static char global_passwd[64];
-#endif
-
-static int passwd_callback(char *buf, int num, int verify
-#if HAVE_USERDATA_IN_PWD_CALLBACK
-                           /* This was introduced in 0.9.4, we can set this
-                              using SSL_CTX_set_default_passwd_cb_userdata()
-                              */
-                           , void *global_passwd
-#endif
-                           )
-{
-  if(verify)
-    fprintf(stderr, "%s\n", buf);
-  else {
-    if(num > (int)strlen((char *)global_passwd)) {
-      strcpy(buf, global_passwd);
-      return (int)strlen(buf);
-    }
-  }
-  return 0;
-}
-
-/*
- * rand_enough() is a function that returns TRUE if we have seeded the random
- * engine properly. We use some preprocessor magic to provide a seed_enough()
- * macro to use, just to prevent a compiler warning on this function if we
- * pass in an argument that is never used.
- */
-
-#ifdef HAVE_RAND_STATUS
-#define seed_enough(x) rand_enough()
-static bool rand_enough(void)
-{
-  return (bool)(0 != RAND_status());
-}
-#else
-#define seed_enough(x) rand_enough(x)
-static bool rand_enough(int nread)
-{
-  /* this is a very silly decision to make */
-  return (bool)(nread > 500);
-}
-#endif
-
-static int ossl_seed(struct SessionHandle *data)
-{
-  char *buf = data->state.buffer; /* point to the big buffer */
-  int nread=0;
-
-  /* Q: should we add support for a random file name as a libcurl option?
-     A: Yes, it is here */
-
-#ifndef RANDOM_FILE
-  /* if RANDOM_FILE isn't defined, we only perform this if an option tells
-     us to! */
-  if(data->set.ssl.random_file)
-#define RANDOM_FILE "" /* doesn't matter won't be used */
-#endif
-  {
-    /* let the option override the define */
-    nread += RAND_load_file((data->set.ssl.random_file?
-                             data->set.ssl.random_file:RANDOM_FILE),
-                            RAND_LOAD_LENGTH);
-    if(seed_enough(nread))
-      return nread;
-  }
-
-#if defined(HAVE_RAND_EGD)
-  /* only available in OpenSSL 0.9.5 and later */
-  /* EGD_SOCKET is set at configure time or not at all */
-#ifndef EGD_SOCKET
-  /* If we don't have the define set, we only do this if the egd-option
-     is set */
-  if(data->set.ssl.egdsocket)
-#define EGD_SOCKET "" /* doesn't matter won't be used */
-#endif
-  {
-    /* If there's an option and a define, the option overrides the
-       define */
-    int ret = RAND_egd(data->set.ssl.egdsocket?
-                       data->set.ssl.egdsocket:EGD_SOCKET);
-    if(-1 != ret) {
-      nread += ret;
-      if(seed_enough(nread))
-        return nread;
-    }
-  }
-#endif
-
-  /* If we get here, it means we need to seed the PRNG using a "silly"
-     approach! */
-#ifdef HAVE_RAND_SCREEN
-  /* This one gets a random value by reading the currently shown screen */
-  RAND_screen();
-  nread = 100; /* just a value */
-#else
-  {
-    int len;
-    char *area;
-
-    /* Changed call to RAND_seed to use the underlying RAND_add implementation
-     * directly.  Do this in a loop, with the amount of additional entropy
-     * being dependent upon the algorithm used by Curl_FormBoundary(): N bytes
-     * of a 7-bit ascii set. -- Richard Gorton, March 11 2003.
-     */
-
-    do {
-      area = Curl_FormBoundary();
-      if(!area)
-        return 3; /* out of memory */
-
-      len = (int)strlen(area);
-      RAND_add(area, len, (len >> 1));
-
-      free(area); /* now remove the random junk */
-    } while (!RAND_status());
-  }
-#endif
-
-  /* generates a default path for the random seed file */
-  buf[0]=0; /* blank it first */
-  RAND_file_name(buf, BUFSIZE);
-  if(buf[0]) {
-    /* we got a file name to try */
-    nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
-    if(seed_enough(nread))
-      return nread;
-  }
-
-  infof(data, "libcurl is now using a weak random seed!\n");
-  return nread;
-}
-
-int Curl_ossl_seed(struct SessionHandle *data)
-{
-  /* we have the "SSL is seeded" boolean static to prevent multiple
-     time-consuming seedings in vain */
-  static bool ssl_seeded = FALSE;
-
-  if(!ssl_seeded || data->set.ssl.random_file || data->set.ssl.egdsocket) {
-    ossl_seed(data);
-    ssl_seeded = TRUE;
-  }
-  return 0;
-}
-
-
-#ifndef SSL_FILETYPE_ENGINE
-#define SSL_FILETYPE_ENGINE 42
-#endif
-#ifndef SSL_FILETYPE_PKCS12
-#define SSL_FILETYPE_PKCS12 43
-#endif
-static int do_file_type(const char *type)
-{
-  if(!type || !type[0])
-    return SSL_FILETYPE_PEM;
-  if(curl_strequal(type, "PEM"))
-    return SSL_FILETYPE_PEM;
-  if(curl_strequal(type, "DER"))
-    return SSL_FILETYPE_ASN1;
-  if(curl_strequal(type, "ENG"))
-    return SSL_FILETYPE_ENGINE;
-  if(curl_strequal(type, "P12"))
-    return SSL_FILETYPE_PKCS12;
-  return -1;
-}
-
-static
-int cert_stuff(struct connectdata *conn,
-               SSL_CTX* ctx,
-               char *cert_file,
-               const char *cert_type,
-               char *key_file,
-               const char *key_type)
-{
-  struct SessionHandle *data = conn->data;
-  int file_type;
-
-  if(cert_file != NULL) {
-    SSL *ssl;
-    X509 *x509;
-    int cert_done = 0;
-
-    if(data->set.key_passwd) {
-#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
-      /*
-       * If password has been given, we store that in the global
-       * area (*shudder*) for a while:
-       */
-      size_t len = strlen(data->set.key_passwd);
-      if(len < sizeof(global_passwd))
-        memcpy(global_passwd, data->set.key_passwd, len+1);
-#else
-      /*
-       * We set the password in the callback userdata
-       */
-      SSL_CTX_set_default_passwd_cb_userdata(ctx,
-                                             data->set.key_passwd);
-#endif
-      /* Set passwd callback: */
-      SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
-    }
-
-    file_type = do_file_type(cert_type);
-
-#define SSL_CLIENT_CERT_ERR \
-    "unable to use client certificate (no key found or wrong pass phrase?)"
-
-    switch(file_type) {
-    case SSL_FILETYPE_PEM:
-      /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
-      if(SSL_CTX_use_certificate_chain_file(ctx,
-                                            cert_file) != 1) {
-        failf(data, SSL_CLIENT_CERT_ERR);
-        return 0;
-      }
-      break;
-
-    case SSL_FILETYPE_ASN1:
-      /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
-         we use the case above for PEM so this can only be performed with
-         ASN1 files. */
-      if(SSL_CTX_use_certificate_file(ctx,
-                                      cert_file,
-                                      file_type) != 1) {
-        failf(data, SSL_CLIENT_CERT_ERR);
-        return 0;
-      }
-      break;
-    case SSL_FILETYPE_ENGINE:
-      failf(data, "file type ENG for certificate not implemented");
-      return 0;
-
-    case SSL_FILETYPE_PKCS12:
-    {
-#ifdef HAVE_PKCS12_SUPPORT
-      FILE *f;
-      PKCS12 *p12;
-      EVP_PKEY *pri;
-
-      f = fopen(cert_file,"rb");
-      if (!f) {
-        failf(data, "could not open PKCS12 file '%s'", cert_file);
-        return 0;
-      }
-      p12 = d2i_PKCS12_fp(f, NULL);
-      fclose(f);
-
-      PKCS12_PBE_add();
-
-      if (!PKCS12_parse(p12, data->set.key_passwd, &pri, &x509, NULL)) {
-        failf(data,
-              "could not parse PKCS12 file, check password, OpenSSL error %s",
-              ERR_error_string(ERR_get_error(), NULL) );
-        return 0;
-      }
-
-      PKCS12_free(p12);
-
-      if(SSL_CTX_use_certificate(ctx, x509) != 1) {
-        failf(data, SSL_CLIENT_CERT_ERR);
-        EVP_PKEY_free(pri);
-        X509_free(x509);
-        return 0;
-      }
-
-      if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
-        failf(data, "unable to use private key from PKCS12 file '%s'",
-              cert_file);
-        EVP_PKEY_free(pri);
-        X509_free(x509);
-        return 0;
-      }
-
-      EVP_PKEY_free(pri);
-      X509_free(x509);
-      cert_done = 1;
-      break;
-#else
-      failf(data, "file type P12 for certificate not supported");
-      return 0;
-#endif
-    }
-    default:
-      failf(data, "not supported file type '%s' for certificate", cert_type);
-      return 0;
-    }
-
-    file_type = do_file_type(key_type);
-
-    switch(file_type) {
-    case SSL_FILETYPE_PEM:
-      if(cert_done)
-        break;
-      if(key_file == NULL)
-        /* cert & key can only be in PEM case in the same file */
-        key_file=cert_file;
-    case SSL_FILETYPE_ASN1:
-      if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
-        failf(data, "unable to set private key file: '%s' type %s\n",
-              key_file, key_type?key_type:"PEM");
-        return 0;
-      }
-      break;
-    case SSL_FILETYPE_ENGINE:
-#ifdef HAVE_OPENSSL_ENGINE_H
-      {                         /* XXXX still needs some work */
-        EVP_PKEY *priv_key = NULL;
-        if(conn && conn->data && conn->data->state.engine) {
-#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
-          UI_METHOD *ui_method = UI_OpenSSL();
-#endif
-          if(!key_file || !key_file[0]) {
-            failf(data, "no key set to load from crypto engine\n");
-            return 0;
-          }
-          /* the typecast below was added to please MinGW32 */
-          priv_key = (EVP_PKEY *)
-            ENGINE_load_private_key(conn->data->state.engine,key_file,
-#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
-                                    ui_method,
-#endif
-                                    data->set.key_passwd);
-          if(!priv_key) {
-            failf(data, "failed to load private key from crypto engine\n");
-            return 0;
-          }
-          if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
-            failf(data, "unable to set private key\n");
-            EVP_PKEY_free(priv_key);
-            return 0;
-          }
-          EVP_PKEY_free(priv_key);  /* we don't need the handle any more... */
-        }
-        else {
-          failf(data, "crypto engine not set, can't load private key\n");
-          return 0;
-        }
-      }
-      break;
-#else
-      failf(data, "file type ENG for private key not supported\n");
-      return 0;
-#endif
-    case SSL_FILETYPE_PKCS12:
-      if(!cert_done) {
-        failf(data, "file type P12 for private key not supported\n");
-        return 0;
-      }
-      break;
-    default:
-      failf(data, "not supported file type for private key\n");
-      return 0;
-    }
-
-    ssl=SSL_new(ctx);
-    if (NULL == ssl) {
-      failf(data,"unable to create an SSL structure\n");
-      return 0;
-    }
-
-    x509=SSL_get_certificate(ssl);
-
-    /* This version was provided by Evan Jordan and is supposed to not
-       leak memory as the previous version: */
-    if(x509 != NULL) {
-      EVP_PKEY *pktmp = X509_get_pubkey(x509);
-      EVP_PKEY_copy_parameters(pktmp,SSL_get_privatekey(ssl));
-      EVP_PKEY_free(pktmp);
-    }
-
-    SSL_free(ssl);
-
-    /* If we are using DSA, we can copy the parameters from
-     * the private key */
-
-
-    /* Now we know that a key and cert have been set against
-     * the SSL context */
-    if(!SSL_CTX_check_private_key(ctx)) {
-      failf(data, "Private key does not match the certificate public key");
-      return(0);
-    }
-#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
-    /* erase it now */
-    memset(global_passwd, 0, sizeof(global_passwd));
-#endif
-  }
-  return(1);
-}
-
-static
-int cert_verify_callback(int ok, X509_STORE_CTX *ctx)
-{
-  X509 *err_cert;
-  char buf[256];
-
-  err_cert=X509_STORE_CTX_get_current_cert(ctx);
-  X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
-  return ok;
-}
-
-/* Return error string for last OpenSSL error
- */
-static char *SSL_strerror(unsigned long error, char *buf, size_t size)
-{
-#ifdef HAVE_ERR_ERROR_STRING_N
-  /* OpenSSL 0.9.6 and later has a function named
-     ERRO_error_string_n() that takes the size of the buffer as a
-     third argument */
-  ERR_error_string_n(error, buf, size);
-#else
-  (void) size;
-  ERR_error_string(error, buf);
-#endif
-  return (buf);
-}
-
-#endif /* USE_SSLEAY */
-
-#ifdef USE_SSLEAY
-/**
- * Global SSL init
- *
- * @retval 0 error initializing SSL
- * @retval 1 SSL initialized successfully
- */
-int Curl_ossl_init(void)
-{
-#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
-  ENGINE_load_builtin_engines();
-#endif
-
-  /* Lets get nice error messages */
-  SSL_load_error_strings();
-
-  /* Setup all the global SSL stuff */
-  if (!SSLeay_add_ssl_algorithms())
-    return 0;
-
-  return 1;
-}
-
-#endif /* USE_SSLEAY */
-
-#ifdef USE_SSLEAY
-
-/* Global cleanup */
-void Curl_ossl_cleanup(void)
-{
-  /* Free the SSL error strings */
-  ERR_free_strings();
-
-  /* EVP_cleanup() removes all ciphers and digests from the
-     table. */
-  EVP_cleanup();
-
-#ifdef HAVE_ENGINE_cleanup
-  ENGINE_cleanup();
-#endif
-
-#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
-  /* this function was not present in 0.9.6b, but was added sometimes
-     later */
-  CRYPTO_cleanup_all_ex_data();
-#endif
-}
-
-/*
- * This function uses SSL_peek to determine connection status.
- *
- * Return codes:
- *     1 means the connection is still in place
- *     0 means the connection has been closed
- *    -1 means the connection status is unknown
- */
-int Curl_ossl_check_cxn(struct connectdata *conn)
-{
-  int rc;
-  char buf;
-
-  rc = SSL_peek(conn->ssl[FIRSTSOCKET].handle, (void*)&buf, 1);
-  if (rc > 0)
-    return 1; /* connection still in place */
-
-  if (rc == 0)
-    return 0; /* connection has been closed */
-
-  return -1; /* connection status unknown */
-}
-
-#endif /* USE_SSLEAY */
-
-/* Selects an OpenSSL crypto engine
- */
-CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine)
-{
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
-  ENGINE *e = ENGINE_by_id(engine);
-
-  if (!e) {
-    failf(data, "SSL Engine '%s' not found", engine);
-    return (CURLE_SSL_ENGINE_NOTFOUND);
-  }
-
-  if (data->state.engine) {
-    ENGINE_finish(data->state.engine);
-    ENGINE_free(data->state.engine);
-    data->state.engine = NULL;
-  }
-  if (!ENGINE_init(e)) {
-    char buf[256];
-
-    ENGINE_free(e);
-    failf(data, "Failed to initialise SSL Engine '%s':\n%s",
-          engine, SSL_strerror(ERR_get_error(), buf, sizeof(buf)));
-    return (CURLE_SSL_ENGINE_INITFAILED);
-  }
-  data->state.engine = e;
-  return (CURLE_OK);
-#else
-  (void)engine;
-  failf(data, "SSL Engine not supported");
-  return (CURLE_SSL_ENGINE_NOTFOUND);
-#endif
-}
-
-#ifdef USE_SSLEAY
-/* Sets engine as default for all SSL operations
- */
-CURLcode Curl_ossl_set_engine_default(struct SessionHandle *data)
-{
-#ifdef HAVE_OPENSSL_ENGINE_H
-  if (data->state.engine) {
-    if (ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
-      infof(data,"set default crypto engine '%s'\n", ENGINE_get_id(data->state.engine));
-    }
-    else {
-      failf(data, "set default crypto engine '%s' failed", ENGINE_get_id(data->state.engine));
-      return CURLE_SSL_ENGINE_SETFAILED;
-    }
-  }
-#else
-  (void) data;
-#endif
-  return CURLE_OK;
-}
-#endif /* USE_SSLEAY */
-
-/* Return list of OpenSSL crypto engine names.
- */
-struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data)
-{
-  struct curl_slist *list = NULL;
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
-  ENGINE *e;
-
-  for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-    list = curl_slist_append(list, ENGINE_get_id(e));
-#endif
-  (void) data;
-  return (list);
-}
-
-
-#ifdef USE_SSLEAY
-
-/*
- * This function is called when an SSL connection is closed.
- */
-void Curl_ossl_close(struct connectdata *conn)
-{
-  int i;
-  /*
-    ERR_remove_state() frees the error queue associated with
-    thread pid.  If pid == 0, the current thread will have its
-    error queue removed.
-
-    Since error queue data structures are allocated
-    automatically for new threads, they must be freed when
-    threads are terminated in oder to avoid memory leaks.
-  */
-  ERR_remove_state(0);
-
-  for(i=0; i<2; i++) {
-    struct ssl_connect_data *connssl = &conn->ssl[i];
-
-    if(connssl->handle) {
-      (void)SSL_shutdown(connssl->handle);
-      SSL_set_connect_state(connssl->handle);
-
-      SSL_free (connssl->handle);
-      connssl->handle = NULL;
-    }
-    if(connssl->ctx) {
-      SSL_CTX_free (connssl->ctx);
-      connssl->ctx = NULL;
-    }
-    connssl->use = FALSE; /* get back to ordinary socket usage */
-  }
-}
-
-/*
- * This function is called to shut down the SSL layer but keep the
- * socket open (CCC - Clear Command Channel)
- */
-int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
-{
-  int retval = 0;
-  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-  struct SessionHandle *data = conn->data;
-  char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
-                    to be at least 120 bytes long. */
-  unsigned long sslerror;
-  ssize_t nread;
-  int err;
-  int done = 0;
-
-  /* This has only been tested on the proftpd server, and the mod_tls code
-     sends a close notify alert without waiting for a close notify alert in
-     response. Thus we wait for a close notify alert from the server, but
-     we do not send one. Let's hope other servers do the same... */
-
-  if(connssl->handle) {
-    while(!done) {
-      int what = Curl_select(conn->sock[sockindex],
-                             CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
-      if(what > 0) {
-        /* Something to read, let's do it and hope that it is the close
-           notify alert from the server */
-        nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf,
-                                  sizeof(buf));
-        err = SSL_get_error(conn->ssl[sockindex].handle, (int)nread);
-
-        switch(err) {
-        case SSL_ERROR_NONE: /* this is not an error */
-        case SSL_ERROR_ZERO_RETURN: /* no more data */
-          /* This is the expected response. There was no data but only
-             the close notify alert */
-          done = 1;
-          break;
-        case SSL_ERROR_WANT_READ:
-          /* there's data pending, re-invoke SSL_read() */
-          infof(data, "SSL_ERROR_WANT_READ\n");
-          break;
-        case SSL_ERROR_WANT_WRITE:
-          /* SSL wants a write. Really odd. Let's bail out. */
-          infof(data, "SSL_ERROR_WANT_WRITE\n");
-          done = 1;
-          break;
-        default:
-          /* openssl/ssl.h says "look at error stack/return value/errno" */
-          sslerror = ERR_get_error();
-          failf(conn->data, "SSL read: %s, errno %d",
-                ERR_error_string(sslerror, buf),
-                Curl_sockerrno() );
-          done = 1;
-          break;
-        }
-      }
-      else if(0 == what) {
-        /* timeout */
-        failf(data, "SSL shutdown timeout");
-        done = 1;
-        break;
-      }
-      else {
-        /* anything that gets here is fatally bad */
-        failf(data, "select on SSL socket, errno: %d", Curl_sockerrno());
-        retval = -1;
-        done = 1;
-      }
-    } /* while()-loop for the select() */
-
-    if(data->set.verbose) {
-      switch(SSL_get_shutdown(connssl->handle)) {
-      case SSL_SENT_SHUTDOWN:
-        infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
-        break;
-      case SSL_RECEIVED_SHUTDOWN:
-        infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
-        break;
-      case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
-        infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
-              "SSL_RECEIVED__SHUTDOWN\n");
-        break;
-      }
-    }
-
-    connssl->use = FALSE; /* get back to ordinary socket usage */
-
-    SSL_free (connssl->handle);
-    connssl->handle = NULL;
-  }
-  return retval;
-}
-
-void Curl_ossl_session_free(void *ptr)
-{
-  /* free the ID */
-  SSL_SESSION_free(ptr);
-}
-
-/*
- * This function is called when the 'data' struct is going away. Close
- * down everything and free all resources!
- */
-int Curl_ossl_close_all(struct SessionHandle *data)
-{
-#ifdef HAVE_OPENSSL_ENGINE_H
-  if(data->state.engine) {
-    ENGINE_finish(data->state.engine);
-    ENGINE_free(data->state.engine);
-    data->state.engine = NULL;
-  }
-#else
-  (void)data;
-#endif
-  return 0;
-}
-
-static int Curl_ASN1_UTCTIME_output(struct connectdata *conn,
-                                    const char *prefix,
-                                    ASN1_UTCTIME *tm)
-{
-  char *asn1_string;
-  int gmt=FALSE;
-  int i;
-  int year=0,month=0,day=0,hour=0,minute=0,second=0;
-  struct SessionHandle *data = conn->data;
-
-  if(!data->set.verbose)
-    return 0;
-
-  i=tm->length;
-  asn1_string=(char *)tm->data;
-
-  if(i < 10)
-    return 1;
-  if(asn1_string[i-1] == 'Z')
-    gmt=TRUE;
-  for (i=0; i<10; i++)
-    if((asn1_string[i] > '9') || (asn1_string[i] < '0'))
-      return 2;
-
-  year= (asn1_string[0]-'0')*10+(asn1_string[1]-'0');
-  if(year < 50)
-    year+=100;
-
-  month= (asn1_string[2]-'0')*10+(asn1_string[3]-'0');
-  if((month > 12) || (month < 1))
-    return 3;
-
-  day= (asn1_string[4]-'0')*10+(asn1_string[5]-'0');
-  hour= (asn1_string[6]-'0')*10+(asn1_string[7]-'0');
-  minute=  (asn1_string[8]-'0')*10+(asn1_string[9]-'0');
-
-  if((asn1_string[10] >= '0') && (asn1_string[10] <= '9') &&
-     (asn1_string[11] >= '0') && (asn1_string[11] <= '9'))
-    second= (asn1_string[10]-'0')*10+(asn1_string[11]-'0');
-
-  infof(data,
-        "%s%04d-%02d-%02d %02d:%02d:%02d %s\n",
-        prefix, year+1900, month, day, hour, minute, second, (gmt?"GMT":""));
-
-  return 0;
-}
-
-#endif
-
-/* ====================================================== */
-#ifdef USE_SSLEAY
-
-/*
- * Match a hostname against a wildcard pattern.
- * E.g.
- *  "foo.host.com" matches "*.host.com".
- *
- * We are a bit more liberal than RFC2818 describes in that we
- * accept multiple "*" in pattern (similar to what some other browsers do).
- * E.g.
- *  "abc.def.domain.com" should strickly not match "*.domain.com", but we
- *  don't consider "." to be important in CERT checking.
- */
-#define HOST_NOMATCH 0
-#define HOST_MATCH   1
-
-static int hostmatch(const char *hostname, const char *pattern)
-{
-  while (1) {
-    int c = *pattern++;
-
-    if (c == '\0')
-      return (*hostname ? HOST_NOMATCH : HOST_MATCH);
-
-    if (c == '*') {
-      c = *pattern;
-      if (c == '\0')      /* "*\0" matches anything remaining */
-        return HOST_MATCH;
-
-      while (*hostname) {
-        /* The only recursive function in libcurl! */
-        if (hostmatch(hostname++,pattern) == HOST_MATCH)
-          return HOST_MATCH;
-      }
-      break;
-    }
-
-    if (toupper(c) != toupper(*hostname++))
-      break;
-  }
-  return HOST_NOMATCH;
-}
-
-static int
-cert_hostcheck(const char *match_pattern, const char *hostname)
-{
-  if (!match_pattern || !*match_pattern ||
-      !hostname || !*hostname) /* sanity check */
-    return 0;
-
-  if(curl_strequal(hostname,match_pattern)) /* trivial case */
-    return 1;
-
-  if (hostmatch(hostname,match_pattern) == HOST_MATCH)
-    return 1;
-  return 0;
-}
-
-/* Quote from RFC2818 section 3.1 "Server Identity"
-
-   If a subjectAltName extension of type dNSName is present, that MUST
-   be used as the identity. Otherwise, the (most specific) Common Name
-   field in the Subject field of the certificate MUST be used. Although
-   the use of the Common Name is existing practice, it is deprecated and
-   Certification Authorities are encouraged to use the dNSName instead.
-
-   Matching is performed using the matching rules specified by
-   [RFC2459].  If more than one identity of a given type is present in
-   the certificate (e.g., more than one dNSName name, a match in any one
-   of the set is considered acceptable.) Names may contain the wildcard
-   character * which is considered to match any single domain name
-   component or component fragment. E.g., *.a.com matches foo.a.com but
-   not bar.foo.a.com. f*.com matches foo.com but not bar.com.
-
-   In some cases, the URI is specified as an IP address rather than a
-   hostname. In this case, the iPAddress subjectAltName must be present
-   in the certificate and must exactly match the IP in the URI.
-
-*/
-static CURLcode verifyhost(struct connectdata *conn,
-                           X509 *server_cert)
-{
-  bool matched = FALSE; /* no alternative match yet */
-  int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
-  int addrlen = 0;
-  struct SessionHandle *data = conn->data;
-  STACK_OF(GENERAL_NAME) *altnames;
-#ifdef ENABLE_IPV6
-  struct in6_addr addr;
-#else
-  struct in_addr addr;
-#endif
-  CURLcode res = CURLE_OK;
-
-#ifdef ENABLE_IPV6
-  if(conn->bits.ipv6_ip &&
-     Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
-    target = GEN_IPADD;
-    addrlen = sizeof(struct in6_addr);
-  }
-  else
-#endif
-    if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
-      target = GEN_IPADD;
-      addrlen = sizeof(struct in_addr);
-    }
-
-  /* get a "list" of alternative names */
-  altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
-
-  if(altnames) {
-    int numalts;
-    int i;
-
-    /* get amount of alternatives, RFC2459 claims there MUST be at least
-       one, but we don't depend on it... */
-    numalts = sk_GENERAL_NAME_num(altnames);
-
-    /* loop through all alternatives while none has matched */
-    for (i=0; (i<numalts) && !matched; i++) {
-      /* get a handle to alternative name number i */
-      const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
-
-      /* only check alternatives of the same type the target is */
-      if(check->type == target) {
-        /* get data and length */
-        const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
-        int altlen;
-
-        switch(target) {
-        case GEN_DNS: /* name/pattern comparison */
-          /* The OpenSSL man page explicitly says: "In general it cannot be
-             assumed that the data returned by ASN1_STRING_data() is null
-             terminated or does not contain embedded nulls." But also that
-             "The actual format of the data will depend on the actual string
-             type itself: for example for and IA5String the data will be ASCII"
-
-             Gisle researched the OpenSSL sources:
-             "I checked the 0.9.6 and 0.9.8 sources before my patch and
-             it always 0-terminates an IA5String."
-          */
-          if (cert_hostcheck(altptr, conn->host.name))
-            matched = TRUE;
-          break;
-
-        case GEN_IPADD: /* IP address comparison */
-          /* compare alternative IP address if the data chunk is the same size
-             our server IP address is */
-          altlen = ASN1_STRING_length(check->d.ia5);
-          if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
-            matched = TRUE;
-          break;
-        }
-      }
-    }
-    GENERAL_NAMES_free(altnames);
-  }
-
-  if(matched)
-    /* an alternative name matched the server hostname */
-    infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
-  else {
-    /* we have to look to the last occurence of a commonName in the
-       distinguished one to get the most significant one. */
-    int j,i=-1 ;
-
-/* The following is done because of a bug in 0.9.6b */
-
-    unsigned char *nulstr = (unsigned char *)"";
-    unsigned char *peer_CN = nulstr;
-
-    X509_NAME *name = X509_get_subject_name(server_cert) ;
-    if (name)
-      while ((j=X509_NAME_get_index_by_NID(name,NID_commonName,i))>=0)
-        i=j;
-
-    /* we have the name entry and we will now convert this to a string
-       that we can use for comparison. Doing this we support BMPstring,
-       UTF8 etc. */
-
-    if (i>=0) {
-      ASN1_STRING *tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
-
-      /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
-         is already UTF-8 encoded. We check for this case and copy the raw
-         string manually to avoid the problem. This code can be made
-         conditional in the future when OpenSSL has been fixed. Work-around
-         brought by Alexis S. L. Carvalho. */
-      if (tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
-        j = ASN1_STRING_length(tmp);
-        if (j >= 0) {
-          peer_CN = OPENSSL_malloc(j+1);
-          if (peer_CN) {
-            memcpy(peer_CN, ASN1_STRING_data(tmp), j);
-            peer_CN[j] = '\0';
-          }
-        }
-      }
-      else /* not a UTF8 name */
-        j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
-    }
-
-    if (peer_CN == nulstr)
-       peer_CN = NULL;
-#ifdef CURL_DOES_CONVERSIONS
-    else {
-      /* convert peer_CN from UTF8 */
-      size_t rc;
-      rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
-      /* Curl_convert_from_utf8 calls failf if unsuccessful */
-      if (rc != CURLE_OK) {
-        return(rc);
-      }
-    }
-#endif /* CURL_DOES_CONVERSIONS */
-
-    if (!peer_CN) {
-      if(data->set.ssl.verifyhost > 1) {
-        failf(data,
-              "SSL: unable to obtain common name from peer certificate");
-        return CURLE_SSL_PEER_CERTIFICATE;
-      }
-      else {
-        /* Consider verifyhost == 1 as an "OK" for a missing CN field, but we
-           output a note about the situation */
-        infof(data, "\t common name: WARNING couldn't obtain\n");
-      }
-    }
-    else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
-      if(data->set.ssl.verifyhost > 1) {
-        failf(data, "SSL: certificate subject name '%s' does not match "
-              "target host name '%s'", peer_CN, conn->host.dispname);
-        res = CURLE_SSL_PEER_CERTIFICATE;
-      }
-      else
-        infof(data, "\t common name: %s (does not match '%s')\n",
-              peer_CN, conn->host.dispname);
-    }
-    else {
-      infof(data, "\t common name: %s (matched)\n", peer_CN);
-    }
-    if(peer_CN)
-      OPENSSL_free(peer_CN);
-  }
-  return res;
-}
-#endif
-
-/* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
-   and thus this cannot be done there. */
-#ifdef SSL_CTRL_SET_MSG_CALLBACK
-
-static const char *ssl_msg_type(int ssl_ver, int msg)
-{
-  if (ssl_ver == SSL2_VERSION_MAJOR) {
-    switch (msg) {
-      case SSL2_MT_ERROR:
-        return "Error";
-      case SSL2_MT_CLIENT_HELLO:
-        return "Client hello";
-      case SSL2_MT_CLIENT_MASTER_KEY:
-        return "Client key";
-      case SSL2_MT_CLIENT_FINISHED:
-        return "Client finished";
-      case SSL2_MT_SERVER_HELLO:
-        return "Server hello";
-      case SSL2_MT_SERVER_VERIFY:
-        return "Server verify";
-      case SSL2_MT_SERVER_FINISHED:
-        return "Server finished";
-      case SSL2_MT_REQUEST_CERTIFICATE:
-        return "Request CERT";
-      case SSL2_MT_CLIENT_CERTIFICATE:
-        return "Client CERT";
-    }
-  }
-  else if (ssl_ver == SSL3_VERSION_MAJOR) {
-    switch (msg) {
-      case SSL3_MT_HELLO_REQUEST:
-        return "Hello request";
-      case SSL3_MT_CLIENT_HELLO:
-        return "Client hello";
-      case SSL3_MT_SERVER_HELLO:
-        return "Server hello";
-      case SSL3_MT_CERTIFICATE:
-        return "CERT";
-      case SSL3_MT_SERVER_KEY_EXCHANGE:
-        return "Server key exchange";
-      case SSL3_MT_CLIENT_KEY_EXCHANGE:
-        return "Client key exchange";
-      case SSL3_MT_CERTIFICATE_REQUEST:
-        return "Request CERT";
-      case SSL3_MT_SERVER_DONE:
-        return "Server finished";
-      case SSL3_MT_CERTIFICATE_VERIFY:
-        return "CERT verify";
-      case SSL3_MT_FINISHED:
-        return "Finished";
-    }
-  }
-  return "Unknown";
-}
-
-static const char *tls_rt_type(int type)
-{
-  return (
-    type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " :
-    type == SSL3_RT_ALERT              ? "TLS alert, "         :
-    type == SSL3_RT_HANDSHAKE          ? "TLS handshake, "     :
-    type == SSL3_RT_APPLICATION_DATA   ? "TLS app data, "      :
-                                         "TLS Unknown, ");
-}
-
-
-/*
- * Our callback from the SSL/TLS layers.
- */
-static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
-                          const void *buf, size_t len, const SSL *ssl,
-                          struct connectdata *conn)
-{
-  struct SessionHandle *data;
-  const char *msg_name, *tls_rt_name;
-  char ssl_buf[1024];
-  int  ver, msg_type, txt_len;
-
-  if (!conn || !conn->data || !conn->data->set.fdebug ||
-      (direction != 0 && direction != 1))
-    return;
-
-  data = conn->data;
-  ssl_ver >>= 8;
-  ver = (ssl_ver == SSL2_VERSION_MAJOR ? '2' :
-         ssl_ver == SSL3_VERSION_MAJOR ? '3' : '?');
-
-  /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
-   * always pass-up content-type as 0. But the interesting message-type
-   * is at 'buf[0]'.
-   */
-  if (ssl_ver == SSL3_VERSION_MAJOR && content_type != 0)
-    tls_rt_name = tls_rt_type(content_type);
-  else
-    tls_rt_name = "";
-
-  msg_type = *(char*)buf;
-  msg_name = ssl_msg_type(ssl_ver, msg_type);
-
-  txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "SSLv%c, %s%s (%d):\n",
-                     ver, tls_rt_name, msg_name, msg_type);
-  Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
-
-  Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
-             CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
-  (void) ssl;
-}
-#endif
-
-#ifdef USE_SSLEAY
-/* ====================================================== */
-
-static CURLcode
-Curl_ossl_connect_step1(struct connectdata *conn,
-                        int sockindex)
-{
-  CURLcode retcode = CURLE_OK;
-
-  struct SessionHandle *data = conn->data;
-  SSL_METHOD_QUAL SSL_METHOD *req_method=NULL;
-  void *ssl_sessionid=NULL;
-  curl_socket_t sockfd = conn->sock[sockindex];
-  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
-  curlassert(ssl_connect_1 == connssl->connecting_state);
-
-  /* Make funny stuff to get random input */
-  Curl_ossl_seed(data);
-
-  /* check to see if we've been told to use an explicit SSL/TLS version */
-  switch(data->set.ssl.version) {
-  default:
-  case CURL_SSLVERSION_DEFAULT:
-    /* we try to figure out version */
-    req_method = SSLv23_client_method();
-    break;
-  case CURL_SSLVERSION_TLSv1:
-    req_method = TLSv1_client_method();
-    break;
-  case CURL_SSLVERSION_SSLv2:
-#ifdef OPENSSL_NO_SSL2
-    failf(data, "OpenSSL was built without SSLv2 support");
-    return CURLE_NOT_BUILT_IN;
-#else
-    req_method = SSLv2_client_method();
-    break;
-#endif
-  case CURL_SSLVERSION_SSLv3:
-    req_method = SSLv3_client_method();
-    break;
-  }
-
-  if (connssl->ctx)
-    SSL_CTX_free(connssl->ctx);
-  connssl->ctx = SSL_CTX_new(req_method);
-
-  if(!connssl->ctx) {
-    failf(data, "SSL: couldn't create a context!");
-    return CURLE_OUT_OF_MEMORY;
-  }
-
-#ifdef SSL_CTRL_SET_MSG_CALLBACK
-  if (data->set.fdebug && data->set.verbose) {
-    /* the SSL trace callback is only used for verbose logging so we only
-       inform about failures of setting it */
-    if (!SSL_CTX_callback_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK,
-                               (void (*)(void))ssl_tls_trace)) {
-      infof(data, "SSL: couldn't set callback!\n");
-    }
-    else if (!SSL_CTX_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK_ARG, 0,
-                           conn)) {
-      infof(data, "SSL: couldn't set callback argument!\n");
-    }
-  }
-#endif
-
-  /* OpenSSL contains code to work-around lots of bugs and flaws in various
-     SSL-implementations. SSL_CTX_set_options() is used to enabled those
-     work-arounds. The man page for this option states that SSL_OP_ALL enables
-     all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
-     enable the bug workaround options if compatibility with somewhat broken
-     implementations is desired."
-
-  */
-  SSL_CTX_set_options(connssl->ctx, SSL_OP_ALL);
-
-#if 0
-  /*
-   * Not sure it's needed to tell SSL_connect() that socket is
-   * non-blocking. It doesn't seem to care, but just return with
-   * SSL_ERROR_WANT_x.
-   */
-  if (data->state.used_interface == Curl_if_multi)
-    SSL_CTX_ctrl(connssl->ctx, BIO_C_SET_NBIO, 1, NULL);
-#endif
-
-  if(data->set.cert) {
-    if(!cert_stuff(conn,
-                   connssl->ctx,
-                   data->set.cert,
-                   data->set.cert_type,
-                   data->set.key,
-                   data->set.key_type)) {
-      /* failf() is already done in cert_stuff() */
-      return CURLE_SSL_CERTPROBLEM;
-    }
-  }
-
-  if(data->set.ssl.cipher_list) {
-    if(!SSL_CTX_set_cipher_list(connssl->ctx,
-                                data->set.ssl.cipher_list)) {
-      failf(data, "failed setting cipher list");
-      return CURLE_SSL_CIPHER;
-    }
-  }
-
-  if (data->set.ssl.CAfile || data->set.ssl.CApath) {
-    /* tell SSL where to find CA certificates that are used to verify
-       the servers certificate. */
-    if (!SSL_CTX_load_verify_locations(connssl->ctx, data->set.ssl.CAfile,
-                                       data->set.ssl.CApath)) {
-      if (data->set.ssl.verifypeer) {
-        /* Fail if we insist on successfully verifying the server. */
-        failf(data,"error setting certificate verify locations:\n"
-              "  CAfile: %s\n  CApath: %s\n",
-              data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",
-              data->set.ssl.CApath ? data->set.ssl.CApath : "none");
-        return CURLE_SSL_CACERT_BADFILE;
-      }
-      else {
-        /* Just continue with a warning if no strict  certificate verification
-           is required. */
-        infof(data, "error setting certificate verify locations,"
-              " continuing anyway:\n");
-      }
-    }
-    else {
-      /* Everything is fine. */
-      infof(data, "successfully set certificate verify locations:\n");
-    }
-    infof(data,
-          "  CAfile: %s\n"
-          "  CApath: %s\n",
-          data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",
-          data->set.ssl.CApath ? data->set.ssl.CApath : "none");
-  }
-  /* SSL always tries to verify the peer, this only says whether it should
-   * fail to connect if the verification fails, or if it should continue
-   * anyway. In the latter case the result of the verification is checked with
-   * SSL_get_verify_result() below. */
-  SSL_CTX_set_verify(connssl->ctx,
-                     data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
-                     cert_verify_callback);
-
-  /* give application a chance to interfere with SSL set up. */
-  if(data->set.ssl.fsslctx) {
-    retcode = (*data->set.ssl.fsslctx)(data, connssl->ctx,
-                                       data->set.ssl.fsslctxp);
-    if(retcode) {
-      failf(data,"error signaled by ssl ctx callback");
-      return retcode;
-    }
-  }
-
-  /* Lets make an SSL structure */
-  if (connssl->handle)
-    SSL_free(connssl->handle);
-  connssl->handle = SSL_new(connssl->ctx);
-  if (!connssl->handle) {
-    failf(data, "SSL: couldn't create a context (handle)!");
-    return CURLE_OUT_OF_MEMORY;
-  }
-  SSL_set_connect_state(connssl->handle);
-
-  connssl->server_cert = 0x0;
-
-  /* Check if there's a cached ID we can/should use here! */
-  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
-    /* we got a session id, use it! */
-    if (!SSL_set_session(connssl->handle, ssl_sessionid)) {
-      failf(data, "SSL: SSL_set_session failed: %s",
-            ERR_error_string(ERR_get_error(),NULL));
-      return CURLE_SSL_CONNECT_ERROR;
-    }
-    /* Informational message */
-    infof (data, "SSL re-using session ID\n");
-  }
-
-  /* pass the raw socket into the SSL layers */
-  if (!SSL_set_fd(connssl->handle, sockfd)) {
-     failf(data, "SSL: SSL_set_fd failed: %s",
-           ERR_error_string(ERR_get_error(),NULL));
-     return CURLE_SSL_CONNECT_ERROR;
-  }
-
-  connssl->connecting_state = ssl_connect_2;
-  return CURLE_OK;
-}
-
-static CURLcode
-Curl_ossl_connect_step2(struct connectdata *conn,
-                        int sockindex, long *timeout_ms)
-{
-  struct SessionHandle *data = conn->data;
-  int err;
-  long has_passed;
-  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
-  curlassert(ssl_connect_2 == connssl->connecting_state
-             || ssl_connect_2_reading == connssl->connecting_state
-             || ssl_connect_2_writing == connssl->connecting_state);
-
-  /* Find out if any timeout is set. If not, use 300 seconds.
-     Otherwise, figure out the most strict timeout of the two possible one
-     and then how much time that has elapsed to know how much time we
-     allow for the connect call */
-  if(data->set.timeout && data->set.connecttimeout) {
-    /* get the most strict timeout of the ones converted to milliseconds */
-    if(data->set.timeout<data->set.connecttimeout)
-      *timeout_ms = data->set.timeout*1000;
-    else
-      *timeout_ms = data->set.connecttimeout*1000;
-  }
-  else if(data->set.timeout)
-    *timeout_ms = data->set.timeout*1000;
-  else if(data->set.connecttimeout)
-    *timeout_ms = data->set.connecttimeout*1000;
-  else
-    /* no particular time-out has been set */
-    *timeout_ms= DEFAULT_CONNECT_TIMEOUT;
-
-  /* Evaluate in milliseconds how much time that has passed */
-  has_passed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
-
-  /* subtract the passed time */
-  *timeout_ms -= has_passed;
-
-  if(*timeout_ms < 0) {
-    /* a precaution, no need to continue if time already is up */
-    failf(data, "SSL connection timeout");
-    return CURLE_OPERATION_TIMEOUTED;
-  }
-
-  err = SSL_connect(connssl->handle);
-
-  /* 1  is fine
-     0  is "not successful but was shut down controlled"
-     <0 is "handshake was not successful, because a fatal error occurred" */
-  if(1 != err) {
-    int detail = SSL_get_error(connssl->handle, err);
-
-    if(SSL_ERROR_WANT_READ == detail) {
-      connssl->connecting_state = ssl_connect_2_reading;
-      return CURLE_OK;
-    }
-    else if(SSL_ERROR_WANT_WRITE == detail) {
-      connssl->connecting_state = ssl_connect_2_writing;
-      return CURLE_OK;
-    }
-    else {
-      /* untreated error */
-      unsigned long errdetail;
-      char error_buffer[256]; /* OpenSSL documents that this must be at least
-                                 256 bytes long. */
-      CURLcode rc;
-      const char *cert_problem = NULL;
-
-      connssl->connecting_state = ssl_connect_2; /* the connection failed,
-                                                    we're not waiting for
-                                                    anything else. */
-
-      errdetail = ERR_get_error(); /* Gets the earliest error code from the
-                                      thread's error queue and removes the
-                                      entry. */
-
-      switch(errdetail) {
-      case 0x1407E086:
-        /* 1407E086:
-           SSL routines:
-           SSL2_SET_CERTIFICATE:
-           certificate verify failed */
-        /* fall-through */
-      case 0x14090086:
-        /* 14090086:
-           SSL routines:
-           SSL3_GET_SERVER_CERTIFICATE:
-           certificate verify failed */
-        cert_problem = "SSL certificate problem, verify that the CA cert is"
-          " OK. Details:\n";
-        rc = CURLE_SSL_CACERT;
-        break;
-      default:
-        rc = CURLE_SSL_CONNECT_ERROR;
-        break;
-      }
-
-      /* detail is already set to the SSL error above */
-
-      /* If we e.g. use SSLv2 request-method and the server doesn't like us
-       * (RST connection etc.), OpenSSL gives no explanation whatsoever and
-       * the SO_ERROR is also lost.
-       */
-      if (CURLE_SSL_CONNECT_ERROR == rc && errdetail == 0) {
-        failf(data, "Unknown SSL protocol error in connection to %s:%d ",
-              conn->host.name, conn->port);
-        return rc;
-      }
-      /* Could be a CERT problem */
-
-      SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
-      failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
-      return rc;
-    }
-  }
-  else {
-    /* we have been connected fine, we're not waiting for anything else. */
-    connssl->connecting_state = ssl_connect_3;
-
-    /* Informational message */
-    infof (data, "SSL connection using %s\n",
-           SSL_get_cipher(connssl->handle));
-
-    return CURLE_OK;
-  }
-}
-
-static CURLcode
-Curl_ossl_connect_step3(struct connectdata *conn,
-                  int sockindex)
-{
-  CURLcode retcode = CURLE_OK;
-  char * str;
-  long lerr;
-  ASN1_TIME *certdate;
-  void *ssl_sessionid=NULL;
-  struct SessionHandle *data = conn->data;
-  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
-  curlassert(ssl_connect_3 == connssl->connecting_state);
-
-  if(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
-    /* Since this is not a cached session ID, then we want to stach this one
-       in the cache! */
-    SSL_SESSION *our_ssl_sessionid;
-#ifdef HAVE_SSL_GET1_SESSION
-    our_ssl_sessionid = SSL_get1_session(connssl->handle);
-
-    /* SSL_get1_session() will increment the reference
-       count and the session will stay in memory until explicitly freed with
-       SSL_SESSION_free(3), regardless of its state.
-       This function was introduced in openssl 0.9.5a. */
-#else
-    our_ssl_sessionid = SSL_get_session(connssl->handle);
-
-    /* if SSL_get1_session() is unavailable, use SSL_get_session().
-       This is an inferior option because the session can be flushed
-       at any time by openssl. It is included only so curl compiles
-       under versions of openssl < 0.9.5a.
-
-       WARNING: How curl behaves if it's session is flushed is
-       untested.
-    */
-#endif
-    retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
-                                    0 /* unknown size */);
-    if(retcode) {
-      failf(data, "failed to store ssl session");
-      return retcode;
-    }
-  }
-
-
-  /* Get server's certificate (note: beware of dynamic allocation) - opt */
-  /* major serious hack alert -- we should check certificates
-   * to authenticate the server; otherwise we risk man-in-the-middle
-   * attack
-   */
-
-  connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
-  if(!connssl->server_cert) {
-    failf(data, "SSL: couldn't get peer certificate!");
-    return CURLE_SSL_PEER_CERTIFICATE;
-  }
-  infof (data, "Server certificate:\n");
-
-  str = X509_NAME_oneline(X509_get_subject_name(connssl->server_cert),
-                          NULL, 0);
-  if(!str) {
-    failf(data, "SSL: couldn't get X509-subject!");
-    X509_free(connssl->server_cert);
-    connssl->server_cert = NULL;
-    return CURLE_SSL_CONNECT_ERROR;
-  }
-  infof(data, "\t subject: %s\n", str);
-  CRYPTO_free(str);
-
-  certdate = X509_get_notBefore(connssl->server_cert);
-  Curl_ASN1_UTCTIME_output(conn, "\t start date: ", certdate);
-
-  certdate = X509_get_notAfter(connssl->server_cert);
-  Curl_ASN1_UTCTIME_output(conn, "\t expire date: ", certdate);
-
-  if(data->set.ssl.verifyhost) {
-    retcode = verifyhost(conn, connssl->server_cert);
-    if(retcode) {
-      X509_free(connssl->server_cert);
-      connssl->server_cert = NULL;
-      return retcode;
-    }
-  }
-
-  str = X509_NAME_oneline(X509_get_issuer_name(connssl->server_cert),
-                          NULL, 0);
-  if(!str) {
-    failf(data, "SSL: couldn't get X509-issuer name!");
-    retcode = CURLE_SSL_CONNECT_ERROR;
-  }
-  else {
-    infof(data, "\t issuer: %s\n", str);
-    CRYPTO_free(str);
-
-    /* We could do all sorts of certificate verification stuff here before
-       deallocating the certificate. */
-
-    lerr = data->set.ssl.certverifyresult=
-      SSL_get_verify_result(connssl->handle);
-    if(data->set.ssl.certverifyresult != X509_V_OK) {
-      if(data->set.ssl.verifypeer) {
-        /* We probably never reach this, because SSL_connect() will fail
-           and we return earlyer if verifypeer is set? */
-        failf(data, "SSL certificate verify result: %s (%ld)",
-              X509_verify_cert_error_string(lerr), lerr);
-        retcode = CURLE_SSL_PEER_CERTIFICATE;
-      }
-      else
-        infof(data, "SSL certificate verify result: %s (%ld),"
-              " continuing anyway.\n",
-              X509_verify_cert_error_string(lerr), lerr);
-    }
-    else
-      infof(data, "SSL certificate verify ok.\n");
-  }
-
-  X509_free(connssl->server_cert);
-  connssl->server_cert = NULL;
-  connssl->connecting_state = ssl_connect_done;
-  return retcode;
-}
-
-static CURLcode
-Curl_ossl_connect_common(struct connectdata *conn,
-                         int sockindex,
-                         bool nonblocking,
-                         bool *done)
-{
-  CURLcode retcode;
-  struct SessionHandle *data = conn->data;
-  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-  curl_socket_t sockfd = conn->sock[sockindex];
-  long timeout_ms;
-
-  if (ssl_connect_1==connssl->connecting_state) {
-    retcode = Curl_ossl_connect_step1(conn, sockindex);
-    if (retcode)
-      return retcode;
-  }
-
-  timeout_ms = 0;
-  while (ssl_connect_2 == connssl->connecting_state ||
-         ssl_connect_2_reading == connssl->connecting_state ||
-         ssl_connect_2_writing == connssl->connecting_state) {
-
-    /* if ssl is expecting something, check if it's available. */
-    if (connssl->connecting_state == ssl_connect_2_reading
-        || connssl->connecting_state == ssl_connect_2_writing) {
-
-      int writefd = ssl_connect_2_writing==
-        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
-      int readfd = ssl_connect_2_reading==
-        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
-
-      while(1) {
-        int what = Curl_select(readfd, writefd, nonblocking?0:(int)timeout_ms);
-        if(what > 0)
-          /* readable or writable, go loop in the outer loop */
-          break;
-        else if(0 == what) {
-          if (nonblocking) {
-            *done = FALSE;
-            return CURLE_OK;
-          }
-          else {
-            /* timeout */
-            failf(data, "SSL connection timeout");
-            return CURLE_OPERATION_TIMEDOUT;
-          }
-        }
-        else {
-          /* anything that gets here is fatally bad */
-          failf(data, "select on SSL socket, errno: %d", Curl_sockerrno());
-          return CURLE_SSL_CONNECT_ERROR;
-        }
-      } /* while()-loop for the select() */
-    }
-
-    /* get the timeout from step2 to avoid computing it twice. */
-    retcode = Curl_ossl_connect_step2(conn, sockindex, &timeout_ms);
-    if (retcode)
-      return retcode;
-
-  } /* repeat step2 until all transactions are done. */
-
-
-  if (ssl_connect_3==connssl->connecting_state) {
-    retcode = Curl_ossl_connect_step3(conn, sockindex);
-    if (retcode)
-      return retcode;
-  }
-
-  if (ssl_connect_done==connssl->connecting_state) {
-    *done = TRUE;
-  }
-  else {
-    *done = FALSE;
-  }
-
-  /* Reset our connect state machine */
-  connssl->connecting_state = ssl_connect_1;
-
-  return CURLE_OK;
-}
-
-CURLcode
-Curl_ossl_connect_nonblocking(struct connectdata *conn,
-                              int sockindex,
-                              bool *done)
-{
-  return Curl_ossl_connect_common(conn, sockindex, TRUE, done);
-}
-
-CURLcode
-Curl_ossl_connect(struct connectdata *conn,
-                  int sockindex)
-{
-  CURLcode retcode;
-  bool done = FALSE;
-
-  retcode = Curl_ossl_connect_common(conn, sockindex, FALSE, &done);
-  if (retcode)
-    return retcode;
-
-  curlassert(done);
-
-  return CURLE_OK;
-}
-
-/* return number of sent (non-SSL) bytes */
-ssize_t Curl_ossl_send(struct connectdata *conn,
-                       int sockindex,
-                       void *mem,
-                       size_t len)
-{
-  /* SSL_write() is said to return 'int' while write() and send() returns
-     'size_t' */
-  int err;
-  char error_buffer[120]; /* OpenSSL documents that this must be at least 120
-                             bytes long. */
-  unsigned long sslerror;
-  int rc = SSL_write(conn->ssl[sockindex].handle, mem, (int)len);
-
-  if(rc < 0) {
-    err = SSL_get_error(conn->ssl[sockindex].handle, rc);
-
-    switch(err) {
-    case SSL_ERROR_WANT_READ:
-    case SSL_ERROR_WANT_WRITE:
-      /* The operation did not complete; the same TLS/SSL I/O function
-         should be called again later. This is basicly an EWOULDBLOCK
-         equivalent. */
-      return 0;
-    case SSL_ERROR_SYSCALL:
-      failf(conn->data, "SSL_write() returned SYSCALL, errno = %d\n",
-            Curl_sockerrno());
-      return -1;
-    case SSL_ERROR_SSL:
-      /*  A failure in the SSL library occurred, usually a protocol error.
-          The OpenSSL error queue contains more information on the error. */
-      sslerror = ERR_get_error();
-      failf(conn->data, "SSL_write() error: %s\n",
-            ERR_error_string(sslerror, error_buffer));
-      return -1;
-    }
-    /* a true error */
-    failf(conn->data, "SSL_write() return error %d\n", err);
-    return -1;
-  }
-  return (ssize_t)rc; /* number of bytes */
-}
-
-/*
- * If the read would block we return -1 and set 'wouldblock' to TRUE.
- * Otherwise we return the amount of data read. Other errors should return -1
- * and set 'wouldblock' to FALSE.
- */
-ssize_t Curl_ossl_recv(struct connectdata *conn, /* connection data */
-                       int num,                  /* socketindex */
-                       char *buf,                /* store read data here */
-                       size_t buffersize,        /* max amount to read */
-                       bool *wouldblock)
-{
-  char error_buffer[120]; /* OpenSSL documents that this must be at
-                             least 120 bytes long. */
-  unsigned long sslerror;
-  ssize_t nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf,
-                                    (int)buffersize);
-  *wouldblock = FALSE;
-  if(nread < 0) {
-    /* failed SSL_read */
-    int err = SSL_get_error(conn->ssl[num].handle, (int)nread);
-
-    switch(err) {
-    case SSL_ERROR_NONE: /* this is not an error */
-    case SSL_ERROR_ZERO_RETURN: /* no more data */
-      break;
-    case SSL_ERROR_WANT_READ:
-    case SSL_ERROR_WANT_WRITE:
-      /* there's data pending, re-invoke SSL_read() */
-      *wouldblock = TRUE;
-      return -1; /* basically EWOULDBLOCK */
-    default:
-      /* openssl/ssl.h says "look at error stack/return value/errno" */
-      sslerror = ERR_get_error();
-      failf(conn->data, "SSL read: %s, errno %d",
-            ERR_error_string(sslerror, error_buffer),
-            Curl_sockerrno() );
-      return -1;
-    }
-  }
-  return nread;
-}
-
-size_t Curl_ossl_version(char *buffer, size_t size)
-{
-#ifdef YASSL_VERSION
-  /* yassl provides an OpenSSL API compatiblity layer so it looks identical
-     to OpenSSL in all other aspects */
-  return snprintf(buffer, size, " yassl/%s", YASSL_VERSION);
-#else /* YASSL_VERSION */
-
-#if (SSLEAY_VERSION_NUMBER >= 0x905000)
-  {
-    char sub[2];
-    unsigned long ssleay_value;
-    sub[1]='\0';
-    ssleay_value=SSLeay();
-    if(ssleay_value < 0x906000) {
-      ssleay_value=SSLEAY_VERSION_NUMBER;
-      sub[0]='\0';
-    }
-    else {
-      if(ssleay_value&0xff0) {
-        sub[0]=(char)(((ssleay_value>>4)&0xff) + 'a' -1);
-      }
-      else
-        sub[0]='\0';
-    }
-
-    return snprintf(buffer, size, " OpenSSL/%lx.%lx.%lx%s",
-                    (ssleay_value>>28)&0xf,
-                    (ssleay_value>>20)&0xff,
-                    (ssleay_value>>12)&0xff,
-                    sub);
-  }
-
-#else /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
-
-#if (SSLEAY_VERSION_NUMBER >= 0x900000)
-  return snprintf(buffer, size, " OpenSSL/%lx.%lx.%lx",
-                  (SSLEAY_VERSION_NUMBER>>28)&0xff,
-                  (SSLEAY_VERSION_NUMBER>>20)&0xff,
-                  (SSLEAY_VERSION_NUMBER>>12)&0xf);
-
-#else /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
-  {
-    char sub[2];
-    sub[1]='\0';
-    if(SSLEAY_VERSION_NUMBER&0x0f) {
-      sub[0]=(SSLEAY_VERSION_NUMBER&0x0f) + 'a' -1;
-    }
-    else
-      sub[0]='\0';
-
-    return snprintf(buffer, size, " SSL/%x.%x.%x%s",
-                    (SSLEAY_VERSION_NUMBER>>12)&0xff,
-                    (SSLEAY_VERSION_NUMBER>>8)&0xf,
-                    (SSLEAY_VERSION_NUMBER>>4)&0xf, sub);
-  }
-#endif /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
-#endif /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
-
-#endif /* YASSL_VERSION */
-}
-#endif /* USE_SSLEAY */
diff --git a/Utilities/cmcurl/strdup.h b/Utilities/cmcurl/strdup.h
deleted file mode 100644
index 3206db3..0000000
--- a/Utilities/cmcurl/strdup.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#ifndef _CURL_STRDUP_H
-#define _CURL_STRDUP_H
-
-#include "setup.h"
-
-#ifndef HAVE_STRDUP
-extern char *curlx_strdup(const char *str);
-#endif
-
-#endif
-
diff --git a/Utilities/cmcurl/strerror.c b/Utilities/cmcurl/strerror.c
deleted file mode 100644
index 74c3457..0000000
--- a/Utilities/cmcurl/strerror.c
+++ /dev/null
@@ -1,751 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2004 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#ifdef HAVE_STRERROR_R
-#if !defined(HAVE_POSIX_STRERROR_R) && !defined(HAVE_GLIBC_STRERROR_R)
-#error "you MUST have either POSIX or glibc strerror_r if strerror_r is found"
-#endif /* !POSIX && !glibc */
-#endif /* HAVE_STRERROR_R */
-
-#include <curl/curl.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-
-#ifdef USE_LIBIDN
-#include <idna.h>
-#endif
-
-#include "strerror.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#if defined(HAVE_STRERROR_R) && defined(HAVE_NO_STRERROR_R_DECL)
-#ifdef HAVE_POSIX_STRERROR_R
-/* seen on AIX 5100-02 gcc 2.9 */
-extern int strerror_r(int errnum, char *strerrbuf, size_t buflen);
-#else
-extern char *strerror_r(int errnum, char *buf, size_t buflen);
-#endif
-#endif
-
-const char *
-curl_easy_strerror(CURLcode error)
-{
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-  switch (error) {
-  case CURLE_OK:
-    return "no error";
-
-  case CURLE_UNSUPPORTED_PROTOCOL:
-    return "unsupported protocol";
-
-  case CURLE_FAILED_INIT:
-    return "failed init";
-
-  case CURLE_URL_MALFORMAT:
-    return "URL using bad/illegal format or missing URL";
-
-  case CURLE_NOT_BUILT_IN:
-    return "A requested feature, protocol or option was not found built-in in"
-      " this libcurl due to a build-time decision.";
-
-  case CURLE_COULDNT_RESOLVE_PROXY:
-    return "couldn't resolve proxy name";
-
-  case CURLE_COULDNT_RESOLVE_HOST:
-    return "couldn't resolve host name";
-
-  case CURLE_COULDNT_CONNECT:
-    return "couldn't connect to server";
-
-  case CURLE_FTP_WEIRD_SERVER_REPLY:
-    return "FTP: weird server reply";
-
-  case CURLE_FTP_ACCESS_DENIED:
-    return "FTP: access denied";
-
-  case CURLE_FTP_WEIRD_PASS_REPLY:
-    return "FTP: unknown PASS reply";
-
-  case CURLE_FTP_WEIRD_USER_REPLY:
-    return "FTP: unknown USER reply";
-
-  case CURLE_FTP_WEIRD_PASV_REPLY:
-    return "FTP: unknown PASV reply";
-
-  case CURLE_FTP_WEIRD_227_FORMAT:
-    return "FTP: unknown 227 response format";
-
-  case CURLE_FTP_CANT_GET_HOST:
-    return "FTP: can't figure out the host in the PASV response";
-
-  case CURLE_FTP_CANT_RECONNECT:
-    return "FTP: can't connect to server the response code is unknown";
-
-  case CURLE_FTP_COULDNT_SET_BINARY:
-    return "FTP: couldn't set binary mode";
-
-  case CURLE_PARTIAL_FILE:
-    return "Transferred a partial file";
-
-  case CURLE_FTP_COULDNT_RETR_FILE:
-    return "FTP: couldn't retrieve (RETR failed) the specified file";
-
-  case CURLE_FTP_WRITE_ERROR:
-    return "FTP: the post-transfer acknowledge response was not OK";
-
-  case CURLE_FTP_QUOTE_ERROR:
-    return "FTP: a quote command returned error";
-
-  case CURLE_HTTP_RETURNED_ERROR:
-    return "HTTP response code said error";
-
-  case CURLE_WRITE_ERROR:
-    return "failed writing received data to disk/application";
-
-  case CURLE_FTP_COULDNT_STOR_FILE:
-    return "failed FTP upload (the STOR command)";
-
-  case CURLE_READ_ERROR:
-    return "failed to open/read local data from file/application";
-
-  case CURLE_OUT_OF_MEMORY:
-#ifdef CURL_DOES_CONVERSIONS
-    return "conversion failed -or- out of memory";
-#else
-    return "out of memory";
-#endif /* CURL_DOES_CONVERSIONS */
-
-  case CURLE_OPERATION_TIMEOUTED:
-    return "a timeout was reached";
-
-  case CURLE_FTP_COULDNT_SET_ASCII:
-    return "FTP could not set ASCII mode (TYPE A)";
-
-  case CURLE_FTP_PORT_FAILED:
-    return "FTP command PORT failed";
-
-  case CURLE_FTP_COULDNT_USE_REST:
-    return "FTP command REST failed";
-
-  case CURLE_FTP_COULDNT_GET_SIZE:
-    return "FTP command SIZE failed";
-
-  case CURLE_HTTP_RANGE_ERROR:
-    return "a range was requested but the server did not deliver it";
-
-  case CURLE_HTTP_POST_ERROR:
-    return "internal problem setting up the POST";
-
-  case CURLE_SSL_CONNECT_ERROR:
-    return "SSL connect error";
-
-  case CURLE_BAD_DOWNLOAD_RESUME:
-    return "couldn't resume download";
-
-  case CURLE_FILE_COULDNT_READ_FILE:
-    return "couldn't read a file:// file";
-
-  case CURLE_LDAP_CANNOT_BIND:
-    return "LDAP: cannot bind";
-
-  case CURLE_LDAP_SEARCH_FAILED:
-    return "LDAP: search failed";
-
-  case CURLE_LIBRARY_NOT_FOUND:
-    return "a required shared library was not found";
-
-  case CURLE_FUNCTION_NOT_FOUND:
-    return "a required function in the shared library was not found";
-
-  case CURLE_ABORTED_BY_CALLBACK:
-    return "the operation was aborted by an application callback";
-
-  case CURLE_BAD_FUNCTION_ARGUMENT:
-    return "a libcurl function was given a bad argument";
-
-  case CURLE_INTERFACE_FAILED:
-    return "failed binding local connection end";
-
-  case CURLE_TOO_MANY_REDIRECTS :
-    return "number of redirects hit maximum amount";
-
-  case CURLE_UNKNOWN_TELNET_OPTION:
-    return "User specified an unknown option";
-
-  case CURLE_TELNET_OPTION_SYNTAX :
-    return "Malformed telnet option";
-
-  case CURLE_SSL_PEER_CERTIFICATE:
-    return "SSL peer certificate was not ok";
-
-  case CURLE_GOT_NOTHING:
-    return "server returned nothing (no headers, no data)";
-
-  case CURLE_SSL_ENGINE_NOTFOUND:
-    return "SSL crypto engine not found";
-
-  case CURLE_SSL_ENGINE_SETFAILED:
-    return "can not set SSL crypto engine as default";
-
-  case CURLE_SSL_ENGINE_INITFAILED:
-    return "failed to initialise SSL crypto engine";
-
-  case CURLE_SEND_ERROR:
-    return "failed sending data to the peer";
-
-  case CURLE_RECV_ERROR:
-    return "failure when receiving data from the peer";
-
-  case CURLE_SHARE_IN_USE:
-    return "share is already in use";
-
-  case CURLE_SSL_CERTPROBLEM:
-    return "problem with the local SSL certificate";
-
-  case CURLE_SSL_CIPHER:
-    return "couldn't use specified SSL cipher";
-
-  case CURLE_SSL_CACERT:
-    return "peer certificate cannot be authenticated with known CA certificates";
-
-  case CURLE_SSL_CACERT_BADFILE:
-    return "problem with the SSL CA cert (path? access rights?)";
-
-  case CURLE_BAD_CONTENT_ENCODING:
-    return "Unrecognized HTTP Content-Encoding";
-
-  case CURLE_LDAP_INVALID_URL:
-    return "Invalid LDAP URL";
-
-  case CURLE_FILESIZE_EXCEEDED:
-    return "Maximum file size exceeded";
-
-  case CURLE_FTP_SSL_FAILED:
-    return "Requested FTP SSL level failed";
-
-  case CURLE_SSL_SHUTDOWN_FAILED:
-    return "Failed to shut down the SSL connection";
-
-  case CURLE_SEND_FAIL_REWIND:
-    return "Send failed since rewinding of the data stream failed";
-
-  case CURLE_LOGIN_DENIED:
-    return "FTP: login denied";
-
-  case CURLE_TFTP_NOTFOUND:
-    return "TFTP: File Not Found";
-
-  case CURLE_TFTP_PERM:
-    return "TFTP: Access Violation";
-
-  case CURLE_TFTP_DISKFULL:
-    return "TFTP: Disk full or allocation exceeded";
-
-  case CURLE_TFTP_ILLEGAL:
-    return "TFTP: Illegal operation";
-
-  case CURLE_TFTP_UNKNOWNID:
-    return "TFTP: Unknown transfer ID";
-
-  case CURLE_TFTP_EXISTS:
-    return "TFTP: File already exists";
-
-  case CURLE_TFTP_NOSUCHUSER:
-    return "TFTP: No such user";
-
-  case CURLE_CONV_FAILED:
-    return "conversion failed";
-
-  case CURLE_CONV_REQD:
-    return "caller must register CURLOPT_CONV_ callback options";
-
-  case CURLE_REMOTE_FILE_NOT_FOUND:
-    return "Remote file not found";
-
-  case CURLE_SSH:
-    return "Error in the SSH layer";
-
-    /* error codes not used by current libcurl */
-  case CURLE_FTP_USER_PASSWORD_INCORRECT:
-  case CURLE_MALFORMAT_USER:
-  case CURLE_BAD_CALLING_ORDER:
-  case CURLE_BAD_PASSWORD_ENTERED:
-  case CURLE_OBSOLETE:
-  case CURL_LAST:
-    break;
-  }
-  /*
-   * By using a switch, gcc -Wall will complain about enum values
-   * which do not appear, helping keep this function up-to-date.
-   * By using gcc -Wall -Werror, you can't forget.
-   *
-   * A table would not have the same benefit.  Most compilers will
-   * generate code very similar to a table in any case, so there
-   * is little performance gain from a table.  And something is broken
-   * for the user's application, anyways, so does it matter how fast
-   * it _doesn't_ work?
-   *
-   * The line number for the error will be near this comment, which
-   * is why it is here, and not at the start of the switch.
-   */
-  return "unknown error";
-#else
-  if (error == CURLE_OK)
-    return "no error";
-  else
-    return "error";
-#endif
-}
-
-const char *
-curl_multi_strerror(CURLMcode error)
-{
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-  switch (error) {
-  case CURLM_CALL_MULTI_PERFORM:
-    return "please call curl_multi_perform() soon";
-
-  case CURLM_OK:
-    return "no error";
-
-  case CURLM_BAD_HANDLE:
-    return "invalid multi handle";
-
-  case CURLM_BAD_EASY_HANDLE:
-    return "invalid easy handle";
-
-  case CURLM_OUT_OF_MEMORY:
-    return "out of memory";
-
-  case CURLM_INTERNAL_ERROR:
-    return "internal error";
-
-  case CURLM_BAD_SOCKET:
-    return "invalid socket argument";
-
-  case CURLM_UNKNOWN_OPTION:
-    return "unknown option";
-
-  case CURLM_LAST:
-    break;
-  }
-
-  return "unknown error";
-#else
-  if (error == CURLM_OK)
-    return "no error";
-  else
-    return "error";
-#endif
-}
-
-const char *
-curl_share_strerror(CURLSHcode error)
-{
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-  switch (error) {
-  case CURLSHE_OK:
-    return "no error";
-
-  case CURLSHE_BAD_OPTION:
-    return "unknown share option";
-
-  case CURLSHE_IN_USE:
-    return "share currently in use";
-
-  case CURLSHE_INVALID:
-    return "invalid share handle";
-
-  case CURLSHE_NOMEM:
-    return "out of memory";
-
-  case CURLSHE_LAST:
-    break;
-  }
-
-  return "CURLSH unknown";
-#else
-  if (error == CURLSHE_OK)
-    return "no error";
-  else
-    return "error";
-#endif
-}
-
-#ifdef USE_WINSOCK
-
-/* This function handles most / all (?) Winsock errors cURL is able to produce.
- */
-static const char *
-get_winsock_error (int err, char *buf, size_t len)
-{
-  const char *p;
-
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-  switch (err) {
-  case WSAEINTR:
-    p = "Call interrupted.";
-    break;
-  case WSAEBADF:
-    p = "Bad file";
-    break;
-  case WSAEACCES:
-    p = "Bad access";
-    break;
-  case WSAEFAULT:
-    p = "Bad argument";
-    break;
-  case WSAEINVAL:
-    p = "Invalid arguments";
-    break;
-  case WSAEMFILE:
-    p = "Out of file descriptors";
-    break;
-  case WSAEWOULDBLOCK:
-    p = "Call would block";
-    break;
-  case WSAEINPROGRESS:
-  case WSAEALREADY:
-    p = "Blocking call in progress";
-    break;
-  case WSAENOTSOCK:
-    p = "Descriptor is not a socket.";
-    break;
-  case WSAEDESTADDRREQ:
-    p = "Need destination address";
-    break;
-  case WSAEMSGSIZE:
-    p = "Bad message size";
-    break;
-  case WSAEPROTOTYPE:
-    p = "Bad protocol";
-    break;
-  case WSAENOPROTOOPT:
-    p = "Protocol option is unsupported";
-    break;
-  case WSAEPROTONOSUPPORT:
-    p = "Protocol is unsupported";
-    break;
-  case WSAESOCKTNOSUPPORT:
-    p = "Socket is unsupported";
-    break;
-  case WSAEOPNOTSUPP:
-    p = "Operation not supported";
-    break;
-  case WSAEAFNOSUPPORT:
-    p = "Address family not supported";
-    break;
-  case WSAEPFNOSUPPORT:
-    p = "Protocol family not supported";
-    break;
-  case WSAEADDRINUSE:
-    p = "Address already in use";
-    break;
-  case WSAEADDRNOTAVAIL:
-    p = "Address not available";
-    break;
-  case WSAENETDOWN:
-    p = "Network down";
-    break;
-  case WSAENETUNREACH:
-    p = "Network unreachable";
-    break;
-  case WSAENETRESET:
-    p = "Network has been reset";
-    break;
-  case WSAECONNABORTED:
-    p = "Connection was aborted";
-    break;
-  case WSAECONNRESET:
-    p = "Connection was reset";
-    break;
-  case WSAENOBUFS:
-    p = "No buffer space";
-    break;
-  case WSAEISCONN:
-    p = "Socket is already connected";
-    break;
-  case WSAENOTCONN:
-    p = "Socket is not connected";
-    break;
-  case WSAESHUTDOWN:
-    p = "Socket has been shut down";
-    break;
-  case WSAETOOMANYREFS:
-    p = "Too many references";
-    break;
-  case WSAETIMEDOUT:
-    p = "Timed out";
-    break;
-  case WSAECONNREFUSED:
-    p = "Connection refused";
-    break;
-  case WSAELOOP:
-    p = "Loop??";
-    break;
-  case WSAENAMETOOLONG:
-    p = "Name too long";
-    break;
-  case WSAEHOSTDOWN:
-    p = "Host down";
-    break;
-  case WSAEHOSTUNREACH:
-    p = "Host unreachable";
-    break;
-  case WSAENOTEMPTY:
-    p = "Not empty";
-    break;
-  case WSAEPROCLIM:
-    p = "Process limit reached";
-    break;
-  case WSAEUSERS:
-    p = "Too many users";
-    break;
-  case WSAEDQUOT:
-    p = "Bad quota";
-    break;
-  case WSAESTALE:
-    p = "Something is stale";
-    break;
-  case WSAEREMOTE:
-    p = "Remote error";
-    break;
-#ifdef WSAEDISCON  /* missing in SalfordC! */
-  case WSAEDISCON:
-    p = "Disconnected";
-    break;
-#endif
-    /* Extended Winsock errors */
-  case WSASYSNOTREADY:
-    p = "Winsock library is not ready";
-    break;
-  case WSANOTINITIALISED:
-    p = "Winsock library not initialised";
-    break;
-  case WSAVERNOTSUPPORTED:
-    p = "Winsock version not supported.";
-    break;
-
-    /* getXbyY() errors (already handled in herrmsg):
-     * Authoritative Answer: Host not found */
-  case WSAHOST_NOT_FOUND:
-    p = "Host not found";
-    break;
-
-    /* Non-Authoritative: Host not found, or SERVERFAIL */
-  case WSATRY_AGAIN:
-    p = "Host not found, try again";
-    break;
-
-    /* Non recoverable errors, FORMERR, REFUSED, NOTIMP */
-  case WSANO_RECOVERY:
-    p = "Unrecoverable error in call to nameserver";
-    break;
-
-    /* Valid name, no data record of requested type */
-  case WSANO_DATA:
-    p = "No data record of requested type";
-    break;
-
-  default:
-    return NULL;
-  }
-#else
-  if (error == CURLE_OK)
-    return NULL;
-  else
-    p = "error";
-#endif
-  strncpy (buf, p, len);
-  buf [len-1] = '\0';
-  return buf;
-}
-#endif   /* USE_WINSOCK */
-
-/*
- * Our thread-safe and smart strerror() replacement.
- *
- * The 'err' argument passed in to this function MUST be a true errno number
- * as reported on this system. We do no range checking on the number before
- * we pass it to the "number-to-message" convertion function and there might
- * be systems that don't do proper range checking in there themselves.
- *
- * We don't do range checking (on systems other than Windows) since there is
- * no good reliable and portable way to do it.
- */
-const char *Curl_strerror(struct connectdata *conn, int err)
-{
-  char *buf, *p;
-  size_t max;
-
-  curlassert(conn);
-  curlassert(err >= 0);
-
-  buf = conn->syserr_buf;
-  max = sizeof(conn->syserr_buf)-1;
-  *buf = '\0';
-
-#ifdef USE_WINSOCK
-
-#ifdef _WIN32_WCE
-  buf[0]=0;
-  {
-    wchar_t wbuf[256];
-
-    FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, err,
-                  LANG_NEUTRAL, wbuf, sizeof(wbuf)/sizeof(wchar_t), NULL);
-    wcstombs(buf,wbuf,max);
-  }
-
-#else
-
-  /* 'sys_nerr' is the maximum errno number, it is not widely portable */
-  if (err >= 0 && err < sys_nerr)
-    strncpy(buf, strerror(err), max);
-  else {
-    if (!get_winsock_error(err, buf, max) &&
-        !FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, err,
-                       LANG_NEUTRAL, buf, (DWORD)max, NULL))
-      snprintf(buf, max, "Unknown error %d (%#x)", err, err);
-  }
-#endif
-#else /* not USE_WINSOCK coming up */
-
-  /* These should be atomic and hopefully thread-safe */
-#ifdef HAVE_STRERROR_R
-  /* There are two different APIs for strerror_r(). The POSIX and the GLIBC
-     versions. */
-#ifdef HAVE_POSIX_STRERROR_R
-  strerror_r(err, buf, max);
-  /* this may set errno to ERANGE if insufficient storage was supplied via
-     'strerrbuf' and 'buflen' to contain the generated message string, or
-     EINVAL if the value of 'errnum' is not a valid error number.*/
-#else
-  {
-    /* HAVE_GLIBC_STRERROR_R */
-    char buffer[256];
-    char *msg = strerror_r(err, buffer, sizeof(buffer));
-    /* this version of strerror_r() only *might* use the buffer we pass to
-       the function, but it always returns the error message as a pointer,
-       so we must copy that string unconditionally (if non-NULL) */
-    if(msg)
-      strncpy(buf, msg, max);
-    else
-      snprintf(buf, max, "Unknown error %d", err);
-  }
-#endif /* end of HAVE_GLIBC_STRERROR_R */
-#else /* HAVE_STRERROR_R */
-  strncpy(buf, strerror(err), max);
-#endif /* end of HAVE_STRERROR_R */
-#endif /* end of ! USE_WINSOCK */
-
-  buf[max] = '\0'; /* make sure the string is zero terminated */
-
-  /* strip trailing '\r\n' or '\n'. */
-  if ((p = strrchr(buf,'\n')) != NULL && (p - buf) >= 2)
-     *p = '\0';
-  if ((p = strrchr(buf,'\r')) != NULL && (p - buf) >= 1)
-     *p = '\0';
-  return buf;
-}
-
-#ifdef USE_LIBIDN
-/*
- * Return error-string for libidn status as returned from idna_to_ascii_lz().
- */
-const char *Curl_idn_strerror (struct connectdata *conn, int err)
-{
-#ifdef HAVE_IDNA_STRERROR
-  (void)conn;
-  return idna_strerror((Idna_rc) err);
-#else
-  const char *str;
-  char *buf;
-  size_t max;
-
-  curlassert(conn);
-
-  buf = conn->syserr_buf;
-  max = sizeof(conn->syserr_buf)-1;
-
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-  switch ((Idna_rc)err) {
-    case IDNA_SUCCESS:
-      str = "No error";
-      break;
-    case IDNA_STRINGPREP_ERROR:
-      str = "Error in string preparation";
-      break;
-    case IDNA_PUNYCODE_ERROR:
-      str = "Error in Punycode operation";
-      break;
-    case IDNA_CONTAINS_NON_LDH:
-      str = "Illegal ASCII characters";
-      break;
-    case IDNA_CONTAINS_MINUS:
-      str = "Contains minus";
-      break;
-    case IDNA_INVALID_LENGTH:
-      str = "Invalid output length";
-      break;
-    case IDNA_NO_ACE_PREFIX:
-      str = "No ACE prefix (\"xn--\")";
-      break;
-    case IDNA_ROUNDTRIP_VERIFY_ERROR:
-      str = "Roundtrip verify error";
-      break;
-    case IDNA_CONTAINS_ACE_PREFIX:
-      str = "Already have ACE prefix (\"xn--\")";
-      break;
-    case IDNA_ICONV_ERROR:
-      str = "Locale conversion failed";
-      break;
-    case IDNA_MALLOC_ERROR:
-      str = "Allocation failed";
-      break;
-    case IDNA_DLOPEN_ERROR:
-      str = "dlopen() error";
-      break;
-    default:
-      snprintf(buf, max, "error %d", (int)err);
-      str = NULL;
-      break;
-  }
-#else
-  if ((Idna_rc)err == IDNA_SUCCESS)
-    str = "No error";
-  else
-    str = "error";
-#endif
-  if (str)
-    strncpy(buf, str, max);
-  buf[max] = '\0';
-  return (buf);
-#endif
-}
-#endif  /* USE_LIBIDN */
diff --git a/Utilities/cmcurl/strtok.h b/Utilities/cmcurl/strtok.h
deleted file mode 100644
index cf9fac8..0000000
--- a/Utilities/cmcurl/strtok.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#ifndef _CURL_STRTOK_R_H
-#define _CURL_STRTOK_R_H
-
-#include "setup.h"
-#include <stddef.h>
-
-#ifndef HAVE_STRTOK_R
-char *Curl_strtok_r(char *s, const char *delim, char **last);
-#define strtok_r Curl_strtok_r
-#else
-#include <string.h>
-#endif
-
-#endif
-
diff --git a/Utilities/cmcurl/strtoofft.h b/Utilities/cmcurl/strtoofft.h
deleted file mode 100644
index e27b432..0000000
--- a/Utilities/cmcurl/strtoofft.h
+++ /dev/null
@@ -1,73 +0,0 @@
-#ifndef _CURL_STRTOOFFT_H
-#define _CURL_STRTOOFFT_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-/*
- * CAUTION: this header is designed to work when included by the app-side
- * as well as the library. Do not mix with library internals!
- */
-
-#include "setup.h"
-#include <stddef.h>
-#include <curl/curl.h> /* for the curl_off_t type */
-
-/* Determine what type of file offset conversion handling we wish to use.  For
- * systems with a 32-bit curl_off_t type, we should use strtol.  For systems
- * with a 64-bit curl_off_t type, we should use strtoll if it exists, and if
- * not, should try to emulate its functionality.  At any rate, we define
- * 'strtoofft' such that it can be used to work with curl_off_t's regardless.
- */
-#if (SIZEOF_CURL_OFF_T > 4) && (SIZEOF_LONG < 8)
-#if HAVE_STRTOLL
-#define curlx_strtoofft strtoll
-#else /* HAVE_STRTOLL */
-
-/* For MSVC7 we can use _strtoi64() which seems to be a strtoll() clone */
-#if defined(_MSC_VER) && (_MSC_VER >= 1300)
-#define curlx_strtoofft _strtoi64
-#else /* MSVC7 or later */
-curl_off_t curlx_strtoll(const char *nptr, char **endptr, int base);
-#define curlx_strtoofft curlx_strtoll
-#define NEED_CURL_STRTOLL
-#endif /* MSVC7 or later */
-
-#endif /* HAVE_STRTOLL */
-#else /* (SIZEOF_CURL_OFF_T > 4) && (SIZEOF_LONG < 8) */
-/* simply use strtol() to get numbers, either 32 or 64 bit */
-#define curlx_strtoofft strtol
-#endif
-
-#if defined(_MSC_VER) || defined(__WATCOMC__)
-#define CURL_LLONG_MIN 0x8000000000000000i64
-#define CURL_LLONG_MAX 0x7FFFFFFFFFFFFFFFi64
-#elif defined(HAVE_LL)
-#define CURL_LLONG_MIN 0x8000000000000000LL
-#define CURL_LLONG_MAX 0x7FFFFFFFFFFFFFFFLL
-#else
-#define CURL_LLONG_MIN 0x8000000000000000L
-#define CURL_LLONG_MAX 0x7FFFFFFFFFFFFFFFL
-#endif
-
-#endif
-
diff --git a/Utilities/cmcurl/telnet.c b/Utilities/cmcurl/telnet.c
deleted file mode 100644
index 97d22b7..0000000
--- a/Utilities/cmcurl/telnet.c
+++ /dev/null
@@ -1,1403 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#ifndef CURL_DISABLE_TELNET
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#if defined(WIN32)
-#include <time.h>
-#include <io.h>
-#else
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#include <netinet/in.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <netdb.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#include <sys/ioctl.h>
-#include <signal.h>
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-
-#endif
-
-#include "urldata.h"
-#include <curl/curl.h>
-#include "transfer.h"
-#include "sendf.h"
-#include "telnet.h"
-#include "connect.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#define  TELOPTS
-#define  TELCMDS
-
-#include "arpa_telnet.h"
-#include "memory.h"
-#include "select.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#define SUBBUFSIZE 512
-
-#define CURL_SB_CLEAR(x)  x->subpointer = x->subbuffer;
-#define CURL_SB_TERM(x)   { x->subend = x->subpointer; CURL_SB_CLEAR(x); }
-#define CURL_SB_ACCUM(x,c) \
-  if (x->subpointer < (x->subbuffer+sizeof x->subbuffer)) { \
-    *x->subpointer++ = (c); \
-  }
-
-#define  CURL_SB_GET(x) ((*x->subpointer++)&0xff)
-#define  CURL_SB_PEEK(x)   ((*x->subpointer)&0xff)
-#define  CURL_SB_EOF(x) (x->subpointer >= x->subend)
-#define  CURL_SB_LEN(x) (x->subend - x->subpointer)
-
-#ifdef USE_WINSOCK
-typedef FARPROC WSOCK2_FUNC;
-static CURLcode check_wsock2 ( struct SessionHandle *data );
-#endif
-
-static
-void telrcv(struct connectdata *,
-            unsigned char *inbuf,       /* Data received from socket */
-            ssize_t count);             /* Number of bytes received */
-
-static void printoption(struct SessionHandle *data,
-                        const char *direction,
-                        int cmd, int option);
-
-static void negotiate(struct connectdata *);
-static void send_negotiation(struct connectdata *, int cmd, int option);
-static void set_local_option(struct connectdata *, int cmd, int option);
-static void set_remote_option(struct connectdata *, int cmd, int option);
-
-static void printsub(struct SessionHandle *data,
-                     int direction, unsigned char *pointer,
-                     size_t length);
-static void suboption(struct connectdata *);
-
-/* For negotiation compliant to RFC 1143 */
-#define CURL_NO          0
-#define CURL_YES         1
-#define CURL_WANTYES     2
-#define CURL_WANTNO      3
-
-#define CURL_EMPTY       0
-#define CURL_OPPOSITE    1
-
-/*
- * Telnet receiver states for fsm
- */
-typedef enum
-{
-   CURL_TS_DATA = 0,
-   CURL_TS_IAC,
-   CURL_TS_WILL,
-   CURL_TS_WONT,
-   CURL_TS_DO,
-   CURL_TS_DONT,
-   CURL_TS_CR,
-   CURL_TS_SB,   /* sub-option collection */
-   CURL_TS_SE   /* looking for sub-option end */
-} TelnetReceive;
-
-struct TELNET {
-  int please_negotiate;
-  int already_negotiated;
-  int us[256];
-  int usq[256];
-  int us_preferred[256];
-  int him[256];
-  int himq[256];
-  int him_preferred[256];
-  char subopt_ttype[32];             /* Set with suboption TTYPE */
-  char subopt_xdisploc[128];          /* Set with suboption XDISPLOC */
-  struct curl_slist *telnet_vars; /* Environment variables */
-
-  /* suboptions */
-  unsigned char subbuffer[SUBBUFSIZE];
-  unsigned char *subpointer, *subend;      /* buffer for sub-options */
-
-  TelnetReceive telrcv_state;
-};
-
-#ifdef USE_WINSOCK
-static CURLcode
-check_wsock2 ( struct SessionHandle *data )
-{
-  int err;
-  WORD wVersionRequested;
-  WSADATA wsaData;
-
-  curlassert(data);
-
-  /* telnet requires at least WinSock 2.0 so ask for it. */
-  wVersionRequested = MAKEWORD(2, 0);
-
-  err = WSAStartup(wVersionRequested, &wsaData);
-
-  /* We must've called this once already, so this call */
-  /* should always succeed.  But, just in case... */
-  if (err != 0) {
-    failf(data,"WSAStartup failed (%d)",err);
-    return CURLE_FAILED_INIT;
-  }
-
-  /* We have to have a WSACleanup call for every successful */
-  /* WSAStartup call. */
-  WSACleanup();
-
-  /* Check that our version is supported */
-  if (LOBYTE(wsaData.wVersion) != LOBYTE(wVersionRequested) ||
-      HIBYTE(wsaData.wVersion) != HIBYTE(wVersionRequested)) {
-      /* Our version isn't supported */
-      failf(data,"insufficient winsock version to support "
-            "telnet");
-      return CURLE_FAILED_INIT;
-  }
-
-  /* Our version is supported */
-  return CURLE_OK;
-}
-#endif
-
-static
-CURLcode init_telnet(struct connectdata *conn)
-{
-  struct TELNET *tn;
-
-  tn = (struct TELNET *)calloc(1, sizeof(struct TELNET));
-  if(!tn)
-    return CURLE_OUT_OF_MEMORY;
-
-  conn->data->reqdata.proto.telnet = (void *)tn; /* make us known */
-
-  tn->telrcv_state = CURL_TS_DATA;
-
-  /* Init suboptions */
-  CURL_SB_CLEAR(tn);
-
-  /* Set the options we want by default */
-  tn->us_preferred[CURL_TELOPT_BINARY] = CURL_YES;
-  tn->us_preferred[CURL_TELOPT_SGA] = CURL_YES;
-  tn->him_preferred[CURL_TELOPT_BINARY] = CURL_YES;
-  tn->him_preferred[CURL_TELOPT_SGA] = CURL_YES;
-
-  return CURLE_OK;
-}
-
-static void negotiate(struct connectdata *conn)
-{
-  int i;
-  struct TELNET *tn = (struct TELNET *) conn->data->reqdata.proto.telnet;
-
-  for(i = 0;i < CURL_NTELOPTS;i++)
-  {
-    if(tn->us_preferred[i] == CURL_YES)
-      set_local_option(conn, i, CURL_YES);
-
-    if(tn->him_preferred[i] == CURL_YES)
-      set_remote_option(conn, i, CURL_YES);
-  }
-}
-
-static void printoption(struct SessionHandle *data,
-                        const char *direction, int cmd, int option)
-{
-  const char *fmt;
-  const char *opt;
-
-  if (data->set.verbose)
-  {
-    if (cmd == CURL_IAC)
-    {
-      if (CURL_TELCMD_OK(option))
-        infof(data, "%s IAC %s\n", direction, CURL_TELCMD(option));
-      else
-        infof(data, "%s IAC %d\n", direction, option);
-    }
-    else
-    {
-      fmt = (cmd == CURL_WILL) ? "WILL" : (cmd == CURL_WONT) ? "WONT" :
-        (cmd == CURL_DO) ? "DO" : (cmd == CURL_DONT) ? "DONT" : 0;
-      if (fmt)
-      {
-        if (CURL_TELOPT_OK(option))
-          opt = CURL_TELOPT(option);
-        else if (option == CURL_TELOPT_EXOPL)
-          opt = "EXOPL";
-        else
-          opt = NULL;
-
-        if(opt)
-          infof(data, "%s %s %s\n", direction, fmt, opt);
-        else
-          infof(data, "%s %s %d\n", direction, fmt, option);
-      }
-      else
-        infof(data, "%s %d %d\n", direction, cmd, option);
-    }
-  }
-}
-
-static void send_negotiation(struct connectdata *conn, int cmd, int option)
-{
-   unsigned char buf[3];
-   ssize_t bytes_written;
-   int err;
-   struct SessionHandle *data = conn->data;
-
-   buf[0] = CURL_IAC;
-   buf[1] = (unsigned char)cmd;
-   buf[2] = (unsigned char)option;
-
-   bytes_written = swrite(conn->sock[FIRSTSOCKET], buf, 3);
-   if(bytes_written < 0) {
-     err = Curl_sockerrno();
-     failf(data,"Sending data failed (%d)",err);
-   }
-
-   printoption(conn->data, "SENT", cmd, option);
-}
-
-static
-void set_remote_option(struct connectdata *conn, int option, int newstate)
-{
-  struct TELNET *tn = (struct TELNET *)conn->data->reqdata.proto.telnet;
-  if(newstate == CURL_YES)
-  {
-    switch(tn->him[option])
-    {
-      case CURL_NO:
-        tn->him[option] = CURL_WANTYES;
-        send_negotiation(conn, CURL_DO, option);
-        break;
-
-      case CURL_YES:
-        /* Already enabled */
-        break;
-
-      case CURL_WANTNO:
-        switch(tn->himq[option])
-        {
-          case CURL_EMPTY:
-            /* Already negotiating for CURL_YES, queue the request */
-            tn->himq[option] = CURL_OPPOSITE;
-            break;
-          case CURL_OPPOSITE:
-            /* Error: already queued an enable request */
-            break;
-        }
-        break;
-
-      case CURL_WANTYES:
-        switch(tn->himq[option])
-        {
-          case CURL_EMPTY:
-            /* Error: already negotiating for enable */
-            break;
-          case CURL_OPPOSITE:
-            tn->himq[option] = CURL_EMPTY;
-            break;
-        }
-        break;
-    }
-  }
-  else /* NO */
-  {
-    switch(tn->him[option])
-    {
-      case CURL_NO:
-        /* Already disabled */
-        break;
-
-      case CURL_YES:
-        tn->him[option] = CURL_WANTNO;
-        send_negotiation(conn, CURL_DONT, option);
-        break;
-
-      case CURL_WANTNO:
-        switch(tn->himq[option])
-        {
-          case CURL_EMPTY:
-            /* Already negotiating for NO */
-            break;
-          case CURL_OPPOSITE:
-            tn->himq[option] = CURL_EMPTY;
-            break;
-        }
-        break;
-
-      case CURL_WANTYES:
-        switch(tn->himq[option])
-        {
-          case CURL_EMPTY:
-            tn->himq[option] = CURL_OPPOSITE;
-            break;
-          case CURL_OPPOSITE:
-            break;
-        }
-        break;
-    }
-  }
-}
-
-static
-void rec_will(struct connectdata *conn, int option)
-{
-  struct TELNET *tn = (struct TELNET *)conn->data->reqdata.proto.telnet;
-  switch(tn->him[option])
-  {
-    case CURL_NO:
-      if(tn->him_preferred[option] == CURL_YES)
-      {
-        tn->him[option] = CURL_YES;
-        send_negotiation(conn, CURL_DO, option);
-      }
-      else
-      {
-        send_negotiation(conn, CURL_DONT, option);
-      }
-      break;
-
-    case CURL_YES:
-      /* Already enabled */
-      break;
-
-    case CURL_WANTNO:
-      switch(tn->himq[option])
-      {
-        case CURL_EMPTY:
-          /* Error: DONT answered by WILL */
-          tn->him[option] = CURL_NO;
-          break;
-        case CURL_OPPOSITE:
-          /* Error: DONT answered by WILL */
-          tn->him[option] = CURL_YES;
-          tn->himq[option] = CURL_EMPTY;
-          break;
-      }
-      break;
-
-    case CURL_WANTYES:
-      switch(tn->himq[option])
-      {
-        case CURL_EMPTY:
-          tn->him[option] = CURL_YES;
-          break;
-        case CURL_OPPOSITE:
-          tn->him[option] = CURL_WANTNO;
-          tn->himq[option] = CURL_EMPTY;
-          send_negotiation(conn, CURL_DONT, option);
-          break;
-      }
-      break;
-  }
-}
-
-static
-void rec_wont(struct connectdata *conn, int option)
-{
-  struct TELNET *tn = (struct TELNET *)conn->data->reqdata.proto.telnet;
-  switch(tn->him[option])
-  {
-    case CURL_NO:
-      /* Already disabled */
-      break;
-
-    case CURL_YES:
-      tn->him[option] = CURL_NO;
-      send_negotiation(conn, CURL_DONT, option);
-      break;
-
-    case CURL_WANTNO:
-      switch(tn->himq[option])
-      {
-        case CURL_EMPTY:
-          tn->him[option] = CURL_NO;
-          break;
-
-        case CURL_OPPOSITE:
-          tn->him[option] = CURL_WANTYES;
-          tn->himq[option] = CURL_EMPTY;
-          send_negotiation(conn, CURL_DO, option);
-          break;
-      }
-      break;
-
-    case CURL_WANTYES:
-      switch(tn->himq[option])
-      {
-        case CURL_EMPTY:
-          tn->him[option] = CURL_NO;
-          break;
-        case CURL_OPPOSITE:
-          tn->him[option] = CURL_NO;
-          tn->himq[option] = CURL_EMPTY;
-          break;
-      }
-      break;
-  }
-}
-
-static void
-set_local_option(struct connectdata *conn, int option, int newstate)
-{
-  struct TELNET *tn = (struct TELNET *)conn->data->reqdata.proto.telnet;
-  if(newstate == CURL_YES)
-  {
-    switch(tn->us[option])
-    {
-      case CURL_NO:
-        tn->us[option] = CURL_WANTYES;
-        send_negotiation(conn, CURL_WILL, option);
-        break;
-
-      case CURL_YES:
-        /* Already enabled */
-        break;
-
-      case CURL_WANTNO:
-        switch(tn->usq[option])
-        {
-          case CURL_EMPTY:
-            /* Already negotiating for CURL_YES, queue the request */
-            tn->usq[option] = CURL_OPPOSITE;
-            break;
-          case CURL_OPPOSITE:
-            /* Error: already queued an enable request */
-            break;
-        }
-        break;
-
-      case CURL_WANTYES:
-        switch(tn->usq[option])
-        {
-          case CURL_EMPTY:
-            /* Error: already negotiating for enable */
-            break;
-          case CURL_OPPOSITE:
-            tn->usq[option] = CURL_EMPTY;
-            break;
-        }
-        break;
-    }
-  }
-  else /* NO */
-  {
-    switch(tn->us[option])
-    {
-      case CURL_NO:
-        /* Already disabled */
-        break;
-
-      case CURL_YES:
-        tn->us[option] = CURL_WANTNO;
-        send_negotiation(conn, CURL_WONT, option);
-        break;
-
-      case CURL_WANTNO:
-        switch(tn->usq[option])
-        {
-          case CURL_EMPTY:
-            /* Already negotiating for NO */
-            break;
-          case CURL_OPPOSITE:
-            tn->usq[option] = CURL_EMPTY;
-            break;
-        }
-        break;
-
-      case CURL_WANTYES:
-        switch(tn->usq[option])
-        {
-          case CURL_EMPTY:
-            tn->usq[option] = CURL_OPPOSITE;
-            break;
-          case CURL_OPPOSITE:
-            break;
-        }
-        break;
-    }
-  }
-}
-
-static
-void rec_do(struct connectdata *conn, int option)
-{
-  struct TELNET *tn = (struct TELNET *)conn->data->reqdata.proto.telnet;
-  switch(tn->us[option])
-  {
-    case CURL_NO:
-      if(tn->us_preferred[option] == CURL_YES)
-      {
-        tn->us[option] = CURL_YES;
-        send_negotiation(conn, CURL_WILL, option);
-      }
-      else
-      {
-        send_negotiation(conn, CURL_WONT, option);
-      }
-      break;
-
-    case CURL_YES:
-      /* Already enabled */
-      break;
-
-    case CURL_WANTNO:
-      switch(tn->usq[option])
-      {
-        case CURL_EMPTY:
-          /* Error: DONT answered by WILL */
-          tn->us[option] = CURL_NO;
-          break;
-        case CURL_OPPOSITE:
-          /* Error: DONT answered by WILL */
-          tn->us[option] = CURL_YES;
-          tn->usq[option] = CURL_EMPTY;
-          break;
-      }
-      break;
-
-    case CURL_WANTYES:
-      switch(tn->usq[option])
-      {
-        case CURL_EMPTY:
-          tn->us[option] = CURL_YES;
-          break;
-        case CURL_OPPOSITE:
-          tn->us[option] = CURL_WANTNO;
-          tn->himq[option] = CURL_EMPTY;
-          send_negotiation(conn, CURL_WONT, option);
-          break;
-      }
-      break;
-  }
-}
-
-static
-void rec_dont(struct connectdata *conn, int option)
-{
-  struct TELNET *tn = (struct TELNET *)conn->data->reqdata.proto.telnet;
-  switch(tn->us[option])
-  {
-    case CURL_NO:
-      /* Already disabled */
-      break;
-
-    case CURL_YES:
-      tn->us[option] = CURL_NO;
-      send_negotiation(conn, CURL_WONT, option);
-      break;
-
-    case CURL_WANTNO:
-      switch(tn->usq[option])
-      {
-        case CURL_EMPTY:
-          tn->us[option] = CURL_NO;
-          break;
-
-        case CURL_OPPOSITE:
-          tn->us[option] = CURL_WANTYES;
-          tn->usq[option] = CURL_EMPTY;
-          send_negotiation(conn, CURL_WILL, option);
-          break;
-      }
-      break;
-
-    case CURL_WANTYES:
-      switch(tn->usq[option])
-      {
-        case CURL_EMPTY:
-          tn->us[option] = CURL_NO;
-          break;
-        case CURL_OPPOSITE:
-          tn->us[option] = CURL_NO;
-          tn->usq[option] = CURL_EMPTY;
-          break;
-      }
-      break;
-  }
-}
-
-
-static void printsub(struct SessionHandle *data,
-                     int direction,             /* '<' or '>' */
-                     unsigned char *pointer,    /* where suboption data is */
-                     size_t length)             /* length of suboption data */
-{
-  unsigned int i = 0;
-
-  if (data->set.verbose)
-  {
-    if (direction)
-    {
-      infof(data, "%s IAC SB ", (direction == '<')? "RCVD":"SENT");
-      if (length >= 3)
-      {
-        int j;
-
-        i = pointer[length-2];
-        j = pointer[length-1];
-
-        if (i != CURL_IAC || j != CURL_SE)
-        {
-          infof(data, "(terminated by ");
-          if (CURL_TELOPT_OK(i))
-            infof(data, "%s ", CURL_TELOPT(i));
-          else if (CURL_TELCMD_OK(i))
-            infof(data, "%s ", CURL_TELCMD(i));
-          else
-            infof(data, "%d ", i);
-          if (CURL_TELOPT_OK(j))
-            infof(data, "%s", CURL_TELOPT(j));
-          else if (CURL_TELCMD_OK(j))
-            infof(data, "%s", CURL_TELCMD(j));
-          else
-            infof(data, "%d", j);
-          infof(data, ", not IAC SE!) ");
-        }
-      }
-      length -= 2;
-    }
-    if (length < 1)
-    {
-      infof(data, "(Empty suboption?)");
-      return;
-    }
-
-    if (CURL_TELOPT_OK(pointer[0])) {
-      switch(pointer[0]) {
-        case CURL_TELOPT_TTYPE:
-        case CURL_TELOPT_XDISPLOC:
-        case CURL_TELOPT_NEW_ENVIRON:
-          infof(data, "%s", CURL_TELOPT(pointer[0]));
-          break;
-        default:
-          infof(data, "%s (unsupported)", CURL_TELOPT(pointer[0]));
-          break;
-      }
-    }
-    else
-      infof(data, "%d (unknown)", pointer[i]);
-
-    switch(pointer[1]) {
-      case CURL_TELQUAL_IS:
-        infof(data, " IS");
-        break;
-      case CURL_TELQUAL_SEND:
-        infof(data, " SEND");
-        break;
-      case CURL_TELQUAL_INFO:
-        infof(data, " INFO/REPLY");
-        break;
-      case CURL_TELQUAL_NAME:
-        infof(data, " NAME");
-        break;
-    }
-
-    switch(pointer[0]) {
-      case CURL_TELOPT_TTYPE:
-      case CURL_TELOPT_XDISPLOC:
-        pointer[length] = 0;
-        infof(data, " \"%s\"", &pointer[2]);
-        break;
-      case CURL_TELOPT_NEW_ENVIRON:
-        if(pointer[1] == CURL_TELQUAL_IS) {
-          infof(data, " ");
-          for(i = 3;i < length;i++) {
-            switch(pointer[i]) {
-              case CURL_NEW_ENV_VAR:
-                infof(data, ", ");
-                break;
-              case CURL_NEW_ENV_VALUE:
-                infof(data, " = ");
-                break;
-              default:
-                infof(data, "%c", pointer[i]);
-                break;
-            }
-          }
-        }
-        break;
-      default:
-        for (i = 2; i < length; i++)
-          infof(data, " %.2x", pointer[i]);
-        break;
-    }
-
-    if (direction)
-    {
-      infof(data, "\n");
-    }
-  }
-}
-
-static CURLcode check_telnet_options(struct connectdata *conn)
-{
-  struct curl_slist *head;
-  char option_keyword[128];
-  char option_arg[256];
-  char *buf;
-  struct SessionHandle *data = conn->data;
-  struct TELNET *tn = (struct TELNET *)conn->data->reqdata.proto.telnet;
-
-  /* Add the user name as an environment variable if it
-     was given on the command line */
-  if(conn->bits.user_passwd)
-  {
-    snprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user);
-    tn->telnet_vars = curl_slist_append(tn->telnet_vars, option_arg);
-
-    tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
-  }
-
-  for(head = data->set.telnet_options; head; head=head->next) {
-    if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
-              option_keyword, option_arg) == 2) {
-
-      /* Terminal type */
-      if(curl_strequal(option_keyword, "TTYPE")) {
-        strncpy(tn->subopt_ttype, option_arg, 31);
-        tn->subopt_ttype[31] = 0; /* String termination */
-        tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES;
-        continue;
-      }
-
-      /* Display variable */
-      if(curl_strequal(option_keyword, "XDISPLOC")) {
-        strncpy(tn->subopt_xdisploc, option_arg, 127);
-        tn->subopt_xdisploc[127] = 0; /* String termination */
-        tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES;
-        continue;
-      }
-
-      /* Environment variable */
-      if(curl_strequal(option_keyword, "NEW_ENV")) {
-        buf = strdup(option_arg);
-        if(!buf)
-          return CURLE_OUT_OF_MEMORY;
-        tn->telnet_vars = curl_slist_append(tn->telnet_vars, buf);
-        tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
-        continue;
-      }
-
-      failf(data, "Unknown telnet option %s", head->data);
-      return CURLE_UNKNOWN_TELNET_OPTION;
-    } else {
-      failf(data, "Syntax error in telnet option: %s", head->data);
-      return CURLE_TELNET_OPTION_SYNTAX;
-    }
-  }
-
-  return CURLE_OK;
-}
-
-/*
- * suboption()
- *
- * Look at the sub-option buffer, and try to be helpful to the other
- * side.
- */
-
-static void suboption(struct connectdata *conn)
-{
-  struct curl_slist *v;
-  unsigned char temp[2048];
-  ssize_t bytes_written;
-  size_t len;
-  size_t tmplen;
-  int err;
-  char varname[128];
-  char varval[128];
-  struct SessionHandle *data = conn->data;
-  struct TELNET *tn = (struct TELNET *)data->reqdata.proto.telnet;
-
-  printsub(data, '<', (unsigned char *)tn->subbuffer, CURL_SB_LEN(tn)+2);
-  switch (CURL_SB_GET(tn)) {
-    case CURL_TELOPT_TTYPE:
-      len = strlen(tn->subopt_ttype) + 4 + 2;
-      snprintf((char *)temp, sizeof(temp),
-               "%c%c%c%c%s%c%c", CURL_IAC, CURL_SB, CURL_TELOPT_TTYPE,
-               CURL_TELQUAL_IS, tn->subopt_ttype, CURL_IAC, CURL_SE);
-      bytes_written = swrite(conn->sock[FIRSTSOCKET], temp, len);
-      if(bytes_written < 0) {
-        err = Curl_sockerrno();
-        failf(data,"Sending data failed (%d)",err);
-      }
-      printsub(data, '>', &temp[2], len-2);
-      break;
-    case CURL_TELOPT_XDISPLOC:
-      len = strlen(tn->subopt_xdisploc) + 4 + 2;
-      snprintf((char *)temp, sizeof(temp),
-               "%c%c%c%c%s%c%c", CURL_IAC, CURL_SB, CURL_TELOPT_XDISPLOC,
-               CURL_TELQUAL_IS, tn->subopt_xdisploc, CURL_IAC, CURL_SE);
-      bytes_written = swrite(conn->sock[FIRSTSOCKET], temp, len);
-      if(bytes_written < 0) {
-        err = Curl_sockerrno();
-        failf(data,"Sending data failed (%d)",err);
-      }
-      printsub(data, '>', &temp[2], len-2);
-      break;
-    case CURL_TELOPT_NEW_ENVIRON:
-      snprintf((char *)temp, sizeof(temp),
-               "%c%c%c%c", CURL_IAC, CURL_SB, CURL_TELOPT_NEW_ENVIRON,
-               CURL_TELQUAL_IS);
-      len = 4;
-
-      for(v = tn->telnet_vars;v;v = v->next) {
-        tmplen = (strlen(v->data) + 1);
-        /* Add the variable only if it fits */
-        if(len + tmplen < (int)sizeof(temp)-6) {
-          sscanf(v->data, "%127[^,],%127s", varname, varval);
-          snprintf((char *)&temp[len], sizeof(temp) - len,
-                   "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
-                   CURL_NEW_ENV_VALUE, varval);
-          len += tmplen;
-        }
-      }
-      snprintf((char *)&temp[len], sizeof(temp) - len,
-               "%c%c", CURL_IAC, CURL_SE);
-      len += 2;
-      bytes_written = swrite(conn->sock[FIRSTSOCKET], temp, len);
-      if(bytes_written < 0) {
-        err = Curl_sockerrno();
-        failf(data,"Sending data failed (%d)",err);
-      }
-      printsub(data, '>', &temp[2], len-2);
-      break;
-  }
-  return;
-}
-
-static
-void telrcv(struct connectdata *conn,
-            unsigned char *inbuf,       /* Data received from socket */
-            ssize_t count)              /* Number of bytes received */
-{
-  unsigned char c;
-  int in = 0;
-  struct SessionHandle *data = conn->data;
-  struct TELNET *tn = (struct TELNET *)data->reqdata.proto.telnet;
-
-  while(count--)
-  {
-    c = inbuf[in++];
-
-    switch (tn->telrcv_state)
-    {
-      case CURL_TS_CR:
-        tn->telrcv_state = CURL_TS_DATA;
-        if (c == '\0')
-        {
-          break;   /* Ignore \0 after CR */
-        }
-
-        Curl_client_write(conn, CLIENTWRITE_BODY, (char *)&c, 1);
-        continue;
-
-      case CURL_TS_DATA:
-        if (c == CURL_IAC)
-        {
-          tn->telrcv_state = CURL_TS_IAC;
-          break;
-        }
-        else if(c == '\r')
-        {
-          tn->telrcv_state = CURL_TS_CR;
-        }
-
-        Curl_client_write(conn, CLIENTWRITE_BODY, (char *)&c, 1);
-        continue;
-
-      case CURL_TS_IAC:
-      process_iac:
-      switch (c)
-      {
-        case CURL_WILL:
-          tn->telrcv_state = CURL_TS_WILL;
-          continue;
-        case CURL_WONT:
-          tn->telrcv_state = CURL_TS_WONT;
-          continue;
-        case CURL_DO:
-          tn->telrcv_state = CURL_TS_DO;
-          continue;
-        case CURL_DONT:
-          tn->telrcv_state = CURL_TS_DONT;
-          continue;
-        case CURL_SB:
-          CURL_SB_CLEAR(tn);
-          tn->telrcv_state = CURL_TS_SB;
-          continue;
-        case CURL_IAC:
-          Curl_client_write(conn, CLIENTWRITE_BODY, (char *)&c, 1);
-          break;
-        case CURL_DM:
-        case CURL_NOP:
-        case CURL_GA:
-        default:
-          printoption(data, "RCVD", CURL_IAC, c);
-          break;
-      }
-      tn->telrcv_state = CURL_TS_DATA;
-      continue;
-
-      case CURL_TS_WILL:
-        printoption(data, "RCVD", CURL_WILL, c);
-        tn->please_negotiate = 1;
-        rec_will(conn, c);
-        tn->telrcv_state = CURL_TS_DATA;
-        continue;
-
-      case CURL_TS_WONT:
-        printoption(data, "RCVD", CURL_WONT, c);
-        tn->please_negotiate = 1;
-        rec_wont(conn, c);
-        tn->telrcv_state = CURL_TS_DATA;
-        continue;
-
-      case CURL_TS_DO:
-        printoption(data, "RCVD", CURL_DO, c);
-        tn->please_negotiate = 1;
-        rec_do(conn, c);
-        tn->telrcv_state = CURL_TS_DATA;
-        continue;
-
-      case CURL_TS_DONT:
-        printoption(data, "RCVD", CURL_DONT, c);
-        tn->please_negotiate = 1;
-        rec_dont(conn, c);
-        tn->telrcv_state = CURL_TS_DATA;
-        continue;
-
-      case CURL_TS_SB:
-        if (c == CURL_IAC)
-        {
-          tn->telrcv_state = CURL_TS_SE;
-        }
-        else
-        {
-          CURL_SB_ACCUM(tn,c);
-        }
-        continue;
-
-      case CURL_TS_SE:
-        if (c != CURL_SE)
-        {
-          if (c != CURL_IAC)
-          {
-            /*
-             * This is an error.  We only expect to get "IAC IAC" or "IAC SE".
-             * Several things may have happend.  An IAC was not doubled, the
-             * IAC SE was left off, or another option got inserted into the
-             * suboption are all possibilities.  If we assume that the IAC was
-             * not doubled, and really the IAC SE was left off, we could get
-             * into an infinate loop here.  So, instead, we terminate the
-             * suboption, and process the partial suboption if we can.
-             */
-            CURL_SB_ACCUM(tn, CURL_IAC);
-            CURL_SB_ACCUM(tn, c);
-            tn->subpointer -= 2;
-            CURL_SB_TERM(tn);
-
-            printoption(data, "In SUBOPTION processing, RCVD", CURL_IAC, c);
-            suboption(conn);   /* handle sub-option */
-            tn->telrcv_state = CURL_TS_IAC;
-            goto process_iac;
-          }
-          CURL_SB_ACCUM(tn,c);
-          tn->telrcv_state = CURL_TS_SB;
-        }
-        else
-        {
-          CURL_SB_ACCUM(tn, CURL_IAC);
-          CURL_SB_ACCUM(tn, CURL_SE);
-          tn->subpointer -= 2;
-          CURL_SB_TERM(tn);
-          suboption(conn);   /* handle sub-option */
-          tn->telrcv_state = CURL_TS_DATA;
-        }
-        break;
-    }
-  }
-}
-
-CURLcode Curl_telnet_done(struct connectdata *conn, CURLcode status, bool premature)
-{
-  struct TELNET *tn = (struct TELNET *)conn->data->reqdata.proto.telnet;
-  (void)status; /* unused */
-  (void)premature; /* not used */
-
-  curl_slist_free_all(tn->telnet_vars);
-
-  free(conn->data->reqdata.proto.telnet);
-  conn->data->reqdata.proto.telnet = NULL;
-
-  return CURLE_OK;
-}
-
-CURLcode Curl_telnet(struct connectdata *conn, bool *done)
-{
-  CURLcode code;
-  struct SessionHandle *data = conn->data;
-  curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
-#ifdef USE_WINSOCK
-  HMODULE wsock2;
-  WSOCK2_FUNC close_event_func;
-  WSOCK2_FUNC create_event_func;
-  WSOCK2_FUNC event_select_func;
-  WSOCK2_FUNC enum_netevents_func;
-  WSAEVENT event_handle;
-  WSANETWORKEVENTS events;
-  HANDLE stdin_handle;
-  HANDLE objs[2];
-  DWORD  obj_count;
-  DWORD  wait_timeout;
-  DWORD waitret;
-  DWORD readfile_read;
-#else
-  int interval_ms;
-  struct pollfd pfd[2];
-#endif
-  ssize_t nread;
-  bool keepon = TRUE;
-  char *buf = data->state.buffer;
-  struct TELNET *tn;
-
-  *done = TRUE; /* uncontionally */
-
-  code = init_telnet(conn);
-  if(code)
-    return code;
-
-  tn = (struct TELNET *)data->reqdata.proto.telnet;
-
-  code = check_telnet_options(conn);
-  if(code)
-    return code;
-
-#ifdef USE_WINSOCK
-  /*
-  ** This functionality only works with WinSock >= 2.0.  So,
-  ** make sure have it.
-  */
-  code = check_wsock2(data);
-  if (code)
-    return code;
-
-  /* OK, so we have WinSock 2.0.  We need to dynamically */
-  /* load ws2_32.dll and get the function pointers we need. */
-  wsock2 = LoadLibrary("WS2_32.DLL");
-  if (wsock2 == NULL) {
-    failf(data,"failed to load WS2_32.DLL (%d)",GetLastError());
-    return CURLE_FAILED_INIT;
-  }
-
-  /* Grab a pointer to WSACreateEvent */
-  create_event_func = GetProcAddress(wsock2,"WSACreateEvent");
-  if (create_event_func == NULL) {
-    failf(data,"failed to find WSACreateEvent function (%d)",
-          GetLastError());
-    FreeLibrary(wsock2);
-    return CURLE_FAILED_INIT;
-  }
-
-  /* And WSACloseEvent */
-  close_event_func = GetProcAddress(wsock2,"WSACloseEvent");
-  if (close_event_func == NULL) {
-    failf(data,"failed to find WSACloseEvent function (%d)",
-          GetLastError());
-    FreeLibrary(wsock2);
-    return CURLE_FAILED_INIT;
-  }
-
-  /* And WSAEventSelect */
-  event_select_func = GetProcAddress(wsock2,"WSAEventSelect");
-  if (event_select_func == NULL) {
-    failf(data,"failed to find WSAEventSelect function (%d)",
-          GetLastError());
-    FreeLibrary(wsock2);
-    return CURLE_FAILED_INIT;
-  }
-
-  /* And WSAEnumNetworkEvents */
-  enum_netevents_func = GetProcAddress(wsock2,"WSAEnumNetworkEvents");
-  if (enum_netevents_func == NULL) {
-    failf(data,"failed to find WSAEnumNetworkEvents function (%d)",
-          GetLastError());
-    FreeLibrary(wsock2);
-    return CURLE_FAILED_INIT;
-  }
-
-  /* We want to wait for both stdin and the socket. Since
-  ** the select() function in winsock only works on sockets
-  ** we have to use the WaitForMultipleObjects() call.
-  */
-
-  /* First, create a sockets event object */
-  event_handle = (WSAEVENT)create_event_func();
-  if (event_handle == WSA_INVALID_EVENT) {
-    failf(data,"WSACreateEvent failed (%d)",WSAGetLastError());
-    FreeLibrary(wsock2);
-    return CURLE_FAILED_INIT;
-  }
-
-  /* The get the Windows file handle for stdin */
-  stdin_handle = GetStdHandle(STD_INPUT_HANDLE);
-
-  /* Create the list of objects to wait for */
-  objs[0] = event_handle;
-  objs[1] = stdin_handle;
-
-  /* Tell winsock what events we want to listen to */
-  if(event_select_func(sockfd, event_handle, FD_READ|FD_CLOSE) == SOCKET_ERROR) {
-    close_event_func(event_handle);
-    FreeLibrary(wsock2);
-    return 0;
-  }
-
-  /* If stdin_handle is a pipe, use PeekNamedPipe() method to check it,
-     else use the old WaitForMultipleObjects() way */
-  if(GetFileType(stdin_handle) == FILE_TYPE_PIPE) {
-    /* Don't wait for stdin_handle, just wait for event_handle */
-    obj_count = 1;
-    /* Check stdin_handle per 100 milliseconds */
-    wait_timeout = 100;
-  } else {
-    obj_count = 2;
-    wait_timeout = INFINITE;
-  }
-
-  /* Keep on listening and act on events */
-  while(keepon) {
-    waitret = WaitForMultipleObjects(obj_count, objs, FALSE, wait_timeout);
-    switch(waitret) {
-    case WAIT_TIMEOUT:
-    {
-      unsigned char outbuf[2];
-      int out_count = 0;
-      ssize_t bytes_written;
-      char *buffer = buf;
-
-      while(1) {
-        if(!PeekNamedPipe(stdin_handle, NULL, 0, NULL, &readfile_read, NULL)) {
-          keepon = FALSE;
-          break;
-        }
-        nread = readfile_read;
-
-        if(!nread)
-          break;
-
-        if(!ReadFile(stdin_handle, buf, sizeof(data->state.buffer),
-                     &readfile_read, NULL)) {
-          keepon = FALSE;
-          break;
-        }
-        nread = readfile_read;
-
-        while(nread--) {
-          outbuf[0] = *buffer++;
-          out_count = 1;
-          if(outbuf[0] == CURL_IAC)
-            outbuf[out_count++] = CURL_IAC;
-
-          Curl_write(conn, conn->sock[FIRSTSOCKET], outbuf,
-                     out_count, &bytes_written);
-        }
-      }
-    }
-    break;
-
-    case WAIT_OBJECT_0 + 1:
-    {
-      unsigned char outbuf[2];
-      int out_count = 0;
-      ssize_t bytes_written;
-      char *buffer = buf;
-
-      if(!ReadFile(stdin_handle, buf, sizeof(data->state.buffer),
-                   &readfile_read, NULL)) {
-        keepon = FALSE;
-        break;
-      }
-      nread = readfile_read;
-
-      while(nread--) {
-        outbuf[0] = *buffer++;
-        out_count = 1;
-        if(outbuf[0] == CURL_IAC)
-          outbuf[out_count++] = CURL_IAC;
-
-        Curl_write(conn, conn->sock[FIRSTSOCKET], outbuf,
-                   out_count, &bytes_written);
-      }
-    }
-    break;
-
-    case WAIT_OBJECT_0:
-      if(enum_netevents_func(sockfd, event_handle, &events)
-         != SOCKET_ERROR) {
-        if(events.lNetworkEvents & FD_READ) {
-          /* This reallu OUGHT to check its return code. */
-          (void)Curl_read(conn, sockfd, buf, BUFSIZE - 1, &nread);
-
-          telrcv(conn, (unsigned char *)buf, nread);
-
-          fflush(stdout);
-
-          /* Negotiate if the peer has started negotiating,
-             otherwise don't. We don't want to speak telnet with
-             non-telnet servers, like POP or SMTP. */
-          if(tn->please_negotiate && !tn->already_negotiated) {
-            negotiate(conn);
-            tn->already_negotiated = 1;
-          }
-        }
-
-        if(events.lNetworkEvents & FD_CLOSE) {
-          keepon = FALSE;
-        }
-      }
-      break;
-    }
-  }
-
-  /* We called WSACreateEvent, so call WSACloseEvent */
-  if (close_event_func(event_handle) == FALSE) {
-    infof(data,"WSACloseEvent failed (%d)",WSAGetLastError());
-  }
-
-  /* "Forget" pointers into the library we're about to free */
-  create_event_func = NULL;
-  close_event_func = NULL;
-  event_select_func = NULL;
-  enum_netevents_func = NULL;
-
-  /* We called LoadLibrary, so call FreeLibrary */
-  if (!FreeLibrary(wsock2))
-    infof(data,"FreeLibrary(wsock2) failed (%d)",GetLastError());
-#else
-  pfd[0].fd = sockfd;
-  pfd[0].events = POLLIN;
-  pfd[1].fd = 0;
-  pfd[1].events = POLLIN;
-  interval_ms = 1 * 1000;
-
-  while (keepon) {
-    switch (Curl_poll(pfd, 2, interval_ms)) {
-    case -1:                    /* error, stop reading */
-      keepon = FALSE;
-      continue;
-    case 0:                     /* timeout */
-      break;
-    default:                    /* read! */
-      if(pfd[1].revents & POLLIN) { /* read from stdin */
-        unsigned char outbuf[2];
-        int out_count = 0;
-        ssize_t bytes_written;
-        char *buffer = buf;
-
-        nread = read(0, buf, 255);
-
-        while(nread--) {
-          outbuf[0] = *buffer++;
-          out_count = 1;
-          if(outbuf[0] == CURL_IAC)
-            outbuf[out_count++] = CURL_IAC;
-
-          Curl_write(conn, conn->sock[FIRSTSOCKET], outbuf,
-                     out_count, &bytes_written);
-        }
-      }
-
-      if(pfd[0].revents & POLLIN) {
-        /* This OUGHT to check the return code... */
-        (void)Curl_read(conn, sockfd, buf, BUFSIZE - 1, &nread);
-
-        /* if we receive 0 or less here, the server closed the connection and
-           we bail out from this! */
-        if (nread <= 0) {
-          keepon = FALSE;
-          break;
-        }
-
-        telrcv(conn, (unsigned char *)buf, nread);
-
-        /* Negotiate if the peer has started negotiating,
-           otherwise don't. We don't want to speak telnet with
-           non-telnet servers, like POP or SMTP. */
-        if(tn->please_negotiate && !tn->already_negotiated) {
-          negotiate(conn);
-          tn->already_negotiated = 1;
-        }
-      }
-    }
-    if(data->set.timeout) {
-      struct timeval now;           /* current time */
-      now = Curl_tvnow();
-      if(Curl_tvdiff(now, conn->created)/1000 >= data->set.timeout) {
-        failf(data, "Time-out");
-        code = CURLE_OPERATION_TIMEOUTED;
-        keepon = FALSE;
-      }
-    }
-  }
-#endif
-  /* mark this as "no further transfer wanted" */
-  Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
-
-  return code;
-}
-#endif
diff --git a/Utilities/cmcurl/tftp.c b/Utilities/cmcurl/tftp.c
deleted file mode 100644
index 0e2e7ab..0000000
--- a/Utilities/cmcurl/tftp.c
+++ /dev/null
@@ -1,816 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-#ifndef CURL_DISABLE_TFTP
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#if defined(WIN32)
-#include <time.h>
-#include <io.h>
-#else
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#include <netinet/in.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <netdb.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#include <sys/ioctl.h>
-#include <signal.h>
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-
-#endif
-
-#include "urldata.h"
-#include <curl/curl.h>
-#include "transfer.h"
-#include "sendf.h"
-#include "tftp.h"
-#include "progress.h"
-#include "connect.h"
-#include "strerror.h"
-#include "sockaddr.h" /* required for Curl_sockaddr_storage */
-#include "url.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#include "memory.h"
-#include "select.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/* RFC2348 allows the block size to be negotiated, but we don't support that */
-#define TFTP_BLOCKSIZE 512
-
-typedef enum {
-  TFTP_MODE_NETASCII=0,
-  TFTP_MODE_OCTET
-} tftp_mode_t;
-
-typedef enum {
-  TFTP_STATE_START=0,
-  TFTP_STATE_RX,
-  TFTP_STATE_TX,
-  TFTP_STATE_FIN
-} tftp_state_t;
-
-typedef enum {
-  TFTP_EVENT_INIT=0,
-  TFTP_EVENT_RRQ = 1,
-  TFTP_EVENT_WRQ = 2,
-  TFTP_EVENT_DATA = 3,
-  TFTP_EVENT_ACK = 4,
-  TFTP_EVENT_ERROR = 5,
-  TFTP_EVENT_TIMEOUT
-} tftp_event_t;
-
-typedef enum {
-  TFTP_ERR_UNDEF=0,
-  TFTP_ERR_NOTFOUND,
-  TFTP_ERR_PERM,
-  TFTP_ERR_DISKFULL,
-  TFTP_ERR_ILLEGAL,
-  TFTP_ERR_UNKNOWNID,
-  TFTP_ERR_EXISTS,
-  TFTP_ERR_NOSUCHUSER,
-  TFTP_ERR_TIMEOUT,
-  TFTP_ERR_NORESPONSE
-} tftp_error_t;
-
-typedef struct tftp_packet {
-  unsigned char data[2 + 2 + TFTP_BLOCKSIZE];
-} tftp_packet_t;
-
-typedef struct tftp_state_data {
-  tftp_state_t    state;
-  tftp_mode_t     mode;
-  tftp_error_t    error;
-  struct connectdata      *conn;
-  curl_socket_t   sockfd;
-  int             retries;
-  int             retry_time;
-  int             retry_max;
-  time_t          start_time;
-  time_t          max_time;
-  unsigned short  block;
-  struct Curl_sockaddr_storage   local_addr;
-  socklen_t       local_addrlen;
-  struct Curl_sockaddr_storage   remote_addr;
-  socklen_t       remote_addrlen;
-  int             rbytes;
-  int             sbytes;
-  tftp_packet_t   rpacket;
-  tftp_packet_t   spacket;
-} tftp_state_data_t;
-
-
-/* Forward declarations */
-static CURLcode tftp_rx(tftp_state_data_t *state, tftp_event_t event) ;
-static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event) ;
-void tftp_set_timeouts(tftp_state_data_t *state) ;
-
-/**********************************************************
- *
- * tftp_set_timeouts -
- *
- * Set timeouts based on state machine state.
- * Use user provided connect timeouts until DATA or ACK
- * packet is received, then use user-provided transfer timeouts
- *
- *
- **********************************************************/
-void tftp_set_timeouts(tftp_state_data_t *state)
-{
-
-  struct SessionHandle *data = state->conn->data;
-  time_t maxtime, timeout;
-
-  time(&state->start_time);
-  if(state->state == TFTP_STATE_START) {
-    /* Compute drop-dead time */
-    maxtime = (time_t)(data->set.connecttimeout?data->set.connecttimeout:30);
-    state->max_time = state->start_time+maxtime;
-
-    /* Set per-block timeout to total */
-    timeout = maxtime ;
-
-    /* Average restart after 5 seconds */
-    state->retry_max = (int)(timeout/5);
-
-    /* Compute the re-start interval to suit the timeout */
-    state->retry_time = (int)(timeout/state->retry_max);
-    if(state->retry_time<1)
-      state->retry_time=1;
-
-  }
-  else {
-
-    /* Compute drop-dead time */
-    maxtime = (time_t)(data->set.timeout?data->set.timeout:3600);
-    state->max_time = state->start_time+maxtime;
-
-    /* Set per-block timeout to 10% of total */
-    timeout = maxtime/10 ;
-
-    /* Average reposting an ACK after 15 seconds */
-    state->retry_max = (int)(timeout/15);
-  }
-  /* But bound the total number  */
-  if(state->retry_max<3)
-    state->retry_max=3;
-
-  if(state->retry_max>50)
-    state->retry_max=50;
-
-  /* Compute the re-ACK interval to suit the timeout */
-  state->retry_time = (int)(timeout/state->retry_max);
-  if(state->retry_time<1)
-    state->retry_time=1;
-
-  infof(data, "set timeouts for state %d; Total %d, retry %d maxtry %d\n",
-        state->state, (state->max_time-state->start_time),
-        state->retry_time, state->retry_max);
-}
-
-/**********************************************************
- *
- * tftp_set_send_first
- *
- * Event handler for the START state
- *
- **********************************************************/
-
-static void setpacketevent(tftp_packet_t *packet, unsigned short num)
-{
-  packet->data[0] = (unsigned char)(num >> 8);
-  packet->data[1] = (unsigned char)(num & 0xff);
-}
-
-
-static void setpacketblock(tftp_packet_t *packet, unsigned short num)
-{
-  packet->data[2] = (unsigned char)(num >> 8);
-  packet->data[3] = (unsigned char)(num & 0xff);
-}
-
-static unsigned short getrpacketevent(tftp_packet_t *packet)
-{
-  return (unsigned short)((packet->data[0] << 8) | packet->data[1]);
-}
-
-static unsigned short getrpacketblock(tftp_packet_t *packet)
-{
-  return (unsigned short)((packet->data[2] << 8) | packet->data[3]);
-}
-
-static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
-{
-  int sbytes;
-  const char *mode = "octet";
-  char *filename;
-  struct SessionHandle *data = state->conn->data;
-  CURLcode res = CURLE_OK;
-
-  /* Set ascii mode if -B flag was used */
-  if(data->set.prefer_ascii)
-    mode = "netascii";
-
-  switch(event) {
-
-  case TFTP_EVENT_INIT:    /* Send the first packet out */
-  case TFTP_EVENT_TIMEOUT: /* Resend the first packet out */
-    /* Increment the retry counter, quit if over the limit */
-    state->retries++;
-    if(state->retries>state->retry_max) {
-      state->error = TFTP_ERR_NORESPONSE;
-      state->state = TFTP_STATE_FIN;
-      return res;
-    }
-
-    if(data->set.upload) {
-      /* If we are uploading, send an WRQ */
-      setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
-      state->conn->data->reqdata.upload_fromhere = (char *)&state->spacket.data[4];
-      if(data->set.infilesize != -1)
-        Curl_pgrsSetUploadSize(data, data->set.infilesize);
-    }
-    else {
-      /* If we are downloading, send an RRQ */
-      setpacketevent(&state->spacket, TFTP_EVENT_RRQ);
-    }
-    /* As RFC3617 describes the separator slash is not actually part of the
-    file name so we skip the always-present first letter of the path string. */
-    filename = curl_easy_unescape(data, &state->conn->data->reqdata.path[1], 0,
-                                  NULL);
-    snprintf((char *)&state->spacket.data[2],
-             TFTP_BLOCKSIZE,
-             "%s%c%s%c", filename, '\0',  mode, '\0');
-    sbytes = 4 + (int)strlen(filename) + (int)strlen(mode);
-    sbytes = sendto(state->sockfd, (void *)&state->spacket,
-                    sbytes, 0,
-                    state->conn->ip_addr->ai_addr,
-                    state->conn->ip_addr->ai_addrlen);
-    if(sbytes < 0) {
-      failf(data, "%s\n", Curl_strerror(state->conn, Curl_sockerrno()));
-    }
-    Curl_safefree(filename);
-    break;
-
-  case TFTP_EVENT_ACK: /* Connected for transmit */
-    infof(data, "%s\n", "Connected for transmit");
-    state->state = TFTP_STATE_TX;
-    tftp_set_timeouts(state);
-    return tftp_tx(state, event);
-
-  case TFTP_EVENT_DATA: /* connected for receive */
-    infof(data, "%s\n", "Connected for receive");
-    state->state = TFTP_STATE_RX;
-    tftp_set_timeouts(state);
-    return tftp_rx(state, event);
-
-  case TFTP_EVENT_ERROR:
-    state->state = TFTP_STATE_FIN;
-    break;
-
-  default:
-    failf(state->conn->data, "tftp_send_first: internal error\n");
-    break;
-  }
-  return res;
-}
-
-/**********************************************************
- *
- * tftp_rx
- *
- * Event handler for the RX state
- *
- **********************************************************/
-static CURLcode tftp_rx(tftp_state_data_t *state, tftp_event_t event)
-{
-  int sbytes;
-  int rblock;
-  struct SessionHandle *data = state->conn->data;
-
-  switch(event) {
-
-  case TFTP_EVENT_DATA:
-
-    /* Is this the block we expect? */
-    rblock = getrpacketblock(&state->rpacket);
-    if ((state->block+1) != rblock) {
-      /* No, log it, up the retry count and fail if over the limit */
-      infof(data,
-            "Received unexpected DATA packet block %d\n", rblock);
-      state->retries++;
-      if (state->retries>state->retry_max) {
-        failf(data, "tftp_rx: giving up waiting for block %d\n",
-              state->block+1);
-        return CURLE_TFTP_ILLEGAL;
-      }
-    }
-    /* This is the expected block.  Reset counters and ACK it. */
-    state->block = (unsigned short)rblock;
-    state->retries = 0;
-    setpacketevent(&state->spacket, TFTP_EVENT_ACK);
-    setpacketblock(&state->spacket, state->block);
-    sbytes = sendto(state->sockfd, (void *)state->spacket.data,
-                    4, SEND_4TH_ARG,
-                    (struct sockaddr *)&state->remote_addr,
-                    state->remote_addrlen);
-    if(sbytes < 0) {
-      failf(data, "%s\n", Curl_strerror(state->conn, Curl_sockerrno()));
-    }
-
-    /* Check if completed (That is, a less than full packet is received) */
-    if (state->rbytes < (int)sizeof(state->spacket)){
-      state->state = TFTP_STATE_FIN;
-    }
-    else {
-      state->state = TFTP_STATE_RX;
-    }
-    break;
-
-  case TFTP_EVENT_TIMEOUT:
-    /* Increment the retry count and fail if over the limit */
-    state->retries++;
-    infof(data,
-          "Timeout waiting for block %d ACK.  Retries = %d\n", state->retries);
-    if(state->retries > state->retry_max) {
-      state->error = TFTP_ERR_TIMEOUT;
-      state->state = TFTP_STATE_FIN;
-    }
-    else {
-      /* Resend the previous ACK */
-      sbytes = sendto(state->sockfd, (void *)&state->spacket,
-                      4, SEND_4TH_ARG,
-                      (struct sockaddr *)&state->remote_addr,
-                      state->remote_addrlen);
-      /* Check all sbytes were sent */
-      if(sbytes<0) {
-        failf(data, "%s\n", Curl_strerror(state->conn, Curl_sockerrno()));
-      }
-    }
-    break;
-
-  case TFTP_EVENT_ERROR:
-    state->state = TFTP_STATE_FIN;
-    break;
-
-  default:
-    failf(data, "%s\n", "tftp_rx: internal error");
-    break;
-  }
-  Curl_pgrsSetDownloadCounter(data,
-                              (curl_off_t) state->block*TFTP_BLOCKSIZE);
-  return CURLE_OK;
-}
-
-/**********************************************************
- *
- * tftp_tx
- *
- * Event handler for the TX state
- *
- **********************************************************/
-static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event)
-{
-  struct SessionHandle *data = state->conn->data;
-  int sbytes;
-  int rblock;
-  CURLcode res = CURLE_OK;
-
-  switch(event) {
-
-  case TFTP_EVENT_ACK:
-    /* Ack the packet */
-    rblock = getrpacketblock(&state->rpacket);
-
-    if(rblock != state->block) {
-      /* This isn't the expected block.  Log it and up the retry counter */
-      infof(data, "Received ACK for block %d, expecting %d\n",
-            rblock, state->block);
-      state->retries++;
-      /* Bail out if over the maximum */
-      if(state->retries>state->retry_max) {
-        failf(data, "tftp_tx: giving up waiting for block %d ack",
-              state->block);
-        res = CURLE_SEND_ERROR;
-      }
-      else {
-        /* Re-send the data packet */
-        sbytes = sendto(state->sockfd, (void *)&state->spacket,
-                        4+state->sbytes, SEND_4TH_ARG,
-                        (struct sockaddr *)&state->remote_addr,
-                        state->remote_addrlen);
-        /* Check all sbytes were sent */
-        if(sbytes<0) {
-          failf(data, "%s\n", Curl_strerror(state->conn, Curl_sockerrno()));
-          res = CURLE_SEND_ERROR;
-        }
-      }
-      return res;
-    }
-    /* This is the expected packet.  Reset the counters and send the next
-       block */
-    state->block++;
-    state->retries = 0;
-    setpacketevent(&state->spacket, TFTP_EVENT_DATA);
-    setpacketblock(&state->spacket, state->block);
-    if(state->block > 1 && state->sbytes < TFTP_BLOCKSIZE) {
-      state->state = TFTP_STATE_FIN;
-      return CURLE_OK;
-    }
-    res = Curl_fillreadbuffer(state->conn, TFTP_BLOCKSIZE, &state->sbytes);
-    if(res)
-      return res;
-    sbytes = sendto(state->sockfd, (void *)state->spacket.data,
-                    4+state->sbytes, SEND_4TH_ARG,
-                    (struct sockaddr *)&state->remote_addr,
-                    state->remote_addrlen);
-    /* Check all sbytes were sent */
-    if(sbytes<0) {
-      failf(data, "%s\n", Curl_strerror(state->conn, Curl_sockerrno()));
-    }
-    break;
-
-  case TFTP_EVENT_TIMEOUT:
-    /* Increment the retry counter and log the timeout */
-    state->retries++;
-    infof(data, "Timeout waiting for block %d ACK. "
-          " Retries = %d\n", state->retries);
-    /* Decide if we've had enough */
-    if(state->retries > state->retry_max) {
-      state->error = TFTP_ERR_TIMEOUT;
-      state->state = TFTP_STATE_FIN;
-    } else {
-      /* Re-send the data packet */
-      sbytes = sendto(state->sockfd, (void *)&state->spacket,
-                      4+state->sbytes, SEND_4TH_ARG,
-                      (struct sockaddr *)&state->remote_addr,
-                      state->remote_addrlen);
-      /* Check all sbytes were sent */
-      if(sbytes<0) {
-        failf(data, "%s\n", Curl_strerror(state->conn, Curl_sockerrno()));
-      }
-    }
-    break;
-
-  case TFTP_EVENT_ERROR:
-    state->state = TFTP_STATE_FIN;
-    break;
-
-  default:
-    failf(data, "%s\n", "tftp_tx: internal error");
-    break;
-  }
-
-  /* Update the progress meter */
-  Curl_pgrsSetUploadCounter(data, (curl_off_t) state->block*TFTP_BLOCKSIZE);
-
-  return res;
-}
-
-/**********************************************************
- *
- * tftp_state_machine
- *
- * The tftp state machine event dispatcher
- *
- **********************************************************/
-static CURLcode tftp_state_machine(tftp_state_data_t *state,
-                                   tftp_event_t event)
-{
-  CURLcode res = CURLE_OK;
-  struct SessionHandle *data = state->conn->data;
-  switch(state->state) {
-  case TFTP_STATE_START:
-    DEBUGF(infof(data, "TFTP_STATE_START\n"));
-    res = tftp_send_first(state, event);
-    break;
-  case TFTP_STATE_RX:
-    DEBUGF(infof(data, "TFTP_STATE_RX\n"));
-    res = tftp_rx(state, event);
-    break;
-  case TFTP_STATE_TX:
-    DEBUGF(infof(data, "TFTP_STATE_TX\n"));
-    res = tftp_tx(state, event);
-    break;
-  case TFTP_STATE_FIN:
-    infof(data, "%s\n", "TFTP finished");
-    break;
-  default:
-    DEBUGF(infof(data, "STATE: %d\n", state->state));
-    failf(data, "%s\n", "Internal state machine error");
-    res = CURLE_TFTP_ILLEGAL;
-    break;
-  }
-  return res;
-}
-
-
-/**********************************************************
- *
- * Curl_tftp_connect
- *
- * The connect callback
- *
- **********************************************************/
-CURLcode Curl_tftp_connect(struct connectdata *conn, bool *done)
-{
-  CURLcode code;
-  tftp_state_data_t     *state;
-  int rc;
-
-  state = conn->data->reqdata.proto.tftp = calloc(sizeof(tftp_state_data_t),
-                                                  1);
-  if(!state)
-    return CURLE_OUT_OF_MEMORY;
-
-  conn->bits.close = FALSE; /* keep it open if possible */
-
-  state->conn = conn;
-  state->sockfd = state->conn->sock[FIRSTSOCKET];
-  state->state = TFTP_STATE_START;
-
-  ((struct sockaddr *)&state->local_addr)->sa_family =
-    conn->ip_addr->ai_family;
-
-  tftp_set_timeouts(state);
-
-  if(!conn->bits.reuse) {
-    /* If not reused, bind to any interface, random UDP port. If it is reused,
-     * this has already been done!
-     *
-     * We once used the size of the local_addr struct as the third argument for
-     * bind() to better work with IPv6 or whatever size the struct could have,
-     * but we learned that at least Tru64, AIX and IRIX *requires* the size of
-     * that argument to match the exact size of a 'sockaddr_in' struct when
-     * running IPv4-only.
-     *
-     * Therefore we use the size from the address we connected to, which we
-     * assume uses the same IP version and thus hopefully this works for both
-     * IPv4 and IPv6...
-     */
-    rc = bind(state->sockfd, (struct sockaddr *)&state->local_addr,
-              conn->ip_addr->ai_addrlen);
-    if(rc) {
-      failf(conn->data, "bind() failed; %s\n",
-            Curl_strerror(conn, Curl_sockerrno()));
-      return CURLE_COULDNT_CONNECT;
-    }
-  }
-
-  Curl_pgrsStartNow(conn->data);
-
-  *done = TRUE;
-  code = CURLE_OK;
-  return(code);
-}
-
-/**********************************************************
- *
- * Curl_tftp_done
- *
- * The done callback
- *
- **********************************************************/
-CURLcode Curl_tftp_done(struct connectdata *conn, CURLcode status,
-                        bool premature)
-{
-  (void)status; /* unused */
-  (void)premature; /* not used */
-
-#if 0
-  free(conn->data->reqdata.proto.tftp);
-  conn->data->reqdata.proto.tftp = NULL;
-#endif
-  Curl_pgrsDone(conn);
-
-  return CURLE_OK;
-}
-
-
-/**********************************************************
- *
- * Curl_tftp
- *
- * The do callback
- *
- * This callback handles the entire TFTP transfer
- *
- **********************************************************/
-
-CURLcode Curl_tftp(struct connectdata *conn, bool *done)
-{
-  struct SessionHandle  *data = conn->data;
-  tftp_state_data_t     *state =
-    (tftp_state_data_t *) conn->data->reqdata.proto.tftp;
-  tftp_event_t          event;
-  CURLcode              code;
-  int                   rc;
-  struct Curl_sockaddr_storage fromaddr;
-  socklen_t             fromlen;
-  int                   check_time = 0;
-
-  *done = TRUE;
-
-  /*
-    Since connections can be re-used between SessionHandles, this might be a
-    connection already existing but on a fresh SessionHandle struct so we must
-    make sure we have a good 'struct TFTP' to play with. For new connections,
-    the struct TFTP is allocated and setup in the Curl_tftp_connect() function.
-  */
-  if(!state) {
-    code = Curl_tftp_connect(conn, done);
-    if(code)
-      return code;
-    state = (tftp_state_data_t *)conn->data->reqdata.proto.tftp;
-  }
-
-  /* Run the TFTP State Machine */
-  for(tftp_state_machine(state, TFTP_EVENT_INIT);
-      state->state != TFTP_STATE_FIN;
-      tftp_state_machine(state, event) ) {
-
-    /* Wait until ready to read or timeout occurs */
-    rc=Curl_select(state->sockfd, CURL_SOCKET_BAD, state->retry_time * 1000);
-
-    if(rc == -1) {
-      /* bail out */
-      int error = Curl_sockerrno();
-      failf(data, "%s\n", Curl_strerror(conn, error));
-      event = TFTP_EVENT_ERROR;
-    }
-    else if (rc==0) {
-      /* A timeout occured */
-      event = TFTP_EVENT_TIMEOUT;
-
-      /* Force a look at transfer timeouts */
-      check_time = 0;
-
-    }
-    else {
-
-      /* Receive the packet */
-      fromlen=sizeof(fromaddr);
-      state->rbytes = recvfrom(state->sockfd,
-                               (void *)&state->rpacket, sizeof(state->rpacket),
-                               0, (struct sockaddr *)&fromaddr, &fromlen);
-      if(state->remote_addrlen==0) {
-        memcpy(&state->remote_addr, &fromaddr, fromlen);
-        state->remote_addrlen = fromlen;
-      }
-
-      /* Sanity check packet length */
-      if (state->rbytes < 4) {
-        failf(conn->data, "Received too short packet\n");
-        /* Not a timeout, but how best to handle it? */
-        event = TFTP_EVENT_TIMEOUT;
-      }
-      else {
-
-        /* The event is given by the TFTP packet time */
-        event = (tftp_event_t)getrpacketevent(&state->rpacket);
-
-        switch(event) {
-        case TFTP_EVENT_DATA:
-          /* Don't pass to the client empty or retransmitted packets */
-          if (state->rbytes > 4 &&
-              ((state->block+1) == getrpacketblock(&state->rpacket))) {
-            code = Curl_client_write(conn, CLIENTWRITE_BODY,
-                                     (char *)&state->rpacket.data[4],
-                                     state->rbytes-4);
-            if(code)
-              return code;
-          }
-          break;
-        case TFTP_EVENT_ERROR:
-          state->error = (tftp_error_t)getrpacketblock(&state->rpacket);
-          infof(conn->data, "%s\n", (char *)&state->rpacket.data[4]);
-          break;
-        case TFTP_EVENT_ACK:
-          break;
-        case TFTP_EVENT_RRQ:
-        case TFTP_EVENT_WRQ:
-        default:
-          failf(conn->data, "%s\n", "Internal error: Unexpected packet");
-          break;
-        }
-
-        /* Update the progress meter */
-        if(Curl_pgrsUpdate(conn))
-          return CURLE_ABORTED_BY_CALLBACK;
-      }
-    }
-
-    /* Check for transfer timeout every 10 blocks, or after timeout */
-    if(check_time%10==0) {
-      time_t current;
-      time(&current);
-      if(current>state->max_time) {
-        DEBUGF(infof(data, "timeout: %d > %d\n",
-                     current, state->max_time));
-        state->error = TFTP_ERR_TIMEOUT;
-        state->state = TFTP_STATE_FIN;
-      }
-    }
-
-  }
-
-  /* Tell curl we're done */
-  code = Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
-  if(code)
-    return code;
-
-  /* If we have encountered an error */
-  if(state->error) {
-
-    /* Translate internal error codes to curl error codes */
-    switch(state->error) {
-    case TFTP_ERR_NOTFOUND:
-      code = CURLE_TFTP_NOTFOUND;
-      break;
-    case TFTP_ERR_PERM:
-      code = CURLE_TFTP_PERM;
-      break;
-    case TFTP_ERR_DISKFULL:
-      code = CURLE_TFTP_DISKFULL;
-      break;
-    case TFTP_ERR_ILLEGAL:
-      code = CURLE_TFTP_ILLEGAL;
-      break;
-    case TFTP_ERR_UNKNOWNID:
-      code = CURLE_TFTP_UNKNOWNID;
-      break;
-    case TFTP_ERR_EXISTS:
-      code = CURLE_TFTP_EXISTS;
-      break;
-    case TFTP_ERR_NOSUCHUSER:
-      code = CURLE_TFTP_NOSUCHUSER;
-      break;
-    case TFTP_ERR_TIMEOUT:
-      code = CURLE_OPERATION_TIMEOUTED;
-      break;
-    case TFTP_ERR_NORESPONSE:
-      code = CURLE_COULDNT_CONNECT;
-      break;
-    default:
-      code= CURLE_ABORTED_BY_CALLBACK;
-      break;
-    }
-  }
-  else
-    code = CURLE_OK;
-  return code;
-}
-#endif
diff --git a/Utilities/cmcurl/timeval.c b/Utilities/cmcurl/timeval.c
deleted file mode 100644
index bb9c0a1..0000000
--- a/Utilities/cmcurl/timeval.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "timeval.h"
-
-#ifndef HAVE_GETTIMEOFDAY
-
-#ifdef WIN32
-#include <mmsystem.h>
-
-static int gettimeofday(struct timeval *tp, void *nothing)
-{
-#ifdef WITHOUT_MM_LIB
-  SYSTEMTIME st;
-  time_t tt;
-  struct tm tmtm;
-  /* mktime converts local to UTC */
-  GetLocalTime (&st);
-  tmtm.tm_sec = st.wSecond;
-  tmtm.tm_min = st.wMinute;
-  tmtm.tm_hour = st.wHour;
-  tmtm.tm_mday = st.wDay;
-  tmtm.tm_mon = st.wMonth - 1;
-  tmtm.tm_year = st.wYear - 1900;
-  tmtm.tm_isdst = -1;
-  tt = mktime (&tmtm);
-  tp->tv_sec = tt;
-  tp->tv_usec = st.wMilliseconds * 1000;
-#else
-  /**
-   ** The earlier time calculations using GetLocalTime
-   ** had a time resolution of 10ms.The timeGetTime, part
-   ** of multimedia apis offer a better time resolution
-   ** of 1ms.Need to link against winmm.lib for this
-   **/
-  unsigned long Ticks = 0;
-  unsigned long Sec =0;
-  unsigned long Usec = 0;
-  Ticks = timeGetTime();
-
-  Sec = Ticks/1000;
-  Usec = (Ticks - (Sec*1000))*1000;
-  tp->tv_sec = Sec;
-  tp->tv_usec = Usec;
-#endif /* WITHOUT_MM_LIB */
-  (void)nothing;
-  return 0;
-}
-#else /* WIN32 */
-/* non-win32 version of Curl_gettimeofday() */
-static int gettimeofday(struct timeval *tp, void *nothing)
-{
-  (void)nothing; /* we don't support specific time-zones */
-  tp->tv_sec = (long)time(NULL);
-  tp->tv_usec = 0;
-  return 0;
-}
-#endif /* WIN32 */
-#endif /* HAVE_GETTIMEOFDAY */
-
-/* Return the current time in a timeval struct */
-struct timeval curlx_tvnow(void)
-{
-  struct timeval now;
-  (void)gettimeofday(&now, NULL);
-  return now;
-}
-
-/*
- * Make sure that the first argument is the more recent time, as otherwise
- * we'll get a weird negative time-diff back...
- *
- * Returns: the time difference in number of milliseconds.
- */
-long curlx_tvdiff(struct timeval newer, struct timeval older)
-{
-  return (newer.tv_sec-older.tv_sec)*1000+
-    (newer.tv_usec-older.tv_usec)/1000;
-}
-
-/*
- * Same as curlx_tvdiff but with full usec resolution.
- *
- * Returns: the time difference in seconds with subsecond resolution.
- */
-double curlx_tvdiff_secs(struct timeval newer, struct timeval older)
-{
-  return (double)(newer.tv_sec-older.tv_sec)+
-    (double)(newer.tv_usec-older.tv_usec)/1000000.0;
-}
-
-/* return the number of seconds in the given input timeval struct */
-long Curl_tvlong(struct timeval t1)
-{
-  return t1.tv_sec;
-}
diff --git a/Utilities/cmcurl/transfer.c b/Utilities/cmcurl/transfer.c
deleted file mode 100644
index 5cb3361..0000000
--- a/Utilities/cmcurl/transfer.c
+++ /dev/null
@@ -1,2494 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-#include "setup.h"
-
-/* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#include <errno.h>
-
-#include "strtoofft.h"
-#include "strequal.h"
-
-#ifdef WIN32
-#include <time.h>
-#include <io.h>
-#else
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <netdb.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#ifdef HAVE_SYS_IOCTL_H
-#include <sys/ioctl.h>
-#endif
-#include <signal.h>
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#ifndef HAVE_SOCKET
-#error "We can't compile without socket() support!"
-#endif
-
-#endif
-
-#include "urldata.h"
-#include <curl/curl.h>
-#include "netrc.h"
-
-#include "content_encoding.h"
-#include "hostip.h"
-#include "transfer.h"
-#include "sendf.h"
-#include "speedcheck.h"
-#include "progress.h"
-#include "http.h"
-#include "url.h"
-#include "getinfo.h"
-#include "sslgen.h"
-#include "http_digest.h"
-#include "http_ntlm.h"
-#include "http_negotiate.h"
-#include "share.h"
-#include "memory.h"
-#include "select.h"
-#include "multiif.h"
-#include "easyif.h" /* for Curl_convert_to_network prototype */
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#define CURL_TIMEOUT_EXPECT_100 1000 /* counting ms here */
-
-/*
- * This function will call the read callback to fill our buffer with data
- * to upload.
- */
-CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
-{
-  struct SessionHandle *data = conn->data;
-  size_t buffersize = (size_t)bytes;
-  int nread;
-
-  if(conn->bits.upload_chunky) {
-    /* if chunked Transfer-Encoding */
-    buffersize -= (8 + 2 + 2);   /* 32bit hex + CRLF + CRLF */
-    data->reqdata.upload_fromhere += 10; /* 32bit hex + CRLF */
-  }
-
-  /* this function returns a size_t, so we typecast to int to prevent warnings
-     with picky compilers */
-  nread = (int)conn->fread(data->reqdata.upload_fromhere, 1,
-                           buffersize, conn->fread_in);
-
-  if(nread == CURL_READFUNC_ABORT) {
-    failf(data, "operation aborted by callback\n");
-    return CURLE_ABORTED_BY_CALLBACK;
-  }
-
-  if(!conn->bits.forbidchunk && conn->bits.upload_chunky) {
-    /* if chunked Transfer-Encoding */
-    char hexbuffer[11];
-    int hexlen = snprintf(hexbuffer, sizeof(hexbuffer),
-                          "%x\r\n", nread);
-    /* move buffer pointer */
-    data->reqdata.upload_fromhere -= hexlen;
-    nread += hexlen;
-
-    /* copy the prefix to the buffer */
-    memcpy(data->reqdata.upload_fromhere, hexbuffer, hexlen);
-
-    /* always append CRLF to the data */
-    memcpy(data->reqdata.upload_fromhere + nread, "\r\n", 2);
-
-    if((nread - hexlen) == 0) {
-      /* mark this as done once this chunk is transfered */
-      data->reqdata.keep.upload_done = TRUE;
-    }
-
-    nread+=2; /* for the added CRLF */
-  }
-
-  *nreadp = nread;
-
-#ifdef CURL_DOES_CONVERSIONS
-  if(data->set.prefer_ascii) {
-    CURLcode res;
-    res = Curl_convert_to_network(data, data->reqdata.upload_fromhere, nread);
-    /* Curl_convert_to_network calls failf if unsuccessful */
-    if(res != CURLE_OK) {
-      return(res);
-    }
-  }
-#endif /* CURL_DOES_CONVERSIONS */
-
-  return CURLE_OK;
-}
-
-/*
- * checkhttpprefix()
- *
- * Returns TRUE if member of the list matches prefix of string
- */
-static bool
-checkhttpprefix(struct SessionHandle *data,
-                const char *s)
-{
-  struct curl_slist *head = data->set.http200aliases;
-  bool rc = FALSE;
-#ifdef CURL_DOES_CONVERSIONS
-  /* convert from the network encoding using a scratch area */
-  char *scratch = calloc(1, strlen(s)+1);
-  if (NULL == scratch) {
-     failf (data, "Failed to calloc memory for conversion!");
-     return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */
-  }
-  strcpy(scratch, s);
-  if (CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s)+1)) {
-    /* Curl_convert_from_network calls failf if unsuccessful */
-     free(scratch);
-     return FALSE; /* can't return CURLE_foobar so return FALSE */
-  }
-  s = scratch;
-#endif /* CURL_DOES_CONVERSIONS */
-
-  while (head) {
-    if (checkprefix(head->data, s)) {
-      rc = TRUE;
-      break;
-    }
-    head = head->next;
-  }
-
-  if ((rc != TRUE) && (checkprefix("HTTP/", s))) {
-    rc = TRUE;
-  }
-
-#ifdef CURL_DOES_CONVERSIONS
-  free(scratch);
-#endif /* CURL_DOES_CONVERSIONS */
-  return rc;
-}
-
-/*
- * Curl_readrewind() rewinds the read stream. This typically (so far) only
- * used for HTTP POST/PUT with multi-pass authentication when a sending was
- * denied and a resend is necessary.
- */
-CURLcode Curl_readrewind(struct connectdata *conn)
-{
-  struct SessionHandle *data = conn->data;
-
-  conn->bits.rewindaftersend = FALSE; /* we rewind now */
-
-  /* We have sent away data. If not using CURLOPT_POSTFIELDS or
-     CURLOPT_HTTPPOST, call app to rewind
-  */
-  if(data->set.postfields ||
-     (data->set.httpreq == HTTPREQ_POST_FORM))
-    ; /* do nothing */
-  else {
-    if(data->set.ioctl) {
-      curlioerr err;
-
-      err = (data->set.ioctl) (data, CURLIOCMD_RESTARTREAD,
-                            data->set.ioctl_client);
-      infof(data, "the ioctl callback returned %d\n", (int)err);
-
-      if(err) {
-        /* FIXME: convert to a human readable error message */
-        failf(data, "ioctl callback returned error %d\n", (int)err);
-        return CURLE_SEND_FAIL_REWIND;
-      }
-    }
-    else {
-      /* If no CURLOPT_READFUNCTION is used, we know that we operate on a
-         given FILE * stream and we can actually attempt to rewind that
-         ourself with fseek() */
-      if(data->set.fread == (curl_read_callback)fread) {
-        if(-1 != fseek(data->set.in, 0, SEEK_SET))
-          /* successful rewind */
-          return CURLE_OK;
-      }
-
-      /* no callback set or failure aboe, makes us fail at once */
-      failf(data, "necessary data rewind wasn't possible\n");
-      return CURLE_SEND_FAIL_REWIND;
-    }
-  }
-  return CURLE_OK;
-}
-
-static int data_pending(struct connectdata *conn)
-{
-  return Curl_ssl_data_pending(conn, FIRSTSOCKET);
-}
-
-#ifndef MIN
-#define MIN(a,b) (a < b ? a : b)
-#endif
-
-static void read_rewind(struct connectdata *conn,
-                        size_t thismuch)
-{
-  conn->read_pos -= thismuch;
-  conn->bits.stream_was_rewound = TRUE;
-
-#ifdef CURLDEBUG
-  {
-    char buf[512 + 1];
-    size_t show;
-
-    show = MIN(conn->buf_len - conn->read_pos, sizeof(buf)-1);
-    memcpy(buf, conn->master_buffer + conn->read_pos, show);
-    buf[show] = '\0';
-
-    DEBUGF(infof(conn->data,
-                 "Buffer after stream rewind (read_pos = %d): [%s]",
-                 conn->read_pos, buf));
-  }
-#endif
-}
-
-/*
- * Curl_readwrite() is the low-level function to be called when data is to
- * be read and written to/from the connection.
- */
-CURLcode Curl_readwrite(struct connectdata *conn,
-                        bool *done)
-{
-  struct SessionHandle *data = conn->data;
-  struct Curl_transfer_keeper *k = &data->reqdata.keep;
-  CURLcode result;
-  ssize_t nread; /* number of bytes read */
-  int didwhat=0;
-
-  curl_socket_t fd_read;
-  curl_socket_t fd_write;
-  int select_res;
-
-  curl_off_t contentlength;
-
-  /* only use the proper socket if the *_HOLD bit is not set simultaneously as
-     then we are in rate limiting state in that transfer direction */
-
-  if((k->keepon & (KEEP_READ|KEEP_READ_HOLD)) == KEEP_READ)
-    fd_read = conn->sockfd;
-  else
-    fd_read = CURL_SOCKET_BAD;
-
-  if((k->keepon & (KEEP_WRITE|KEEP_WRITE_HOLD)) == KEEP_WRITE)
-    fd_write = conn->writesockfd;
-  else
-    fd_write = CURL_SOCKET_BAD;
-
-  select_res = Curl_select(fd_read, fd_write, 0);
-  if(select_res == CSELECT_ERR) {
-    failf(data, "select/poll returned error");
-    return CURLE_SEND_ERROR;
-  }
-
-  do {
-    /* We go ahead and do a read if we have a readable socket or if
-       the stream was rewound (in which case we have data in a
-       buffer) */
-    if((k->keepon & KEEP_READ) &&
-       ((select_res & CSELECT_IN) || conn->bits.stream_was_rewound)) {
-      /* read */
-      bool is_empty_data = FALSE;
-
-      /* This is where we loop until we have read everything there is to
-         read or we get a EWOULDBLOCK */
-      do {
-        size_t buffersize = data->set.buffer_size?
-          data->set.buffer_size : BUFSIZE;
-        size_t bytestoread = buffersize;
-        int readrc;
-
-        if (k->size != -1 && !k->header) {
-          /* make sure we don't read "too much" if we can help it since we
-             might be pipelining and then someone else might want to read what
-             follows! */
-          curl_off_t totalleft = k->size - k->bytecount;
-          if(totalleft < (curl_off_t)bytestoread)
-            bytestoread = (size_t)totalleft;
-        }
-
-        /* receive data from the network! */
-        readrc = Curl_read(conn, conn->sockfd, k->buf, bytestoread, &nread);
-
-        /* subzero, this would've blocked */
-        if(0 > readrc)
-          break; /* get out of loop */
-
-        /* get the CURLcode from the int */
-        result = (CURLcode)readrc;
-
-        if(result>0)
-          return result;
-
-        if ((k->bytecount == 0) && (k->writebytecount == 0)) {
-          Curl_pgrsTime(data, TIMER_STARTTRANSFER);
-          if(k->wait100_after_headers)
-            /* set time stamp to compare with when waiting for the 100 */
-            k->start100 = Curl_tvnow();
-        }
-
-        didwhat |= KEEP_READ;
-        /* indicates data of zero size, i.e. empty file */
-        is_empty_data = (bool)((nread == 0) && (k->bodywrites == 0));
-
-        /* NULL terminate, allowing string ops to be used */
-        if (0 < nread || is_empty_data) {
-          k->buf[nread] = 0;
-        }
-        else if (0 >= nread) {
-          /* if we receive 0 or less here, the server closed the connection
-             and we bail out from this! */
-
-          k->keepon &= ~KEEP_READ;
-          break;
-        }
-
-        /* Default buffer to use when we write the buffer, it may be changed
-           in the flow below before the actual storing is done. */
-        k->str = k->buf;
-
-        /* Since this is a two-state thing, we check if we are parsing
-           headers at the moment or not. */
-        if (k->header) {
-          /* we are in parse-the-header-mode */
-          bool stop_reading = FALSE;
-
-          /* header line within buffer loop */
-          do {
-            size_t hbufp_index;
-            size_t rest_length;
-            size_t full_length;
-            int writetype;
-
-            /* str_start is start of line within buf */
-            k->str_start = k->str;
-
-            /* data is in network encoding so use 0x0a instead of '\n' */
-            k->end_ptr = memchr(k->str_start, 0x0a, nread);
-
-            if (!k->end_ptr) {
-              /* Not a complete header line within buffer, append the data to
-                 the end of the headerbuff. */
-
-              if (k->hbuflen + nread >= data->state.headersize) {
-                /* We enlarge the header buffer as it is too small */
-                char *newbuff;
-                size_t newsize=CURLMAX((k->hbuflen+nread)*3/2,
-                                       data->state.headersize*2);
-                hbufp_index = k->hbufp - data->state.headerbuff;
-                newbuff = (char *)realloc(data->state.headerbuff, newsize);
-                if(!newbuff) {
-                  failf (data, "Failed to alloc memory for big header!");
-                  return CURLE_OUT_OF_MEMORY;
-                }
-                data->state.headersize=newsize;
-                data->state.headerbuff = newbuff;
-                k->hbufp = data->state.headerbuff + hbufp_index;
-              }
-              memcpy(k->hbufp, k->str, nread);
-              k->hbufp += nread;
-              k->hbuflen += nread;
-              if (!k->headerline && (k->hbuflen>5)) {
-                /* make a first check that this looks like a HTTP header */
-                if(!checkhttpprefix(data, data->state.headerbuff)) {
-                  /* this is not the beginning of a HTTP first header line */
-                  k->header = FALSE;
-                  k->badheader = HEADER_ALLBAD;
-                  break;
-                }
-              }
-
-              break; /* read more and try again */
-            }
-
-            /* decrease the size of the remaining (supposed) header line */
-            rest_length = (k->end_ptr - k->str)+1;
-            nread -= (ssize_t)rest_length;
-
-            k->str = k->end_ptr + 1; /* move past new line */
-
-            full_length = k->str - k->str_start;
-
-            /*
-             * We're about to copy a chunk of data to the end of the
-             * already received header. We make sure that the full string
-             * fit in the allocated header buffer, or else we enlarge
-             * it.
-             */
-            if (k->hbuflen + full_length >=
-                data->state.headersize) {
-              char *newbuff;
-              size_t newsize=CURLMAX((k->hbuflen+full_length)*3/2,
-                                     data->state.headersize*2);
-              hbufp_index = k->hbufp - data->state.headerbuff;
-              newbuff = (char *)realloc(data->state.headerbuff, newsize);
-              if(!newbuff) {
-                failf (data, "Failed to alloc memory for big header!");
-                return CURLE_OUT_OF_MEMORY;
-              }
-              data->state.headersize= newsize;
-              data->state.headerbuff = newbuff;
-              k->hbufp = data->state.headerbuff + hbufp_index;
-            }
-
-            /* copy to end of line */
-            memcpy(k->hbufp, k->str_start, full_length);
-            k->hbufp += full_length;
-            k->hbuflen += full_length;
-            *k->hbufp = 0;
-            k->end_ptr = k->hbufp;
-
-            k->p = data->state.headerbuff;
-
-            /****
-             * We now have a FULL header line that p points to
-             *****/
-
-            if(!k->headerline) {
-              /* the first read header */
-              if((k->hbuflen>5) &&
-                 !checkhttpprefix(data, data->state.headerbuff)) {
-                /* this is not the beginning of a HTTP first header line */
-                k->header = FALSE;
-                if(nread)
-                  /* since there's more, this is a partial bad header */
-                  k->badheader = HEADER_PARTHEADER;
-                else {
-                  /* this was all we read so its all a bad header */
-                  k->badheader = HEADER_ALLBAD;
-                  nread = (ssize_t)rest_length;
-                }
-                break;
-              }
-            }
-
-            /* headers are in network encoding so
-               use 0x0a and 0x0d instead of '\n' and '\r' */
-            if ((0x0a == *k->p) || (0x0d == *k->p)) {
-              size_t headerlen;
-              /* Zero-length header line means end of headers! */
-
-#ifdef CURL_DOES_CONVERSIONS
-              if (0x0d == *k->p) {
-                *k->p = '\r'; /* replace with CR in host encoding */
-                k->p++;       /* pass the CR byte */
-              }
-              if (0x0a == *k->p) {
-                *k->p = '\n'; /* replace with LF in host encoding */
-                k->p++;       /* pass the LF byte */
-              }
-#else
-              if ('\r' == *k->p)
-                k->p++; /* pass the \r byte */
-              if ('\n' == *k->p)
-                k->p++; /* pass the \n byte */
-#endif /* CURL_DOES_CONVERSIONS */
-
-              if(100 == k->httpcode) {
-                /*
-                 * We have made a HTTP PUT or POST and this is 1.1-lingo
-                 * that tells us that the server is OK with this and ready
-                 * to receive the data.
-                 * However, we'll get more headers now so we must get
-                 * back into the header-parsing state!
-                 */
-                k->header = TRUE;
-                k->headerline = 0; /* restart the header line counter */
-                /* if we did wait for this do enable write now! */
-                if (k->write_after_100_header) {
-
-                  k->write_after_100_header = FALSE;
-                  k->keepon |= KEEP_WRITE;
-                }
-              }
-              else {
-                k->header = FALSE; /* no more header to parse! */
-
-                if((k->size == -1) && !conn->bits.chunk && !conn->bits.close)
-                  /* When connection is not to get closed, but no
-                     Content-Length nor Content-Encoding chunked have been
-                     received, there is no body in this response. We don't set
-                     stop_reading TRUE since that would also prevent necessary
-                     authentication actions to take place. */
-                  conn->bits.no_body = TRUE;
-
-              }
-
-              if (417 == k->httpcode) {
-                /*
-                 * we got: "417 Expectation Failed" this means:
-                 * we have made a HTTP call and our Expect Header
-                 * seems to cause a problem => abort the write operations
-                 * (or prevent them from starting).
-                 */
-                k->write_after_100_header = FALSE;
-                k->keepon &= ~KEEP_WRITE;
-              }
-
-#ifndef CURL_DISABLE_HTTP
-              /*
-               * When all the headers have been parsed, see if we should give
-               * up and return an error.
-               */
-              if (Curl_http_should_fail(conn)) {
-                failf (data, "The requested URL returned error: %d",
-                       k->httpcode);
-                return CURLE_HTTP_RETURNED_ERROR;
-              }
-#endif   /* CURL_DISABLE_HTTP */
-
-              /* now, only output this if the header AND body are requested:
-               */
-              writetype = CLIENTWRITE_HEADER;
-              if (data->set.include_header)
-                writetype |= CLIENTWRITE_BODY;
-
-              headerlen = k->p - data->state.headerbuff;
-
-              result = Curl_client_write(conn, writetype,
-                                         data->state.headerbuff,
-                                         headerlen);
-              if(result)
-                return result;
-
-              data->info.header_size += (long)headerlen;
-              conn->headerbytecount += (long)headerlen;
-
-              conn->deductheadercount =
-                (100 == k->httpcode)?conn->headerbytecount:0;
-
-              if (data->reqdata.resume_from &&
-                  (data->set.httpreq==HTTPREQ_GET) &&
-                  (k->httpcode == 416)) {
-                /* "Requested Range Not Satisfiable" */
-                stop_reading = TRUE;
-              }
-
-#ifndef CURL_DISABLE_HTTP
-              if(!stop_reading) {
-                /* Curl_http_auth_act() checks what authentication methods
-                 * that are available and decides which one (if any) to
-                 * use. It will set 'newurl' if an auth metod was picked. */
-                result = Curl_http_auth_act(conn);
-
-                if(result)
-                  return result;
-
-                if(conn->bits.rewindaftersend) {
-                  /* We rewind after a complete send, so thus we continue
-                     sending now */
-                  infof(data, "Keep sending data to get tossed away!\n");
-                  k->keepon |= KEEP_WRITE;
-                }
-              }
-#endif   /* CURL_DISABLE_HTTP */
-
-              if(!k->header) {
-                /*
-                 * really end-of-headers.
-                 *
-                 * If we requested a "no body", this is a good time to get
-                 * out and return home.
-                 */
-                if(conn->bits.no_body)
-                  stop_reading = TRUE;
-                else {
-                  /* If we know the expected size of this document, we set the
-                     maximum download size to the size of the expected
-                     document or else, we won't know when to stop reading!
-
-                     Note that we set the download maximum even if we read a
-                     "Connection: close" header, to make sure that
-                     "Content-Length: 0" still prevents us from attempting to
-                     read the (missing) response-body.
-                  */
-                  /* According to RFC2616 section 4.4, we MUST ignore
-                     Content-Length: headers if we are now receiving data
-                     using chunked Transfer-Encoding.
-                  */
-                  if(conn->bits.chunk)
-                    k->size=-1;
-
-                }
-                if(-1 != k->size) {
-                  /* We do this operation even if no_body is true, since this
-                     data might be retrieved later with curl_easy_getinfo()
-                     and its CURLINFO_CONTENT_LENGTH_DOWNLOAD option. */
-
-                  Curl_pgrsSetDownloadSize(data, k->size);
-                  k->maxdownload = k->size;
-                }
-                /* If max download size is *zero* (nothing) we already
-                   have nothing and can safely return ok now! */
-                if(0 == k->maxdownload)
-                  stop_reading = TRUE;
-
-                if(stop_reading) {
-                  /* we make sure that this socket isn't read more now */
-                  k->keepon &= ~KEEP_READ;
-                }
-
-                break;          /* exit header line loop */
-              }
-
-              /* We continue reading headers, so reset the line-based
-                 header parsing variables hbufp && hbuflen */
-              k->hbufp = data->state.headerbuff;
-              k->hbuflen = 0;
-              continue;
-            }
-
-            /*
-             * Checks for special headers coming up.
-             */
-
-            if (!k->headerline++) {
-              /* This is the first header, it MUST be the error code line
-                 or else we consider this to be the body right away! */
-              int httpversion_major;
-              int nc;
-#ifdef CURL_DOES_CONVERSIONS
-#define HEADER1 scratch
-#define SCRATCHSIZE 21
-              CURLcode res;
-              char scratch[SCRATCHSIZE+1]; /* "HTTP/major.minor 123" */
-              /* We can't really convert this yet because we
-                 don't know if it's the 1st header line or the body.
-                 So we do a partial conversion into a scratch area,
-                 leaving the data at k->p as-is.
-              */
-              strncpy(&scratch[0], k->p, SCRATCHSIZE);
-              scratch[SCRATCHSIZE] = 0; /* null terminate */
-              res = Curl_convert_from_network(data,
-                                              &scratch[0],
-                                              SCRATCHSIZE);
-              if (CURLE_OK != res) {
-                /* Curl_convert_from_network calls failf if unsuccessful */
-                return res;
-              }
-#else
-#define HEADER1 k->p /* no conversion needed, just use k->p */
-#endif /* CURL_DOES_CONVERSIONS */
-
-              nc = sscanf(HEADER1,
-                          " HTTP/%d.%d %3d",
-                          &httpversion_major,
-                          &k->httpversion,
-                          &k->httpcode);
-              if (nc==3) {
-                k->httpversion += 10 * httpversion_major;
-              }
-              else {
-                /* this is the real world, not a Nirvana
-                   NCSA 1.5.x returns this crap when asked for HTTP/1.1
-                */
-                nc=sscanf(HEADER1, " HTTP %3d", &k->httpcode);
-                k->httpversion = 10;
-
-               /* If user has set option HTTP200ALIASES,
-                  compare header line against list of aliases
-               */
-                if (!nc) {
-                  if (checkhttpprefix(data, k->p)) {
-                    nc = 1;
-                    k->httpcode = 200;
-                    k->httpversion =
-                      (data->set.httpversion==CURL_HTTP_VERSION_1_0)? 10 : 11;
-                  }
-                }
-              }
-
-              if (nc) {
-                data->info.httpcode = k->httpcode;
-                data->info.httpversion = k->httpversion;
-
-                /*
-                 * This code executes as part of processing the header.  As a
-                 * result, it's not totally clear how to interpret the
-                 * response code yet as that depends on what other headers may
-                 * be present.  401 and 407 may be errors, but may be OK
-                 * depending on how authentication is working.  Other codes
-                 * are definitely errors, so give up here.
-                 */
-                if (data->set.http_fail_on_error && (k->httpcode >= 400) &&
-                    ((k->httpcode != 401) || !data->set.userpwd) &&
-                    ((k->httpcode != 407) || !data->set.proxyuserpwd) ) {
-
-                  if (data->reqdata.resume_from &&
-                      (data->set.httpreq==HTTPREQ_GET) &&
-                      (k->httpcode == 416)) {
-                    /* "Requested Range Not Satisfiable", just proceed and
-                       pretend this is no error */
-                  }
-                  else {
-                    /* serious error, go home! */
-                    failf (data, "The requested URL returned error: %d",
-                           k->httpcode);
-                    return CURLE_HTTP_RETURNED_ERROR;
-                  }
-                }
-
-                if(k->httpversion == 10)
-                  /* Default action for HTTP/1.0 must be to close, unless
-                     we get one of those fancy headers that tell us the
-                     server keeps it open for us! */
-                  conn->bits.close = TRUE;
-
-                switch(k->httpcode) {
-                case 204:
-                  /* (quote from RFC2616, section 10.2.5): The server has
-                   * fulfilled the request but does not need to return an
-                   * entity-body ... The 204 response MUST NOT include a
-                   * message-body, and thus is always terminated by the first
-                   * empty line after the header fields. */
-                  /* FALLTHROUGH */
-                case 416: /* Requested Range Not Satisfiable, it has the
-                             Content-Length: set as the "real" document but no
-                             actual response is sent. */
-                case 304:
-                  /* (quote from RFC2616, section 10.3.5): The 304 response
-                   * MUST NOT contain a message-body, and thus is always
-                   * terminated by the first empty line after the header
-                   * fields.  */
-                  k->size=0;
-                  k->maxdownload=0;
-                  k->ignorecl = TRUE; /* ignore Content-Length headers */
-                  break;
-                default:
-                  /* nothing */
-                  break;
-                }
-              }
-              else {
-                k->header = FALSE;   /* this is not a header line */
-                break;
-              }
-            }
-
-#ifdef CURL_DOES_CONVERSIONS
-            /* convert from the network encoding */
-            result = Curl_convert_from_network(data, k->p, strlen(k->p));
-            if (CURLE_OK != result) {
-               return(result);
-            }
-            /* Curl_convert_from_network calls failf if unsuccessful */
-#endif /* CURL_DOES_CONVERSIONS */
-
-            /* Check for Content-Length: header lines to get size. Ignore
-               the header completely if we get a 416 response as then we're
-               resuming a document that we don't get, and this header contains
-               info about the true size of the document we didn't get now. */
-            if (!k->ignorecl && !data->set.ignorecl &&
-                checkprefix("Content-Length:", k->p)) {
-              contentlength = curlx_strtoofft(k->p+15, NULL, 10);
-              if (data->set.max_filesize &&
-                  contentlength > data->set.max_filesize) {
-                failf(data, "Maximum file size exceeded");
-                return CURLE_FILESIZE_EXCEEDED;
-              }
-              if(contentlength >= 0) {
-                k->size = contentlength;
-                k->maxdownload = k->size;
-              }
-              else {
-                /* Negative Content-Length is really odd, and we know it
-                   happens for example when older Apache servers send large
-                   files */
-                conn->bits.close = TRUE;
-                infof(data, "Negative content-length: %" FORMAT_OFF_T
-                      ", closing after transfer\n", contentlength);
-              }
-            }
-            /* check for Content-Type: header lines to get the mime-type */
-            else if (checkprefix("Content-Type:", k->p)) {
-              char *start;
-              char *end;
-              size_t len;
-
-              /* Find the first non-space letter */
-              for(start=k->p+13;
-                  *start && ISSPACE(*start);
-                  start++)
-                ;  /* empty loop */
-
-              /* data is now in the host encoding so
-                 use '\r' and '\n' instead of 0x0d and 0x0a */
-              end = strchr(start, '\r');
-              if(!end)
-                end = strchr(start, '\n');
-
-              if(end) {
-                /* skip all trailing space letters */
-                for(; ISSPACE(*end) && (end > start); end--)
-                  ;  /* empty loop */
-
-                /* get length of the type */
-                len = end-start+1;
-
-                /* allocate memory of a cloned copy */
-                Curl_safefree(data->info.contenttype);
-
-                data->info.contenttype = malloc(len + 1);
-                if (NULL == data->info.contenttype)
-                  return CURLE_OUT_OF_MEMORY;
-
-                /* copy the content-type string */
-                memcpy(data->info.contenttype, start, len);
-                data->info.contenttype[len] = 0; /* zero terminate */
-              }
-            }
-#ifndef CURL_DISABLE_HTTP
-            else if((k->httpversion == 10) &&
-                    conn->bits.httpproxy &&
-                    Curl_compareheader(k->p,
-                                       "Proxy-Connection:", "keep-alive")) {
-              /*
-               * When a HTTP/1.0 reply comes when using a proxy, the
-               * 'Proxy-Connection: keep-alive' line tells us the
-               * connection will be kept alive for our pleasure.
-               * Default action for 1.0 is to close.
-               */
-              conn->bits.close = FALSE; /* don't close when done */
-              infof(data, "HTTP/1.0 proxy connection set to keep alive!\n");
-            }
-            else if((k->httpversion == 11) &&
-                    conn->bits.httpproxy &&
-                    Curl_compareheader(k->p,
-                                       "Proxy-Connection:", "close")) {
-              /*
-               * We get a HTTP/1.1 response from a proxy and it says it'll
-               * close down after this transfer.
-               */
-              conn->bits.close = TRUE; /* close when done */
-              infof(data, "HTTP/1.1 proxy connection set close!\n");
-            }
-            else if((k->httpversion == 10) &&
-                    Curl_compareheader(k->p, "Connection:", "keep-alive")) {
-              /*
-               * A HTTP/1.0 reply with the 'Connection: keep-alive' line
-               * tells us the connection will be kept alive for our
-               * pleasure.  Default action for 1.0 is to close.
-               *
-               * [RFC2068, section 19.7.1] */
-              conn->bits.close = FALSE; /* don't close when done */
-              infof(data, "HTTP/1.0 connection set to keep alive!\n");
-            }
-            else if (Curl_compareheader(k->p, "Connection:", "close")) {
-              /*
-               * [RFC 2616, section 8.1.2.1]
-               * "Connection: close" is HTTP/1.1 language and means that
-               * the connection will close when this request has been
-               * served.
-               */
-              conn->bits.close = TRUE; /* close when done */
-            }
-            else if (Curl_compareheader(k->p,
-                                        "Transfer-Encoding:", "chunked")) {
-              /*
-               * [RFC 2616, section 3.6.1] A 'chunked' transfer encoding
-               * means that the server will send a series of "chunks". Each
-               * chunk starts with line with info (including size of the
-               * coming block) (terminated with CRLF), then a block of data
-               * with the previously mentioned size. There can be any amount
-               * of chunks, and a chunk-data set to zero signals the
-               * end-of-chunks. */
-              conn->bits.chunk = TRUE; /* chunks coming our way */
-
-              /* init our chunky engine */
-              Curl_httpchunk_init(conn);
-            }
-
-            else if (checkprefix("Trailer:", k->p) ||
-                     checkprefix("Trailers:", k->p)) {
-              /*
-               * This test helps Curl_httpchunk_read() to determine to look
-               * for well formed trailers after the zero chunksize record. In
-               * this case a CRLF is required after the zero chunksize record
-               * when no trailers are sent, or after the last trailer record.
-               *
-               * It seems both Trailer: and Trailers: occur in the wild.
-               */
-              conn->bits.trailerHdrPresent = TRUE;
-            }
-
-            else if (checkprefix("Content-Encoding:", k->p) &&
-                     data->set.encoding) {
-              /*
-               * Process Content-Encoding. Look for the values: identity,
-               * gzip, deflate, compress, x-gzip and x-compress. x-gzip and
-               * x-compress are the same as gzip and compress. (Sec 3.5 RFC
-               * 2616). zlib cannot handle compress.  However, errors are
-               * handled further down when the response body is processed
-               */
-              char *start;
-
-              /* Find the first non-space letter */
-              for(start=k->p+17;
-                  *start && ISSPACE(*start);
-                  start++)
-                ;  /* empty loop */
-
-              /* Record the content-encoding for later use */
-              if (checkprefix("identity", start))
-                k->content_encoding = IDENTITY;
-              else if (checkprefix("deflate", start))
-                k->content_encoding = DEFLATE;
-              else if (checkprefix("gzip", start)
-                       || checkprefix("x-gzip", start))
-                k->content_encoding = GZIP;
-              else if (checkprefix("compress", start)
-                       || checkprefix("x-compress", start))
-                k->content_encoding = COMPRESS;
-            }
-            else if (checkprefix("Content-Range:", k->p)) {
-              /* Content-Range: bytes [num]-
-                 Content-Range: bytes: [num]-
-                 Content-Range: [num]-
-
-                 The second format was added since Sun's webserver
-                 JavaWebServer/1.1.1 obviously sends the header this way!
-                 The third added since some servers use that!
-              */
-
-              char *ptr = k->p + 14;
-
-              /* Move forward until first digit */
-              while(*ptr && !ISDIGIT(*ptr))
-                ptr++;
-
-              k->offset = curlx_strtoofft(ptr, NULL, 10);
-
-              if (data->reqdata.resume_from == k->offset)
-                /* we asked for a resume and we got it */
-                k->content_range = TRUE;
-            }
-#if !defined(CURL_DISABLE_COOKIES)
-            else if(data->cookies &&
-                    checkprefix("Set-Cookie:", k->p)) {
-              Curl_share_lock(data, CURL_LOCK_DATA_COOKIE,
-                              CURL_LOCK_ACCESS_SINGLE);
-              Curl_cookie_add(data,
-                              data->cookies, TRUE, k->p+11,
-                              /* If there is a custom-set Host: name, use it
-                                 here, or else use real peer host name. */
-                              conn->allocptr.cookiehost?
-                              conn->allocptr.cookiehost:conn->host.name,
-                              data->reqdata.path);
-              Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
-            }
-#endif
-            else if(checkprefix("Last-Modified:", k->p) &&
-                    (data->set.timecondition || data->set.get_filetime) ) {
-              time_t secs=time(NULL);
-              k->timeofdoc = curl_getdate(k->p+strlen("Last-Modified:"),
-                                          &secs);
-              if(data->set.get_filetime)
-                data->info.filetime = (long)k->timeofdoc;
-            }
-            else if((checkprefix("WWW-Authenticate:", k->p) &&
-                     (401 == k->httpcode)) ||
-                    (checkprefix("Proxy-authenticate:", k->p) &&
-                     (407 == k->httpcode))) {
-              result = Curl_http_input_auth(conn, k->httpcode, k->p);
-              if(result)
-                return result;
-            }
-            else if ((k->httpcode >= 300 && k->httpcode < 400) &&
-                     checkprefix("Location:", k->p)) {
-              if(data->set.http_follow_location) {
-                /* this is the URL that the server advices us to get instead */
-                char *ptr;
-                char *start=k->p;
-                char backup;
-
-                start += 9; /* pass "Location:" */
-
-                /* Skip spaces and tabs. We do this to support multiple
-                   white spaces after the "Location:" keyword. */
-                while(*start && ISSPACE(*start ))
-                  start++;
-
-                /* Scan through the string from the end to find the last
-                   non-space. k->end_ptr points to the actual terminating zero
-                   letter, move pointer one letter back and start from
-                   there. This logic strips off trailing whitespace, but keeps
-                   any embedded whitespace. */
-                ptr = k->end_ptr-1;
-                while((ptr>=start) && ISSPACE(*ptr))
-                  ptr--;
-                ptr++;
-
-                backup = *ptr; /* store the ending letter */
-                if(ptr != start) {
-                  *ptr = '\0';   /* zero terminate */
-                  data->reqdata.newurl = strdup(start); /* clone string */
-                  *ptr = backup; /* restore ending letter */
-                  if(!data->reqdata.newurl)
-                    return CURLE_OUT_OF_MEMORY;
-                }
-              }
-            }
-#endif   /* CURL_DISABLE_HTTP */
-
-            /*
-             * End of header-checks. Write them to the client.
-             */
-
-            writetype = CLIENTWRITE_HEADER;
-            if (data->set.include_header)
-              writetype |= CLIENTWRITE_BODY;
-
-            if(data->set.verbose)
-              Curl_debug(data, CURLINFO_HEADER_IN,
-                         k->p, (size_t)k->hbuflen, conn);
-
-            result = Curl_client_write(conn, writetype, k->p, k->hbuflen);
-            if(result)
-              return result;
-
-            data->info.header_size += (long)k->hbuflen;
-            conn->headerbytecount += (long)k->hbuflen;
-
-            /* reset hbufp pointer && hbuflen */
-            k->hbufp = data->state.headerbuff;
-            k->hbuflen = 0;
-          }
-          while (!stop_reading && *k->str); /* header line within buffer */
-
-          if(stop_reading)
-            /* We've stopped dealing with input, get out of the do-while loop */
-            break;
-
-          /* We might have reached the end of the header part here, but
-             there might be a non-header part left in the end of the read
-             buffer. */
-
-        }                       /* end if header mode */
-
-        /* This is not an 'else if' since it may be a rest from the header
-           parsing, where the beginning of the buffer is headers and the end
-           is non-headers. */
-        if (k->str && !k->header && (nread > 0 || is_empty_data)) {
-
-          if(0 == k->bodywrites && !is_empty_data) {
-            /* These checks are only made the first time we are about to
-               write a piece of the body */
-            if(conn->protocol&PROT_HTTP) {
-              /* HTTP-only checks */
-
-              if (data->reqdata.newurl) {
-                if(conn->bits.close) {
-                  /* Abort after the headers if "follow Location" is set
-                     and we're set to close anyway. */
-                  k->keepon &= ~KEEP_READ;
-                  *done = TRUE;
-                  return CURLE_OK;
-                }
-                /* We have a new url to load, but since we want to be able
-                   to re-use this connection properly, we read the full
-                   response in "ignore more" */
-                k->ignorebody = TRUE;
-                infof(data, "Ignoring the response-body\n");
-              }
-              if (data->reqdata.resume_from && !k->content_range &&
-                  (data->set.httpreq==HTTPREQ_GET) &&
-                  !k->ignorebody) {
-                /* we wanted to resume a download, although the server doesn't
-                 * seem to support this and we did this with a GET (if it
-                 * wasn't a GET we did a POST or PUT resume) */
-                failf(data, "HTTP server doesn't seem to support "
-                      "byte ranges. Cannot resume.");
-                return CURLE_HTTP_RANGE_ERROR;
-              }
-
-              if(data->set.timecondition && !data->reqdata.range) {
-                /* A time condition has been set AND no ranges have been
-                   requested. This seems to be what chapter 13.3.4 of
-                   RFC 2616 defines to be the correct action for a
-                   HTTP/1.1 client */
-                if((k->timeofdoc > 0) && (data->set.timevalue > 0)) {
-                  switch(data->set.timecondition) {
-                  case CURL_TIMECOND_IFMODSINCE:
-                  default:
-                    if(k->timeofdoc < data->set.timevalue) {
-                      infof(data,
-                            "The requested document is not new enough\n");
-                      *done = TRUE;
-                      return CURLE_OK;
-                    }
-                    break;
-                  case CURL_TIMECOND_IFUNMODSINCE:
-                    if(k->timeofdoc > data->set.timevalue) {
-                      infof(data,
-                            "The requested document is not old enough\n");
-                      *done = TRUE;
-                      return CURLE_OK;
-                    }
-                    break;
-                  } /* switch */
-                } /* two valid time strings */
-              } /* we have a time condition */
-
-            } /* this is HTTP */
-          } /* this is the first time we write a body part */
-          k->bodywrites++;
-
-          /* pass data to the debug function before it gets "dechunked" */
-          if(data->set.verbose) {
-            if(k->badheader) {
-              Curl_debug(data, CURLINFO_DATA_IN, data->state.headerbuff,
-                         (size_t)k->hbuflen, conn);
-              if(k->badheader == HEADER_PARTHEADER)
-                Curl_debug(data, CURLINFO_DATA_IN,
-                           k->str, (size_t)nread, conn);
-            }
-            else
-              Curl_debug(data, CURLINFO_DATA_IN,
-                         k->str, (size_t)nread, conn);
-          }
-
-#ifndef CURL_DISABLE_HTTP
-          if(conn->bits.chunk) {
-            /*
-             * Bless me father for I have sinned. Here comes a chunked
-             * transfer flying and we need to decode this properly.  While
-             * the name says read, this function both reads and writes away
-             * the data. The returned 'nread' holds the number of actual
-             * data it wrote to the client.  */
-
-            CHUNKcode res =
-              Curl_httpchunk_read(conn, k->str, nread, &nread);
-
-            if(CHUNKE_OK < res) {
-              if(CHUNKE_WRITE_ERROR == res) {
-                failf(data, "Failed writing data");
-                return CURLE_WRITE_ERROR;
-              }
-              failf(data, "Received problem %d in the chunky parser", res);
-              return CURLE_RECV_ERROR;
-            }
-            else if(CHUNKE_STOP == res) {
-              /* we're done reading chunks! */
-              k->keepon &= ~KEEP_READ; /* read no more */
-
-              /* There are now possibly N number of bytes at the end of the
-                 str buffer that weren't written to the client, but we don't
-                 care about them right now. */
-            }
-            /* If it returned OK, we just keep going */
-          }
-#endif   /* CURL_DISABLE_HTTP */
-
-          if((-1 != k->maxdownload) &&
-             (k->bytecount + nread >= k->maxdownload)) {
-            /* The 'excess' amount below can't be more than BUFSIZE which
-               always will fit in a size_t */
-            size_t excess = (size_t)(k->bytecount + nread - k->maxdownload);
-            if (excess > 0 && !k->ignorebody) {
-              infof(data,
-                    "Rewinding stream by : %d"
-                    " bytes on url %s (size = %" FORMAT_OFF_T
-                    ", maxdownload = %" FORMAT_OFF_T
-                    ", bytecount = %" FORMAT_OFF_T ", nread = %d)\n",
-                    excess, conn->data->reqdata.path,
-                    k->size, k->maxdownload, k->bytecount, nread);
-              read_rewind(conn, excess);
-            }
-
-            nread = (ssize_t) (k->maxdownload - k->bytecount);
-            if(nread < 0 ) /* this should be unusual */
-              nread = 0;
-
-            k->keepon &= ~KEEP_READ; /* we're done reading */
-          }
-
-          k->bytecount += nread;
-
-          Curl_pgrsSetDownloadCounter(data, k->bytecount);
-
-          if(!conn->bits.chunk && (nread || k->badheader || is_empty_data)) {
-            /* If this is chunky transfer, it was already written */
-
-            if(k->badheader && !k->ignorebody) {
-              /* we parsed a piece of data wrongly assuming it was a header
-                 and now we output it as body instead */
-              result = Curl_client_write(conn, CLIENTWRITE_BODY,
-                                         data->state.headerbuff,
-                                         k->hbuflen);
-              if(result)
-                return result;
-            }
-            if(k->badheader < HEADER_ALLBAD) {
-              /* This switch handles various content encodings. If there's an
-                 error here, be sure to check over the almost identical code
-                 in http_chunks.c.
-                 Make sure that ALL_CONTENT_ENCODINGS contains all the
-                 encodings handled here. */
-#ifdef HAVE_LIBZ
-              switch (k->content_encoding) {
-              case IDENTITY:
-#endif
-                /* This is the default when the server sends no
-                   Content-Encoding header. See Curl_readwrite_init; the
-                   memset() call initializes k->content_encoding to zero. */
-                if(!k->ignorebody)
-                  result = Curl_client_write(conn, CLIENTWRITE_BODY, k->str,
-                                             nread);
-#ifdef HAVE_LIBZ
-                break;
-
-              case DEFLATE:
-                /* Assume CLIENTWRITE_BODY; headers are not encoded. */
-                if(!k->ignorebody)
-                  result = Curl_unencode_deflate_write(conn, k, nread);
-                break;
-
-              case GZIP:
-                /* Assume CLIENTWRITE_BODY; headers are not encoded. */
-                if(!k->ignorebody)
-                  result = Curl_unencode_gzip_write(conn, k, nread);
-                break;
-
-              case COMPRESS:
-              default:
-                failf (data, "Unrecognized content encoding type. "
-                       "libcurl understands `identity', `deflate' and `gzip' "
-                       "content encodings.");
-                result = CURLE_BAD_CONTENT_ENCODING;
-                break;
-              }
-#endif
-            }
-            k->badheader = HEADER_NORMAL; /* taken care of now */
-
-            if(result)
-              return result;
-          }
-
-        } /* if (! header and data to read ) */
-
-        if (is_empty_data) {
-          /* if we received nothing, the server closed the connection and we
-             are done */
-          k->keepon &= ~KEEP_READ;
-        }
-
-      } while(data_pending(conn));
-
-    } /* if( read from socket ) */
-
-    /* If we still have writing to do, we check if we have a writable
-       socket. */
-    if((k->keepon & KEEP_WRITE) && (select_res & CSELECT_OUT)) {
-      /* write */
-
-      int i, si;
-      ssize_t bytes_written;
-      bool writedone=TRUE;
-
-      if ((k->bytecount == 0) && (k->writebytecount == 0))
-        Curl_pgrsTime(data, TIMER_STARTTRANSFER);
-
-      didwhat |= KEEP_WRITE;
-
-      /*
-       * We loop here to do the READ and SEND loop until we run out of
-       * data to send or until we get EWOULDBLOCK back
-       */
-      do {
-
-        /* only read more data if there's no upload data already
-           present in the upload buffer */
-        if(0 == data->reqdata.upload_present) {
-          /* init the "upload from here" pointer */
-          data->reqdata.upload_fromhere = k->uploadbuf;
-
-          if(!k->upload_done) {
-            /* HTTP pollution, this should be written nicer to become more
-               protocol agnostic. */
-            int fillcount;
-
-            if(k->wait100_after_headers &&
-               (data->reqdata.proto.http->sending == HTTPSEND_BODY)) {
-              /* If this call is to send body data, we must take some action:
-                 We have sent off the full HTTP 1.1 request, and we shall now
-                 go into the Expect: 100 state and await such a header */
-              k->wait100_after_headers = FALSE; /* headers sent */
-              k->write_after_100_header = TRUE; /* wait for the header */
-              k->keepon &= ~KEEP_WRITE;         /* disable writing */
-              k->start100 = Curl_tvnow();       /* timeout count starts now */
-              didwhat &= ~KEEP_WRITE;  /* we didn't write anything actually */
-              break;
-            }
-
-            result = Curl_fillreadbuffer(conn, BUFSIZE, &fillcount);
-            if(result)
-              return result;
-
-            nread = (ssize_t)fillcount;
-          }
-          else
-            nread = 0; /* we're done uploading/reading */
-
-          /* the signed int typecase of nread of for systems that has
-             unsigned size_t */
-          if (nread<=0) {
-            /* done */
-            k->keepon &= ~KEEP_WRITE; /* we're done writing */
-            writedone = TRUE;
-
-            if(conn->bits.rewindaftersend) {
-              result = Curl_readrewind(conn);
-              if(result)
-                return result;
-            }
-            break;
-          }
-
-          /* store number of bytes available for upload */
-          data->reqdata.upload_present = nread;
-
-          /* convert LF to CRLF if so asked */
-#ifdef CURL_DO_LINEEND_CONV
-          /* always convert if we're FTPing in ASCII mode */
-          if ((data->set.crlf) || (data->set.prefer_ascii)) {
-#else
-          if (data->set.crlf) {
-#endif /* CURL_DO_LINEEND_CONV */
-              if(data->state.scratch == NULL)
-                data->state.scratch = malloc(2*BUFSIZE);
-              if(data->state.scratch == NULL) {
-                failf (data, "Failed to alloc scratch buffer!");
-                return CURLE_OUT_OF_MEMORY;
-              }
-              /*
-               * ASCII/EBCDIC Note: This is presumably a text (not binary)
-               * transfer so the data should already be in ASCII.
-               * That means the hex values for ASCII CR (0x0d) & LF (0x0a)
-               * must be used instead of the escape sequences \r & \n.
-               */
-            for(i = 0, si = 0; i < nread; i++, si++) {
-              if (data->reqdata.upload_fromhere[i] == 0x0a) {
-                data->state.scratch[si++] = 0x0d;
-                data->state.scratch[si] = 0x0a;
-                if (!data->set.crlf) {
-                  /* we're here only because FTP is in ASCII mode...
-                     bump infilesize for the LF we just added */
-                  data->set.infilesize++;
-                }
-              }
-              else
-                data->state.scratch[si] = data->reqdata.upload_fromhere[i];
-            }
-            if(si != nread) {
-              /* only perform the special operation if we really did replace
-                 anything */
-              nread = si;
-
-              /* upload from the new (replaced) buffer instead */
-              data->reqdata.upload_fromhere = data->state.scratch;
-
-              /* set the new amount too */
-              data->reqdata.upload_present = nread;
-            }
-          }
-        }
-        else {
-          /* We have a partial buffer left from a previous "round". Use
-             that instead of reading more data */
-        }
-
-        /* write to socket (send away data) */
-        result = Curl_write(conn,
-                            conn->writesockfd,     /* socket to send to */
-                            data->reqdata.upload_fromhere, /* buffer pointer */
-                            data->reqdata.upload_present,  /* buffer size */
-                            &bytes_written);       /* actually send away */
-        if(result)
-          return result;
-
-        if(data->set.verbose)
-          /* show the data before we change the pointer upload_fromhere */
-          Curl_debug(data, CURLINFO_DATA_OUT, data->reqdata.upload_fromhere,
-                     (size_t)bytes_written, conn);
-
-        if(data->reqdata.upload_present != bytes_written) {
-          /* we only wrote a part of the buffer (if anything), deal with it! */
-
-          /* store the amount of bytes left in the buffer to write */
-          data->reqdata.upload_present -= bytes_written;
-
-          /* advance the pointer where to find the buffer when the next send
-             is to happen */
-          data->reqdata.upload_fromhere += bytes_written;
-
-          writedone = TRUE; /* we are done, stop the loop */
-        }
-        else {
-          /* we've uploaded that buffer now */
-          data->reqdata.upload_fromhere = k->uploadbuf;
-          data->reqdata.upload_present = 0; /* no more bytes left */
-
-          if(k->upload_done) {
-            /* switch off writing, we're done! */
-            k->keepon &= ~KEEP_WRITE; /* we're done writing */
-            writedone = TRUE;
-          }
-        }
-
-        k->writebytecount += bytes_written;
-        Curl_pgrsSetUploadCounter(data, k->writebytecount);
-
-      } while(!writedone); /* loop until we're done writing! */
-
-    }
-
-  } while(0); /* just to break out from! */
-
-  k->now = Curl_tvnow();
-  if(didwhat) {
-    /* Update read/write counters */
-    if(k->bytecountp)
-      *k->bytecountp = k->bytecount; /* read count */
-    if(k->writebytecountp)
-      *k->writebytecountp = k->writebytecount; /* write count */
-  }
-  else {
-    /* no read no write, this is a timeout? */
-    if (k->write_after_100_header) {
-      /* This should allow some time for the header to arrive, but only a
-         very short time as otherwise it'll be too much wasted times too
-         often. */
-
-      /* Quoting RFC2616, section "8.2.3 Use of the 100 (Continue) Status":
-
-      Therefore, when a client sends this header field to an origin server
-      (possibly via a proxy) from which it has never seen a 100 (Continue)
-      status, the client SHOULD NOT wait for an indefinite period before
-      sending the request body.
-
-      */
-
-      long ms = Curl_tvdiff(k->now, k->start100);
-      if(ms > CURL_TIMEOUT_EXPECT_100) {
-        /* we've waited long enough, continue anyway */
-        k->write_after_100_header = FALSE;
-        k->keepon |= KEEP_WRITE;
-      }
-    }
-  }
-
-  if(Curl_pgrsUpdate(conn))
-    result = CURLE_ABORTED_BY_CALLBACK;
-  else
-    result = Curl_speedcheck(data, k->now);
-  if (result)
-    return result;
-
-  if (data->set.timeout &&
-      ((Curl_tvdiff(k->now, k->start)/1000) >= data->set.timeout)) {
-    if (k->size != -1) {
-      failf(data, "Operation timed out after %d seconds with %"
-            FORMAT_OFF_T " out of %" FORMAT_OFF_T " bytes received",
-            data->set.timeout, k->bytecount, k->size);
-    } else {
-      failf(data, "Operation timed out after %d seconds with %"
-            FORMAT_OFF_T " bytes received",
-            data->set.timeout, k->bytecount);
-    }
-    return CURLE_OPERATION_TIMEOUTED;
-  }
-
-  if(!k->keepon) {
-    /*
-     * The transfer has been performed. Just make some general checks before
-     * returning.
-     */
-
-    if(!(conn->bits.no_body) && (k->size != -1) &&
-       (k->bytecount != k->size) &&
-#ifdef CURL_DO_LINEEND_CONV
-       /* Most FTP servers don't adjust their file SIZE response for CRLFs,
-          so we'll check to see if the discrepancy can be explained
-          by the number of CRLFs we've changed to LFs.
-        */
-       (k->bytecount != (k->size + data->state.crlf_conversions)) &&
-#endif /* CURL_DO_LINEEND_CONV */
-       !data->reqdata.newurl) {
-      failf(data, "transfer closed with %" FORMAT_OFF_T
-            " bytes remaining to read",
-            k->size - k->bytecount);
-      return CURLE_PARTIAL_FILE;
-    }
-    else if(!(conn->bits.no_body) &&
-            conn->bits.chunk &&
-            (data->reqdata.proto.http->chunk.state != CHUNK_STOP)) {
-      /*
-       * In chunked mode, return an error if the connection is closed prior to
-       * the empty (terminiating) chunk is read.
-       *
-       * The condition above used to check for
-       * conn->proto.http->chunk.datasize != 0 which is true after reading
-       * *any* chunk, not just the empty chunk.
-       *
-       */
-      failf(data, "transfer closed with outstanding read data remaining");
-      return CURLE_PARTIAL_FILE;
-    }
-    if(Curl_pgrsUpdate(conn))
-      return CURLE_ABORTED_BY_CALLBACK;
-  }
-
-  /* Now update the "done" boolean we return */
-  *done = (bool)(0 == (k->keepon&(KEEP_READ|KEEP_WRITE)));
-
-  return CURLE_OK;
-}
-
-
-/*
- * Curl_readwrite_init() inits the readwrite session. This is inited each time for a
- * transfer, sometimes multiple times on the same SessionHandle
- */
-
-CURLcode Curl_readwrite_init(struct connectdata *conn)
-{
-  struct SessionHandle *data = conn->data;
-  struct Curl_transfer_keeper *k = &data->reqdata.keep;
-
-  /* NB: the content encoding software depends on this initialization of
-     Curl_transfer_keeper.*/
-  memset(k, 0, sizeof(struct Curl_transfer_keeper));
-
-  k->start = Curl_tvnow(); /* start time */
-  k->now = k->start;   /* current time is now */
-  k->header = TRUE; /* assume header */
-  k->httpversion = -1; /* unknown at this point */
-
-  k->size = data->reqdata.size;
-  k->maxdownload = data->reqdata.maxdownload;
-  k->bytecountp = data->reqdata.bytecountp;
-  k->writebytecountp = data->reqdata.writebytecountp;
-
-  k->bytecount = 0;
-
-  k->buf = data->state.buffer;
-  k->uploadbuf = data->state.uploadbuffer;
-  k->maxfd = (conn->sockfd>conn->writesockfd?
-              conn->sockfd:conn->writesockfd)+1;
-  k->hbufp = data->state.headerbuff;
-  k->ignorebody=FALSE;
-
-  Curl_pgrsTime(data, TIMER_PRETRANSFER);
-  Curl_speedinit(data);
-
-  Curl_pgrsSetUploadCounter(data, 0);
-  Curl_pgrsSetDownloadCounter(data, 0);
-
-  if (!conn->bits.getheader) {
-    k->header = FALSE;
-    if(k->size > 0)
-      Curl_pgrsSetDownloadSize(data, k->size);
-  }
-  /* we want header and/or body, if neither then don't do this! */
-  if(conn->bits.getheader || !conn->bits.no_body) {
-
-    if(conn->sockfd != CURL_SOCKET_BAD) {
-      k->keepon |= KEEP_READ;
-    }
-
-    if(conn->writesockfd != CURL_SOCKET_BAD) {
-      /* HTTP 1.1 magic:
-
-         Even if we require a 100-return code before uploading data, we might
-         need to write data before that since the REQUEST may not have been
-         finished sent off just yet.
-
-         Thus, we must check if the request has been sent before we set the
-         state info where we wait for the 100-return code
-      */
-      if (data->state.expect100header &&
-          (data->reqdata.proto.http->sending == HTTPSEND_BODY)) {
-        /* wait with write until we either got 100-continue or a timeout */
-        k->write_after_100_header = TRUE;
-        k->start100 = k->start;
-      }
-      else {
-        if(data->state.expect100header)
-          /* when we've sent off the rest of the headers, we must await a
-             100-continue */
-          k->wait100_after_headers = TRUE;
-        k->keepon |= KEEP_WRITE;
-      }
-    }
-  }
-
-  return CURLE_OK;
-}
-
-/*
- * Curl_single_getsock() gets called by the multi interface code when the app
- * has requested to get the sockets for the current connection. This function
- * will then be called once for every connection that the multi interface
- * keeps track of. This function will only be called for connections that are
- * in the proper state to have this information available.
- */
-int Curl_single_getsock(struct connectdata *conn,
-                        curl_socket_t *sock, /* points to numsocks number
-                                                of sockets */
-                        int numsocks)
-{
-  struct SessionHandle *data = conn->data;
-  int bitmap = GETSOCK_BLANK;
-  int index = 0;
-
-  if(numsocks < 2)
-    /* simple check but we might need two slots */
-    return GETSOCK_BLANK;
-
-  if(data->reqdata.keep.keepon & KEEP_READ) {
-    bitmap |= GETSOCK_READSOCK(index);
-    sock[index] = conn->sockfd;
-  }
-
-  if(data->reqdata.keep.keepon & KEEP_WRITE) {
-
-    if((conn->sockfd != conn->writesockfd) ||
-       !(data->reqdata.keep.keepon & KEEP_READ)) {
-      /* only if they are not the same socket or we didn't have a readable
-         one, we increase index */
-      if(data->reqdata.keep.keepon & KEEP_READ)
-        index++; /* increase index if we need two entries */
-      sock[index] = conn->writesockfd;
-    }
-
-    bitmap |= GETSOCK_WRITESOCK(index);
-  }
-
-  return bitmap;
-}
-
-
-/*
- * Transfer()
- *
- * This function is what performs the actual transfer. It is capable of
- * doing both ways simultaneously.
- * The transfer must already have been setup by a call to Curl_setup_transfer().
- *
- * Note that headers are created in a preallocated buffer of a default size.
- * That buffer can be enlarged on demand, but it is never shrunken again.
- *
- * Parts of this function was once written by the friendly Mark Butler
- * <butlerm@xmission.com>.
- */
-
-static CURLcode
-Transfer(struct connectdata *conn)
-{
-  CURLcode result;
-  struct SessionHandle *data = conn->data;
-  struct Curl_transfer_keeper *k = &data->reqdata.keep;
-  bool done=FALSE;
-
-  if(!(conn->protocol & PROT_FILE))
-    /* Only do this if we are not transferring FILE:, since the file: treatment
-       is different*/
-    Curl_readwrite_init(conn);
-
-  if((conn->sockfd == CURL_SOCKET_BAD) &&
-     (conn->writesockfd == CURL_SOCKET_BAD))
-    /* nothing to read, nothing to write, we're already OK! */
-    return CURLE_OK;
-
-  /* we want header and/or body, if neither then don't do this! */
-  if(!conn->bits.getheader && conn->bits.no_body)
-    return CURLE_OK;
-
-  while (!done) {
-    curl_socket_t fd_read;
-    curl_socket_t fd_write;
-
-    /* limit-rate logic: if speed exceeds threshold, then do not include fd in
-       select set. The current speed is recalculated in each Curl_readwrite()
-       call */
-    if ((k->keepon & KEEP_WRITE) &&
-        (!data->set.max_send_speed ||
-         (data->progress.ulspeed < data->set.max_send_speed) )) {
-      fd_write = conn->writesockfd;
-      k->keepon &= ~KEEP_WRITE_HOLD;
-    }
-    else {
-      fd_write = CURL_SOCKET_BAD;
-      if(k->keepon & KEEP_WRITE)
-        k->keepon |= KEEP_WRITE_HOLD; /* hold it */
-    }
-
-    if ((k->keepon & KEEP_READ) &&
-        (!data->set.max_recv_speed ||
-         (data->progress.dlspeed < data->set.max_recv_speed)) ) {
-      fd_read = conn->sockfd;
-      k->keepon &= ~KEEP_READ_HOLD;
-    }
-    else {
-      fd_read = CURL_SOCKET_BAD;
-      if(k->keepon & KEEP_READ)
-        k->keepon |= KEEP_READ_HOLD; /* hold it */
-    }
-
-    /* The *_HOLD logic is necessary since even though there might be no
-       traffic during the select interval, we still call Curl_readwrite() for
-       the timeout case and if we limit transfer speed we must make sure that
-       this function doesn't transfer anything while in HOLD status. */
-
-    switch (Curl_select(fd_read, fd_write, 1000)) {
-    case -1: /* select() error, stop reading */
-#ifdef EINTR
-      /* The EINTR is not serious, and it seems you might get this more
-         ofen when using the lib in a multi-threaded environment! */
-      if(errno == EINTR)
-        ;
-      else
-#endif
-        done = TRUE; /* no more read or write */
-      continue;
-    case 0:  /* timeout */
-    default: /* readable descriptors */
-
-      result = Curl_readwrite(conn, &done);
-      break;
-    }
-    if(result)
-      return result;
-
-    /* "done" signals to us if the transfer(s) are ready */
-  }
-
-  return CURLE_OK;
-}
-
-/*
- * Curl_pretransfer() is called immediately before a transfer starts.
- */
-CURLcode Curl_pretransfer(struct SessionHandle *data)
-{
-  CURLcode res;
-  if(!data->change.url) {
-    /* we can't do anything wihout URL */
-    failf(data, "No URL set!\n");
-    return CURLE_URL_MALFORMAT;
-  }
-
-  /* Init the SSL session ID cache here. We do it here since we want to do it
-     after the *_setopt() calls (that could change the size of the cache) but
-     before any transfer takes place. */
-  res = Curl_ssl_initsessions(data, data->set.ssl.numsessions);
-  if(res)
-    return res;
-
-  data->set.followlocation=0; /* reset the location-follow counter */
-  data->state.this_is_a_follow = FALSE; /* reset this */
-  data->state.errorbuf = FALSE; /* no error has occurred */
-
-  data->state.authproblem = FALSE;
-  data->state.authhost.want = data->set.httpauth;
-  data->state.authproxy.want = data->set.proxyauth;
-
-  /* If there is a list of cookie files to read, do it now! */
-  if(data->change.cookielist) {
-    Curl_cookie_loadfiles(data);
-  }
-
- /* Allow data->set.use_port to set which port to use. This needs to be
-  * disabled for example when we follow Location: headers to URLs using
-  * different ports! */
-  data->state.allow_port = TRUE;
-
-#if defined(HAVE_SIGNAL) && defined(SIGPIPE) && !defined(HAVE_MSG_NOSIGNAL)
-  /*************************************************************
-   * Tell signal handler to ignore SIGPIPE
-   *************************************************************/
-  if(!data->set.no_signal)
-    data->state.prev_signal = signal(SIGPIPE, SIG_IGN);
-#endif
-
-  Curl_initinfo(data); /* reset session-specific information "variables" */
-  Curl_pgrsStartNow(data);
-
-  return CURLE_OK;
-}
-
-/*
- * Curl_posttransfer() is called immediately after a transfer ends
- */
-CURLcode Curl_posttransfer(struct SessionHandle *data)
-{
-#if defined(HAVE_SIGNAL) && defined(SIGPIPE) && !defined(HAVE_MSG_NOSIGNAL)
-  /* restore the signal handler for SIGPIPE before we get back */
-  if(!data->set.no_signal)
-    signal(SIGPIPE, data->state.prev_signal);
-#else
-  (void)data; /* unused parameter */
-#endif
-
-  if(!(data->progress.flags & PGRS_HIDE) &&
-     !data->progress.callback)
-    /* only output if we don't use a progress callback and we're not hidden */
-    fprintf(data->set.err, "\n");
-
-  return CURLE_OK;
-}
-
-/*
- * strlen_url() returns the length of the given URL if the spaces within the
- * URL were properly URL encoded.
- */
-static int strlen_url(char *url)
-{
-  char *ptr;
-  int newlen=0;
-  bool left=TRUE; /* left side of the ? */
-
-  for(ptr=url; *ptr; ptr++) {
-    switch(*ptr) {
-    case '?':
-      left=FALSE;
-    default:
-      newlen++;
-      break;
-    case ' ':
-      if(left)
-        newlen+=3;
-      else
-        newlen++;
-      break;
-    }
-  }
-  return newlen;
-}
-
-/* strcpy_url() copies a url to a output buffer and URL-encodes the spaces in
- * the source URL accordingly.
- */
-static void strcpy_url(char *output, char *url)
-{
-  /* we must add this with whitespace-replacing */
-  bool left=TRUE;
-  char *iptr;
-  char *optr = output;
-  for(iptr = url;    /* read from here */
-      *iptr;         /* until zero byte */
-      iptr++) {
-    switch(*iptr) {
-    case '?':
-      left=FALSE;
-    default:
-      *optr++=*iptr;
-      break;
-    case ' ':
-      if(left) {
-        *optr++='%'; /* add a '%' */
-        *optr++='2'; /* add a '2' */
-        *optr++='0'; /* add a '0' */
-      }
-      else
-        *optr++='+'; /* add a '+' here */
-      break;
-    }
-  }
-  *optr=0; /* zero terminate output buffer */
-
-}
-
-/*
- * Curl_follow() handles the URL redirect magic. Pass in the 'newurl' string
- * as given by the remote server and set up the new URL to request.
- */
-CURLcode Curl_follow(struct SessionHandle *data,
-                     char *newurl, /* this 'newurl' is the Location: string,
-                                      and it must be malloc()ed before passed
-                                      here */
-                     bool retry) /* set TRUE if this is a request retry as
-                                    opposed to a real redirect following */
-{
-  /* Location: redirect */
-  char prot[16]; /* URL protocol string storage */
-  char letter;   /* used for a silly sscanf */
-  size_t newlen;
-  char *newest;
-
-  if(!retry) {
-    if ((data->set.maxredirs != -1) &&
-        (data->set.followlocation >= data->set.maxredirs)) {
-      failf(data,"Maximum (%d) redirects followed", data->set.maxredirs);
-      return CURLE_TOO_MANY_REDIRECTS;
-    }
-
-    /* mark the next request as a followed location: */
-    data->state.this_is_a_follow = TRUE;
-
-    data->set.followlocation++; /* count location-followers */
-  }
-
-  if(data->set.http_auto_referer) {
-    /* We are asked to automatically set the previous URL as the
-       referer when we get the next URL. We pick the ->url field,
-       which may or may not be 100% correct */
-
-    if(data->change.referer_alloc)
-      /* If we already have an allocated referer, free this first */
-      free(data->change.referer);
-
-    data->change.referer = strdup(data->change.url);
-    data->change.referer_alloc = TRUE; /* yes, free this later */
-  }
-
-  if(2 != sscanf(newurl, "%15[^?&/:]://%c", prot, &letter)) {
-    /***
-     *DANG* this is an RFC 2068 violation. The URL is supposed
-     to be absolute and this doesn't seem to be that!
-     ***
-     Instead, we have to TRY to append this new path to the old URL
-     to the right of the host part. Oh crap, this is doomed to cause
-     problems in the future...
-    */
-    char *protsep;
-    char *pathsep;
-
-    char *useurl = newurl;
-    size_t urllen;
-
-    /* we must make our own copy of the URL to play with, as it may
-       point to read-only data */
-    char *url_clone=strdup(data->change.url);
-
-    if(!url_clone)
-      return CURLE_OUT_OF_MEMORY; /* skip out of this NOW */
-
-    /* protsep points to the start of the host name */
-    protsep=strstr(url_clone, "//");
-    if(!protsep)
-      protsep=url_clone;
-    else
-      protsep+=2; /* pass the slashes */
-
-    if('/' != newurl[0]) {
-      int level=0;
-
-      /* First we need to find out if there's a ?-letter in the URL,
-         and cut it and the right-side of that off */
-      pathsep = strchr(protsep, '?');
-      if(pathsep)
-        *pathsep=0;
-
-      /* we have a relative path to append to the last slash if
-         there's one available */
-      pathsep = strrchr(protsep, '/');
-      if(pathsep)
-        *pathsep=0;
-
-      /* Check if there's any slash after the host name, and if so,
-         remember that position instead */
-      pathsep = strchr(protsep, '/');
-      if(pathsep)
-        protsep = pathsep+1;
-      else
-        protsep = NULL;
-
-      /* now deal with one "./" or any amount of "../" in the newurl
-         and act accordingly */
-
-      if((useurl[0] == '.') && (useurl[1] == '/'))
-        useurl+=2; /* just skip the "./" */
-
-      while((useurl[0] == '.') &&
-            (useurl[1] == '.') &&
-            (useurl[2] == '/')) {
-        level++;
-        useurl+=3; /* pass the "../" */
-      }
-
-      if(protsep) {
-        while(level--) {
-          /* cut off one more level from the right of the original URL */
-          pathsep = strrchr(protsep, '/');
-          if(pathsep)
-            *pathsep=0;
-          else {
-            *protsep=0;
-            break;
-          }
-        }
-      }
-    }
-    else {
-      /* We got a new absolute path for this server, cut off from the
-         first slash */
-      pathsep = strchr(protsep, '/');
-      if(pathsep) {
-        /* When people use badly formatted URLs, such as
-           "http://www.url.com?dir=/home/daniel" we must not use the first
-           slash, if there's a ?-letter before it! */
-        char *sep = strchr(protsep, '?');
-        if(sep && (sep < pathsep))
-          pathsep = sep;
-        *pathsep=0;
-      }
-      else {
-        /* There was no slash. Now, since we might be operating on a badly
-           formatted URL, such as "http://www.url.com?id=2380" which doesn't
-           use a slash separator as it is supposed to, we need to check for a
-           ?-letter as well! */
-        pathsep = strchr(protsep, '?');
-        if(pathsep)
-          *pathsep=0;
-      }
-    }
-
-    /* If the new part contains a space, this is a mighty stupid redirect
-       but we still make an effort to do "right". To the left of a '?'
-       letter we replace each space with %20 while it is replaced with '+'
-       on the right side of the '?' letter.
-    */
-    newlen = strlen_url(useurl);
-
-    urllen = strlen(url_clone);
-
-    newest=(char *)malloc( urllen + 1 + /* possible slash */
-                           newlen + 1 /* zero byte */);
-
-    if(!newest) {
-      free(url_clone); /* don't leak this */
-      return CURLE_OUT_OF_MEMORY; /* go out from this */
-    }
-
-    /* copy over the root url part */
-    memcpy(newest, url_clone, urllen);
-
-    /* check if we need to append a slash */
-    if(('/' == useurl[0]) || (protsep && !*protsep))
-      ;
-    else
-      newest[urllen++]='/';
-
-    /* then append the new piece on the right side */
-    strcpy_url(&newest[urllen], useurl);
-
-    free(newurl); /* newurl is the allocated pointer */
-    free(url_clone);
-    newurl = newest;
-  }
-  else {
-    /* This is an absolute URL, don't allow the custom port number */
-    data->state.allow_port = FALSE;
-
-    if(strchr(newurl, ' ')) {
-      /* This new URL contains at least one space, this is a mighty stupid
-         redirect but we still make an effort to do "right". */
-      newlen = strlen_url(newurl);
-
-      newest = malloc(newlen+1); /* get memory for this */
-      if(newest) {
-        strcpy_url(newest, newurl); /* create a space-free URL */
-
-        free(newurl); /* that was no good */
-        newurl = newest; /* use this instead now */
-      }
-    }
-
-  }
-
-  if(data->change.url_alloc)
-    free(data->change.url);
-  else
-    data->change.url_alloc = TRUE; /* the URL is allocated */
-
-  data->change.url = newurl;
-  newurl = NULL; /* don't free! */
-
-  infof(data, "Issue another request to this URL: '%s'\n", data->change.url);
-
-  /*
-   * We get here when the HTTP code is 300-399 (and 401). We need to perform
-   * differently based on exactly what return code there was.
-   *
-   * News from 7.10.6: we can also get here on a 401 or 407, in case we act on
-   * a HTTP (proxy-) authentication scheme other than Basic.
-   */
-  switch(data->info.httpcode) {
-    /* 401 - Act on a www-authentication, we keep on moving and do the
-       Authorization: XXXX header in the HTTP request code snippet */
-    /* 407 - Act on a proxy-authentication, we keep on moving and do the
-       Proxy-Authorization: XXXX header in the HTTP request code snippet */
-    /* 300 - Multiple Choices */
-    /* 306 - Not used */
-    /* 307 - Temporary Redirect */
-  default:  /* for all above (and the unknown ones) */
-    /* Some codes are explicitly mentioned since I've checked RFC2616 and they
-     * seem to be OK to POST to.
-     */
-    break;
-  case 301: /* Moved Permanently */
-    /* (quote from RFC2616, section 10.3.2):
-     *
-     * Note: When automatically redirecting a POST request after receiving a
-     * 301 status code, some existing HTTP/1.0 user agents will erroneously
-     * change it into a GET request.
-     *
-     * ----
-     *
-     * Warning: Because most of importants user agents do this obvious RFC2616
-     * violation, many webservers expect this misbehavior. So these servers
-     * often answers to a POST request with an error page.  To be sure that
-     * libcurl gets the page that most user agents would get, libcurl has to
-     * force GET:
-     */
-    if( data->set.httpreq == HTTPREQ_POST
-        || data->set.httpreq == HTTPREQ_POST_FORM) {
-      infof(data,
-            "Violate RFC 2616/10.3.2 and switch from POST to GET\n");
-      data->set.httpreq = HTTPREQ_GET;
-    }
-    break;
-  case 302: /* Found */
-    /* (From 10.3.3)
-
-    Note: RFC 1945 and RFC 2068 specify that the client is not allowed
-    to change the method on the redirected request.  However, most
-    existing user agent implementations treat 302 as if it were a 303
-    response, performing a GET on the Location field-value regardless
-    of the original request method. The status codes 303 and 307 have
-    been added for servers that wish to make unambiguously clear which
-    kind of reaction is expected of the client.
-
-    (From 10.3.4)
-
-    Note: Many pre-HTTP/1.1 user agents do not understand the 303
-    status. When interoperability with such clients is a concern, the
-    302 status code may be used instead, since most user agents react
-    to a 302 response as described here for 303.
-    */
-  case 303: /* See Other */
-    /* Disable both types of POSTs, since doing a second POST when
-     * following isn't what anyone would want! */
-    if(data->set.httpreq != HTTPREQ_GET) {
-      data->set.httpreq = HTTPREQ_GET; /* enforce GET request */
-      infof(data, "Disables POST, goes with %s\n",
-            data->set.opt_no_body?"HEAD":"GET");
-    }
-    break;
-  case 304: /* Not Modified */
-    /* 304 means we did a conditional request and it was "Not modified".
-     * We shouldn't get any Location: header in this response!
-     */
-    break;
-  case 305: /* Use Proxy */
-    /* (quote from RFC2616, section 10.3.6):
-     * "The requested resource MUST be accessed through the proxy given
-     * by the Location field. The Location field gives the URI of the
-     * proxy.  The recipient is expected to repeat this single request
-     * via the proxy. 305 responses MUST only be generated by origin
-     * servers."
-     */
-    break;
-  }
-  Curl_pgrsTime(data, TIMER_REDIRECT);
-  Curl_pgrsResetTimes(data);
-
-  return CURLE_OK;
-}
-
-static CURLcode
-Curl_connect_host(struct SessionHandle *data,
-                  struct connectdata **conn)
-{
-  CURLcode res = CURLE_OK;
-  int urlchanged = FALSE;
-
-  do {
-    bool async;
-    bool protocol_done=TRUE; /* will be TRUE always since this is only used
-                                within the easy interface */
-    Curl_pgrsTime(data, TIMER_STARTSINGLE);
-    data->change.url_changed = FALSE;
-    res = Curl_connect(data, conn, &async, &protocol_done);
-
-    if((CURLE_OK == res) && async) {
-      /* Now, if async is TRUE here, we need to wait for the name
-         to resolve */
-      res = Curl_wait_for_resolv(*conn, NULL);
-      if(CURLE_OK == res)
-        /* Resolved, continue with the connection */
-        res = Curl_async_resolved(*conn, &protocol_done);
-      else
-        /* if we can't resolve, we kill this "connection" now */
-        (void)Curl_disconnect(*conn);
-    }
-    if(res)
-      break;
-
-    /* If a callback (or something) has altered the URL we should use within
-       the Curl_connect(), we detect it here and act as if we are redirected
-       to the new URL */
-    urlchanged = data->change.url_changed;
-    if ((CURLE_OK == res) && urlchanged) {
-      res = Curl_done(conn, res, FALSE);
-      if(CURLE_OK == res) {
-        char *gotourl = strdup(data->change.url);
-        res = Curl_follow(data, gotourl, FALSE);
-        if(res)
-          free(gotourl);
-      }
-    }
-  } while (urlchanged && res == CURLE_OK);
-
-  return res;
-}
-
-/* Returns TRUE and sets '*url' if a request retry is wanted */
-bool Curl_retry_request(struct connectdata *conn,
-                        char **url)
-{
-  bool retry = FALSE;
-  struct SessionHandle *data = conn->data;
-
-  if((data->reqdata.keep.bytecount+conn->headerbytecount == 0) &&
-     conn->bits.reuse &&
-     !conn->bits.no_body) {
-    /* We got no data, we attempted to re-use a connection and yet we want a
-       "body". This might happen if the connection was left alive when we were
-       done using it before, but that was closed when we wanted to read from
-       it again. Bad luck. Retry the same request on a fresh connect! */
-    infof(conn->data, "Connection died, retrying a fresh connect\n");
-    *url = strdup(conn->data->change.url);
-
-    conn->bits.close = TRUE; /* close this connection */
-    conn->bits.retry = TRUE; /* mark this as a connection we're about
-                                to retry. Marking it this way should
-                                prevent i.e HTTP transfers to return
-                                error just because nothing has been
-                                transfered! */
-    retry = TRUE;
-  }
-
-  return retry;
-}
-
-/*
- * Curl_perform() is the internal high-level function that gets called by the
- * external curl_easy_perform() function. It inits, performs and cleans up a
- * single file transfer.
- */
-CURLcode Curl_perform(struct SessionHandle *data)
-{
-  CURLcode res;
-  CURLcode res2;
-  struct connectdata *conn=NULL;
-  char *newurl = NULL; /* possibly a new URL to follow to! */
-  bool retry = FALSE;
-
-  data->state.used_interface = Curl_if_easy;
-
-  res = Curl_pretransfer(data);
-  if(res)
-    return res;
-
-  /*
-   * It is important that there is NO 'return' from this function at any other
-   * place than falling down to the end of the function! This is because we
-   * have cleanup stuff that must be done before we get back, and that is only
-   * performed after this do-while loop.
-   */
-
-  do {
-    res = Curl_connect_host(data, &conn);   /* primary connection */
-
-    if(res == CURLE_OK) {
-      bool do_done;
-      if(data->set.connect_only) {
-        /* keep connection open for application to use the socket */
-        conn->bits.close = FALSE;
-        res = Curl_done(&conn, CURLE_OK, FALSE);
-        break;
-      }
-      res = Curl_do(&conn, &do_done);
-
-      if(res == CURLE_OK) {
-        res = Transfer(conn); /* now fetch that URL please */
-        if(res == CURLE_OK) {
-          retry = Curl_retry_request(conn, &newurl);
-
-          if(!retry)
-            /*
-             * We must duplicate the new URL here as the connection data may
-             * be free()ed in the Curl_done() function.
-             */
-            newurl = data->reqdata.newurl?strdup(data->reqdata.newurl):NULL;
-        }
-        else {
-          /* The transfer phase returned error, we mark the connection to get
-           * closed to prevent being re-used. This is becasue we can't
-           * possibly know if the connection is in a good shape or not now. */
-          conn->bits.close = TRUE;
-
-          if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET]) {
-            /* if we failed anywhere, we must clean up the secondary socket if
-               it was used */
-            sclose(conn->sock[SECONDARYSOCKET]);
-            conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
-          }
-        }
-
-        /* Always run Curl_done(), even if some of the previous calls
-           failed, but return the previous (original) error code */
-        res2 = Curl_done(&conn, res, FALSE);
-
-        if(CURLE_OK == res)
-          res = res2;
-      }
-      else
-        /* Curl_do() failed, clean up left-overs in the done-call */
-        res2 = Curl_done(&conn, res, FALSE);
-
-      /*
-       * Important: 'conn' cannot be used here, since it may have been closed
-       * in 'Curl_done' or other functions.
-       */
-
-      if((res == CURLE_OK) && newurl) {
-        res = Curl_follow(data, newurl, retry);
-        if(CURLE_OK == res) {
-          newurl = NULL;
-          continue;
-        }
-      }
-    }
-    break; /* it only reaches here when this shouldn't loop */
-
-  } while(1); /* loop if Location: */
-
-  if(newurl)
-    free(newurl);
-
-  if(res && !data->state.errorbuf) {
-    /*
-     * As an extra precaution: if no error string has been set and there was
-     * an error, use the strerror() string or if things are so bad that not
-     * even that is good, set a bad string that mentions the error code.
-     */
-    const char *str = curl_easy_strerror(res);
-    if(!str)
-      failf(data, "unspecified error %d", (int)res);
-    else
-      failf(data, "%s", str);
-  }
-
-  /* run post-transfer uncondionally, but don't clobber the return code if
-     we already have an error code recorder */
-  res2 = Curl_posttransfer(data);
-  if(!res && res2)
-    res = res2;
-
-  return res;
-}
-
-/*
- * Curl_setup_transfer() is called to setup some basic properties for the
- * upcoming transfer.
- */
-CURLcode
-Curl_setup_transfer(
-    struct connectdata *c_conn, /* connection data */
-    int sockindex,       /* socket index to read from or -1 */
-    curl_off_t size,     /* -1 if unknown at this point */
-    bool getheader,      /* TRUE if header parsing is wanted */
-    curl_off_t *bytecountp, /* return number of bytes read or NULL */
-    int writesockindex,  /* socket index to write to, it may very
-                            well be the same we read from. -1
-                            disables */
-    curl_off_t *writecountp /* return number of bytes written or
-                               NULL */
-   )
-{
-  struct connectdata *conn = (struct connectdata *)c_conn;
-  struct SessionHandle *data = conn->data;
-
-  if(!conn)
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-
-  curlassert((sockindex <= 1) && (sockindex >= -1));
-
-  /* now copy all input parameters */
-  conn->sockfd = sockindex == -1 ?
-      CURL_SOCKET_BAD : conn->sock[sockindex];
-  conn->writesockfd = writesockindex == -1 ?
-      CURL_SOCKET_BAD:conn->sock[writesockindex];
-  conn->bits.getheader = getheader;
-
-  data->reqdata.size = size;
-  data->reqdata.bytecountp = bytecountp;
-  data->reqdata.writebytecountp = writecountp;
-
-  return CURLE_OK;
-}
diff --git a/Utilities/cmcurl/url.c b/Utilities/cmcurl/url.c
deleted file mode 100644
index da12231..0000000
--- a/Utilities/cmcurl/url.c
+++ /dev/null
@@ -1,4252 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-/* -- WIN32 approved -- */
-
-#include "setup.h"
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#include <errno.h>
-
-#ifdef WIN32
-#include <time.h>
-#include <io.h>
-#else
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#include <netinet/in.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <netdb.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#include <sys/ioctl.h>
-#include <signal.h>
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef VMS
-#include <in.h>
-#include <inet.h>
-#endif
-
-#ifdef HAVE_SETJMP_H
-#include <setjmp.h>
-#endif
-
-#ifndef HAVE_SOCKET
-#error "We can't compile without socket() support!"
-#endif
-#endif
-
-#ifdef USE_LIBIDN
-#include <idna.h>
-#include <tld.h>
-#include <stringprep.h>
-#ifdef HAVE_IDN_FREE_H
-#include <idn-free.h>
-#else
-void idn_free (void *ptr); /* prototype from idn-free.h, not provided by
-                              libidn 0.4.5's make install! */
-#endif
-#ifndef HAVE_IDN_FREE
-/* if idn_free() was not found in this version of libidn, use plain free()
-   instead */
-#define idn_free(x) (free)(x)
-#endif
-#endif  /* USE_LIBIDN */
-
-#include "urldata.h"
-#include "netrc.h"
-
-#include "formdata.h"
-#include "base64.h"
-#include "sslgen.h"
-#include "hostip.h"
-#include "transfer.h"
-#include "sendf.h"
-#include "progress.h"
-#include "cookie.h"
-#include "strequal.h"
-#include "strerror.h"
-#include "escape.h"
-#include "strtok.h"
-#include "share.h"
-#include "content_encoding.h"
-#include "http_digest.h"
-#include "http_negotiate.h"
-#include "select.h"
-#include "multiif.h"
-#include "easyif.h"
-
-/* And now for the protocols */
-#include "ftp.h"
-#include "dict.h"
-#include "telnet.h"
-#include "tftp.h"
-#include "http.h"
-#include "file.h"
-#include "ldap.h"
-#include "ssh.h"
-#include "url.h"
-#include "connect.h"
-#include "inet_ntop.h"
-#include "http_ntlm.h"
-#include "socks.h"
-#include <ca-bundle.h>
-
-#if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
-#include "inet_ntoa_r.h"
-#endif
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#ifdef HAVE_KRB4
-#include "krb4.h"
-#endif
-#include "memory.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/* Local static prototypes */
-static long ConnectionKillOne(struct SessionHandle *data);
-static bool ConnectionExists(struct SessionHandle *data,
-                             struct connectdata *needle,
-                             struct connectdata **usethis);
-static long ConnectionStore(struct SessionHandle *data,
-                            struct connectdata *conn);
-static bool IsPipeliningPossible(struct SessionHandle *handle);
-static bool IsPipeliningEnabled(struct SessionHandle *handle);
-static void conn_free(struct connectdata *conn);
-
-static void signalPipeClose(struct curl_llist *pipe);
-
-#define MAX_PIPELINE_LENGTH 5
-
-/*
- * We use this ZERO_NULL to avoid picky compiler warnings,
- * when assigning a NULL pointer to a function pointer var.
- */
-
-#define ZERO_NULL 0
-
-#ifndef USE_ARES
-/* not for ares builds */
-
-#ifndef WIN32
-/* not for WIN32 builds */
-
-#ifdef HAVE_SIGSETJMP
-extern sigjmp_buf curl_jmpenv;
-#endif
-
-#ifdef SIGALRM
-static
-RETSIGTYPE alarmfunc(int sig)
-{
-  /* this is for "-ansi -Wall -pedantic" to stop complaining!   (rabe) */
-  (void)sig;
-#ifdef HAVE_SIGSETJMP
-  siglongjmp(curl_jmpenv, 1);
-#endif
-  /*return;*/ /* not reahed, and has no effect anyway */
-}
-#endif /* SIGALRM */
-#endif /* WIN32 */
-#endif /* USE_ARES */
-
-void Curl_safefree(void *ptr)
-{
-  if(ptr)
-    free(ptr);
-}
-
-static void close_connections(struct SessionHandle *data)
-{
-  /* Loop through all open connections and kill them one by one */
-  while(-1 != ConnectionKillOne(data))
-    ; /* empty loop */
-}
-
-/*
- * This is the internal function curl_easy_cleanup() calls. This should
- * cleanup and free all resources associated with this sessionhandle.
- *
- * NOTE: if we ever add something that attempts to write to a socket or
- * similar here, we must ignore SIGPIPE first. It is currently only done
- * when curl_easy_perform() is invoked.
- */
-
-CURLcode Curl_close(struct SessionHandle *data)
-{
-  struct Curl_multi *m = data->multi;
-
-#ifdef CURLDEBUG
-  /* only for debugging, scan through all connections and see if there's a
-     pipe reference still identifying this handle */
-
-  if(data->state.is_in_pipeline)
-    fprintf(stderr, "CLOSED when in pipeline!\n");
-
-  if(data->state.connc && data->state.connc->type == CONNCACHE_MULTI) {
-    struct conncache *c = data->state.connc;
-    int i;
-    struct curl_llist *pipe;
-    struct curl_llist_element *curr;
-    struct connectdata *connptr;
-
-    for(i=0; i< c->num; i++) {
-      connptr = c->connects[i];
-      if(!connptr)
-        continue;
-
-      pipe = connptr->send_pipe;
-      if(pipe) {
-        for (curr = pipe->head; curr; curr=curr->next) {
-          if(data == (struct SessionHandle *) curr->ptr) {
-            fprintf(stderr,
-                    "MAJOR problem we %p are still in send pipe for %p done %d\n",
-                    data, connptr, connptr->bits.done);
-          }
-        }
-      }
-      pipe = connptr->recv_pipe;
-      if(pipe) {
-        for (curr = pipe->head; curr; curr=curr->next) {
-          if(data == (struct SessionHandle *) curr->ptr) {
-            fprintf(stderr,
-                    "MAJOR problem we %p are still in recv pipe for %p done %d\n",
-                    data, connptr, connptr->bits.done);
-          }
-        }
-      }
-    }
-  }
-#endif
-
-  if(m)
-    /* This handle is still part of a multi handle, take care of this first
-       and detach this handle from there. */
-    Curl_multi_rmeasy(data->multi, data);
-
-  data->magic = 0; /* force a clear AFTER the possibly enforced removal from
-                      the multi handle, since that function uses the magic
-                      field! */
-
-  if(data->state.connc) {
-
-    if(data->state.connc->type == CONNCACHE_PRIVATE) {
-      /* close all connections still alive that are in the private connection
-         cache, as we no longer have the pointer left to the shared one. */
-      close_connections(data);
-
-      /* free the connection cache if allocated privately */
-      Curl_rm_connc(data->state.connc);
-    }
-  }
-
-  if(data->state.shared_conn) {
-    /* marked to be used by a pending connection so we can't kill this handle
-       just yet */
-    data->state.closed = TRUE;
-    return CURLE_OK;
-  }
-
-  if ( ! (data->share && data->share->hostcache) ) {
-    if ( !Curl_global_host_cache_use(data)) {
-      Curl_hash_destroy(data->dns.hostcache);
-    }
-  }
-
-  /* Free the pathbuffer */
-  Curl_safefree(data->reqdata.pathbuffer);
-  Curl_safefree(data->reqdata.proto.generic);
-
-  /* Close down all open SSL info and sessions */
-  Curl_ssl_close_all(data);
-  Curl_safefree(data->state.first_host);
-  Curl_safefree(data->state.scratch);
-
-  if(data->change.referer_alloc)
-    free(data->change.referer);
-
-  if(data->change.url_alloc)
-    free(data->change.url);
-
-  Curl_safefree(data->state.headerbuff);
-
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
-  Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
-  if(data->set.cookiejar) {
-    if(data->change.cookielist) {
-      /* If there is a list of cookie files to read, do it first so that
-         we have all the told files read before we write the new jar */
-      Curl_cookie_loadfiles(data);
-    }
-
-    /* we have a "destination" for all the cookies to get dumped to */
-    if(Curl_cookie_output(data->cookies, data->set.cookiejar))
-      infof(data, "WARNING: failed to save cookies in %s\n",
-            data->set.cookiejar);
-  }
-  else {
-    if(data->change.cookielist)
-      /* since nothing is written, we can just free the list of cookie file
-         names */
-      curl_slist_free_all(data->change.cookielist); /* clean up list */
-  }
-
-  if( !data->share || (data->cookies != data->share->cookies) ) {
-    Curl_cookie_cleanup(data->cookies);
-  }
-  Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
-#endif
-
-  Curl_digest_cleanup(data);
-
-  Curl_safefree(data->info.contenttype);
-
-  /* this destroys the channel and we cannot use it anymore after this */
-  ares_destroy(data->state.areschannel);
-
-#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
-  /* close iconv conversion descriptors */
-  if (data->inbound_cd != (iconv_t)-1) {
-     iconv_close(data->inbound_cd);
-  }
-  if (data->outbound_cd != (iconv_t)-1) {
-     iconv_close(data->outbound_cd);
-  }
-  if (data->utf8_cd != (iconv_t)-1) {
-     iconv_close(data->utf8_cd);
-  }
-#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */
-
-  /* No longer a dirty share, if it exists */
-  if (data->share)
-    data->share->dirty--;
-
-  free(data);
-  return CURLE_OK;
-}
-
-/* create a connection cache of a private or multi type */
-struct conncache *Curl_mk_connc(int type,
-                                int amount) /* set -1 to use default */
-{
-  /* It is subject for debate how many default connections to have for a multi
-     connection cache... */
-  int default_amount = amount == -1?
-    ((type == CONNCACHE_PRIVATE)?5:10):amount;
-  struct conncache *c;
-
-  c= calloc(sizeof(struct conncache), 1);
-  if(!c)
-    return NULL;
-
-  c->connects = calloc(sizeof(struct connectdata *), default_amount);
-  if(!c->connects) {
-    free(c);
-    return NULL;
-  }
-
-  c->num = default_amount;
-
-  return c;
-}
-
-/* Change number of entries of a connection cache */
-CURLcode Curl_ch_connc(struct SessionHandle *data,
-                       struct conncache *c,
-                       long newamount)
-{
-  long i;
-  struct connectdata **newptr;
-
-  if(newamount < 1)
-    newamount = 1; /* we better have at least one entry */
-
-  if(!c) {
-    /* we get a NULL pointer passed in as connection cache, which means that
-       there is no cache created for this SessionHandle just yet, we create a
-       brand new with the requested size.
-    */
-    data->state.connc = Curl_mk_connc(CONNCACHE_PRIVATE, newamount);
-    if(!data->state.connc)
-      return CURLE_OUT_OF_MEMORY;
-    return CURLE_OK;
-  }
-
-  if(newamount < c->num) {
-    /* Since this number is *decreased* from the existing number, we must
-       close the possibly open connections that live on the indexes that
-       are being removed!
-
-       NOTE: for conncache_multi cases we must make sure that we only
-       close handles not in use.
-    */
-    for(i=newamount; i< c->num; i++)
-      Curl_disconnect(c->connects[i]);
-
-    /* If the most recent connection is no longer valid, mark it
-       invalid. */
-    if(data->state.lastconnect <= newamount)
-      data->state.lastconnect = -1;
-  }
-  if(newamount > 0) {
-    newptr= (struct connectdata **)
-      realloc(c->connects, sizeof(struct connectdata *) * newamount);
-    if(!newptr)
-      /* we closed a few connections in vain, but so what? */
-      return CURLE_OUT_OF_MEMORY;
-
-    /* nullify the newly added pointers */
-    for(i=c->num; i<newamount; i++)
-      newptr[i] = NULL;
-
-    c->connects = newptr;
-    c->num = newamount;
-  }
-  /* we no longer support less than 1 as size for the connection cache, and
-     I'm not sure it ever worked to set it to zero */
-  return CURLE_OK;
-}
-
-/* Free a connection cache. This is called from Curl_close() and
-   curl_multi_cleanup(). */
-void Curl_rm_connc(struct conncache *c)
-{
-  if(c->connects) {
-    int i;
-    for(i = 0; i < c->num; ++i)
-      conn_free(c->connects[i]);
-
-    free(c->connects);
-  }
-
-  free(c);
-}
-
-/**
- * Curl_open()
- *
- * @param curl is a pointer to a sessionhandle pointer that gets set by this
- * function.
- * @return CURLcode
- */
-
-CURLcode Curl_open(struct SessionHandle **curl)
-{
-  CURLcode res = CURLE_OK;
-  struct SessionHandle *data;
-
-  /* Very simple start-up: alloc the struct, init it with zeroes and return */
-  data = (struct SessionHandle *)calloc(1, sizeof(struct SessionHandle));
-  if(!data)
-    /* this is a very serious error */
-    return CURLE_OUT_OF_MEMORY;
-
-  data->magic = CURLEASY_MAGIC_NUMBER;
-
-#ifdef USE_ARES
-  if(ARES_SUCCESS != ares_init(&data->state.areschannel)) {
-    free(data);
-    return CURLE_FAILED_INIT;
-  }
-  /* make sure that all other returns from this function should destroy the
-     ares channel before returning error! */
-#endif
-
-  /* We do some initial setup here, all those fields that can't be just 0 */
-
-  data->state.headerbuff=(char*)malloc(HEADERSIZE);
-  if(!data->state.headerbuff)
-    res = CURLE_OUT_OF_MEMORY;
-  else {
-    data->state.headersize=HEADERSIZE;
-
-    data->set.out = stdout; /* default output to stdout */
-    data->set.in  = stdin;  /* default input from stdin */
-    data->set.err  = stderr;  /* default stderr to stderr */
-
-    /* use fwrite as default function to store output */
-    data->set.fwrite = (curl_write_callback)fwrite;
-
-    /* use fread as default function to read input */
-    data->set.fread = (curl_read_callback)fread;
-
-    /* conversion callbacks for non-ASCII hosts */
-    data->set.convfromnetwork = (curl_conv_callback)ZERO_NULL;
-    data->set.convtonetwork   = (curl_conv_callback)ZERO_NULL;
-    data->set.convfromutf8    = (curl_conv_callback)ZERO_NULL;
-
-#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
-    /* conversion descriptors for iconv calls */
-    data->outbound_cd = (iconv_t)-1;
-    data->inbound_cd  = (iconv_t)-1;
-    data->utf8_cd     = (iconv_t)-1;
-#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */
-
-    data->set.infilesize = -1; /* we don't know any size */
-    data->set.postfieldsize = -1;
-    data->set.maxredirs = -1; /* allow any amount by default */
-    data->state.current_speed = -1; /* init to negative == impossible */
-
-    data->set.httpreq = HTTPREQ_GET; /* Default HTTP request */
-    data->set.ftp_use_epsv = TRUE;   /* FTP defaults to EPSV operations */
-    data->set.ftp_use_eprt = TRUE;   /* FTP defaults to EPRT operations */
-    data->set.ftp_filemethod = FTPFILE_MULTICWD;
-    data->set.dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
-
-    /* make libcurl quiet by default: */
-    data->set.hide_progress = TRUE;  /* CURLOPT_NOPROGRESS changes these */
-    data->progress.flags |= PGRS_HIDE;
-
-    /* Set the default size of the SSL session ID cache */
-    data->set.ssl.numsessions = 5;
-
-    data->set.proxyport = 1080;
-    data->set.proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */
-    data->set.httpauth = CURLAUTH_BASIC;  /* defaults to basic */
-    data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */
-
-    /* This no longer creates a connection cache here. It is instead made on
-       the first call to curl_easy_perform() or when the handle is added to a
-       multi stack. */
-
-    data->set.ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
-                                                        type */
-
-    /* most recent connection is not yet defined */
-    data->state.lastconnect = -1;
-
-    Curl_easy_initHandleData(data);
-
-    /*
-     * libcurl 7.10 introduced SSL verification *by default*! This needs to be
-     * switched off unless wanted.
-     */
-    data->set.ssl.verifypeer = TRUE;
-    data->set.ssl.verifyhost = 2;
-    data->set.ssl.sessionid = TRUE; /* session ID caching enabled by default */
-#ifdef CURL_CA_BUNDLE
-    /* This is our preferred CA cert bundle since install time */
-    data->set.ssl.CAfile = (char *)CURL_CA_BUNDLE;
-#endif
-  }
-
-  if(res) {
-    ares_destroy(data->state.areschannel);
-    if(data->state.headerbuff)
-      free(data->state.headerbuff);
-    free(data);
-    data = NULL;
-  }
-  else
-    *curl = data;
-
-  return res;
-}
-
-CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
-                     va_list param)
-{
-  char *argptr;
-  CURLcode result = CURLE_OK;
-
-  switch(option) {
-  case CURLOPT_DNS_CACHE_TIMEOUT:
-    data->set.dns_cache_timeout = va_arg(param, int);
-    break;
-  case CURLOPT_DNS_USE_GLOBAL_CACHE:
-    {
-      int use_cache = va_arg(param, int);
-      if (use_cache) {
-        Curl_global_host_cache_init();
-      }
-
-      data->set.global_dns_cache = (bool)(0 != use_cache);
-    }
-    break;
-  case CURLOPT_SSL_CIPHER_LIST:
-    /* set a list of cipher we want to use in the SSL connection */
-    data->set.ssl.cipher_list = va_arg(param, char *);
-    break;
-
-  case CURLOPT_RANDOM_FILE:
-    /*
-     * This is the path name to a file that contains random data to seed
-     * the random SSL stuff with. The file is only used for reading.
-     */
-    data->set.ssl.random_file = va_arg(param, char *);
-    break;
-  case CURLOPT_EGDSOCKET:
-    /*
-     * The Entropy Gathering Daemon socket pathname
-     */
-    data->set.ssl.egdsocket = va_arg(param, char *);
-    break;
-  case CURLOPT_MAXCONNECTS:
-    /*
-     * Set the absolute number of maximum simultaneous alive connection that
-     * libcurl is allowed to have.
-     */
-    result = Curl_ch_connc(data, data->state.connc, va_arg(param, long));
-    break;
-  case CURLOPT_FORBID_REUSE:
-    /*
-     * When this transfer is done, it must not be left to be reused by a
-     * subsequent transfer but shall be closed immediately.
-     */
-    data->set.reuse_forbid = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_FRESH_CONNECT:
-    /*
-     * This transfer shall not use a previously cached connection but
-     * should be made with a fresh new connect!
-     */
-    data->set.reuse_fresh = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_VERBOSE:
-    /*
-     * Verbose means infof() calls that give a lot of information about
-     * the connection and transfer procedures as well as internal choices.
-     */
-    data->set.verbose = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_HEADER:
-    /*
-     * Set to include the header in the general data output stream.
-     */
-    data->set.include_header = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_NOPROGRESS:
-    /*
-     * Shut off the internal supported progress meter
-     */
-    data->set.hide_progress = (bool)(0 != va_arg(param, long));
-    if(data->set.hide_progress)
-      data->progress.flags |= PGRS_HIDE;
-    else
-      data->progress.flags &= ~PGRS_HIDE;
-    break;
-  case CURLOPT_NOBODY:
-    /*
-     * Do not include the body part in the output data stream.
-     */
-    data->set.opt_no_body = (bool)(0 != va_arg(param, long));
-    if(data->set.opt_no_body)
-      /* in HTTP lingo, this means using the HEAD request */
-      data->set.httpreq = HTTPREQ_HEAD;
-    break;
-  case CURLOPT_FAILONERROR:
-    /*
-     * Don't output the >=300 error code HTML-page, but instead only
-     * return error.
-     */
-    data->set.http_fail_on_error = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_UPLOAD:
-  case CURLOPT_PUT:
-    /*
-     * We want to sent data to the remote host. If this is HTTP, that equals
-     * using the PUT request.
-     */
-    data->set.upload = (bool)(0 != va_arg(param, long));
-    if(data->set.upload)
-      /* If this is HTTP, PUT is what's needed to "upload" */
-      data->set.httpreq = HTTPREQ_PUT;
-    break;
-  case CURLOPT_FILETIME:
-    /*
-     * Try to get the file time of the remote document. The time will
-     * later (possibly) become available using curl_easy_getinfo().
-     */
-    data->set.get_filetime = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_FTP_CREATE_MISSING_DIRS:
-    /*
-     * An FTP option that modifies an upload to create missing directories on
-     * the server.
-     */
-    data->set.ftp_create_missing_dirs = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_FTP_RESPONSE_TIMEOUT:
-    /*
-     * An FTP option that specifies how quickly an FTP response must be
-     * obtained before it is considered failure.
-     */
-    data->set.ftp_response_timeout = va_arg( param , long );
-    break;
-  case CURLOPT_FTPLISTONLY:
-    /*
-     * An FTP option that changes the command to one that asks for a list
-     * only, no file info details.
-     */
-    data->set.ftp_list_only = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_FTPAPPEND:
-    /*
-     * We want to upload and append to an existing (FTP) file.
-     */
-    data->set.ftp_append = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_FTP_FILEMETHOD:
-    /*
-     * How do access files over FTP.
-     */
-    data->set.ftp_filemethod = (curl_ftpfile)va_arg(param, long);
-    break;
-  case CURLOPT_NETRC:
-    /*
-     * Parse the $HOME/.netrc file
-     */
-    data->set.use_netrc = (enum CURL_NETRC_OPTION)va_arg(param, long);
-    break;
-  case CURLOPT_NETRC_FILE:
-    /*
-     * Use this file instead of the $HOME/.netrc file
-     */
-    data->set.netrc_file = va_arg(param, char *);
-    break;
-  case CURLOPT_TRANSFERTEXT:
-    /*
-     * This option was previously named 'FTPASCII'. Renamed to work with
-     * more protocols than merely FTP.
-     *
-     * Transfer using ASCII (instead of BINARY).
-     */
-    data->set.prefer_ascii = (bool)(0 != va_arg(param, long));
-    break;
-  case CURLOPT_TIMECONDITION:
-    /*
-     * Set HTTP time condition. This must be one of the defines in the
-     * curl/curl.h header file.
-     */
-    data->set.timecondition = (curl_TimeCond)va_arg(param, long);
-    break;
-  case CURLOPT_TIMEVALUE:
-    /*
-     * This is the value to compare with the remote document with the
-     * method set with CURLOPT_TIMECONDITION
-     */
-    data->set.timevalue = (time_t)va_arg(param, long);
-    break;
-  case CURLOPT_SSLVERSION:
-    /*
-     * Set explicit SSL version to try to connect with, as some SSL
-     * implementations are lame.
-     */
-    data->set.ssl.version = va_arg(param, long);
-    break;
-
-#ifndef CURL_DISABLE_HTTP
-  case CURLOPT_AUTOREFERER:
-    /*
-     * Switch on automatic referer that gets set if curl follows locations.
-     */
-    data->set.http_auto_referer = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_ENCODING:
-    /*
-     * String to use at the value of Accept-Encoding header.
-     *
-     * If the encoding is set to "" we use an Accept-Encoding header that
-     * encompasses all the encodings we support.
-     * If the encoding is set to NULL we don't send an Accept-Encoding header
-     * and ignore an received Content-Encoding header.
-     *
-     */
-    data->set.encoding = va_arg(param, char *);
-    if(data->set.encoding && !*data->set.encoding)
-      data->set.encoding = (char*)ALL_CONTENT_ENCODINGS;
-    break;
-
-  case CURLOPT_FOLLOWLOCATION:
-    /*
-     * Follow Location: header hints on a HTTP-server.
-     */
-    data->set.http_follow_location = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_UNRESTRICTED_AUTH:
-    /*
-     * Send authentication (user+password) when following locations, even when
-     * hostname changed.
-     */
-    data->set.http_disable_hostname_check_before_authentication =
-      (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_MAXREDIRS:
-    /*
-     * The maximum amount of hops you allow curl to follow Location:
-     * headers. This should mostly be used to detect never-ending loops.
-     */
-    data->set.maxredirs = va_arg(param, long);
-    break;
-
-  case CURLOPT_POST:
-    /* Does this option serve a purpose anymore? Yes it does, when
-       CURLOPT_POSTFIELDS isn't used and the POST data is read off the
-       callback! */
-    if(va_arg(param, long)) {
-      data->set.httpreq = HTTPREQ_POST;
-      data->set.opt_no_body = FALSE; /* this is implied */
-    }
-    else
-      data->set.httpreq = HTTPREQ_GET;
-    break;
-
-  case CURLOPT_POSTFIELDS:
-    /*
-     * A string with POST data. Makes curl HTTP POST. Even if it is NULL.
-     */
-    data->set.postfields = va_arg(param, char *);
-    data->set.httpreq = HTTPREQ_POST;
-    break;
-
-  case CURLOPT_POSTFIELDSIZE:
-    /*
-     * The size of the POSTFIELD data to prevent libcurl to do strlen() to
-     * figure it out. Enables binary posts.
-     */
-    data->set.postfieldsize = va_arg(param, long);
-    break;
-
-  case CURLOPT_POSTFIELDSIZE_LARGE:
-    /*
-     * The size of the POSTFIELD data to prevent libcurl to do strlen() to
-     * figure it out. Enables binary posts.
-     */
-    data->set.postfieldsize = va_arg(param, curl_off_t);
-    break;
-
-  case CURLOPT_HTTPPOST:
-    /*
-     * Set to make us do HTTP POST
-     */
-    data->set.httppost = va_arg(param, struct curl_httppost *);
-    data->set.httpreq = HTTPREQ_POST_FORM;
-    data->set.opt_no_body = FALSE; /* this is implied */
-    break;
-
-  case CURLOPT_REFERER:
-    /*
-     * String to set in the HTTP Referer: field.
-     */
-    if(data->change.referer_alloc) {
-      free(data->change.referer);
-      data->change.referer_alloc = FALSE;
-    }
-    data->set.set_referer = va_arg(param, char *);
-    data->change.referer = data->set.set_referer;
-    break;
-
-  case CURLOPT_USERAGENT:
-    /*
-     * String to use in the HTTP User-Agent field
-     */
-    data->set.useragent = va_arg(param, char *);
-    break;
-
-  case CURLOPT_HTTPHEADER:
-    /*
-     * Set a list with HTTP headers to use (or replace internals with)
-     */
-    data->set.headers = va_arg(param, struct curl_slist *);
-    break;
-
-  case CURLOPT_HTTP200ALIASES:
-    /*
-     * Set a list of aliases for HTTP 200 in response header
-     */
-    data->set.http200aliases = va_arg(param, struct curl_slist *);
-    break;
-
-#if !defined(CURL_DISABLE_COOKIES)
-  case CURLOPT_COOKIE:
-    /*
-     * Cookie string to send to the remote server in the request.
-     */
-    data->set.cookie = va_arg(param, char *);
-    break;
-
-  case CURLOPT_COOKIEFILE:
-    /*
-     * Set cookie file to read and parse. Can be used multiple times.
-     */
-    argptr = (char *)va_arg(param, void *);
-    if(argptr) {
-      struct curl_slist *cl;
-      /* append the cookie file name to the list of file names, and deal with
-         them later */
-      cl = curl_slist_append(data->change.cookielist, argptr);
-
-      if(!cl)
-        return CURLE_OUT_OF_MEMORY;
-
-      data->change.cookielist = cl;
-    }
-    break;
-
-  case CURLOPT_COOKIEJAR:
-    /*
-     * Set cookie file name to dump all cookies to when we're done.
-     */
-    data->set.cookiejar = (char *)va_arg(param, void *);
-
-    /*
-     * Activate the cookie parser. This may or may not already
-     * have been made.
-     */
-    data->cookies = Curl_cookie_init(data, NULL, data->cookies,
-                                     data->set.cookiesession);
-    break;
-
-  case CURLOPT_COOKIESESSION:
-    /*
-     * Set this option to TRUE to start a new "cookie session". It will
-     * prevent the forthcoming read-cookies-from-file actions to accept
-     * cookies that are marked as being session cookies, as they belong to a
-     * previous session.
-     *
-     * In the original Netscape cookie spec, "session cookies" are cookies
-     * with no expire date set. RFC2109 describes the same action if no
-     * 'Max-Age' is set and RFC2965 includes the RFC2109 description and adds
-     * a 'Discard' action that can enforce the discard even for cookies that
-     * have a Max-Age.
-     *
-     * We run mostly with the original cookie spec, as hardly anyone implements
-     * anything else.
-     */
-    data->set.cookiesession = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_COOKIELIST:
-    argptr = va_arg(param, char *);
-
-    if(argptr == NULL)
-      break;
-
-    if(strequal(argptr, "ALL")) {
-      /* clear all cookies */
-      Curl_cookie_clearall(data->cookies);
-      break;
-    }
-    else if(strequal(argptr, "SESS")) {
-      /* clear session cookies */
-      Curl_cookie_clearsess(data->cookies);
-      break;
-    }
-
-    if(!data->cookies)
-      /* if cookie engine was not running, activate it */
-      data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE);
-
-    argptr = strdup(argptr);
-    if(!argptr) {
-      result = CURLE_OUT_OF_MEMORY;
-      break;
-    }
-
-    if(checkprefix("Set-Cookie:", argptr))
-      /* HTTP Header format line */
-      Curl_cookie_add(data, data->cookies, TRUE, argptr + 11, NULL, NULL);
-
-    else
-      /* Netscape format line */
-      Curl_cookie_add(data, data->cookies, FALSE, argptr, NULL, NULL);
-
-    free(argptr);
-    break;
-#endif /* CURL_DISABLE_COOKIES */
-
-  case CURLOPT_HTTPGET:
-    /*
-     * Set to force us do HTTP GET
-     */
-    if(va_arg(param, long)) {
-      data->set.httpreq = HTTPREQ_GET;
-      data->set.upload = FALSE; /* switch off upload */
-      data->set.opt_no_body = FALSE; /* this is implied */
-    }
-    break;
-
-  case CURLOPT_HTTP_VERSION:
-    /*
-     * This sets a requested HTTP version to be used. The value is one of
-     * the listed enums in curl/curl.h.
-     */
-    data->set.httpversion = va_arg(param, long);
-    break;
-
-  case CURLOPT_HTTPPROXYTUNNEL:
-    /*
-     * Tunnel operations through the proxy instead of normal proxy use
-     */
-    data->set.tunnel_thru_httpproxy = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_CUSTOMREQUEST:
-    /*
-     * Set a custom string to use as request
-     */
-    data->set.customrequest = va_arg(param, char *);
-
-    /* we don't set
-       data->set.httpreq = HTTPREQ_CUSTOM;
-       here, we continue as if we were using the already set type
-       and this just changes the actual request keyword */
-    break;
-
-  case CURLOPT_PROXYPORT:
-    /*
-     * Explicitly set HTTP proxy port number.
-     */
-    data->set.proxyport = va_arg(param, long);
-    break;
-
-  case CURLOPT_HTTPAUTH:
-    /*
-     * Set HTTP Authentication type BITMASK.
-     */
-  {
-    long auth = va_arg(param, long);
-    /* switch off bits we can't support */
-#ifndef USE_NTLM
-    auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
-#endif
-#ifndef HAVE_GSSAPI
-    auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI */
-#endif
-    if(!auth)
-      return CURLE_FAILED_INIT; /* no supported types left! */
-
-    data->set.httpauth = auth;
-  }
-  break;
-
-  case CURLOPT_PROXYAUTH:
-    /*
-     * Set HTTP Authentication type BITMASK.
-     */
-  {
-    long auth = va_arg(param, long);
-    /* switch off bits we can't support */
-#ifndef USE_NTLM
-    auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
-#endif
-#ifndef HAVE_GSSAPI
-    auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI */
-#endif
-    if(!auth)
-      return CURLE_FAILED_INIT; /* no supported types left! */
-
-    data->set.proxyauth = auth;
-  }
-  break;
-#endif   /* CURL_DISABLE_HTTP */
-
-  case CURLOPT_PROXY:
-    /*
-     * Set proxy server:port to use as HTTP proxy.
-     *
-     * If the proxy is set to "" we explicitly say that we don't want to use a
-     * proxy (even though there might be environment variables saying so).
-     *
-     * Setting it to NULL, means no proxy but allows the environment variables
-     * to decide for us.
-     */
-    data->set.proxy = va_arg(param, char *);
-    break;
-
-  case CURLOPT_WRITEHEADER:
-    /*
-     * Custom pointer to pass the header write callback function
-     */
-    data->set.writeheader = (void *)va_arg(param, void *);
-    break;
-  case CURLOPT_ERRORBUFFER:
-    /*
-     * Error buffer provided by the caller to get the human readable
-     * error string in.
-     */
-    data->set.errorbuffer = va_arg(param, char *);
-    break;
-  case CURLOPT_FILE:
-    /*
-     * FILE pointer to write to or include in the data write callback
-     */
-    data->set.out = va_arg(param, FILE *);
-    break;
-  case CURLOPT_FTPPORT:
-    /*
-     * Use FTP PORT, this also specifies which IP address to use
-     */
-    data->set.ftpport = va_arg(param, char *);
-    data->set.ftp_use_port = (bool)(NULL != data->set.ftpport);
-    break;
-
-  case CURLOPT_FTP_USE_EPRT:
-    data->set.ftp_use_eprt = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_FTP_USE_EPSV:
-    data->set.ftp_use_epsv = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_FTP_SSL_CCC:
-    data->set.ftp_use_ccc = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_FTP_SKIP_PASV_IP:
-    /*
-     * Enable or disable FTP_SKIP_PASV_IP, which will disable/enable the
-     * bypass of the IP address in PASV responses.
-     */
-    data->set.ftp_skip_ip = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_INFILE:
-    /*
-     * FILE pointer to read the file to be uploaded from. Or possibly
-     * used as argument to the read callback.
-     */
-    data->set.in = va_arg(param, FILE *);
-    break;
-  case CURLOPT_INFILESIZE:
-    /*
-     * If known, this should inform curl about the file size of the
-     * to-be-uploaded file.
-     */
-    data->set.infilesize = va_arg(param, long);
-    break;
-  case CURLOPT_INFILESIZE_LARGE:
-    /*
-     * If known, this should inform curl about the file size of the
-     * to-be-uploaded file.
-     */
-    data->set.infilesize = va_arg(param, curl_off_t);
-    break;
-  case CURLOPT_LOW_SPEED_LIMIT:
-    /*
-     * The low speed limit that if transfers are below this for
-     * CURLOPT_LOW_SPEED_TIME, the transfer is aborted.
-     */
-    data->set.low_speed_limit=va_arg(param, long);
-    break;
-  case CURLOPT_MAX_SEND_SPEED_LARGE:
-    /*
-     * The max speed limit that sends transfer more than
-     * CURLOPT_MAX_SEND_PER_SECOND bytes per second the transfer is
-     * throttled..
-     */
-    data->set.max_send_speed=va_arg(param, curl_off_t);
-    break;
-  case CURLOPT_MAX_RECV_SPEED_LARGE:
-    /*
-     * The max speed limit that sends transfer more than
-     * CURLOPT_MAX_RECV_PER_SECOND bytes per second the transfer is
-     * throttled..
-     */
-    data->set.max_recv_speed=va_arg(param, curl_off_t);
-    break;
-  case CURLOPT_LOW_SPEED_TIME:
-    /*
-     * The low speed time that if transfers are below the set
-     * CURLOPT_LOW_SPEED_LIMIT during this time, the transfer is aborted.
-     */
-    data->set.low_speed_time=va_arg(param, long);
-    break;
-  case CURLOPT_URL:
-    /*
-     * The URL to fetch.
-     */
-    if(data->change.url_alloc) {
-      /* the already set URL is allocated, free it first! */
-      free(data->change.url);
-      data->change.url_alloc=FALSE;
-    }
-    data->set.set_url = va_arg(param, char *);
-    data->change.url = data->set.set_url;
-    data->change.url_changed = TRUE;
-    break;
-  case CURLOPT_PORT:
-    /*
-     * The port number to use when getting the URL
-     */
-    data->set.use_port = va_arg(param, long);
-    break;
-  case CURLOPT_TIMEOUT:
-    /*
-     * The maximum time you allow curl to use for a single transfer
-     * operation.
-     */
-    data->set.timeout = va_arg(param, long);
-    break;
-  case CURLOPT_CONNECTTIMEOUT:
-    /*
-     * The maximum time you allow curl to use to connect.
-     */
-    data->set.connecttimeout = va_arg(param, long);
-    break;
-
-  case CURLOPT_USERPWD:
-    /*
-     * user:password to use in the operation
-     */
-    data->set.userpwd = va_arg(param, char *);
-    break;
-  case CURLOPT_POSTQUOTE:
-    /*
-     * List of RAW FTP commands to use after a transfer
-     */
-    data->set.postquote = va_arg(param, struct curl_slist *);
-    break;
-  case CURLOPT_PREQUOTE:
-    /*
-     * List of RAW FTP commands to use prior to RETR (Wesley Laxton)
-     */
-    data->set.prequote = va_arg(param, struct curl_slist *);
-    break;
-  case CURLOPT_QUOTE:
-    /*
-     * List of RAW FTP commands to use before a transfer
-     */
-    data->set.quote = va_arg(param, struct curl_slist *);
-    break;
-  case CURLOPT_PROGRESSFUNCTION:
-    /*
-     * Progress callback function
-     */
-    data->set.fprogress = va_arg(param, curl_progress_callback);
-    if(data->set.fprogress)
-      data->progress.callback = TRUE; /* no longer internal */
-    else
-      data->progress.callback = FALSE; /* NULL enforces internal */
-
-    break;
-  case CURLOPT_PROGRESSDATA:
-    /*
-     * Custom client data to pass to the progress callback
-     */
-    data->set.progress_client = va_arg(param, void *);
-    break;
-  case CURLOPT_PROXYUSERPWD:
-    /*
-     * user:password needed to use the proxy
-     */
-    data->set.proxyuserpwd = va_arg(param, char *);
-    break;
-  case CURLOPT_RANGE:
-    /*
-     * What range of the file you want to transfer
-     */
-    data->set.set_range = va_arg(param, char *);
-    break;
-  case CURLOPT_RESUME_FROM:
-    /*
-     * Resume transfer at the give file position
-     */
-    data->set.set_resume_from = va_arg(param, long);
-    break;
-  case CURLOPT_RESUME_FROM_LARGE:
-    /*
-     * Resume transfer at the give file position
-     */
-    data->set.set_resume_from = va_arg(param, curl_off_t);
-    break;
-  case CURLOPT_DEBUGFUNCTION:
-    /*
-     * stderr write callback.
-     */
-    data->set.fdebug = va_arg(param, curl_debug_callback);
-    /*
-     * if the callback provided is NULL, it'll use the default callback
-     */
-    break;
-  case CURLOPT_DEBUGDATA:
-    /*
-     * Set to a void * that should receive all error writes. This
-     * defaults to CURLOPT_STDERR for normal operations.
-     */
-    data->set.debugdata = va_arg(param, void *);
-    break;
-  case CURLOPT_STDERR:
-    /*
-     * Set to a FILE * that should receive all error writes. This
-     * defaults to stderr for normal operations.
-     */
-    data->set.err = va_arg(param, FILE *);
-    if(!data->set.err)
-      data->set.err = stderr;
-    break;
-  case CURLOPT_HEADERFUNCTION:
-    /*
-     * Set header write callback
-     */
-    data->set.fwrite_header = va_arg(param, curl_write_callback);
-    break;
-  case CURLOPT_WRITEFUNCTION:
-    /*
-     * Set data write callback
-     */
-    data->set.fwrite = va_arg(param, curl_write_callback);
-    if(!data->set.fwrite)
-      /* When set to NULL, reset to our internal default function */
-      data->set.fwrite = (curl_write_callback)fwrite;
-    break;
-  case CURLOPT_READFUNCTION:
-    /*
-     * Read data callback
-     */
-    data->set.fread = va_arg(param, curl_read_callback);
-    if(!data->set.fread)
-      /* When set to NULL, reset to our internal default function */
-      data->set.fread = (curl_read_callback)fread;
-    break;
-  case CURLOPT_CONV_FROM_NETWORK_FUNCTION:
-    /*
-     * "Convert from network encoding" callback
-     */
-    data->set.convfromnetwork = va_arg(param, curl_conv_callback);
-    break;
-  case CURLOPT_CONV_TO_NETWORK_FUNCTION:
-    /*
-     * "Convert to network encoding" callback
-     */
-    data->set.convtonetwork = va_arg(param, curl_conv_callback);
-    break;
-  case CURLOPT_CONV_FROM_UTF8_FUNCTION:
-    /*
-     * "Convert from UTF-8 encoding" callback
-     */
-    data->set.convfromutf8 = va_arg(param, curl_conv_callback);
-    break;
-  case CURLOPT_IOCTLFUNCTION:
-    /*
-     * I/O control callback. Might be NULL.
-     */
-    data->set.ioctl = va_arg(param, curl_ioctl_callback);
-    break;
-  case CURLOPT_IOCTLDATA:
-    /*
-     * I/O control data pointer. Might be NULL.
-     */
-    data->set.ioctl_client = va_arg(param, void *);
-    break;
-  case CURLOPT_SSLCERT:
-    /*
-     * String that holds file name of the SSL certificate to use
-     */
-    data->set.cert = va_arg(param, char *);
-    break;
-  case CURLOPT_SSLCERTTYPE:
-    /*
-     * String that holds file type of the SSL certificate to use
-     */
-    data->set.cert_type = va_arg(param, char *);
-    break;
-  case CURLOPT_SSLKEY:
-    /*
-     * String that holds file name of the SSL certificate to use
-     */
-    data->set.key = va_arg(param, char *);
-    break;
-  case CURLOPT_SSLKEYTYPE:
-    /*
-     * String that holds file type of the SSL certificate to use
-     */
-    data->set.key_type = va_arg(param, char *);
-    break;
-  case CURLOPT_SSLKEYPASSWD:
-    /*
-     * String that holds the SSL private key password.
-     */
-    data->set.key_passwd = va_arg(param, char *);
-    break;
-  case CURLOPT_SSLENGINE:
-    /*
-     * String that holds the SSL crypto engine.
-     */
-    argptr = va_arg(param, char *);
-    if (argptr && argptr[0])
-       result = Curl_ssl_set_engine(data, argptr);
-    break;
-
-  case CURLOPT_SSLENGINE_DEFAULT:
-    /*
-     * flag to set engine as default.
-     */
-    result = Curl_ssl_set_engine_default(data);
-    break;
-  case CURLOPT_CRLF:
-    /*
-     * Kludgy option to enable CRLF conversions. Subject for removal.
-     */
-    data->set.crlf = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_INTERFACE:
-    /*
-     * Set what interface or address/hostname to bind the socket to when
-     * performing an operation and thus what from-IP your connection will use.
-     */
-    data->set.device = va_arg(param, char *);
-    break;
-  case CURLOPT_LOCALPORT:
-    /*
-     * Set what local port to bind the socket to when performing an operation.
-     */
-    data->set.localport = (unsigned short) va_arg(param, long);
-    break;
-  case CURLOPT_LOCALPORTRANGE:
-    /*
-     * Set number of local ports to try, starting with CURLOPT_LOCALPORT.
-     */
-    data->set.localportrange = (int) va_arg(param, long);
-    break;
-  case CURLOPT_KRB4LEVEL:
-    /*
-     * A string that defines the krb4 security level.
-     */
-    data->set.krb4_level = va_arg(param, char *);
-    data->set.krb4 = (bool)(NULL != data->set.krb4_level);
-    break;
-  case CURLOPT_SSL_VERIFYPEER:
-    /*
-     * Enable peer SSL verifying.
-     */
-    data->set.ssl.verifypeer = va_arg(param, long);
-    break;
-  case CURLOPT_SSL_VERIFYHOST:
-    /*
-     * Enable verification of the CN contained in the peer certificate
-     */
-    data->set.ssl.verifyhost = va_arg(param, long);
-    break;
-  case CURLOPT_SSL_CTX_FUNCTION:
-    /*
-     * Set a SSL_CTX callback
-     */
-    data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
-    break;
-  case CURLOPT_SSL_CTX_DATA:
-    /*
-     * Set a SSL_CTX callback parameter pointer
-     */
-    data->set.ssl.fsslctxp = va_arg(param, void *);
-    break;
-  case CURLOPT_CAINFO:
-    /*
-     * Set CA info for SSL connection. Specify file name of the CA certificate
-     */
-    data->set.ssl.CAfile = va_arg(param, char *);
-    break;
-  case CURLOPT_CAPATH:
-    /*
-     * Set CA path info for SSL connection. Specify directory name of the CA
-     * certificates which have been prepared using openssl c_rehash utility.
-     */
-    /* This does not work on windows. */
-    data->set.ssl.CApath = va_arg(param, char *);
-    break;
-  case CURLOPT_TELNETOPTIONS:
-    /*
-     * Set a linked list of telnet options
-     */
-    data->set.telnet_options = va_arg(param, struct curl_slist *);
-    break;
-
-  case CURLOPT_BUFFERSIZE:
-    /*
-     * The application kindly asks for a differently sized receive buffer.
-     * If it seems reasonable, we'll use it.
-     */
-    data->set.buffer_size = va_arg(param, long);
-
-    if((data->set.buffer_size> (BUFSIZE -1 )) ||
-       (data->set.buffer_size < 1))
-      data->set.buffer_size = 0; /* huge internal default */
-
-    break;
-
-  case CURLOPT_NOSIGNAL:
-    /*
-     * The application asks not to set any signal() or alarm() handlers,
-     * even when using a timeout.
-     */
-    data->set.no_signal = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_SHARE:
-    {
-      struct Curl_share *set;
-      set = va_arg(param, struct Curl_share *);
-
-      /* disconnect from old share, if any */
-      if(data->share) {
-        Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
-
-        if(data->dns.hostcachetype == HCACHE_SHARED) {
-          data->dns.hostcache = NULL;
-          data->dns.hostcachetype = HCACHE_NONE;
-        }
-
-        if(data->share->cookies == data->cookies)
-          data->cookies = NULL;
-
-        data->share->dirty--;
-
-        Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
-        data->share = NULL;
-      }
-
-      /* use new share if it set */
-      data->share = set;
-      if(data->share) {
-
-        Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
-
-        data->share->dirty++;
-
-        if(data->share->hostcache) {
-          /* use shared host cache, first free the private one if any */
-          if(data->dns.hostcachetype == HCACHE_PRIVATE)
-            Curl_hash_destroy(data->dns.hostcache);
-
-          data->dns.hostcache = data->share->hostcache;
-          data->dns.hostcachetype = HCACHE_SHARED;
-        }
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
-        if(data->share->cookies) {
-          /* use shared cookie list, first free own one if any */
-          if (data->cookies)
-            Curl_cookie_cleanup(data->cookies);
-          data->cookies = data->share->cookies;
-        }
-#endif   /* CURL_DISABLE_HTTP */
-        Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
-
-      }
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
-      /* check cookie list is set */
-      if(!data->cookies)
-        data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE );
-#endif   /* CURL_DISABLE_HTTP */
-      /* check for host cache not needed,
-       * it will be done by curl_easy_perform */
-    }
-    break;
-
-  case CURLOPT_PROXYTYPE:
-    /*
-     * Set proxy type. HTTP/SOCKS4/SOCKS5
-     */
-    data->set.proxytype = (curl_proxytype)va_arg(param, long);
-    break;
-
-  case CURLOPT_PRIVATE:
-    /*
-     * Set private data pointer.
-     */
-    data->set.private_data = va_arg(param, char *);
-    break;
-
-  case CURLOPT_MAXFILESIZE:
-    /*
-     * Set the maximum size of a file to download.
-     */
-    data->set.max_filesize = va_arg(param, long);
-    break;
-
-  case CURLOPT_FTP_SSL:
-    /*
-     * Make FTP transfers attempt to use SSL/TLS.
-     */
-    data->set.ftp_ssl = (curl_ftpssl)va_arg(param, long);
-    break;
-
-  case CURLOPT_FTPSSLAUTH:
-    /*
-     * Set a specific auth for FTP-SSL transfers.
-     */
-    data->set.ftpsslauth = (curl_ftpauth)va_arg(param, long);
-    break;
-
-  case CURLOPT_IPRESOLVE:
-    data->set.ip_version = va_arg(param, long);
-    break;
-
-  case CURLOPT_MAXFILESIZE_LARGE:
-    /*
-     * Set the maximum size of a file to download.
-     */
-    data->set.max_filesize = va_arg(param, curl_off_t);
-    break;
-
-  case CURLOPT_TCP_NODELAY:
-    /*
-     * Enable or disable TCP_NODELAY, which will disable/enable the Nagle
-     * algorithm
-     */
-    data->set.tcp_nodelay = (bool)(0 != va_arg(param, long));
-    break;
-
-    /*
-      case CURLOPT_SOURCE_URL:
-      case CURLOPT_SOURCE_USERPWD:
-      case CURLOPT_SOURCE_QUOTE:
-      case CURLOPT_SOURCE_PREQUOTE:
-      case CURLOPT_SOURCE_POSTQUOTE:
-      These former 3rd party transfer options are deprecated */
-
-  case CURLOPT_FTP_ACCOUNT:
-    data->set.ftp_account = va_arg(param, char *);
-    break;
-
-  case CURLOPT_IGNORE_CONTENT_LENGTH:
-    data->set.ignorecl = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_CONNECT_ONLY:
-    /*
-     * No data transfer, set up connection and let application use the socket
-     */
-    data->set.connect_only = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_FTP_ALTERNATIVE_TO_USER:
-    data->set.ftp_alternative_to_user = va_arg(param, char *);
-    break;
-
-  case CURLOPT_SOCKOPTFUNCTION:
-    /*
-     * socket callback function: called after socket() but before connect()
-     */
-    data->set.fsockopt = va_arg(param, curl_sockopt_callback);
-    break;
-
-  case CURLOPT_SOCKOPTDATA:
-    /*
-     * socket callback data pointer. Might be NULL.
-     */
-    data->set.sockopt_client = va_arg(param, void *);
-    break;
-
-  case CURLOPT_SSL_SESSIONID_CACHE:
-    data->set.ssl.sessionid = (bool)(0 != va_arg(param, long));
-    break;
-
-  case CURLOPT_SSH_AUTH_TYPES:
-    data->set.ssh_auth_types = va_arg(param, long);
-    break;
-
-  case CURLOPT_SSH_PUBLIC_KEYFILE:
-    /*
-     * Use this file instead of the $HOME/.ssh/id_dsa.pub file
-     */
-    data->set.ssh_public_key = va_arg(param, char *);
-    break;
-
-  case CURLOPT_SSH_PRIVATE_KEYFILE:
-    /*
-     * Use this file instead of the $HOME/.ssh/id_dsa file
-     */
-    data->set.ssh_private_key = va_arg(param, char *);
-    break;
-
-  default:
-    /* unknown tag and its companion, just ignore: */
-    result = CURLE_FAILED_INIT; /* correct this */
-    break;
-  }
-
-  return result;
-}
-
-static void conn_free(struct connectdata *conn)
-{
-  if (!conn)
-    return;
-
-  /* close possibly still open sockets */
-  if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
-    sclose(conn->sock[SECONDARYSOCKET]);
-  if(CURL_SOCKET_BAD != conn->sock[FIRSTSOCKET])
-    sclose(conn->sock[FIRSTSOCKET]);
-
-  Curl_safefree(conn->user);
-  Curl_safefree(conn->passwd);
-  Curl_safefree(conn->proxyuser);
-  Curl_safefree(conn->proxypasswd);
-  Curl_safefree(conn->allocptr.proxyuserpwd);
-  Curl_safefree(conn->allocptr.uagent);
-  Curl_safefree(conn->allocptr.userpwd);
-  Curl_safefree(conn->allocptr.accept_encoding);
-  Curl_safefree(conn->allocptr.rangeline);
-  Curl_safefree(conn->allocptr.ref);
-  Curl_safefree(conn->allocptr.host);
-  Curl_safefree(conn->allocptr.cookiehost);
-  Curl_safefree(conn->ip_addr_str);
-  Curl_safefree(conn->trailer);
-  Curl_safefree(conn->host.rawalloc); /* host name buffer */
-  Curl_safefree(conn->proxy.rawalloc); /* proxy name buffer */
-
-  Curl_llist_destroy(conn->send_pipe, NULL);
-  Curl_llist_destroy(conn->recv_pipe, NULL);
-
-  /* possible left-overs from the async name resolvers */
-#if defined(USE_ARES)
-  Curl_safefree(conn->async.hostname);
-  Curl_safefree(conn->async.os_specific);
-#elif defined(CURLRES_THREADED)
-  Curl_destroy_thread_data(&conn->async);
-#endif
-
-  Curl_free_ssl_config(&conn->ssl_config);
-
-  free(conn); /* free all the connection oriented data */
-}
-
-CURLcode Curl_disconnect(struct connectdata *conn)
-{
-  struct SessionHandle *data;
-  if(!conn)
-    return CURLE_OK; /* this is closed and fine already */
-  data = conn->data;
-
-  if(!data) {
-    DEBUGF(infof(data, "DISCONNECT without easy handle, ignoring\n"));
-    return CURLE_OK;
-  }
-
-#if defined(CURLDEBUG) && defined(AGGRESIVE_TEST)
-  /* scan for DNS cache entries still marked as in use */
-  Curl_hash_apply(data->hostcache,
-                  NULL, Curl_scan_cache_used);
-#endif
-
-  Curl_expire(data, 0); /* shut off timers */
-  Curl_hostcache_prune(data); /* kill old DNS cache entries */
-
-  /*
-   * The range string is usually freed in curl_done(), but we might
-   * get here *instead* if we fail prematurely. Thus we need to be able
-   * to free this resource here as well.
-   */
-  if(data->reqdata.rangestringalloc) {
-    free(data->reqdata.range);
-    data->reqdata.rangestringalloc = FALSE;
-  }
-
-  if((conn->ntlm.state != NTLMSTATE_NONE) ||
-     (conn->proxyntlm.state != NTLMSTATE_NONE)) {
-    /* Authentication data is a mix of connection-related and sessionhandle-
-       related stuff. NTLM is connection-related so when we close the shop
-       we shall forget. */
-    data->state.authhost.done = FALSE;
-    data->state.authhost.picked =
-      data->state.authhost.want;
-
-    data->state.authproxy.done = FALSE;
-    data->state.authproxy.picked =
-      data->state.authproxy.want;
-
-    data->state.authproblem = FALSE;
-
-    Curl_ntlm_cleanup(conn);
-  }
-
-  if(conn->curl_disconnect)
-    /* This is set if protocol-specific cleanups should be made */
-    conn->curl_disconnect(conn);
-
-  if(-1 != conn->connectindex) {
-    /* unlink ourselves! */
-    infof(data, "Closing connection #%ld\n", conn->connectindex);
-    if(data->state.connc)
-      /* only clear the table entry if we still know in which cache we
-         used to be in */
-      data->state.connc->connects[conn->connectindex] = NULL;
-  }
-
-#ifdef USE_LIBIDN
-  if(conn->host.encalloc)
-    idn_free(conn->host.encalloc); /* encoded host name buffer, must be freed
-                                      with idn_free() since this was allocated
-                                      by libidn */
-  if(conn->proxy.encalloc)
-    idn_free(conn->proxy.encalloc); /* encoded proxy name buffer, must be
-                                       freed with idn_free() since this was
-                                       allocated by libidn */
-#endif
-
-  Curl_ssl_close(conn);
-
-  /* Indicate to all handles on the pipe that we're dead */
-  if (IsPipeliningEnabled(data)) {
-    signalPipeClose(conn->send_pipe);
-    signalPipeClose(conn->recv_pipe);
-  }
-
-  conn_free(conn);
-
-  return CURLE_OK;
-}
-
-/*
- * This function should return TRUE if the socket is to be assumed to
- * be dead. Most commonly this happens when the server has closed the
- * connection due to inactivity.
- */
-static bool SocketIsDead(curl_socket_t sock)
-{
-  int sval;
-  bool ret_val = TRUE;
-
-  sval = Curl_select(sock, CURL_SOCKET_BAD, 0);
-  if(sval == 0)
-    /* timeout */
-    ret_val = FALSE;
-
-  return ret_val;
-}
-
-static bool IsPipeliningPossible(struct SessionHandle *handle)
-{
-  if (handle->multi && Curl_multi_canPipeline(handle->multi) &&
-      (handle->set.httpreq == HTTPREQ_GET ||
-       handle->set.httpreq == HTTPREQ_HEAD) &&
-      handle->set.httpversion != CURL_HTTP_VERSION_1_0)
-    return TRUE;
-
-  return FALSE;
-}
-
-static bool IsPipeliningEnabled(struct SessionHandle *handle)
-{
-  if (handle->multi && Curl_multi_canPipeline(handle->multi))
-    return TRUE;
-
-  return FALSE;
-}
-
-void Curl_addHandleToPipeline(struct SessionHandle *data,
-                              struct curl_llist *pipe)
-{
-#ifdef CURLDEBUG
-  if(!IsPipeliningPossible(data)) {
-    /* when not pipelined, there MUST be no handle in the list already */
-    if(pipe->head)
-      infof(data, "PIPE when no PIPE supposed!\n");
-  }
-#endif
-  Curl_llist_insert_next(pipe, pipe->tail, data);
-}
-
-
-int Curl_removeHandleFromPipeline(struct SessionHandle *handle,
-                                   struct curl_llist *pipe)
-{
-  struct curl_llist_element *curr;
-
-  curr = pipe->head;
-  while (curr) {
-    if (curr->ptr == handle) {
-      Curl_llist_remove(pipe, curr, NULL);
-      return 1; /* we removed a handle */
-    }
-    curr = curr->next;
-  }
-
-  return 0;
-}
-
-#if 0 /* this code is saved here as it is useful for debugging purposes */
-static void Curl_printPipeline(struct curl_llist *pipe)
-{
-  struct curl_llist_element *curr;
-
-  curr = pipe->head;
-  while (curr) {
-    struct SessionHandle *data = (struct SessionHandle *) curr->ptr;
-    infof(data, "Handle in pipeline: %s\n",
-          data->reqdata.path);
-    curr = curr->next;
-  }
-}
-#endif
-
-bool Curl_isHandleAtHead(struct SessionHandle *handle,
-                         struct curl_llist *pipe)
-{
-  struct curl_llist_element *curr = pipe->head;
-  if (curr) {
-    return (bool)(curr->ptr == handle);
-  }
-
-  return FALSE;
-}
-
-static void signalPipeClose(struct curl_llist *pipe)
-{
-  struct curl_llist_element *curr;
-
-  curr = pipe->head;
-  while (curr) {
-    struct curl_llist_element *next = curr->next;
-    struct SessionHandle *data = (struct SessionHandle *) curr->ptr;
-
-#ifdef CURLDEBUG /* debug-only code */
-    if(data->magic != CURLEASY_MAGIC_NUMBER) {
-      /* MAJOR BADNESS */
-      fprintf(stderr, "signalPipeClose() found BAAD easy handle\n");
-    }
-    else
-#endif
-
-    data->state.pipe_broke = TRUE;
-    Curl_llist_remove(pipe, curr, NULL);
-    curr = next;
-  }
-}
-
-
-/*
- * Given one filled in connection struct (named needle), this function should
- * detect if there already is one that has all the significant details
- * exactly the same and thus should be used instead.
- *
- * If there is a match, this function returns TRUE - and has marked the
- * connection as 'in-use'. It must later be called with ConnectionDone() to
- * return back to 'idle' (unused) state.
- */
-static bool
-ConnectionExists(struct SessionHandle *data,
-                 struct connectdata *needle,
-                 struct connectdata **usethis)
-{
-  long i;
-  struct connectdata *check;
-  bool canPipeline = IsPipeliningPossible(data);
-
-  for(i=0; i< data->state.connc->num; i++) {
-    bool match = FALSE;
-    /*
-     * Note that if we use a HTTP proxy, we check connections to that
-     * proxy and not to the actual remote server.
-     */
-    check = data->state.connc->connects[i];
-    if(!check)
-      /* NULL pointer means not filled-in entry */
-      continue;
-
-    if (check->connectindex == -1) {
-      check->connectindex = i; /* Set this appropriately since it might have
-                                  been set to -1 when the easy was removed
-                                  from the multi */
-    }
-
-    infof(data, "Examining connection #%ld for reuse\n", check->connectindex);
-
-    if(check->inuse && !canPipeline) {
-      /* can only happen within multi handles, and means that another easy
-      handle is using this connection */
-      continue;
-    }
-
-#ifdef CURLRES_ASYNCH
-    /* ip_addr_str is NULL only if the resolving of the name hasn't completed
-       yet and until then we don't re-use this connection */
-    if (!check->ip_addr_str) {
-      infof(data,
-            "Connection #%ld has not finished name resolve, can't reuse\n",
-            check->connectindex);
-      continue;
-    }
-#endif
-
-    if (check->send_pipe->size +
-        check->recv_pipe->size >= MAX_PIPELINE_LENGTH) {
-      infof(data, "Connection #%ld has its pipeline full, can't reuse\n",
-            check->connectindex);
-      continue;
-    }
-
-    if (data->state.is_in_pipeline && check->bits.close) {
-        /* Don't pick a connection that is going to be closed */
-        infof(data, "Connection #%ld has been marked for close, can't reuse\n",
-              check->connectindex);
-        continue;
-    }
-
-    if((needle->protocol&PROT_SSL) != (check->protocol&PROT_SSL))
-      /* don't do mixed SSL and non-SSL connections */
-      continue;
-
-    if(!needle->bits.httpproxy || needle->protocol&PROT_SSL) {
-      /* The requested connection does not use a HTTP proxy or it
-         uses SSL. */
-
-      if(!(needle->protocol&PROT_SSL) && check->bits.httpproxy)
-        /* we don't do SSL but the cached connection has a proxy,
-           then don't match this */
-        continue;
-
-      if(strequal(needle->protostr, check->protostr) &&
-         strequal(needle->host.name, check->host.name) &&
-         (needle->remote_port == check->remote_port) ) {
-        if(needle->protocol & PROT_SSL) {
-          /* This is SSL, verify that we're using the same
-             ssl options as well */
-          if(!Curl_ssl_config_matches(&needle->ssl_config,
-                                      &check->ssl_config)) {
-            infof(data,
-                  "Connection #%ld has different SSL parameters, "
-                  "can't reuse\n",
-                  check->connectindex );
-            continue;
-          }
-        }
-        if((needle->protocol & PROT_FTP) ||
-           ((needle->protocol & PROT_HTTP) &&
-            (data->state.authhost.want==CURLAUTH_NTLM))) {
-          /* This is FTP or HTTP+NTLM, verify that we're using the same name
-             and password as well */
-          if(!strequal(needle->user, check->user) ||
-             !strequal(needle->passwd, check->passwd)) {
-            /* one of them was different */
-            continue;
-          }
-        }
-        match = TRUE;
-      }
-    }
-    else { /* The requested needle connection is using a proxy,
-              is the checked one using the same? */
-      if(check->bits.httpproxy &&
-         strequal(needle->proxy.name, check->proxy.name) &&
-         needle->port == check->port) {
-        /* This is the same proxy connection, use it! */
-        match = TRUE;
-      }
-    }
-
-    if(match) {
-      if (!IsPipeliningEnabled(data)) {
-        /* The check for a dead socket makes sense only in the
-           non-pipelining case */
-        bool dead = SocketIsDead(check->sock[FIRSTSOCKET]);
-        if(dead) {
-          check->data = data;
-          infof(data, "Connection #%d seems to be dead!\n", i);
-
-          Curl_disconnect(check); /* disconnect resources */
-          data->state.connc->connects[i]=NULL; /* nothing here */
-
-          return FALSE;
-        }
-      }
-
-      check->inuse = TRUE; /* mark this as being in use so that no other
-                              handle in a multi stack may nick it */
-
-      if (canPipeline) {
-        /* Mark the connection as being in a pipeline */
-        check->is_in_pipeline = TRUE;
-      }
-
-      check->connectindex = i; /* Set this appropriately since it might have
-                                  been set to -1 when the easy was removed
-                                  from the multi */
-      *usethis = check;
-      return TRUE; /* yes, we found one to use! */
-    }
-  }
-
-  return FALSE; /* no matching connecting exists */
-}
-
-
-
-/*
- * This function frees/closes a connection in the connection cache. This
- * should take the previously set policy into account when deciding which
- * of the connections to kill.
- */
-static long
-ConnectionKillOne(struct SessionHandle *data)
-{
-  long i;
-  struct connectdata *conn;
-  long highscore=-1;
-  long connindex=-1;
-  long score;
-  struct timeval now;
-
-  now = Curl_tvnow();
-
-  for(i=0; data->state.connc && (i< data->state.connc->num); i++) {
-    conn = data->state.connc->connects[i];
-
-    if(!conn || conn->inuse)
-      continue;
-
-    /* Set higher score for the age passed since the connection was used */
-    score = Curl_tvdiff(now, conn->now);
-
-    if(score > highscore) {
-      highscore = score;
-      connindex = i;
-    }
-  }
-  if(connindex >= 0) {
-    /* Set the connection's owner correctly */
-    conn = data->state.connc->connects[connindex];
-    conn->data = data;
-
-    /* the winner gets the honour of being disconnected */
-    (void)Curl_disconnect(conn);
-
-    /* clean the array entry */
-    data->state.connc->connects[connindex] = NULL;
-  }
-
-  return connindex; /* return the available index or -1 */
-}
-
-/* this connection can now be marked 'idle' */
-static void
-ConnectionDone(struct connectdata *conn)
-{
-  conn->inuse = FALSE;
-  if (!conn->send_pipe && !conn->recv_pipe)
-    conn->is_in_pipeline = FALSE;
-}
-
-/*
- * The given input connection struct pointer is to be stored. If the "cache"
- * is already full, we must clean out the most suitable using the previously
- * set policy.
- *
- * The given connection should be unique. That must've been checked prior to
- * this call.
- */
-static long
-ConnectionStore(struct SessionHandle *data,
-                struct connectdata *conn)
-{
-  long i;
-  for(i=0; i< data->state.connc->num; i++) {
-    if(!data->state.connc->connects[i])
-      break;
-  }
-  if(i == data->state.connc->num) {
-    /* there was no room available, kill one */
-    i = ConnectionKillOne(data);
-    if(-1 != i)
-      infof(data, "Connection (#%d) was killed to make room (holds %d)\n",
-            i, data->state.connc->num);
-    else
-      infof(data, "This connection did not fit in the connection cache\n");
-  }
-
-  conn->connectindex = i; /* Make the child know where the pointer to this
-                             particular data is stored. But note that this -1
-                             if this is not within the cache and this is
-                             probably not checked for everywhere (yet). */
-  conn->inuse = TRUE;
-  if(-1 != i) {
-    /* Only do this if a true index was returned, if -1 was returned there
-       is no room in the cache for an unknown reason and we cannot store
-       this there.
-
-       TODO: make sure we really can work with more handles than positions in
-       the cache, or possibly we should (allow to automatically) resize the
-       connection cache when we add more easy handles to a multi handle!
-    */
-    data->state.connc->connects[i] = conn; /* fill in this */
-    conn->data = data;
-  }
-
-  return i;
-}
-
-static CURLcode ConnectPlease(struct SessionHandle *data,
-                              struct connectdata *conn,
-                              struct Curl_dns_entry *hostaddr,
-                              bool *connected)
-{
-  CURLcode result;
-  Curl_addrinfo *addr;
-  char *hostname = conn->bits.httpproxy?conn->proxy.name:conn->host.name;
-
-  infof(data, "About to connect() to %s%s port %d (#%d)\n",
-        conn->bits.httpproxy?"proxy ":"",
-        hostname, conn->port, conn->connectindex);
-
-  /*************************************************************
-   * Connect to server/proxy
-   *************************************************************/
-  result= Curl_connecthost(conn,
-                           hostaddr,
-                           &conn->sock[FIRSTSOCKET],
-                           &addr,
-                           connected);
-  if(CURLE_OK == result) {
-    /* All is cool, then we store the current information */
-    conn->dns_entry = hostaddr;
-    conn->ip_addr = addr;
-
-    Curl_store_ip_addr(conn);
-
-    switch(data->set.proxytype) {
-    case CURLPROXY_SOCKS5:
-      result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, conn);
-      break;
-    case CURLPROXY_HTTP:
-      /* do nothing here. handled later. */
-      break;
-    case CURLPROXY_SOCKS4:
-      result = Curl_SOCKS4(conn->proxyuser, conn);
-      break;
-    default:
-      failf(data, "unknown proxytype option given");
-      result = CURLE_COULDNT_CONNECT;
-      break;
-    }
-  }
-
-  return result;
-}
-
-/*
- * verboseconnect() displays verbose information after a connect
- */
-static void verboseconnect(struct connectdata *conn)
-{
-  infof(conn->data, "Connected to %s (%s) port %d (#%d)\n",
-        conn->bits.httpproxy ? conn->proxy.dispname : conn->host.dispname,
-        conn->ip_addr_str, conn->port, conn->connectindex);
-}
-
-int Curl_protocol_getsock(struct connectdata *conn,
-                          curl_socket_t *socks,
-                          int numsocks)
-{
-  if(conn->curl_proto_getsock)
-    return conn->curl_proto_getsock(conn, socks, numsocks);
-  return GETSOCK_BLANK;
-}
-
-int Curl_doing_getsock(struct connectdata *conn,
-                       curl_socket_t *socks,
-                       int numsocks)
-{
-  if(conn && conn->curl_doing_getsock)
-    return conn->curl_doing_getsock(conn, socks, numsocks);
-  return GETSOCK_BLANK;
-}
-
-/*
- * We are doing protocol-specific connecting and this is being called over and
- * over from the multi interface until the connection phase is done on
- * protocol layer.
- */
-
-CURLcode Curl_protocol_connecting(struct connectdata *conn,
-                                  bool *done)
-{
-  CURLcode result=CURLE_OK;
-
-  if(conn && conn->curl_connecting) {
-    *done = FALSE;
-    result = conn->curl_connecting(conn, done);
-  }
-  else
-    *done = TRUE;
-
-  return result;
-}
-
-/*
- * We are DOING this is being called over and over from the multi interface
- * until the DOING phase is done on protocol layer.
- */
-
-CURLcode Curl_protocol_doing(struct connectdata *conn, bool *done)
-{
-  CURLcode result=CURLE_OK;
-
-  if(conn && conn->curl_doing) {
-    *done = FALSE;
-    result = conn->curl_doing(conn, done);
-  }
-  else
-    *done = TRUE;
-
-  return result;
-}
-
-/*
- * We have discovered that the TCP connection has been successful, we can now
- * proceed with some action.
- *
- */
-CURLcode Curl_protocol_connect(struct connectdata *conn,
-                               bool *protocol_done)
-{
-  CURLcode result=CURLE_OK;
-  struct SessionHandle *data = conn->data;
-
-  *protocol_done = FALSE;
-
-  if(conn->bits.tcpconnect && conn->bits.protoconnstart) {
-    /* We already are connected, get back. This may happen when the connect
-       worked fine in the first call, like when we connect to a local server
-       or proxy. Note that we don't know if the protocol is actually done.
-
-       Unless this protocol doesn't have any protocol-connect callback, as
-       then we know we're done. */
-    if(!conn->curl_connecting)
-      *protocol_done = TRUE;
-
-    return CURLE_OK;
-  }
-
-  if(!conn->bits.tcpconnect) {
-
-    Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
-
-    if(data->set.verbose)
-      verboseconnect(conn);
-  }
-
-  if(!conn->bits.protoconnstart) {
-    if(conn->curl_connect) {
-      /* is there a protocol-specific connect() procedure? */
-
-      /* Set start time here for timeout purposes in the connect procedure, it
-         is later set again for the progress meter purpose */
-      conn->now = Curl_tvnow();
-
-      /* Call the protocol-specific connect function */
-      result = conn->curl_connect(conn, protocol_done);
-    }
-    else
-      *protocol_done = TRUE;
-
-    /* it has started, possibly even completed but that knowledge isn't stored
-       in this bit! */
-    if (!result)
-      conn->bits.protoconnstart = TRUE;
-  }
-
-  return result; /* pass back status */
-}
-
-/*
- * Helpers for IDNA convertions.
- */
-#ifdef USE_LIBIDN
-static bool is_ASCII_name(const char *hostname)
-{
-  const unsigned char *ch = (const unsigned char*)hostname;
-
-  while (*ch) {
-    if (*ch++ & 0x80)
-      return FALSE;
-  }
-  return TRUE;
-}
-
-/*
- * Check if characters in hostname is allowed in Top Level Domain.
- */
-static bool tld_check_name(struct SessionHandle *data,
-                           const char *ace_hostname)
-{
-  size_t err_pos;
-  char *uc_name = NULL;
-  int rc;
-
-  /* Convert (and downcase) ACE-name back into locale's character set */
-  rc = idna_to_unicode_lzlz(ace_hostname, &uc_name, 0);
-  if (rc != IDNA_SUCCESS)
-    return (FALSE);
-
-  rc = tld_check_lz(uc_name, &err_pos, NULL);
-  if (rc == TLD_INVALID)
-     infof(data, "WARNING: %s; pos %u = `%c'/0x%02X\n",
-#ifdef HAVE_TLD_STRERROR
-           tld_strerror((Tld_rc)rc),
-#else
-           "<no msg>",
-#endif
-           err_pos, uc_name[err_pos],
-           uc_name[err_pos] & 255);
-  else if (rc != TLD_SUCCESS)
-       infof(data, "WARNING: TLD check for %s failed; %s\n",
-             uc_name,
-#ifdef HAVE_TLD_STRERROR
-             tld_strerror((Tld_rc)rc)
-#else
-             "<no msg>"
-#endif
-         );
-  if (uc_name)
-     idn_free(uc_name);
-  return (bool)(rc == TLD_SUCCESS);
-}
-#endif
-
-static void fix_hostname(struct SessionHandle *data,
-                         struct connectdata *conn, struct hostname *host)
-{
-  /* set the name we use to display the host name */
-  host->dispname = host->name;
-
-#ifdef USE_LIBIDN
-  /*************************************************************
-   * Check name for non-ASCII and convert hostname to ACE form.
-   *************************************************************/
-  if (!is_ASCII_name(host->name) &&
-      stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
-    char *ace_hostname = NULL;
-    int rc = idna_to_ascii_lz(host->name, &ace_hostname, 0);
-    infof (data, "Input domain encoded as `%s'\n",
-           stringprep_locale_charset ());
-    if (rc != IDNA_SUCCESS)
-      infof(data, "Failed to convert %s to ACE; %s\n",
-            host->name, Curl_idn_strerror(conn,rc));
-    else {
-      /* tld_check_name() displays a warning if the host name contains
-         "illegal" characters for this TLD */
-      (void)tld_check_name(data, ace_hostname);
-
-      host->encalloc = ace_hostname;
-      /* change the name pointer to point to the encoded hostname */
-      host->name = host->encalloc;
-    }
-  }
-#else
-  (void)data; /* never used */
-  (void)conn; /* never used */
-#endif
-}
-
-/*
- * Parse URL and fill in the relevant members of the connection struct.
- */
-static CURLcode ParseURLAndFillConnection(struct SessionHandle *data,
-                                          struct connectdata *conn)
-{
-  char *at;
-  char *tmp;
-
-  char *path = data->reqdata.path;
-
-  /*************************************************************
-   * Parse the URL.
-   *
-   * We need to parse the url even when using the proxy, because we will need
-   * the hostname and port in case we are trying to SSL connect through the
-   * proxy -- and we don't know if we will need to use SSL until we parse the
-   * url ...
-   ************************************************************/
-  if((2 == sscanf(data->change.url, "%15[^:]:%[^\n]",
-                  conn->protostr,
-                  path)) && strequal(conn->protostr, "file")) {
-    if(path[0] == '/' && path[1] == '/') {
-      /* Allow omitted hostname (e.g. file:/<path>).  This is not strictly
-       * speaking a valid file: URL by RFC 1738, but treating file:/<path> as
-       * file://localhost/<path> is similar to how other schemes treat missing
-       * hostnames.  See RFC 1808. */
-
-      /* This cannot be done with strcpy() in a portable manner, since the
-         memory areas overlap! */
-      memmove(path, path + 2, strlen(path + 2)+1);
-    }
-    /*
-     * we deal with file://<host>/<path> differently since it supports no
-     * hostname other than "localhost" and "127.0.0.1", which is unique among
-     * the URL protocols specified in RFC 1738
-     */
-    if(path[0] != '/') {
-      /* the URL included a host name, we ignore host names in file:// URLs
-         as the standards don't define what to do with them */
-      char *ptr=strchr(path, '/');
-      if(ptr) {
-        /* there was a slash present
-
-           RFC1738 (section 3.1, page 5) says:
-
-           The rest of the locator consists of data specific to the scheme,
-           and is known as the "url-path". It supplies the details of how the
-           specified resource can be accessed. Note that the "/" between the
-           host (or port) and the url-path is NOT part of the url-path.
-
-           As most agents use file://localhost/foo to get '/foo' although the
-           slash preceding foo is a separator and not a slash for the path,
-           a URL as file://localhost//foo must be valid as well, to refer to
-           the same file with an absolute path.
-        */
-
-        if(ptr[1] && ('/' == ptr[1]))
-          /* if there was two slashes, we skip the first one as that is then
-             used truly as a separator */
-          ptr++;
-
-        /* This cannot be made with strcpy, as the memory chunks overlap! */
-        memmove(path, ptr, strlen(ptr)+1);
-      }
-    }
-
-    strcpy(conn->protostr, "file"); /* store protocol string lowercase */
-  }
-  else {
-    /* clear path */
-    path[0]=0;
-
-    if (2 > sscanf(data->change.url,
-                   "%15[^\n:]://%[^\n/]%[^\n]",
-                   conn->protostr,
-                   conn->host.name, path)) {
-
-      /*
-       * The URL was badly formatted, let's try the browser-style _without_
-       * protocol specified like 'http://'.
-       */
-      if((1 > sscanf(data->change.url, "%[^\n/]%[^\n]",
-                     conn->host.name, path)) ) {
-        /*
-         * We couldn't even get this format.
-         */
-        failf(data, "<url> malformed");
-        return CURLE_URL_MALFORMAT;
-      }
-
-      /*
-       * Since there was no protocol part specified, we guess what protocol it
-       * is based on the first letters of the server name.
-       */
-
-      /* Note: if you add a new protocol, please update the list in
-       * lib/version.c too! */
-
-      if(checkprefix("FTP.", conn->host.name))
-        strcpy(conn->protostr, "ftp");
-      else if (checkprefix("DICT.", conn->host.name))
-        strcpy(conn->protostr, "DICT");
-      else if (checkprefix("LDAP.", conn->host.name))
-        strcpy(conn->protostr, "LDAP");
-      else {
-        strcpy(conn->protostr, "http");
-      }
-
-      conn->protocol |= PROT_MISSING; /* not given in URL */
-    }
-  }
-
-  /* We search for '?' in the host name (but only on the right side of a
-   * @-letter to allow ?-letters in username and password) to handle things
-   * like http://example.com?param= (notice the missing '/').
-   */
-  at = strchr(conn->host.name, '@');
-  if(at)
-    tmp = strchr(at+1, '?');
-  else
-    tmp = strchr(conn->host.name, '?');
-
-  if(tmp) {
-    /* We must insert a slash before the '?'-letter in the URL. If the URL had
-       a slash after the '?', that is where the path currently begins and the
-       '?string' is still part of the host name.
-
-       We must move the trailing part from the host name and put it first in
-       the path. And have it all prefixed with a slash.
-    */
-
-    size_t hostlen = strlen(tmp);
-    size_t pathlen = strlen(path);
-
-    /* move the existing path plus the zero byte forward, to make room for
-       the host-name part */
-    memmove(path+hostlen+1, path, pathlen+1);
-
-     /* now copy the trailing host part in front of the existing path */
-    memcpy(path+1, tmp, hostlen);
-
-    path[0]='/'; /* prepend the missing slash */
-
-    *tmp=0; /* now cut off the hostname at the ? */
-  }
-  else if(!path[0]) {
-    /* if there's no path set, use a single slash */
-    strcpy(path, "/");
-  }
-
-  /* If the URL is malformatted (missing a '/' after hostname before path) we
-   * insert a slash here. The only letter except '/' we accept to start a path
-   * is '?'.
-   */
-  if(path[0] == '?') {
-    /* We need this function to deal with overlapping memory areas. We know
-       that the memory area 'path' points to is 'urllen' bytes big and that
-       is bigger than the path. Use +1 to move the zero byte too. */
-    memmove(&path[1], path, strlen(path)+1);
-    path[0] = '/';
-  }
-
-  /*
-   * So if the URL was A://B/C,
-   *   conn->protostr is A
-   *   conn->host.name is B
-   *   data->reqdata.path is /C
-   */
-
-  return CURLE_OK;
-}
-
-static void llist_dtor(void *user, void *element)
-{
-  (void)user;
-  (void)element;
-  /* Do nothing */
-}
-
-
-/**
- * CreateConnection() sets up a new connectdata struct, or re-uses an already
- * existing one, and resolves host name.
- *
- * if this function returns CURLE_OK and *async is set to TRUE, the resolve
- * response will be coming asynchronously. If *async is FALSE, the name is
- * already resolved.
- *
- * @param data The sessionhandle pointer
- * @param in_connect is set to the next connection data pointer
- * @param addr is set to the new dns entry for this connection. If this
- *        connection is re-used it will be NULL.
- * @param async is set TRUE/FALSE depending on the nature of this lookup
- * @return CURLcode
- * @see SetupConnection()
- *
- * *NOTE* this function assigns the conn->data pointer!
- */
-
-static CURLcode CreateConnection(struct SessionHandle *data,
-                                 struct connectdata **in_connect,
-                                 struct Curl_dns_entry **addr,
-                                 bool *async)
-{
-
-  char *tmp;
-  CURLcode result=CURLE_OK;
-  struct connectdata *conn;
-  struct connectdata *conn_temp = NULL;
-  size_t urllen;
-  struct Curl_dns_entry *hostaddr;
-#if defined(HAVE_ALARM) && !defined(USE_ARES)
-  unsigned int prev_alarm=0;
-#endif
-  char endbracket;
-  char user[MAX_CURL_USER_LENGTH];
-  char passwd[MAX_CURL_PASSWORD_LENGTH];
-  int rc;
-  bool reuse;
-  char *proxy;
-  bool proxy_alloc = FALSE;
-
-#ifndef USE_ARES
-#ifdef SIGALRM
-#ifdef HAVE_SIGACTION
-  struct sigaction keep_sigact;   /* store the old struct here */
-  bool keep_copysig=FALSE;        /* did copy it? */
-#else
-#ifdef HAVE_SIGNAL
-  void (*keep_sigact)(int);       /* store the old handler here */
-#endif /* HAVE_SIGNAL */
-#endif /* HAVE_SIGACTION */
-#endif /* SIGALRM */
-#endif /* USE_ARES */
-
-  *addr = NULL; /* nothing yet */
-  *async = FALSE;
-
-  /*************************************************************
-   * Check input data
-   *************************************************************/
-
-  if(!data->change.url)
-    return CURLE_URL_MALFORMAT;
-
-  /* First, split up the current URL in parts so that we can use the
-     parts for checking against the already present connections. In order
-     to not have to modify everything at once, we allocate a temporary
-     connection data struct and fill in for comparison purposes. */
-
-  conn = (struct connectdata *)calloc(sizeof(struct connectdata), 1);
-  if(!conn) {
-    *in_connect = NULL; /* clear the pointer */
-    return CURLE_OUT_OF_MEMORY;
-  }
-  /* We must set the return variable as soon as possible, so that our
-     parent can cleanup any possible allocs we may have done before
-     any failure */
-  *in_connect = conn;
-
-  /* and we setup a few fields in case we end up actually using this struct */
-
-  conn->data = data; /* Setup the association between this connection
-                        and the SessionHandle */
-
-  conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD;     /* no file descriptor */
-  conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD; /* no file descriptor */
-  conn->connectindex = -1;    /* no index */
-
-  conn->bits.httpproxy = (bool)(data->set.proxy  /* http proxy or not */
-                                && *data->set.proxy
-                                && (data->set.proxytype == CURLPROXY_HTTP));
-  proxy = data->set.proxy; /* if global proxy is set, this is it */
-
-  /* Default protocol-independent behavior doesn't support persistent
-     connections, so we set this to force-close. Protocols that support
-     this need to set this to FALSE in their "curl_do" functions. */
-  conn->bits.close = TRUE;
-
-  conn->readchannel_inuse = FALSE;
-  conn->writechannel_inuse = FALSE;
-
-  conn->read_pos = 0;
-  conn->buf_len = 0;
-
-  /* Initialize the pipeline lists */
-  conn->send_pipe = Curl_llist_alloc((curl_llist_dtor) llist_dtor);
-  conn->recv_pipe = Curl_llist_alloc((curl_llist_dtor) llist_dtor);
-
-  /* Store creation time to help future close decision making */
-  conn->created = Curl_tvnow();
-
-  /* range status */
-  data->reqdata.use_range = (bool)(NULL != data->set.set_range);
-
-  data->reqdata.range = data->set.set_range; /* clone the range setting */
-  data->reqdata.resume_from = data->set.set_resume_from;
-
-  conn->bits.user_passwd = (bool)(NULL != data->set.userpwd);
-  conn->bits.proxy_user_passwd = (bool)(NULL != data->set.proxyuserpwd);
-  conn->bits.no_body = data->set.opt_no_body;
-  conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy;
-  conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
-  conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
-
-  /* This initing continues below, see the comment "Continue connectdata
-   * initialization here" */
-
-  /***********************************************************
-   * We need to allocate memory to store the path in. We get the size of the
-   * full URL to be sure, and we need to make it at least 256 bytes since
-   * other parts of the code will rely on this fact
-   ***********************************************************/
-#define LEAST_PATH_ALLOC 256
-  urllen=strlen(data->change.url);
-  if(urllen < LEAST_PATH_ALLOC)
-    urllen=LEAST_PATH_ALLOC;
-
-  if (!data->set.source_url /* 3rd party FTP */
-      && data->reqdata.pathbuffer) {
-      /* Free the old buffer */
-      free(data->reqdata.pathbuffer);
-  }
-
-  /*
-   * We malloc() the buffers below urllen+2 to make room for to possibilities:
-   * 1 - an extra terminating zero
-   * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
-   */
-
-  data->reqdata.pathbuffer=(char *)malloc(urllen+2);
-  if(NULL == data->reqdata.pathbuffer)
-    return CURLE_OUT_OF_MEMORY; /* really bad error */
-  data->reqdata.path = data->reqdata.pathbuffer;
-
-  conn->host.rawalloc=(char *)malloc(urllen+2);
-  if(NULL == conn->host.rawalloc)
-    return CURLE_OUT_OF_MEMORY;
-
-  conn->host.name = conn->host.rawalloc;
-  conn->host.name[0] = 0;
-
-  result = ParseURLAndFillConnection(data, conn);
-  if (result != CURLE_OK) {
-      return result;
-  }
-
-  /*************************************************************
-   * Take care of proxy authentication stuff
-   *************************************************************/
-  if(conn->bits.proxy_user_passwd) {
-    char proxyuser[MAX_CURL_USER_LENGTH]="";
-    char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
-
-    sscanf(data->set.proxyuserpwd,
-           "%" MAX_CURL_USER_LENGTH_TXT "[^:]:"
-           "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]",
-           proxyuser, proxypasswd);
-
-    conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
-    if(!conn->proxyuser)
-      return CURLE_OUT_OF_MEMORY;
-
-    conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
-    if(!conn->proxypasswd)
-      return CURLE_OUT_OF_MEMORY;
-  }
-
-#ifndef CURL_DISABLE_HTTP
-  /*************************************************************
-   * Detect what (if any) proxy to use
-   *************************************************************/
-  if(!conn->bits.httpproxy) {
-    /* If proxy was not specified, we check for default proxy environment
-     * variables, to enable i.e Lynx compliance:
-     *
-     * http_proxy=http://some.server.dom:port/
-     * https_proxy=http://some.server.dom:port/
-     * ftp_proxy=http://some.server.dom:port/
-     * no_proxy=domain1.dom,host.domain2.dom
-     *   (a comma-separated list of hosts which should
-     *   not be proxied, or an asterisk to override
-     *   all proxy variables)
-     * all_proxy=http://some.server.dom:port/
-     *   (seems to exist for the CERN www lib. Probably
-     *   the first to check for.)
-     *
-     * For compatibility, the all-uppercase versions of these variables are
-     * checked if the lowercase versions don't exist.
-     */
-    char *no_proxy=NULL;
-    char *no_proxy_tok_buf;
-    char proxy_env[128];
-
-    no_proxy=curl_getenv("no_proxy");
-    if(!no_proxy)
-      no_proxy=curl_getenv("NO_PROXY");
-
-    if(!no_proxy || !strequal("*", no_proxy)) {
-      /* NO_PROXY wasn't specified or it wasn't just an asterisk */
-      char *nope;
-
-      nope=no_proxy?strtok_r(no_proxy, ", ", &no_proxy_tok_buf):NULL;
-      while(nope) {
-        size_t namelen;
-        char *endptr = strchr(conn->host.name, ':');
-        if(endptr)
-          namelen=endptr-conn->host.name;
-        else
-          namelen=strlen(conn->host.name);
-
-        if(strlen(nope) <= namelen) {
-          char *checkn=
-            conn->host.name + namelen - strlen(nope);
-          if(checkprefix(nope, checkn)) {
-            /* no proxy for this host! */
-            break;
-          }
-        }
-        nope=strtok_r(NULL, ", ", &no_proxy_tok_buf);
-      }
-      if(!nope) {
-        /* It was not listed as without proxy */
-        char *protop = conn->protostr;
-        char *envp = proxy_env;
-        char *prox;
-
-        /* Now, build <protocol>_proxy and check for such a one to use */
-        while(*protop)
-          *envp++ = (char)tolower((int)*protop++);
-
-        /* append _proxy */
-        strcpy(envp, "_proxy");
-
-        /* read the protocol proxy: */
-        prox=curl_getenv(proxy_env);
-
-        /*
-         * We don't try the uppercase version of HTTP_PROXY because of
-         * security reasons:
-         *
-         * When curl is used in a webserver application
-         * environment (cgi or php), this environment variable can
-         * be controlled by the web server user by setting the
-         * http header 'Proxy:' to some value.
-         *
-         * This can cause 'internal' http/ftp requests to be
-         * arbitrarily redirected by any external attacker.
-         */
-        if(!prox && !strequal("http_proxy", proxy_env)) {
-          /* There was no lowercase variable, try the uppercase version: */
-          for(envp = proxy_env; *envp; envp++)
-            *envp = (char)toupper((int)*envp);
-          prox=curl_getenv(proxy_env);
-        }
-
-        if(prox && *prox) { /* don't count "" strings */
-          proxy = prox; /* use this */
-        }
-        else {
-          proxy = curl_getenv("all_proxy"); /* default proxy to use */
-          if(!proxy)
-            proxy=curl_getenv("ALL_PROXY");
-        }
-
-        if(proxy && *proxy) {
-          long bits = conn->protocol & (PROT_HTTPS|PROT_SSL|PROT_MISSING);
-          /* force this to become HTTP */
-          conn->protocol = PROT_HTTP | bits;
-
-          proxy_alloc=TRUE; /* this needs to be freed later */
-          conn->bits.httpproxy = TRUE;
-        }
-      } /* if (!nope) - it wasn't specified non-proxy */
-    } /* NO_PROXY wasn't specified or '*' */
-    if(no_proxy)
-      free(no_proxy);
-  } /* if not using proxy */
-#endif /* CURL_DISABLE_HTTP */
-
-  /*************************************************************
-   * No protocol part in URL was used, add it!
-   *************************************************************/
-  if(conn->protocol&PROT_MISSING) {
-    /* We're guessing prefixes here and if we're told to use a proxy or if
-       we're gonna follow a Location: later or... then we need the protocol
-       part added so that we have a valid URL. */
-    char *reurl;
-
-    reurl = aprintf("%s://%s", conn->protostr, data->change.url);
-
-    if(!reurl)
-      return CURLE_OUT_OF_MEMORY;
-
-    data->change.url = reurl;
-    data->change.url_alloc = TRUE; /* free this later */
-    conn->protocol &= ~PROT_MISSING; /* switch that one off again */
-  }
-
-#ifndef CURL_DISABLE_HTTP
-  /************************************************************
-   * RESUME on a HTTP page is a tricky business. First, let's just check that
-   * 'range' isn't used, then set the range parameter and leave the resume as
-   * it is to inform about this situation for later use. We will then
-   * "attempt" to resume, and if we're talking to a HTTP/1.1 (or later)
-   * server, we will get the document resumed. If we talk to a HTTP/1.0
-   * server, we just fail since we can't rewind the file writing from within
-   * this function.
-   ***********************************************************/
-  if(data->reqdata.resume_from) {
-    if(!data->reqdata.use_range) {
-      /* if it already was in use, we just skip this */
-      data->reqdata.range = aprintf("%" FORMAT_OFF_T "-", data->reqdata.resume_from);
-      if(!data->reqdata.range)
-        return CURLE_OUT_OF_MEMORY;
-      data->reqdata.rangestringalloc = TRUE; /* mark as allocated */
-      data->reqdata.use_range = 1; /* switch on range usage */
-    }
-  }
-#endif
-  /*************************************************************
-   * Setup internals depending on protocol
-   *************************************************************/
-
-  conn->socktype = SOCK_STREAM; /* most of them are TCP streams */
-
-  if (strequal(conn->protostr, "HTTP")) {
-#ifndef CURL_DISABLE_HTTP
-    conn->port = PORT_HTTP;
-    conn->remote_port = PORT_HTTP;
-    conn->protocol |= PROT_HTTP;
-    conn->curl_do = Curl_http;
-    conn->curl_do_more = (Curl_do_more_func)ZERO_NULL;
-    conn->curl_done = Curl_http_done;
-    conn->curl_connect = Curl_http_connect;
-#else
-    failf(data, LIBCURL_NAME
-          " was built with HTTP disabled, http: not supported!");
-    return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
-  }
-  else if (strequal(conn->protostr, "HTTPS")) {
-#if defined(USE_SSL) && !defined(CURL_DISABLE_HTTP)
-
-    conn->port = PORT_HTTPS;
-    conn->remote_port = PORT_HTTPS;
-    conn->protocol |= PROT_HTTP|PROT_HTTPS|PROT_SSL;
-
-    conn->curl_do = Curl_http;
-    conn->curl_do_more = (Curl_do_more_func)ZERO_NULL;
-    conn->curl_done = Curl_http_done;
-    conn->curl_connect = Curl_http_connect;
-    conn->curl_connecting = Curl_https_connecting;
-    conn->curl_proto_getsock = Curl_https_getsock;
-
-#else /* USE_SSL */
-    failf(data, LIBCURL_NAME
-          " was built with SSL disabled, https: not supported!");
-    return CURLE_UNSUPPORTED_PROTOCOL;
-#endif /* !USE_SSL */
-  }
-  else if(strequal(conn->protostr, "FTP") ||
-          strequal(conn->protostr, "FTPS")) {
-
-#ifndef CURL_DISABLE_FTP
-    char *type;
-    int port = PORT_FTP;
-
-    if(strequal(conn->protostr, "FTPS")) {
-#ifdef USE_SSL
-      conn->protocol |= PROT_FTPS|PROT_SSL;
-      conn->ssl[SECONDARYSOCKET].use = TRUE; /* send data securely */
-      port = PORT_FTPS;
-#else
-      failf(data, LIBCURL_NAME
-            " was built with SSL disabled, ftps: not supported!");
-      return CURLE_UNSUPPORTED_PROTOCOL;
-#endif /* !USE_SSL */
-    }
-
-    conn->port = port;
-    conn->remote_port = (unsigned short)port;
-    conn->protocol |= PROT_FTP;
-
-    if(proxy && *proxy && !data->set.tunnel_thru_httpproxy) {
-      /* Unless we have asked to tunnel ftp operations through the proxy, we
-         switch and use HTTP operations only */
-#ifndef CURL_DISABLE_HTTP
-      conn->curl_do = Curl_http;
-      conn->curl_done = Curl_http_done;
-      conn->protocol = PROT_HTTP; /* switch to HTTP */
-#else
-      failf(data, "FTP over http proxy requires HTTP support built-in!");
-      return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
-    }
-    else {
-      conn->curl_do = Curl_ftp;
-      conn->curl_do_more = Curl_ftp_nextconnect;
-      conn->curl_done = Curl_ftp_done;
-      conn->curl_connect = Curl_ftp_connect;
-      conn->curl_connecting = Curl_ftp_multi_statemach;
-      conn->curl_doing = Curl_ftp_doing;
-      conn->curl_proto_getsock = Curl_ftp_getsock;
-      conn->curl_doing_getsock = Curl_ftp_getsock;
-      conn->curl_disconnect = Curl_ftp_disconnect;
-    }
-
-    data->reqdata.path++; /* don't include the initial slash */
-
-    /* FTP URLs support an extension like ";type=<typecode>" that
-     * we'll try to get now! */
-    type=strstr(data->reqdata.path, ";type=");
-    if(!type) {
-      type=strstr(conn->host.rawalloc, ";type=");
-    }
-    if(type) {
-      char command;
-      *type=0;                     /* it was in the middle of the hostname */
-      command = (char)toupper((int)type[6]);
-      switch(command) {
-      case 'A': /* ASCII mode */
-        data->set.prefer_ascii = TRUE;
-        break;
-      case 'D': /* directory mode */
-        data->set.ftp_list_only = TRUE;
-        break;
-      case 'I': /* binary mode */
-      default:
-        /* switch off ASCII */
-        data->set.prefer_ascii = FALSE;
-        break;
-      }
-    }
-#else /* CURL_DISABLE_FTP */
-    failf(data, LIBCURL_NAME
-          " was built with FTP disabled, ftp/ftps: not supported!");
-    return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
-  }
-  else if(strequal(conn->protostr, "TELNET")) {
-#ifndef CURL_DISABLE_TELNET
-    /* telnet testing factory */
-    conn->protocol |= PROT_TELNET;
-
-    conn->port = PORT_TELNET;
-    conn->remote_port = PORT_TELNET;
-    conn->curl_do = Curl_telnet;
-    conn->curl_done = Curl_telnet_done;
-#else
-    failf(data, LIBCURL_NAME
-          " was built with TELNET disabled!");
-#endif
-  }
-  else if (strequal(conn->protostr, "DICT")) {
-#ifndef CURL_DISABLE_DICT
-    conn->protocol |= PROT_DICT;
-    conn->port = PORT_DICT;
-    conn->remote_port = PORT_DICT;
-    conn->curl_do = Curl_dict;
-    /* no DICT-specific done */
-    conn->curl_done = (Curl_done_func)ZERO_NULL;
-#else
-    failf(data, LIBCURL_NAME
-          " was built with DICT disabled!");
-#endif
-  }
-  else if (strequal(conn->protostr, "LDAP")) {
-#ifndef CURL_DISABLE_LDAP
-    conn->protocol |= PROT_LDAP;
-    conn->port = PORT_LDAP;
-    conn->remote_port = PORT_LDAP;
-    conn->curl_do = Curl_ldap;
-    /* no LDAP-specific done */
-    conn->curl_done = (Curl_done_func)ZERO_NULL;
-#else
-    failf(data, LIBCURL_NAME
-          " was built with LDAP disabled!");
-#endif
-  }
-  else if (strequal(conn->protostr, "FILE")) {
-#ifndef CURL_DISABLE_FILE
-    conn->protocol |= PROT_FILE;
-
-    conn->curl_do = Curl_file;
-    conn->curl_done = Curl_file_done;
-
-    /* anyway, this is supposed to be the connect function so we better
-       at least check that the file is present here! */
-    result = Curl_file_connect(conn);
-
-    /* Setup a "faked" transfer that'll do nothing */
-    if(CURLE_OK == result) {
-      conn->data = data;
-      conn->bits.tcpconnect = TRUE; /* we are "connected */
-      ConnectionStore(data, conn);
-
-      result = Curl_setup_transfer(conn, -1, -1, FALSE, NULL, /* no download */
-                                   -1, NULL); /* no upload */
-    }
-
-    return result;
-#else
-    failf(data, LIBCURL_NAME
-          " was built with FILE disabled!");
-#endif
-  }
-  else if (strequal(conn->protostr, "TFTP")) {
-#ifndef CURL_DISABLE_TFTP
-    char *type;
-    conn->socktype = SOCK_DGRAM; /* UDP datagram based */
-    conn->protocol |= PROT_TFTP;
-    conn->port = PORT_TFTP;
-    conn->remote_port = PORT_TFTP;
-    conn->curl_connect = Curl_tftp_connect;
-    conn->curl_do = Curl_tftp;
-    conn->curl_done = Curl_tftp_done;
-    /* TFTP URLs support an extension like ";mode=<typecode>" that
-     * we'll try to get now! */
-    type=strstr(data->reqdata.path, ";mode=");
-    if(!type) {
-      type=strstr(conn->host.rawalloc, ";mode=");
-    }
-    if(type) {
-      char command;
-      *type=0;                     /* it was in the middle of the hostname */
-      command = (char)toupper((int)type[6]);
-      switch(command) {
-      case 'A': /* ASCII mode */
-      case 'N': /* NETASCII mode */
-        data->set.prefer_ascii = TRUE;
-        break;
-      case 'O': /* octet mode */
-      case 'I': /* binary mode */
-      default:
-        /* switch off ASCII */
-        data->set.prefer_ascii = FALSE;
-        break;
-      }
-    }
-#else
-    failf(data, LIBCURL_NAME
-          " was built with TFTP disabled!");
-#endif
-  }
-  else if (strequal(conn->protostr, "SCP")) {
-#ifdef USE_LIBSSH2
-    conn->port = PORT_SSH;
-    conn->remote_port = PORT_SSH;
-    conn->protocol = PROT_SCP;
-    conn->curl_connect = Curl_ssh_connect; /* ssh_connect? */
-    conn->curl_do = Curl_scp_do;
-    conn->curl_done = Curl_scp_done;
-    conn->curl_do_more = (Curl_do_more_func)ZERO_NULL;
-#else
-    failf(data, LIBCURL_NAME
-          " was built without LIBSSH2, scp: not supported!");
-    return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
-  }
-  else if (strequal(conn->protostr, "SFTP")) {
-#ifdef USE_LIBSSH2
-    conn->port = PORT_SSH;
-    conn->remote_port = PORT_SSH;
-    conn->protocol = PROT_SFTP;
-    conn->curl_connect = Curl_ssh_connect; /* ssh_connect? */
-    conn->curl_do = Curl_sftp_do;
-    conn->curl_done = Curl_sftp_done;
-    conn->curl_do_more = (Curl_do_more_func)NULL;
-#else
-    failf(data, LIBCURL_NAME
-          " was built without LIBSSH2, scp: not supported!");
-    return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
-}
-else {
-    /* We fell through all checks and thus we don't support the specified
-       protocol */
-    failf(data, "Unsupported protocol: %s", conn->protostr);
-    return CURLE_UNSUPPORTED_PROTOCOL;
-  }
-
-  if(proxy && *proxy) {
-    /* If this is supposed to use a proxy, we need to figure out the proxy
-       host name name, so that we can re-use an existing connection
-       that may exist registered to the same proxy host. */
-
-    char *prox_portno;
-    char *endofprot;
-
-    /* We need to make a duplicate of the proxy so that we can modify the
-       string safely. If 'proxy_alloc' is TRUE, the string is already
-       allocated and we can treat it as duplicated. */
-    char *proxydup=proxy_alloc?proxy:strdup(proxy);
-
-    /* We use 'proxyptr' to point to the proxy name from now on... */
-    char *proxyptr=proxydup;
-    char *portptr;
-    char *atsign;
-
-    if(NULL == proxydup) {
-      failf(data, "memory shortage");
-      return CURLE_OUT_OF_MEMORY;
-    }
-
-    /* We do the proxy host string parsing here. We want the host name and the
-     * port name. Accept a protocol:// prefix, even though it should just be
-     * ignored.
-     */
-
-    /* Skip the protocol part if present */
-    endofprot=strstr(proxyptr, "://");
-    if(endofprot)
-      proxyptr = endofprot+3;
-
-    /* Is there a username and password given in this proxy url? */
-    atsign = strchr(proxyptr, '@');
-    if(atsign) {
-      char proxyuser[MAX_CURL_USER_LENGTH];
-      char proxypasswd[MAX_CURL_PASSWORD_LENGTH];
-      proxypasswd[0] = 0;
-
-      if(1 <= sscanf(proxyptr,
-                     "%" MAX_CURL_USER_LENGTH_TXT"[^:]:"
-                     "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
-                     proxyuser, proxypasswd)) {
-        CURLcode res = CURLE_OK;
-
-        /* found user and password, rip them out.  note that we are
-           unescaping them, as there is otherwise no way to have a
-           username or password with reserved characters like ':' in
-           them. */
-        Curl_safefree(conn->proxyuser);
-        conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
-
-        if(!conn->proxyuser)
-          res = CURLE_OUT_OF_MEMORY;
-        else {
-          Curl_safefree(conn->proxypasswd);
-          conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
-
-          if(!conn->proxypasswd)
-            res = CURLE_OUT_OF_MEMORY;
-        }
-
-        if(CURLE_OK == res) {
-          conn->bits.proxy_user_passwd = TRUE; /* enable it */
-          atsign = strdup(atsign+1); /* the right side of the @-letter */
-
-          if(atsign) {
-            free(proxydup); /* free the former proxy string */
-            proxydup = proxyptr = atsign; /* now use this instead */
-          }
-          else
-            res = CURLE_OUT_OF_MEMORY;
-        }
-
-        if(res) {
-          free(proxydup); /* free the allocated proxy string */
-          return res;
-        }
-      }
-    }
-
-    /* start scanning for port number at this point */
-    portptr = proxyptr;
-
-    /* detect and extract RFC2732-style IPv6-addresses */
-    if(*proxyptr == '[') {
-      char *ptr = ++proxyptr; /* advance beyond the initial bracket */
-      while(*ptr && (ISXDIGIT(*ptr) || (*ptr == ':')))
-        ptr++;
-      if(*ptr == ']') {
-        /* yeps, it ended nicely with a bracket as well */
-        *ptr = 0;
-        portptr = ptr+1;
-      }
-      /* Note that if this didn't end with a bracket, we still advanced the
-       * proxyptr first, but I can't see anything wrong with that as no host
-       * name nor a numeric can legally start with a bracket.
-       */
-    }
-
-    /* Get port number off proxy.server.com:1080 */
-    prox_portno = strchr(portptr, ':');
-    if (prox_portno) {
-      *prox_portno = 0x0; /* cut off number from host name */
-      prox_portno ++;
-      /* now set the local port number */
-      conn->port = atoi(prox_portno);
-    }
-    else if(data->set.proxyport) {
-      /* None given in the proxy string, then get the default one if it is
-         given */
-      conn->port = data->set.proxyport;
-    }
-
-    /* now, clone the cleaned proxy host name */
-    conn->proxy.rawalloc = strdup(proxyptr);
-    conn->proxy.name = conn->proxy.rawalloc;
-
-    free(proxydup); /* free the duplicate pointer and not the modified */
-    proxy = NULL;   /* this may have just been freed */
-    if(!conn->proxy.rawalloc)
-      return CURLE_OUT_OF_MEMORY;
-  }
-
-  /*************************************************************
-   * If the protocol is using SSL and HTTP proxy is used, we set
-   * the tunnel_proxy bit.
-   *************************************************************/
-  if((conn->protocol&PROT_SSL) && conn->bits.httpproxy)
-    conn->bits.tunnel_proxy = TRUE;
-
-  /*************************************************************
-   * Take care of user and password authentication stuff
-   *************************************************************/
-
-  /*
-   * Inputs: data->set.userpwd   (CURLOPT_USERPWD)
-   *         data->set.fpasswd   (CURLOPT_PASSWDFUNCTION)
-   *         data->set.use_netrc (CURLOPT_NETRC)
-   *         conn->host.name
-   *         netrc file
-   *         hard-coded defaults
-   *
-   * Outputs: (almost :- all currently undefined)
-   *          conn->bits.user_passwd  - non-zero if non-default passwords exist
-   *          conn->user              - non-zero length if defined
-   *          conn->passwd            -   ditto
-   *          conn->host.name          - remove user name and password
-   */
-
-  /* At this point, we're hoping all the other special cases have
-   * been taken care of, so conn->host.name is at most
-   *    [user[:password]]@]hostname
-   *
-   * We need somewhere to put the embedded details, so do that first.
-   */
-
-  user[0] =0;   /* to make everything well-defined */
-  passwd[0]=0;
-
-  if (conn->protocol & (PROT_FTP|PROT_HTTP|PROT_SCP|PROT_SFTP)) {
-    /* This is a FTP, HTTP, SCP or SFTP URL, we will now try to extract the
-     * possible user+password pair in a string like:
-     * ftp://user:password@ftp.my.site:8021/README */
-    char *ptr=strchr(conn->host.name, '@');
-    char *userpass = conn->host.name;
-    if(ptr != NULL) {
-      /* there's a user+password given here, to the left of the @ */
-
-      conn->host.name = ++ptr;
-
-      /* So the hostname is sane.  Only bother interpreting the
-       * results if we could care.  It could still be wasted
-       * work because it might be overtaken by the programmatically
-       * set user/passwd, but doing that first adds more cases here :-(
-       */
-
-      if (data->set.use_netrc != CURL_NETRC_REQUIRED) {
-        /* We could use the one in the URL */
-
-        conn->bits.user_passwd = 1; /* enable user+password */
-
-        if(*userpass != ':') {
-          /* the name is given, get user+password */
-          sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
-                 "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
-                 user, passwd);
-        }
-        else
-          /* no name given, get the password only */
-          sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
-
-        if(user[0]) {
-          char *newname=curl_easy_unescape(data, user, 0, NULL);
-          if(!newname)
-            return CURLE_OUT_OF_MEMORY;
-          if(strlen(newname) < sizeof(user))
-            strcpy(user, newname);
-
-          /* if the new name is longer than accepted, then just use
-             the unconverted name, it'll be wrong but what the heck */
-          free(newname);
-        }
-        if (passwd[0]) {
-          /* we have a password found in the URL, decode it! */
-          char *newpasswd=curl_easy_unescape(data, passwd, 0, NULL);
-          if(!newpasswd)
-            return CURLE_OUT_OF_MEMORY;
-          if(strlen(newpasswd) < sizeof(passwd))
-            strcpy(passwd, newpasswd);
-
-          free(newpasswd);
-        }
-      }
-    }
-  }
-
-  /*************************************************************
-   * Figure out the remote port number
-   *
-   * No matter if we use a proxy or not, we have to figure out the remote
-   * port number of various reasons.
-   *
-   * To be able to detect port number flawlessly, we must not confuse them
-   * IPv6-specified addresses in the [0::1] style. (RFC2732)
-   *
-   * The conn->host.name is currently [user:passwd@]host[:port] where host
-   * could be a hostname, IPv4 address or IPv6 address.
-   *************************************************************/
-  if((1 == sscanf(conn->host.name, "[%*39[0-9a-fA-F:.]%c", &endbracket)) &&
-     (']' == endbracket)) {
-    /* this is a RFC2732-style specified IP-address */
-    conn->bits.ipv6_ip = TRUE;
-
-    conn->host.name++; /* pass the starting bracket */
-    tmp = strchr(conn->host.name, ']');
-    *tmp = 0; /* zero terminate */
-    tmp++; /* pass the ending bracket */
-    if(':' != *tmp)
-      tmp = NULL; /* no port number available */
-  }
-  else
-    tmp = strrchr(conn->host.name, ':');
-
-  if(data->set.use_port && data->state.allow_port) {
-    /* if set, we use this and ignore the port possibly given in the URL */
-    conn->remote_port = (unsigned short)data->set.use_port;
-    if(tmp)
-      *tmp = '\0'; /* cut off the name there anyway - if there was a port
-                      number - since the port number is to be ignored! */
-    if(conn->bits.httpproxy) {
-      /* we need to create new URL with the new port number */
-      char *url;
-
-      url = aprintf("http://%s:%d%s", conn->host.name, conn->remote_port,
-                    data->reqdata.path);
-      if(!url)
-        return CURLE_OUT_OF_MEMORY;
-
-      if(data->change.url_alloc)
-        free(data->change.url);
-
-      data->change.url = url;
-      data->change.url_alloc = TRUE;
-    }
-  }
-  else if (tmp) {
-    /* no CURLOPT_PORT given, extract the one from the URL */
-
-    char *rest;
-    unsigned long port;
-
-    port=strtoul(tmp+1, &rest, 10);  /* Port number must be decimal */
-
-    if (rest != (tmp+1) && *rest == '\0') {
-      /* The colon really did have only digits after it,
-       * so it is either a port number or a mistake */
-
-      if (port > 0xffff) {   /* Single unix standard says port numbers are
-                              * 16 bits long */
-        failf(data, "Port number too large: %lu", port);
-        return CURLE_URL_MALFORMAT;
-      }
-
-      *tmp = '\0'; /* cut off the name there */
-      conn->remote_port = (unsigned short)port;
-    }
-  }
-
-  /* Programmatically set password:
-   *   - always applies, if available
-   *   - takes precedence over the values we just set above
-   * so scribble it over the top.
-   * User-supplied passwords are assumed not to need unescaping.
-   *
-   * user_password is set in "inherit initial knowledge' above,
-   * so it doesn't have to be set in this block
-   */
-  if (data->set.userpwd != NULL) {
-    /* the name is given, get user+password */
-    sscanf(data->set.userpwd,
-           "%" MAX_CURL_USER_LENGTH_TXT "[^:]:"
-           "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]",
-           user, passwd);
-  }
-
-  conn->bits.netrc = FALSE;
-  if (data->set.use_netrc != CURL_NETRC_IGNORED) {
-    if(Curl_parsenetrc(conn->host.name,
-                       user, passwd,
-                       data->set.netrc_file)) {
-      infof(data, "Couldn't find host %s in the " DOT_CHAR
-            "netrc file, using defaults\n",
-            conn->host.name);
-    }
-    else {
-      /* set bits.netrc TRUE to remember that we got the name from a .netrc
-         file, so that it is safe to use even if we followed a Location: to a
-         different host or similar. */
-      conn->bits.netrc = TRUE;
-
-      conn->bits.user_passwd = 1; /* enable user+password */
-    }
-  }
-
-  /* If our protocol needs a password and we have none, use the defaults */
-  if ( (conn->protocol & PROT_FTP) &&
-       !conn->bits.user_passwd) {
-
-    conn->user = strdup(CURL_DEFAULT_USER);
-    conn->passwd = strdup(CURL_DEFAULT_PASSWORD);
-    /* This is the default password, so DON'T set conn->bits.user_passwd */
-  }
-  else {
-    /* store user + password, zero-length if not set */
-    conn->user = strdup(user);
-    conn->passwd = strdup(passwd);
-  }
-  if(!conn->user || !conn->passwd)
-    return CURLE_OUT_OF_MEMORY;
-
-  /*************************************************************
-   * Check the current list of connections to see if we can
-   * re-use an already existing one or if we have to create a
-   * new one.
-   *************************************************************/
-
-  /* get a cloned copy of the SSL config situation stored in the
-     connection struct */
-  if(!Curl_clone_ssl_config(&data->set.ssl, &conn->ssl_config))
-    return CURLE_OUT_OF_MEMORY;
-
-  /* reuse_fresh is TRUE if we are told to use a new connection by force, but
-     we only acknowledge this option if this is not a re-used connection
-     already (which happens due to follow-location or during a HTTP
-     authentication phase). */
-  if(data->set.reuse_fresh && !data->state.this_is_a_follow)
-    reuse = FALSE;
-  else
-    reuse = ConnectionExists(data, conn, &conn_temp);
-
-  if(reuse) {
-    /*
-     * We already have a connection for this, we got the former connection
-     * in the conn_temp variable and thus we need to cleanup the one we
-     * just allocated before we can move along and use the previously
-     * existing one.
-     */
-    struct connectdata *old_conn = conn;
-
-    if(old_conn->proxy.rawalloc)
-      free(old_conn->proxy.rawalloc);
-
-    /* free the SSL config struct from this connection struct as this was
-       allocated in vain and is targeted for destruction */
-    Curl_free_ssl_config(&conn->ssl_config);
-
-    conn = conn_temp;        /* use this connection from now on */
-
-    conn->data = old_conn->data;
-
-    /* get the user+password information from the old_conn struct since it may
-     * be new for this request even when we re-use an existing connection */
-    conn->bits.user_passwd = old_conn->bits.user_passwd;
-    if (conn->bits.user_passwd) {
-      /* use the new user namd and password though */
-      Curl_safefree(conn->user);
-      Curl_safefree(conn->passwd);
-      conn->user = old_conn->user;
-      conn->passwd = old_conn->passwd;
-      old_conn->user = NULL;
-      old_conn->passwd = NULL;
-    }
-
-    conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;
-    if (conn->bits.proxy_user_passwd) {
-      /* use the new proxy user name and proxy password though */
-      Curl_safefree(conn->proxyuser);
-      Curl_safefree(conn->proxypasswd);
-      conn->proxyuser = old_conn->proxyuser;
-      conn->proxypasswd = old_conn->proxypasswd;
-      old_conn->proxyuser = NULL;
-      old_conn->proxypasswd = NULL;
-    }
-
-    /* host can change, when doing keepalive with a proxy ! */
-    if (conn->bits.httpproxy) {
-      free(conn->host.rawalloc);
-      conn->host=old_conn->host;
-    }
-
-    /* get the newly set value, not the old one */
-    conn->bits.no_body = old_conn->bits.no_body;
-
-    if (!conn->bits.httpproxy)
-      free(old_conn->host.rawalloc); /* free the newly allocated name buffer */
-
-    /* re-use init */
-    conn->bits.reuse = TRUE; /* yes, we're re-using here */
-    conn->bits.chunk = FALSE; /* always assume not chunked unless told
-                                 otherwise */
-
-    Curl_safefree(old_conn->user);
-    Curl_safefree(old_conn->passwd);
-    Curl_safefree(old_conn->proxyuser);
-    Curl_safefree(old_conn->proxypasswd);
-    Curl_llist_destroy(old_conn->send_pipe, NULL);
-    Curl_llist_destroy(old_conn->recv_pipe, NULL);
-
-    free(old_conn);          /* we don't need this anymore */
-
-    /*
-     * If we're doing a resumed transfer, we need to setup our stuff
-     * properly.
-     */
-    data->reqdata.resume_from = data->set.set_resume_from;
-    if (data->reqdata.resume_from) {
-      if (data->reqdata.rangestringalloc == TRUE)
-        free(data->reqdata.range);
-      data->reqdata.range = aprintf("%" FORMAT_OFF_T "-",
-                                    data->reqdata.resume_from);
-      if(!data->reqdata.range)
-        return CURLE_OUT_OF_MEMORY;
-
-      /* tell ourselves to fetch this range */
-      data->reqdata.use_range = TRUE;        /* enable range download */
-      data->reqdata.rangestringalloc = TRUE; /* mark range string allocated */
-    }
-    else if (data->set.set_range) {
-      /* There is a range, but is not a resume, useful for random ftp access */
-      data->reqdata.range = strdup(data->set.set_range);
-      if(!data->reqdata.range)
-        return CURLE_OUT_OF_MEMORY;
-      data->reqdata.rangestringalloc = TRUE; /* mark range string allocated */
-      data->reqdata.use_range = TRUE;        /* enable range download */
-    }
-    else
-      data->reqdata.use_range = FALSE; /* disable range download */
-
-    *in_connect = conn;      /* return this instead! */
-
-    infof(data, "Re-using existing connection! (#%ld) with host %s\n",
-          conn->connectindex,
-          conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname);
-  }
-  else {
-    /*
-     * This is a brand new connection, so let's store it in the connection
-     * cache of ours!
-     */
-    ConnectionStore(data, conn);
-  }
-
-  /* Continue connectdata initialization here. */
-
-  /*
-   *
-   * Inherit the proper values from the urldata struct AFTER we have arranged
-   * the persistent connection stuff */
-  conn->fread = data->set.fread;
-  conn->fread_in = data->set.in;
-
-  if ((conn->protocol&PROT_HTTP) &&
-      data->set.upload &&
-      (data->set.infilesize == -1) &&
-      (data->set.httpversion != CURL_HTTP_VERSION_1_0)) {
-    /* HTTP, upload, unknown file size and not HTTP 1.0 */
-    conn->bits.upload_chunky = TRUE;
-  }
-  else {
-    /* else, no chunky upload */
-    conn->bits.upload_chunky = FALSE;
-  }
-
-#ifndef USE_ARES
-  /*************************************************************
-   * Set timeout if that is being used, and we're not using an asynchronous
-   * name resolve.
-   *************************************************************/
-  if((data->set.timeout || data->set.connecttimeout) && !data->set.no_signal) {
-    /*************************************************************
-     * Set signal handler to catch SIGALRM
-     * Store the old value to be able to set it back later!
-     *************************************************************/
-
-#ifdef SIGALRM
-#ifdef HAVE_ALARM
-    long shortest;
-#endif
-#ifdef HAVE_SIGACTION
-    struct sigaction sigact;
-    sigaction(SIGALRM, NULL, &sigact);
-    keep_sigact = sigact;
-    keep_copysig = TRUE; /* yes, we have a copy */
-    sigact.sa_handler = alarmfunc;
-#ifdef SA_RESTART
-    /* HPUX doesn't have SA_RESTART but defaults to that behaviour! */
-    sigact.sa_flags &= ~SA_RESTART;
-#endif
-    /* now set the new struct */
-    sigaction(SIGALRM, &sigact, NULL);
-#else /* HAVE_SIGACTION */
-    /* no sigaction(), revert to the much lamer signal() */
-#ifdef HAVE_SIGNAL
-    keep_sigact = signal(SIGALRM, alarmfunc);
-#endif
-#endif /* HAVE_SIGACTION */
-
-    /* We set the timeout on the name resolving phase first, separately from
-     * the download/upload part to allow a maximum time on everything. This is
-     * a signal-based timeout, why it won't work and shouldn't be used in
-     * multi-threaded environments. */
-
-#ifdef HAVE_ALARM
-    shortest = data->set.timeout; /* default to this timeout value */
-    if(shortest && data->set.connecttimeout &&
-       (data->set.connecttimeout < shortest))
-      /* if both are set, pick the shortest */
-      shortest = data->set.connecttimeout;
-    else if(!shortest)
-      /* if timeout is not set, use the connect timeout */
-      shortest = data->set.connecttimeout;
-
-    /* alarm() makes a signal get sent when the timeout fires off, and that
-       will abort system calls */
-    prev_alarm = alarm((unsigned int) shortest);
-    /* We can expect the conn->created time to be "now", as that was just
-       recently set in the beginning of this function and nothing slow
-       has been done since then until now. */
-#endif
-#endif /* SIGALRM */
-  }
-#endif /* USE_ARES */
-
-  /*************************************************************
-   * Resolve the name of the server or proxy
-   *************************************************************/
-  if(conn->bits.reuse) {
-    /* re-used connection, no resolving is necessary */
-    hostaddr = NULL;
-    /* we'll need to clear conn->dns_entry later in Curl_disconnect() */
-
-    if (conn->bits.httpproxy)
-      fix_hostname(data, conn, &conn->host);
-  }
-  else {
-    /* this is a fresh connect */
-
-    /* set a pointer to the hostname we display */
-    fix_hostname(data, conn, &conn->host);
-
-    if(!conn->proxy.name || !*conn->proxy.name) {
-      /* If not connecting via a proxy, extract the port from the URL, if it is
-       * there, thus overriding any defaults that might have been set above. */
-      conn->port =  conn->remote_port; /* it is the same port */
-
-      /* Resolve target host right on */
-      rc = Curl_resolv(conn, conn->host.name, (int)conn->port, &hostaddr);
-      if(rc == CURLRESOLV_PENDING)
-        *async = TRUE;
-
-      else if(!hostaddr) {
-        failf(data, "Couldn't resolve host '%s'", conn->host.dispname);
-        result =  CURLE_COULDNT_RESOLVE_HOST;
-        /* don't return yet, we need to clean up the timeout first */
-      }
-    }
-    else {
-      /* This is a proxy that hasn't been resolved yet. */
-
-      /* IDN-fix the proxy name */
-      fix_hostname(data, conn, &conn->proxy);
-
-      /* resolve proxy */
-      rc = Curl_resolv(conn, conn->proxy.name, (int)conn->port, &hostaddr);
-
-      if(rc == CURLRESOLV_PENDING)
-        *async = TRUE;
-
-      else if(!hostaddr) {
-        failf(data, "Couldn't resolve proxy '%s'", conn->proxy.dispname);
-        result = CURLE_COULDNT_RESOLVE_PROXY;
-        /* don't return yet, we need to clean up the timeout first */
-      }
-    }
-  }
-  *addr = hostaddr;
-
-#if defined(HAVE_ALARM) && defined(SIGALRM) && !defined(USE_ARES)
-  if((data->set.timeout || data->set.connecttimeout) && !data->set.no_signal) {
-#ifdef HAVE_SIGACTION
-    if(keep_copysig) {
-      /* we got a struct as it looked before, now put that one back nice
-         and clean */
-      sigaction(SIGALRM, &keep_sigact, NULL); /* put it back */
-    }
-#else
-#ifdef HAVE_SIGNAL
-    /* restore the previous SIGALRM handler */
-    signal(SIGALRM, keep_sigact);
-#endif
-#endif /* HAVE_SIGACTION */
-
-    /* switch back the alarm() to either zero or to what it was before minus
-       the time we spent until now! */
-    if(prev_alarm) {
-      /* there was an alarm() set before us, now put it back */
-      unsigned long elapsed_ms = Curl_tvdiff(Curl_tvnow(), conn->created);
-      unsigned long alarm_set;
-
-      /* the alarm period is counted in even number of seconds */
-      alarm_set = prev_alarm - elapsed_ms/1000;
-
-      if(!alarm_set ||
-         ((alarm_set >= 0x80000000) && (prev_alarm < 0x80000000)) ) {
-        /* if the alarm time-left reached zero or turned "negative" (counted
-           with unsigned values), we should fire off a SIGALRM here, but we
-           won't, and zero would be to switch it off so we never set it to
-           less than 1! */
-        alarm(1);
-        result = CURLE_OPERATION_TIMEOUTED;
-        failf(data, "Previous alarm fired off!");
-      }
-      else
-        alarm((unsigned int)alarm_set);
-    }
-    else
-      alarm(0); /* just shut it off */
-  }
-#endif
-
-  return result;
-}
-
-/* SetupConnection() is called after the name resolve initiated in
- * CreateConnection() is all done.
- *
- * NOTE: the argument 'hostaddr' is NULL when this function is called for a
- * re-used connection.
- *
- * conn->data MUST already have been setup fine (in CreateConnection)
- */
-
-static CURLcode SetupConnection(struct connectdata *conn,
-                                struct Curl_dns_entry *hostaddr,
-                                bool *protocol_done)
-{
-  CURLcode result=CURLE_OK;
-  struct SessionHandle *data = conn->data;
-
-  Curl_pgrsTime(data, TIMER_NAMELOOKUP);
-
-  if(conn->protocol & PROT_FILE) {
-    /* There's nothing in this function to setup if we're only doing
-       a file:// transfer */
-    *protocol_done = TRUE;
-    return result;
-  }
-  *protocol_done = FALSE; /* default to not done */
-
-  /*************************************************************
-   * Send user-agent to HTTP proxies even if the target protocol
-   * isn't HTTP.
-   *************************************************************/
-  if((conn->protocol&PROT_HTTP) || conn->bits.httpproxy) {
-    if(data->set.useragent) {
-      Curl_safefree(conn->allocptr.uagent);
-      conn->allocptr.uagent =
-        aprintf("User-Agent: %s\r\n", data->set.useragent);
-      if(!conn->allocptr.uagent)
-        return CURLE_OUT_OF_MEMORY;
-    }
-  }
-
-  conn->headerbytecount = 0;
-
-#ifdef CURL_DO_LINEEND_CONV
-  data->state.crlf_conversions = 0; /* reset CRLF conversion counter */
-#endif /* CURL_DO_LINEEND_CONV */
-
-  for(;;) {
-    /* loop for CURL_SERVER_CLOSED_CONNECTION */
-
-    if(CURL_SOCKET_BAD == conn->sock[FIRSTSOCKET]) {
-      bool connected = FALSE;
-
-      /* Connect only if not already connected! */
-      result = ConnectPlease(data, conn, hostaddr, &connected);
-
-      if(connected) {
-        result = Curl_protocol_connect(conn, protocol_done);
-        if(CURLE_OK == result)
-          conn->bits.tcpconnect = TRUE;
-      }
-      else
-        conn->bits.tcpconnect = FALSE;
-
-      /* if the connection was closed by the server while exchanging
-         authentication information, retry with the new set
-         authentication information */
-      if(conn->bits.proxy_connect_closed) {
-        /* reset the error buffer */
-        if (data->set.errorbuffer)
-          data->set.errorbuffer[0] = '\0';
-        data->state.errorbuf = FALSE;
-        continue;
-      }
-
-      if(CURLE_OK != result)
-        return result;
-    }
-    else {
-      Curl_pgrsTime(data, TIMER_CONNECT); /* we're connected already */
-      conn->bits.tcpconnect = TRUE;
-      *protocol_done = TRUE;
-      if(data->set.verbose)
-        verboseconnect(conn);
-    }
-    /* Stop the loop now */
-    break;
-  }
-
-  conn->now = Curl_tvnow(); /* time this *after* the connect is done, we
-                               set this here perhaps a second time */
-
-#ifdef __EMX__
-  /* 20000330 mgs
-   * the check is quite a hack...
-   * we're calling _fsetmode to fix the problem with fwrite converting newline
-   * characters (you get mangled text files, and corrupted binary files when
-   * you download to stdout and redirect it to a file). */
-
-  if ((data->set.out)->_handle == NULL) {
-    _fsetmode(stdout, "b");
-  }
-#endif
-
-  return CURLE_OK;
-}
-
-CURLcode Curl_connect(struct SessionHandle *data,
-                      struct connectdata **in_connect,
-                      bool *asyncp,
-                      bool *protocol_done)
-{
-  CURLcode code;
-  struct Curl_dns_entry *dns;
-
-  *asyncp = FALSE; /* assume synchronous resolves by default */
-
-  /* call the stuff that needs to be called */
-  code = CreateConnection(data, in_connect, &dns, asyncp);
-
-  if(CURLE_OK == code) {
-    /* no error */
-    if(dns || !*asyncp)
-      /* If an address is available it means that we already have the name
-         resolved, OR it isn't async. if this is a re-used connection 'dns'
-         will be NULL here. Continue connecting from here */
-      code = SetupConnection(*in_connect, dns, protocol_done);
-    /* else
-       response will be received and treated async wise */
-  }
-
-  if(CURLE_OK != code) {
-    /* We're not allowed to return failure with memory left allocated
-       in the connectdata struct, free those here */
-    if(*in_connect) {
-      Curl_disconnect(*in_connect); /* close the connection */
-      *in_connect = NULL;           /* return a NULL */
-    }
-  }
-  else {
-    if ((*in_connect)->is_in_pipeline)
-      data->state.is_in_pipeline = TRUE;
-  }
-
-  return code;
-}
-
-/* Call this function after Curl_connect() has returned async=TRUE and
-   then a successful name resolve has been received.
-
-   Note: this function disconnects and frees the conn data in case of
-   resolve failure */
-CURLcode Curl_async_resolved(struct connectdata *conn,
-                             bool *protocol_done)
-{
-#if defined(USE_ARES) || defined(USE_THREADING_GETHOSTBYNAME) || \
-    defined(USE_THREADING_GETADDRINFO)
-  CURLcode code = SetupConnection(conn, conn->async.dns, protocol_done);
-
-  if(code)
-    /* We're not allowed to return failure with memory left allocated
-       in the connectdata struct, free those here */
-    Curl_disconnect(conn); /* close the connection */
-
-  return code;
-#else
-  (void)conn;
-  (void)protocol_done;
-  return CURLE_OK;
-#endif
-}
-
-
-CURLcode Curl_done(struct connectdata **connp,
-                   CURLcode status, bool premature) /* an error if this is called after an
-                                       error was detected */
-{
-  CURLcode result;
-  struct connectdata *conn = *connp;
-  struct SessionHandle *data = conn->data;
-
-  Curl_expire(data, 0); /* stop timer */
-
-  if(conn->bits.done)
-    return CURLE_OK; /* Curl_done() has already been called */
-
-  conn->bits.done = TRUE; /* called just now! */
-
-  if(Curl_removeHandleFromPipeline(data, conn->recv_pipe) &&
-     conn->readchannel_inuse)
-    conn->readchannel_inuse = FALSE;
-  if(Curl_removeHandleFromPipeline(data, conn->send_pipe) &&
-     conn->writechannel_inuse)
-    conn->writechannel_inuse = FALSE;
-
-  /* cleanups done even if the connection is re-used */
-  if(data->reqdata.rangestringalloc) {
-    free(data->reqdata.range);
-    data->reqdata.rangestringalloc = FALSE;
-  }
-
-  /* Cleanup possible redirect junk */
-  if(data->reqdata.newurl) {
-    free(data->reqdata.newurl);
-    data->reqdata.newurl = NULL;
-  }
-
-  if(conn->dns_entry) {
-    Curl_resolv_unlock(data, conn->dns_entry); /* done with this */
-    conn->dns_entry = NULL;
-  }
-
-  /* this calls the protocol-specific function pointer previously set */
-  if(conn->curl_done)
-    result = conn->curl_done(conn, status, premature);
-  else
-    result = CURLE_OK;
-
-  Curl_pgrsDone(conn); /* done with the operation */
-
-  /* for ares-using, make sure all possible outstanding requests are properly
-     cancelled before we proceed */
-  ares_cancel(data->state.areschannel);
-
-  /* if data->set.reuse_forbid is TRUE, it means the libcurl client has
-     forced us to close this no matter what we think.
-
-     if conn->bits.close is TRUE, it means that the connection should be
-     closed in spite of all our efforts to be nice, due to protocol
-     restrictions in our or the server's end */
-  if(data->set.reuse_forbid || conn->bits.close) {
-    CURLcode res2 = Curl_disconnect(conn); /* close the connection */
-
-    *connp = NULL; /* to make the caller of this function better detect that
-                      this was actually killed here */
-
-    /* If we had an error already, make sure we return that one. But
-       if we got a new error, return that. */
-    if(!result && res2)
-      result = res2;
-  }
-  else {
-    ConnectionDone(conn); /* the connection is no longer in use */
-
-    /* remember the most recently used connection */
-    data->state.lastconnect = conn->connectindex;
-
-    infof(data, "Connection #%ld to host %s left intact\n",
-          conn->connectindex,
-          conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname);
-  }
-
-  return result;
-}
-
-CURLcode Curl_do(struct connectdata **connp, bool *done)
-{
-  CURLcode result=CURLE_OK;
-  struct connectdata *conn = *connp;
-  struct SessionHandle *data = conn->data;
-
-  conn->bits.done = FALSE; /* Curl_done() is not called yet */
-  conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to use */
-
-  if(conn->curl_do) {
-    /* generic protocol-specific function pointer set in curl_connect() */
-    result = conn->curl_do(conn, done);
-
-    /* This was formerly done in transfer.c, but we better do it here */
-
-    if((CURLE_SEND_ERROR == result) && conn->bits.reuse) {
-      /* This was a re-use of a connection and we got a write error in the
-       * DO-phase. Then we DISCONNECT this connection and have another attempt
-       * to CONNECT and then DO again! The retry cannot possibly find another
-       * connection to re-use, since we only keep one possible connection for
-       * each.  */
-
-      infof(data, "Re-used connection seems dead, get a new one\n");
-
-      conn->bits.close = TRUE; /* enforce close of this connection */
-      result = Curl_done(&conn, result, FALSE); /* we are so done with this */
-
-      /* conn may no longer be a good pointer */
-
-      /*
-       * According to bug report #1330310. We need to check for
-       * CURLE_SEND_ERROR here as well. I figure this could happen when the
-       * request failed on a FTP connection and thus Curl_done() itself tried
-       * to use the connection (again). Slight Lack of feedback in the report,
-       * but I don't think this extra check can do much harm.
-       */
-      if((CURLE_OK == result) || (CURLE_SEND_ERROR == result)) {
-        bool async;
-        bool protocol_done = TRUE;
-
-        /* Now, redo the connect and get a new connection */
-        result = Curl_connect(data, connp, &async, &protocol_done);
-        if(CURLE_OK == result) {
-          /* We have connected or sent away a name resolve query fine */
-
-          conn = *connp; /* setup conn to again point to something nice */
-          if(async) {
-            /* Now, if async is TRUE here, we need to wait for the name
-               to resolve */
-            result = Curl_wait_for_resolv(conn, NULL);
-            if(result)
-              return result;
-
-            /* Resolved, continue with the connection */
-            result = Curl_async_resolved(conn, &protocol_done);
-            if(result)
-              return result;
-          }
-
-          /* ... finally back to actually retry the DO phase */
-          result = conn->curl_do(conn, done);
-        }
-      }
-    }
-  }
-  return result;
-}
-
-CURLcode Curl_do_more(struct connectdata *conn)
-{
-  CURLcode result=CURLE_OK;
-
-  if(conn->curl_do_more)
-    result = conn->curl_do_more(conn);
-
-  return result;
-}
diff --git a/Utilities/cmcurl/urldata.h b/Utilities/cmcurl/urldata.h
deleted file mode 100644
index 46d956d..0000000
--- a/Utilities/cmcurl/urldata.h
+++ /dev/null
@@ -1,1340 +0,0 @@
-#ifndef __URLDATA_H
-#define __URLDATA_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * $Id$
- ***************************************************************************/
-
-/* This file is for lib internal stuff */
-
-#include "setup.h"
-
-#define PORT_FTP 21
-#define PORT_FTPS 990
-#define PORT_TELNET 23
-#define PORT_HTTP 80
-#define PORT_HTTPS 443
-#define PORT_DICT 2628
-#define PORT_LDAP 389
-#define PORT_TFTP 69
-#define PORT_SSH 22
-
-#define DICT_MATCH "/MATCH:"
-#define DICT_MATCH2 "/M:"
-#define DICT_MATCH3 "/FIND:"
-#define DICT_DEFINE "/DEFINE:"
-#define DICT_DEFINE2 "/D:"
-#define DICT_DEFINE3 "/LOOKUP:"
-
-#define CURL_DEFAULT_USER "anonymous"
-#define CURL_DEFAULT_PASSWORD "curl_by_daniel@haxx.se"
-
-#include "cookie.h"
-#include "formdata.h"
-
-#ifdef USE_SSLEAY
-#ifdef USE_OPENSSL
-#include "openssl/rsa.h"
-#include "openssl/crypto.h"
-#include "openssl/x509.h"
-#include "openssl/pem.h"
-#include "openssl/ssl.h"
-#include "openssl/err.h"
-#ifdef HAVE_OPENSSL_ENGINE_H
-#include <openssl/engine.h>
-#endif
-#ifdef HAVE_OPENSSL_PKCS12_H
-#include <openssl/pkcs12.h>
-#endif
-#else /* SSLeay-style includes */
-#include "rsa.h"
-#include "crypto.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#include "err.h"
-#endif /* USE_OPENSSL */
-#endif /* USE_SSLEAY */
-
-#ifdef USE_GNUTLS
-#include <gnutls/gnutls.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-
-#include "timeval.h"
-
-#ifdef HAVE_ZLIB_H
-#include <zlib.h>               /* for content-encoding */
-#endif
-
-#ifdef USE_ARES
-#include <ares.h>
-#endif
-
-#include <curl/curl.h>
-
-#include "http_chunks.h" /* for the structs and enum stuff */
-#include "hostip.h"
-#include "hash.h"
-#include "splay.h"
-
-#ifdef HAVE_GSSAPI
-# ifdef HAVE_GSSGNU
-#  include <gss.h>
-# elif defined HAVE_GSSMIT
-#  include <gssapi/gssapi.h>
-#  include <gssapi/gssapi_generic.h>
-# else
-#  include <gssapi.h>
-# endif
-#endif
-
-#ifdef HAVE_LIBSSH2_H
-#include <libssh2.h>
-#include <libssh2_sftp.h>
-#endif /* HAVE_LIBSSH2_H */
-
-/* Download buffer size, keep it fairly big for speed reasons */
-#undef BUFSIZE
-#define BUFSIZE CURL_MAX_WRITE_SIZE
-
-/* Initial size of the buffer to store headers in, it'll be enlarged in case
-   of need. */
-#define HEADERSIZE 256
-
-#define CURLEASY_MAGIC_NUMBER 0xc0dedbad
-
-/* Just a convenience macro to get the larger value out of two given.
-   We prefix with CURL to prevent name collisions. */
-#define CURLMAX(x,y) ((x)>(y)?(x):(y))
-
-#ifdef HAVE_KRB4
-/* Types needed for krb4-ftp connections */
-struct krb4buffer {
-  void *data;
-  size_t size;
-  size_t index;
-  int eof_flag;
-};
-enum protection_level {
-  prot_clear,
-  prot_safe,
-  prot_confidential,
-  prot_private
-};
-#endif
-
-/* enum for the nonblocking SSL connection state machine */
-typedef enum {
-  ssl_connect_1,
-  ssl_connect_2,
-  ssl_connect_2_reading,
-  ssl_connect_2_writing,
-  ssl_connect_3,
-  ssl_connect_done
-} ssl_connect_state;
-
-/* struct for data related to each SSL connection */
-struct ssl_connect_data {
-  bool use;        /* use ssl encrypted communications TRUE/FALSE */
-#ifdef USE_SSLEAY
-  /* these ones requires specific SSL-types */
-  SSL_CTX* ctx;
-  SSL*     handle;
-  X509*    server_cert;
-  ssl_connect_state connecting_state;
-#endif /* USE_SSLEAY */
-#ifdef USE_GNUTLS
-  gnutls_session session;
-  gnutls_certificate_credentials cred;
-#endif /* USE_GNUTLS */
-};
-
-struct ssl_config_data {
-  long version;          /* what version the client wants to use */
-  long certverifyresult; /* result from the certificate verification */
-  long verifypeer;       /* set TRUE if this is desired */
-  long verifyhost;       /* 0: no verify
-                            1: check that CN exists
-                            2: CN must match hostname */
-  char *CApath;          /* DOES NOT WORK ON WINDOWS */
-  char *CAfile;          /* cerficate to verify peer against */
-  char *random_file;     /* path to file containing "random" data */
-  char *egdsocket;       /* path to file containing the EGD daemon socket */
-  char *cipher_list;     /* list of ciphers to use */
-  long numsessions;      /* SSL session id cache size */
-  curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
-  void *fsslctxp;        /* parameter for call back */
-  bool sessionid;        /* cache session IDs or not */
-};
-
-/* information stored about one single SSL session */
-struct curl_ssl_session {
-  char *name;       /* host name for which this ID was used */
-  void *sessionid;  /* as returned from the SSL layer */
-  size_t idsize;    /* if known, otherwise 0 */
-  long age;         /* just a number, the higher the more recent */
-  unsigned short remote_port; /* remote port to connect to */
-  struct ssl_config_data ssl_config; /* setup for this session */
-};
-
-/* Struct used for Digest challenge-response authentication */
-struct digestdata {
-  char *nonce;
-  char *cnonce;
-  char *realm;
-  int algo;
-  bool stale; /* set true for re-negotiation */
-  char *opaque;
-  char *qop;
-  char *algorithm;
-  int nc; /* nounce count */
-};
-
-typedef enum {
-  NTLMSTATE_NONE,
-  NTLMSTATE_TYPE1,
-  NTLMSTATE_TYPE2,
-  NTLMSTATE_TYPE3,
-  NTLMSTATE_LAST
-} curlntlm;
-
-#ifdef USE_WINDOWS_SSPI
-/* When including these headers, you must define either SECURITY_WIN32
- * or SECURITY_KERNEL, indicating who is compiling the code.
- */
-#define SECURITY_WIN32 1
-#include <security.h>
-#include <sspi.h>
-#include <rpc.h>
-#endif
-
-#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
-#include <iconv.h>
-#endif
-
-/* Struct used for NTLM challenge-response authentication */
-struct ntlmdata {
-  curlntlm state;
-#ifdef USE_WINDOWS_SSPI
-  CredHandle handle;
-  CtxtHandle c_handle;
-  SEC_WINNT_AUTH_IDENTITY identity;
-  SEC_WINNT_AUTH_IDENTITY *p_identity;
-  int has_handles;
-  void *type_2;
-  int n_type_2;
-#else
-  unsigned int flags;
-  unsigned char nonce[8];
-#endif
-};
-
-#ifdef HAVE_GSSAPI
-struct negotiatedata {
-  bool gss; /* Whether we're processing GSS-Negotiate or Negotiate */
-  const char* protocol; /* "GSS-Negotiate" or "Negotiate" */
-  OM_uint32 status;
-  gss_ctx_id_t context;
-  gss_name_t server_name;
-  gss_buffer_desc output_token;
-};
-#endif
-
-/****************************************************************************
- * HTTP unique setup
- ***************************************************************************/
-struct HTTP {
-  struct FormData *sendit;
-  curl_off_t postsize; /* off_t to handle large file sizes */
-  char *postdata;
-
-  const char *p_pragma;      /* Pragma: string */
-  const char *p_accept;      /* Accept: string */
-  curl_off_t readbytecount;
-  curl_off_t writebytecount;
-
-  /* For FORM posting */
-  struct Form form;
-  struct Curl_chunker chunk;
-
-  struct back {
-    curl_read_callback fread; /* backup storage for fread pointer */
-    void *fread_in;           /* backup storage for fread_in pointer */
-    char *postdata;
-    curl_off_t postsize;
-  } backup;
-
-  enum {
-    HTTPSEND_NADA,    /* init */
-    HTTPSEND_REQUEST, /* sending a request */
-    HTTPSEND_BODY,    /* sending body */
-    HTTPSEND_LAST     /* never use this */
-  } sending;
-
-  void *send_buffer; /* used if the request couldn't be sent in one chunk,
-                        points to an allocated send_buffer struct */
-};
-
-/****************************************************************************
- * FTP unique setup
- ***************************************************************************/
-typedef enum {
-  FTP_STOP,    /* do nothing state, stops the state machine */
-  FTP_WAIT220, /* waiting for the initial 220 response immediately after
-                  a connect */
-  FTP_AUTH,
-  FTP_USER,
-  FTP_PASS,
-  FTP_ACCT,
-  FTP_PBSZ,
-  FTP_PROT,
-  FTP_CCC,
-  FTP_PWD,
-  FTP_QUOTE, /* waiting for a response to a command sent in a quote list */
-  FTP_RETR_PREQUOTE,
-  FTP_STOR_PREQUOTE,
-  FTP_POSTQUOTE,
-  FTP_CWD,  /* change dir */
-  FTP_MKD,  /* if the dir didn't exist */
-  FTP_MDTM, /* to figure out the datestamp */
-  FTP_TYPE, /* to set type when doing a head-like request */
-  FTP_LIST_TYPE, /* set type when about to do a dir list */
-  FTP_RETR_TYPE, /* set type when about to RETR a file */
-  FTP_STOR_TYPE, /* set type when about to STOR a file */
-  FTP_SIZE, /* get the remote file's size for head-like request */
-  FTP_RETR_SIZE, /* get the remote file's size for RETR */
-  FTP_STOR_SIZE, /* get the size for (resumed) STOR */
-  FTP_REST, /* when used to check if the server supports it in head-like */
-  FTP_RETR_REST, /* when asking for "resume" in for RETR */
-  FTP_PORT, /* generic state for PORT, LPRT and EPRT, check count1 */
-  FTP_PASV, /* generic state for PASV and EPSV, check count1 */
-  FTP_LIST, /* generic state for LIST, NLST or a custom list command */
-  FTP_RETR,
-  FTP_STOR, /* generic state for STOR and APPE */
-  FTP_QUIT,
-  FTP_LAST  /* never used */
-} ftpstate;
-
-typedef enum {
-  FTPFILE_MULTICWD  = 1, /* as defined by RFC1738 */
-  FTPFILE_NOCWD     = 2, /* use SIZE / RETR / STOR on the full path */
-  FTPFILE_SINGLECWD = 3  /* make one CWD, then SIZE / RETR / STOR on the file */
-} curl_ftpfile;
-
-/* This FTP struct is used in the SessionHandle. All FTP data that is
-   connection-oriented must be in FTP_conn to properly deal with the fact that
-   perhaps the SessionHandle is changed between the times the connection is
-   used. */
-struct FTP {
-  curl_off_t *bytecountp;
-  char *user;    /* user name string */
-  char *passwd;  /* password string */
-  char *urlpath; /* the originally given path part of the URL */
-  char *file;    /* decoded file */
-  bool no_transfer; /* nothing was transfered, (possibly because a resumed
-                       transfer already was complete) */
-  curl_off_t downloadsize;
-};
-
-/* ftp_conn is used for striuct connection-oriented data in the connectdata
-   struct */
-struct ftp_conn {
-  char *entrypath; /* the PWD reply when we logged on */
-  char **dirs;   /* realloc()ed array for path components */
-  int dirdepth;  /* number of entries used in the 'dirs' array */
-  int diralloc;  /* number of entries allocated for the 'dirs' array */
-  char *cache;       /* data cache between getresponse()-calls */
-  curl_off_t cache_size; /* size of cache in bytes */
-  bool dont_check;  /* Set to TRUE to prevent the final (post-transfer)
-                       file size and 226/250 status check. It should still
-                       read the line, just ignore the result. */
-  long response_time; /* When no timeout is given, this is the amount of
-                         seconds we await for an FTP response. Initialized
-                         in Curl_ftp_connect() */
-  bool ctl_valid;   /* Tells Curl_ftp_quit() whether or not to do anything. If
-                       the connection has timed out or been closed, this
-                       should be FALSE when it gets to Curl_ftp_quit() */
-  bool cwddone;     /* if it has been determined that the proper CWD combo
-                       already has been done */
-  bool cwdfail;     /* set TRUE if a CWD command fails, as then we must prevent
-                       caching the current directory */
-  char *prevpath;   /* conn->path from the previous transfer */
-  char transfertype; /* set by ftp_transfertype for use by Curl_client_write()a
-                        and others (A/I or zero) */
-  size_t nread_resp; /* number of bytes currently read of a server response */
-  char *linestart_resp; /* line start pointer for the FTP server response
-                           reader function */
-
-  int count1; /* general purpose counter for the state machine */
-  int count2; /* general purpose counter for the state machine */
-  int count3; /* general purpose counter for the state machine */
-  char *sendthis; /* allocated pointer to a buffer that is to be sent to the
-                     ftp server */
-  size_t sendleft; /* number of bytes left to send from the sendthis buffer */
-  size_t sendsize; /* total size of the sendthis buffer */
-  struct timeval response; /* set to Curl_tvnow() when a command has been sent
-                              off, used to time-out response reading */
-  ftpstate state; /* always use ftp.c:state() to change state! */
-};
-
-struct SSHPROTO {
-  curl_off_t *bytecountp;
-  char *user;
-  char *passwd;
-  char *path;                   /* the path we operate on */
-  char *homedir;
-  char *errorstr;
-#ifdef USE_LIBSSH2
-  LIBSSH2_SESSION       *ssh_session;  /* Secure Shell session */
-  LIBSSH2_CHANNEL       *ssh_channel;  /* Secure Shell channel handle */
-  LIBSSH2_SFTP          *sftp_session; /* SFTP handle */
-  LIBSSH2_SFTP_HANDLE   *sftp_handle;
-#endif /* USE_LIBSSH2 */
-};
-
-
-/****************************************************************************
- * FILE unique setup
- ***************************************************************************/
-struct FILEPROTO {
-  char *path; /* the path we operate on */
-  char *freepath; /* pointer to the allocated block we must free, this might
-                     differ from the 'path' pointer */
-  int fd;     /* open file descriptor to read from! */
-};
-
-/*
- * Boolean values that concerns this connection.
- */
-struct ConnectBits {
-  bool close; /* if set, we close the connection after this request */
-  bool reuse; /* if set, this is a re-used connection */
-  bool chunk; /* if set, this is a chunked transfer-encoding */
-  bool httpproxy;    /* if set, this transfer is done through a http proxy */
-  bool user_passwd;    /* do we use user+password for this connection? */
-  bool proxy_user_passwd; /* user+password for the proxy? */
-  bool ipv6_ip; /* we communicate with a remote site specified with pure IPv6
-                   IP address */
-  bool ipv6;    /* we communicate with a site using an IPv6 address */
-
-  bool do_more; /* this is set TRUE if the ->curl_do_more() function is
-                   supposed to be called, after ->curl_do() */
-
-  bool upload_chunky; /* set TRUE if we are doing chunked transfer-encoding
-                         on upload */
-  bool getheader;     /* TRUE if header parsing is wanted */
-
-  bool forbidchunk;   /* used only to explicitly forbid chunk-upload for
-                         specific upload buffers. See readmoredata() in
-                         http.c for details. */
-
-  bool tcpconnect;    /* the TCP layer (or simimlar) is connected, this is set
-                         the first time on the first connect function call */
-  bool protoconnstart;/* the protocol layer has STARTED its operation after
-                         the TCP layer connect */
-
-  bool retry;         /* this connection is about to get closed and then
-                         re-attempted at another connection. */
-  bool no_body;       /* CURLOPT_NO_BODY (or similar) was set */
-  bool tunnel_proxy;  /* if CONNECT is used to "tunnel" through the proxy.
-                         This is implicit when SSL-protocols are used through
-                         proxies, but can also be enabled explicitly by
-                         apps */
-  bool authneg;       /* TRUE when the auth phase has started, which means
-                         that we are creating a request with an auth header,
-                         but it is not the final request in the auth
-                         negotiation. */
-  bool rewindaftersend;/* TRUE when the sending couldn't be stopped even
-                          though it will be discarded. When the whole send
-                          operation is done, we must call the data rewind
-                          callback. */
-  bool ftp_use_epsv;  /* As set with CURLOPT_FTP_USE_EPSV, but if we find out
-                         EPSV doesn't work we disable it for the forthcoming
-                         requests */
-
-  bool ftp_use_eprt;  /* As set with CURLOPT_FTP_USE_EPRT, but if we find out
-                         EPRT doesn't work we disable it for the forthcoming
-                         requests */
-  bool netrc;         /* name+password provided by netrc */
-
-  bool trailerHdrPresent; /* Set when Trailer: header found in HTTP response.
-                             Required to determine whether to look for trailers
-                             in case of Transfer-Encoding: chunking */
-  bool done;          /* set to FALSE when Curl_do() is called and set to TRUE
-                         when Curl_done() is called, to prevent Curl_done() to
-                         get invoked twice when the multi interface is
-                         used. */
-  bool stream_was_rewound; /* Indicates that the stream was rewound after a
-                              request read past the end of its response byte
-                              boundary */
-  bool proxy_connect_closed; /* set true if a proxy disconnected the
-                                connection in a CONNECT request with auth, so
-                                that libcurl should reconnect and continue. */
-};
-
-struct hostname {
-  char *rawalloc; /* allocated "raw" version of the name */
-  char *encalloc; /* allocated IDN-encoded version of the name */
-  char *name;     /* name to use internally, might be encoded, might be raw */
-  char *dispname; /* name to display, as 'name' might be encoded */
-};
-
-/*
- * Flags on the keepon member of the Curl_transfer_keeper
- */
-
-#define KEEP_NONE  0
-#define KEEP_READ  1      /* there is or may be data to read */
-#define KEEP_WRITE 2      /* there is or may be data to write */
-#define KEEP_READ_HOLD 4  /* when set, no reading should be done but there
-                             might still be data to read */
-#define KEEP_WRITE_HOLD 8 /* when set, no writing should be done but there
-                             might still be data to write */
-
-/*
- * This struct is all the previously local variables from Curl_perform() moved
- * to struct to allow the function to return and get re-invoked better without
- * losing state.
- */
-
-struct Curl_transfer_keeper {
-
-  /** Values copied over from the HandleData struct each time on init **/
-
-  curl_off_t size;        /* -1 if unknown at this point */
-  curl_off_t *bytecountp; /* return number of bytes read or NULL */
-
-  curl_off_t maxdownload; /* in bytes, the maximum amount of data to fetch, 0
-                             means unlimited */
-  curl_off_t *writebytecountp; /* return number of bytes written or NULL */
-
-  /** End of HandleData struct copies **/
-
-  curl_off_t bytecount;         /* total number of bytes read */
-  curl_off_t writebytecount;    /* number of bytes written */
-
-  struct timeval start;         /* transfer started at this time */
-  struct timeval now;           /* current time */
-  bool header;                  /* incoming data has HTTP header */
-  enum {
-    HEADER_NORMAL,              /* no bad header at all */
-    HEADER_PARTHEADER,          /* part of the chunk is a bad header, the rest
-                                   is normal data */
-    HEADER_ALLBAD               /* all was believed to be header */
-  } badheader;                  /* the header was deemed bad and will be
-                                   written as body */
-  int headerline;               /* counts header lines to better track the
-                                   first one */
-  char *hbufp;                  /* points at *end* of header line */
-  size_t hbuflen;
-  char *str;                    /* within buf */
-  char *str_start;              /* within buf */
-  char *end_ptr;                /* within buf */
-  char *p;                      /* within headerbuff */
-  bool content_range;           /* set TRUE if Content-Range: was found */
-  curl_off_t offset;            /* possible resume offset read from the
-                                   Content-Range: header */
-  int httpcode;                 /* error code from the 'HTTP/1.? XXX' line */
-  int httpversion;              /* the HTTP version*10 */
-  struct timeval start100;      /* time stamp to wait for the 100 code from */
-  bool write_after_100_header;  /* TRUE = we enable the write after we
-                                   received a 100-continue/timeout or
-                                   FALSE = directly */
-  bool wait100_after_headers;   /* TRUE = after the request-headers have been
-                                   sent off properly, we go into the wait100
-                                   state, FALSE = don't */
-  int content_encoding;         /* What content encoding. sec 3.5, RFC2616. */
-
-#define IDENTITY 0              /* No encoding */
-#define DEFLATE 1               /* zlib delfate [RFC 1950 & 1951] */
-#define GZIP 2                  /* gzip algorithm [RFC 1952] */
-#define COMPRESS 3              /* Not handled, added for completeness */
-
-#ifdef HAVE_LIBZ
-  bool zlib_init;               /* True if zlib already initialized;
-                                   undefined if Content-Encoding header. */
-  z_stream z;                   /* State structure for zlib. */
-#endif
-
-  time_t timeofdoc;
-  long bodywrites;
-
-  char *buf;
-  char *uploadbuf;
-  curl_socket_t maxfd;
-
-  int keepon;
-
-  bool upload_done; /* set to TRUE when doing chunked transfer-encoding upload
-                       and we're uploading the last chunk */
-
-  bool ignorebody;  /* we read a response-body but we ignore it! */
-  bool ignorecl;    /* This HTTP response has no body so we ignore the Content-
-                       Length: header */
-};
-
-#if defined(USE_ARES) || defined(USE_THREADING_GETHOSTBYNAME) || \
-    defined(USE_THREADING_GETADDRINFO)
-struct Curl_async {
-  char *hostname;
-  int port;
-  struct Curl_dns_entry *dns;
-  bool done;  /* set TRUE when the lookup is complete */
-  int status; /* if done is TRUE, this is the status from the callback */
-  void *os_specific;  /* 'struct thread_data' for Windows */
-};
-#endif
-
-#define FIRSTSOCKET     0
-#define SECONDARYSOCKET 1
-
-/* These function pointer types are here only to allow easier typecasting
-   within the source when we need to cast between data pointers (such as NULL)
-   and function pointers. */
-typedef CURLcode (*Curl_do_more_func)(struct connectdata *);
-typedef CURLcode (*Curl_done_func)(struct connectdata *, CURLcode, bool);
-
-
-/*
- * Store's request specific data in the easy handle (SessionHandle).
- * Previously, these members were on the connectdata struct but since
- * a conn struct may now be shared between different SessionHandles,
- * we store connection-specific data here.
- *
- */
-struct HandleData {
-  char *pathbuffer;/* allocated buffer to store the URL's path part in */
-  char *path;      /* path to use, points to somewhere within the pathbuffer
-                      area */
-
-  char *newurl; /* This can only be set if a Location: was in the
-                   document headers */
-
-  /* This struct is inited when needed */
-  struct Curl_transfer_keeper keep;
-
-  /* 'upload_present' is used to keep a byte counter of how much data there is
-     still left in the buffer, aimed for upload. */
-  ssize_t upload_present;
-
-   /* 'upload_fromhere' is used as a read-pointer when we uploaded parts of a
-      buffer, so the next read should read from where this pointer points to,
-      and the 'upload_present' contains the number of bytes available at this
-      position */
-  char *upload_fromhere;
-
-  curl_off_t size;        /* -1 if unknown at this point */
-  curl_off_t *bytecountp; /* return number of bytes read or NULL */
-
-  curl_off_t maxdownload; /* in bytes, the maximum amount of data to fetch, 0
-                             means unlimited */
-  curl_off_t *writebytecountp; /* return number of bytes written or NULL */
-
-  bool use_range;
-  bool rangestringalloc; /* the range string is malloc()'ed */
-
-  char *range; /* range, if used. See README for detailed specification on
-                  this syntax. */
-  curl_off_t resume_from; /* continue [ftp] transfer from here */
-
-  /* Protocol specific data */
-
-  union {
-    struct HTTP *http;
-    struct HTTP *https;  /* alias, just for the sake of being more readable */
-    struct FTP *ftp;
-    void *tftp;        /* private for tftp.c-eyes only */
-    struct FILEPROTO *file;
-    void *telnet;        /* private for telnet.c-eyes only */
-    void *generic;
-    struct SSHPROTO *ssh;
-  } proto;
-};
-
-/*
- * The connectdata struct contains all fields and variables that should be
- * unique for an entire connection.
- */
-struct connectdata {
-  /* 'data' is the CURRENT SessionHandle using this connection -- take great
-     caution that this might very well vary between different times this
-     connection is used! */
-  struct SessionHandle *data;
-
-  bool inuse; /* This is a marker for the connection cache logic. If this is
-                 TRUE this handle is being used by an easy handle and cannot
-                 be used by any other easy handle without careful
-                 consideration (== only for pipelining). */
-
-  /**** Fields set when inited and not modified again */
-  long connectindex; /* what index in the connection cache connects index this
-                        particular struct has */
-  long protocol; /* PROT_* flags concerning the protocol set */
-#define PROT_MISSING (1<<0)
-#define PROT_HTTP    (1<<2)
-#define PROT_HTTPS   (1<<3)
-#define PROT_FTP     (1<<4)
-#define PROT_TELNET  (1<<5)
-#define PROT_DICT    (1<<6)
-#define PROT_LDAP    (1<<7)
-#define PROT_FILE    (1<<8)
-#define PROT_FTPS    (1<<9)
-#define PROT_SSL     (1<<10) /* protocol requires SSL */
-#define PROT_TFTP    (1<<11)
-#define PROT_SCP     (1<<12)
-#define PROT_SFTP    (1<<13)
-
-#define PROT_CLOSEACTION PROT_FTP /* these ones need action before socket
-                                     close */
-
-  /* 'dns_entry' is the particular host we use. This points to an entry in the
-     DNS cache and it will not get pruned while locked. It gets unlocked in
-     Curl_done(). This entry will be NULL if the connection is re-used as then
-     there is no name resolve done. */
-  struct Curl_dns_entry *dns_entry;
-
-  /* 'ip_addr' is the particular IP we connected to. It points to a struct
-     within the DNS cache, so this pointer is only valid as long as the DNS
-     cache entry remains locked. It gets unlocked in Curl_done() */
-  Curl_addrinfo *ip_addr;
-
-  /* 'ip_addr_str' is the ip_addr data as a human readable malloc()ed string.
-     It remains available as long as the connection does, which is longer than
-     the ip_addr itself. Set with Curl_store_ip_addr() when ip_addr has been
-     set. */
-  char *ip_addr_str;
-
-  char protostr[16];  /* store the protocol string in this buffer */
-  int socktype;  /* SOCK_STREAM or SOCK_DGRAM */
-
-  struct hostname host;
-  struct hostname proxy;
-
-  long port;       /* which port to use locally */
-  unsigned short remote_port; /* what remote port to connect to,
-                                 not the proxy port! */
-
-  long headerbytecount;  /* only count received headers */
-  long deductheadercount; /* this amount of bytes doesn't count when we check
-                             if anything has been transfered at the end of
-                             a connection. We use this counter to make only
-                             a 100 reply (without a following second response
-                             code) result in a CURLE_GOT_NOTHING error code */
-
-  char *user;    /* user name string, allocated */
-  char *passwd;  /* password string, allocated */
-
-  char *proxyuser;    /* proxy user name string, allocated */
-  char *proxypasswd;  /* proxy password string, allocated */
-
-  struct timeval now;     /* "current" time */
-  struct timeval created; /* creation time */
-  curl_socket_t sock[2]; /* two sockets, the second is used for the data
-                            transfer when doing FTP */
-
-  struct ssl_connect_data ssl[2]; /* this is for ssl-stuff */
-  struct ssl_config_data ssl_config;
-
-  struct ConnectBits bits;    /* various state-flags for this connection */
-
-  /* These two functions MUST be set by the curl_connect() function to be
-     be protocol dependent */
-  CURLcode (*curl_do)(struct connectdata *, bool *done);
-  Curl_done_func curl_done;
-
-  /* If the curl_do() function is better made in two halves, this
-   * curl_do_more() function will be called afterwards, if set. For example
-   * for doing the FTP stuff after the PASV/PORT command.
-   */
-  Curl_do_more_func curl_do_more;
-
-  /* This function *MAY* be set to a protocol-dependent function that is run
-   * after the connect() and everything is done, as a step in the connection.
-   * The 'done' pointer points to a bool that should be set to TRUE if the
-   * function completes before return. If it doesn't complete, the caller
-   * should call the curl_connecting() function until it is.
-   */
-  CURLcode (*curl_connect)(struct connectdata *, bool *done);
-
-  /* See above. Currently only used for FTP. */
-  CURLcode (*curl_connecting)(struct connectdata *, bool *done);
-  CURLcode (*curl_doing)(struct connectdata *, bool *done);
-
-  /* Called from the multi interface during the PROTOCONNECT phase, and it
-     should then return a proper fd set */
-  int (*curl_proto_getsock)(struct connectdata *conn,
-                            curl_socket_t *socks,
-                            int numsocks);
-
-  /* Called from the multi interface during the DOING phase, and it should
-     then return a proper fd set */
-  int (*curl_doing_getsock)(struct connectdata *conn,
-                            curl_socket_t *socks,
-                            int numsocks);
-
-  /* This function *MAY* be set to a protocol-dependent function that is run
-   * by the curl_disconnect(), as a step in the disconnection.
-   */
-  CURLcode (*curl_disconnect)(struct connectdata *);
-
-  /* This function *MAY* be set to a protocol-dependent function that is run
-   * in the curl_close() function if protocol-specific cleanups are required.
-   */
-  CURLcode (*curl_close)(struct connectdata *);
-
-  /**** curl_get() phase fields */
-
-  curl_socket_t sockfd;   /* socket to read from or CURL_SOCKET_BAD */
-  curl_socket_t writesockfd; /* socket to write to, it may very
-                                well be the same we read from.
-                                CURL_SOCKET_BAD disables */
-
-  /** Dynamicly allocated strings, may need to be freed before this **/
-  /** struct is killed.                                             **/
-  struct dynamically_allocated_data {
-    char *proxyuserpwd; /* free later if not NULL! */
-    char *uagent; /* free later if not NULL! */
-    char *accept_encoding; /* free later if not NULL! */
-    char *userpwd; /* free later if not NULL! */
-    char *rangeline; /* free later if not NULL! */
-    char *ref; /* free later if not NULL! */
-    char *host; /* free later if not NULL */
-    char *cookiehost; /* free later if not NULL */
-  } allocptr;
-
-  int sec_complete; /* if krb4 is enabled for this connection */
-#ifdef HAVE_KRB4
-  enum protection_level command_prot;
-  enum protection_level data_prot;
-  enum protection_level request_data_prot;
-  size_t buffer_size;
-  struct krb4buffer in_buffer, out_buffer;
-  void *app_data;
-  const struct Curl_sec_client_mech *mech;
-  struct sockaddr_in local_addr;
-#endif
-
-  bool readchannel_inuse;  /* whether the read channel is in use by an easy
-                              handle */
-  bool writechannel_inuse; /* whether the write channel is in use by an easy
-                              handle */
-  bool is_in_pipeline;     /* TRUE if this connection is in a pipeline */
-
-  struct curl_llist *send_pipe; /* List of handles waiting to
-                                   send on this pipeline */
-  struct curl_llist *recv_pipe; /* List of handles waiting to read
-                                   their responses on this pipeline */
-
-  char master_buffer[BUFSIZE]; /* The master buffer for this connection. */
-  size_t read_pos; /* Current read position in the master buffer */
-  size_t buf_len; /* Length of the buffer?? */
-
-
-  /*************** Request - specific items ************/
-
-  /* previously this was in the urldata struct */
-  curl_read_callback fread; /* function that reads the input */
-  void *fread_in;           /* pointer to pass to the fread() above */
-
-  struct ntlmdata ntlm;     /* NTLM differs from other authentication schemes
-                               because it authenticates connections, not
-                               single requests! */
-  struct ntlmdata proxyntlm; /* NTLM data for proxy */
-
-  char syserr_buf [256]; /* buffer for Curl_strerror() */
-
-#if defined(USE_ARES) || defined(USE_THREADING_GETHOSTBYNAME) || \
-    defined(USE_THREADING_GETADDRINFO)
-  /* data used for the asynch name resolve callback */
-  struct Curl_async async;
-#endif
-
-  /* These three are used for chunked-encoding trailer support */
-  char *trailer; /* allocated buffer to store trailer in */
-  int trlMax;    /* allocated buffer size */
-  int trlPos;    /* index of where to store data */
-
-  union {
-    struct ftp_conn ftpc;
-  } proto;
-};
-
-/* The end of connectdata. */
-
-/*
- * Struct to keep statistical and informational data.
- */
-struct PureInfo {
-  int httpcode;  /* Recent HTTP or FTP response code */
-  int httpproxycode;
-  int httpversion;
-  long filetime; /* If requested, this is might get set. Set to -1 if the time
-                    was unretrievable. We cannot have this of type time_t,
-                    since time_t is unsigned on several platforms such as
-                    OpenVMS. */
-  long header_size;  /* size of read header(s) in bytes */
-  long request_size; /* the amount of bytes sent in the request(s) */
-
-  long proxyauthavail;
-  long httpauthavail;
-
-  long numconnects; /* how many new connection did libcurl created */
-
-  char *contenttype; /* the content type of the object */
-};
-
-
-struct Progress {
-  long lastshow; /* time() of the last displayed progress meter or NULL to
-                    force redraw at next call */
-  curl_off_t size_dl; /* total expected size */
-  curl_off_t size_ul; /* total expected size */
-  curl_off_t downloaded; /* transfered so far */
-  curl_off_t uploaded; /* transfered so far */
-
-  curl_off_t current_speed; /* uses the currently fastest transfer */
-
-  bool callback;  /* set when progress callback is used */
-  int width; /* screen width at download start */
-  int flags; /* see progress.h */
-
-  double timespent;
-
-  curl_off_t dlspeed;
-  curl_off_t ulspeed;
-
-  double t_nslookup;
-  double t_connect;
-  double t_pretransfer;
-  double t_starttransfer;
-  double t_redirect;
-
-  struct timeval start;
-  struct timeval t_startsingle;
-#define CURR_TIME (5+1) /* 6 entries for 5 seconds */
-
-  curl_off_t speeder[ CURR_TIME ];
-  struct timeval speeder_time[ CURR_TIME ];
-  int speeder_c;
-};
-
-typedef enum {
-  HTTPREQ_NONE, /* first in list */
-  HTTPREQ_GET,
-  HTTPREQ_POST,
-  HTTPREQ_POST_FORM, /* we make a difference internally */
-  HTTPREQ_PUT,
-  HTTPREQ_HEAD,
-  HTTPREQ_CUSTOM,
-  HTTPREQ_LAST /* last in list */
-} Curl_HttpReq;
-
-/*
- * Values that are generated, temporary or calculated internally for a
- * "session handle" must be defined within the 'struct UrlState'.  This struct
- * will be used within the SessionHandle struct. When the 'SessionHandle'
- * struct is cloned, this data MUST NOT be copied.
- *
- * Remember that any "state" information goes globally for the curl handle.
- * Session-data MUST be put in the connectdata struct and here.  */
-#define MAX_CURL_USER_LENGTH 256
-#define MAX_CURL_PASSWORD_LENGTH 256
-#define MAX_CURL_USER_LENGTH_TXT "255"
-#define MAX_CURL_PASSWORD_LENGTH_TXT "255"
-
-struct auth {
-  long want;  /* Bitmask set to the authentication methods wanted by the app
-                 (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
-  long picked;
-  long avail; /* bitmask for what the server reports to support for this
-                 resource */
-  bool done;  /* TRUE when the auth phase is done and ready to do the *actual*
-                 request */
-  bool multi; /* TRUE if this is not yet authenticated but within the auth
-                 multipass negotiation */
-
-};
-
-struct conncache {
-  /* 'connects' will be an allocated array with pointers. If the pointer is
-     set, it holds an allocated connection. */
-  struct connectdata **connects;
-  long num;           /* number of entries of the 'connects' array */
-  enum {
-    CONNCACHE_PRIVATE, /* used for an easy handle alone */
-    CONNCACHE_MULTI    /* shared within a multi handle */
-  } type;
-};
-
-
-struct UrlState {
-  enum {
-    Curl_if_none,
-    Curl_if_easy,
-    Curl_if_multi
-  } used_interface;
-
-  struct conncache *connc; /* points to the connection cache this handle
-                              uses */
-
-  /* buffers to store authentication data in, as parsed from input options */
-  struct timeval keeps_speed; /* for the progress meter really */
-
-  long lastconnect;  /* index of most recent connect or -1 if undefined */
-
-  char *headerbuff; /* allocated buffer to store headers in */
-  size_t headersize;   /* size of the allocation */
-
-  char buffer[BUFSIZE+1]; /* download buffer */
-  char uploadbuffer[BUFSIZE+1]; /* upload buffer */
-  curl_off_t current_speed;  /* the ProgressShow() funcion sets this,
-                                bytes / second */
-  bool this_is_a_follow; /* this is a followed Location: request */
-
-  bool is_in_pipeline; /* Indicates whether this handle is part of a pipeline */
-
-  char *first_host; /* if set, this should be the host name that we will
-                       sent authorization to, no else. Used to make Location:
-                       following not keep sending user+password... This is
-                       strdup() data.
-                    */
-
-  struct curl_ssl_session *session; /* array of 'numsessions' size */
-  long sessionage;                  /* number of the most recent session */
-
-  char *scratch; /* huge buffer[BUFSIZE*2] when doing upload CRLF replacing */
-  bool errorbuf; /* Set to TRUE if the error buffer is already filled in.
-                    This must be set to FALSE every time _easy_perform() is
-                    called. */
-  int os_errno;  /* filled in with errno whenever an error occurs */
-#ifdef HAVE_SIGNAL
-  /* storage for the previous bag^H^H^HSIGPIPE signal handler :-) */
-  void (*prev_signal)(int sig);
-#endif
-  bool allow_port; /* Is set.use_port allowed to take effect or not. This
-                      is always set TRUE when curl_easy_perform() is called. */
-
-  struct digestdata digest;
-  struct digestdata proxydigest;
-
-#ifdef HAVE_GSSAPI
-  struct negotiatedata negotiate;
-#endif
-
-  struct auth authhost;
-  struct auth authproxy;
-
-  bool authproblem; /* TRUE if there's some problem authenticating */
-
-#ifdef USE_ARES
-  ares_channel areschannel; /* for name resolves */
-#endif
-
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
-  ENGINE *engine;
-#endif /* USE_SSLEAY */
-  struct timeval expiretime; /* set this with Curl_expire() only */
-  struct Curl_tree timenode; /* for the splay stuff */
-
-  /* a place to store the most recenlty set FTP entrypath */
-  char *most_recent_ftp_entrypath;
-
-  /* set after initial USER failure, to prevent an authentication loop */
-  bool ftp_trying_alternative;
-
-  bool expect100header;  /* TRUE if we added Expect: 100-continue */
-
-  bool pipe_broke; /* TRUE if the connection we were pipelined on broke
-                      and we need to restart from the beginning */
-  bool cancelled; /* TRUE if the request was cancelled */
-
-#ifndef WIN32
-/* do FTP line-end conversions on most platforms */
-#define CURL_DO_LINEEND_CONV
-  /* for FTP downloads: track CRLF sequences that span blocks */
-  bool prev_block_had_trailing_cr;
-  /* for FTP downloads: how many CRLFs did we converted to LFs? */
-  curl_off_t crlf_conversions;
-#endif
-  /* If set to non-NULL, there's a connection in a shared connection cache
-     that uses this handle so we can't kill this SessionHandle just yet but
-     must keep it around and add it to the list of handles to kill once all
-     its connections are gone */
-  void *shared_conn;
-  bool closed; /* set to TRUE when curl_easy_cleanup() has been called on this
-                  handle, but it is kept around as mentioned for
-                  shared_conn */
-};
-
-
-/*
- * This 'DynamicStatic' struct defines dynamic states that actually change
- * values in the 'UserDefined' area, which MUST be taken into consideration
- * if the UserDefined struct is cloned or similar. You can probably just
- * copy these, but each one indicate a special action on other data.
- */
-
-struct DynamicStatic {
-  char *url;        /* work URL, copied from UserDefined */
-  bool url_alloc;   /* URL string is malloc()'ed */
-  bool url_changed; /* set on CURL_OPT_URL, used to detect if the URL was
-                       changed after the connect phase, as we allow callback
-                       to change it and if so, we reconnect to use the new
-                       URL instead */
-  char *referer;    /* referer string */
-  bool referer_alloc; /* referer sting is malloc()ed */
-  struct curl_slist *cookielist; /* list of cookie files set by
-                                    curl_easy_setopt(COOKIEFILE) calls */
-};
-
-/*
- * This 'UserDefined' struct must only contain data that is set once to go
- * for many (perhaps) independent connections. Values that are generated or
- * calculated internally for the "session handle" MUST be defined within the
- * 'struct UrlState' instead. The only exceptions MUST note the changes in
- * the 'DynamicStatic' struct.
- */
-struct Curl_one_easy; /* declared and used only in multi.c */
-struct Curl_multi;    /* declared and used only in multi.c */
-
-struct UserDefined {
-  FILE *err;         /* the stderr user data goes here */
-  void *debugdata;   /* the data that will be passed to fdebug */
-  char *errorbuffer; /* store failure messages in here */
-  char *proxyuserpwd;  /* Proxy <user:password>, if used */
-  long proxyport; /* If non-zero, use this port number by default. If the
-                     proxy string features a ":[port]" that one will override
-                     this. */
-  void *out;         /* the fetched file goes here */
-  void *in;          /* the uploaded file is read from here */
-  void *writeheader; /* write the header to this if non-NULL */
-  char *set_url;     /* what original URL to work on */
-  char *proxy;       /* proxy to use */
-  long use_port;     /* which port to use (when not using default) */
-  char *userpwd;     /* <user:password>, if used */
-  long httpauth;     /* what kind of HTTP authentication to use (bitmask) */
-  long proxyauth;    /* what kind of proxy authentication to use (bitmask) */
-  char *set_range;   /* range, if used. See README for detailed specification
-                        on this syntax. */
-  long followlocation; /* as in HTTP Location: */
-  long maxredirs;    /* maximum no. of http(s) redirects to follow, set to -1
-                        for infinity */
-  char *set_referer; /* custom string */
-  bool free_referer; /* set TRUE if 'referer' points to a string we
-                        allocated */
-  char *useragent;   /* User-Agent string */
-  char *encoding;    /* Accept-Encoding string */
-  char *postfields;  /* if POST, set the fields' values here */
-  curl_off_t postfieldsize; /* if POST, this might have a size to use instead
-                               of strlen(), and then the data *may* be binary
-                               (contain zero bytes) */
-  char *ftpport;     /* port to send with the FTP PORT command */
-  char *device;      /* local network interface/address to use */
-  unsigned short localport; /* local port number to bind to */
-  int localportrange; /* number of additional port numbers to test in case the
-                         'localport' one can't be bind()ed */
-  curl_write_callback fwrite;        /* function that stores the output */
-  curl_write_callback fwrite_header; /* function that stores headers */
-  curl_read_callback fread;          /* function that reads the input */
-  curl_progress_callback fprogress;  /* function for progress information */
-  curl_debug_callback fdebug;      /* function that write informational data */
-  curl_ioctl_callback ioctl;       /* function for I/O control */
-  curl_sockopt_callback fsockopt;  /* function for setting socket options */
-  void *sockopt_client; /* pointer to pass to the socket options callback */
-
-  /* the 3 curl_conv_callback functions below are used on non-ASCII hosts */
-  /* function to convert from the network encoding: */
-  curl_conv_callback convfromnetwork;
-  /* function to convert to the network encoding: */
-  curl_conv_callback convtonetwork;
-  /* function to convert from UTF-8 encoding: */
-  curl_conv_callback convfromutf8;
-
-  void *progress_client; /* pointer to pass to the progress callback */
-  void *ioctl_client;   /* pointer to pass to the ioctl callback */
-  long timeout;         /* in seconds, 0 means no timeout */
-  long connecttimeout;  /* in seconds, 0 means no timeout */
-  long ftp_response_timeout; /* in seconds, 0 means no timeout */
-  curl_off_t infilesize;      /* size of file to upload, -1 means unknown */
-  long low_speed_limit; /* bytes/second */
-  long low_speed_time;  /* number of seconds */
-  curl_off_t max_send_speed; /* high speed limit in bytes/second for upload */
-  curl_off_t max_recv_speed; /* high speed limit in bytes/second for download */
-  curl_off_t set_resume_from;  /* continue [ftp] transfer from here */
-  char *cookie;         /* HTTP cookie string to send */
-  struct curl_slist *headers; /* linked list of extra headers */
-  struct curl_httppost *httppost;  /* linked list of POST data */
-  char *cert;           /* certificate */
-  char *cert_type;      /* format for certificate (default: PEM) */
-  char *key;            /* private key */
-  char *key_type;       /* format for private key (default: PEM) */
-  char *key_passwd;     /* plain text private key password */
-  char *cookiejar;      /* dump all cookies to this file */
-  bool cookiesession;   /* new cookie session? */
-  bool crlf;            /* convert crlf on ftp upload(?) */
-  char *ftp_account;    /* ftp account data */
-  char *ftp_alternative_to_user;   /* command to send if USER/PASS fails */
-  struct curl_slist *quote;     /* after connection is established */
-  struct curl_slist *postquote; /* after the transfer */
-  struct curl_slist *prequote; /* before the transfer, after type */
-  struct curl_slist *source_quote;  /* 3rd party quote */
-  struct curl_slist *source_prequote;  /* in 3rd party transfer mode - before
-                                          the transfer on source host */
-  struct curl_slist *source_postquote; /* in 3rd party transfer mode - after
-                                          the transfer on source host */
-  struct curl_slist *telnet_options; /* linked list of telnet options */
-  curl_TimeCond timecondition; /* kind of time/date comparison */
-  time_t timevalue;       /* what time to compare with */
-  Curl_HttpReq httpreq;   /* what kind of HTTP request (if any) is this */
-  char *customrequest;    /* HTTP/FTP request to use */
-  long httpversion; /* when non-zero, a specific HTTP version requested to
-                       be used in the library's request(s) */
-  char *auth_host; /* if set, this is the allocated string to the host name
-                    * to which to send the authorization data to, and no other
-                    * host (which location-following otherwise could lead to)
-                    */
-  char *krb4_level; /* what security level */
-  struct ssl_config_data ssl;  /* user defined SSL stuff */
-
-  curl_proxytype proxytype; /* what kind of proxy that is in use */
-
-  int dns_cache_timeout; /* DNS cache timeout */
-  long buffer_size;      /* size of receive buffer to use */
-
-  char *private_data; /* Private data */
-
-  struct Curl_one_easy *one_easy; /* When adding an easy handle to a multi
-                                     handle, an internal 'Curl_one_easy'
-                                     struct is created and this is a pointer
-                                     to the particular struct associated with
-                                     this SessionHandle */
-
-  struct curl_slist *http200aliases; /* linked list of aliases for http200 */
-
-  long ip_version;
-
-  curl_off_t max_filesize; /* Maximum file size to download */
-
-  char *source_url;     /* for 3rd party transfer */
-  char *source_userpwd;  /* for 3rd party transfer */
-
-  curl_ftpfile ftp_filemethod; /* how to get to a file when FTP is used  */
-
-/* Here follows boolean settings that define how to behave during
-   this session. They are STATIC, set by libcurl users or at least initially
-   and they don't change during operations. */
-
-  bool printhost;       /* printing host name in debug info */
-  bool get_filetime;
-  bool tunnel_thru_httpproxy;
-  bool prefer_ascii;    /* ASCII rather than binary */
-  bool ftp_append;
-  bool ftp_list_only;
-  bool ftp_create_missing_dirs;
-  bool ftp_use_port;
-  bool hide_progress;
-  bool http_fail_on_error;
-  bool http_follow_location;
-  bool http_disable_hostname_check_before_authentication;
-  bool include_header;   /* include received protocol headers in data output */
-  bool http_set_referer;
-  bool http_auto_referer; /* set "correct" referer when following location: */
-  bool opt_no_body;      /* as set with CURLOPT_NO_BODY */
-  bool set_port;
-  bool upload;
-  enum CURL_NETRC_OPTION
-       use_netrc;        /* defined in include/curl.h */
-  char *netrc_file;      /* if not NULL, use this instead of trying to find
-                            $HOME/.netrc */
-  bool verbose;
-  bool krb4;             /* kerberos4 connection requested */
-  bool reuse_forbid;     /* forbidden to be reused, close after use */
-  bool reuse_fresh;      /* do not re-use an existing connection  */
-  bool ftp_use_epsv;     /* if EPSV is to be attempted or not */
-  bool ftp_use_eprt;     /* if EPRT is to be attempted or not */
-  bool ftp_use_ccc;      /* if CCC is to be attempted or not */
-
-  curl_ftpssl ftp_ssl;   /* if AUTH TLS is to be attempted etc */
-  curl_ftpauth ftpsslauth; /* what AUTH XXX to be attempted */
-  bool no_signal;        /* do not use any signal/alarm handler */
-  bool global_dns_cache; /* subject for future removal */
-  bool tcp_nodelay;      /* whether to enable TCP_NODELAY or not */
-  bool ignorecl;         /* ignore content length */
-  bool ftp_skip_ip;      /* skip the IP address the FTP server passes on to
-                            us */
-  bool connect_only;     /* make connection, let application use the socket */
-  long ssh_auth_types;   /* allowed SSH auth types */
-  char *ssh_public_key;   /* the path to the public key file for
-                             authentication */
-  char *ssh_private_key;  /* the path to the private key file for
-                             authentication */
-};
-
-struct Names {
-  struct curl_hash *hostcache;
-  enum {
-    HCACHE_NONE,    /* not pointing to anything */
-    HCACHE_PRIVATE, /* points to our own */
-    HCACHE_GLOBAL,  /* points to the (shrug) global one */
-    HCACHE_MULTI,   /* points to a shared one in the multi handle */
-    HCACHE_SHARED   /* points to a shared one in a shared object */
-  } hostcachetype;
-};
-
-/*
- * The 'connectdata' struct MUST have all the connection oriented stuff as we
- * may have several simultaneous connections and connection structs in memory.
- *
- * The 'struct UserDefined' must only contain data that is set once to go for
- * many (perhaps) independent connections. Values that are generated or
- * calculated internally for the "session handle" must be defined within the
- * 'struct UrlState' instead.
- */
-
-struct SessionHandle {
-  struct Names dns;
-  struct Curl_multi *multi;    /* if non-NULL, points to the multi handle
-                                  struct to which this "belongs" */
-  struct Curl_share *share;    /* Share, handles global variable mutexing */
-  struct HandleData reqdata;   /* Request-specific data */
-  struct UserDefined set;      /* values set by the libcurl user */
-  struct DynamicStatic change; /* possibly modified userdefined data */
-
-  struct CookieInfo *cookies;  /* the cookies, read from files and servers */
-  struct Progress progress;    /* for all the progress meter data */
-  struct UrlState state;       /* struct for fields used for state info and
-                                  other dynamic purposes */
-  struct PureInfo info;        /* stats, reports and info data */
-#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
-  iconv_t outbound_cd;         /* for translating to the network encoding */
-  iconv_t inbound_cd;          /* for translating from the network encoding */
-  iconv_t utf8_cd;             /* for translating to UTF8 */
-#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */
-  unsigned int magic;          /* set to a CURLEASY_MAGIC_NUMBER */
-};
-
-#define LIBCURL_NAME "libcurl"
-
-#endif
diff --git a/Utilities/cmlibarchive/CMakeLists.txt b/Utilities/cmlibarchive/CMakeLists.txt
index f1459d4..b150408 100644
--- a/Utilities/cmlibarchive/CMakeLists.txt
+++ b/Utilities/cmlibarchive/CMakeLists.txt
@@ -56,13 +56,11 @@ SET(CMAKE_REQUIRED_LIBRARIES)
 SET(CMAKE_REQUIRED_FLAGS)
 
 # Disable warnings to avoid changing 3rd party code.
-IF("${CMAKE_C_COMPILER_ID}" MATCHES
+IF(CMAKE_C_COMPILER_ID MATCHES
     "^(GNU|Clang|AppleClang|XL|VisualAge|SunPro|MIPSpro|HP|Intel)$")
   SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w")
-ELSEIF("${CMAKE_C_COMPILER_ID}" MATCHES "^(PathScale)$")
+ELSEIF(CMAKE_C_COMPILER_ID STREQUAL "PathScale")
   SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -woffall")
-ELSEIF(BORLAND)
-  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w-")
 ENDIF()
 
 # Enable CTest/CDash support
@@ -666,14 +664,14 @@ ENDMACRO(CHECK_CRYPTO_WIN CRYPTO_LIST)
 MACRO(CHECK_ICONV LIB TRY_ICONV_CONST)
   IF(NOT HAVE_ICONV)
     CMAKE_PUSH_CHECK_STATE()	# Save the state of the variables
-    IF ("CMAKE_C_COMPILER_ID" MATCHES "^GNU$")
+    IF (CMAKE_C_COMPILER_ID STREQUAL "GNU")
       #
       # During checking iconv proto type, we should use -Werror to avoid the
       # success of iconv detection with a warnig which success is a miss
       # detection. So this needs for all build mode(even it's a release mode).
       #
       SET(CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -Werror")
-    ENDIF ("CMAKE_C_COMPILER_ID" MATCHES "^GNU$")
+    ENDIF (CMAKE_C_COMPILER_ID STREQUAL "GNU")
     IF (MSVC)
       # NOTE: /WX option is the same as gcc's -Werror option.
       SET(CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} /WX")
diff --git a/Utilities/cmliblzma/CMakeLists.txt b/Utilities/cmliblzma/CMakeLists.txt
index 23549c5..d991438 100644
--- a/Utilities/cmliblzma/CMakeLists.txt
+++ b/Utilities/cmliblzma/CMakeLists.txt
@@ -95,6 +95,7 @@ CHECK_TYPE_SIZE("unsigned short" SIZE_OF_UNSIGNED_SHORT)
 CHECK_TYPE_SIZE("unsigned" SIZE_OF_UNSIGNED)
 CHECK_TYPE_SIZE("unsigned long" SIZE_OF_UNSIGNED_LONG)
 CHECK_TYPE_SIZE("unsigned long long" SIZE_OF_UNSIGNED_LONG_LONG)
+CHECK_TYPE_SIZE("size_t" SIZE_OF_SIZE_T)
 
 CHECK_TYPE_SIZE("__int64" __INT64)
 CHECK_TYPE_SIZE("unsigned __int64" UNSIGNED___INT64)
@@ -201,13 +202,11 @@ INCLUDE_DIRECTORIES(
   )
 
 # Disable warnings to avoid changing 3rd party code.
-IF("${CMAKE_C_COMPILER_ID}" MATCHES
+IF(CMAKE_C_COMPILER_ID MATCHES
     "^(GNU|Clang|AppleClang|XL|VisualAge|SunPro|MIPSpro|HP|Intel)$")
   SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w")
-ELSEIF("${CMAKE_C_COMPILER_ID}" MATCHES "^(PathScale)$")
+ELSEIF(CMAKE_C_COMPILER_ID STREQUAL "PathScale")
   SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -woffall")
-ELSEIF(BORLAND)
-  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w-")
 ENDIF()
 
 ADD_LIBRARY(cmliblzma ${LZMA_SRCS})
diff --git a/Utilities/cmliblzma/common/sysdefs.h b/Utilities/cmliblzma/common/sysdefs.h
index c84f01c..a6edea8 100644
--- a/Utilities/cmliblzma/common/sysdefs.h
+++ b/Utilities/cmliblzma/common/sysdefs.h
@@ -124,9 +124,9 @@
 
 // The code currently assumes that size_t is either 32-bit or 64-bit.
 #ifndef SIZE_MAX
-#	if SIZEOF_SIZE_T == 4
+#	if SIZE_OF_SIZE_T == 4
 #		define SIZE_MAX UINT32_MAX
-#	elif SIZEOF_SIZE_T == 8
+#	elif SIZE_OF_SIZE_T == 8
 #		define SIZE_MAX UINT64_MAX
 #	else
 #		error size_t is not 32-bit or 64-bit
diff --git a/Utilities/cmliblzma/config.h.in b/Utilities/cmliblzma/config.h.in
index b197f27..017c435 100644
--- a/Utilities/cmliblzma/config.h.in
+++ b/Utilities/cmliblzma/config.h.in
@@ -29,6 +29,7 @@
 @SIZE_OF_UNSIGNED_CODE@
 @SIZE_OF_UNSIGNED_LONG_CODE@
 @SIZE_OF_UNSIGNED_LONG_LONG_CODE@
+@SIZE_OF_SIZE_T_CODE@
 
 /*
  * If we lack int64_t, define it to the first of __int64, int, long, and long long
@@ -277,9 +278,6 @@ typedef uint64_t uintmax_t;
 /* Define to 1 if the system has the type `_Bool'. */
 #cmakedefine HAVE__BOOL 1
 
-/* The size of `size_t', as computed by sizeof. */
-#cmakedefine SIZEOF_SIZE_T @SIZEOF_SIZE_T@
-
 /* Define to 1 if the system supports fast unaligned access to 16-bit and
    32-bit integers. */
 #define TUKLIB_FAST_UNALIGNED_ACCESS 1
diff --git a/Utilities/cmzlib/CMakeLists.txt b/Utilities/cmzlib/CMakeLists.txt
index f161056..66e8be2 100644
--- a/Utilities/cmzlib/CMakeLists.txt
+++ b/Utilities/cmzlib/CMakeLists.txt
@@ -18,12 +18,10 @@ IF(WIN32)
   IF(BUILD_SHARED_LIBS)
     SET(ZLIB_DLL 1)
     IF(NOT UNIX)
-      IF(NOT BORLAND)
-        IF(NOT MINGW)
-          SET(ZLIB_SRCS ${ZLIB_SRCS} zlib.def zlib.rc  )
-        ENDIF(NOT MINGW)
-      ENDIF(NOT BORLAND) 
-    ENDIF(NOT UNIX)   
+      IF(NOT MINGW)
+        SET(ZLIB_SRCS ${ZLIB_SRCS} zlib.def zlib.rc  )
+      ENDIF(NOT MINGW)
+    ENDIF(NOT UNIX)
   ENDIF(BUILD_SHARED_LIBS)
 ENDIF(WIN32)