                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.36.0 (26 Mar 2014)

Daniel Stenberg (26 Mar 2014)
- RELEASE-NOTES: 7.36.0

- [Richard J. Moore brought this change]

  test1397: unit test for certificate name wildcard handling

- Curl_cert_hostcheck: strip trailing dots in host name and wildcard
  
  Reported-by: Richard Moore

- Curl_cert_hostcheck: reject IP address wildcard matches
  
  There are server certificates used with IP address in the CN field, but
  we MUST not allow wild cart certs for hostnames given as IP addresses
  only. Therefore we must make Curl_cert_hostcheck() fail such attempts.
  
  Bug: http://curl.haxx.se/docs/adv_20140326B.html
  Reported-by: Richard Moore

- [Steve Holme brought this change]

  url: Fixed connection re-use when using different log-in credentials
  
  In addition to FTP, other connection based protocols such as IMAP, POP3,
  SMTP, SCP, SFTP and LDAP require a new connection when different log-in
  credentials are specified. Fixed the detection logic to include these
  other protocols.
  
  Bug: http://curl.haxx.se/docs/adv_20140326A.html

- THANKS: 14 new friends from the 7.36.0 announcement

- RELEASE-NOTES: synced with 3ebfaf6a0399b6a

Steve Holme (23 Mar 2014)
- tool_operate: Fixed uninitialised variable under some error situations
  
  For example when a URL is not specified or the headers file fails to
  open.

- tool_parsecfg: Reworked error handling from commit fc59a9e1

- tool_getparam: Removed "dead assignment" code introduced in commit 1a9b58fc

Daniel Stenberg (22 Mar 2014)
- [Gisle Vanem brought this change]

  polarssl: avoid extra newlines in debug messages
  
  The debug messages printed inside PolarSSL always seems to end with a
  newline. So 'infof()' should not add one. Besides the trace 'line'
  should be 'const'.

- rtsp: parse "Session:" header properly
  
  The parser skipped the initial letter, which presumably often is
  whitespace but doesn't have to be.
  
  Reported-by: Mike Hasselberg
  Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html

- runtests.pl: verify specified test cases
  
  To better allow arguments like "1 to 9999" without flooding the terminal
  with error messages, the given test cases range is now checked and only
  test numbers with existing files are actually run.

Dan Fandrich (19 Mar 2014)
- RELEASE-NOTES: fixed typo

Daniel Stenberg (19 Mar 2014)
- trynextip: don't store 'ai' on failed connects...
  
  It leads to the "next family" tries starting from the wrong point and thus
  fails!
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1337
  Reported-by: ricker

- RELEASE-NOTES: synced with 47f8e99e78c

- [Gaël PORTAY brought this change]

  polarssl: fix possible handshake timeout issue in multi.
  
  Because of the socket is unblocking, PolarSSL does need call to getsock to
  get the action to perform in multi environment.
  
  In some cases, it might happen we have not received yet all data to perform
  the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state
  is updated but because of the getsock has not the proper #define macro to,
  the library never prevents to select socket for input thus the socket will
  never be awaken when last data is available. Thus it leads to timeout.

- [Gaël PORTAY brought this change]

  polarssl: break compatibility with version older than 1.3.
  
  Remove all #ifdef/else/endif macros that ensure compatibility with polarssl
  version previous than 1.3.

- [Gaël PORTAY brought this change]

  polarssl: drop use of 1.2 compatibility header.
  
  API has changed since version 1.3. A compatibility header has been created
  to ensure forward compatibility for code using old API:
   * x509 certificate structure has been renamed to from x509_cert to
     x509_crt
   * new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
     ssl_set_own_cert is for generic keys
   * ssl_default_ciphersuites has been replaced by function
     ssl_list_ciphersuites()
  
  This patch drops the use of the compatibly header.

- polarssl: added missing end-of-comment from previous commit

- polarssl: now require 1.3.0+
  
  Also fixed a function name change in the version requirement bump

- [hasufell brought this change]

  polarssl: fix compilation
  
  Rename x509_cert to x509_crt and add "compat-1.2.h"
  include.
  This would still need some more thorough conversion
  in order to drop "compat-1.2.h" include.

Kamil Dudka (15 Mar 2014)
- nss: allow to enable/disable new AES GCM cipher-suites
  
  ... if built against a new enough version of NSS

- nss: allow to enable/disable new HMAC-SHA256 cipher-suites
  
  ... if built against a new enough version of NSS

- nss: do not enable AES cipher-suites by default
  
  ... but allow them to be enabled/disabled explicitly.  The default
  policy should be maintained at the NSS level.

Dan Fandrich (15 Mar 2014)
- tests: made the SASL modes separate keywords

- tests: added missing HTTP NTLM auth keywords
  
  Also, removed an unneeded strippart

- tests: disable valgrind on the remaining scp/sftp tests

- valgrind.supp: added another test 165 suppression
  
  This one seems to come and go as the optimizer decides how best
  to inline some functions.

- ssh: prevent a logic error that could result in an infinite loop

- docs: fixed a bunch of typos

- test640/1: add tests for --head with sftp and scp
  
  This option is currently rather useless with these protocols
  when no quote command is given, but it is valid.

- ssh: removed a redundant close state transition

- ssh: abort immediately on a header callback error

Daniel Stenberg (14 Mar 2014)
- chunked-encoding: provide a readable error string for chunked errors

- TODO: remove http2, we now have it

- [Tatsuhiro Tsujikawa brought this change]

  http2: free resources on disconnect
  
  ... and use Curl_safefree() instead of free()

- openssl: info massage with SSL version used
  
  Patch-by: byte_bucket

Steve Holme (9 Mar 2014)
- RELEASE-NOTES: Synced with 8ddda0e999

Daniel Stenberg (9 Mar 2014)
- README.http2: clarify the build prerequisites

- SSL-PROBLEMS: add "missing intermediate certificates" piece

- SSL-PROBLEMS: describes common curl+SSL problems

Nick Zitzmann (8 Mar 2014)
- docs: remove documentation on setting up krb4 support
  
  The information about building with Kerberos4 support was half a year out
  of date. We dropped support for that.

Daniel Stenberg (6 Mar 2014)
- ssh: fix compiler warning converting ssize_t to int

Dan Fandrich (6 Mar 2014)
- ssh: Fixed a style warning
  
  Also, combined a couple of #ifdef sections

- ssh: Pass errors from libssh2_sftp_read up the stack

Daniel Stenberg (6 Mar 2014)
- parse_remote_port: error out on illegal port numbers better

- remote_port: allow connect to port 0
  
  Port number zero is perfectly allowed to connect to. I moved to storing
  the remote port number in an int so that -1 means undefined and 0-65535
  can be used for legitimate port numbers.

- multi_runsingle: move timestamp into INIT
  
  Setting the TIMER_STARTSINGLE timestamp first in CONNECT has the
  drawback that for actions that go back to the CONNECT state, the time
  stamp is reset and for the multi_socket API there's no corresponding
  Curl_expire() then so the timeout logic gets wrong!
  
  Reported-by: Brad Spencer
  Bug: http://curl.haxx.se/mail/lib-2014-02/0036.html

- hostcheck: update comment after previous change

- hostcheck: Curl_cert_hostcheck is not used by NSS builds

- [Michael Osipov brought this change]

  configure: call it GSS-API
  
  ... since that’s how the RFC calls it.

- x509asn: moved out Curl_verifyhost from NSS builds
  
  ... as it isn't used then!

- NSS: avoid compiler warnings when built without http2 support

- [Jiri Malak brought this change]

  Rework Open Watcom make files to use standard Wmake features
  
  Remove slash/backslash problem, now only slashes are used,
  Wmake automaticaly translate slash/backslash to proper version or tools are not sensitive for it.
  Enable spaces in path.
  Use internal rm command for all host platforms
  Add error message if old Open Watcom version is used. Some old versions exhibit build problems for Curl latest version. Now only versions 1.8, 1.9 and 2.O beta are supported

- [Jiri Malak brought this change]

  parsedate: Fixed compilation warning
  
  Remove compilation message for platforms where size of long type
  is equal size of int type.

Steve Holme (2 Mar 2014)
- RELEASE-NOTES: Synced with 7fef4016de

- tool: Do not output libcurl source for the information only parameters
  
  Ensure a source file isn't generated for the following informational
  command line parameters when --libcurl is specified:
  
  --help, --manual, --version and --engine list
  
  As the output would only include a fairly empty looking main() function
  and a call to curl_easy_init() and curl_easy_cleanup() when performed
  with --engine list.

- tool: Fixed libcurl source output for multiple operations
  
  Correctly output libcurl source code that includes multiply operations
  as specified by --next. Note that each operation evaluates to a single
  curl_easy_perform() in source code form.
  
  Also note that the output could be optimised a little so global config
  options are only output once rather than per operation as is presently
  the case.

- tool_metalink.h: Fixed compilation warning
  
  warning: declaration of 'struct GlobalConfig' will not be visible
  outside of this function

- tool: Moved internal variable isatty to the global config

- tool_operate.c: Fixed compilation error
  
  incompatible types - from 'OperationConfig *' to 'GlobalConfig *'

- tool: Moved --libcurl to the global config

- tool: Moved --progress-bar to the global config

- tool: Moved --stderr to the global config

- transfer.c: Fixed non-HTTP2 builds from commit cde0cf7c5e

Daniel Stenberg (28 Feb 2014)
- [Tatsuhiro Tsujikawa brought this change]

  Fix bug that HTTP/2 hangs if whole response body is read with headers
  
  For HTTP/2, we may read up everything including responde body with
  header fields in Curl_http_readwrite_headers. If no content-length is
  provided, curl waits for the connection close, which we emulate it
  using conn->proto.httpc.closed = TRUE. The thing is if we read
  everything, then http2_recv won't be called and we cannot signal the
  HTTP/2 stream has closed. As a workaround, we return nonzero from
  data_pending to call http2_recv.

- http2: build with current nghttp2 version
  
  nghttp2 has yet again extended its callback struct and this is an
  attempt to make curl compile with nghttp2 from current git

Dan Fandrich (28 Feb 2014)
- tool_main: Fixed a memory leak on main_init error

Steve Holme (28 Feb 2014)
- test96: Updated accordly for recent changes

- tool_cfgable: Code policing of structure pointers

- tool: Moved --trace and --verbose to the global config

- tool_main: Forgot to initialise the first operation's global pointer

- tool: Moved --silient to the global config
  
  Other global options such as --libcurl, --trace and --verbose to
  follow.

- tool_cfgable: Added GlobalConfig pointer to OperationConfig
  
  In order to ease the moving of global options such as the error stream,
  updated the OperationConfig structure to point to the GlobalConfig.

- tool: Added support to .curlrc for URL specific options
  
  In addition to adding support for URL specific options via the command
  line with --next it is now possible to specify "next" in .curlrc.

- tool: Reworked argument parsing to use --next/-:
  
  Follow up to commit 1a9b58fcb2 to replace the : command line option
  with --next and -:.

- tool_getparam: Added initial support for --next/-:
  
  Added initial support for --next/-: which will be used to replace the
  rather confusing : command line operation what was used for the URL
  specific options prototype.

Dan Fandrich (26 Feb 2014)
- valgrind.supp: tweaked a test 165 suppression
  
  A recent change seems to have slightly changed the call stack
  produced by the gcc optimizer.

nickzman (25 Feb 2014)
- Merge pull request #93 from d235j/darwinssl_ip_address_fix
  
  darwinssl: don't omit CN verification when an IP address is used

Daniel Stenberg (25 Feb 2014)
- parse_args: fix a too long source code line

- [naota brought this change]

  configure: Tiny fix to honor POSIX
  
  Change "==" to "=" to honor POSIX test construction.

Steve Holme (25 Feb 2014)
- tool_help: Moved --no-alpn and --no-npn to be listed alphabetically
  
  ...and added the HTTP suffix as these options are only used for HTTP2
  based connections.

- tool: Moved --showerror to the global config
  
  Other global options such as --libcurl, --trace and --verbose to
  follow.

- tool_getparam: Added global config to getparameter()
  
  In preparation for parsing global options added the GlobalConfig
  structure to the getparameter() function.

- tool_getparam.h: Fixed compilation warning
  
  warning: declaration of 'struct GlobalConfig' will not be visible
  outside of this function

Marc Hoersken (24 Feb 2014)
- RELEASE-NOTES: Updated for 63fc8ee7

Steve Holme (24 Feb 2014)
- tool_cfgable: Added support for knowing the current operation

Marc Hoersken (24 Feb 2014)
- curl_schannel.c: Updated copyright years

- [David Ryskalczyk brought this change]

  winssl: Enable hostname verification of IP address using SAN or CN
  
  Original commit message was:
   Don't omit CN verification in SChannel when an IP address is used.
  
  Side-effect of this change:
   SChannel and CryptoAPI do not support the iPAddress subjectAltName
   according to RFC 2818. If present, SChannel will first compare the
   IP address to the dNSName subjectAltNames and then fallback to the
   most specific Common Name in the Subject field of the certificate.
  
   This means that after this change curl will not connect to SSL/TLS
   hosts as long as the IP address is not specified in the SAN or CN
   of the server certificate or the verifyhost option is disabled.

Steve Holme (24 Feb 2014)
- tool_operate: Moved easy handle cleanup into tool_main

Marc Hoersken (24 Feb 2014)
- tool_hugehelp: partially reverted 24e22e10
  
  Compilation was not possible if manuel is disabled due this error:
   error: macro "hugehelp" passed 1 arguments, but takes just 0
    void hugehelp(void) {}

Steve Holme (24 Feb 2014)
- tool_main: Moved easy handle into global config structure

David Ryskalczyk (23 Feb 2014)
- Don't omit CN verification in DarwinSSL when an IP address is used.

Steve Holme (23 Feb 2014)
- tool: Fixed line longer than 79 characters from commit 705a4cb549

- tool_main: Corrected typo from commit d6b9f054e9 in Symbian code

- tool_main: Moved OperateConfig cleanup into main_free()

- tool_main: Moved initial OperateConfig creation into main_init()

- tool_cfgable: Added global config structure

- tool_cfgable: Renamed Configurable structure to OperationConfig
  
  To allow for the addition of a global config structure and prevent
  confusion between the two.

- tool: Fixed incorrect return code with --version from commit c10bf9bb36

- RELEASE-NOTES: Synced with 8c80840d01

- tool_getparam: Moved tool_help() call into operate()

- tool_getparam: Moved hugehelp() call into operate()

- tool_getparam: Moved tool_version_info() call into operate()

- tool_cfgable: Removed list_engine flag from config structure
  
  In preparation for separating the global config options from the per
  operation config options, reworked the list engines code to not use a
  member variable in the Configurable structure.

- tool_operate: Start to use CURLcode rather than int for return codes
  
  To help assist with the detection of incorrect return codes, as per
  commits ee23d13a79, 33b8960dc8 and aba98991a5, updated the operate
  based functions to return CURLcode error codes.

- tool: Fixed incorrect return code when setting HTTP request fails
  
  During initialisation SetHTTPrequest() may fail and cURL would return
  PARAM_BAD_USE, which is equivalent to CURLE_NOT_BUILT_IN in cURL error
  terms.
  
  Instead, return CURLE_FAILED_INIT as we do for other functions that may
  fail during initialisation.

- tool_getparam: Moved version information into separate function in tool_help

- tool_operhlp.h: Fixed compilation warning
  
  warning: 'struct Configurable' declared inside parameter list

- tool_operhlp: Consolidated engine output code into tool_help

- tool_operate: Moved list engines into separate function in tool_help

Marc Hoersken (22 Feb 2014)
- RELEASE-NOTES: added note about impact of changes to WinSSL defaults

- stunnel: regenerated self-signed test certificate with SHA1 hash
  
  The previous test certificate contained a MD5 hash which is not
  supported using TLSv1.2 with Schannel on Windows 7 or newer.
  
  See the update to this blog post on IEInternals / MSDN:
  http://blogs.msdn.com/b/ieinternals/archive/2011/03/25/
  misbehaving-https-servers-impair-tls-1.1-and-tls-1.2.aspx
  
  "Update: If the server negotiates a TLS1.2 connection with a
  Windows 7 or 8 schannel.dll-using client application, and it
  provides a certificate chain which uses the (weak) MD5 hash
  algorithm, the client will abort the connection (TCP/IP FIN)
  upon receipt of the certificate."

Dan Fandrich (22 Feb 2014)
- easy: Fixed a memory leak on OOM condition

Steve Holme (20 Feb 2014)
- tool_paramhlp: Fixed compilation warnings
  
  declaration of 'index' shadows a global declaration

- lib1515.c: Fixed #include path in commit 647f83e809

Daniel Stenberg (19 Feb 2014)
- [Maks Naumov brought this change]

  test1515: fix compilation with msvc
  
  ... or any other systems lacking a native snprintf

- SFTP: skip reading the dir when NOBODY=1
  
  When asking for an SFTP directory with NOBODY set, no directory contents
  should be retrieved.
  
  Bug: http://curl.haxx.se/mail/lib-2014-02/0155.html

Dan Fandrich (18 Feb 2014)
- axtls: comment the call ssl_read repeatedly loop

Kamil Dudka (18 Feb 2014)
- curl.1: update the description of --tlsv1
  
  ... and mention the --tlsv1.[0-2] options in the --tslv1 entry
  
  Reported-by: Hubert Kario

Daniel Stenberg (18 Feb 2014)
- curl_version.3: recommend using curl_version_info() instead

- curl_version_info.3: added *HTTP2
  
  ... and edited language slightly

- curl_multi_assign.3: updated language

- libcurl.3: edited slightly to improve readability

- curl_easy_perform.3: extended and clarified

- curl_multi_add_handle.3: clarify multi vs easy use
  
  it is only WHILE added to a multi handle that it can't be used with the
  easy interface

- [Tatsuhiro Tsujikawa brought this change]

  http2: Support HTTP POST/PUT
  
  This patch enables HTTP POST/PUT in HTTP2.
  We disabled Expect header field and  chunked transfer encoding
  since HTTP2 forbids them.
  In HTTP1, Curl sends small upload data with request headers, but
  HTTP2 requires upload data must be in DATA frame separately.
  So we added some conditionals to achieve this.

- RELEASE-NOTES: synced with 854aca5420f

- multi: ignore sigpipe internally
  
  When the multi API is used we must also ignore SIGPIPE signals when
  caused by things we do, like they can easily be generated by OpenSSL.

Dan Fandrich (17 Feb 2014)
- tests: Made the crypto test feature usable
  
  This feature specifies the availability of cryptographic
  authentication, which can be disabled at compile-time

- configure: Fix the --disable-crypto-auth option
  
  It now disables NTLM and GSS authentication methods, and produces
  compilable code when SSL is enabled.

Daniel Stenberg (17 Feb 2014)
- curl_multi_setopt.3: clarify CURLMOPT_MAXCONNECTS

- [Shao Shuchao brought this change]

  ConnectionDone: default maxconnects to 4 x number of easy handles
  
  ... as documented!

- examples: remove all use of CURLM_CALL_MULTI_PERFORM
  
  ... since it is never returned since a long while back.

- [Colin Hogben brought this change]

  curl_easy_setopt.3: Add another non-matching hostname
  
  For the avoidance of doubt, show a domain which contains the no-proxy
  pattern but not at the top level.

- axtls: bump copyright year

- [Fabian Frank brought this change]

  axtls: call ssl_read repeatedly
  
  Perform more work in between sleeps. This is work around the
  fact that axtls does not expose any knowledge about when work needs
  to be performed. Depending on connection and how often perform is
  being called this can save ~25% of time on SSL handshakes (measured
  on 20ms latency connection calling perform roughly every 10ms).

- [Yehezkel Horowitz brought this change]

  url_easy_setopt.3: Add undocumented values of curl_infotype
  
  ... for debug function

- ConnectionExists: re-use connections better
  
  When allowing NTLM, the re-use connection logic was too focused on
  finding an existing NTLM connection to use and didn't properly allow
  re-use of other ones. This made the logic not re-use perfectly re-usable
  connections.
  
  Added test case 1418 and 1419 to verify.
  
  Regression brought in 8ae35102c (curl 7.35.0)
  
  Reported-by: Jeff King
  Bug: http://thread.gmane.org/gmane.comp.version-control.git/242213

Steve Holme (16 Feb 2014)
- tool_paramhlp: Added URL index to password prompt for multiple operations

Marc Hoersken (16 Feb 2014)
- sockfilt.c: add undefs which are required after 6239146e

Steve Holme (16 Feb 2014)
- warnless: Updated copyright year for recent changes

Marc Hoersken (16 Feb 2014)
- warnless: add wrapper function for read and write on Windows

Steve Holme (16 Feb 2014)
- examples: Added IMAP LSUB example

- tool_operate: Changed the required argument check/get to be upfront
  
  Rather than check for required arguments, and prompt for any host and
  proxy passwords, as each operation is performed, changed the code so
  all configurations are checked before any operations are performed.
  
  This allows the user to input all the required passwords, for example,
  upfront rather than wait for each operation.

- tool_operate: Moved required argument getting into separate function

Dan Fandrich (15 Feb 2014)
- valgrind: added another test 165 suppression
  
  This one is needed with the gcc options -fstack-protector-all -O2
  That brings the number of suppressions for test 165 to four, and I
  suspect I could find another two missing without trying very hard. I'm
  beginning to think suppressions isn't the best way to handle these
  kinds of cases.

Marc Hoersken (15 Feb 2014)
- testsuite: more Windows line-endings fixes

- test1114: fix line-endings checks on Windows after 75f00de

- test1113: fix line-endings checks on Windows after 75f00de5

- lib1515.c: Added support for Windows using the Sleep function

- HTTP tests: use CRLF as header seperator according to RFC 2616
  
  Updates the test suite to handle binary-mode header output.

- curl: output protocol headers using binary mode
  
  Since protocol headers contain explicit line-endings there should
  be no automatic conversion to ASCII text or CRLF line-endings.
  
  This might break third party tools that already depend on this
  behaviour. We might need to introduce an option to make this optional.

- HTTP tests: use CRLF as header seperator according to RFC 2616
  
  Changes LF to CRLF and disables automatic output conversion.

- testsuite: use binary output mode for custom curl test tools
  
  Do not try to convert line-endings to CRLF on Windows by setting stdout
  to binary mode, just like the curl tool does if --ascii is not specified.
  
  This should prevent corrupted stdout line-ending output like CRCRLF.
  
  In order to make the previously naive text-aware tests work with
  binary mode on Windows, text-mode is disabled for them if it is not
  actually part of the test case and line-endings are corrected.

- testsuite: changed HTTP and RTSP header line-endings to CRLF
  
  According to RFC 2616 and RFC 2326 individual protocol elements, like
  headers and except the actual content, are terminated by using CRLF.
  
  Therefore the test data files for these protocols need to contain
  mixed line-endings if the actual protocol elements use CRLF while
  the file uses LF.

Daniel Stenberg (14 Feb 2014)
- [Colin Hogben brought this change]

  curl_easy_setopt.3: Fix word order of CURLOPT_PROXY section
  
  The word CURLOPT_PROXYPORT became detached from its sentence when the
  note about the default was added.

Patrick Monnerat (14 Feb 2014)
- OS400: Add new options to RPG binding.

Dan Fandrich (14 Feb 2014)
- valgrind: added suppression on optimized code
  
  gcc 4.7.2 with -O2 will optimize Curl_connect by inlining some
  functions two levels deep, which makes the valgrind suppression
  fail to match. The underlying reason for these idna suppressions is
  a gcc strlen optimization when compiling libidn; compiling it with
  -fno-builtin-strlen makes this suppression unnecessary.

Daniel Stenberg (14 Feb 2014)
- [Arvid Norberg brought this change]

  dict: fix memory leak in OOM exit path
  
  Bug: https://github.com/bagder/curl/pull/90

- Curl_urldecode: don't allow NULL as receiver
  
  For a function that returns a decoded version of a string, it seems
  really strange to allow a NULL pointer to get passed in which then
  prevents the decoded data from being returned!
  
  This functionality was not documented anywhere either.
  
  If anyone would use it that way, that memory would've been leaked.
  
  Bug: https://github.com/bagder/curl/pull/90
  Reported-by: Arvid Norberg

- RELEASE-NOTES: synced with 378af08c992

- ConnectionExists: reusing possible HTTP+NTLM connections better
  
  Make sure that the special NTLM magic we do is for HTTP+NTLM only since
  that's where the authenticated connection is a weird non-standard
  paradigm.
  
  Regression brought in 8ae35102c (curl 7.35.0)
  
  Bug: http://curl.haxx.se/mail/lib-2014-02/0100.html
  Reported-by: Dan Fandrich

- [Tiit Pikma brought this change]

  transfer: make Expect: 100-continue timeout configurable.
  
  Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the
  CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable.

- [Thomas Braun brought this change]

  Fix compilation with make mingw32
  
  The source files from lib/vtls where generated in lib instead of lib/vtls.
  
  Verified-by: Thomas Braun <thomas.braun@virtuell-zuhause.de>

- chunked decoder: track overflows correctly
  
  The code didn't properly check the return codes to detect overflows so
  it could trigger incorrectly. Like on mingw32.
  
  Regression introduced in 345891edba (curl 7.35.0)
  
  Bug: http://curl.haxx.se/mail/lib-2014-02/0097.html
  Reported-by: LM

- [Fabian Frank brought this change]

  curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0

- [Fabian Frank brought this change]

  openssl: honor --[no-]alpn|npn command line switch
  
  Disable ALPN or NPN if requested by the user.

- [Fabian Frank brought this change]

  gtls: honor --[no-]alpn command line switch
  
  Disable ALPN if requested by the user.

Dan Fandrich (11 Feb 2014)
- tests: Disabled broken test 1316
  
  See http://curl.haxx.se/mail/lib-2014-02/0004.html for a
  discussion on the problem.

Daniel Stenberg (11 Feb 2014)
- version: next release will become 7.36.0

- curl_easy_setopt.3: add CURLOPT_SSL_ENABLE_ALPN/NPN

Steve Holme (10 Feb 2014)
- tool_cfgable: Moved easy handle cleanup to fix pingpong logout issues
  
  Commmit c5f8e2f5f4 removed the easy handle clean-up from tool_operate,
  letting the code that was already present in free_config_fields()
  perform the task. Unfortunately, this wasn't the correct place to do
  this as it broke protocols, that would perform a logout, as the main
  clean-up in tool_main had already been called.

Dan Fandrich (10 Feb 2014)
- secureserver: Only set stunnel FIPS option when available
  
  It seems the fips config option causes an error if FIPS mode was
  not enabled at stunnel compile-time.  FIPS support was disabled
  by default in stunnel 5.00, so this is probably really only needed
  on versions between 4.32 and 5.00.

Daniel Stenberg (10 Feb 2014)
- [Fabian Frank brought this change]

  NPN/ALPN: allow disabling via command line
  
  when using --http2 one can now selectively disable NPN or ALPN with
  --no-alpn and --no-npn. for now honored with NSS only.
  
  TODO: honor this option with GnuTLS and OpenSSL

- [Fabian Frank brought this change]

  nss: use correct preprocessor macro
  
  SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection,
  but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a
  preprocessor macro.

Steve Holme (9 Feb 2014)
- tests: Added test for IMAP LSUB command

- tests: Removed test 807 as it has been superseded by tests 815 and 816

- tests: Updated the titles of tests 815 and 816

Daniel Stenberg (9 Feb 2014)
- tool_metalink: fix compiler warning when built without metalink

Steve Holme (9 Feb 2014)
- tool_operate: Move the trace and error file closure to tool_cfgable

- TODO: Removed url-specific options

- tests: Re-enabled IMAP tests that require URL specific option support

- RELEASE-NOTES: Synced with 8e62f7a6503a

Marc Hoersken (9 Feb 2014)
- secureserver: FIPS option is only supported since stunnel 5.00

Steve Holme (9 Feb 2014)
- tool_operate: Added support for performing URL specific operations

- tool_operate: Let curl handle cleanup take place in config_free()

Dan Fandrich (9 Feb 2014)
- formdata: Must use Curl_safefree instead of free

Daniel Stenberg (8 Feb 2014)
- test96: updated according to recent changes

- runtests: allow <strippart> to remove lines
  
  For verify file, if the strippart condition removes the line completely
  it is now removed from the array.

Steve Holme (8 Feb 2014)
- tool_getparam: Added support for parsing of specific URL options

Dan Fandrich (8 Feb 2014)
- secureserver: Disable FIPS mode for stunnel
  
  It's unnecessary for curl testing, and it can otherwise cause
  stunnel to fail to start if OpenSSL doesn't support FIPS mode.

- formdata: Fixed memory leak on OOM condition

- runtests: Disable valgrind when debugging
  
  This was already mostly being done, except that analysis after the
  test still assumed that the valgrind log files would be available. An
  alternative way to handle the valgrind + gdb combination could be to
  enable one of the valgrind debugger hooks.

Steve Holme (7 Feb 2014)
- tool_cfgable: For consistency renamed init_config() to config_init()

- tool_cfgable: Introduced config_free() function

Daniel Stenberg (7 Feb 2014)
- --help: add missing --tlsv1.x options

Steve Holme (7 Feb 2014)
- lib1515.c: Fixed various compilation warnings
  
  lib1515.c:38:26 warning: unused parameter 'curl'
  lib1515.c:38:81 warning: unused parameter 'ptr'
  lib1515.c:38:5 warning: no previous prototype for 'debug_callback'
  lib1515.c:46:5 warning: no previous prototype for 'do_one_request'
  lib1515.c:120:3  warning: ISO C90 forbids mixed declarations and code
  
  As well as some code policing such as white space and braces.

Daniel Stenberg (7 Feb 2014)
- http2: updated README after NSS addition
  
  Changed the support to a little matrix and added brief explanation of
  what ALPN and NPN are for.

- nss: support pre-ALPN versions

- [Fabian Frank brought this change]

  nss: ALPN and NPN support
  
  Add ALPN and NPN support for NSS. This allows cURL to negotiate
  HTTP/2.0 connections when built with NSS.

- formpost: use semicolon in multipart/mixed
  
  Not comma, which is an inconsistency and a mistake probably inherited
  from the examples section of RFC1867.
  
  This bug has been present since the day curl started to support
  multipart formposts, back in the 90s.
  
  Reported-by: Rob Davies
  Bug: http://curl.haxx.se/bug/view.cgi?id=1333

Dan Fandrich (6 Feb 2014)
- tests: Document use of the MEMDEBUG_LOG_SYNC macro

- ssh: Fixed a NULL pointer dereference on OOM condition

Steve Holme (6 Feb 2014)
- nss: Updated copyright year for recent edits

Daniel Stenberg (6 Feb 2014)
- [Remi Gacogne brought this change]

  100-continue: fix timeout condition
  
  When using the multi socket interface, libcurl calls the
  curl_multi_timer_callback asking to be woken up after
  CURL_TIMEOUT_EXPECT_100 milliseconds.
  
  After the timeout has expired, calling curl_multi_socket_action with
  CURL_SOCKET_TIMEOUT as sockfd leads libcurl to check expired
  timeouts. When handling the 100-continue one, the following check in
  Curl_readwrite() fails if exactly CURL_TIMEOUT_EXPECT_100 milliseconds
  passed since the timeout has been set!
  
  It seems logical to consider that having waited for exactly
  CURL_TIMEOUT_EXPECT_100 ms is enough.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1334

- [Fabian Frank brought this change]

  nss: prefer highest available TLS version
  
  Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3
  if --tlsv1[.N] was not specified on the command line.

- [Romulo A. Ceccon brought this change]

  tests: add test for bug #1327 (dns cache timeout)
  
  Fix for bug #1303 (030a2b8cb) was not complete.
  libcurl still pruned DNS entries added manually
  after detecting a dead connection. This test
  checks such behavior.

- [Romulo A. Ceccon brought this change]

  tests: add test for bug #1303 (dns cache timeout)
  
  Test-case 1515 reproduces bug #1303, where libcurl
  would incorrectly prune DNS entries added via
  CURLOPT_RESOLVE after the DNS_CACHE_TIMEOUT had
  expired.

- http2: spell fixed README and added version requirement

Steve Holme (6 Feb 2014)
- tool_operate: Removed unused argument parameters from operate_do()

- tool_operate: Moved list SSL engines code into operate()

- tool_operate: Moved argument parsing into operate()

Daniel Stenberg (5 Feb 2014)
- runtests: add suppression generator help
  
  Leave the valgrind --gen-suppressions option in there, commented, to
  make it easier for next update.

- valgrind: updated suppressions file
  
  The call stack was modified in 2dc7ad23 so the supressions didn't work
  anymore.

- runtests: detect 'ares' better
  
  ... caused false detections of the threaded resolver otherwise

Steve Holme (5 Feb 2014)
- tool_operate: Moved .curlrc parsing code into operate()

- tool_operate: Moved locale setup code into operate_init()

Daniel Stenberg (5 Feb 2014)
- http2: minor update of the README

- [Fabian Frank brought this change]

  http2: rely on content-encoding header
  
  A server might respond with a content-encoding header and a response
  that was encoded accordingly in HTTP-draft-09/2.0 mode, even if the
  client did not send an accept-encoding header earlier. The server might
  not send a content-encoding header if the identity encoding was used to
  encode the response.
  
  See:
  http://tools.ietf.org/html/draft-ietf-httpbis-http2-09#section-9.3

Dan Fandrich (4 Feb 2014)
- tool_operate: shortened too-long source line

Steve Holme (4 Feb 2014)
- tool_operate: Introduced operate_free() function

- tool_operate: Introduced operate_init() function

- tool_operate: Introduced new operate() function

Daniel Stenberg (4 Feb 2014)
- http2: enforce gzip auto-decompress
  
  As this is mandated by the http2 spec draft-09

- [Tatsuhiro Tsujikawa brought this change]

  http2: handle incoming data larger than remaining buffer

- [Tatsuhiro Tsujikawa brought this change]

  http2: Check stream ID we are interested in

- [Tatsuhiro Tsujikawa brought this change]

  http2: store response header in temporary buffer

- [Tatsuhiro Tsujikawa brought this change]

  HTTP2: add layer between existing http and socket(TLS) layer
  
  This patch chooses different approach to integrate HTTP2 into HTTP curl
  stack. The idea is that we insert HTTP2 layer between HTTP code and
  socket(TLS) layer. When HTTP2 is initialized (either in NPN or Upgrade),
  we replace the Curl_recv/Curl_send callbacks with HTTP2's, but keep the
  original callbacks in http_conn struct. When sending serialized data by
  nghttp2, we use original Curl_send callback. Likewise, when reading data
  from network, we use original Curl_recv callback. In this way we can
  treat both TLS and non-TLS connections.
  
  With this patch, one can transfer contents from https://twitter.com and
  from nghttp2 test server in plain HTTP as well.
  
  The code still has rough edges. The notable one is I could not figure
  out how to call nghttp2_session_send() when underlying socket is
  writable.

- [Fabian Frank brought this change]

  gtls: add ALPN support
  
  Add ALPN support when using GnuTLS >= 3.2.0. This allows
  libcurl to negotiate HTTP/2.0 for https connections when
  built with GnuTLS.
  
  See:
  http://www.gnutls.org/manual/gnutls.html#Application-Layer-Protocol-Negotiation-_0028ALPN_0029
  http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04

Steve Holme (3 Feb 2014)
- tool_operate: Moved libcurl information gathering to tool_main

Daniel Stenberg (3 Feb 2014)
- [Fabian Frank brought this change]

  openssl: add ALPN support
  
  Add ALPN support when using OpenSSL. This will offer ALPN and NPN to the
  server, who can respond with either one or none of the two. OpenSSL >=
  1.0.2 is required, which means as of today obtaining a snapshot from
  ftp://ftp.openssl.org/snapshot/.
  
  See:
  http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
  https://github.com/openssl/openssl/blob/ba168244a14bbd056e502d7daa04cae4aabe9d0d/ssl/ssl_lib.c#L1787

Steve Holme (3 Feb 2014)
- tool_operate: Moved command line argument parsing into separate function

- tool_operate: Simplified parse .curlrc decision logic

- tool_operate: Moved main initialisation and cleanup code into tool_main

- tool_main: Fixed compilation warning from commit 0104678c79
  
  no previous prototype for function 'memory_tracking_init'

- tool_main: Changed stack based config struct to be heap based

Dan Fandrich (3 Feb 2014)
- tests: Moved some comments so the test data files parse as XML

Steve Holme (2 Feb 2014)
- tool_operate: Moved memory tracking initialisation into tool_main

- tests: Fixed test172 cookie expiry
  
  The test contains a cookie jar file where one of the cookies has an
  expiry date of 1391252187 -- Sat, 1 Feb 2014 10:56:27 GMT which has
  now expired. Updated to Wed, 14 Oct 2037 16:36:33 GMT as per test
  179.
  
  Reported-by: Adam Sampson
  Bug: http://curl.haxx.se/bug/view.cgi?id=1330

- tool_operate: Moved initial config setup into new init_config() function

- tool_main: Moved config struct initialisation into a separate function
  
  In preparation for adding URL specific options moved the initialisation
  of the Configurable structure into a separate function in tool_cfgable.

Marc Hoersken (1 Feb 2014)
- test 500: workaround low timer resolution on Windows
  
  Since the timer resolution is lower, there are actually cases that
  the compared values are equal. Therefore we check for previous
  timestamps being greater than the current one instead.

- test suite: stop conversion of valid output to CRLF on Windows
  
  Since the output isn't actually being written in text-mode and it
  was rather used as a workaround, disable text-mode for these tests.

- HTTP tests: use CRLF as header seperator according to RFC 2616

- FTP tests: enable text-mode for more datacheck sections

- FTP tests: enable text-mode for data and datacheck sections

- runtests.pl: added support for text-mode within datacheck section

- ftpserver.pl: directory LISTings use [CR][LF] for ASCII transfer
  
  According to section 2.2 of RFC959 the End-of-Line is defined as:
   The end-of-line sequence defines the separation of printing
   lines.  The sequence is Carriage Return, followed by Line Feed.
  
  Verified by sniffing traffic between a Windows FTP client (FileZilla)
  and Unix-hosted FTP server (ProFTPD).

- runtests.pl: reverse line-ending conversion on Windows
  
  It makes more sense to convert the expected output to [CR][LF] on
  Windows than to force the actual, probably correct, output to [LF].
  
  This way it is actually possible to see if curl outputs the correct
  line-ending excepted by a text-aware test case.

- winssl: improved default SSL/TLS protocol selection
  
  For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2
  if it is not explicitly enabled within grbitEnabledProtocols.
  
  More information can be found on MSDN:
  http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx

Steve Holme (31 Jan 2014)
- INSTALL: Corrected mentioned version number as release 7.34.1 became 7.35.0

- RELEASE-NOTES: Synced with 0f213fdca1

Dan Fandrich (31 Jan 2014)
- pipeline: Fixed a NULL pointer dereference on OOM

- tests: make the authorization retry tests pass the torture tests

- ftp: fixed a memory leak on wildcard error path

- netrc: Fixed a memory leak in an OOM condition

Steve Holme (30 Jan 2014)
- ntlm: Fixed a memory leak when using NTLM with a proxy server

- tests: Missed updating a type-3 message in commit 1c9aaa0bac

Daniel Stenberg (30 Jan 2014)
- http2: fix size check in on_data_chunk_recv

- http2: add CRLF when first data arrives

Steve Holme (30 Jan 2014)
- tests: Updated NTLM tests for NTLMv2 type-3 message

Daniel Stenberg (30 Jan 2014)
- [Tatsuhiro Tsujikawa brought this change]

  http2_recv: Return written length on CURLE_AGAIN

- [Tatsuhiro Tsujikawa brought this change]

  http2: Use nghttp2_session_mem_recv and nghttp2_session_upgrade

- http2: call it "HTTP 2" and not 2.0
  
  The minor version will be dropped for HTTP 2 so it will make sense to
  avoid using it in option names etc.

- http2: basic version of receiving DATA

- http2: convert HEADER frames to HTTP1-like headers
  
  ... and then go through the "normal" HTTP engine.

- http2: fix EWOULDBLOCK in recv_callback()

- http2: do the POST Upgrade dance properly

Steve Holme (30 Jan 2014)
- ntlm: Use static client nonce for the test suite

Daniel Stenberg (30 Jan 2014)
- http2.h: provide empty macros for non-http2 builds

- [Fabian Frank brought this change]

  http2: switch into http2 mode if NPN indicates
  
  Check the NPN result before preparing an HTTP request and switch into
  HTTP/2.0 mode if necessary. This is a work in progress, the actual code
  to prepare and send the request using nghttp2 is still missing from
  Curl_http2_send_request().

- http2: s/Curl_http2_request/Curl_http2_request_upgrade
  
  To better reflect its purpose

- http2-openssl: verify that NPN functionality is present

- [Fabian Frank brought this change]

  openssl: set up hooks with to perform NPN
  
  NPN is what is available in the wild today to negotiate SPDY or HTTP/2.0
  connections. It is expected to be replaced by ALPN in the future. If
  HTTP/2.0 is negotiated, this is indicated for the entire connection and
  http.c is expected to initialize itself for HTTP/2.0 instead of
  HTTP/1.1.
  
  see:
  http://technotes.googlecode.com/git/nextprotoneg.html
  http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04

- http2: added stubs for all nghttp2 callbacks
  
  This makes it easier to trace what's happening.

- http2: use FIRSTSOCKET instead of 0 to index the sockets array

- http2: receive and log the received header frames

- http2_recv: log nghttp2 return codes for debugging purposes

- HTTP2: reject nghttp2 versions before 0.3.0

- [Gisle Vanem brought this change]

  http2: adjusted to newer nghttp2_session_callbacks struct
  
  the number of elements in the 'nghttp2_session_callbacks' structure is
  now reduced by 2 in version 0.3.0 (I'm not sure when the change
  happened, but checking for ver 0.3.0 work for me).

- [Gisle Vanem brought this change]

  HTTP2: Wrong NgHTTP2 user-data
  
  Something is wrong in 'userp' for the HTTP2 recv_callback().  The
  session is created using bogus user-data; '&conn' and not 'conn'.
  
  I noticed this since the socket-value in Curl_read_plain() was set to a
  impossible high value.

- NTLM: error: conversion to 'int' from 'long int' may alter its value
  
  Fixed two compiler nits

Steve Holme (29 Jan 2014)
- ntlm: Coding style policing dating back to 2011

- ntlm: Use a timestamp of 01/01/1970 for the test suite

- ntlm: Updated Curl_ntlm_core_mk_ntlmv2_resp() to use local variables
  
  ...until the function is successful when it returns them in the out
  parameters.

- ntlm: Added cross platform support for writing NTLMv2 timestamp in buffer
  
  Added conversion functions write32_le() and write64_le() to ensure the
  NTLMv2 timestamp is always written in little-endian.

- [Prash Dush brought this change]

  ntlm: Added support for NTLMv2

Kamil Dudka (29 Jan 2014)
- nss: do not use the NSS_ENABLE_ECC define
  
  It is not provided by NSS public headers.
  
  Bug: https://bugzilla.redhat.com/1058776

- nss: do not fail if NSS does not implement a cipher
  
  ... that the user does not ask for

Daniel Stenberg (29 Jan 2014)
- http2: switch recv/send functions to http2 ones after 101

- http2: handle 101 responses and switch to HTTP2

- examples: gitignore more binaries

- bump: start working on 7.35.1

- THANKS: 19 new contributors from the 7.35.0 release notes

Version 7.35.0 (29 Jan 2014)

Daniel Stenberg (29 Jan 2014)
- RELEASE-NOTES: done for 7.35.0

Dan Fandrich (29 Jan 2014)
- tests: make a few lib15?? tests pass the OOM torture tests

- lib1900: make the test pass the OOM torture tests

- oauth2: Fixed a memory leak in an OOM condition

- unit1304: make the test pass the OOM torture tests

- unit1396: make the test pass the OOM torture tests

Daniel Stenberg (28 Jan 2014)
- [Romulo A. Ceccon brought this change]

  hostip: don't remove DNS entries that are in use
  
  hostcache_timestamp_remove() should remove old *unused* entries from the
  host cache, but it never checked whether the entry was actually in
  use. This complements commit 030a2b8cb.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1327

Dan Fandrich (28 Jan 2014)
- RELEASE-NOTES: changed encoding to UTF-8 like previous releases

Daniel Stenberg (28 Jan 2014)
- TFTP: fix crash on time-out
  
  tftp_done() can get called with its TFTP state pointer still being NULL
  on an early time-out, which caused a segfault when dereferenced.
  
  Reported-by: Glenn Sheridan
  Bug: http://curl.haxx.se/mail/lib-2014-01/0246.html

Steve Holme (28 Jan 2014)
- RELEASE-NOTES: Synced with 5a47062cada9

Daniel Stenberg (28 Jan 2014)
- [Maks Naumov brought this change]

  getpass: fix password parsing from console
  
  Incorrect password if use backspace while entered the password.
  
  Regression from f7bfdbabf2d5398f4c266eabb0992a04af661f22
  
  The '?:' operator has lower priority than the '-' operator

Dan Fandrich (26 Jan 2014)
- docs/INSTALL: Updated example minimal binary sizes

Marc Hoersken (26 Jan 2014)
- testsuite: visualize line-endings in output comparison diffs

- sockfilt.c: follow up cleanup commit on 49b63cf3

- http-pipe tests: use text as output data mode to support Windows

- sockfilt.c: fixed and simplified Windows select function
  
  Since the previous complex select function with initial support for
  non-socket file descriptors, did not actually work correctly for
  Console handles, this change simplifies the whole procedure by using
  an internal waiting thread for the stdin console handle.
  
  The previous implementation made it continuously trigger for the stdin
  handle if it was being redirected to a parent process instead of
  an actual Console input window.
  
  This approach supports actual Console input handles as well as
  anonymous Pipe handles which are used during input redirection.
  
  It depends on the fact that ReadFile supports trying to read zero bytes
  which makes it wait for the handle to become ready for reading.

- http_pipe.py: replaced epoll with select to support Windows
  
  Removed Unix-specific functionality in order to support Windows:
  - select.epoll replaced with select.select
  - SocketServer.ForkingMixIn replaced with SocketServer.ForkingMixIn
  - socket.MSG_DONTWAIT replaced with socket.setblocking(False)
  
  Even though epoll has a better performance and improved socket handling
  than select, this change should not affect the actual test case.

Dan Fandrich (25 Jan 2014)
- tests: Added missing HTTP proxy keywords

- tests: added missing <features> http to a number of tests

- tests: Added a keyword for tests depending on internal info logs

- runtests: Don't log command every torture iteration in verbose

- tests: Added missing http feature to tests 509 & 1513

- netrc: Fixed a memory and file descriptor leak on OOM

- test1514: Used the macros for host and port number

- multi: Fixed a memory leak on OOM condition

Daniel Stenberg (23 Jan 2014)
- curl_easy_setopt.3: remove what auth types that work for CURLOPT_PROXYAUTH
  
  The list was out of date and the paragraph already refers to the
  CURLOPT_HTTPAUTH explanation. All the auth bits are explained properly
  there.
  
  It also removes the ambiguity for what the "added" phrase refers to.
  
  This change based on pull request #85 on github
  
  URL: https://github.com/bagder/curl/pull/85
  Reported-by: gnawhleinad

Dan Fandrich (22 Jan 2014)
- test1514: Got rid of a non-const initializer C99ism

Steve Holme (21 Jan 2014)
- RELEASE-NOTES: added another missing bug ref

Daniel Stenberg (21 Jan 2014)
- RELEASE-NOTES: added missing bug ref

- [Fabian Frank brought this change]

  axtls: fix compiler warning on conversion ssize_t => int

- [Fabian Frank brought this change]

  SFTP: stat remote file also when CURLOPT_NOBODY is 1
  
  Make it possible to call
  curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &filesize)
  and related functions on remote sftp:// files, without downloading them.
  
  Reported-by: Yingwei Liu
  Bug: http://curl.haxx.se/mail/lib-2014-01/0139.html

- RELEASE-NOTES: synced with 12ecd56da77

- contributors.sh: output list RELEASE-NOTES formatted

- [Cédric Deltheil brought this change]

  test1514: added - no more negative Content-Length (HTTP POST)
  
  This covers changes from commit afd288b2.

- [Cédric Deltheil brought this change]

  HTTP POST: omit Content-Length if data size is unknown
  
  This prevents sending a `Content-Length: -1` header, e.g this ocurred
  with the following combination:
  
  * standard HTTP POST (no chunked encoding),
  * user-defined read function set,
  * `CURLOPT_POSTFIELDSIZE(_LARGE)` NOT set.
  
  With this fix it now behaves like HTTP PUT.

- [Fabian Frank brought this change]

  disable GnuTLS insecure ciphers
  
  Make GnuTLS old and new consistent, specify the desired protocol, cipher
  and certificate type in always in both modes. Disable insecure ciphers
  as reported by howsmyssl.com. Honor not only --sslv3, but also the
  --tlsv1[.N] switches.
  
  Related Bug: http://curl.haxx.se/bug/view.cgi?id=1323

- curl_getdate.3: edited, removed references to pre 7.12.2 functionality

- gtls: fix compiler warnings on conversions size_t => unsigned int

Steve Holme (19 Jan 2014)
- tool: Fixed incorrect return code if password prompting runs out of memory
  
  Due to the changes in commit 3c929ff9f6ea and lack of subsequent
  updates, curl could return a CURLE_FTP_ACCEPT_FAILED error if
  checkpasswd() ran out of memory in versions 7.33.0 and 7.34.0.
  
  Updated the function declaration and return code to return
  CURLE_OUT_OF_MEMORY and CURLE_OK where appropriate.

- RELEASE-NOTES: Synced with 2cac75c4e400

- http_chunks.c: Fixed compilation warnings under some 32-bit systems
  
  conversion from 'curl_off_t' to 'size_t', possible loss of data
  
  Where curl_off_t is a 64-bit word and size_t is 32-bit - for example
  with 32-bit Windows builds.

- tool: Fixed incorrect return code if command line parser runs out of memory
  
  In the rare instance where getparameter() may return PARAM_NO_MEM whilst
  parsing a URL, cURL would return this error code, which is equivalent to
  CURLE_FTP_ACCEPT_FAILED in cURL error codes terms.
  
  Instead, return CURLE_FAILED_INIT and output the failure reason as per
  the other usage of getparameter().

Daniel Stenberg (18 Jan 2014)
- [Tobias Markus brought this change]

  Subject: progress bar: increase update frequency to 10Hz
  
  Increasing the update frequency of the progress bar to 10Hz greatly
  improves the visual appearance of the progress bar (at least in my
  impression).
  
  Signed-off-by: Tobias Markus <tobias@markus-regensburg.de>

- [Tobias Markus brought this change]

  progress bar: always update when at 100%
  
  Currently, the progress bar is updated at 5Hz. Because it is often not
  updated to 100% when the download is finished and curl exits, the bar
  is often "stuck" at 90-something, thus irritating the user.
  
  This patch fixes this by always updating the progress bar (instead of
  waiting for 200ms to have elapsed) while the download is finished but
  curl has not yet exited. This should not greatly affect performance
  because that moment is rather short.
  
  Signed-off-by: Tobias Markus <tobias@markus-regensburg.de>

Steve Holme (18 Jan 2014)
- win32: Added additional preprocessor check for Version Helper API
  
  A follow up patch to commit d2671340a613 as _WIN32_WINNT_WIN2K and
  _WIN32_WINNT_WIN2K may not be defined on all systems.

- win32: Corrected the preprocessor check for Version Helper API
  
  Following some auto build failures after commit c7a76bb056f31e changed
  the preprocessor check to use _WIN32_WINNT.

Daniel Stenberg (17 Jan 2014)
- cookie: max-age fixes
  
  1 - allow >31 bit max-age values
  
  2 - don't overflow on extremely large max-age values when we add the
  value to the current time
  
  3 - make sure max-age takes precedence over expires as dictated by
  RFC6265
  
  Bug: http://curl.haxx.se/mail/lib-2014-01/0130.html
  Reported-by: Chen Prog

- test1417: verify chunked-encoding transfer without CR
  
  As was introduced in 8f6b4be8af04

- chunked parsing: relax the CR strictness
  
  Allow for chunked-encoding data to get parsed with only LF line endings.
  This is allowed by browsers.

- test1416: verify the chunked size overflow detection

- chunked-parser: abort on overflows, allow 64 bit chunks

Dan Fandrich (17 Jan 2014)
- Fixed some XML syntax issues in the test data
  
  Also, make the ftp server return a canned response that doesn't
  cause XML verification problems.  Although the test file format
  isn't technically XML, it's still handy to be able to use XML
  tools to verify and manipulate them.

Daniel Stenberg (16 Jan 2014)
- [Michael Osipov brought this change]

  configure: fix gssapi linking on HP-UX
  
  The issue is with HP-UX that is comes with HP flavor of MIT
  Kerberos. This means that there is no krb5-config and the lib is called
  libgss.so
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1321

- Curl_cookie_add: remove 'now' from curl_getdate() call
  
  The now argument is unused by curl_getdate()

Steve Holme (15 Jan 2014)
- pop3-dele.c: Added missing CURLOPT_NOBODY following feedback

Daniel Stenberg (16 Jan 2014)
- connect.c:942:84: warning: Longer than 79 columns

Steve Holme (15 Jan 2014)
- connect.c: Corrected version compare in commit c7a76bb056f31e

- RELEASE-NOTES: Synced with c7a76bb056f31e

- win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
  
  Starting with Visual Studio 2013 (VC12) and Windows 8.1 the
  GetVersionInfoEx() function has been marked as deprecated and it's
  return value atered. Updated connect.c and curl_sspi.c to use
  VerifyVersionInfo() where possible, which has been available since
  Windows 2000.

Daniel Stenberg (14 Jan 2014)
- curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*

- TODO: Allow SSL (HTTPS) to proxy

- TODO: remove FTP proxy and more SSL libraries

- TODO: Detect when called from witin callbacks

Marc Hoersken (13 Jan 2014)
- secureserver.pl: follow up fix for 87ade5f
  
  Since /dev/stdout is not always emulated on Windows,
  just skip the output option on Windows.
  
  MinGW/msys support /dev/stdout only from a new login shell.

Daniel Stenberg (13 Jan 2014)
- [Colin Hogben brought this change]

  error message: Sensible message on timeout when transfer size unknown
  
  A transfer timeout could result in an error message such as "Operation
  timed out after 3000 milliseconds with 19 bytes of -1 received".  This
  patch removes the non-sensical "of -1" when the size of the transfer
  is unknown, mirroring the logic in lib/transfer.c

Marc Hoersken (13 Jan 2014)
- secureserver.pl: added full support for tstunnel on Windows
  
  tstunnel on Windows does not support the pid option and is unable
  to write to an output log that is already being used as a redirection
  target for stdout. Therefore it does now output all log data to stdout
  by default and secureserver.pl creates a fake pidfile on Windows.

Steve Holme (12 Jan 2014)
- examples: Fixed compilation errors
  
  error: 'MULTI_PERFORM_HANG_TIMEOUT' undeclared

- imap-multi.c: Corrected typo

- smtp-multi.c: Minor coding style tidyup following POP3 and IMAP additions

- examples: Added IMAP multi example

- pop3-multi.c: Corrected copy/paste typo

- examples: Added POP3 multi example

- examples: Added comments to SMTP multi example based on other MAIL examples

- examples: Removed user information and TLS setup from SMTP multi example
  
  Simplified the SMTP multi example as this example should demonstrate
  the differences the easy and multi interfaces rather than introduce new
  concepts such as user authentication and TLS which are shown in the TLS
  and SSL examples.

- examples: Updated SMTP MAIL example to return libcurl result code

- examples: Synchronised comments between SMTP MAIL examples

- examples: Updated SMTP MAIL example to use a read function for data
  
  Updated to read data from a callback rather than from stdio as this is
  more realistic to most use cases.

Daniel Stenberg (12 Jan 2014)
- OpenSSL: deselect weak ciphers by default
  
  By default even recent versions of OpenSSL support and accept both
  "export strength" ciphers, small-bitsize ciphers as well as downright
  deprecated ones.
  
  This change sets a default cipher set that avoids the worst ciphers, and
  subsequently makes https://www.howsmyssl.com/a/check no longer grade
  curl/OpenSSL connects as 'Bad'.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1323
  Reported-by: Jeff Hodges

- multi: remove MULTI_TIMEOUT_INACCURACY
  
  With the recently added timeout "reminder" functionality, there's no
  reason left for us to execute timeout code before the time is
  ripe. Simplifies the handling too.
  
  This will make the *TIMEOUT and *CONNECTTIMEOUT options more accurate
  again, which probably is most important when the *_MS versions are used.
  
  In multi_socket, make sure to update 'now' after having handled activity
  on a socket.

Steve Holme (11 Jan 2014)
- Makefile.dist: Added support for VC7
  
  Currently VC7 and VC7.1 builds have to be ran with the VC variable set
  to vc6 which is not only inconsistent with the nmake winbuild system
  but also with newer versions of Visual Studio supported by this file.
  
  Note: This doesn't break the build for anyone still running with the
  VC variable set to vc6 or not set (which defaults to vc6).

- RELEASE-NOTES: Synced with 980659a2caa285

Daniel Stenberg (10 Jan 2014)
- multi_socket: remind app if timeout didn't run
  
  BACKGROUND:
  
  We have learned that on some systems timeout timers are inaccurate and
  might occasionally fire off too early. To make the multi_socket API work
  with this, we made libcurl execute timeout actions a bit early too if
  they are within our MULTI_TIMEOUT_INACCURACY. (added in commit
  2c72732ebf, present since 7.21.0)
  
  Switching everything to the multi API made this inaccuracy problem
  slightly more notable as now everyone can be affected.
  
  Recently (commit 21091549c02) we tweaked that inaccuracy value to make
  timeouts more accurate and made it platform specific. We also figured
  out that we have code at places that check for fixed timeout values so
  they MUST NOT run too early as then they will not trigger at all (see
  commit be28223f35 and a691e044705) - so there are definitately problems
  with running timeouts before they're supposed to run. (We've handled
  that so far by adding the inaccuracy margin to those specific timeouts.)
  
  The libcurl multi_socket API tells the application with a callback that
  a timeout expires in N milliseconds (and it explicitly will not tell it
  again for the same timeout), and the application is then supposed to
  call libcurl when that timeout expires. When libcurl subsequently gets
  called with curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...), it
  knows that the application thinks the timeout expired - and alas, if it
  is within the inaccuracy level libcurl will run code handling that
  handle.
  
  If the application says CURL_SOCKET_TIMEOUT to libcurl and _isn't_
  within the inaccuracy level, libcurl will not consider the timeout
  expired and it will not tell the application again since the timeout
  value is still the same.
  
  NOW:
  
  This change introduces a modified behavior here. If the application says
  CURL_SOCKET_TIMEOUT and libcurl finds no timeout code to run, it will
  inform the application about the timeout value - *again* even if it is
  the same timeout that it already told about before (although libcurl
  will of course tell it the updated time so that it'll still get the
  correct remaining time). This way, we will not risk that the application
  believes it has done its job and libcurl thinks the time hasn't come yet
  to run any code and both just sit waiting. This also allows us to
  decrease the MULTI_TIMEOUT_INACCURACY margin, but that will be handled
  in a separate commit.
  
  A repeated timeout update to the application risk that the timeout will
  then fire again immediately and we have what basically is a busy-loop
  until the time is fine even for libcurl. If that becomes a problem, we
  need to address it.

- threaded-resolver: never use NULL hints with getaddrinfo
  
  The net effect of this bug as it appeared to users, would be that
  libcurl would timeout in the connect phase.
  
  When disabling IPv6 use but still using getaddrinfo, libcurl would
  wrongly not init the "hints" struct field in init_thread_sync() which
  would subsequently lead to a getaddrinfo() invoke with a zeroed hints
  with ai_socktype set to 0 instead of SOCK_STREAM. This would lead to
  different behaviors on different platforms but basically incorrect
  output.
  
  This code was introduced in 483ff1ca75cbea, released in curl 7.20.0.
  
  This bug became a problem now due to the happy eyeballs code and how
  libcurl now traverses the getaddrinfo() results differently.
  
  Bug: http://curl.haxx.se/mail/lib-2014-01/0061.html
  Reported-by: Fabian Frank
  Debugged-by: Fabian Frank

Nick Zitzmann (9 Jan 2014)
- darwinssl: un-break Leopard build after PKCS#12 change
  
  It turns out errSecDecode wasn't defined in Leopard's headers. So
  we use the enum's value instead.
  
  Bug: http://curl.haxx.se/mail/lib-2013-12/0150.html
  Reported by: Abram Pousada

Daniel Stenberg (8 Jan 2014)
- Curl_updateconninfo: don't do anything for UDP "connections"
  
  getpeername() doesn't work for UDP sockets since they're not connected
  
  Reported-by: Priyanka Shah
  Bug: http://curl.haxx.se/mail/archive-2014-01/0016.html

- info: remove debug output
  
  Removed some of the infof() calls that were added with the recent
  pipeline improvements but they're not useful to the vast majority of
  readers and the pipelining seems to fundamentaly work - the debugging
  outputs can easily be added there if debugging these functions is needed
  again.

- runtests: disable memory tracking with threaded resolver
  
  The built-in memory debug system doesn't work with multi-threaded use so
  instead of causing annoying false positives, disable the memory tracking
  if the threaded resolver is used.

- trynextip: fix build for non-IPV6 capable systems
  
  AF_INET6 may not exist then
  
  Patched-by: Iida Yosiaki
  Bug: http://curl.haxx.se/bug/view.cgi?id=1322

Steve Holme (8 Jan 2014)
- makefile: Added support for VC12

- makefile: Added support for VC11

- winbuild: Follow up fix for a47c142a88c0, 11e8066ef956 and 92b9ae5c5d59

Daniel Stenberg (7 Jan 2014)
- mk-ca-bundle.1: document -d

Steve Holme (7 Jan 2014)
- RELEASE-NOTES: Synced with 8ae35102c43d8d

Daniel Stenberg (7 Jan 2014)
- ConnectionExists: fix NTLM check for new connection
  
  When the requested authentication bitmask includes NTLM, we cannot
  re-use a connection for another username/password as we then risk
  re-using NTLM (connection-based auth).
  
  This has the unfortunate downside that if you include NTLM as a possible
  auth, you cannot re-use connections for other usernames/passwords even
  if NTLM doesn't end up the auth type used.
  
  Reported-by: Paras S
  Patched-by: Paras S
  Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html

Steve Holme (5 Jan 2014)
- examples: Added required libcurl version information to SMTP examples

Daniel Stenberg (5 Jan 2014)
- mk-ca-bundle.pl: avoid warnings with -d without parameter

- [Leif W brought this change]

  mk-ca-bundle: introduces -d and warns about using this script

Steve Holme (5 Jan 2014)
- Makefile: Added missing WinSSL and x64 configurations

Marc Hoersken (5 Jan 2014)
- docs/INTERNALS: follow up fix for 11e8066 and 92b9ae5

- packages: follow up fix for a47c142, 11e8066 and 92b9ae5

- multi.c: fix possible dereference of null pointer

Steve Holme (5 Jan 2014)
- Examples: Renamed SMTP MAIL example to match other email examples

- examples: Added POP3 TLS example

- examples: Added IMAP NOOP example

- examples: Added POP3 NOOP example

- pop3-stat.c: Corrected small typo from commit 91d62e9abd761c

- examples: Added POP3 STAT example

- examples: Added POP3 TOP example

- examples: Added POP3 DELE example

- examples: Added POP3 UIDL example

- examples: Added POP3 RETR example

- examples: Added return of error code in POP3 examples

- runtests.pl: Updated copyright year after edit from d718abd968aeb4

- examples: Reworked POP3 examples for additional upcoming POP3 examples

- examples: Added SMTP SSL example

- examples: Added IMAP SSL and TLS examples

Marc Hoersken (5 Jan 2014)
- runtests.pl: check for tstunnel command on Windows
  
  The Windows console version of stunnel is called "tstunnel", while
  running "stunnel" on Windows spawns a new console window which
  cannot be handled by the testsuite.

- testcurl.pl: always show the last 5 commits even with --nogitpull

Daniel Stenberg (4 Jan 2014)
- ftp tests: provide LIST responses in the test file itself
  
  Previously LIST always returned a fixed hardcoded list that the ftp
  server code knew about, mostly since the server didn't get any test case
  number in the LIST scenario. Starting now, doing a CWD to a directory
  named test-[number] will make the test server remember that number and
  consider it a test case so that a subsequent LIST command will send the
  <data> section of that test case back.
  
  It allows LIST tests to be made more similar to how all other tests
  work.
  
  Test 100 was updated to provide its own directory listing.

Steve Holme (4 Jan 2014)
- examples: Standardised username and password settings for all email examples
  
  Replaced the use of CURLOPT_USERPWD for the preferred CURLOPT_USERNAME
  and CURLOPT_PASSWORD options and used the same username and password for
  all email examples which is the same as that used in the test suite.

- Updated copyright year for recent changes

Marc Hoersken (4 Jan 2014)
- secureserver.pl: support for stunnel-path with nun-alphanum chars
  
  This is desired to support stunnel installations on Windows.

- conncache.c: fix possible dereference of null pointer

- docs: primarily refer to schannel as WinSSL

Steve Holme (4 Jan 2014)
- examples: Added IMAP COPY example

- examples: Added IMAP DELETE example

- examples: Added IMAP CREATE example

Daniel Stenberg (4 Jan 2014)
- FTP parselist: fix "total" parser
  
  A regression introduced in 7f3b87d8782eae1 (present in the 7.21.4 release)
  broke the total parser. Now skip the whitespace and the digits.
  
  Reported-by: Justin Maggard
  Bug: http://curl.haxx.se/mail/lib-2014-01/0019.html

- test1513: fix spelling

Marc Hoersken (3 Jan 2014)
- Makefile.vc6: follow up fix for 11e8066 and 92b9ae5

Daniel Stenberg (3 Jan 2014)
- test1513: added - verify early progress callback return fail
  
  Verify the change brought in commit 8e11731653061. It makes sure that
  returning a failure from the progress callback even very early results
  in the correct return code.

- progresscallback: make CURLE_ABORTED_BY_CALLBACK get returned better
  
  When the progress callback returned 1 at a very early state, the code
  would not make CURLE_ABORTED_BY_CALLBACK get returned but the process
  would still be interrupted. In the HTTP case, this would then cause a
  CURLE_GOT_NOTHING to erroneously get returned instead.
  
  Reported-by: Petr Novak
  Bug: http://curl.haxx.se/bug/view.cgi?id=1318

Marc Hoersken (3 Jan 2014)
- unittests: do not include curl_memory.h
  
  memdebug.h already contains all required definitions and including
  curl_memory.h causes errors like the following:
  
  tests/unit/unit1394.c:119: undefined reference to `Curl_cfree'
  tests/unit/unit1394.c:120: undefined reference to `Curl_cfree'

Daniel Stenberg (3 Jan 2014)
- pipeline: remove print_pipeline()
  
  This is a debug function only and serves no purpose in production code,
  it only slows things down. I left the code #ifdef'ed for possible future
  pipeline debugging.
  
  Also, this was a global function without proper namespace usage.
  
  Reported-by: He Qin
  Bug: http://curl.haxx.se/bug/view.cgi?id=1320

- openssl: allow explicit sslv2 selection
  
  If OpenSSL is built to support SSLv2 this brings back the ability to
  explicitly select that as a protocol level.
  
  Reported-by: Steve Holme
  Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html

Steve Holme (2 Jan 2014)
- Bumped copyright year to 2014

- Updated copyright year for recent changes

Marc Hoersken (3 Jan 2014)
- vtls/nssg.h: fixed include references to moved file

Daniel Stenberg (3 Jan 2014)
- [Christian Weisgerber brought this change]

  curl_easy_setopt.3: fix formatting mistakes
  
  This fixes two markup typos I noticed in curl_easy_setopt.3.  (The use
  of bold vs. italics seems a bit inconsistent in that page, but it should
  at least be valid man syntax.)

- [Barry Abrahamson brought this change]

  OpenSSL: Fix forcing SSLv3 connections
  
  Some feedback provided by byte_bucket on IRC pointed out that commit
  db11750cfa5b1 wasn’t really correct because it allows for “upgrading” to a
  newer protocol when it should be only allowing for SSLv3.
  
  This change fixes that.
  
  When SSLv3 connection is forced, don't allow SSL negotiations for newer
  versions.  Feedback provided by byte_bucket in #curl.  This behavior is
  also consistent with the other force flags like --tlsv1.1 which doesn't
  allow for TLSv1.2 negotiation, etc
  
  Feedback-by: byte_bucket
  Bug: http://curl.haxx.se/bug/view.cgi?id=1319

Guenter Knauf (2 Jan 2014)
- Trial to fix the nmake Makefile for vtls files.

Steve Holme (2 Jan 2014)
- examples: Added IMAP SEARCH example

- examples: Added IMAP EXAMINE mailbox folder example

Guenter Knauf (2 Jan 2014)
- Fix NetWare build for vtls files.

Daniel Stenberg (1 Jan 2014)
- CMakeLists.txt: add standard curl source code header

- CMakeLists.txt: add warning about the cmake build's state

Steve Holme (1 Jan 2014)
- examples: Updated SMTP multi example to be more realistic
  
  Updated the contents of the email and payload callback as per the IMAP
  and other SMTP examples.

Daniel Stenberg (1 Jan 2014)
- [Barry Abrahamson brought this change]

  OpenSSL: Fix forcing SSLv3 connections
  
  Since ad34a2d5c87c7f4b14e8dded3 (present in 7.34.0 release) forcing
  SSLv3 will always return the error "curl: (35) Unsupported SSL protocol
  version" Can be replicated with `curl -I -3 https://www.google.com/`.
  This fix simply allows for v3 to be forced.

Steve Holme (1 Jan 2014)
- examples: Corrected unescaped backslash in imap-store.c

- examples: Update SMTP TLS example mail content to be RFC-2821 compliant
  
  ...and made some minor coding style changes to better match the curl
  coding standards as well as the other email related examples.

- examples: Added IMAP APPEND example

- examples: Added IMAP STORE example

- RELEASE-NOTES: Synced with 7de2e032584d44

- examples: Added IMAP LIST mailbox example

- examples: Updated IMAP fetch example for libcurl 7.30.0

- examples: Rename before adding additional email examples

- examples: Added SMTP EXPN command example

- examples: Added SMTP email verification example

- imap: Fixed line length warning

- mprintf: Replaced internal usage of FORMAT_OFF_T and FORMAT_OFF_TU
  
  Following commit 0aafd77fa4c6f2, replaced the internal usage of
  FORMAT_OFF_T and FORMAT_OFF_TU with the external versions that we
  expect API programmers to use.
  
  This negates the need for separate definitions which were subtly
  different under different platforms/compilers.

- examples: Updated copyright year for recent edits

- examples: Corrected incorrect indentation in smtp-multi.c

- examples: Updated SMTP examples to set CURLOPT_UPLOAD

- mprintf: Added support for I, I32 and I64 size specifiers
  
  Added support to the built-in printf() replacement functions, for these
  non-ANSI extensions when compiling under Visual Studio, Borland, Watcom
  and MinGW.
  
  This fixes problems when generating libcurl source code that contains
  curl_off_t variables.

- curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
  
  Although added to CURLOPT_INFILESIZE in commit ee3d3adc6fe155 it was
  never added to CURLOPT_INFILESIZE_LARGE.

- tests: Disabled NTLM tests when running with SSPI enabled

- connect.c: Fixed compilation warning
  
  warning: 'res' may be used uninitialized in this function

- runtests.pl: Fixed slightly incorrect regex in commit 28dd47d4d41900

- [Björn Stenberg brought this change]

  connect: Try all addresses in first connection attempt
  
  Fixes a bug when all addresses in the first family fail immediately, due
  to "Network unreachable" for example, curl would hang and never try the
  next address family.
  
  Iterate through all address families when to trying establish the first
  connection attempt.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1315
  Reported-by: Michal Górny and Anthony G. Basile

- runtests.pl: Optimised feature present checking code
  
  ...to exclude not present features.

- runtests.pl: Added the ability to run tests when a feature is not present

- ftpserver.pl: Fixed compilation error
  
  Unmatched right curly bracket at line 758, at end of line

- ftpserver.pl: Reworked SMTP verified server detection
  
  Following the addition of informational commands to the SMTP protocol,
  the test server is no longer required to return the verified server
  information in responses that curl only outputs in verbose mode.
  
  Instead, a similar detection mechanism to that used by FTP, IMAP and
  POP3 can now be used.

- sendf.c: Fixed compilation warning from f2d234a4dd9bcc
  
  sendf.c:450:81: warning: Longer than 79 columns

- FILE: Fixed sending of data would always return CURLE_WRITE_ERROR
  
  Introduced in commit 2a4ee0d2215556 sending of data via the FILE
  protocol would always return CURLE_WRITE_ERROR regardless of whether
  CURL_WRITEFUNC_PAUSE was returned from the callback function or not.

Daniel Stenberg (26 Dec 2013)
- FILE: we don't support paused transfers using this protocol
  
  Make sure that we detect such attempts and return a proper error code
  instead of silently handling this in problematic ways.
  
  Updated the documentation to mention this limitation.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1286

Steve Holme (26 Dec 2013)
- vtls: Updated comments referencing sslgen.c and ssluse.c

- vtls: Fixed up include of vtls.h

Daniel Stenberg (25 Dec 2013)
- curl_dofree: allow free(NULL)
  
  Previously this memdebug free() replacement didn't properly work with a
  NULL argument which has made us write code that avoids calling
  free(NULL) - which causes some extra nuisance and unnecessary code.
  Starting now, we should allow free(NULL) even when built with the
  memdebug system enabled.
  
  free(NULL) is permitted by POSIX

Steve Holme (25 Dec 2013)
- RELEASE-NOTES: Synced with 0ff0a994ada62a

Daniel Stenberg (25 Dec 2013)
- Curl_thread_create: use Curl_safefree to allow NULL better
  
  free() itself allows a NULL input but our memory debug system requires
  Curl_safefree() to be used instead when a "legitimate" NULL may be freed. Like
  in the code here.
  
  Pointed-out-by: Steve Holme

- [Luke Dashjr brought this change]

  threaded resolver: Use pthread_t * for curl_thread_t
  
  ... since pthread_t may be non-scalar and/or may represent a real thread
  with scalar 0.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1314

Steve Holme (24 Dec 2013)
- imap: Fixed auth preference not being honored when CAPABILITY not supported
  
  If a user indicated they preferred to authenticate using a SASL
  mechanism, but SASL authentication wasn't supported by the server, curl
  would always fall back to clear text when CAPABILITY wasn't supported,
  even though the user didn't want to use this.

- pop3: Fixed auth preference not being honored when CAPA not supported
  
  If a user indicated they preferred to authenticate using APOP or a SASL
  mechanism, but neither were supported by the server, curl would always
  fall back to clear text when CAPA wasn't supported, even though the
  user didn't want to use this.
  
  This also fixes the auto build failure caused by commit 6f2d5f0562f64a.

Daniel Stenberg (24 Dec 2013)
- TheArtOfHttpScripting: major update, converted layout and more

- Curl_pp_readresp: use memmove not memcpy, possibly overlapping areas
  
  Fixes commit 1deac31eba7

Steve Holme (24 Dec 2013)
- RELEASE-NOTES: Corrected copy/paste typo

- pop3: Fixed APOP being determined by CAPA response rather than by timestamp
  
  This commit replaces that of 9f260b5d6610f3 because according to RFC-2449,
  section 6, there is no APOP capability "...even though APOP is an
  optional command in [POP3].  Clients discover server support of APOP by
  the presence in the greeting banner of an initial challenge enclosed in
  angle brackets."

- tests: Removed APOP timestamp from default server greeting

- test936: Corrected login details from commit 7246255416617a

- ftpserver.pl: Updated custom full text REPLY regex
  
  SASL downgrade tests: 833, 835, 879, 881, 935 and 937 would fail as
  they contained a minus sign in their authentication mechanism and this
  would be missed by the custom reply parser.

- tests: Corrected syntax error from commit 7246255416617a

- tests: Added SMTP SASL downgrade tests

- tests: Added POP3 SASL downgrade tests

- tests: Added IMAP SASL downgrade tests

Daniel Stenberg (22 Dec 2013)
- docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://

- FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
  
  The FILE:// code doesn't support this option - and it doesn't make sense
  to support it as long as it works as it does since then it'd only block
  even longer.
  
  But: setting CURLOPT_MAX_RECV_SPEED_LARGE would make the transfer first
  get done and then libcurl would wait until the average speed would get
  low enough. This happened because the transfer happens completely in the
  DO state for FILE:// but then it would still unconditionally continue in
  to the PERFORM state where the speed check is made.
  
  Starting now, the code will skip from DO_DONE to DONE immediately if no
  socket is set to be recv()ed or send()ed to.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1312
  Reported-by: Mohammad AlSaleh

Steve Holme (22 Dec 2013)
- ftpserver.pl: Fixed runtime warning from commit 7da9c95bcf1fe6
  
  Use of uninitialized value $FTPARG in concatenation (.) or string at
  line 3255.

- ftpserver.pl: Added the ability to send custom full text replies

- ftpserver.pl: Added the ability to specify custom full text replies

- ftpserver.pl: Renamed commandreply variable from customreply

- tests: Added SASL cancellation keywords
  
  Added SASL CANCELLATION keywords to differentiate these tests from the
  upcoming SASL downgrade tests.

- email: Fixed segfault introduced in commit 195b63f99c2fe3

Daniel Stenberg (22 Dec 2013)
- code police: fix indent level to silence checksrc complaints

Steve Holme (21 Dec 2013)
- email: Extended the login options to support multiple auth mechanisms

Daniel Stenberg (22 Dec 2013)
- Curl_pp_readresp: replace stupid loop with memcpy

- Curl_pp_readresp: zero terminate line
  
  The comment in the code mentions the zero terminating after having
  copied data, but it mistakingly zero terminated the source data and not
  the destination! This caused the test 864 problem discussed on the list:
  
  http://curl.haxx.se/mail/lib-2013-12/0113.html
  Signed-off-by: Daniel Stenberg <daniel@haxx.se>

Steve Holme (21 Dec 2013)
- Revert "pop3: Added debug information to assist with test864 failure"
  
  This reverts commit 727d798d680f29c8b3cb7d7f03d6b6a3eb4356da.

- pop3: Added debug information to assist with test864 failure

- RELEASE-NOTES: Synced with 812c5ace759d04

- pop3: Fixed APOP timestamp detection from commit 1cfb436a2f1795

Daniel Stenberg (20 Dec 2013)
- Makefile.inc: use standard source header

- Makefile.inc: specify the vtls sources+headers separately

- vtls: renamed sslgen.[ch] to vtls.[ch]

- openssl: renamed backend files to openssl.[ch]

- vtls: moved all TLS/SSL source and header files into subdir

- vtls: created subdir, moved sslgen.[ch] there, updated all include lines

Steve Holme (20 Dec 2013)
- pop3: Fixed selection of APOP when server replies with an invalid timestamp
  
  Although highlighted by a bug in commit 1cfb436a2f1795, APOP
  authentication could be chosen if the server was to reply with an empty
  or missing timestamp in the server greeting and APOP was given in the
  capability list by the server.

- pop3: Fixed processing of more than one response when sent in same packet
  
  Added a loop to pop3_statemach_act() in which Curl_pp_readresp() is
  called until the cache is drained. Without this multiple responses
  received in a single packet could result in a hang or delay.

- pop3: Moved CAPA response handling to pop3_state_capa_resp()
  
  Similar to the processing of untagged CAPABILITY responses in IMAP and
  multi-line EHLO responses in SMTP, moved the processing of multi-line
  CAPA responses to pop3_state_capa_resp().

- pop3: Moved APOP detection into pop3_state_servergreet_resp()
  
  In an effort to reduce what pop3_endofresp() does and bring the POP3
  source back inline with the IMAP and SMTP protocols, moved the APOP
  detection into pop3_state_servergreet_resp().

- curl_easy_setopt: Fixed OAuth 2.0 Bearer option name
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1313
  Reported-by: Viktor Szakáts

Daniel Stenberg (18 Dec 2013)
- curl.1: remove URL encoding phrase from --data description
  
  ... it could be misleading a reader into thinking it _has_ to be encoded.

Steve Holme (18 Dec 2013)
- imap/pop3/smtp: Added support for SASL authentication downgrades
  
  Added support for downgrading the SASL authentication mechanism when the
  decoding of CRAM-MD5, DIGEST-MD5 and NTLM messages fails. This enhances
  the previously added support for graceful cancellation by allowing the
  client to retry a lesser SASL mechanism such as LOGIN or PLAIN, or even
  APOP / clear text (in the case of POP3 and IMAP) when supported by the
  server.

Daniel Stenberg (18 Dec 2013)
- RELEASE-PROCEDURE: new document

- gitignore: ignore .dirstamp files

- smtp: fix compiler warning
  
  smtp.c:478:21: error: unused variable 'smtpc' [-Werror=unused-variable]

Steve Holme (18 Dec 2013)
- smtp: Moved the calculation of SASL login details into a separate function

- pop3: Moved the calculation of SASL login details into a separate function

- imap: Moved the calculation of SASL login details into a separate function

- smtp: Moved the sending of the AUTH command into a separate function

- pop3: Moved the sending of the AUTH command into a separate function

- imap: Moved the sending of the AUTHENICATE command into a separate function

- email: Renamed *_perform_authenticate() functions
  
  In preparation for the upcoming SASL downgrade feature renamed the
  imap__perform_authenticate(), pop3__perform_authenticate() and
  smtp__perform_authenticate() functions.

Daniel Stenberg (17 Dec 2013)
- bump: start working on the next release

Version 7.34.0 (16 Dec 2013)

Daniel Stenberg (16 Dec 2013)
- RELEASE-NOTES: synced with c0ef05e67
  
  ... for the pending 7.34.0 release
  
  Upped the contributor count

- THANKS: add contributors from 7.34.0 release
  
  24 new great friends

- gtls: respect *VERIFYHOST independently of *VERIFYPEER
  
  Security flaw CVE-2013-6422
  
  This is conceptually the same problem and fix that 3c3622b6 brought to the
  OpenSSL backend and that resulted in CVE-2013-4545.
  
  This version of the problem was independently introduced to the GnuTLS
  backend with commit 59cf93cc, present in the code since the libcurl
  7.21.4 release.
  
  Advisory: http://curl.haxx.se/docs/adv_20131217.html
  Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html
  Reported-by: Marc Deslauriers

- curl.1 document -J doesn't %-decode
  
  ...also added as KNOWN_BUG #87 with reference to bug #1294

- multi: add timer inaccuracy margin to timeout/connecttimeout
  
  Since all systems have inaccuracy in the timeout handling it is
  imperative that we add an inaccuracy margin to the general timeout and
  connecttimeout handling with the multi interface. This way, when the
  timeout fires we should be fairly sure that it has passed the timeout
  value and will be suitably detected.
  
  For cases where the timeout fire before the actual timeout, we would
  otherwise consume the timeout action and still not run the timeout code
  since the condition wasn't met.
  
  Reported-by: He Qin
  Bug: http://curl.haxx.se/bug/view.cgi?id=1298

- RELEASE-NOTES: synced with dd4d9ea542

- curl_easy_setopt: clarify some USERPWD and PROXYUSERPWD details

- login options: remove the ;[options] support from CURLOPT_USERPWD
  
  To avoid the regression when users pass in passwords containing semi-
  colons, we now drop the ability to set the login options with the same
  options. Support for login options in CURLOPT_USERPWD was added in
  7.31.0.
  
  Test case 83 was modified to verify that colons and semi-colons can be
  used as part of the password when using -u (CURLOPT_USERPWD).
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1311
  Reported-by: Petr Bahula
  Assisted-by: Steve Holme
  Signed-off-by: Daniel Stenberg <daniel@haxx.se>

Steve Holme (14 Dec 2013)
- imap: Fixed exclude of clear text when using auth=* in commit 75cd7fd66762bb
  
  It is not 100% clear whether * should include clear text LOGIN or not
  from RFC-5092, however, including it is then consistent with current
  POP3 behaviour where clear text, APOP or SASL may be chosen.

- imap: Fixed incorrect fallback to clear text authentication
  
  If a specific SASL authentication mechanism was requested by the user
  as part of the login options but wasn't supported by the server then
  curl would fallback to clear text, when it shouldn't, rather than
  reporting "No known authentication mechanisms supported" as the POP3
  and SMTP protocols do.

Daniel Stenberg (11 Dec 2013)
- [Eric Lubin brought this change]

  parsedate: avoid integer overflow
  
  In C, signed integer overflow is undefined behavior. Thus, the compiler
  is allowed to assume that it will not occur. In the check for an
  overflow, the developer assumes that the signed integer of type time_t
  will wrap around if it overflows. However, this behavior is undefined in
  the C standard. Thus, when the compiler sees this, it simplifies t +
  delta < t to delta < 0. Since delta > 0 and delta < 0 can't both be
  true, the entire if statement is optimized out under certain
  optimization levels. Thus, the parsedate function would return
  PARSEDATE_OK with an undefined value in the time, instead of return -1 =
  PARSEDATE_FAIL.

- parseconfig: warn if unquoted white spaces are detected
  
  Commit 0db811b6 made some existing config files pass on unexpected
  values to libcurl that made it somewhat hard to track down what was
  really going on.
  
  This code detects unquoted white spaces in the parameter when parsing a
  config file as that would be one symptom and it is generally a bad
  syntax anyway.

- RELEASE-NOTES: recount contributors and libcurl options

- RELEASE-NOTES: synced with c4f46e97ca6c

- [James Dury brought this change]

  TFTP: let tftp_multi_statemach()'s return codes through
  
  It would otherwise always clobber the return code with new function
  calls and it couldn't return timeout etc.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1310

Nick Zitzmann (7 Dec 2013)
- [Melissa Mears brought this change]

  darwinssl: Fix #if 10.6.0 for SecKeychainSearch
  
  The comment here says that SecKeychainSearch causes a deprecation
  warning when used with a minimum Mac OS X SDK version of 10.7.0, which
  is correct.  However, the #if guard did not match.  It was intended to
  only use the code if 10.6.0 support was enabled, but it had 10.7.0
  instead.  This caused a warning if the minimum was exactly 10.7.0.

Daniel Stenberg (6 Dec 2013)
- [Christian Weisgerber brought this change]

  curl.h: <sys/select.h> for OpenBSD
  
  curl.h should also include <sys/select.h> on OpenBSD to reliably
  pull in select().  Typically, including <sys/time.h> will be enough,
  but not if strict standards-compliance is requested (e.g. by defining
  _XOPEN_SOURCE).

- digest: fix CURLAUTH_DIGEST_IE
  
  The URI that is passed in as part of the Authorization: header needs to
  be cut off at '?' if CURLAUTH_DIGEST_IE is set. Previously the code only
  did when calculating the MD5sum.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1308
  Patched-by: Sergey Tatarincev

- Curl_is_connected: use proxy name in error message when proxy is used
  
  (bug introduced in 255826c4, never present in a release)
  
  Reported-by: Dima Tisnek
  Bug: http://curl.haxx.se/mail/lib-2013-12/0006.html

Steve Holme (4 Dec 2013)
- imap/pop3: Post graceful cancellation consistency changes

- [Melissa Mears brought this change]

  pop3: Fix POP3_TYPE_ANY signed compilation warning
  
  POP3_TYPE_ANY, or ~0, is written to pop3c->preftype in lib/pop3c.c, an
  unsigned int variable.  The result of ~0 is -1, which caused a warning
  due to writing a negative number to an unsigned variable.  To fix this,
  make the expression ~0U so that its value is considered the unsigned
  number UINT_MAX which is what SASL_AUTH_ANY does in curl_sasl.h.

Kamil Dudka (2 Dec 2013)
- tool_metalink: do not use HAVE_NSS_INITCONTEXT
  
  ... no longer provided by the configure script

- nss: make sure that 'sslver' is always initialized

- nss: unconditionally require NSS_InitContext()
  
  ... since we depend on NSS 3.14+ because of SSL_VersionRangeSet() anyway

- nss: allow to use TLS > 1.0 if built against recent NSS
  
  Bug: http://curl.haxx.se/mail/lib-2013-11/0162.html

- nss: put SSL version selection into separate fnc

- nss: use a better API for controlling SSL version
  
  This change introduces a dependency on NSS 3.14+.

Patrick Monnerat (2 Dec 2013)
- OS400: sync wrappers and RPG binding.

Steve Holme (1 Dec 2013)
- multi.c: Fixed compilation warning
  
  warning: declaration of 'pipe' shadows a global declaration

- RELEASE-NOTES: Synced with ad3836448efbb7

- base64: Corrected typo from commit f3ee587775c88a

- base64: Post extended extended validation tidy up
  
  Reduced the separate processing of the last quantum to be performed in
  the main decoding loop and renamed some variables for consistency.

- base64: Extended validation to look for invalid characters
  
  Extended the basic validation in commit e17c1b25bc33eb to return a
  failure when invalid base64 characters are included.

- base64: Post basic validation tidy up
  
  Due to the length checks introduced in commit e17c1b25bc33eb there is no
  need to allow for extra space in the output buffer for a non-padded last
  quantum.

- curl_easy_getinfo: Post CURLINFO_TLS_SESSION tidy up
  
  1) Renamed curl_tlsinfo to curl_tlssessioninfo as discussed on the
  mailing list.
  2) Renamed curl_ssl_backend to curl_sslbackend so it doesn't follow our
  function naming convention.
  3) Updated sessioninfo.c example accordingly.

Daniel Stenberg (29 Nov 2013)
- parseconfig: dash options can't specified with colon or equals
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1297
  Reported-by: Michael Osipov

- curl.1: -G also takes --data-urlencode data

- globbing: curl glob counter mismatch with {} list use
  
  The "fixed string" function wrongly bumped the "urlnum" counter which
  made curl output the total number of URLs wrong when using
  {one,two,three} lists in globs.
  
  Reported-by: Michael-O
  Bug: http://curl.haxx.se/bug/view.cgi?id=1305

Steve Holme (28 Nov 2013)
- [Christian Grothoff brought this change]

  sessioninfo.c: Added sample code for CURLINFO_TLS_SESSION
  
  Added a simple example to show how one can use CURLINFO_TLS_SESSION for
  obtaining extensive TLS certificate information.

- multi.c: Fixed compilation error introduced in commit a900d45489fc14
  
  Systems that define SIGPIPE_VARIABLE as a noop would not compile as
  restore_pipe was defined afterwards.

- [Christian Grothoff brought this change]

  curl_easy_getopt: Handle API violation gracefully
  
  This fixes a NULL dereference in the case where the client asks for
  CURLINFO_TLS_SESSION data after the (TLS) session has already been
  destroyed (i.e. curl_easy_perform has already completed for this
  handle). Instead of crashing, we now return a CURLSSLBACKEND_NONE
  error.

- KNOWN_BUGS: #86: Disconnect commands may not be sent by IMAP, POP3 and SMTP

Daniel Stenberg (27 Nov 2013)
- [Jeff King brought this change]

  curl_multi_cleanup: ignore SIGPIPE
  
  This is an extension to the fix in 7d80ed64e43515. We may
  call Curl_disconnect() while cleaning up the multi handle,
  which could lead to openssl sending packets, which could get
  a SIGPIPE.
  
  Signed-off-by: Jeff King <peff@peff.net>

- [Jeff King brought this change]

  sigpipe: factor out sigpipe_reset from easy.c
  
  Commit 7d80ed64e43515 introduced some helpers to handle
  sigpipe in easy.c. However, that fix was incomplete, and we
  need to add more callers in other files. The first step is
  making the helpers globally accessible.
  
  Since the functions are small and should generally end up
  inlined anyway, we simply define them in the header as
  static functions.
  
  Signed-off-by: Jeff King <peff@peff.net>

- [Björn Stenberg brought this change]

  connect: Try next ip directly after immediate connect fail
  
  This fixes a rare Happy Eyeballs bug where if the first IP family runs
  out of addresses before the second-family-timer fires, and the second
  IP family's first connect fails immediately, no further IPs of the
  second family are attempted.

- hostip: don't prune DNS cache entries that are in use
  
  When adding entries to the DNS cache with CURLOPT_RESOLVE, they are
  marked 'inuse' forever to prevent them from ever being removed in normal
  operations. Still, the code that pruned out-of-date DNS entries didn't
  care for the 'inuse' struct field and pruned it anyway!
  
  Reported-by: Romulo A. Ceccon
  Bug: http://curl.haxx.se/bug/view.cgi?id=1303

Steve Holme (24 Nov 2013)
- RELEASE-NOTES: Synced with 35e476a3f6cdd5

- tests: Re-ordered test arguments to match other IMAP tests

- tests: Corrected login "username" authentication responses

- tests: Added error code explanation comments

- tests: Removed expected QUIT response from graceful cancellation tests
  
  A failure during authentication, which is performed as part of the
  CONNECT phrase (for IMAP, POP3 and SMTP) is considered by the multi-
  interface as being closed prematurely (aka a dead connection). As such
  these protocols cannot issue the relevant QUIT or LOGOUT command.
  
  Temporarily fixed the test cases until we can fix this properly.

- tests: Added SMTP graceful authentication cancellation tests

- tests: Added POP3 graceful authentication cancellation tests

- ftpserver.pl: Reworked fix from commit 7a36b2abc06862

- ftpserver.pl: Fixed unknown IMAP command "*"

- ftpserver.pl: Fixed servercmd REPLY with * detection

- tests: Added IMAP graceful authentication cancellation tests

- tests: Moved CR LF in URL tests to their respective protocol groups

- smtp: Post SMTP command expansion tidy up
  
  Removed unnecessary SMTP_STOP state changes on failure.
  
  Removed hard return on failure in smtp_state_data_resp().

- symbols-in-versions: Added missing CURLSSLBACKEND_* symbols

- symbols-in-versions: Fixed missing CURLINFO_TLS_SESSION

- [Christian Grothoff brought this change]

  curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
  
  Added new API for returning a SSL backend type and pointer, in order to
  allow access to the TLS internals, that may then be used to obtain X509
  certificate information for example.

- RELEASE-NOTES: Synced with 8191800a0c8ff7

- smtp: Fixed space being sent in non --mail-rcpt based requests
  
  Commands such as NOOP, RSET and HELP would be sent with a space at the
  end of the command, for example: "NOOP ".

- tests: Added SMTP NOOP and RSET tests

- test928: Corrected typo in expected data from commit df58084695ce9b

- tests: Added SMTP HELP test

- smtp: Changed the default command to HELP when no options are specified
  
  Otherwise a NOOP operation would be performed which a) only returns a
  single line response and not a multiline response where -I needs to be
  used, and b) provides an inconsistent user experience compared to that
  of the POP3 and IMAP protocols.

- smtp:Fixed memory leak from commit dac01ff6d788b2
  
  The buffer allocated by smtp_parse_custom_request() was not freed.

- connect: Close open but unconnected socket in singleipconnect()
  
  singleipconnect() could return the file descriptor of an open socket
  even though the function returned a CURLE_COULDNT_CONNECT error code
  from commit ed1662c374361a and 02fbc26d59c591.
  
  This could cause tests 19, 704 and 1233 to fail on FreeBSD, AIX and
  Solaris.

- tests: Added SMTP EXPN command test

- test926: Corrected unknown user reply from commit 0d735c29f92748
  
  The error code should not be sent as data as it isn't passed onto the
  client as body data, so cannot be compared in the test suite against
  expected data.

- tests: Corrected missing data reply sections from 3d50e91aeef8cc

- tests: Added SMTP VRFY command tests

- ftpserver.pl: Added support for new SMTP commands

- smtp: Fixed broken RCPT TO from commit 0ea4a80bb23666

Daniel Stenberg (15 Nov 2013)
- smtp_state_mail_resp: removed unused variable 'smtp'

Steve Holme (15 Nov 2013)
- DOCS: Updated curl_easy_setopt.3 following recent SMTP changes
  
  * Added information about the verify and expand commands to
    CURLOPT_MAIL_RCPT.
  * Reworked CURLOPT_CUSTOMREQUEST section, adding information about IMAP
    and SMTP custom commands.

- DOCS: Updated manpage following recent SMTP modifications
  
  * Added SMTP section to --request
  * Expanded --mail-rcpt to describe the usage when using the verify and
    expand commands.

- smtp: Simplified the next RCPT TO logic

- lib1507.c: Added missing set of CURLOPT_UPLOAD option
  
  Although this option should have already been set, the SMTP module can
  now download information from and send instructional commands to, an
  SMTP server, requiring the option to be set in order to perform a mail
  transfer.

- smtp.c: Fixed trailing whitespace

- smtp: Added support for VRFY and EXPN commands

- smtp: Added support for NOOP and RSET commands

- smtp: Fixed handling of multiline server greeting responses
  
  Incorrectly processed multiline server greeting responses as "wanted"
  continue responses in smtp_endofresp(), from commit f16c0de4e9bbe3,
  which in turn broke the SMTP server detection in the test suite,
  because the EHLO command would not be sent.

- smtp.c: Fixed compilation error from commit f16c0de4e9bbe3
  
  warning: unused variable 'smtpc'

- smtp: Fixed processing of more than one response when sent in same packet
  
  Added a loop to smtp_statemach_act() in which Curl_pp_readresp() is
  called until the cache is drained. Without this multiple responses
  received in a single packet could result in a hang or delay.

- smtp: Moved EHLO response handling to smtp_state_ehlo_resp()
  
  Similar to the processing of untagged CAPABILITY responses in IMAP moved
  the processing of multiline EHLO responses to smtp_state_ehlo_resp() and
  introduced an internal response code of one to differentiate a multiline
  continuation from the end of command. This also allows for the separate
  processing of multiline responses from commands such as VRFY and EXPN.

- connect: Forgot to correct line endings before push in commit ed1662c374361a

- [Björn Stenberg brought this change]

  connect: Return the socket descriptor even on fail
  
  singleipconnect() did not return the open socket descriptor on some
  errors, thereby sometimes causing a socket leak. This patch ensures
  the socket is always returned.

Daniel Stenberg (13 Nov 2013)
- configure: Fix test with -Werror=implicit-function-declaration
  
  The ipv6 auto-detect test in configure returns a false negative when
  CFLAGS contains -Werror=implicit-function-declaration. (I have been
  using this flag to detect code issues that would result in SEGVs on
  x86_64-cygwin.)
  
  Patch-by: Yaakov Selkowitz
  Bug: http://curl.haxx.se/bug/view.cgi?id=1304

Steve Holme (13 Nov 2013)
- test825: Corrected typo from commit b29217d0d682d4

- RELEASE-NOTES: Synced with bde901ad89a6f1

- test922: Corrected title to match other OAuth 2.0 tests

- tests: Added IMAP OAuth 2.0 authentication with initial response test

- tests: Added IMAP NTLM authentication with initial response test

- tests: Added IMAP login authentication with initial response test

- tests: Added IMAP plain authentication with initial response test

- test873: Use proper padding in NTLM responses

Nick Zitzmann (12 Nov 2013)
- darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
  
  Even though this is only a formality (since not many people build on
  Mavericks while targeting Leopard), since we still support Leopard
  at the earliest, we might as well be pedantic.

- darwinssl: PKCS#12 import feature now requires Lion or later
  
  It turns out that some of the constants necessary to make this feature
  work are missing from Snow Leopard's Security framework even though
  they are defined in the headers.
  
  Bug: http://curl.haxx.se/mail/lib-2013-11/0076.html
  Reported by: myriachan

Steve Holme (13 Nov 2013)
- tests: Added POP3 OAuth 2.0 authentication with initial response test

- tests: Added POP3 NTLM authentication with initial response test

- tests: Added POP3 login authentication with initial response test

- tests: Added POP3 plain authentication with initial response test

- TODO: Added auth= in URLs to the wish list for HTTP

- curl_easy_setopt: Added the ability to set the login options separately
  
  Rather than set the authentication options as part of the login details
  specified in the URL, or via the older CURLOPT_USERPWD option, added a
  new libcurl option to allow the login options to be set separately.

Daniel Stenberg (12 Nov 2013)
- curl.1: mention that -O does no URL decoding

Kamil Dudka (12 Nov 2013)
- [Tomas Hoger brought this change]

  curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
  
  - better describe what happens when 1 is specified as parameter
  - clarify what "is ignored" means for NSS builds

Steve Holme (12 Nov 2013)
- runtests.pl: Added SSPI detection

- multi: Small code tidy up to avoid hard return

- tests: Updated CRAM-MD5 tests to use test user details

- [Björn Stenberg brought this change]

  multi: Set read socket when returning READSOCK(0)
  
  This patch fixes and issue introduced in commit 7d7df831981fee, if the
  tunnel state was TUNNEL_CONNECT, waitconnect_getsock() would return a
  bitmask indicating a readable socket but never stored the socket in the
  return array.

Daniel Stenberg (11 Nov 2013)
- bump: next release will be 7.34.0
  
  Due to all the news and changes.

Steve Holme (10 Nov 2013)
- [Björn Stenberg brought this change]

  connect: Close temporary sockets in conn_free()
  
  The temporary sockets used for Happy Eyeballs were not closed properly,
  if curl exited prematurely, which this patch fixes.

- tests: Corrected titles of POP3 and SMTP OAuth 2.0 tests

- test823: Fixed expected authentication text from commit e10a26a9d6d6de
  
  Fixed authentication text due to incorrect digest-uri property.

- test821: Fixed expected authentication text from commit 2d5455feac9984

- RELEASE-NOTES: Synced with 0f81fbe5da6643

- [Kim Vandry brought this change]

  ares: Fixed compilation under Visual Studio 2012

- tests: Added IMAP OAuth 2.0 authentication test

- tests: Added IMAP DIGEST-MD5 authentication test

- tests: Added IMAP NTLM authentication test

- tests: Added IMAP CRAM-MD5 authentication test

- test819: Fixed expected authentication text from commit 76f924131c9fd3

- ftpserver.pl: Reworked custom reply handling code
  
  1) To fix issues with IMAP custom replies
  2) So initial space is not required in IMAP display text
  3) To be more readable and understandable

- ftpserver.pl: Reworked unrecognised command responses
  
  As the IMAP regex could fail and $1 would not contain the command id
  updated the unrecognised command response to be more generic and
  realistic (like those used in the command handlers).
  
  Additionally updated the POP3, SMTP and FTP responses.

- ftpserver.pl: Fixed processing of IMAP authentication strings

Daniel Stenberg (9 Nov 2013)
- cmake: fix Windows build with IPv6 support
  
  Patch-by: "Z98"

Steve Holme (6 Nov 2013)
- Revert "ftpserver.pl: Corrected logic from commit 27b7b1062f9d97"
  
  This reverts commit 558034ab7002d1 as it appears to break the auto
  builds. More thought is required for this!

- ftpserver.pl: Corrected logic from commit 27b7b1062f9d97

- ftpserver.pl: Fixed IMAP cmdid being sent on custom responses

- tests: Added IMAP login authentication test

- tests: Added IMAP plain authentication test

- url.c: Very small amount of policing

- [Björn Stenberg brought this change]

  url.c: Remove superfluous for loop
  
  The reason for this loop's existence was removed in commit
  02fbc26d59c591.

Daniel Stenberg (5 Nov 2013)
- KNOWN_BUGS: STARTTRANSFER for POST requests
  
  added 85. Wrong STARTTRANSFER timer accounting for POST requests

- Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
  
  Our own printf() replacement clearly can't properly handle %.*s with a
  string that isn't zero terminated. Instead of fixing the printf code or
  even figuring out what the proper posix behavior is, I reverted this
  piece of the code back to the previous version where it does malloc +
  memcpy instead.
  
  Regression added in e839446c2a5, released in curl 7.32.0.
  
  Reported-by: Felix Yan
  Bug: http://curl.haxx.se/bug/view.cgi?id=1295

Steve Holme (5 Nov 2013)
- RELEASE-NOTES: Synced with 7fc3b2ce382ed6

- connect.h: Updated copyright year for last edit

Daniel Stenberg (4 Nov 2013)
- [Björn Stenberg brought this change]

  connect: Add connection delay to Happy Eyeballs.
  
  This patch adds a 200ms delay between the first and second address
  family socket connection attempts.
  
  It also iterates over IP addresses in the order returned by the
  system, meaning most dual-stack systems will try IPv6 first.
  
  Additionally, it refactors the connect code, removing most code that
  handled synchronous connects. Since all sockets are now non-blocking,
  the logic can be made simpler.

Steve Holme (4 Nov 2013)
- winbind: Fixed ntlm_auth expecting eol following commit e17c1b25bc33eb

- nss.c: Fixed compilation warnings (Take Two)
  
  nss.c:702: warning: pointer targets in passing argument 3 of
  'Curl_extract_certinfo' differ in signedness
  
  nss.c:702: warning: pointer targets in passing argument 4 of
  'Curl_extract_certinfo' differ in signedness
  
  Made sure the cast was correctly "unsigned char *" to "char *" and not
  "unsigned char *" to "unsigned char *".

- nss.c: Fixed compilation warnings
  
  nss.c:700: warning: pointer targets in passing argument 3 of
  'Curl_extract_certinfo' differ in signedness
  
  nss.c:700: warning: pointer targets in passing argument 4 of
  'Curl_extract_certinfo' differ in signedness

- tests: Added test for IMAP NOOP command

- tests: Added test for IMAP COPY command

- tests: Disable IMAP CLOSE and EXPUNGE command tests
  
  This is temporary until curl supports either multiple custom commands
  or post-quote commands in IMAP.

- tests: Added tests for IMAP CLOSE and EXPUNGE commands

- connect.c: Code policing on commit 5094bb53f4a027
  
  No need for a rhs condition on a bitwise compare.

- nss.c: Fixed compilation warnings
  
  warning: implicit declaration of function 'Curl_extract_certinfo'

- x509asn1.c: Fixed compilation warnings
  
  warning: declaration of 'chsize' shadows a global declaration

- DOCS: Expanded --request description to include POP3 and IMAP details

- tool_help: Updated --list-only description to include POP3

- DOCS: Updated --list-only description to include POP3
  
  Additionally corrected typos in --oauth2-bearer protocol list.

- base64: Fixed compilation warnings when using Curl_base64_decode()
  
  curl_sasl.c:294: warning: dereferencing type-punned pointer will break
  strict-aliasing rules
  
  getpart.c:201: warning: dereferencing type-punned pointer will break
  strict-aliasing rules

- connect: Fixed "Whut?" no server connection failures
  
  Introduced in commit 7d7df831981fee curl would loop displaying "Whut?"
  if it was trying to connect to an address and port that didn't have
  anything listening on it.

- http: Post base64 decoding tidy up
  
  Renamed copy_header_value() to Curl_copy_header_value() as this
  function is now non static.
  
  Simplified proxy flag in Curl_http_input_auth() when calling
  sub-functions.
  
  Removed unnecessary white space removal when using negotiate as it had
  been missed in commit cdccb422671aeb.

Daniel Stenberg (3 Nov 2013)
- glob_range: pass the closing bracket for a-z ranges
  
  Regression since commit 5ca96cb844102 (release in 7.33.0)
  
  Reported-by: Marcin Gryszkalis

Steve Holme (2 Nov 2013)
- getpart: Fixed base64 encoded parts following commit e17c1b25bc33eb

- http: Added proxy tunnel authentication message header value extraction
  
  ...following recent changes to Curl_base64_decode() rather than trying
  to parse a header line for the authentication mechanisms which is CRLF
  terminated and inline zero terminate it.

- http: Added authentication message header value extraction
  
  ...following recent changes to Curl_base64_decode() rather than trying
  to parse a header line for the authentication mechanisms which is CRLF
  terminated and inline zero terminate it.

Daniel Stenberg (30 Oct 2013)
- curl_multi_wait: accept 0 from multi_timeout() as valid timeout
  
  The code rejected 0 as a valid timeout while in fact the function could
  indeed legitimately return that and it should be respected.
  
  Reported-by: Bjorn Stenberg

Steve Holme (30 Oct 2013)
- email: Corrected a couple of typos from commit aa0eaef4838ccd

- TODO: Removed the 'Graceful base64 decoding failure' sections
  
  Updated following the recent changes to support graceful failures
  during the authentication phrase.

- email: Post graceful SASL authentication cancellation tidy up

- [Kamil Dudka brought this change]

  tests: use proper padding in NTLM responses

Patrick Monnerat (30 Oct 2013)
- NSS: support for CERTINFO feature

Daniel Stenberg (30 Oct 2013)
- base64: removed trailing white space
  
  and updated copyright year

Steve Holme (30 Oct 2013)
- base64: Added basic validation to base64 input string when decoding
  
  A base64 string should be a multiple of 4 characters in length, not
  contain any more than 2 padding characters and only contain padding
  characters at the end of string. For example: Y3VybA==
  
  Strings such as the following are considered invalid:
  
  Y=   - Invalid length
  Y==  - Invalid length
  Y=== - More than two padding characters
  Y=x= - Padding character contained within string

Daniel Stenberg (29 Oct 2013)
- RELEASE-NOTES: synced with 255826c40f9316

- [Björn Stenberg brought this change]

  bugfix: Don't block waiting for socket1 connect.
  
  This patch fixes a bug in Happy Eyeballs where curl would wait for a
  connect response from socket1 before checking socket2.
  
  Also, it updates error messages for failed connections, showing the ip
  addresses that failed rather than just the host name repeatedly.
  
  Bug: http://curl.haxx.se/mail/lib-2013-10/0236.html
  Reported-by: Paul Marks

Steve Holme (28 Oct 2013)
- sasl: Updated create_digest_md5_message() to use a dynamic buffer

Daniel Stenberg (28 Oct 2013)
- SECURITY: "curl security for developers"
  
  Describes our security process from a project and curl developer's
  perspective.

Patrick Monnerat (28 Oct 2013)
- OS400: coding style standards

Steve Holme (27 Oct 2013)
- email: Added support for cancelling NTLM authentication

- sasl: Removed unused variables from commit b87ba2c94217c0

- email: Added support for cancelling DIGEST-MD5 authentication

- email: Corrected a couple of typos from 1e39b95682781f

Daniel Stenberg (27 Oct 2013)
- [Gisle Vanem brought this change]

  docs/examples/httpput.c: fix build for MSVC
  
  "Dan Fandrich" <dan@coneharvesters.com> wrote:
  
  >> But I'm not sure <unistd.h> is needed at all.
  >
  > It's needed for close(2). But the only reason that's needed is because fstat
  > is used instead of stat(2); if you fix that, then you could remove that
  > include altogether.
  
  Okay. I've tested the following with MSVC and MingW. htttput.c now
  simply uses stat():

Steve Holme (27 Oct 2013)
- email: Added support for canceling CRAM-MD5 authentication

Daniel Stenberg (27 Oct 2013)
- [Björn Stenberg brought this change]

  Typo fix in trynextip().

- TODO: remove "Happy Eyeball dual stack connect"
  
  ... as it was just merged in commit 7d7df

- [Björn Stenberg brought this change]

  Add "Happy Eyeballs" for IPv4/IPv6.
  
  This patch invokes two socket connect()s nearly simultaneously, and
  the socket that is first connected "wins" and is subsequently used for
  the connection. The other is terminated.
  
  There is a very slight IPv4 preference, in that if both sockets connect
  simultaneously IPv4 is checked first and thus will win.

Steve Holme (27 Oct 2013)
- email: Added initial support for cancelling authentication
  
  Should a client application fail to decode an authentication message
  received from a server, or not support any of the parameters given by
  the server in the message, then the authentication phrase should be
  cancelled gracefully by the client rather than simply terminating the
  connection.
  
  The authentication phrase should be cancelled by simply sending a '*'
  to the server, in response to erroneous data being received, as per
  RFC-3501, RFC-4954 and RFC-5034.
  
  This patch adds the necessary state machine constants and appropriate
  response handlers in order to add this functionality for the CRAM-MD5,
  DIGEST-MD5 and NTLM authentication mechanisms.

- email: Moved authentication message parsing into a separate function
  
  ...in preparation for upcoming modifications.

- ftp: Fixed compiler warning
  
  warning: 'result' may be used uninitialized in this function

Daniel Stenberg (26 Oct 2013)
- FTP: make the data connection work when going through proxy
  
  This is a regression since the switch to always-multi internally
  c43127414d89c.
  
  Test 1316 was modified since we now clearly call the Curl_client_write()
  function when doing the LIST transfer part and then the
  handler->protocol says FTP and ftpc.transfertype is 'A' which implies
  text converting even though that the response is initially a HTTP
  CONNECT response in this case.

Steve Holme (26 Oct 2013)
- tool_help: Added login options to --user description

- email: Added references to SASL LOGIN authentication draft proposal

- tests: Tidy up of SMTP and POP3 tests
  
  Corrected line endings, RFC references and standardised on user names
  and passwords used in the tests.

- tool_help: Added clarity to the --oauth2-bearer option
  
  ...as XOAUTH2 is the extended (or non-standard) SASL identifier and
  OAuth 2 is the protocol name (and version).

- smtp: Fixed response code parsing for bad AUTH continuation responses
  
  This workaround had been previously been implemented for IMAP and POP3
  but not SMTP. Some of the recent test case additions implemented this
  behaviour to emulate a bad server and the SMTP code didn't cope with it.

- gskit.c: Code policing following commit 2cc9246477285d
  
  Corrected 80 character line length error and pointer declarations (some
  of which were previously incorrect)

- test907: Corrected DIGEST-MD5 response given in commit 820ed48a0088cd
  
  As the URI, which is contained within the DIGEST-MD5 response, is
  constructed from the service and realm, the encoded message differs
  from that generated under POP3.

- RELEASE-NOTES: Synced with d24b7953c2132a

- tests: Added SMTP OAUTH2 authentication with initial response test

- tests: Added SMTP NTLM authentication with initial response test

- tests: Added SMTP OAUTH2 authentication test

- tests: Added SMTP DIGEST-MD5 authentication test

- tests: Regrouped SMTP authentication tests

Patrick Monnerat (25 Oct 2013)
- OS400: sync RPG wrapper, zlib support, fix header file names, ...
  IFS compilation support, SSL GSKit backend by default, TLSv1.[12] support in
    GSKit for OS400 >= V7R1, no more tabs in make scripts.

Steve Holme (24 Oct 2013)
- sasl: Fixed memory leak in OAUTH2 message creation

- ftpserver.pl: Added support for empty pop3 authentication data

Daniel Stenberg (23 Oct 2013)
- CURLOPT_RESOLVE: mention they don't time-out
  
  Clarify in the documentation that DNS entries added with CURLOPT_RESOLVE
  won't time-out.
  
  Bug: http://curl.haxx.se/mail/lib-2013-10/0062.html
  Reported-by: Romulo Ceccon

Steve Holme (23 Oct 2013)
- tests: Added POP3 OAUTH2 authentication test

- tests: Added empty response support to custom replies
  
  ...and fixed up test869 as DIGEST-MD transcript is as follows:
  
  S: Challenge
  C: Authentication String
  S: Continue Response
  C: Empty String

Daniel Stenberg (23 Oct 2013)
- sasl: fix compiler warning
  
  error: unused variable 'table16'

Steve Holme (23 Oct 2013)
- tests: Added POP3 DIGEST-MD5 authentication test

Daniel Stenberg (22 Oct 2013)
- configure: check for long long when building with cyassl
  
  cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG
  
  Reported-by: Chris Conlon

- test1240: verify 867b52a7ac52 (glob ranges with text to the right)

- glob: fix regression from commit 5ca96cb844
  
  Plain strings after glob ranges/lists weren't treated correctly but
  caused broken URLs to get used.
  
  Reported-by: Javier Barroso

- [Rémy Léone brought this change]

  Adding a .travis.yml file to use the travis-ci.org
  
  From wikipedia:
  
  Travis CI is a hosted, distributed continuous integration service used
  to build and test projects hosted at GitHub.
  
  Travis CI is configured by adding a file named .travis.yml, which is a
  YAML format text file, to the root directory of the GitHub repository.
  
  Travis CI automatically detects when a commit has been made and pushed
  to a GitHub repository that is using Travis CI, and each time this
  happens, it will try to build the project and run tests. This includes
  commits to all branches, not just to the master branch. When that
  process has completed, it will notify a developer in the way it has been
  configured to do so — for example, by sending an email containing the
  test results (showing success or failure), or by posting a message on an
  IRC channel. It can be configured to run the tests on a range of
  different machines, with different software installed (such as older
  versions of a programming language, to test for compatibility).

Kamil Dudka (21 Oct 2013)
- ssh: initialize per-handle data in ssh_connect()
  
  ... if not already initialized.  This fixes a regression introduced by
  commit 4ad8e142da463ab208d5b5565e53291c8e5ef038, which caused test619
  to intermittently fail on certain machines (namely Fedora build hosts).

Daniel Stenberg (20 Oct 2013)
- [Gisle Vanem brought this change]

  curl.1: add missing exit-code
  
  I noted a missing text for exit-code 89 in docs/curl.1

- cmake: unbreak for non-Windows platforms
  
  Patch-by: Oliver Kuckertz
  Bug: http://curl.haxx.se/bug/view.cgi?id=1292

Steve Holme (20 Oct 2013)
- ftpserver.pl: Fixed syntax error from commit 5b31b38c27bb7a

- test866: Fixed user response from commit 7f7fbe7fbdb449

- ftpserver.pl: Fixed processing of POP3 authentication strings
  
  ...and corrected response when check fails from 500 to -ERR.

- tests: Added POP3 NTLM authentication test

- tests: Added POP3 CRAM-MD5 authentication test

- tests: Added POP3 login authentication test

- tests: Added POP3 plain authentication test

- tests: Added POP3 APOP authentication test

- ftpserver.pl: Added support for APOP POP3 authentication

- tests: Added POP3 RSET test

- RELEASE-NOTES: Synced with ce61510127ea60

- email: Fixed QUIT / LOGOUT being sent when SSL connect fails

Kamil Dudka (18 Oct 2013)
- curl_sasl: initialize NSS before using crypto

Steve Holme (17 Oct 2013)
- SSL: Follow up work to commits 6a1363128f1107 and 87861c9b0e8155
  
  Changed the failure code when TLS v1.1 and v1.2 is requested but not
  supported by older OpenSSL versions, following review from libcurl
  peers, and reduced the number of required preprocessor if statements.

- SSL: Added unsupported cipher version check for OpenSSL
  
  ...with the use of CURL_SSLVERSION_TLSv1_1 and CURL_SSLVERSION_TLSv1_2
  being conditional on OpenSSL v1.0.1 as the appropriate flags are not
  supported under earlier versions.

- DOCS: Added libcurl version number to CURLOPT_SSLVERSION

- SSL: Corrected version number for new symbols from commit ad34a2d5c87c7f

- SSL: Corrected typo from commit 87861c9b0e8155

- SSL: Fixed OpenSSL builds prior to v1.0.1
  
  Commit ad34a2d5c87c7f relies on definitions that are only present in
  OpenSSL v1.0.1 and up. This quick fix allows the builds that use
  older versions of OpenSSL to continue building.

- test906: Fixed failing test on some platforms
  
  Bug: http://sourceforge.net/p/curl/bugs/1291
  Reported-by: David Walser

Daniel Stenberg (15 Oct 2013)
- [Paul Donohue brought this change]

  NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option

- [Tyler Hall brought this change]

  ssh: Handle successful SSH_USERAUTH_NONE
  
  According to the documentation for libssh2_userauth_list(), a NULL
  return value is not necessarily an error. You must call
  libssh2_userauth_authenticated() to determine if the SSH_USERAUTH_NONE
  request was successful.
  
  This fixes a segv when using sftp on a server that allows logins with an
  empty password. When NULL was interpreted as an error, it would
  free the session but not flag an error since the libssh2 errno would be
  clear. This resulted in dereferencing a NULL session pointer.
  
  Signed-off-by: Tyler Hall <tylerwhall@gmail.com>

- [Ishan SinghLevett brought this change]

  usercertinmem: fix memory leaks

- [Dave Reisner brought this change]

  build: distribute and install libcurl.m4 by default

- [Dave Reisner brought this change]

  tool: use XFERFUNCTION to save some casts

- [Alessandro Ghedini brought this change]

  curl.1: fix typo conjuction -> conjunction

- curl: document the new --tlsv1.[012] options

- [Gergely Nagy brought this change]

  SSL: protocol version can be specified more precisely
  
  CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1,
  CURL_SSLVERSION_TLSv1_2 enum values are added to force exact TLS version
  (CURL_SSLVERSION_TLSv1 means TLS 1.x).
  
  axTLS:
  axTLS only supports TLS 1.0 and 1.1 but it cannot be set that only one
  of these should be used, so we don't allow the new enum values.
  
  darwinssl:
  Added support for the new enum values.
  
  SChannel:
  Added support for the new enum values.
  
  CyaSSL:
  Added support for the new enum values.
  Bug: The original CURL_SSLVERSION_TLSv1 value enables only TLS 1.0 (it
  did the same before this commit), because CyaSSL cannot be configured to
  use TLS 1.0-1.2.
  
  GSKit:
  GSKit doesn't seem to support TLS 1.1 and TLS 1.2, so we do not allow
  those values.
  Bugfix: There was a typo that caused wrong SSL versions to be passed to
  GSKit.
  
  NSS:
  TLS minor version cannot be set, so we don't allow the new enum values.
  
  QsoSSL:
  TLS minor version cannot be set, so we don't allow the new enum values.
  
  OpenSSL:
  Added support for the new enum values.
  Bugfix: The original CURL_SSLVERSION_TLSv1 value enabled only TLS 1.0,
  now it enables 1.0-1.2.
  
  Command-line tool:
  Added command line options for the new values.

Nick Zitzmann (14 Oct 2013)
- darwinssl: un-break iOS build after PKCS#12 feature added
  
  SecPKCS12Import() returns a few errors that are enumerated in OS X's
  headers but not in iOS' headers for some reason.

Daniel Stenberg (14 Oct 2013)
- bump: start working on 7.33.1

- THANKS: added contributors from the 7.33.0 announcement

Version 7.33.0 (13 Oct 2013)

Daniel Stenberg (13 Oct 2013)
- RELEASE-NOTES: synced with 92cf6141ed0de

- curl: fix --oauth2-bearer in the --help output
  
  After the option rename in 5df04bfafd1

- OpenSSL: improve the grammar of the language in 39beaa5ffbcc
  
  Reported-by: Petr Pisar

- [Andrej E Baranov brought this change]

  OpenSSL: use failf() when subjectAltName mismatches
  
  Write to CURLOPT_ERRORBUFFER information about mismatch alternative
  certificate subject names.
  
  Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>

- curl: rename --bearer to --oauth2-bearer
  
  The option '--bearer' might be slightly ambiguous in name. It doesn't
  create any conflict that I am aware of at the moment, however, OAUTH v2
  is not the only authentication mechanism which uses "bearer" tokens.
  
  Reported-by: Kyle L. Huff
  URL: http://curl.haxx.se/mail/lib-2013-10/0064.html

- [Kamil Dudka brought this change]

  ssh: improve the logic for detecting blocking direction
  
  This fixes a regression introduced by commit 0feeab78 limiting the speed
  of SCP upload to 16384 B/s on a fast connection (such as localhost).

Dan Fandrich (12 Oct 2013)
- Fixed typo in Makefile.inc that left http2.h out of the tar ball

Daniel Stenberg (11 Oct 2013)
- [Heinrich Schaefer brought this change]

  minor fix in doc

- [Gisle Vanem brought this change]

  curl_setup_once: fix errno access for lwip on Windows
  
  lib/curl_setup_once.h assumed lwIP on Windows uses 'SetLastError()' to
  set network errors. It doesn't; it uses 'errno'.

- test1239: verify 4cd444e01ad and the simulated 304 response

- [Derek Higgins brought this change]

  HTTP: Output http response 304 when modified time is too old
  
  When using the -w '%{http_code}' flag and simulating a Not Modified then
  304 should be output.

- contributors: helper script to dig out contributors from git

- RELEASE-NOTES: add twos refs to bug reports

- RELEASE-NOTES: synced with 173160c0d068

Nick Zitzmann (2 Oct 2013)
- darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher
  
  Credit (for catching a cipher I forgot to add to the blocked ciphers list):
  https://www.ssllabs.com/ssltest/viewMyClient.html

Daniel Stenberg (2 Oct 2013)
- OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
  
  Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set
  should still verify that the host name fields in the server certificate
  is fine or return failure.
  
  Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
  Reported-by: Ishan SinghLevett

- KNOWN_BUGS: #84: CURLINFO_SSL_VERIFYRESULT
  
  CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS
  backends and not for any other!

- [François Charlier brought this change]

  xattr: add support for FreeBSD xattr API

- curl_easy_setopt.3: slight clarification of SEEKFUNCTION

Steve Holme (29 Sep 2013)
- tests: Fixed typos from commit 25a0c96a494297

- tests: Updated email addresses in SMTP tests following recent changes

- test909: Removed custom EHLO response after recent changes
  
  ...as it is no longer required following capability and authentication
  changes and is now causing problems following commit 49341628b50007 as
  the test number is obtained from the client address in the EHLO.

- ftpserver.pl: Fixed compilation error from commit 49341628b50007

- ftpserver.pl: Moved specifying the test number from the RCPT address
  
  ...to the client address as this frees the RCPT strings to contain
  just an email address and by passing the test number into curl as the
  client address remains consistent with POP3 and IMAP tests as they are
  specified in the URL.

- ftpserver.pl: Added unwanted argument check to SMTP DATA command handler

Daniel Stenberg (29 Sep 2013)
- getinmemory: remove a comment
  
  The comment mentioned the need to free the data, but the example already
  does that free

- postinmemory: new example
  
  This is similar to getinmemory.c but with an initial POST.
  
  Combined-by: Ulf Samuelsson

- win32: fix Visual Studio 2010 build with WINVER >= 0x600
  
  If no WINVER and/or _WIN32_IWNNT define was set, the Windows platform
  SDK often defaults to high value, e.g. 0x601 (whoch may probably depend
  on the Windows version being used, in my case Windows 7).
  
  If WINVER >= 0x600 then winsock2.h includes some defines for WSAPoll(),
  e.g. POLLIN, POLLPRI, POLLOUT etc. These defines clash with cURL's
  lib/select.h.
  
  Make sure HAVE_STRUCT_POLLFD is defined then.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1282
  Reported-by: "kdekker"
  Patch-by: Marcel Raad

Steve Holme (28 Sep 2013)
- ssluse.c: Fixed compilation warnings when ENGINE not supported
  
  The function "ssl_ui_reader" was declared but never referenced
  The function "ssl_ui_writer" was declared but never referenced

Daniel Stenberg (27 Sep 2013)
- configure: use icc options without space
  
  The latest version(s) of the icc compiler no longer accept the extra
  space in the -we (warning enable), -wd (warning disable), etc.
  
  Reported-by: Elmira A Semenova
  Bug: http://curl.haxx.se/mail/lib-2013-09/0182.html

Steve Holme (25 Sep 2013)
- imap: Added clarification to the code about odd continuation responses

- ftp.c: Fixed compilation warning
  
  There is an implicit conversion from "unsigned long" to "long"

- sasl: Centralised the authentication mechanism strings
  
  Moved the standard SASL mechanism strings into curl_sasl.h rather than
  hard coding the same values over and over again in the protocols that
  use SASL authentication.
  
  For more information about the mechanism strings see:
  
  http://www.iana.org/assignments/sasl-mechanisms

Daniel Stenberg (23 Sep 2013)
- RELEASE-NOTES: added recent contributors missing

Steve Holme (23 Sep 2013)
- test906: Fixed type-2 response

- test915: Corrected test number from commit 22bccb0edaf041

- test906: Fixed type-1 message not handled error
  
  ...from commit f81d1e16664976 due to copy paste error.

- tests: Added SMTP AUTH NTLM test

- tests: Added SMTP multiple and invalid --mail-rcpt test

- tests: Added SMTP multiple --mail-rcpt test

- tests: Added SMTP invalid --mail-rcpt test

- tests: Regrouping of SMTP tests

Daniel Stenberg (22 Sep 2013)
- [Benoit Sigoure brought this change]

  test1112: Increase the timeout from 7s to 16s
  
  As someone reported on the mailing list a while back, the hard-coded
  arbitrary timeout of 7s in test 1112 is not sufficient in some build
  environments. At Arista Networks we build and test curl as part of our
  automated build system, and we've run into this timeout 170 times so
  far. Our build servers are typically quite busy building and testing a
  lot of code in parallel, so despite being beefy machines with 32 cores
  and 128GB of RAM we still hit this 7s timeout regularly.
  
  URL: http://curl.haxx.se/mail/lib-2010-02/0200.html

Steve Holme (22 Sep 2013)
- tests: Fixed smtp rcpt to addresses

- ftpserver.pl: Expanded the SMTP RCPT handler to validate TO addresses
  
  RCPT_smtp() will now check for a correctly formatted TO address which
  allows for invalid recipient addresses to be added.

- ftpserver.pl: Added cURL SMTP server detection to HELO command handler
  
  As curl will send a HELO command after an negative EHLO response, added
  the same detection from commit b07709f7417c3e to the HELO handler to
  ensure the test server is identified correctly and an upload isn't
  performed.

- ftpserver.pl: Corrected response code for successful RCPT command

- ftpserver.pl: Moved invalid RCPT TO: address detection to RCPT handler
  
  Rather than detecting the TO address as missing in the DATA handler,
  moved the detection to the RCPT command handler where an error response
  can be generated.

- RELEASE-NOTES: Corrected missed addition
  
  Somehow commit 60a20461629fda missed the last item in the sync list
  even though I'm sure I added it during editing.

- RELEASE-NOTES: Synced with 6dd8bd8d2f9729

- curl.1: Added information about optional login options to --user in manpage
  
  Added missing information, from curl 7.31.0, regarding the use of the
  optional login options that may be specified as part of --user.
  
  For example:
  
  --user 'user:password;auth=NTLM' in IMAP, POP3 and SMTP protocols.

- ftpserver.pl: Moved cURL SMTP server detection into EHLO command handler
  
  Moved the special SMTP server detection code from the DATA command
  handler, which happens further down the operation chain after EHLO,
  MAIL and RCPT commands, to the EHLO command as it is the first command
  to be generated by a SMTP operation as well as containing the special
  "verifiedserver" string from the URL.
  
  This not only makes it easier and quicker to detect but also means that
  cURL doesn't need to specify "verifiedserver" as --mail-from and
  --mail-rcpt arguments.
  
  More importantly, this also makes the upcoming verification changes to
  the RCPT handler easier to implement.

Daniel Stenberg (21 Sep 2013)
- openssl: use correct port number in error message
  
  In ossl_connect_step2() when the "Unknown SSL protocol error" occurs, it
  would output the local port number instead of the remote one which
  showed when doing SSL over a proxy (but with the correct remote host
  name). As libcurl only speaks SSL to the remote we know it is the remote
  port.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1281
  Reported-by: Gordon Marler

- test1415: adjusted to work for 32bit time_t
  
  The libcurl date parser returns INT_MAX for all dates > 2037 so this
  test is now made to use 2037 instead of 2038 to work the same for both
  32bit and 64bit time_t systems.

Steve Holme (21 Sep 2013)
- tests: Reworked existing SMTP tests to be single recipient based
  
  ...in preparation of upcoming multiple recipient tests.

- ftpserver.pl: Corrected SMTP QUIT response to be more realistic

Daniel Stenberg (20 Sep 2013)
- curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value

- [Kim Vandry brought this change]

  Documented --dns-* options in curl manpage

Steve Holme (20 Sep 2013)
- pop3: Added basic SASL XOAUTH2 support
  
  Added the ability to use an XOAUTH2 bearer token [RFC6750] with POP3 for
  authentication using RFC6749 "OAuth 2.0 Authorization Framework".
  
  The bearer token is expected to be valid for the user specified in
  conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
  an advertised auth mechanism of "XOAUTH2", the user and access token are
  formatted as a base64 encoded string and sent to the server as
  "AUTH XOAUTH2 <bearer token>".

- curl: Added clarification to the --mail options in the --help output
  
  ... that these options apply to SMTP only.

- ftpserver.pl: Moved SMTP RCPT response text into command handler

- tests: Added SMTP invalid --mail-from test

Nick Zitzmann (19 Sep 2013)
- darwinssl: enable BEAST workaround on iOS 7 & later
  
  iOS 7 finally added the option to enable 1/n-1 when using TLS 1.0
  and a CBC cipher, so we now always turn that on unless the user
  manually turns it off using CURLSSLOPT_ALLOW_BEAST.
  
  It appears Apple also added some new PSK ciphers, but no interface to
  use them yet, so we at least support printing them if we find them.

Steve Holme (19 Sep 2013)
- tests: Updated SMTP AUTH tests to use the new AUTH directive
  
  ...rather than specify a customised EHLO response.

- tests: Corrected test913 as the QUIT response is received

- tests: Added SMTP large message SIZE test

- ftpserver.pl: Updated email regex from commit 98f7ca7e971006
  
  ...to not be as strict as it was rejecting valid numeric email
  addresses.

- tests: Fixed smtp mail from addresses

- ftpserver.pl: Standardised CAPA and AUTH responses

- ftpserver.pl: Corrected POP3 QUIT reply to be more realistic

- runtests.pl: Fixed syntax error in commit c873375123343e
  
  Possible unintended interpolation in string at line 796

- runtests.pl: Fixed smtp mail from address
  
  Following changes to ftpserver.pl fixed the mail from address to be a
  correctly formatted address otherwise the server response will be 501
  Invalid address.

- ftpserver.pl: Fixed syntax error in commit 98f7ca7e971006
  
  Can't modify constant item in scalar assignment line 779, near "0;"

- ftpserver.pl: Expanded the SMTP MAIL handler to validate messages
  
  MAIl_smtp() will now check for a correctly formatted FROM address as
  well as the optional SIZE parameter comparing it against the server
  capability when specified.

Daniel Stenberg (17 Sep 2013)
- [YAMADA Yasuharu brought this change]

  cookies: add expiration
  
  Implement: Expired Cookies These following situation, curl removes
  cookie(s) from struct CookieInfo if the cookie expired.
   - Curl_cookie_add()
   - Curl_cookie_getlist()
   - cookie_output()

Steve Holme (17 Sep 2013)
- ftpserver.pl: Corrected response code for successful MAIL command

- ftpserver.pl: Moved SMTP MAIL handler into own function

- dns: fix compilation with MinGW from commit df69440d05f113
  
  Avoid 'interface' literal that some MinGW versions define as a macro
  
  Additionally, corrected some very, very minor coding style errors.

- tests: Fixed test 1406 following recent changes in ftpserver.pl
  
  By default the mail server doesn't send the SIZE capability but instead
  it has to be specified as a supported capability.

- tests: Added test for SMTP SIZE capability

- ftpserver.pl: Added the ability to include spaces in capabilities
  
  For example:
  
  CAPA "SIZE 1048576" 8BITMIME BINARYMIME
  
  will populate the capabilities list with the following in:
  
  SIZE 1048576
  8BITMIME
  BINARYMIME

- ftpserver.pl: Corrected response code for successful SMTP QUIT command

- ftpserver.pl: Fixed syntax error in commit 33c1f2876b9029
  
  Can't modify constant item in postincrement line 727, near "i++"

- ftpserver.pl: Added CAPA & AUTH directive support to the SMTP EHLO handler

- ftpserver.pl: Fixed SMTP QUIT handler from dadc495540946e

- ftpserver.pl: Moved SMTP EHLO and QUIT handlers in own functions

- ftpserver.pl: Added support for SMTP HELO command
  
  ...and updated test902 as explicit HELO response is no longer required.

- ftpserver.pl: Added mailbox check to IMAP SELECT handler

- ftpserver.pl: Corrected invalid user details check
  
  ...in both the IMAP LOGIN and POP3 PASS handlers introduced in commit
  187ac693744949 and 84ad1569e5fc93 respectively.

- ftpserver.pl: Moved IMAP LOGIN handler into own function

- ftpserver.pl: Moved POP3 USER and PASS handlers into own functions

- ftpserver.pl: Corrected invalid argument check in POP3 TOP handler
  
  ...which was accidentally introduced in commit 4d6ef6297ae9b6.

- ftpserver.pl: Added capability prerequisite for extended POP3 commands

- tests: Updated descriptions to be more meaningful

- ftpserver.pl: Added support for IMAP NOOP command

- imap: Fixed response check for NOOP command

- tests: Updated descriptions to be more meaningful

Daniel Stenberg (13 Sep 2013)
- curl.1: detail how short/long options work
  
  URL: http://curl.haxx.se/bug/view.cgi?id=1279
  Suggested-by: Jerry Krinock

Steve Holme (13 Sep 2013)
- curl: Fixed usage of DNS options when not using c-ares resolver
  
  Commit 32352ed6adddcb introduced various DNS options, however, these
  would cause curl to exit with CURLE_NOT_BUILT_IN when c-ares wasn't
  being used as the backend resolver even if the options weren't set
  by the user.
  
  Additionally corrected some minor coding style errors from the same
  commit.

Daniel Stenberg (13 Sep 2013)
- curl_easy_setopt.3: mention RTMP URL quirks
  
  URL: http://curl.haxx.se/bug/view.cgi?id=1278
  Reported-by: Gorilla Maguila

- [Ben Greear brought this change]

  curl: Add support for various DNS binding options.
  
  (Passed on to c-ares.)
  
  Allows something like this:
  
  curl --dns-interface sta8 --dns-ipv4-addr 8.8.1.111 --interface sta8 \
  --localaddr 8.8.1.111 --dns-servers 8.8.8.1 www.google.com
  
  Signed-off-by: Ben Greear <greearb@candelatech.com>

- [Kim Vandry brought this change]

  libcurl: New options to bind DNS to local interfaces or IP addresses

- libcurl.3: for multi interface connections are held in the multi handle
  
  ... and a few more cleanups/clarifications

Steve Holme (12 Sep 2013)
- ftpserver.pl: Fixed missing comma from 7fd84b14d219b1

- ftpserver.pl: Fixed variable error introduced in 7fd84b14d219b1
  
  Global symbol "$mailbox" requires explicit package name

- ftpserver.pl: Added support for UID command

- ftpserver.pl: Added support for LSUB command

- imap: Fixed response check for LSUB and UID commands

- ftpserver.pl: Added support for IMAP COPY command

- ftpserver.pl: Added support for IMAP CLOSE and EXPUNGE commands

- ftpserver.pl: Added support for POP3 RSET command

- ftpserver.pl: Added the ability to remember what messages are deleted
  
  ...as this will be required for IMAP CLOSE and EXPUNGE commands as well
  as the POP3 RSET command.

Daniel Stenberg (10 Sep 2013)
- NI_MAXSERV: remove all use of it
  
  Solaris with the SunStudio Compiler is reportedly missing this define,
  but as we're using it without any good reason on all the places it was
  used I've now instead switched to just use sensible buffer sizes that
  fit a 32 bit decimal number. Which also happens to be smaller than the
  common NI_MAXSERV value which is 32 on most machines.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1277
  Reported-by: D.Flinkmann

- http2: use the support HTTP2 draft version in the upgrade header
  
  ... instead of HTTP/2.0 to work fine with the nghttpx proxy/server.

Steve Holme (10 Sep 2013)
- ldap.c: Fix compilation warning
  
  warning: comparison between signed and unsigned integer expressions

- [Jiri Hruska brought this change]

  imap/pop3/smtp: Speed up SSL connection initialization
  
  Don't wait for the next callback call (usually 1 second) before
  continuing with protocol specific connection initialization.

- ldap.c: Corrected build error from commit 857f999353f333

- RELEASE-NOTES: Corrected duplicate in bfefe2400a16b8

- RELEASE-NOTES: Corrected typo from bfefe2400a16b8

- RELEASE-NOTES: synced with 25c68903756d6b

Daniel Stenberg (10 Sep 2013)
- README.http2: explain nghttp2 a little

Steve Holme (9 Sep 2013)
- tests: Added test for POP3 TOP command

- ftpserver.pl: Added support for POP3 TOP command

- tests: Added test for POP3 UIDL command

- ftpserver.pl: Added support for POP3 UIDL command

Daniel Stenberg (9 Sep 2013)
- http2: adjust to new nghttp2_pack_settings_payload proto
  
  This function was modified in nghttp2 git commit a1c3f89c72e51

Kamil Dudka (9 Sep 2013)
- url: handle abortion by read/write callbacks, too
  
  Otherwise, the FTP protocol would unnecessarily hang 60 seconds if
  aborted in the CURLOPT_HEADERFUNCTION callback.
  
  Reported by: Tomas Mlcoch
  Bug: https://bugzilla.redhat.com/1005686

Daniel Stenberg (9 Sep 2013)
- ldap: fix the build for systems with ldap_url_parse()
  
  Make sure that the custom struct fields are only used by code that
  doesn't use a struct defintion from the outside.
  
  Attempts to fix the problem introduced in 3dc6fc42bfc61b

Steve Holme (9 Sep 2013)
- [Jiri Hruska brought this change]

  pingpong: Check SSL library buffers for already read data
  
  Otherwise the connection can get stuck during various phases, waiting
  for new data on the socket using select() etc., but it will never be
  received as the data has already been read into SSL library.

- imap: Fixed calculation of transfer when partial FETCH received
  
  The transfer size would be calculated incorrectly if the email contained
  within the FETCH response, had been partially received by the pingpong
  layer. As such the following, example output, would be seen if the
  amount remaining was smaller than the amount received:
  
  * Excess found in a non pipelined read: excess = 1394, size = 262,
    maxdownload = 262, bytecount = 1374
  * transfer closed with -1112 bytes remaining to read
  
  Bug: http://curl.haxx.se/mail/lib-2013-08/0170.html
  Reported-by: John Dunn

- ftpserver.pl: Fixed empty array checks
  
  ...from commits 28427b408326a1 and e8313697b6554b.

- ftpserver: Reworked AUTH support to allow for specifying the mechanisms
  
  Renamed SUPPORTAUTH to AUTH and added support for specifying a list of
  supported SASL mechanisms to return to the client.
  
  Additionally added the directive to the FILEFORMAT document.

- ftpserver: Reworked CAPA support to allow for specifying the capabilities
  
  Renamed SUPPORTCAPA to CAPA and added support for specifying a list of
  supported capabilities to return to the client.
  
  Additionally added the directive to the FILEFORMAT document.

- ftpserver.pl: Corrected POP3 LIST as message numbers should be contiguous
  
  The message numbers given in the LIST response are an index into the
  list, which are only valid for the current session, rather than being a
  unique message identifier. An index would only be missing from the LIST
  response if a DELE command had been issued within the same session and
  had not been committed by the end of session QUIT command. Once
  committed the POP3 server will regenerate the message numbers in the
  next session to be contiguous again. As such our LIST response should
  list message numbers contiguously until we support a DELE command in the
  same session.
  
  Should a POP3 user require the unique message ID for any or all
  messages then they should use the extended UIDL command. This command
  will be supported by the test ftpserver in an upcoming commit.

Daniel Stenberg (8 Sep 2013)
- [Clemens Gruber brought this change]

  curl_easy_pause: suggest one way to unpause

Steve Holme (8 Sep 2013)
- tests: Updated descriptions to be more meaningful

- tests: Added test for POP3 NOOP command

- ftpserver.pl: Added support for POP3 NOOP command

- ftpserver.pl: Fixed 'Use of uninitialized value $args in string ne'

- tests: Added test for POP3 STAT command

- ftpserver.pl: Added support for POP STAT command

- ftpserver.pl: Moved POP3 QUIT handler into own function

- ftpserver.pl: Reordered the POP3 handlers to be alphabetical
  
  In preparation for additional POP3 tests, re-ordered the command
  function defintions to be sorted alphabetically.

- ftpserver.pl: Corrected misaligned indentation in POP3 handlers
  
  Fixed incorrect indentation used in both the RETR_pop3 and LIST_pop3
  functions which was 5 and 9 characters rather than 4 and 8.

- tests: Added test for POP3 DELE command

unknown (7 Sep 2013)
- [Steve Holme brought this change]

  ftpserver.pl: Added support for POP3 DELE command

Daniel Stenberg (7 Sep 2013)
- http2: include curl_memory.h
  
  Detected by test 1132

Nick Zitzmann (7 Sep 2013)
- http: fix build warning under LLVM
  
  When building the code using LLVM Clang without NGHTTP2, I was getting
  this warning:
  ../lib/http.h:155:1: warning: empty struct is a GNU extension [-Wgnu]
  Placing a dummy variable into the data structure silenced the warning.

Daniel Stenberg (7 Sep 2013)
- http2: actually init nghttp2 and send HTTP2-Settings properly

- README.http2: how to use it best with the multi API?

- http2: first embryo toward Upgrade:

- http: rename use_http_1_1 to use_http_1_1plus
  
  Since it now actually says if 1.1 or a later version should be used.

- configure: improve CURL_CHECK_COMPILER_PROTOTYPE_MISMATCH
  
  The compiler test used a variable before it was assigned when it tried
  to see how it acts on a mismatching prototype, which could cause a false
  positive.

- [Petr Písař brought this change]

  Pass password to OpenSSL engine by user interface
  
  Recent OpenSSL uses user interface abstraction to negotiate access to
  private keys in the cryprographical engines. An OpenSSL application is
  expected to implement the user interface. Otherwise a default one
  provided by OpenSSL (interactive standard I/O) will be used and the
  aplication will have no way how to pass a password to the engine.
  
  Longer-desc: http://curl.haxx.se/mail/lib-2013-08/0265.html

- urlglob: improved error messages and column number on bad use
  
  Introduce a convenience macro and keep of the column better so that it
  can point out the offending column better.
  
  Updated test 75 accordingly.

- urlglob: avoid error code translation
  
  By using the correct values from the start we don't have to translate
  them!

- urlglob: avoid NULL pointer dereference
  
  Thanks to clang-analyzer

- [Gisle Vanem brought this change]

  http2: use correct include for snprintf
  
  Using the first little merge of nghttp2 into libcurl, I stumbeled on the
  missing 'snprintf' in MSVCRT. Isn't this how we do it for other libcurl
  files?  I.e. use 'curl_msnprintf' and not 'snprintf' directly:

- --data: mention CRLF treatment when reading from file

- [Geoff Beier brought this change]

  LDAP: fix bad free() when URL parsing failed
  
  When an error occurs parsing an LDAP URL, The ludp->lud_attrs[i] entries
  could be freed even though they sometimes point to data within an
  allocated area.
  
  This change introduces a lud_attrs_dup[] array for the duplicated string
  pointers, and it removes the unused lud_exts array.
  
  Bug: http://curl.haxx.se/mail/lib-2013-08/0209.html

Nick Zitzmann (5 Sep 2013)
- darwinssl: add support for PKCS#12 files for client authentication
  
  I also documented the fact that the OpenSSL engine also supports them.

Daniel Stenberg (5 Sep 2013)
- symbols: added HTTP2 symbols and sorted list
  
  CURL_HTTP_VERSION_2_0 and CURL_VERSION_HTTP2 are new

- configure: add HTTP2 as a curl-config --feature output
  
  Fixes the test 1014 failure

- curl: unbreak --http1.0 again
  
  I broke it in 2eabb7d590

- SASL: fix compiler warnings
  
  comparison between signed and unsigned integer expressions
  
  suggest parentheses around '&&' within '||' (twice)

- curl: add --http1.1 and --http2.0 options

- Curl_setopt: refuse CURL_HTTP_VERSION_2_0 if built without support

- http2: add http2.[ch] and add nghttp2 version output

- curl -V: output HTTP2 as a feature if present

- curl.h: add CURL_VERSION_HTTP2 as a feature
  
  It isn't added as a separate protocol as HTTP2 will be done over HTTP://
  URLs that can be upgraded to HTTP2 if the server supports it as well.

Steve Holme (4 Sep 2013)
- imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2 servers
  
  XOAUTH2 would be selected in preference to LOGIN and PLAIN if the IMAP
  or SMTP server advertised support for it even though a user's password
  was supplied but bearer token wasn't.
  
  Modified the selection logic so that XOAUTH2 will only be selected if
  the server supports it and A) The curl user/libcurl programmer has
  specifically asked for XOAUTH via the ;AUTH=XOAUTH login option or 2)
  The bearer token is specified. Obviously if XOAUTH is asked for via
  the login option but no token is specified the user will receive a
  authentication failure which makes more sense than no known
  authentication mechanisms supported!

Daniel Stenberg (4 Sep 2013)
- curl.h: added CURL_HTTP_VERSION_2_0
  
  Initial library considerations documented in lib/README.http2

- configure: added --with-nghttp2

- acinclude: fix --without-ca-path when cross-compiling
  
  The commit 7b074a460b64811 to CURL_CHECK_CA_BUNDLE in 7.31 (don't check
  for paths when cross-compiling) causes --without-ca-path to no longer
  works when cross-compiling, since ca and capath only ever get set to
  "no" when not cross-compiling, I attach a patch that works for me. Also
  in the cross-compilation case, no ca-path seems to be a better default
  (IMVHO) than empty ca-path.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1273
  Patch-by: Stefan Neis

Steve Holme (2 Sep 2013)
- lib1512.c: Fixed compilation warning
  
  An enumerated type is mixed with another type.
  
  ...as well as a small coding style error.

Guenter Knauf (1 Sep 2013)
- Killed warning 'res' might be used uninitialized.

Steve Holme (1 Sep 2013)
- url.c: Fixed compilation warning
  
  An enumerated type is mixed with another type

- easy.c: Fixed compilation warning
  
  warning: `code' might be used uninitialized in this function

Daniel Stenberg (31 Aug 2013)
- -x: rephrased the --proxy section somewhat

Steve Holme (31 Aug 2013)
- tests: Added test for IMAP CHECK command

- ftpserver.pl: Added support for the IMAP CHECK command

Guenter Knauf (31 Aug 2013)
- Removed reference to krb4.c.

Steve Holme (31 Aug 2013)
- ftpserver.pl: Corrected flawed logic in commit 1ca6ed7b75cad0

- imap: Fixed response check for EXPUNGE command

- ftpserver.pl: Added argument check to IMAP command handlers
  
  Added BAD argument check to the following IMAP command handlers:
  
  APPEND, STORE, LIST, EXAMINE, STATUS and SEARCH

- ftpserver.pl: More whitespace corrections
  
  LIST_imap() had a second level of indentation at 9 characters and not 8.

- ftpserver.pl: Small correction tidy up
  
  Corrected some IMAP variable names and whitespace issues.

- [Kyle L. Huff brought this change]

  docs: Added documentation for CURLOPT_BEARER

- [Kyle L. Huff brought this change]

  curl.1: Add usage of '--bearer' option

- tests: Added tests for IMAP CREATE, DELETE and RENAME commands

Daniel Stenberg (30 Aug 2013)
- ftpserver: Bareword "to_mailbox" not allowed
  
  Added missing $

Steve Holme (30 Aug 2013)
- ftpserver.pl: Added support for IMAP CREATE, DELETE and RENAME commands

Daniel Stenberg (29 Aug 2013)
- FTP: fix getsock during DO_MORE state
  
  ... when doing upload it would return the wrong values at times. This
  commit attempts to cleanup the mess.
  
  Bug: http://curl.haxx.se/mail/lib-2013-08/0109.html
  Reported-by: Mike Mio

- curl_multi_remove_handle: allow multiple removes
  
  When removing an already removed handle, avoid that to ruin the
  internals and just return OK instead.

Steve Holme (29 Aug 2013)
- ftpserver.pl: Updated IMAP EXAMINE handler to use dynamic test data

Daniel Stenberg (29 Aug 2013)
- unit1304: include memdebug and free everything correctly

- Curl_parsenetrc: document that the arguments must be allocated

- easy: rename struct monitor to socketmonitor
  
  'struct monitor', introduced in 6cf8413e, already exists in an IRIX
  header file (sys/mon.h) which gets included via various standard headers
  by lib/easy.c
  
  cc-1101 cc: ERROR File = ../../curl/lib/easy.c, Line = 458
  "monitor" has already been declared in the current scope.
  
  Reported-by: Tor Arntsen

Steve Holme (29 Aug 2013)
- ftpserver.pl: Added SELECT check to IMAP FETCH and STORE handlers

- ftpserver.pl: Corrected accidental move of logmsg() call
  
  Corrected the call to logmsg() in the IMAP SEARCH handler from commit
  4ae7b7ea691497 as it should have been outputting the what argument and
  not the test number.

Daniel Stenberg (28 Aug 2013)
- ftpserver: add missing '}' from 4ae7b7ea69149

Steve Holme (28 Aug 2013)
- ftpserver.pl: Added SELECT check to IMAP SEARCH command

- ftpserver.pl: Fixed IMAP SEARCH command

Daniel Stenberg (28 Aug 2013)
- bump: next release is 7.33.0 due to added features

- symbols-in-versions: add CURLOPT_XOAUTH2_BEARER

Steve Holme (28 Aug 2013)
- tests: Added test for IMAP SEARCH command

Daniel Stenberg (28 Aug 2013)
- valgrind.supp: fix for regular curl_easy_perform too
  
  When we introduced curl_easy_perform_ev, this got a slightly modified
  call trace. Without this, test 165 causes a false positive valgrind
  error.

- valgrind.supp: add the event-based call stack-trace too
  
  Without this, test 165 triggers a valgrind error when ran with
  curl_easy_perform_ev

- multi_socket: improved 100-continue timeout handling
  
  When waiting for a 100-continue response from the server, the
  Curl_readwrite() will refuse to run if called until the timeout has been
  reached.
  
  We timeout code in multi_socket() allows code to run slightly before the
  actual timeout time, so for test 154 it could lead to the function being
  executed but refused in Curl_readwrite() and then the application would
  just sit idling forever.
  
  This was detected with runtests.pl -e on test 154.

Steve Holme (27 Aug 2013)
- ftpserver.pl: Added support for IMAP SEARCH command

- tool_operate.c: Fixed compilation warning
  
  warning: implicit declaration of function 'checkpasswd'

- curl: Moved check for password out of get parameter loop
  
  Moved the calls to checkpasswd() out of the getparameter() function
  which allows for any related arguments to be specified on the command
  line before or after --user (and --proxy-user).
  
  For example: --bearer doesn't need to be specified before --user to
  prevent curl from asking for an unnecessary password as is the case
  with commit e7dcc454c67a2f.

- RELEASE-NOTES: synced with acf59be7f09a7

- [Kyle L. Huff brought this change]

  curl: added --bearer option to help
  
  Added the --bearer option to the help output

- [Kyle L. Huff brought this change]

  curl: added basic SASL XOAUTH2 support
  
  Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the
  --bearer option.
  
  Example usage:
    curl --url "imaps://imap.gmail.com:993/INBOX/;UID=1" --ssl-reqd
    --bearer ya29.AHES6Z...OMfsHYI --user username@example.com

- tool_urlglob.c: Fixed compiler warnings
  
  warning: 'variable' may be used uninitialized in this function

Daniel Stenberg (26 Aug 2013)
- security.h: rename to curl_sec.h to avoid name collision
  
  I brought back security.h in commit bb5529331334e. As we actually
  already found out back in 2005 in commit 62970da675249, the file name
  security.h causes problems so I renamed it curl_sec.h instead.

- runtests.pl: allow -vc point to a separate curl binary to verify with
  
  The specified curl binary will then be used to verify the running
  server(s) instead of the development version. This is very useful in
  some cases when the development version fails to verify correctly as
  then the test case may not run at all.
  
  The actual test will still be run with the "normal" curl executable
  (unless the test case specifies something differently).

Steve Holme (26 Aug 2013)
- [Kyle L. Huff brought this change]

  smtp: added basic SASL XOAUTH2 support
  
  Added the ability to use an XOAUTH2 bearer token [RFC6750] with SMTP for
  authentication using RFC6749 "OAuth 2.0 Authorization Framework".
  
  The bearer token is expected to be valid for the user specified in
  conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
  an advertised auth mechanism of "XOAUTH2", the user and access token are
  formatted as a base64 encoded string and sent to the server as
  "AUTH XOAUTH2 <bearer token>".

- [Kyle L. Huff brought this change]

  imap: added basic SASL XOAUTH2 support
  
  Added the ability to use an XOAUTH2 bearer token [RFC6750] with IMAP for
  authentication using RFC6749 "OAuth 2.0 Authorization Framework".
  
  The bearer token is expected to be valid for the user specified in
  conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
  an advertised auth mechanism of "XOAUTH2", the user and access token are
  formatted as a base64 encoded string and sent to the server as
  "A001 AUTHENTICATE XOAUTH2 <bearer token>".

- security.h: Fixed compilation warning
  
  ISO C forbids forward references to 'enum' types

Daniel Stenberg (26 Aug 2013)
- KNOWN_BUGS: refer to bug numbers with the existing number series
  
  The old numbers would still redirect but who knows for how long...

Steve Holme (25 Aug 2013)
- [Kyle L. Huff brought this change]

  options: added basic SASL XOAUTH2 support
  
  Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the
  option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth
  2.0 Authorization Framework".
