                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.48.0 (23 Mar 2016)

Daniel Stenberg (23 Mar 2016)
- RELEASE-NOTES: curl 7.48.0

- THANKS: 15 new contributors from 7.48.0 release

Jay Satiro (23 Mar 2016)
- CURLINFO_TLS_SSL_PTR.3: Warn about limitations
  
  Bug: https://github.com/curl/curl/issues/685

Daniel Stenberg (22 Mar 2016)
- Revert "sshserver: remove use of AuthorizedKeysFile2"
  
  It seems we may have some autobuild problems after this commit went
  in. Trying to see if a revert helps to get them back.
  
  This reverts commit 2716350d1f3edc8e929f6ceeee05051090f6d642.

- maketgz: add -j to make dist
  
  ... makes it a lot faster

- libcurl-thread.3: minor nroff format fix

- CURLINFO_TLS_SSL_PTR.3: minor nroff format fix

- CODE_STYLE: indend example code
  
  ... to make it look nicer in markdown outputa

Jay Satiro (22 Mar 2016)
- build-wolfssl: Update VS properties for wolfSSL v3.9.0
  
  - Do not use wolfSSL's sample user-setting files.
  
  wolfSSL starting in v3.9.0 has added their own sample user settings that
  are applied by default, but we don't use them because we have our own
  settings.
  
  - Do not use wolfSSL's Visual Studio Unicode character setting.
  
  wolfSSL Visual Studio projects use the Unicode character set however our
  settings and options imitate mingw build which does not use the Unicode
  character set. This does not appear to have any effect at the moment but
  better safe than sorry.
  
  
  These changes are backwards compatible with earlier versions.

Steve Holme (22 Mar 2016)
- hostip6: Fixed compilation warnings when verbose strings disabled
  
  warning C4189: 'data': local variable is initialized but not referenced
  
  ...and some minor formatting/spacing changes.

Daniel Stenberg (21 Mar 2016)
- sshserver: remove use of AuthorizedKeysFile2
  
  Support for the (undocumented) AuthorizedKeysFile2 was removed in
  OpenSSH 5.9, released in September 2011
  
  Closes #715

Steve Holme (20 Mar 2016)
- connect/ntlm/http: Fixed compilation warnings when verbose strings disabled
  
  warning C4189: 'data': local variable is initialized but not referenced

- openssl: Fixed compilation warning when /Wall enabled
  
  warning C4706: assignment within conditional expression

- CODE_STYLE: Use boolean conditions
  
  Rather than use TRUE, FALSE, NULL, 0 or != 0 in if/while conditions.
  
  Additionally, corrected some example code to adhere to the recommended
  coding style.

- inet_pton.c: Fixed compilation warnings
  
  warning: conversion to 'unsigned char' from 'int' may alter its value

Daniel Stenberg (19 Mar 2016)
- RELEASE-NOTES: synced with 80851028efc2fa9

- mbedtls: fix compiler warning
  
  vtls/mbedtls.h:67:36: warning: implicit declaration of function
  ‘mbedtls_sha256’ [-Wimplicit-function-declaration]

Steve Holme (19 Mar 2016)
- easy: Minor coding standard and style updates
  
  Following commit c5744340db. Additionally removes the need for a second
  'result code' variable as well.

Jay Satiro (19 Mar 2016)
- easy: Remove poll failure check in easy_transfer
  
  .. because curl_multi_wait can no longer signal poll failure.
  
  follow-up to 77e1726
  
  Bug: https://github.com/curl/curl/issues/707

Steve Holme (19 Mar 2016)
- build: Added missing Visual Studio filter files for VC10 onwards
  
  As these files don't need to contain references to the source files,
  although typically do, added basic files which only include three
  filters and don't require the project file generator to be modified.
  
  These files allow the source code to be viewed in the Solution Explorer
  in versions of Visual Studio from 2010 onwards in the same manner as
  previous versions did rather than one large view of files.

- ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled
  
  warning C4706: assignment within conditional expression

- config-w32.h: Fixed compilation warning when /Wall enabled
  
  warning C4668: 'USE_IPV6' is not defined as a preprocessor macro,
                 replacing with '0' for '#if/#elif'

- imap.c: Fixed compilation warning with /Wall enabled
  
  warning C4701: potentially uninitialized local variable 'size' used
  
  Technically this can't happen, as the usage of 'size' is protected by
  'if(parsed)' and 'parsed' is only set after 'size' has been parsed.
  
  Anyway, lets keep the compiler happy.

- KNOWN_BUGS: #93 Issue with CURLFORM_CONTENTLEN in arrays on 32-bit platforms

Daniel Stenberg (18 Mar 2016)
- bump: the coming release is 7.48.0

- configure: use cpp -P when needed
  
  Since gcc 5, the processor output can get split up on multiple lines
  that made the configure script fail to figure out values from
  definitions. The fix is to use cpp -P, and this fix now first checks if
  cpp -P is necessary and then if cpp -P works before it uses that to
  extract defined values.
  
  Fixes #719

Steve Holme (18 Mar 2016)
- formdata.c: Fixed compilation warning
  
  formdata.c:390: warning: cast from pointer to integer of different size
  
  Introduced in commit ca5f9341ef this happens because a char*, which is
  32-bits wide in 32-bit land, is being cast to a curl_off_t which is
  64-bits wide where 64-bit integers are supported by the compiler.
  
  This doesn't happen in 64-bit land as a pointer is the same size as a
  curl_off_t.
  
  This fix doesn't address the fact that a 64-bit value cannot be used
  for CURLFORM_CONTENTLEN when set in a form array and compiled on a
  32-bit platforms, it does at least suppress the compilation warning.

Daniel Stenberg (18 Mar 2016)
- FAQ: 2.5 Install libcurl for both 32bit and 64bit?

- [Gisle Vanem brought this change]

  openssl: adapt to API breakage in ERR_remove_thread_state()
  
  The OpenSSL API change that broke this is "Convert ERR_STATE to new
  multi-threading API": openssl commit 8509dcc.
  
  Closes #713

- version: init moved to private name space, added protos
  
  follow-up to 80015cdd52145

- openssl: verbose: show matching SAN pattern
  
  ... to allow users to see which specfic wildcard that matched when such
  is used.
  
  Also minor logic cleanup to simplify the code, and I removed all tabs
  from verbose strings.

Jay Satiro (16 Mar 2016)
- version: thread safety

Steve Holme (16 Mar 2016)
- transfer: Removed redundant HTTP authentication include files
  
  It would also seem that share.h is not required here either as there
  are no references to the Curl_share structure or functions.

- easy: Removed redundant HTTP authentication include files

Jay Satiro (15 Mar 2016)
- CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support
  
  Bug: https://curl.haxx.se/mail/lib-2016-03/0150.html
  Reported-by: Oliver Graute

Steve Holme (15 Mar 2016)
- curl_sasl: Minor code indent fixes

Daniel Stenberg (14 Mar 2016)
- runtests: mention when run event-based

- easy: add check to malloc() when running event-based
  
  ... to allow torture tests then too.

- memdebug: skip logging the limit countdown, fflush when reached

- CODE_STYLE: Space around operators
  
  As just discussed on the mailing list, also document how we prefer
  spacing in expressions.

- curl: glob_range: no need to check unsigned variable for negative
  
  cppcheck warned:
  
  [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n'
  is less than zero.

- CODE_STYLE: add example for indent style as well

- CODE_STYLE: mention braces for functions too

- docs/Makefile.am: include CODE_STYLE in tarball too

- CONTRIBUTE: moved out code style to a separate document

- CODE_STYLE: initial version
  
  Ripped out from CONTRIBUTE into its own document, but also extended from
  there.

- curl_sasl.c: minor code indent fixes

- multi: simplified singlesocket
  
  Since sh_getentry() now checks for invalid sockets itself and by
  narrowing the scope of the remove_sock_from_hash variable.

- multi: introduce sh_getentry() for looking up sockets in the sockhash
  
  Simplify the code by using a single entry that looks for a socket in the
  socket hash. As indicated in #712, the code looked for CURL_SOCKET_BAD
  at some point and that is ineffective/wrong and this makes it easier to
  avoid that.

- [Jaime Fullaondo brought this change]

  multi hash: ensure modulo performed on curl_socket_t
  
  Closes #712

Steve Holme (13 Mar 2016)
- base64: Minor coding standard and style updates

- base64: Use 'CURLcode result' for curl result codes

- negotiate: Use 'CURLcode result' for curl result codes

Daniel Stenberg (13 Mar 2016)
- [Maksim Kuzevanov brought this change]

  multi_runsingle: avoid loop in CURLM_STATE_WAITPROXYCONNECT
  
  Closes #703

- TODO: Use the RFC6265 test suite

Steve Holme (13 Mar 2016)
- checksrc.bat: Added the ability to scan src and lib source independently

- digest: Use boolean based success code for Curl_sasl_digest_get_pair()
  
  Rather than use a 0 and 1 integer base result code use a TRUE / FALSE
  based success code.

- digest: Corrected some typos in comments

- krb5: Corrected some typos in function descriptions

- ntlm: Corrected some typos in function descriptions

- url: Corrected indentation when calling idna_to_ascii_lz()

- idn_win32: Use boolean based success codes
  
  Rather than use 0 and 1 integer base result codes use a FALSE / TRUE
  based success code.

Daniel Stenberg (10 Mar 2016)
- idn_win32.c: warning: Trailing whitespace

Steve Holme (10 Mar 2016)
- idn_win32.c: Fixed compilation warning from commit 9e7fcd4291
  
  warning C4267: 'function': conversion from 'size_t' to 'int',
                 possible loss of data

Daniel Stenberg (10 Mar 2016)
- THANKS-filter: unify Michael König

- RELEASE-NOTES: synced with 863c5766dd

- ftp: remove a check for NULL(!)
  
  ... as it implies we need to check for that on all the other variable
  references as well (as Coverity otherwise warns us for missing NULL
  checks), and we're alredy making sure that the pointer is never NULL.

- cookies: first n/v pair in Set-Cookie: is the cookie, then parameters
  
  RFC 6265 section 4.1.1 spells out that the first name/value pair in the
  header is the actual cookie name and content, while the following are
  the parameters.
  
  libcurl previously had a more liberal approach which causes significant
  problems when introducing new cookie parameters, like the suggested new
  cookie priority draft.
  
  The previous logic read all n/v pairs from left-to-right and the first
  name used that wassn't a known parameter name would be used as the
  cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be
  a cookie named 'person' while an RFC 6265 compliant parser should
  consider that to be a cookie named 'Max-Age' with an (unknown) parameter
  'person'.
  
  Fixes #709

- krb5: improved type handling to avoid clang compiler warnings

- url.c: fix clang warning: no newline at end of file

- curl_multi_wait: never return -1 in 'numfds'
  
  Such a return value isn't documented but could still happen, and the
  curl tool code checks for it. It would happen when the underlying
  Curl_poll() function returns an error. Starting now we mask that error
  as a user of curl_multi_wait() would have no way to handle it anyway.
  
  Reported-by: Jay Satiro
  Closes #707

- HTTP2.md: add CURL_HTTP_VERSION_2TLS and updated alt-svc link

- curl_multi_wait.3: add example

Steve Holme (8 Mar 2016)
- imap/pop3/smtp: Fixed connections upgraded with TLS are not reused
  
  Regression since commit 710f14edba.
  
  Bug: https://github.com/curl/curl/issues/422
  Reported-by: Justin Ehlert

Jay Satiro (8 Mar 2016)
- opt-docs: fix heading macros
  
  ..SH should be .SH
  
  Bug: https://github.com/curl/curl/issues/705
  Reported-by: Eric S. Raymond

Kamil Dudka (8 Mar 2016)
- [Tim Rühsen brought this change]

  cookie: do not refuse cookies for localhost
  
  Closes #658

Daniel Stenberg (8 Mar 2016)
- ftp_done: clear tunnel_state when secondary socket closes
  
  Introducing a function for closing the secondary connection to make this
  bug less likely to happen again.
  
  Reported-by: daboul
  Closes #701

- [Gisle Vanem brought this change]

  openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages

- HTTP2.md: HTTP/2 by default for curl's HTTPS connections

- [Anders Bakken brought this change]

  pipeline: Sanity check pipeline pointer before accessing it.
  
  I got a crash with this stack:
  
  curl/lib/url.c:2873 (Curl_removeHandleFromPipeline)
  curl/lib/url.c:2919 (Curl_getoff_all_pipelines)
  curl/lib/multi.c:561 (curl_multi_remove_handle)
  curl/lib/url.c:415 (Curl_close)
  curl/lib/easy.c:859 (curl_easy_cleanup)
  
  Closes #704

- HTTP2.md: mention the disable ALPN and NPN options

- TODO: 17.12 keep running, read instructions from pipe/socket
  
  And delete trailing whitespace
  And rename section 17 to "command line tool" from "client"
  
  Closes #702

- README.md: linkified
  
  It also makes it less readable as plain text, so let's keep this
  primarily for github use.
  
  Removed the top ascii art logo, as it looks weird when markdownified.

- README.md: markdown version of README
  
  Attempt to make it look more appealing on github

Jay Satiro (6 Mar 2016)
- mprintf: update trio project link

Daniel Stenberg (6 Mar 2016)
- CURLOPT_ACCEPTTIMEOUT_MS.3: added example

- CURLOPT_ACCEPT_ENCODING.3: added example

- CURLOPT_APPEND.3: added example

- CURLOPT_NOPROGRESS.3: added example, conform to stardard style

Steve Holme (6 Mar 2016)
- build-openssl/checksrc.bat: Fixed prepend vs append of Perl path
  
  Fixed inconsistency from commit 1eae114065 and 0ad6c72227 of the order
  in which Perl was added to the PATH.

Daniel Stenberg (6 Mar 2016)
- opts: added two examples

- CURLOPT_SSL_CTX_FUNCTION.3: use .NF for example

- CURLOPT_SSL_CTX_FUNCTION.3: added example
  
  and removed erroneous reference to test case lib509

- curlx.c: use more curl style code

- test46: change cookie expiry date
  
  Since two of the cookies would now otherwise expire and cause the test
  to fail after commit 20de9b4f09
  
  Discussed in #697

Jay Satiro (5 Mar 2016)
- [Viktor Szakats brought this change]

  makefile.m32: add missing libs for static -winssl-ssh2 builds
  
  Bug: https://github.com/curl/curl/pull/693

- mbedtls: fix user-specified SSL protocol version
  
  Prior to this change when a single protocol CURL_SSLVERSION_ was
  specified by the user that version was set only as the minimum version
  but not as the maximum version as well.

Steve Holme (5 Mar 2016)
- .gitignore: Added *.VC.opendb and *.vcxproj.user files for VC14

- build-openssl.bat: Fixed cannot find perl if installed but not in path

- checksrc.bat: Fixed cannot find perl if installed but not in path

Jay Satiro (5 Mar 2016)
- [Viktor Szakats brought this change]

  makefile.m32: fix to allow -ssh2-winssl combination
  
  In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl
  (OpenSSL) option, with no way to override it with -winssl. Since both
  libssh2 and curl support using Windows's built-in SSL backend, modify
  the logic to allow that combination.

- cookie: Don't expire session cookies in remove_expired
  
  Prior to this change cookies with an expiry date that failed parsing
  and were converted to session cookies could be purged in remove_expired.
  
  Bug: https://github.com/curl/curl/issues/697
  Reported-by: Seth Mos

Daniel Stenberg (3 Mar 2016)
- cookie: remove redundant check
  
  ... as it was already checked previously within the function.
  
  Reported-by: Dmitry-Me
  Closes #695

Jay Satiro (1 Mar 2016)
- [Anders Bakken brought this change]

  url: if Curl_done is premature then pipeline not in use
  
  Prevent a crash if 2 (or more) requests are made to the same host and
  pipelining is enabled and the connection does not complete.
  
  Bug: https://github.com/curl/curl/pull/690

- [Viktor Szakats brought this change]

  makefile.m32: allow to pass .dll/.exe-specific LDFLAGS
  
  using envvars `CURL_LDFLAG_EXTRAS_DLL` and
  `CURL_LDFLAG_EXTRAS_EXE` respectively. This
  is useful f.e. to pass ASLR-related extra
  options, that are required to make this
  feature work when using the mingw toolchain.
  
  Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985
  
  Closes https://github.com/curl/curl/pull/689

Daniel Stenberg (29 Feb 2016)
- formpost: fix memory leaks in AddFormData error branches
  
  Reported-by: Dmitry-Me
  Fixes #688

Jay Satiro (28 Feb 2016)
- getinfo: Fix syntax error when mbedTLS
  
  The assignment of the mbedTLS TLS session info in the parent commit was
  incorrect. Change the assignment to a pointer to the session structure.

- getinfo: Add support for mbedTLS TLS session info
  
  .. and preprocessor check TLS session info is defined for all backends.

Daniel Stenberg (26 Feb 2016)
- ROADMAP: clarify on the TLS proxy, mention HTTP cookies to work on

- file: try reading from files with no size
  
  Some systems have special files that report as 0 bytes big, but still
  contain data that can be read (for example /proc/cpuinfo on
  Linux). Starting now, a zero byte size is considered "unknown" size and
  will be read as far as possible anyway.
  
  Reported-by: Jesse Tan
  
  Closes #681

Jay Satiro (25 Feb 2016)
- configure: warn on invalid ca bundle or path
  
  - Warn if --with-ca-bundle file does not exist.
  
  - Warn if --with-ca-path directory does not contain certificates.
  
  - Improve help messages for both.
  
  Example configure output:
  
    ca cert bundle:   /some/file   (warning: certs not found)
    ca cert path:     /some/dir   (warning: certs not found)
  
  Bug: https://github.com/curl/curl/issues/404
  Reported-by: Jeffrey Walton

Daniel Stenberg (24 Feb 2016)
- Curl_read: check for activated HTTP/1 pipelining, not only requested
  
  ... as when pipelining is used, we read things into a unified buffer and
  we don't do that with HTTP/2. This could then easily make programs that
  set CURLMOPT_PIPELINING = CURLPIPE_HTTP1|CURLPIPE_MULTIPLEX to get data
  intermixed or plain broken between HTTP/2 streams.
  
  Reported-by: Anders Bakken

Patrick Monnerat (24 Feb 2016)
- os400: Fix ILE/RPG definition of CURLOPT_TFTP_NO_OPTIONS

Jay Satiro (23 Feb 2016)
- getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
  
  The two options are almost the same, except in the case of OpenSSL:
  
  CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *.
  
  CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *.
  
  For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to
  return an SSL pointer for OpenSSL.
  
  Also, add support for the 'internals' member to point to SSL object for
  the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and
  wolfSSL.
  
  Bug: https://github.com/curl/curl/issues/234
  Reported-by: dkjjr89@users.noreply.github.com
  
  Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html
  Reported-by: Michael König

Daniel Stenberg (23 Feb 2016)
- multi_remove_handle: keep the timeout list until after disconnect
  
  The internal Curl_done() function uses Curl_expire() at times and that
  uses the timeout list. Better clean up the list once we're done using
  it. This caused a segfault.
  
  Reported-by: 蔡文凱
  Bug: https://curl.haxx.se/mail/lib-2016-02/0097.html

Kamil Dudka (23 Feb 2016)
- tests/sshserver.pl: use RSA instead of DSA for host auth
  
  DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP
  test cases to be skipped.  Using RSA for host authentication works with
  both old and new versions of OpenSSH.
  
  Reported-by: Karlson2k
  
  Closes #676

Jay Satiro (23 Feb 2016)
- TFTP: add option to suppress TFTP option requests (Part 2)
  
  - Add tests.
  
  - Add an example to CURLOPT_TFTP_NO_OPTIONS.3.
  
  - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.
  
  Bug: https://github.com/curl/curl/issues/481

- [Michael Koenig brought this change]

  TFTP: add option to suppress TFTP option requests (Part 1)
  
  Some TFTP server implementations ignore the "TFTP Option extension"
  (RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing
  problems with libcurl. Another switch for curl_easy_setopt
  "CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from
  sending TFTP option requests to a server, avoiding many problems caused
  by faulty implementations.
  
  Bug: https://github.com/curl/curl/issues/481

Daniel Stenberg (22 Feb 2016)
- [Karlson2k brought this change]

  runtests: Fixed usage of %PWD on MinGW64
  
  Closes #672

Jay Satiro (20 Feb 2016)
- CURLOPT_DEBUGFUNCTION.3: Fix example

- [Viktor Szakats brought this change]

  src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support
  
  Sync with lib/Makefile.m32 which already uses those variables.
  
  Bug: https://github.com/curl/curl/pull/670

Dan Fandrich (20 Feb 2016)
- Enabled test 1437 after the bug fix in commit 3fa220a6

Jay Satiro (19 Feb 2016)
- [Emil Lerner brought this change]

  curl_sasl: Fix memory leak in digest parser
  
  If any parameter in a HTTP DIGEST challenge message is present multiple
  times, memory allocated for all but the last entry should be freed.
  
  Bug: https://github.com/curl/curl/pull/667

Dan Fandrich (19 Feb 2016)
- Added test 1437 to verify a memory leak
  
  Reported-by: neex@users.noreply.github.com

Jay Satiro (18 Feb 2016)
- CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style
  
  Bug: https://github.com/curl/curl/issues/666
  Reported-by: baumanj@users.noreply.github.com

- curl.1: HTTP headers for --cookie must be Set-Cookie style
  
  Bug: https://github.com/curl/curl/issues/666
  Reported-by: baumanj@users.noreply.github.com

Daniel Stenberg (18 Feb 2016)
- curl.1: add a missing dash

- CONTRIBUTING.md: fix links

- ISSUE_TEMPLATE: github issue template
  
  First version, try this out!

- CONTRIBUTING.md: move into .github
  
  To hide github specific files somewhat from the rest.

- opts: add references

- examples/make: add 'checksrc' target

- 10-at-a-time: typecast the argument passed to sleep()

- externalsocket.c: fix compiler warning for fwrite return type

- anyauthput.c: fix compiler warnings

- simplessl.c: warning: while with space

- curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function
  
  Reported-By: Gisle Vanem

- http2: don't decompress gzip decoding automatically
  
  At one point during the development of HTTP/2, the commit 133cdd29ea0
  introduced automatic decompression of Content-Encoding as that was what
  the spec said then. Now however, HTTP/2 should work the same way as
  HTTP/1 in this regard.
  
  Reported-by: Kazuho Oku
  
  Closes #661

Jay Satiro (16 Feb 2016)
- [Tatsuhiro Tsujikawa brought this change]

  http: Don't break the header into chunks if HTTP/2
  
  nghttp2 callback deals with TLS layer and therefore the header does not
  need to be broken into chunks.
  
  Bug: https://github.com/curl/curl/issues/659
  Reported-by: Kazuho Oku

Daniel Stenberg (16 Feb 2016)
- [Viktor Szakats brought this change]

  openssl: use macro to guard the opaque EVP_PKEY branch

- [Viktor Szakats brought this change]

  openssl: avoid direct PKEY access with OpenSSL 1.1.0
  
  by using API instead of accessing an internal structure.
  This is required starting OpenSSL 1.1.0-pre3.
  
  Closes #650

- RELEASE-NOTES: synced with ede0bfc079da

- [Clint Clayton brought this change]

  CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option
  
  Change the example in the docs for CURLOPT_CONNECTTIMEOUT_MS to use
  CURLOPT_CONNECTTIMEOUT_MS instead of CURLOPT_CONNECTTIMEOUT.
  
  Closes #653

- opt-docs: add more references

- [David Byron brought this change]

  SCP: use libssh2_scp_recv2 to support > 2GB files on windows
  
  libssh2_scp_recv2 is introduced in libssh2 1.7.0 - to be released "any
  day now.
  
  Closes #451

Jay Satiro (13 Feb 2016)
- [Shine Fan brought this change]

  gtls: fix for builds lacking encrypted key file support
  
  Bug: https://github.com/curl/curl/pull/651

Dan Fandrich (13 Feb 2016)
- test1604: Add to Makefile.inc so it gets run

Jay Satiro (12 Feb 2016)
- generate.bat: Fix comment bug by removing old comments
  
  Remove NOTES section, it's no longer needed since we aren't setting the
  errorlevel and more importantly the recently updated URL in the comments
  is causing some unusual behavior that breaks the script.
  
  Closes https://github.com/curl/curl/issues/649

Kamil Dudka (12 Feb 2016)
- curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts
  
  The behavior has been clarified in CURLOPT_FTP_USE_{EPRT,EPSV}.3 man
  pages since curl-7_12_3~131.  This patch makes it clear in the curl.1
  man page, too.
  
  Bug: https://bugzilla.redhat.com/1305970

Daniel Stenberg (12 Feb 2016)
- dist: ship buildconf.bat too
  
  As the winbuild/* stuff uses it!

- curlx_tvdiff: handle 32bit time_t overflows
  
  On 32bit systems, make sure we don't overflow and return funky values
  for very large time differences.
  
  Reported-by: Anders Bakken
  
  Closes #646

- examples: fix some compiler warnings

- simplessl.c: fix my breakage

- examples: adhere to curl code style
  
  All plain C examples now (mostly) adhere to the curl code style. While
  they are only examples, they had diverted so much and contained all
  sorts of different mixed code styles by now. Having them use a unified
  style helps users and readability. Also, as they get copy-and-pasted
  widely by users, making sure they're clean and nice is a good idea.
  
  573 checksrc warnings were addressed.

- examples/cookie_interface.c: add cleanup call
  
  cleaning up handles is a good idea as we leak memory otherwise
  
  Also, line wrapped before 80 columns.

Kamil Dudka (10 Feb 2016)
- nss: search slash in forward direction in dup_nickname()
  
  It is wasteful to search it backwards if we look for _any_ slash.

- nss: do not count enabled cipher-suites
  
  We only care if at least one cipher-suite is enabled, so it does
  not make any sense to iterate till the end and count all enabled
  cipher-suites.

Daniel Stenberg (10 Feb 2016)
- contributors.sh: make 79 the max column width (from 80)

- RELEASE-NOTES: synced with c276aefee3995

- mbedtls.c: re-indent to better match curl standards

- [Rafael Antonio brought this change]

  mbedtls: fix memory leak when destroying SSL connection data
  
  Closes #626

- mbedtls: fix ALPN usage segfault
  
  Since we didn't keep the input argument around after having called
  mbedtls, it could end up accessing the wrong memory when figuring out
  the ALPN protocols.
  
  Closes #642

Jay Satiro (9 Feb 2016)
- [Timotej Lazar brought this change]

  opts: update references to renamed options

- KNOWN_BUGS: Update #92 - Windows device prefix

- tool_doswin: Support for literal path prefix \\?\
  
  For example something like --output \\?\C:\foo

Daniel Stenberg (9 Feb 2016)
- configure: state "BoringSSL" in summary when that was detected

- [David Benjamin brought this change]

  openssl: remove most BoringSSL #ifdefs.
  
  As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of
  BoringSSL #ifdefs in cURL should be unnecessary:
  
  - BoringSSL provides no-op stubs for compatibility which replaces most
    #ifdefs.
  
  - DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove
    the compatibility codepath.
  
  - With a small tweak to an extend_key_56_to_64 call, the NTLM code
    builds fine.
  
  - Switch OCSP-related #ifdefs to the more generally useful
    OPENSSL_NO_OCSP.
  
  The only #ifdefs which remain are Curl_ossl_version and the #undefs to
  work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves
  that to the consumer. The in-header workaround makes things sensitive to
  include order.)
  
  This change errs on the side of removing conditionals despite many of
  the restored codepaths being no-ops. (BoringSSL generally adds no-op
  compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are
  bad enough!)
  
  Closes #640

Jay Satiro (8 Feb 2016)
- KNOWN_BUGS: Windows device prefix is required for devices

- tool_urlglob: Allow reserved dos device names (Windows)
  
  Allow --output to reserved dos device names without the device prefix
  for backwards compatibility.
  
  Example: --output NUL can be used instead of --output \\.\NUL
  
  Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863
  Reported-by: Gisle Vanem

Daniel Stenberg (8 Feb 2016)
- cookies: allow spaces in cookie names, cut of trailing spaces
  
  It turns out Firefox and Chrome both allow spaces in cookie names and
  there are sites out there using that.
  
  Turned out the code meant to strip off trailing space from cookie names
  didn't work. Fixed now.
  
  Test case 8 modified to verify both these changes.
  
  Closes #639

Patrick Monnerat (8 Feb 2016)
- Merge branch 'master' of github.com:curl/curl

- os400: sync ILE/RPG definitions with latest public header files.

Daniel Stenberg (8 Feb 2016)
- [Ludwig Nussel brought this change]

  SSLCERTS: update wrt SSL CA certificate store

- [Ludwig Nussel brought this change]

  configure: --with-ca-fallback: use built-in TLS CA fallback
  
  When trying to verify a peer without having any root CA certificates
  set, this makes libcurl use the TLS library's built in default as
  fallback.
  
  Closes #569

- Proxy-Connection: stop sending this header by default
  
  RFC 7230 says we should stop. Firefox already stopped.
  
  Bug: https://github.com/curl/curl/issues/633
  Reported-By: Brad Fitzpatrick
  
